diff options
Diffstat (limited to 'moon_engine/moon_engine/api/wrapper')
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/__init__.py | 11 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/__init__.py | 11 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/authz.py | 43 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/pipeline.py | 100 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/api/update.py | 179 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/router.py | 115 | ||||
-rw-r--r-- | moon_engine/moon_engine/api/wrapper/update_wrapper.py | 233 |
7 files changed, 692 insertions, 0 deletions
diff --git a/moon_engine/moon_engine/api/wrapper/__init__.py b/moon_engine/moon_engine/api/wrapper/__init__.py new file mode 100644 index 00000000..582be686 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/__init__.py @@ -0,0 +1,11 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + diff --git a/moon_engine/moon_engine/api/wrapper/api/__init__.py b/moon_engine/moon_engine/api/wrapper/api/__init__.py new file mode 100644 index 00000000..582be686 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/__init__.py @@ -0,0 +1,11 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + diff --git a/moon_engine/moon_engine/api/wrapper/api/authz.py b/moon_engine/moon_engine/api/wrapper/api/authz.py new file mode 100644 index 00000000..4d1e4a84 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/authz.py @@ -0,0 +1,43 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Authz API""" + +import hug +from moon_engine.api.wrapper.router import Router + + +class Authz(object): + """ + Endpoint for Authz requests + """ + + @staticmethod + @hug.local() + @hug.get("/authz/{project_id}/{subject_name}/{object_name}/{action_name}") + def get(project_id: hug.types.text, subject_name: hug.types.text, object_name: hug.types.text, + action_name: hug.types.text): + """Get a response on Main Authorization request + + :param project_id: uuid of the project + :param subject_name: name of the subject or the request + :param object_name: name of the object + :param action_name: name of the action + :return: + "result": {true or false } + :internal_api: authz + """ + + with Router(project_id, subject_name, object_name, action_name) as router: + + response = router.auth_request() + return response diff --git a/moon_engine/moon_engine/api/wrapper/api/pipeline.py b/moon_engine/moon_engine/api/wrapper/api/pipeline.py new file mode 100644 index 00000000..19b9578a --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/pipeline.py @@ -0,0 +1,100 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Pipeline API""" +import hug +from moon_utilities.auth_functions import api_key_authentication +from moon_engine import orchestration_driver +from moon_utilities.security_functions import validate_input +from moon_engine.api import configuration +from moon_cache.cache import Cache + +CACHE = Cache.getInstance(manager_url=configuration.get_configuration("manager_url"), + incremental=configuration.get_configuration("incremental_updates"), + manager_api_key=configuration.get_configuration("api_token")) + + +class Pipeline(object): + """ + Endpoint for pipelines requests + """ + + @staticmethod + @hug.local() + @hug.get("/pipelines", requires=api_key_authentication) + @hug.get("/pipeline/{uuid}", requires=api_key_authentication) + def get(uuid: hug.types.uuid=None, authed_user: hug.directives.user=None): + """Retrieve all pipelines + + :param uuid: uuid of the pipeline + :param authed_user: the name of the authenticated user + :return: { + "pipeline_id1": { + "name": "...", + "description": "... (optional)", + } + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + data = orchestration_driver.PipelineManager.get_pipelines(moon_user_id=authed_user, + pipeline_id=uuid) + return {"pipelines": data} + + @staticmethod + @hug.local() + @hug.put("/pipeline/{uuid}", requires=api_key_authentication) + def put(uuid: hug.types.uuid, body: validate_input("name"), + authed_user: hug.directives.user = None): + """ + Ask for the creation of a new pipeline + :param uuid: uuid of the pipeline + :param body: body of the request + :param authed_user: the name of the authenticated user + :return: { + "name": "my_pdp", + "description": "...", + "vim_project_id": "an existing ID", + "security_pipelines": ["an existing policy ID", ], + "slave": ["name of a slave", ] + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + data = orchestration_driver.PipelineManager.add_pipeline(moon_user_id=authed_user, + pipeline_id=uuid, + data=body) + CACHE.add_pipeline(uuid, data) + return {"pipelines": data} + + @staticmethod + @hug.local() + @hug.delete("/pipeline/{uuid}", requires=api_key_authentication) + def delete(uuid: hug.types.uuid, authed_user: hug.directives.user = None): + """ + Ask for the deletion of a new pipeline + :param uuid: uuid of the pipeline + :param authed_user: the name of the authenticated user + :return: { + "name": "my_pdp", + "description": "...", + "vim_project_id": "an existing ID", + "security_pipelines": ["an existing policy ID", ], + "slave": ["name of a slave", ] + } + """ + uuid = str(uuid).replace("-", "") + orchestration_driver.init() + orchestration_driver.PipelineManager.delete_pipeline(moon_user_id=authed_user, + pipeline_id=uuid) + CACHE.delete_pipeline(uuid) + return True diff --git a/moon_engine/moon_engine/api/wrapper/api/update.py b/moon_engine/moon_engine/api/wrapper/api/update.py new file mode 100644 index 00000000..7af274e5 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/api/update.py @@ -0,0 +1,179 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +"""Update API""" +import hug +from moon_utilities.auth_functions import api_key_authentication +from moon_engine.api.wrapper.update_wrapper import UpdateWrapper as UpdateWrapper + + +class WrapperUpdate(object): + + @staticmethod + @hug.local() + @hug.put("/update", requires=api_key_authentication) + def update(body, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its own data should be updated + It simply reloads the conf file + + :return: 204 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_wrapper(data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/pdp/{pdp_id}", requires=api_key_authentication) + def update_pdp(body, pdp_id: hug.types.uuid, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its cache should be updated + body may contain the attributes that the moon_engine should get from the manager + if the attributes key is empty, all data should be retrieved + body example: + { + "vim_project_id": "...", + "security_pipeline": ["policy_id1", "policy_id2"], + "attributes": ["subjects", "subject_assignments", "subject_categories"] + } + :return: 202 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_pdp(pdp_id=str(pdp_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/pdp/{pdp_id}", requires=api_key_authentication) + def delete_pdp(pdp_id: hug.types.uuid, response, authed_user: hug.directives.user): + """Tell the moon_engine wrapper that its cache should be updated + body may contain the attributes that the moon_engine should get from the manager + if the attributes key is empty, all data should be retrieved + body example: + { + "vim_project_id": "...", + "security_pipeline": ["policy_id1", "policy_id2"], + "attributes": ["subjects", "subject_assignments", "subject_categories"] + } + :return: 202 status code + """ + + # todo call wrapper to update its pdp at the cache + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_pdp(pdp_id=str(pdp_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/policy/{policy_id}", requires=api_key_authentication) + def update_policy(body, policy_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_policy(policy_id=str(policy_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/policy/{policy_id}", requires=api_key_authentication) + def delete_policy(policy_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_policy(policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/assignment/{policy_id}/{type}/", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}/{category_id}", requires=api_key_authentication) + @hug.delete("/update/assignment/{policy_id}/{type}/{perimeter_id}/{category_id}/{data_id}", requires=api_key_authentication) + def delete_assignment(response, policy_id: hug.types.uuid, type: hug.types.text, + perimeter_id: hug.types.uuid = None, category_id: hug.types.uuid = None, + data_id: hug.types.uuid = None, authed_user: hug.directives.user=None): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_assignment(type=type, policy_id=str(policy_id).replace("-", ""), + perimeter_id=str(perimeter_id).replace("-", ""), + category_id=str(category_id).replace("-", ""), + data_id=data_id, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/perimeter/{perimeter_id}/{policy_id}/{type}", requires=api_key_authentication) + def update_perimeter(body, perimeter_id: hug.types.uuid, policy_id: hug.types.uuid, + type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_perimeter( type=type, + perimeter_id=str(perimeter_id).replace("-", ""), data=body, + policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/perimeter/{perimeter_id}/{policy_id}/{type}", requires=api_key_authentication) + def delete_perimeter(perimeter_id: hug.types.uuid, policy_id: hug.types.uuid, + type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_perimeter(type=type, + perimeter_id=str(perimeter_id).replace("-", ""), + policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/rule/{policy_id}/{rule_id}", requires=api_key_authentication) + def delete_rule(policy_id: hug.types.uuid, rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_rule(rule_id=str(rule_id).replace("-", ""), policy_id=str(policy_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/model/{model_id}", requires=api_key_authentication) + def update_model(body, model_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_model(model_id=str(model_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/model/{model_id}", requires=api_key_authentication) + def delete_model(model_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_model(model_id=str(model_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/meta_data/{category_id}/{type}", requires=api_key_authentication) + def delete_category(category_id: hug.types.uuid, type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_category(category_id=str(category_id).replace("-", ""), type=type, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.put("/update/meta_rule/{meta_rule_id}", requires=api_key_authentication) + def update_meta_rule(body, meta_rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.update_meta_rule(meta_rule_id=str(meta_rule_id).replace("-", ""), data=body, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/meta_rule/{meta_rule_id}", requires=api_key_authentication) + def delete_meta_rule(meta_rule_id: hug.types.uuid, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_meta_rule(meta_rule_id=str(meta_rule_id).replace("-", ""), moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/data/{data_id}/{type}", requires=api_key_authentication) + def delete_data(data_id: hug.types.uuid, type: hug.types.text, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_data(data_id=str(data_id).replace("-", ""), type=type, moon_user_id=authed_user) + + @staticmethod + @hug.local() + @hug.delete("/update/attributes/{name}", requires=api_key_authentication) + def delete_data(name: str, response, authed_user: hug.directives.user): + update_wrapper = UpdateWrapper() + response.status = update_wrapper.delete_attributes(name=name, moon_user_id=authed_user) + diff --git a/moon_engine/moon_engine/api/wrapper/router.py b/moon_engine/moon_engine/api/wrapper/router.py new file mode 100644 index 00000000..db6b6e24 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/router.py @@ -0,0 +1,115 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +from moon_utilities import exceptions +from moon_cache.cache import Cache +from uuid import uuid4 +import logging +import requests +from moon_engine.api.configuration import get_configuration + +LOGGER = logging.getLogger("moon.engine.wrapper." + __name__) + + +class Router(object): + __CACHE = None + + def __init__(self, project_id, subject_name, object_name, action_name): + + if not self.__CACHE: + self.__CACHE = Cache.getInstance(manager_url=get_configuration("manager_url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + self.pipeline_id = self.__check_pdp_from_cache(project_id) + + self.request_id = uuid4().hex + + self.ctx = { + "project_id": project_id, + "subject_name": subject_name, + "object_name": object_name, + "action_name": action_name + } + + # ToDo add status of request + self.__CACHE.authz_requests[self.request_id] = {} + + pdp_id = self.__CACHE.get_pdp_from_vim_project(project_id) + self.__CACHE.update(pipeline=pdp_id) + self.pipeline = [] + if self.pipeline_id in self.__CACHE.pipelines: + self.pipeline = self.__CACHE.pipelines[self.pipeline_id] + + if len(self.pipeline) == 0 or not all( + k in self.pipeline for k in ("host", "port")): + raise exceptions.MoonError('Void container chaining') + + def __enter__(self): + return self + + def __exit__(self, exc_type, exc_val, exc_tb): + self.__CACHE.authz_requests.pop(self.request_id) + + def auth_request(self): + req = None + endpoint = self.__CACHE.get_pipeline_url(self.ctx["project_id"]) + + try: + req = requests.get("{}/authz/{}/{}/{}".format( + endpoint, + self.ctx["subject_name"], + self.ctx["object_name"], + self.ctx["action_name"]), + timeout=2 + ) + + if req.status_code != 200 and req.status_code != 202 and req.status_code != 204: + raise exceptions.AuthzException( + "Receive bad response from Authz function (with address - {})" + .format(req.status_code)) + + except requests.exceptions.ConnectionError: + LOGGER.error("Cannot connect to {}".format( + "{}/authz".format(endpoint)) + ) + except requests.exceptions.ReadTimeout: + LOGGER.error("Timeout error") + return {"result": False, "message": "Timeout during request for pipeline"}, 400 + except Exception as e: + LOGGER.error("Unexpected error:", e) + return {"result": False, "message": e}, 400 + + if not req: + raise exceptions.AuthzException("Cannot connect to Authz function") + + if req.status_code == 204: + return {"result": True, "message": ""} + return {"result": False, "message": req.content}, 400 + + def __check_pdp_from_cache(self, uuid): + """Check if a PDP exist with this ID in the cache of this component + + :param uuid: Keystone Project ID + :return: True or False + """ + + if self.__CACHE.get_pdp_from_vim_project(uuid): + return self.__CACHE.get_pipeline_id_from_project_id(uuid) + + self.__CACHE.update() + + if self.__CACHE.get_pdp_from_vim_project(uuid): + return self.__CACHE.get_pipeline_id_from_project_id(uuid) + + raise exceptions.MoonError("Unknown Project ID {}".format(uuid)) + diff --git a/moon_engine/moon_engine/api/wrapper/update_wrapper.py b/moon_engine/moon_engine/api/wrapper/update_wrapper.py new file mode 100644 index 00000000..bb388472 --- /dev/null +++ b/moon_engine/moon_engine/api/wrapper/update_wrapper.py @@ -0,0 +1,233 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +import logging +import sys + +import hug +import requests +from moon_engine import orchestration_driver +from moon_cache.cache import Cache +from moon_engine.api.configuration import get_configuration, reload_configuration +from moon_utilities import exceptions + +logger = logging.getLogger("moon.engine.api.wrapper" + __name__) + + +class UpdateWrapper(object): + __CACHE = None + + def __init__(self): + if not self.__CACHE: + self.__CACHE = Cache.getInstance( + manager_url=get_configuration("manager_url"), + incremental=get_configuration("incremental_updates"), + manager_api_key=get_configuration("api_token")) + + def update_wrapper(self, data, moon_user_id=None): + reload_configuration() + return hug.HTTP_204 + + def update_pdp(self, pdp_id, data, moon_user_id=None): + + url_pattern = "update/pdp/{}".format(pdp_id) + return self.__process_request(url_pattern, body=data, moon_user_id=moon_user_id, pdp_id=pdp_id) + + def delete_pdp(self, pdp_id, moon_user_id=None): + + url_pattern = "update/pdp/{}".format(pdp_id) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, pdp_id=pdp_id, delete=True) + + def delete_policy(self, policy_id, moon_user_id=None): + url_pattern = "update/policy/{}".format(policy_id) + return self.__process_request(url_pattern, moon_user_id, policy_id=policy_id, delete=True) + + def update_policy(self, policy_id, data=None, moon_user_id=None): + + url_pattern = "update/policy/{}".format(policy_id) + return self.__process_request(url_pattern, body=data, moon_user_id=moon_user_id, + policy_id=policy_id) + + def delete_assignment(self, type, policy_id, perimeter_id=None, category_id=None, data_id=None, + moon_user_id=None): + + if policy_id and perimeter_id and category_id and data_id: + url_pattern = "update/assignment/{}/{}/{}/{}/{}".format(policy_id, type, perimeter_id, + category_id, + data_id) + + if policy_id and perimeter_id and category_id: + url_pattern = "update/assignment/{}/{}/{}/{}".format(policy_id, type, perimeter_id, + category_id) + + if policy_id and perimeter_id: + url_pattern = "update/assignment/{}/{}/{}".format(policy_id, type, perimeter_id) + + if policy_id: + url_pattern = "update/assignment/{}/{}".format(policy_id, type) + + return self.__process_request(url_pattern, moon_user_id, policy_id=policy_id, delete=True) + + def update_perimeter(self, type, perimeter_id, data=None, policy_id=None, moon_user_id=None): + url_pattern = "update/perimeter/{}/{}/{}".format(perimeter_id, policy_id, type) + return self.__process_request(url_pattern, body=data, moon_user_id=moon_user_id, + policy_id=policy_id) + + def delete_perimeter(self, type, perimeter_id, policy_id=None, moon_user_id=None): + url_pattern = "update/perimeter/{}/{}/{}".format(perimeter_id, policy_id, type) + return self.__process_request(url_pattern, moon_user_id, policy_id=policy_id, delete=True) + + def delete_rule(self, rule_id, policy_id, moon_user_id=None): + + url_pattern = "update/rule/{}/{}".format(policy_id, rule_id) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, policy_id=policy_id, + delete=True) + + def update_model(self, model_id, data=None, moon_user_id=None): + + url_pattern = "update/model/{}".format(model_id) + return self.__process_request(url_pattern, body=data, moon_user_id=moon_user_id) + + def delete_model(self, model_id, moon_user_id=None): + + url_pattern = "update/model/{}".format(model_id) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, delete=True) + + def delete_category(self, category_id, type, moon_user_id=None): + + url_pattern = "update/meta_data/{}/{}".format(category_id, type) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, delete=True) + + def update_meta_rule(self, meta_rule_id, data=None, moon_user_id=None): + + url_pattern = "update/meta_rule/{}".format(meta_rule_id, type) + return self.__process_request(url_pattern, body=data, moon_user_id=moon_user_id) + + def delete_meta_rule(self, meta_rule_id, moon_user_id=None): + + url_pattern = "update/meta_rule/{}".format(meta_rule_id, type) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, delete=True) + + def delete_data(self, data_id, type, moon_user_id=None): + + url_pattern = "update/data/{}/{}".format(data_id, type) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, delete=True) + + def delete_attributes(self, name, moon_user_id=None): + + url_pattern = "update/attributes/{}".format(name) + return self.__process_request(url_pattern, moon_user_id=moon_user_id, delete=True) + + def __process_request(self, url_pattern, body=None, moon_user_id=None, policy_id=None, + pdp_id=None, delete=False): + if policy_id: + endpoint = self.__CACHE.get_pipeline_url(pipeline_id=policy_id) + cached_api_key = self.__CACHE.get_api_key(pipeline_id=policy_id) + if orchestration_driver.PipelineManager: + _pdp_id = self.__CACHE.get_pdp_id_from_policy_id(policy_id=policy_id) + api_key = orchestration_driver.PipelineManager.get_pipeline_api_key(moon_user_id=moon_user_id, pipeline_id=_pdp_id) + if not api_key: + api_key = cached_api_key + + if not endpoint: + return hug.HTTP_208 + if delete: + return self.__execute_delete_request(endpoint, url_pattern, api_key) + else: + return self.__execute_put_request(endpoint, url_pattern, api_key, body) + + elif pdp_id: + endpoint = self.__CACHE.get_pipeline_url(pdp_id=pdp_id) + cached_api_key = self.__CACHE.get_api_key(pdp_id=pdp_id) + if orchestration_driver.PipelineManager: + api_key = orchestration_driver.PipelineManager.get_pipeline_api_key(moon_user_id=moon_user_id, pipeline_id=pdp_id) + if not api_key: + api_key = cached_api_key + + if not endpoint: + return hug.HTTP_208 + if delete: + return self.__execute_delete_request(endpoint, url_pattern, api_key) + else: + return self.__execute_put_request(endpoint, url_pattern, api_key, body) + + else: + pdps = self.__CACHE.pdp + for _pdp_id in pdps: + vim_project_id = pdps.get(_pdp_id, {}).get("vim_project_id") + if vim_project_id: + cached_api_key = self.__CACHE.get_api_key(project_id=vim_project_id) + if orchestration_driver.PipelineManager: + api_key = orchestration_driver.PipelineManager.get_pipeline_api_key(moon_user_id=moon_user_id, pipeline_id=_pdp_id) + if not api_key: + api_key = cached_api_key + + + endpoint = self.__CACHE.get_pipeline_url(project_id=vim_project_id) + + if delete: + return self.__execute_delete_request(endpoint, url_pattern, api_key) + else: + return self.__execute_put_request(endpoint, url_pattern, api_key, body) + return hug.HTTP_206 + + @staticmethod + def __execute_put_request(endpoint, url_pattern, api_key, body): + logger.info(f"Sending a PUT request on {endpoint}/{url_pattern}") + try: + req = requests.put("{}/{}".format( + endpoint, url_pattern), headers={"X-Api-Key": api_key}, json=body) + logger.info(req) + if req.status_code == 200: + return hug.HTTP_200 + if req.status_code == 202: + return hug.HTTP_202 + if req.status_code == 208: + return hug.HTTP_208 + + else: + raise exceptions.AuthzException( + "Receive bad response from Authz function " + "(with address - {})".format(req.status_code)) + + except requests.exceptions.ConnectionError: + logger.error("Cannot connect to {}".format( + "{}/authz/{}".format(endpoint, url_pattern)) + ) + except Exception as e: + logger.exception("Unexpected error:", e) + + @staticmethod + def __execute_delete_request(endpoint, url_pattern, api_key): + logger.info(f"Sending a DELETE request on {endpoint}/{url_pattern}") + try: + req = requests.delete("{}/{}".format( + endpoint, url_pattern), headers={"X-Api-Key": api_key}) + + if req.status_code == 200: + return hug.HTTP_200 + if req.status_code == 202: + return hug.HTTP_202 + if req.status_code == 208: + return hug.HTTP_208 + + else: + raise exceptions.AuthzException( + "Receive bad response from Authz function " + "(with address - {})".format(req.status_code)) + + except requests.exceptions.ConnectionError: + logger.error("Cannot connect to {}".format( + "{}/authz/{}".format(endpoint, url_pattern)) + ) + except Exception as e: + logger.exception("Unexpected error:", e) |