aboutsummaryrefslogtreecommitdiffstats
path: root/moon_interface
diff options
context:
space:
mode:
Diffstat (limited to 'moon_interface')
-rw-r--r--moon_interface/Dockerfile12
-rw-r--r--moon_interface/LICENSE202
-rw-r--r--moon_interface/MANIFEST.in9
-rw-r--r--moon_interface/Makefile12
-rw-r--r--moon_interface/README.rst9
-rw-r--r--moon_interface/moon_interface/__init__.py6
-rw-r--r--moon_interface/moon_interface/__main__.py4
-rw-r--r--moon_interface/moon_interface/api/__init__.py0
-rw-r--r--moon_interface/moon_interface/api/authz.py193
-rw-r--r--moon_interface/moon_interface/api/generic.py131
-rw-r--r--moon_interface/moon_interface/authz_requests.py159
-rw-r--r--moon_interface/moon_interface/containers.py102
-rw-r--r--moon_interface/moon_interface/http_server.py136
-rw-r--r--moon_interface/moon_interface/server.py34
-rw-r--r--moon_interface/requirements.txt4
-rw-r--r--moon_interface/setup.py47
-rw-r--r--moon_interface/tests/unit_python/api/__init__.py0
-rw-r--r--moon_interface/tests/unit_python/api/test_authz.py23
-rw-r--r--moon_interface/tests/unit_python/conftest.py678
-rw-r--r--moon_interface/tests/unit_python/requirements.txt5
-rw-r--r--moon_interface/tools/api2rst.py145
-rw-r--r--moon_interface/tools/get_keystone_token.py71
-rw-r--r--moon_interface/tools/run.sh5
23 files changed, 1987 insertions, 0 deletions
diff --git a/moon_interface/Dockerfile b/moon_interface/Dockerfile
new file mode 100644
index 00000000..82160cc9
--- /dev/null
+++ b/moon_interface/Dockerfile
@@ -0,0 +1,12 @@
+FROM ubuntu:latest
+
+RUN apt update && apt install python3.5 python3-pip -y
+RUN pip3 install python_moonutilities python_moondb pip --upgrade
+
+ADD . /root
+WORKDIR /root/
+RUN pip3 install -r requirements.txt --upgrade
+#RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install .
+
+CMD ["python3", "-m", "moon_interface"] \ No newline at end of file
diff --git a/moon_interface/LICENSE b/moon_interface/LICENSE
new file mode 100644
index 00000000..d6456956
--- /dev/null
+++ b/moon_interface/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/moon_interface/MANIFEST.in b/moon_interface/MANIFEST.in
new file mode 100644
index 00000000..1f674d50
--- /dev/null
+++ b/moon_interface/MANIFEST.in
@@ -0,0 +1,9 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+include README.rst
+include LICENSE
+include setup.py
+include requirements.txt
diff --git a/moon_interface/Makefile b/moon_interface/Makefile
new file mode 100644
index 00000000..af91b904
--- /dev/null
+++ b/moon_interface/Makefile
@@ -0,0 +1,12 @@
+all: built run
+
+built:
+ docker build -t moon_policy:16.04 .
+
+run:
+ docker run -p 8000:8000 moon_policy:16.04
+
+.PHONY: clean
+
+clean:
+ find . -name "*.py" -exec echo rm {}\;
diff --git a/moon_interface/README.rst b/moon_interface/README.rst
new file mode 100644
index 00000000..ded4e99a
--- /dev/null
+++ b/moon_interface/README.rst
@@ -0,0 +1,9 @@
+Core module for the Moon project
+================================
+
+This package contains the core module for the Moon project
+It is designed to provide authorization features to all OpenStack components.
+
+For any other information, refer to the parent project:
+
+ https://git.opnfv.org/moon
diff --git a/moon_interface/moon_interface/__init__.py b/moon_interface/moon_interface/__init__.py
new file mode 100644
index 00000000..903c6518
--- /dev/null
+++ b/moon_interface/moon_interface/__init__.py
@@ -0,0 +1,6 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+__version__ = "0.1.0"
diff --git a/moon_interface/moon_interface/__main__.py b/moon_interface/moon_interface/__main__.py
new file mode 100644
index 00000000..517fdd60
--- /dev/null
+++ b/moon_interface/moon_interface/__main__.py
@@ -0,0 +1,4 @@
+from moon_interface.server import main
+
+server = main()
+server.run()
diff --git a/moon_interface/moon_interface/api/__init__.py b/moon_interface/moon_interface/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/moon_interface/moon_interface/api/__init__.py
diff --git a/moon_interface/moon_interface/api/authz.py b/moon_interface/moon_interface/api/authz.py
new file mode 100644
index 00000000..c9f4697f
--- /dev/null
+++ b/moon_interface/moon_interface/api/authz.py
@@ -0,0 +1,193 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+Authz is the endpoint to get authorization response
+"""
+
+from flask import request
+from flask_restful import Resource
+import logging
+import pickle
+import requests
+import time
+from uuid import uuid4
+
+from moon_interface.authz_requests import AuthzRequest
+
+__version__ = "0.1.0"
+
+LOG = logging.getLogger("moon.interface.api." + __name__)
+
+
+def pdp_in_cache(cache, uuid):
+ """Check if a PDP exist with this Keystone Project ID in the cache of this component
+
+ :param cache: Cache to use
+ :param uuid: Keystone Project ID
+ :return: True or False
+ """
+ for item_uuid, item_value in cache.pdp.items():
+ if uuid == item_value['keystone_project_id']:
+ return item_uuid, item_value
+ return None, None
+
+
+def pdp_in_manager(cache, uuid):
+ """Check if a PDP exist with this Keystone Project ID in the Manager component
+
+ :param cache: Cache to use
+ :param uuid: Keystone Project ID
+ :return: True or False
+ """
+ cache.update()
+ return pdp_in_cache(cache, uuid)
+
+
+def container_exist(cache, uuid):
+ """Check if a PDP exist with this Keystone Project ID in the Manager component
+
+ :param cache: Cache to use
+ :param uuid: Keystone Project ID
+ :return: True or False
+ """
+ for key, value in cache.containers.items():
+ if "keystone_project_id" not in value:
+ continue
+ if value["keystone_project_id"] == uuid:
+ try:
+ req = requests.head("http://{}:{}/".format(
+ value.get("hostname"),
+ value.get("port")[0].get("PublicPort")))
+ LOG.info("container_exist {}".format(req.status_code))
+ if req.status_code in (200, 201):
+ return value
+ return
+ except requests.exceptions.ConnectionError:
+ pass
+ # maybe hostname is not working so trying with IP address
+ try:
+ req = requests.head("http://{}:{}/".format(
+ value.get("ip"),
+ value.get("port")[0].get("PublicPort")))
+ if req.status_code in (200, 201):
+ return value
+ return
+ except requests.exceptions.ConnectionError:
+ return
+
+
+def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name):
+ """Create the authorization request and make the first call to the Authz function
+
+ :param cache: Cache to use
+ :param interface_name: hostname of the interface
+ :param manager_url: URL of the manager
+ :param uuid: Keystone Project ID
+ :param subject_name: name of the subject
+ :param object_name: name of the object
+ :param action_name: name of the action
+ :return: Authorisation request
+ """
+ req_id = uuid4().hex
+ ctx = {
+ "project_id": uuid,
+ "subject_name": subject_name,
+ "object_name": object_name,
+ "action_name": action_name,
+ "request_id": req_id,
+ "interface_name": interface_name,
+ "manager_url": manager_url,
+ "cookie": uuid4().hex
+ }
+ cache.authz_requests[req_id] = AuthzRequest(ctx)
+ return cache.authz_requests[req_id]
+
+
+class Authz(Resource):
+ """
+ Endpoint for authz requests
+ """
+
+ __urls__ = (
+ "/authz/<string:uuid>",
+ "/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>",
+ )
+
+ def __init__(self, **kwargs):
+ self.CACHE = kwargs.get("cache")
+ self.INTERFACE_NAME = kwargs.get("interface_name", "interface")
+ self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080")
+ self.TIMEOUT = 5
+
+ def get(self, uuid=None, subject_name=None, object_name=None, action_name=None):
+ """Get a response on an authorization request
+
+ :param uuid: uuid of a tenant or an intra_extension
+ :param subject_name: name of the subject or the request
+ :param object_name: name of the object
+ :param action_name: name of the action
+ :return: {
+ "args": {},
+ "ctx": {
+ "action_name": "4567",
+ "id": "123456",
+ "method": "authz",
+ "object_name": "234567",
+ "subject_name": "123456",
+ "user_id": "admin"
+ },
+ "error": {
+ "code": 500,
+ "description": "",
+ "title": "Moon Error"
+ },
+ "intra_extension_id": "123456",
+ "result": false
+ }
+ :internal_api: authz
+ """
+ pdp_id, pdp_value = pdp_in_cache(self.CACHE, uuid)
+ if not pdp_id:
+ pdp_id, pdp_value = pdp_in_manager(self.CACHE, uuid)
+ if not pdp_id:
+ return {
+ "result": False,
+ "message": "Unknown Project ID or "
+ "Project ID is not bind to a PDP."}, 403
+ authz_request = create_authz_request(
+ cache=self.CACHE,
+ uuid=uuid,
+ interface_name=self.INTERFACE_NAME,
+ manager_url=self.MANAGER_URL,
+ subject_name=subject_name,
+ object_name=object_name,
+ action_name=action_name)
+ cpt = 0
+ while True:
+ if cpt > self.TIMEOUT*10:
+ return {"result": False,
+ "message": "Authz request had timed out."}, 500
+ if authz_request.is_authz():
+ if authz_request.final_result == "Grant":
+ return {"result": True, "message": ""}, 200
+ return {"result": False, "message": ""}, 401
+ cpt += 1
+ time.sleep(0.1)
+
+ def patch(self, uuid=None, subject_name=None, object_name=None, action_name=None):
+ """Get a response on an authorization request
+
+ :param uuid: uuid of the authorization request
+ :param subject_name: not used
+ :param object_name: not used
+ :param action_name: not used
+ :request body: a Context object
+ :return: {}
+ :internal_api: authz
+ """
+ if uuid in self.CACHE.authz_requests:
+ self.CACHE.authz_requests[uuid].set_result(pickle.loads(request.data))
+ return "", 201
+ return {"result": False, "message": "The request ID is unknown"}, 500
diff --git a/moon_interface/moon_interface/api/generic.py b/moon_interface/moon_interface/api/generic.py
new file mode 100644
index 00000000..51de9214
--- /dev/null
+++ b/moon_interface/moon_interface/api/generic.py
@@ -0,0 +1,131 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+Those API are helping API used to manage the Moon platform.
+"""
+
+from flask_restful import Resource, request
+import logging
+import moon_interface.api
+from python_moonutilities.security_functions import check_auth
+
+__version__ = "0.1.0"
+
+LOG = logging.getLogger("moon.interface.api." + __name__)
+
+
+class Status(Resource):
+ """
+ Endpoint for status requests
+ """
+
+ __urls__ = ("/status", "/status/", "/status/<string:component_id>")
+
+ def get(self, component_id=None):
+ """Retrieve status of all components
+
+ :return: {
+ "orchestrator": {
+ "status": "Running"
+ },
+ "security_router": {
+ "status": "Running"
+ }
+ }
+ """
+ raise NotImplemented
+
+
+class Logs(Resource):
+ """
+ Endpoint for logs requests
+ """
+
+ __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>")
+
+ def get(self, component_id=None):
+ """Get logs from the Moon platform
+
+ :param component_id: the ID of the component your are looking for (optional)
+ :return: [
+ "2015-04-15-13:45:20
+ "2015-04-15-13:45:21
+ "2015-04-15-13:45:22
+ "2015-04-15-13:45:23
+ ]
+ """
+ filter_str = request.args.get('filter', '')
+ from_str = request.args.get('from', '')
+ to_str = request.args.get('to', '')
+ event_number = request.args.get('event_number', '')
+ try:
+ event_number = int(event_number)
+ except ValueError:
+ event_number = None
+ args = dict()
+ args["filter"] = filter_str
+ args["from"] = from_str
+ args["to"] = to_str
+ args["event_number"] = event_number
+
+ raise NotImplemented
+
+
+class API(Resource):
+ """
+ Endpoint for API requests
+ """
+
+ __urls__ = (
+ "/api",
+ "/api/",
+ "/api/<string:group_id>",
+ "/api/<string:group_id>/",
+ "/api/<string:group_id>/<string:endpoint_id>")
+
+ @check_auth
+ def get(self, group_id="", endpoint_id="", user_id=""):
+ """Retrieve all API endpoints or a specific endpoint if endpoint_id is given
+
+ :param group_id: the name of one existing group (ie generic, ...)
+ :param endpoint_id: the name of one existing component (ie Logs, Status, ...)
+ :return: {
+ "group_name": {
+ "endpoint_name": {
+ "description": "a description",
+ "methods": {
+ "get": "description of the HTTP method"
+ },
+ "urls": ('/api', '/api/', '/api/<string:endpoint_id>')
+ }
+ }
+ """
+ __methods = ("get", "post", "put", "delete", "options", "patch")
+ api_list = filter(lambda x: "__" not in x, dir(moon_interface.api))
+ api_desc = dict()
+ for api_name in api_list:
+ api_desc[api_name] = {}
+ group_api_obj = eval("moon_interface.api.{}".format(api_name))
+ api_desc[api_name]["description"] = group_api_obj.__doc__
+ if "__version__" in dir(group_api_obj):
+ api_desc[api_name]["version"] = group_api_obj.__version__
+ object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj)))
+ for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list):
+ if "__urls__" in dir(obj):
+ api_desc[api_name][obj.__name__] = dict()
+ api_desc[api_name][obj.__name__]["urls"] = obj.__urls__
+ api_desc[api_name][obj.__name__]["methods"] = dict()
+ for _method in filter(lambda x: x in __methods, dir(obj)):
+ docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method))
+ api_desc[api_name][obj.__name__]["methods"][_method] = docstring
+ api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__)
+ if group_id in api_desc:
+ if endpoint_id in api_desc[group_id]:
+ return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}}
+ elif len(endpoint_id) > 0:
+ LOG.error("Unknown endpoint_id {}".format(endpoint_id))
+ return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
+ return {group_id: api_desc[group_id]}
+ return api_desc
diff --git a/moon_interface/moon_interface/authz_requests.py b/moon_interface/moon_interface/authz_requests.py
new file mode 100644
index 00000000..3f99cb93
--- /dev/null
+++ b/moon_interface/moon_interface/authz_requests.py
@@ -0,0 +1,159 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import logging
+import itertools
+import pickle
+import requests
+from python_moonutilities import configuration, exceptions
+from python_moonutilities.security_functions import Context
+from python_moonutilities.cache import Cache
+
+LOG = logging.getLogger("moon.interface.authz_requests")
+
+
+CACHE = Cache()
+CACHE.update()
+
+
+class AuthzRequest:
+
+ result = None
+ final_result = "Deny"
+ req_max_delay = 2
+
+ def __init__(self, ctx, args=None):
+ self.context = Context(ctx, CACHE)
+ self.args = args
+ self.request_id = ctx["request_id"]
+ if ctx['project_id'] not in CACHE.container_chaining:
+ raise exceptions.KeystoneProjectError("Unknown Project ID {}".format(ctx['project_id']))
+ self.container_chaining = CACHE.container_chaining[ctx['project_id']]
+ if len(self.container_chaining) == 0:
+ raise exceptions.MoonError('Void container chaining')
+ self.pdp_container = self.container_chaining[0]["container_id"]
+ self.run()
+
+ def run(self):
+ self.context.delete_cache()
+ req = None
+ try:
+ req = requests.post("http://{}:{}/authz".format(
+ self.container_chaining[0]["hostip"],
+ self.container_chaining[0]["port"],
+ ), data=pickle.dumps(self.context))
+ if req.status_code != 200:
+ raise exceptions.AuthzException(
+ "Receive bad response from Authz function "
+ "(with IP address - {})".format(
+ req.status_code
+ ))
+ except requests.exceptions.ConnectionError:
+ LOG.error("Cannot connect to {}".format(
+ "http://{}:{}/authz".format(
+ self.container_chaining[0]["hostip"],
+ self.container_chaining[0]["port"]
+ )))
+ except ValueError:
+ try:
+ req = requests.post("http://{}:{}/authz".format(
+ self.container_chaining[0]["hostname"],
+ self.container_chaining[0]["port"],
+ ), data=pickle.dumps(self.context))
+ if req.status_code != 200:
+ raise exceptions.AuthzException(
+ "Receive bad response from Authz function "
+ "(with hostname - {})".format(
+ req.status_code
+ ))
+ except requests.exceptions.ConnectionError:
+ LOG.error("Cannot connect to {}".format(
+ "http://{}:{}/authz".format(
+ self.container_chaining[0]["hostname"],
+ self.container_chaining[0]["port"]
+ )))
+ raise exceptions.AuthzException(
+ "Cannot connect to Authz function")
+ self.context.set_cache(CACHE)
+ if req and len(self.container_chaining) == 1:
+ self.result = pickle.loads(req.content)
+
+ # def __exec_next_state(self, rule_found):
+ # index = self.context.index
+ # current_meta_rule = self.context.headers[index]
+ # current_container = self.__get_container_from_meta_rule(current_meta_rule)
+ # current_container_genre = current_container["genre"]
+ # try:
+ # next_meta_rule = self.context.headers[index + 1]
+ # except IndexError:
+ # next_meta_rule = None
+ # if current_container_genre == "authz":
+ # if rule_found:
+ # return True
+ # pass
+ # if next_meta_rule:
+ # # next will be session if current is deny and session is unset
+ # if self.payload["authz_context"]['pdp_set'][next_meta_rule]['effect'] == "unset":
+ # return notify(
+ # request_id=self.payload["authz_context"]["request_id"],
+ # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'],
+ # payload=self.payload)
+ # # next will be delegation if current is deny and session is passed or deny and delegation is unset
+ # else:
+ # LOG.error("Delegation is not developed!")
+ #
+ # else:
+ # # else next will be None and the request is sent to router
+ # return self.__return_to_router()
+ # elif current_container_genre == "session":
+ # pass
+ # # next will be next container in headers if current is passed
+ # if self.payload["authz_context"]['pdp_set'][current_meta_rule]['effect'] == "passed":
+ # return notify(
+ # request_id=self.payload["authz_context"]["request_id"],
+ # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'],
+ # payload=self.payload)
+ # # next will be None if current is grant and the request is sent to router
+ # else:
+ # return self.__return_to_router()
+ # elif current_container_genre == "delegation":
+ # LOG.error("Delegation is not developed!")
+ # # next will be authz if current is deny
+ # # next will be None if current is grant and the request is sent to router
+
+ def set_result(self, result):
+ self.result = result
+
+ def is_authz(self):
+ if not self.result:
+ return False
+ authz_results = []
+ for key in self.result.pdp_set:
+ if "effect" in self.result.pdp_set[key]:
+ if self.result.pdp_set[key]["effect"] == "grant":
+ # the pdp is a authorization PDP and grant the request
+ authz_results.append(True)
+ elif self.result.pdp_set[key]["effect"] == "passed":
+ # the pdp is not a authorization PDP (session or delegation) and had run normally
+ authz_results.append(True)
+ elif self.result.pdp_set[key]["effect"] == "unset":
+ # the pdp is not a authorization PDP (session or delegation) and had not yep run
+ authz_results.append(True)
+ else:
+ # the pdp is (or not) a authorization PDP and had run badly
+ authz_results.append(False)
+ if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]:
+ self.result.pdp_set["effect"] = "grant"
+ if self.result:
+ if self.result.pdp_set["effect"] == "grant":
+ self.final_result = "Grant"
+ return True
+ self.final_result = "Deny"
+ return True
+
+ # def notify(self, request_id, container_id, payload):
+ # LOG.info("notify {} {} {}".format(request_id, container_id, payload))
+ # # TODO: send the notification and wait for the result
+ # # req = requests.get()
diff --git a/moon_interface/moon_interface/containers.py b/moon_interface/moon_interface/containers.py
new file mode 100644
index 00000000..4f93d742
--- /dev/null
+++ b/moon_interface/moon_interface/containers.py
@@ -0,0 +1,102 @@
+# Copyright 2017 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import docker
+import logging
+import re
+import requests
+import time
+from python_moonutilities import configuration, exceptions
+
+__version__ = "0.1.0"
+
+LOG = logging.getLogger("moon.interface.container")
+
+
+class DockerManager:
+
+ def __init__(self):
+ docker_conf = configuration.get_configuration("docker")['docker']
+ self.docker = docker.DockerClient(base_url=docker_conf['url'])
+
+ def create_container(self, data):
+ """Create the container through the docker client
+
+ :param data: {
+ "name": "authz",
+ "hostname": "authz123456789",
+ "port": {
+ "PrivatePort": 8090,
+ "Type": "tcp",
+ "IP": "0.0.0.0",
+ "PublicPort": 8090
+ },
+ "keystone_project_id": "keystone_project_id1",
+ "pdp_id": "123456789",
+ "container_name": "wukongsun/moon_authz:v4.1"
+ }
+ :return: container output
+ """
+ output = self.docker.containers.run(
+ image=data.get("container_name"),
+ hostname=data.get("hostname", data.get("name"))[:63],
+ name=data.get("name"),
+ network='moon',
+ ports={'{}/{}'.format(
+ data.get("port").get("PrivatePort"),
+ data.get("port").get("Type")
+ ): int(data.get("port").get("PrivatePort"))},
+ environment={
+ "UUID": data.get("hostname"),
+ "BIND": data.get("port").get("IP"),
+ "TYPE": data.get("plugin_name"),
+ "PORT": data.get("port").get("PrivatePort"),
+ "PDP_ID": data.get("pdp_id"),
+ "META_RULE_ID": data.get("meta_rule_id"),
+ "KEYSTONE_PROJECT_ID": data.get("keystone_project_id"),
+ },
+ detach=True
+ )
+ try:
+ req = requests.head("http://{}:{}/".format(data.get("hostname"), data.get("port").get("PublicPort")))
+ except requests.exceptions.ConnectionError:
+ pass
+ else:
+ if req.status_code != 200:
+ raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname")))
+ output.ip = "0.0.0.0"
+ return output
+
+ # Note: host is not reachable through hostname so trying to find th IP address
+ res = output.exec_run("ip addr")
+ find = re.findall("inet (\d+\.\d+\.\d+\.\d+)", res.decode("utf-8"))
+ ip = "127.0.0.1"
+ for ip in find:
+ if ip.startswith("127"):
+ continue
+ break
+ cpt = 0
+ while True:
+ try:
+ req = requests.head("http://{}:{}/".format(ip, data.get("port").get("PublicPort")))
+ except requests.exceptions.ConnectionError:
+ pass
+ else:
+ if req.status_code not in (200, 201):
+ LOG.error("url={}".format("http://{}:{}/".format(ip, data.get("port").get("PublicPort"))))
+ LOG.error("req={}".format(req))
+ raise exceptions.DockerError("Container {} is not running!".format(data.get("hostname")))
+ output.ip = ip
+ return output
+ finally:
+ cpt += 1
+ time.sleep(0.1)
+ if cpt > 20:
+ break
+ output.ip = ip
+ return output
+
+ def delete_container(self, uuid):
+ raise NotImplementedError
diff --git a/moon_interface/moon_interface/http_server.py b/moon_interface/moon_interface/http_server.py
new file mode 100644
index 00000000..890bb82f
--- /dev/null
+++ b/moon_interface/moon_interface/http_server.py
@@ -0,0 +1,136 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from flask import Flask, jsonify
+from flask_cors import CORS, cross_origin
+from flask_restful import Resource, Api
+import logging
+from moon_interface import __version__
+from moon_interface.api.generic import Status, Logs, API
+from moon_interface.api.authz import Authz
+from moon_interface.authz_requests import CACHE
+from python_moonutilities import configuration, exceptions
+
+logger = logging.getLogger("moon.interface.http")
+
+
+class Server:
+ """Base class for HTTP server"""
+
+ def __init__(self, host="localhost", port=80, api=None, **kwargs):
+ """Run a server
+
+ :param host: hostname of the server
+ :param port: port for the running server
+ :param kwargs: optional parameters
+ :return: a running server
+ """
+ self._host = host
+ self._port = port
+ self._api = api
+ self._extra = kwargs
+
+ @property
+ def host(self):
+ return self._host
+
+ @host.setter
+ def host(self, name):
+ self._host = name
+
+ @host.deleter
+ def host(self):
+ self._host = ""
+
+ @property
+ def port(self):
+ return self._port
+
+ @port.setter
+ def port(self, number):
+ self._port = number
+
+ @port.deleter
+ def port(self):
+ self._port = 80
+
+ def run(self):
+ raise NotImplementedError()
+
+__API__ = (
+ Status, Logs, API
+ )
+
+
+class Root(Resource):
+ """
+ The root of the web service
+ """
+ __urls__ = ("/", )
+ __methods = ("get", "post", "put", "delete", "options")
+
+ def get(self):
+ tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}}
+ for item in __API__:
+ tree[item.__name__] = {"urls": item.__urls__}
+ _methods = []
+ for _method in self.__methods:
+ if _method in dir(item):
+ _methods.append(_method)
+ tree[item.__name__]["methods"] = _methods
+ tree[item.__name__]["description"] = item.__doc__.strip()
+ return {
+ "version": __version__,
+ "tree": tree
+ }
+
+
+class HTTPServer(Server):
+
+ def __init__(self, host="localhost", port=80, **kwargs):
+ super(HTTPServer, self).__init__(host=host, port=port, **kwargs)
+ self.app = Flask(__name__)
+ self.port = port
+ conf = configuration.get_configuration("components/manager")
+ self.manager_hostname = conf["components/manager"].get("hostname", "manager")
+ self.manager_port = conf["components/manager"].get("port", 80)
+ #Todo : specify only few urls instead of *
+ CORS(self.app)
+ self.api = Api(self.app)
+ self.__set_route()
+ self.__hook_errors()
+
+ # @self.app.errorhandler(exceptions.AuthException)
+ # def _auth_exception(error):
+ # return {"error": "Unauthorized"}, 401
+
+ def __hook_errors(self):
+
+ def get_404_json(e):
+ return jsonify({"result": False, "code": 404, "description": str(e)}), 404
+ self.app.register_error_handler(404, get_404_json)
+
+ def get_400_json(e):
+ return jsonify({"result": False, "code": 400, "description": str(e)}), 400
+ self.app.register_error_handler(400, lambda e: get_400_json)
+ self.app.register_error_handler(403, exceptions.AuthException)
+
+ def __set_route(self):
+ self.api.add_resource(Root, '/')
+
+ for api in __API__:
+ self.api.add_resource(api, *api.__urls__)
+ self.api.add_resource(Authz, *Authz.__urls__,
+ resource_class_kwargs={
+ "cache": CACHE,
+ "interface_name": self.host,
+ "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port),
+ }
+ )
+
+ def run(self):
+ self.app.run(host=self._host, port=self._port) # nosec
+ # self.app.run(debug=True, host=self._host, port=self._port) # nosec
+
diff --git a/moon_interface/moon_interface/server.py b/moon_interface/moon_interface/server.py
new file mode 100644
index 00000000..e53b4504
--- /dev/null
+++ b/moon_interface/moon_interface/server.py
@@ -0,0 +1,34 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import logging
+from python_moonutilities import configuration, exceptions
+from moon_interface.http_server import HTTPServer
+
+LOG = logging.getLogger("moon.interface")
+
+
+def main():
+ configuration.init_logging()
+ try:
+ conf = configuration.get_configuration("components/interface")
+ hostname = conf["components/interface"].get("hostname", "interface")
+ port = conf["components/interface"].get("port", 80)
+ bind = conf["components/interface"].get("bind", "127.0.0.1")
+ except exceptions.ConsulComponentNotFound:
+ hostname = "interface"
+ bind = "127.0.0.1"
+ port = 80
+ configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind)
+ LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind))
+ server = HTTPServer(host=bind, port=port)
+ # LOG.info("Starting server")
+ # server = HTTPServer(host="0.0.0.0", port=8081)
+ return server
+
+
+if __name__ == '__main__':
+ server = main()
+ server.run()
diff --git a/moon_interface/requirements.txt b/moon_interface/requirements.txt
new file mode 100644
index 00000000..7aa2b6df
--- /dev/null
+++ b/moon_interface/requirements.txt
@@ -0,0 +1,4 @@
+flask
+flask_restful
+flask_cors
+python_moonutilities \ No newline at end of file
diff --git a/moon_interface/setup.py b/moon_interface/setup.py
new file mode 100644
index 00000000..3460c991
--- /dev/null
+++ b/moon_interface/setup.py
@@ -0,0 +1,47 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from setuptools import setup, find_packages
+import moon_interface
+
+
+setup(
+
+ name='moon_interface',
+
+ version=moon_interface.__version__,
+
+ packages=find_packages(),
+
+ author="Thomas Duval",
+
+ author_email="thomas.duval@orange.com",
+
+ description="",
+
+ long_description=open('README.rst').read(),
+
+ # install_requires= ,
+
+ include_package_data=True,
+
+ url='https://git.opnfv.org/cgit/moon',
+
+ classifiers=[
+ "Programming Language :: Python",
+ "Development Status :: 1 - Planning",
+ "License :: OSI Approved",
+ "Natural Language :: French",
+ "Operating System :: OS Independent",
+ "Programming Language :: Python :: 3",
+ ],
+
+ entry_points={
+ 'console_scripts': [
+ 'moon_interface = moon_interface.server:main',
+ ],
+ }
+
+)
diff --git a/moon_interface/tests/unit_python/api/__init__.py b/moon_interface/tests/unit_python/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/moon_interface/tests/unit_python/api/__init__.py
diff --git a/moon_interface/tests/unit_python/api/test_authz.py b/moon_interface/tests/unit_python/api/test_authz.py
new file mode 100644
index 00000000..a63948f8
--- /dev/null
+++ b/moon_interface/tests/unit_python/api/test_authz.py
@@ -0,0 +1,23 @@
+import json
+
+
+def get_json(data):
+ return json.loads(data.decode("utf-8"))
+
+
+def test_authz_true(context):
+ import moon_interface.server
+ server = moon_interface.server.main()
+ client = server.app.test_client()
+ req = client.get("/authz/{p_id}/{s_id}/{o_id}/{a_id}".format(
+ p_id=context["project_id"],
+ s_id=context["subject_name"],
+ o_id=context["object_name"],
+ a_id=context["action_name"],
+ ))
+ assert req.status_code == 200
+ data = get_json(req.data)
+ assert data
+ assert "result" in data
+ assert data['result'] == True
+
diff --git a/moon_interface/tests/unit_python/conftest.py b/moon_interface/tests/unit_python/conftest.py
new file mode 100644
index 00000000..1f4e8cfa
--- /dev/null
+++ b/moon_interface/tests/unit_python/conftest.py
@@ -0,0 +1,678 @@
+import base64
+import json
+import os
+import pickle
+import pytest
+import requests_mock
+from uuid import uuid4
+from requests.packages.urllib3.response import HTTPResponse
+
+CONF = {
+ "openstack": {
+ "keystone": {
+ "url": "http://keystone:5000/v3",
+ "user": "admin",
+ "check_token": False,
+ "password": "p4ssw0rd",
+ "domain": "default",
+ "certificate": False,
+ "project": "admin"
+ }
+ },
+ "components": {
+ "wrapper": {
+ "bind": "0.0.0.0",
+ "port": 8080,
+ "container": "wukongsun/moon_wrapper:v4.3",
+ "timeout": 5,
+ "hostname": "wrapper"
+ },
+ "manager": {
+ "bind": "0.0.0.0",
+ "port": 8082,
+ "container": "wukongsun/moon_manager:v4.3",
+ "hostname": "manager"
+ },
+ "port_start": 31001,
+ "orchestrator": {
+ "bind": "0.0.0.0",
+ "port": 8083,
+ "container": "wukongsun/moon_orchestrator:v4.3",
+ "hostname": "orchestrator"
+ },
+ "interface": {
+ "bind": "0.0.0.0",
+ "port": 8080,
+ "container": "wukongsun/moon_interface:v4.3",
+ "hostname": "interface"
+ }
+ },
+ "plugins": {
+ "session": {
+ "port": 8082,
+ "container": "asteroide/session:latest"
+ },
+ "authz": {
+ "port": 8081,
+ "container": "wukongsun/moon_authz:v4.3"
+ }
+ },
+ "logging": {
+ "handlers": {
+ "file": {
+ "filename": "/tmp/moon.log",
+ "class": "logging.handlers.RotatingFileHandler",
+ "level": "DEBUG",
+ "formatter": "custom",
+ "backupCount": 3,
+ "maxBytes": 1048576
+ },
+ "console": {
+ "class": "logging.StreamHandler",
+ "formatter": "brief",
+ "level": "INFO",
+ "stream": "ext://sys.stdout"
+ }
+ },
+ "formatters": {
+ "brief": {
+ "format": "%(levelname)s %(name)s %(message)-30s"
+ },
+ "custom": {
+ "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s"
+ }
+ },
+ "root": {
+ "handlers": [
+ "console"
+ ],
+ "level": "ERROR"
+ },
+ "version": 1,
+ "loggers": {
+ "moon": {
+ "handlers": [
+ "console",
+ "file"
+ ],
+ "propagate": False,
+ "level": "DEBUG"
+ }
+ }
+ },
+ "slave": {
+ "name": None,
+ "master": {
+ "url": None,
+ "login": None,
+ "password": None
+ }
+ },
+ "docker": {
+ "url": "tcp://172.88.88.1:2376",
+ "network": "moon"
+ },
+ "database": {
+ "url": "sqlite:///database.db",
+ # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon",
+ "driver": "sql"
+ },
+ "messenger": {
+ "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon"
+ }
+}
+
+COMPONENTS = (
+ "logging",
+ "openstack/keystone",
+ "database",
+ "slave",
+ "components/manager",
+ "components/orchestrator",
+ "components/interface",
+)
+
+CONTEXT = {
+ "project_id": "a64beb1cc224474fb4badd43173e7101",
+ "subject_name": "testuser",
+ "object_name": "vm1",
+ "action_name": "boot",
+ "request_id": uuid4().hex,
+ "interface_name": "interface",
+ "manager_url": "http://{}:{}".format(
+ CONF["components"]["manager"]["hostname"],
+ CONF["components"]["manager"]["port"]
+ ),
+ "cookie": uuid4().hex
+ }
+
+
+def get_b64_conf(component=None):
+ if component == "components":
+ return base64.b64encode(
+ json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8')
+ elif component in CONF:
+ return base64.b64encode(
+ json.dumps(
+ CONF[component]).encode('utf-8')+b"\n").decode('utf-8')
+ elif not component:
+ return base64.b64encode(
+ json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8')
+ elif "/" in component:
+ key1, _, key2 = component.partition("/")
+ return base64.b64encode(
+ json.dumps(
+ CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8')
+
+
+MOCK_URLS = [
+ ('GET', 'http://consul:8500/v1/kv/components?recurse=true',
+ {'json': {"Key": key, "Value": get_b64_conf(key)}
+ for key in COMPONENTS}
+ ),
+ ('POST', 'http://keystone:5000/v3/auth/tokens',
+ {'headers': {'X-Subject-Token': "111111111"}}),
+ ('DELETE', 'http://keystone:5000/v3/auth/tokens',
+ {'headers': {'X-Subject-Token': "111111111"}}),
+ ('POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ {'json': {"users": {}}}),
+ ('GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ {'json': {"users": {}}}),
+ ('POST', 'http://keystone:5000/v3/users/',
+ {'json': {"users": [{
+ "id": "1111111111111"
+ }]}}),
+]
+
+
+@pytest.fixture
+def db():
+ return CONF['database']
+
+
+@pytest.fixture
+def context():
+ return CONTEXT
+
+
+def set_env_variables():
+ os.environ['UUID'] = "1111111111"
+ os.environ['TYPE'] = "authz"
+ os.environ['PORT'] = "8081"
+ os.environ['PDP_ID'] = "b3d3e18abf3340e8b635fd49e6634ccd"
+ os.environ['META_RULE_ID'] = "f8f49a779ceb47b3ac810f01ef71b4e0"
+ os.environ['KEYSTONE_PROJECT_ID'] = CONTEXT['project_id']
+
+
+def get_pickled_context():
+ from python_moonutilities.security_functions import Context
+ from python_moonutilities.cache import Cache
+ CACHE = Cache()
+ CACHE.update()
+ _context = Context(context(), CACHE)
+ _context.increment_index()
+ _context.pdp_set['effect'] = 'grant'
+ _context.pdp_set[os.environ['META_RULE_ID']]['effect'] = 'grant'
+ print(_context.pdp_set)
+ return pickle.dumps(_context)
+
+
+@pytest.fixture(autouse=True)
+def set_consul_and_db(monkeypatch):
+ """ Modify the response from Requests module
+ """
+ set_env_variables()
+ with requests_mock.Mocker(real_http=True) as m:
+ for component in COMPONENTS:
+ m.register_uri(
+ 'GET', 'http://consul:8500/v1/kv/{}'.format(component),
+ json=[{'Key': component, 'Value': get_b64_conf(component)}]
+ )
+ # for _data in MOCK_URLS:
+ # m.register_uri(_data[0], _data[1], **_data[2])
+ m.register_uri(
+ 'GET', 'http://consul:8500/v1/kv/components?recurse=true',
+ json=[
+ {"Key": key, "Value": get_b64_conf(key)} for key in COMPONENTS
+ ],
+ )
+ m.register_uri(
+ 'GET', 'http://consul:8500/v1/kv/plugins/authz',
+ json=[
+ {
+ "LockIndex": 0,
+ "Key": "plugins/authz",
+ "Flags": 0,
+ "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=",
+ "CreateIndex": 14,
+ "ModifyIndex": 656
+ }
+ ],
+ )
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/auth/tokens',
+ headers={'X-Subject-Token': "111111111"}
+ )
+ m.register_uri(
+ 'DELETE', 'http://keystone:5000/v3/auth/tokens',
+ headers={'X-Subject-Token': "111111111"}
+ )
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ json={"users": {}}
+ )
+ m.register_uri(
+ 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
+ json={"users": {}}
+ )
+ m.register_uri(
+ 'POST', 'http://keystone:5000/v3/users/',
+ json={"users": [{
+ "id": "1111111111111"
+ }]}
+ )
+ m.register_uri(
+ 'GET', 'http://orchestrator:8083/pods',
+ json={
+ "pods": {
+ "721760dd-de5f-11e7-8001-3863bbb766f3": [
+ {
+ "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd",
+ "port": 8080,
+ "genre": "interface",
+ "name": "interface-paltry",
+ "keystone_project_id": "a64beb1cc224474fb4badd43173e7101",
+ "namespace": "moon",
+ "container": "wukongsun/moon_interface:v4.3"
+ },
+ {
+ "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd",
+ "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "port": 8081,
+ "genre": "authz",
+ "name": "authz-economic",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "keystone_project_id": "a64beb1cc224474fb4badd43173e7101",
+ "namespace": "moon",
+ "container": "wukongsun/moon_authz:v4.3"
+ }
+ ],
+ "232399a4-de5f-11e7-8001-3863bbb766f3": [
+ {
+ "port": 8080,
+ "namespace": "moon",
+ "name": "wrapper-paltry",
+ "container": "wukongsun/moon_wrapper:v4.3.1"
+ }
+ ]
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://orchestrator:8083/pods/authz-economic',
+ json={
+ "pods": None
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/pdp',
+ json={
+ "pdps": {
+ "b3d3e18abf3340e8b635fd49e6634ccd": {
+ "description": "test",
+ "security_pipeline": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0"
+ ],
+ "name": "pdp_rbac",
+ "keystone_project_id": "a64beb1cc224474fb4badd43173e7101"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies',
+ json={
+ "policies": {
+ "f8f49a779ceb47b3ac810f01ef71b4e0": {
+ "name": "RBAC policy example",
+ "model_id": "cd923d8633ff4978ab0e99938f5153d6",
+ "description": "test",
+ "genre": "authz"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/models',
+ json={
+ "models": {
+ "cd923d8633ff4978ab0e99938f5153d6": {
+ "name": "RBAC",
+ "meta_rules": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0"
+ ],
+ "description": "test"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/meta_rules',
+ json={
+ "meta_rules": {
+ "f8f49a779ceb47b3ac810f01ef71b4e0": {
+ "subject_categories": [
+ "14e6ae0ba34d458b876c791b73aa17bd"
+ ],
+ "action_categories": [
+ "241a2a791554421a91c9f1bc564aa94d"
+ ],
+ "description": "",
+ "name": "rbac",
+ "object_categories": [
+ "6d48500f639d4c2cab2b1f33ef93a1e8"
+ ]
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subjects',
+ json={
+ "subjects": {
+ "89ba91c18dd54abfbfde7a66936c51a6": {
+ "description": "test",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ],
+ "name": "testuser",
+ "email": "mail",
+ "id": "89ba91c18dd54abfbfde7a66936c51a6",
+ "partner_id": ""
+ },
+ "31fd15ad14784a9696fcc887dddbfaf9": {
+ "description": "test",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ],
+ "name": "adminuser",
+ "email": "mail",
+ "id": "31fd15ad14784a9696fcc887dddbfaf9",
+ "partner_id": ""
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/objects',
+ json={
+ "objects": {
+ "67b8008a3f8d4f8e847eb628f0f7ca0e": {
+ "name": "vm1",
+ "description": "test",
+ "id": "67b8008a3f8d4f8e847eb628f0f7ca0e",
+ "partner_id": "",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ]
+ },
+ "9089b3d2ce5b4e929ffc7e35b55eba1a": {
+ "name": "vm0",
+ "description": "test",
+ "id": "9089b3d2ce5b4e929ffc7e35b55eba1a",
+ "partner_id": "",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ]
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/actions',
+ json={
+ "actions": {
+ "cdb3df220dc05a6ea3334b994827b068": {
+ "name": "boot",
+ "description": "test",
+ "id": "cdb3df220dc04a6ea3334b994827b068",
+ "partner_id": "",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ]
+ },
+ "cdb3df220dc04a6ea3334b994827b068": {
+ "name": "stop",
+ "description": "test",
+ "id": "cdb3df220dc04a6ea3334b994827b068",
+ "partner_id": "",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ]
+ },
+ "9f5112afe9b34a6c894eb87246ccb7aa": {
+ "name": "start",
+ "description": "test",
+ "id": "9f5112afe9b34a6c894eb87246ccb7aa",
+ "partner_id": "",
+ "policy_list": [
+ "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "636cd473324f4c0bbd9102cb5b62a16d"
+ ]
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments',
+ json={
+ "subject_assignments": {
+ "826c1156d0284fc9b4b2ddb279f63c52": {
+ "category_id": "14e6ae0ba34d458b876c791b73aa17bd",
+ "assignments": [
+ "24ea95256c5f4c888c1bb30a187788df",
+ "6b227b77184c48b6a5e2f3ed1de0c02a",
+ "31928b17ec90438ba5a2e50ae7650e63",
+ "4e60f554dd3147af87595fb6b37dcb13",
+ "7a5541b63a024fa88170a6b59f99ccd7",
+ "dd2af27812f742029d289df9687d6126"
+ ],
+ "id": "826c1156d0284fc9b4b2ddb279f63c52",
+ "subject_id": "89ba91c18dd54abfbfde7a66936c51a6",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ },
+ "7407ffc1232944279b0cbcb0847c86f7": {
+ "category_id": "315072d40d774c43a89ff33937ed24eb",
+ "assignments": [
+ "6b227b77184c48b6a5e2f3ed1de0c02a",
+ "31928b17ec90438ba5a2e50ae7650e63",
+ "7a5541b63a024fa88170a6b59f99ccd7",
+ "dd2af27812f742029d289df9687d6126"
+ ],
+ "id": "7407ffc1232944279b0cbcb0847c86f7",
+ "subject_id": "89ba91c18dd54abfbfde7a66936c51a6",
+ "policy_id": "3e65256389b448cb9897917ea235f0bb"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments',
+ json={
+ "object_assignments": {
+ "201ad05fd3f940948b769ab9214fe295": {
+ "object_id": "9089b3d2ce5b4e929ffc7e35b55eba1a",
+ "assignments": [
+ "030fbb34002e4236a7b74eeb5fd71e35",
+ "06bcb8655b9d46a9b90e67ef7c825b50",
+ "34eb45d7f46d4fb6bc4965349b8e4b83",
+ "4b7793dbae434c31a77da9d92de9fa8c"
+ ],
+ "id": "201ad05fd3f940948b769ab9214fe295",
+ "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ },
+ "90c5e86f8be34c0298fbd1973e4fb043": {
+ "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e",
+ "assignments": [
+ "a098918e915b4b12bccb89f9a3f3b4e4",
+ "06bcb8655b9d46a9b90e67ef7c825b50",
+ "7dc76c6142af47c88b60cc2b0df650ba",
+ "4b7793dbae434c31a77da9d92de9fa8c"
+ ],
+ "id": "90c5e86f8be34c0298fbd1973e4fb043",
+ "category_id": "33aece52d45b4474a20dc48a76800daf",
+ "policy_id": "3e65256389b448cb9897917ea235f0bb"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments',
+ json={
+ "action_assignments": {
+ "2128e3ffbd1c4ef5be515d625745c2d4": {
+ "category_id": "241a2a791554421a91c9f1bc564aa94d",
+ "action_id": "cdb3df220dc05a6ea3334b994827b068",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "id": "2128e3ffbd1c4ef5be515d625745c2d4",
+ "assignments": [
+ "570c036781e540dc9395b83098c40ba7",
+ "7fe17d7a2e3542719f8349c3f2273182",
+ "015ca6f40338422ba3f692260377d638",
+ "23d44c17bf88480f83e8d57d2aa1ea79"
+ ]
+ },
+ "cffb98852f3a4110af7a0ddfc4e19201": {
+ "category_id": "4a2c5abaeaf644fcaf3ca8df64000d53",
+ "action_id": "cdb3df220dc04a6ea3334b994827b068",
+ "policy_id": "3e65256389b448cb9897917ea235f0bb",
+ "id": "cffb98852f3a4110af7a0ddfc4e19201",
+ "assignments": [
+ "570c036781e540dc9395b83098c40ba7",
+ "7fe17d7a2e3542719f8349c3f2273182",
+ "015ca6f40338422ba3f692260377d638",
+ "23d44c17bf88480f83e8d57d2aa1ea79"
+ ]
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/subject_assignments/89ba91c18dd54abfbfde7a66936c51a6',
+ json={
+ "subject_assignments": {
+ "826c1156d0284fc9b4b2ddb279f63c52": {
+ "category_id": "14e6ae0ba34d458b876c791b73aa17bd",
+ "assignments": [
+ "24ea95256c5f4c888c1bb30a187788df",
+ "6b227b77184c48b6a5e2f3ed1de0c02a",
+ "31928b17ec90438ba5a2e50ae7650e63",
+ "4e60f554dd3147af87595fb6b37dcb13",
+ "7a5541b63a024fa88170a6b59f99ccd7",
+ "dd2af27812f742029d289df9687d6126"
+ ],
+ "id": "826c1156d0284fc9b4b2ddb279f63c52",
+ "subject_id": "89ba91c18dd54abfbfde7a66936c51a6",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/object_assignments/67b8008a3f8d4f8e847eb628f0f7ca0e',
+ json={
+ "object_assignments": {
+ "201ad05fd3f940948b769ab9214fe295": {
+ "object_id": "67b8008a3f8d4f8e847eb628f0f7ca0e",
+ "assignments": [
+ "030fbb34002e4236a7b74eeb5fd71e35",
+ "06bcb8655b9d46a9b90e67ef7c825b50",
+ "34eb45d7f46d4fb6bc4965349b8e4b83",
+ "4b7793dbae434c31a77da9d92de9fa8c"
+ ],
+ "id": "201ad05fd3f940948b769ab9214fe295",
+ "category_id": "6d48500f639d4c2cab2b1f33ef93a1e8",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/action_assignments/cdb3df220dc05a6ea3334b994827b068',
+ json={
+ "action_assignments": {
+ "2128e3ffbd1c4ef5be515d625745c2d4": {
+ "category_id": "241a2a791554421a91c9f1bc564aa94d",
+ "action_id": "cdb3df220dc05a6ea3334b994827b068",
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "id": "2128e3ffbd1c4ef5be515d625745c2d4",
+ "assignments": [
+ "570c036781e540dc9395b83098c40ba7",
+ "7fe17d7a2e3542719f8349c3f2273182",
+ "015ca6f40338422ba3f692260377d638",
+ "23d44c17bf88480f83e8d57d2aa1ea79"
+ ]
+ }
+ }
+ }
+ )
+ m.register_uri(
+ 'GET', 'http://manager:8082/policies/f8f49a779ceb47b3ac810f01ef71b4e0/rules',
+ json={
+ "rules": {
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "rules": [
+ {
+ "policy_id": "f8f49a779ceb47b3ac810f01ef71b4e0",
+ "rule": [
+ "24ea95256c5f4c888c1bb30a187788df",
+ "030fbb34002e4236a7b74eeb5fd71e35",
+ "570c036781e540dc9395b83098c40ba7"
+ ],
+ "enabled": True,
+ "id": "0201a2bcf56943c1904dbac016289b71",
+ "instructions": [
+ {
+ "decision": "grant"
+ }
+ ],
+ "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ },
+ {
+ "policy_id": "ecc2451c494e47b5bca7250cd324a360",
+ "rule": [
+ "54f574cd2043468da5d65e4f6ed6e3c9",
+ "6559686961a3490a978f246ac9f85fbf",
+ "ac0d1f600bf447e8bd2f37b7cc47f2dc"
+ ],
+ "enabled": True,
+ "id": "a83fed666af8436192dfd8b3c83a6fde",
+ "instructions": [
+ {
+ "decision": "grant"
+ }
+ ],
+ "meta_rule_id": "f8f49a779ceb47b3ac810f01ef71b4e0"
+ }
+ ]
+ }
+ }
+ )
+ m.register_uri(
+ 'POST', 'http://127.0.0.1:8081/authz',
+ content=get_pickled_context()
+ )
+ # from moon_db.db_manager import init_engine, run
+ # engine = init_engine()
+ # run("upgrade", logging.getLogger("db_manager"), engine)
+ yield m
+ # os.unlink(CONF['database']['url'].replace("sqlite:///", ""))
+
+
diff --git a/moon_interface/tests/unit_python/requirements.txt b/moon_interface/tests/unit_python/requirements.txt
new file mode 100644
index 00000000..21975ce3
--- /dev/null
+++ b/moon_interface/tests/unit_python/requirements.txt
@@ -0,0 +1,5 @@
+flask
+flask_cors
+flask_restful
+python_moondb
+python_moonutilities \ No newline at end of file
diff --git a/moon_interface/tools/api2rst.py b/moon_interface/tools/api2rst.py
new file mode 100644
index 00000000..6d407bdf
--- /dev/null
+++ b/moon_interface/tools/api2rst.py
@@ -0,0 +1,145 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import sys
+import requests
+import logging
+import time
+import json
+
+os.unsetenv("http_proxy")
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+HOST = "172.18.0.11"
+PORT = 38001
+COMPONENT = sys.argv[2] if len(sys.argv) > 1 else "Interface"
+FILENAME = sys.argv[2] if len(sys.argv) > 2 else "api.rst"
+CURRENT_TIME = time.strftime("%Y/%m/%d %H:%M:%S %Z")
+REVISION = time.strftime("%Y%m%d_%H%M%S_%Z")
+AUTHOR = "Thomas Duval <thomas.duval@orange.com>"
+
+logger.info("Writing to {}".format(FILENAME))
+
+toc = (
+ "generic",
+ "models",
+ "policies",
+ "pdp",
+ "meta_rules",
+ "meta_data",
+ "perimeter",
+ "data",
+ "assignments",
+ "rules",
+ "authz",
+)
+
+
+def get_api_list():
+ url = "http://{}:{}/api".format(HOST, PORT)
+ cnx = requests.get(url)
+ try:
+ return cnx.json()
+ except json.decoder.JSONDecodeError:
+ logger.error("Error decoding JSON on {}\n{}".format(url, cnx.content))
+ sys.exit(1)
+
+
+def analyse_description(desc):
+ result = ""
+ if not desc:
+ return "No description"
+ for line in desc.splitlines():
+ if line.strip().startswith(":"):
+ if ":request body:" in line:
+ result += ":request body:\n\n.. code-block:: json\n\n"
+ result += line.replace(":request body: ", "") + "\n\n"
+ elif ":return:" in line:
+ result += ":return:\n\n.. code-block:: json\n\n"
+ result += line.replace(":return: ", "") + "\n"
+ else:
+ result += line.strip() + "\n\n"
+ else:
+ result += line + "\n"
+ return result
+
+
+def filter_and_sort(list_group_api):
+ results = list()
+ keys = list_group_api.keys()
+ for element in toc:
+ if element in keys:
+ results.append(element)
+ for element in keys:
+ if element not in results:
+ results.append(element)
+ return results
+
+
+def main():
+ list_group_api = get_api_list()
+
+ _toc = filter_and_sort(list_group_api)
+
+ file_desc = open(FILENAME, "w")
+ length_of_title = len("Moon {component} API".format(component=COMPONENT))
+ file_desc.write(HEADERS.format(
+ component=COMPONENT,
+ date=CURRENT_TIME,
+ revision=REVISION,
+ title_headers="="*length_of_title,
+ author=AUTHOR
+ ))
+
+ for key in _toc:
+ logger.info(key)
+ file_desc.write("{}\n".format(key))
+ file_desc.write("{}\n\n".format("="*len(key)))
+ if "description" in list_group_api[key]:
+ file_desc.write("{}\n\n".format(list_group_api[key]["description"]))
+ version = "unknown"
+ logger.debug(list_group_api.keys())
+ if "version" in list_group_api[key]:
+ version = list_group_api[key]["version"]
+ file_desc.write("Version: {}\n\n".format(version))
+ for api in list_group_api[key]:
+ logger.info("\t{}".format(api))
+ if api in ("description", "version"):
+ continue
+ file_desc.write("{}\n".format(api))
+ file_desc.write("{}\n\n".format("-" * len(api)))
+
+ file_desc.write("{}\n\n".format(list_group_api[key][api]["description"]))
+
+ file_desc.write("URLs are:\n\n")
+ for _url in list_group_api[key][api]["urls"]:
+ file_desc.write("* {}\n".format(_url))
+
+ file_desc.write("\nMethods are:\n\n")
+ for _method in list_group_api[key][api]["methods"]:
+ file_desc.write("→ {}\n".format(_method))
+ file_desc.write("{}\n\n".format("~"*(len(_method) + 2)))
+ file_desc.write("{}\n\n".format(analyse_description(list_group_api[key][api]["methods"][_method])))
+
+HEADERS = """{title_headers}
+Moon {component} API
+{title_headers}
+
+:Info: See <https://git.opnfv.org/cgit/moon/> for code.
+:Author: {author}
+:Date: {date}
+:Revision: $Revision: {revision} $
+:Description: List of the API served by the Moon {component} component
+
+This document list all of the API connectors served by the Moon {component} component
+Here are Moon API with some examples of posted data and returned data.
+All requests must be prefixed with the host and port, for example: http://localhost:38001/authz/123456789/123456789/servers/list
+
+"""
+
+if __name__ == "__main__":
+ main()
diff --git a/moon_interface/tools/get_keystone_token.py b/moon_interface/tools/get_keystone_token.py
new file mode 100644
index 00000000..1856aab8
--- /dev/null
+++ b/moon_interface/tools/get_keystone_token.py
@@ -0,0 +1,71 @@
+import requests
+from oslo_config import cfg
+from oslo_log import log as logging
+from python_moonutilities import exceptions
+
+CONF = cfg.CONF
+LOG = logging.getLogger(__name__)
+
+
+def login(user=None, password=None, domain=None, project=None, url=None):
+ print("""Configuration:
+ user: {user}
+ domain: {domain}
+ project: {project}
+ url: {url}""".format(
+ user=CONF.keystone.user,
+ domain=CONF.keystone.domain,
+ project=CONF.keystone.project,
+ url=CONF.keystone.url,
+ ))
+ if not user:
+ user = CONF.keystone.user
+ if not password:
+ password = CONF.keystone.password
+ if not domain:
+ domain = CONF.keystone.domain
+ if not project:
+ project = CONF.keystone.project
+ if not url:
+ url = CONF.keystone.url
+ headers = {
+ "Content-Type": "application/json"
+ }
+ data_auth = {
+ "auth": {
+ "identity": {
+ "methods": [
+ "password"
+ ],
+ "password": {
+ "user": {
+ "domain": {
+ "id": domain
+ },
+ "name": user,
+ "password": password
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "domain": {
+ "id": domain
+ },
+ "name": project
+ }
+ }
+ }
+ }
+
+ req = requests.post("{}/auth/tokens".format(url),
+ json=data_auth, headers=headers,
+ verify=False)
+
+ if req.status_code not in (200, 201):
+ LOG.error(req.text)
+ raise exceptions.KeystoneError
+ headers['X-Auth-Token'] = req.headers['X-Subject-Token']
+ return headers
+
+print(login()['X-Auth-Token'])
diff --git a/moon_interface/tools/run.sh b/moon_interface/tools/run.sh
new file mode 100644
index 00000000..d1db1f00
--- /dev/null
+++ b/moon_interface/tools/run.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+http_proxy= /usr/bin/python3 /home/vdsq3226/projets/opnfv/opnfv-moon/moon_interface/tools/api2rst.py
+pandoc api.rst --toc -o api.pdf
+evince api.pdf