diff options
Diffstat (limited to 'moon_engine/moon_engine/api/wrapper/api')
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/__init__.py | 11 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/authz.py | 43 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/pipeline.py | 100 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/update.py | 179 |
4 files changed, 333 insertions, 0 deletions
diff --git a/moon_engine/moon_engine/api/wrapper/api/__init__.py b/moon_engine/moon_engine/api/wrapper/api/__init__.py new file mode 100644 index 00000000..582be686 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/__init__.py @@ -0,0 +1,11 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + diff --git a/moon_engine/moon_engine/api/wrapper/api/authz.py b/moon_engine/moon_engine/api/wrapper/api/authz.py new file mode 100644 index 00000000..4d1e4a84 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/authz.py @@ -0,0 +1,43 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Authz API""" + +import hug +from moon_engine.api.wrapper.router import Router + + +class Authz(object): + """ + Endpoint for Authz requests + """ + + @staticmethod + @hug.local() + @hug.get("/authz/{project_id}/{subject_name}/{object_name}/{action_name}") + def get(project_id: hug.types.text, subject_name: hug.types.text, object_name: hug.types.text, + action_name: hug.types.text): + """Get a response on Main Authorization request + + :param project_id: uuid of the project + :param subject_name: name of the subject or the request + :param object_name: name of the object + :param action_name: name of the action + :return: + "result": {true or false } + :internal_api: authz + """ + + with Router(project_id, subject_name, object_name, action_name) as router: + + response = router.auth_request() + return response diff --git a/moon_engine/moon_engine/api/wrapper/api/pipeline.py b/moon_engine/moon_engine/api/wrapper/api/pipeline.py new file mode 100644 index 00000000..19b9578a --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/pipeline.py @@ -0,0 +1,100 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Pipeline API""" +import hug +from moon_utilities.auth_functions import api_key_authentication +from moon_engine import orchestration_driver +from moon_utilities.security_functions import validate_input +from moon_engine.api import configuration +from moon_cache.cache import Cache + +CACHE = Cache.getInstance(manager_url=configuration.get_configuration("manager_url"), + incremental=configuration.get_configuration("incremental_updates"), + manager_api_key=configuration.get_configuration("api_token")) + + +class Pipeline(object): + """ + Endpoint for pipelines requests + """ + + @staticmethod + @hug.local() + @hug.get("/pipelines", requires=api_key_authentication) + @hug.get("/pipeline/{uuid}", requires=api_key_authentication) + def get(uuid: hug.types.uuid=None, authed_user: hug.directives.user=None): + """Retrieve all pipelines + + :param uuid: uuid of the pipeline + :param authed_user: the name of the authenticated user + :return: { + "pipeline_id1": { + "name": "...", + "description": "... (optional)", + } + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + data = orchestration_driver.PipelineManager.get_pipelines(moon_user_id=authed_user, + pipeline_id=uuid) + return {"pipelines": data} + + @staticmethod + @hug.local() + @hug.put("/pipeline/{uuid}", requires=api_key_authentication) + def put(uuid: hug.types.uuid, body: validate_input("name"), + authed_user: hug.directives.user = None): + """ + Ask for the creation of a new pipeline + :param uuid: uuid of the pipeline + :param body: body of the request + :param authed_user: the name of the authenticated user + :return: { + "name": "my_pdp", + "description": "...", + "vim_project_id": "an existing ID", + "security_pipelines": ["an existing policy ID", ], + "slave": ["name of a slave", ] + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + data = orchestration_driver.PipelineManager.add_pipeline(moon_user_id=authed_user, + pipeline_id=uuid, + data=body) + CACHE.add_pipeline(uuid, data) + return {"pipelines": data} + + @staticmethod + @hug.local() + @hug.delete("/pipeline/{uuid}", requires=api_key_authentication) + def delete(uuid: hug.types.uuid, authed_user: hug.directives.user = None): + """ + Ask for the deletion of a new pipeline + :param uuid: uuid of the pipeline + :param authed_user: the name of the authenticated user + :return: { + "name": "my_pdp", + "description": "...", + "vim_project_id": "an existing ID", + "security_pipelines": ["an existing policy ID", ], + "slave": ["name of a slave", ] + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + orchestration_driver.PipelineManager.delete_pipeline(moon_user_id=authed_user, + pipeline_id=uuid) + CACHE.delete_pipeline(uuid) + return True diff --git a/moon_engine/moon_engine/api/wrapper/api/update.py b/moon_engine/moon_engine/api/wrapper/api/update.py new file mode 100644 index 00000000..7af274e5 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/update.py @@ -0,0 +1,179 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Update API""" +import hug +from moon_utilities.auth_functions import api_key_authentication +from moon_engine.api.wrapper.update_wrapper import UpdateWrapper as UpdateWrapper + + +class WrapperUpdate(object): + + @staticmethod + @hug.local() + @hug.put("/update", requires=api_key_authentication) + def update(body, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its own data should be updated + It simply reloads the conf file + + :return: 204 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_wrapper(data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/pdp/{pdp_id}", requires=api_key_authentication) + def update_pdp(body, pdp_id: hug.types.uuid, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its cache should be updated + body may contain the attributes that the moon_engine should get from the manager + if the attributes key is empty, all data should be retrieved + body example: + { + "vim_project_id": "...", + "security_pipeline": ["policy_id1", "policy_id2"], + "attributes": ["subjects", "subject_assignments", "subject_categories"] + } + :return: 202 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_pdp(pdp_id=str(pdp_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/pdp/{pdp_id}", requires=api_key_authentication) + def delete_pdp(pdp_id: hug.types.uuid, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its cache should be updated + body may contain the attributes that the moon_engine should get from the manager + if the attributes key is empty, all data should be retrieved + body example: + { + "vim_project_id": "...", + "security_pipeline": ["policy_id1", "policy_id2"], + "attributes": ["subjects", "subject_assignments", "subject_categories"] + } + :return: 202 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_pdp(pdp_id=str(pdp_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/policy/{policy_id}", requires=api_key_authentication) + def update_policy(body, policy_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_policy(policy_id=str(policy_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/policy/{policy_id}", requires=api_key_authentication) + def delete_policy(policy_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_policy(policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/assignment/{policy_id}/{type}/", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}/{category_id}", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}/{category_id}/{data_id}", requires=api_key_authentication) + def delete_assignment(response, policy_id: hug.types.uuid, type: hug.types.text, + perimeter_id: hug.types.uuid = None, category_id: hug.types.uuid = None, + data_id: hug.types.uuid = None, authed_user: hug.directives.user=None): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_assignment(type=type, policy_id=str(policy_id).replace("-", ""), + perimeter_id=str(perimeter_id).replace("-", ""), + category_id=str(category_id).replace("-", ""), + data_id=data_id, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/perimeter/{perimeter_id}/{policy_id}/{type}", requires=api_key_authentication) + def update_perimeter(body, perimeter_id: hug.types.uuid, policy_id: hug.types.uuid, + type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_perimeter( type=type, + perimeter_id=str(perimeter_id).replace("-", ""), data=body, + policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/perimeter/{perimeter_id}/{policy_id}/{type}", requires=api_key_authentication) + def delete_perimeter(perimeter_id: hug.types.uuid, policy_id: hug.types.uuid, + type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_perimeter(type=type, + perimeter_id=str(perimeter_id).replace("-", ""), + policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/rule/{policy_id}/{rule_id}", requires=api_key_authentication) + def delete_rule(policy_id: hug.types.uuid, rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_rule(rule_id=str(rule_id).replace("-", ""), policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/model/{model_id}", requires=api_key_authentication) + def update_model(body, model_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_model(model_id=str(model_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/model/{model_id}", requires=api_key_authentication) + def delete_model(model_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_model(model_id=str(model_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/meta_data/{category_id}/{type}", requires=api_key_authentication) + def delete_category(category_id: hug.types.uuid, type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_category(category_id=str(category_id).replace("-", ""), type=type, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/meta_rule/{meta_rule_id}", requires=api_key_authentication) + def update_meta_rule(body, meta_rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_meta_rule(meta_rule_id=str(meta_rule_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/meta_rule/{meta_rule_id}", requires=api_key_authentication) + def delete_meta_rule(meta_rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_meta_rule(meta_rule_id=str(meta_rule_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/data/{data_id}/{type}", requires=api_key_authentication) + def delete_data(data_id: hug.types.uuid, type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_data(data_id=str(data_id).replace("-", ""), type=type, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/attributes/{name}", requires=api_key_authentication) + def delete_data(name: str, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_attributes(name=name, moon_user_id=authed_user) + |