diff options
Diffstat (limited to 'moon_orchestrator')
22 files changed, 0 insertions, 2261 deletions
diff --git a/moon_orchestrator/Changelog b/moon_orchestrator/Changelog deleted file mode 100644 index c04af79c..00000000 --- a/moon_orchestrator/Changelog +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -CHANGES -======= - -0.1.0 ------ -- First version of the moon_orchestrator library. - -1.0.0 ------ -- First public version of the moon_orchestrator library. - -1.0.1 ------ -- add Changelog - -1.1.0 ------ -- add bootstrap file to start Orchestrator with all configuration - -4.4.1 ------ -- the processing of a request is now performed in a thread - -4.4.2 ------ -- apply pylint rules - -4.4.3 ------ -- add "internal_port" key in slave API diff --git a/moon_orchestrator/Dockerfile b/moon_orchestrator/Dockerfile deleted file mode 100644 index 7c59efb5..00000000 --- a/moon_orchestrator/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM python:3.6 - -LABEL Name=Orchestrator -LABEL Description="Orchestrator component for the Moon platform" -LABEL Maintainer="Thomas Duval" -LABEL Url="https://wiki.opnfv.org/display/moon/Moon+Project+Proposal" - -USER root - -ADD . /root -WORKDIR /root/ -RUN pip3 install --no-cache-dir -r requirements.txt -RUN pip3 install --no-cache-dir . - -CMD ["python3", "-m", "moon_orchestrator"]
\ No newline at end of file diff --git a/moon_orchestrator/LICENSE b/moon_orchestrator/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/moon_orchestrator/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/moon_orchestrator/MANIFEST.in b/moon_orchestrator/MANIFEST.in deleted file mode 100644 index 8de5a391..00000000 --- a/moon_orchestrator/MANIFEST.in +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt -graft conf diff --git a/moon_orchestrator/README.md b/moon_orchestrator/README.md deleted file mode 100644 index aec5cda2..00000000 --- a/moon_orchestrator/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# moon_orchestrator - -Internal orchestrator used for the Moon framework - diff --git a/moon_orchestrator/moon_orchestrator/__init__.py b/moon_orchestrator/moon_orchestrator/__init__.py deleted file mode 100644 index 31d40184..00000000 --- a/moon_orchestrator/moon_orchestrator/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "4.4.3" diff --git a/moon_orchestrator/moon_orchestrator/__main__.py b/moon_orchestrator/moon_orchestrator/__main__.py deleted file mode 100644 index df051f26..00000000 --- a/moon_orchestrator/moon_orchestrator/__main__.py +++ /dev/null @@ -1,4 +0,0 @@ -from moon_orchestrator.server import create_server - -server = create_server() -server.run() diff --git a/moon_orchestrator/moon_orchestrator/api/__init__.py b/moon_orchestrator/moon_orchestrator/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moon_orchestrator/moon_orchestrator/api/__init__.py +++ /dev/null diff --git a/moon_orchestrator/moon_orchestrator/api/generic.py b/moon_orchestrator/moon_orchestrator/api/generic.py deleted file mode 100644 index 9128140a..00000000 --- a/moon_orchestrator/moon_orchestrator/api/generic.py +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Those API are helping API used to manage the Moon platform. -""" - -from flask_restful import Resource, request -import logging -import moon_orchestrator.api -from python_moonutilities.security_functions import check_auth - -__version__ = "4.3.1" - -logger = logging.getLogger("moon.orchestrator.api." + __name__) - - -class Status(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/status", "/status/", "/status/<string:component_id>") - - def get(self, component_id=None): - """Retrieve status of all components - - :return: { - "orchestrator": { - "status": "Running" - }, - "security_router": { - "status": "Running" - } - } - """ - raise NotImplemented - - -class API(Resource): - """ - Endpoint for API requests - """ - - __urls__ = ( - "/api", - "/api/", - "/api/<string:group_id>", - "/api/<string:group_id>/", - "/api/<string:group_id>/<string:endpoint_id>") - - @check_auth - def get(self, group_id="", endpoint_id="", user_id=""): - """Retrieve all API endpoints or a specific endpoint if endpoint_id is given - - :param group_id: the name of one existing group (ie generic, ...) - :param endpoint_id: the name of one existing component (ie Logs, Status, ...) - :return: { - "group_name": { - "endpoint_name": { - "description": "a description", - "methods": { - "get": "description of the HTTP method" - }, - "urls": ('/api', '/api/', '/api/<string:endpoint_id>') - } - } - """ - __methods = ("get", "post", "put", "delete", "options", "patch") - api_list = filter(lambda x: "__" not in x, dir(moon_orchestrator.api)) - api_desc = dict() - for api_name in api_list: - api_desc[api_name] = {} - group_api_obj = eval("moon_interface.api.{}".format(api_name)) - api_desc[api_name]["description"] = group_api_obj.__doc__ - if "__version__" in dir(group_api_obj): - api_desc[api_name]["version"] = group_api_obj.__version__ - object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) - for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), - object_list): - if "__urls__" in dir(obj): - api_desc[api_name][obj.__name__] = dict() - api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ - api_desc[api_name][obj.__name__]["methods"] = dict() - for _method in filter(lambda x: x in __methods, dir(obj)): - docstring = eval( - "moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, - _method)) - api_desc[api_name][obj.__name__]["methods"][_method] = docstring - api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) - if group_id in api_desc: - if endpoint_id in api_desc[group_id]: - return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} - elif len(endpoint_id) > 0: - logger.error("Unknown endpoint_id {}".format(endpoint_id)) - return {"error": "Unknown endpoint_id {}".format(endpoint_id)} - return {group_id: api_desc[group_id]} - return api_desc diff --git a/moon_orchestrator/moon_orchestrator/api/pods.py b/moon_orchestrator/moon_orchestrator/api/pods.py deleted file mode 100644 index 8943e018..00000000 --- a/moon_orchestrator/moon_orchestrator/api/pods.py +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import request -from flask_restful import Resource -from python_moonutilities.security_functions import check_auth -from python_moonutilities import exceptions -import logging - -logger = logging.getLogger("moon.orchestrator.api.pods") - - -class Pods(Resource): - """ - Endpoint for pdp requests - """ - - __version__ = "4.3.1" - POD_TYPES = ("authz", "wrapper") - - __urls__ = ( - "/pods", - "/pods/", - "/pods/<string:uuid>", - "/pods/<string:uuid>/", - ) - - def __init__(self, **kwargs): - self.driver = kwargs.get("driver") - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all pods - - :param uuid: uuid of the pod - :param user_id: user ID who do the request - :return: { - "pod_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - :internal_api: get_pdp - """ - pods = {} - try: - if uuid: - return {"pods": self.driver.get_pods(uuid)} - for _pod_key, _pod_values in self.driver.get_pods().items(): - pods[_pod_key] = [] - for _pod_value in _pod_values: - if "namespace" in _pod_value and _pod_value['namespace'] != "moon": - continue - pods[_pod_key].append(_pod_value) - return {"pods": pods} - except Exception as e: - return {"result": False, "message": str(e)}, 500 - - def __validate_pod_with_keystone_pid(self, keystone_pid): - for pod_key, pod_values in self.driver.get_pods().items(): - if pod_values and "keystone_project_id" in pod_values[0] \ - and pod_values[0]['keystone_project_id'] == keystone_pid: - return True - - def __is_slave_exist(self, slave_name): - for slave in self.driver.get_slaves(): - if "name" in slave and "configured" in slave \ - and slave_name == slave["name"] and slave["configured"]: - return True - - def __get_slave_names(self): - for slave in self.driver.get_slaves(): - if "name" in slave: - yield slave["name"] - - @check_auth - def post(self, uuid=None, user_id=None): - """Create a new pod. - - :param uuid: uuid of the pod (not used here) - :param user_id: user ID who do the request - :request body: { - "pdp_id": "fa2323f7055d4a88b1b85d31fe5e8369", - "name": "pdp_rbac3", - "keystone_project_id": "ceacbb5564cc48ad929dd4f00e52bf63", - "models": {...}, - "policies": {...}, - "description": "test", - "security_pipeline": [...], - "slave_name": "" - } - :return: { - "pdp_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - """ - if "security_pipeline" in request.json: - if self.__validate_pod_with_keystone_pid(request.json.get("keystone_project_id")): - raise exceptions.PipelineConflict - if not request.json.get("pdp_id"): - raise exceptions.PdpUnknown - if not request.json.get("security_pipeline"): - raise exceptions.PolicyUnknown - self.driver.create_pipeline( - request.json.get("keystone_project_id"), - request.json.get("pdp_id"), - request.json.get("security_pipeline"), - manager_data=request.json, - slave_name=request.json.get("slave_name")) - else: - logger.info("------------------------------------") - logger.info(list(self.__get_slave_names())) - logger.info("------------------------------------") - if self.__is_slave_exist(request.json.get("slave_name")): - raise exceptions.WrapperConflict - if request.json.get("slave_name") not in self.__get_slave_names(): - raise exceptions.SlaveNameUnknown - slave_name = request.json.get("slave_name") - if not slave_name: - slave_name = self.driver.get_slaves(active=True) - self.driver.create_wrappers(slave_name) - return {"pods": self.driver.get_pods()} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a pod - - :param uuid: uuid of the pod to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - """ - try: - self.driver.delete_pipeline(uuid) - return {'result': True} - except exceptions.PipelineUnknown: - for slave in self.driver.get_slaves(): - if "name" in slave and "wrapper_name" in slave: - if uuid in (slave['name'], slave["wrapper_name"]): - self.driver.delete_wrapper(name=slave["wrapper_name"]) - else: - raise exceptions.SlaveNameUnknown - except Exception as e: - return {"result": False, "message": str(e)}, 500 - - # @check_auth - # def patch(self, uuid=None, user_id=None): - # """Update a pod - # - # :param uuid: uuid of the pdp to update - # :param user_id: user ID who do the request - # :request body: { - # "name": "...", - # "replicas": "...", - # "description": "...", - # } - # :return: { - # "pod_id1": { - # "name": "...", - # "replicas": "...", - # "description": "...", - # } - # } - # :internal_api: update_pdp - # """ - # return {"pods": None} diff --git a/moon_orchestrator/moon_orchestrator/api/slaves.py b/moon_orchestrator/moon_orchestrator/api/slaves.py deleted file mode 100644 index 7453d305..00000000 --- a/moon_orchestrator/moon_orchestrator/api/slaves.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import request -from flask_restful import Resource -from python_moonutilities.security_functions import check_auth -import logging - -logger = logging.getLogger("moon.orchestrator.api.slaves") - - -class Slaves(Resource): - """ - Endpoint for slaves requests - """ - - __version__ = "4.3.1" - - __urls__ = ( - "/slaves", - "/slaves/", - "/slaves/<string:uuid>", - "/slaves/<string:uuid>/", - ) - - def __init__(self, **kwargs): - self.driver = kwargs.get("driver") - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all pods - - :param uuid: uuid of the pod - :param user_id: user ID who do the request - :return: { - "pod_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - """ - slaves = self.driver.get_slaves() - return {"slaves": slaves} diff --git a/moon_orchestrator/moon_orchestrator/drivers.py b/moon_orchestrator/moon_orchestrator/drivers.py deleted file mode 100644 index 233d389e..00000000 --- a/moon_orchestrator/moon_orchestrator/drivers.py +++ /dev/null @@ -1,487 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from kubernetes import client, config -import logging -import requests -import urllib3.exceptions -from python_moonutilities import configuration, exceptions -from python_moonutilities.misc import get_random_name - -logger = logging.getLogger("moon.orchestrator.drivers") - - -def get_driver(): - try: - return K8S() - except urllib3.exceptions.MaxRetryError as e: - logger.exception(e) - return Docker() - - -class Driver: - - def __init__(self): - self.cache = {} - # example of cache: - # { - # "uuid_of_pod": { - # "ip": "", - # "hostname": "", - # "port": 30001, - # "pdp": "", - # "keystone_project_id": "", - # "plugin_name": "", - # "namespace": "" - # } - # } - - def get_slaves(self): - raise NotImplementedError - - def create_wrappers(self): - raise NotImplementedError - - def delete_wrapper(self, name): - raise NotImplementedError - - def create_pipeline(self, keystone_project_id, - pdp_id, policy_ids, manager_data=None, - active_context=None, - active_context_name=None): - raise NotImplementedError - - def delete_pipeline(self, uuid=None, name=None, namespace="moon", - active_context=None, - active_context_name=None): - raise NotImplementedError - - -class K8S(Driver): - - def __init__(self): - super(K8S, self).__init__() - config.load_kube_config() - self.client = client.CoreV1Api() - conf = configuration.get_configuration("components/orchestrator") - self.orchestrator_hostname = conf["components/orchestrator"].get("hostname", "orchestrator") - self.orchestrator_port = conf["components/orchestrator"].get("port", 80) - conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") - self.manager_port = conf["components/manager"].get("port", 80) - - def get_pods(self, name=None): - if name: - pods = self.client.list_pod_for_all_namespaces(watch=False) - for pod in pods.items: - logger.debug("get_pods {}".format(pod.metadata.name)) - if name in pod.metadata.name: - return pod - else: - return None - logger.debug("get_pods cache={}".format(self.cache)) - return self.cache - - @staticmethod - def __create_deployment(client, data): - pod_manifest = { - 'apiVersion': 'extensions/v1beta1', - 'kind': 'Deployment', - 'metadata': { - 'name': data[0].get('name') - }, - 'spec': { - 'replicas': 1, - 'template': { - 'metadata': {'labels': {'app': data[0].get('name')}}, - 'hostname': data[0].get('name'), - 'spec': { - 'containers': [] - } - }, - } - } - for _data in data: - pod_manifest['spec']['template']['spec']['containers'].append( - { - 'image': _data.get('container', "busybox"), - 'name': _data.get('name'), - 'hostname': _data.get('name'), - 'ports': [ - {"containerPort": _data.get('port', 80)}, - ], - 'env': [ - {'name': "UUID", "value": _data.get('name', "None")}, - {'name': "TYPE", "value": _data.get('genre', "None")}, - {'name': "PORT", "value": str(_data.get('port', 80))}, - {'name': "PDP_ID", "value": _data.get('pdp_id', "None")}, - {'name': "META_RULE_ID", "value": _data.get('meta_rule_id', "None")}, - {'name': "KEYSTONE_PROJECT_ID", - "value": _data.get('keystone_project_id', "None")}, - ] - } - ) - resp = client.create_namespaced_deployment(body=pod_manifest, - namespace='moon') - logger.info("Pod {} created!".format(data[0].get('name'))) - return resp - - @staticmethod - def __create_service(client, data, expose=False): - service_manifest = { - 'apiVersion': 'v1', - 'kind': 'Service', - 'metadata': { - 'name': data.get('name'), - 'namespace': 'moon' - }, - 'spec': { - 'ports': [{ - 'port': data.get('port', 80), - 'targetPort': data.get('port', 80) - }], - 'selector': { - 'app': data.get('name') - }, - # 'type': 'NodePort', - 'endpoints': [{ - 'port': data.get('port', 80), - 'protocol': 'TCP', - }], - } - } - if expose: - service_manifest['spec']['ports'][0]['nodePort'] = \ - configuration.increment_port() - service_manifest['spec']['type'] = "NodePort" - resp = client.create_namespaced_service(namespace="moon", - body=service_manifest) - logger.info("Service {} created!".format(data.get('name'))) - return service_manifest - - def load_deployment_and_service(self, data, api_client=None, ext_client=None, expose=False): - _client = api_client if api_client else self.client - manifest = self.__create_service(client=_client, data=data[0], - expose=expose) - data[0]["external_port"] = manifest['spec']['ports'][0].get('nodePort') - pod = self.__create_deployment(client=ext_client, data=data) - self.cache[pod.metadata.uid] = data - - def delete_deployment(self, name=None, namespace="moon", ext_client=None): - logger.info("Deleting deployment {}".format(name)) - body = client.V1DeleteOptions(propagation_policy='Foreground') - ret = ext_client.delete_namespaced_deployment( - name=name, - namespace=namespace, - body=body - ) - logger.debug(ret) - _uid = None - for uid, value in self.cache.items(): - if value[0]['name'] == name: - _uid = uid - break - if _uid: - self.cache.pop(_uid) - else: - raise exceptions.DockerError("Cannot find and delete pod named {}".format(name)) - - def delete_service(self, name, namespace="moon", api_client=None): - if not api_client: - api_client = self.client - ret = api_client.delete_namespaced_service(name=name, namespace=namespace) - logger.debug("delete_service {}".format(ret)) - - def get_slaves(self, active=False): - contexts, active_context = self.get_contexts() - pods = self.get_pods() - # logger.info("pods = {}".format(pods)) - slaves = [] - if active: - for key, value in pods.items(): - # logger.info("ctx={}".format(active_context)) - # logger.info("value={}".format(value)) - if "name" in active_context and value and "name" in value[0]: - if active_context["name"] == value[0].get('slave_name'): - data = dict(active_context) - data["wrapper_name"] = value[0]['name'] - data["ip"] = value[0].get("ip", "NC") - data["port"] = value[0].get("external_port", "NC") - data["internal_port"] = value[0].get("port", "NC") - slaves.append(data) - break - return slaves - for ctx in contexts: - data = dict(ctx) - data["configured"] = False - for key, value in pods.items(): - # logger.info("ctx={}".format(ctx)) - # logger.info("value={}".format(value)) - if "name" in ctx and value and "name" in value[0]: - if ctx["name"] == value[0].get('slave_name'): - data["wrapper_name"] = value[0]['name'] - data["ip"] = value[0].get("ip", "NC") - data["port"] = value[0].get("external_port", "NC") - data["internal_port"] = value[0].get("port", "NC") - data["configured"] = True - break - slaves.append(data) - return slaves - - @staticmethod - def get_contexts(): - contexts, active_context = config.list_kube_config_contexts() - return contexts, active_context - - def create_wrappers(self, slave_name=None): - contexts, active_context = self.get_contexts() - logger.debug("contexts: {}".format(contexts)) - logger.debug("active_context: {}".format(active_context)) - conf = configuration.get_configuration("components/wrapper") - hostname = conf["components/wrapper"].get( - "hostname", "wrapper") - port = conf["components/wrapper"].get("port", 80) - container = conf["components/wrapper"].get( - "container", - "wukongsun/moon_wrapper:v4.3") - for _ctx in contexts: - if slave_name and slave_name != _ctx['name']: - continue - _config = config.new_client_from_config(context=_ctx['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - data = [{ - "name": hostname + "-" + get_random_name(), - "container": container, - "port": port, - "namespace": "moon", - "slave_name": _ctx['name'] - }, ] - self.load_deployment_and_service(data, api_client, ext_client, expose=True) - - def delete_wrapper(self, uuid=None, name=None, namespace="moon", - active_context=None, - active_context_name=None): - name_to_delete = None - if uuid and uuid in self.get_pods(): - name_to_delete = self.get_pods()[uuid][0]['name'] - elif name: - for pod_key, pod_list in self.get_pods().items(): - for pod_value in pod_list: - if pod_value.get("name") == name: - name_to_delete = pod_value.get("name") - break - if not name_to_delete: - raise exceptions.WrapperUnknown - contexts, _active_context = self.get_contexts() - if active_context_name: - for _context in contexts: - if _context["name"] == active_context_name: - active_context = _context - break - if active_context: - active_context = _active_context - _config = config.new_client_from_config( - context=active_context['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.delete_deployment(name=name_to_delete, namespace=namespace, - ext_client=ext_client) - self.delete_service(name=name_to_delete, api_client=api_client) - return - logger.debug("contexts={}".format(contexts)) - for _ctx in contexts: - _config = config.new_client_from_config(context=_ctx['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.delete_deployment(name=name_to_delete, namespace=namespace, - ext_client=ext_client) - self.delete_service(name=name_to_delete, api_client=api_client) - - def create_pipeline(self, keystone_project_id, - pdp_id, policy_ids, manager_data=None, - active_context=None, - slave_name=None): - """ Create security functions - - :param keystone_project_id: the Keystone project id - :param pdp_id: the PDP ID mapped to this pipeline - :param policy_ids: the policy IDs mapped to this pipeline - :param manager_data: data needed to create pods - :param active_context: if present, add the security function in this - context - :param slave_name: if present, add the security function in - this context name - if active_context_name and active_context are not present, add the - security function in all context (ie, in all slaves) - :return: None - """ - if not manager_data: - manager_data = dict() - for key, value in self.get_pods().items(): - for _pod in value: - if _pod.get('keystone_project_id') == keystone_project_id: - logger.warning("A pod for this Keystone project {} " - "already exists.".format(keystone_project_id)) - return - - plugins = configuration.get_plugins() - conf = configuration.get_configuration("components/pipeline") - # i_hostname = conf["components/pipeline"].get("interface").get("hostname", "interface") - i_port = conf["components/pipeline"].get("interface").get("port", 80) - i_container = conf["components/pipeline"].get("interface").get( - "container", - "wukongsun/moon_interface:v4.3") - data = [ - { - "name": "pipeline-" + get_random_name(), - "container": i_container, - "port": i_port, - 'pdp_id': pdp_id, - 'genre': "interface", - 'keystone_project_id': keystone_project_id, - "namespace": "moon" - }, - ] - logger.debug("data={}".format(data)) - # When policies and models are empty, is it right that it returns 200 ? - # Should it return no found policies or models ? - policies = manager_data.get('policies') - if not policies: - logger.info("No policy data from Manager, trying to get them") - policies = requests.get("http://{}:{}/policies".format( - self.manager_hostname, self.manager_port)).json().get( - "policies", dict()) - logger.debug("policies={}".format(policies)) - models = manager_data.get('models') - if not models: - logger.info("No models data from Manager, trying to get them") - models = requests.get("http://{}:{}/models".format( - self.manager_hostname, self.manager_port)).json().get( - "models", dict()) - logger.debug("models={}".format(models)) - - if not policy_ids: - raise exceptions.PolicyUnknown - for policy_id in policy_ids: - if policy_id in policies: - genre = policies[policy_id].get("genre", "authz") - if genre in plugins: - for meta_rule in models[policies[policy_id]['model_id']]['meta_rules']: - data.append({ - "name": genre + "-" + get_random_name(), - "container": plugins[genre]['container'], - 'pdp_id': pdp_id, - "port": plugins[genre].get('port', 8080), - 'genre': genre, - 'policy_id': policy_id, - 'meta_rule_id': meta_rule, - 'keystone_project_id': keystone_project_id, - "namespace": "moon" - }) - logger.debug("data={}".format(data)) - contexts, _active_context = self.get_contexts() - logger.debug("active_context_name={}".format(slave_name)) - logger.debug("active_context={}".format(active_context)) - if slave_name: - for _context in contexts: - if _context["name"] == slave_name: - active_context = _context - break - if active_context: - active_context = _active_context - _config = config.new_client_from_config( - context=active_context['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.load_deployment_and_service(data, api_client, ext_client, expose=False) - return - logger.debug("contexts={}".format(contexts)) - for _ctx in contexts: - if slave_name and slave_name != _ctx['name']: - continue - _config = config.new_client_from_config(context=_ctx['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.load_deployment_and_service(data, api_client, ext_client, expose=False) - - def delete_pipeline(self, uuid=None, name=None, namespace="moon", - active_context=None, - active_context_name=None): - """Delete a pipeline - - :param uuid: - :param name: - :param namespace: - :param active_context: - :param active_context_name: - :return: - """ - name_to_delete = None - if uuid and uuid in self.get_pods(): - name_to_delete = self.get_pods()[uuid][0]['name'] - elif name: - for pod_key, pod_list in self.get_pods().items(): - for pod_value in pod_list: - if pod_value.get("name") == name: - name_to_delete = pod_value.get("name") - break - if not name_to_delete: - raise exceptions.PipelineUnknown - logger.info("Will delete deployment and service named {}".format(name_to_delete)) - contexts, _active_context = self.get_contexts() - if active_context_name: - for _context in contexts: - if _context["name"] == active_context_name: - active_context = _context - break - if active_context: - active_context = _active_context - _config = config.new_client_from_config( - context=active_context['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.delete_deployment(name=name_to_delete, namespace=namespace, - ext_client=ext_client) - self.delete_service(name=name_to_delete, api_client=api_client) - return - logger.debug("contexts={}".format(contexts)) - for _ctx in contexts: - _config = config.new_client_from_config(context=_ctx['name']) - logger.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.delete_deployment(name=name_to_delete, namespace=namespace, - ext_client=ext_client) - self.delete_service(name=name_to_delete, api_client=api_client) - - -class Docker(Driver): - - def get_slaves(self): - raise NotImplementedError - - def create_wrappers(self): - raise NotImplementedError - - def delete_wrapper(self, name): - raise NotImplementedError - - def create_pipeline(self, keystone_project_id, - pdp_id, policy_ids, manager_data=None, - active_context=None, - active_context_name=None): - raise NotImplementedError - - def delete_pipeline(self, uuid=None, name=None, namespace="moon", - active_context=None, - active_context_name=None): - raise NotImplementedError diff --git a/moon_orchestrator/moon_orchestrator/http_server.py b/moon_orchestrator/moon_orchestrator/http_server.py deleted file mode 100644 index 72e12358..00000000 --- a/moon_orchestrator/moon_orchestrator/http_server.py +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import Flask, jsonify -from flask_restful import Resource, Api -import logging -import requests -import time -from moon_orchestrator import __version__ -from moon_orchestrator.api.pods import Pods -from moon_orchestrator.api.slaves import Slaves -from moon_orchestrator.api.generic import Status -from moon_orchestrator.drivers import get_driver -from python_moonutilities import configuration, exceptions - -logger = logging.getLogger("moon.orchestrator.http_server") - -__API__ = ( - Status, -) - - -class Server: - """Base class for HTTP server""" - - def __init__(self, host="localhost", port=80, api=None, **kwargs): - """Run a server - - :param host: hostname of the server - :param port: port for the running server - :param kwargs: optional parameters - :return: a running server - """ - self._host = host - self._port = port - self._api = api - self._extra = kwargs - - @property - def host(self): - return self._host - - @host.setter - def host(self, name): - self._host = name - - @host.deleter - def host(self): - self._host = "" - - @property - def port(self): - return self._port - - @port.setter - def port(self, number): - self._port = number - - @port.deleter - def port(self): - self._port = 80 - - def run(self): - raise NotImplementedError() - - -class Root(Resource): - """ - The root of the web service - """ - __urls__ = ("/",) - __methods = ("get", "post", "put", "delete", "options") - - def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} - for item in __API__: - tree[item.__name__] = {"urls": item.__urls__} - _methods = [] - for _method in self.__methods: - if _method in dir(item): - _methods.append(_method) - tree[item.__name__]["methods"] = _methods - tree[item.__name__]["description"] = item.__doc__.strip() - return { - "version": __version__, - "tree": tree - } - - -class HTTPServer(Server): - - def __init__(self, host="localhost", port=80, **kwargs): - super(HTTPServer, self).__init__(host=host, port=port, **kwargs) - self.app = Flask(__name__) - conf = configuration.get_configuration("components/orchestrator") - self.orchestrator_hostname = conf["components/orchestrator"].get("hostname", "orchestrator") - self.orchestrator_port = conf["components/orchestrator"].get("port", 80) - conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") - self.manager_port = conf["components/manager"].get("port", 80) - # TODO : specify only few urls instead of * - # CORS(self.app) - self.api = Api(self.app) - self.driver = get_driver() - logger.info("Driver = {}".format(self.driver.__class__)) - self.__set_route() - self.__hook_errors() - pdp = None - while True: - try: - pdp = requests.get( - "http://{}:{}/pdp".format(self.manager_hostname, - self.manager_port)) - except requests.exceptions.ConnectionError: - logger.warning("Manager is not ready, standby...") - time.sleep(1) - except KeyError: - logger.warning("Manager is not ready, standby...") - time.sleep(1) - else: - if "pdps" in pdp.json(): - break - logger.debug("pdp={}".format(pdp)) - # self.driver.create_wrappers() - for _pdp_key, _pdp_value in pdp.json()['pdps'].items(): - if _pdp_value.get('keystone_project_id'): - # TODO: select context to add security function - self.driver.create_pipeline( - keystone_project_id=_pdp_value.get('keystone_project_id'), - pdp_id=_pdp_key, - policy_ids=_pdp_value.get('security_pipeline', [])) - - def __hook_errors(self): - - def get_404_json(e): - return jsonify({"result": False, "code": 404, "description": str(e)}), 404 - - self.app.register_error_handler(404, get_404_json) - - def get_400_json(e): - return jsonify({"result": False, "code": 400, "description": str(e)}), 400 - - self.app.register_error_handler(400, lambda e: get_400_json) - self.app.register_error_handler(403, exceptions.AuthException) - - def __set_route(self): - self.api.add_resource(Root, '/') - - for api in __API__: - self.api.add_resource(api, *api.__urls__) - self.api.add_resource(Pods, *Pods.__urls__, - resource_class_kwargs={ - "driver": self.driver - }) - self.api.add_resource(Slaves, *Slaves.__urls__, - resource_class_kwargs={ - "driver": self.driver - }) - - def run(self): - self.app.run(host=self._host, port=self._port, threaded=True) # nosec - - @staticmethod - def __filter_str(data): - return data.replace("@", "-") diff --git a/moon_orchestrator/moon_orchestrator/server.py b/moon_orchestrator/moon_orchestrator/server.py deleted file mode 100644 index 88d56e3a..00000000 --- a/moon_orchestrator/moon_orchestrator/server.py +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -from python_moonutilities import configuration, exceptions -from moon_orchestrator.http_server import HTTPServer - -logger = logging.getLogger("moon.orchestrator.server") - - -def create_server(): - configuration.init_logging() - try: - conf = configuration.get_configuration("components/orchestrator") - hostname = conf["components/orchestrator"].get("hostname", - "orchestrator") - port = conf["components/orchestrator"].get("port", 80) - bind = conf["components/orchestrator"].get("bind", "127.0.0.1") - except exceptions.ConsulComponentNotFound: - hostname = "orchestrator" - bind = "127.0.0.1" - port = 80 - configuration.add_component(uuid="orchestrator", name=hostname, - port=port, bind=bind) - logger.info("Starting server with IP {} on port {} bind to {}".format( - hostname, port, bind)) - return HTTPServer(host=bind, port=port) - - -def run(): - server = create_server() - server.run() - - -if __name__ == '__main__': - server = create_server() - server.run() diff --git a/moon_orchestrator/requirements.txt b/moon_orchestrator/requirements.txt deleted file mode 100644 index dbb62043..00000000 --- a/moon_orchestrator/requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -flask -flask_restful -flask_cors -werkzeug -python_moonutilities -kubernetes -pyaml
\ No newline at end of file diff --git a/moon_orchestrator/setup.py b/moon_orchestrator/setup.py deleted file mode 100644 index 494bd131..00000000 --- a/moon_orchestrator/setup.py +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_orchestrator - - -with open('requirements.txt') as f: - required = f.read().splitlines() - -setup( - - name='moon_orchestrator', - - version=moon_orchestrator.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.md').read(), - - install_requires=required, - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon/', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_orchestrator = moon_orchestrator.server:run', - ], - } - -) diff --git a/moon_orchestrator/tests/unit_python/conftest.py b/moon_orchestrator/tests/unit_python/conftest.py deleted file mode 100644 index 044489e6..00000000 --- a/moon_orchestrator/tests/unit_python/conftest.py +++ /dev/null @@ -1,18 +0,0 @@ -import pytest -import requests_mock -import mock_pods -from utilities import CONTEXT - - -@pytest.fixture -def context(): - return CONTEXT - - -@pytest.fixture(autouse=True) -def no_requests(monkeypatch): - """ Modify the response from Requests module - """ - with requests_mock.Mocker(real_http=True) as m: - mock_pods.register_pods(m) - yield m
\ No newline at end of file diff --git a/moon_orchestrator/tests/unit_python/mock_pods.py b/moon_orchestrator/tests/unit_python/mock_pods.py deleted file mode 100644 index 59e1b3c0..00000000 --- a/moon_orchestrator/tests/unit_python/mock_pods.py +++ /dev/null @@ -1,417 +0,0 @@ -from kubernetes import client, config -from utilities import CONF, get_b64_conf, COMPONENTS - -pdp_mock = { - "pdp_id1": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - }, - "pdp_id12": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } -} - -meta_rules_mock = { - "meta_rule_id1": { - "name": "meta_rule1", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - "meta_rule_id2": { - "name": "name of the meta rules2", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } -} - -policies_mock = { - "policy_id_1": { - "name": "test_policy1", - "model_id": "model_id_1", - "genre": "authz", - "description": "test", - }, - "policy_id_2": { - "name": "test_policy2", - "model_id": "model_id_2", - "genre": "authz", - "description": "test", - } -} - -subject_mock = { - "policy_id_1": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - }, - "policy_id_2": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - } -} - -subject_assignment_mock = { - "subject_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": [], - } -} - -object_mock = { - "policy_id_1": { - "object_id": { - "name": "object_name", - "description": "a description" - } - }, - "policy_id_2": { - "object_id": { - "name": "object_name", - "description": "a description" - } - } -} - -object_assignment_mock = { - "object_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": [], - } -} - -action_mock = { - "policy_id_1": { - "action_id": { - "name": "action_name", - "description": "a description" - } - }, - "policy_id_2": { - "action_id": { - "name": "action_name", - "description": "a description" - } - } -} - -action_assignment_mock = { - "action_id": { - "policy_id": "ID of the policy", - "action_id": "ID of the action", - "category_id": "ID of the category", - "assignments": [], - } -} - -models_mock = { - "model_id_1": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id1"] - }, - "model_id_2": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id2"] - }, -} - -rules_mock = { - "rules": { - "meta_rule_id": "meta_rule_id1", - "rule_id1": { - "rule": ["subject_data_id1", - "object_data_id1", - "action_data_id1"], - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request - ) - }, - "rule_id2": { - "rule": ["subject_data_id2", - "object_data_id2", - "action_data_id2"], - "instructions": ( - { - "update": { - "operation": "add", - # operations may be "add" or "delete" - "target": "rbac:role:admin" - # add the role admin to the current user - } - }, - {"chain": {"name": "rbac"}} - # chain with the policy named rbac - ) - } - } -} - - -def patch_k8s(monkeypatch): - def _load_kube_config_mockreturn(*args, **kwargs): - return - monkeypatch.setattr(config, 'load_kube_config', - _load_kube_config_mockreturn) - - def list_kube_config_contexts_mockreturn(*args, **kwargs): - return [{"name": "active_context"}], {"name": "active_context"} - monkeypatch.setattr(config, 'list_kube_config_contexts', - list_kube_config_contexts_mockreturn) - - def new_client_from_config_mockreturn(*args, **kwargs): - return {"client": True} - monkeypatch.setattr(config, 'new_client_from_config', - new_client_from_config_mockreturn) - - def list_pod_for_all_namespaces_mockreturn(*args, **kwargs): - class pods: - items = [] - return pods - monkeypatch.setattr(client.CoreV1Api, 'list_pod_for_all_namespaces', - list_pod_for_all_namespaces_mockreturn) - - def create_namespaced_deployment_mockreturn(*args, **kwargs): - - class metadata: - uid = "123456789" - - class pod: - def __init__(self): - self.metadata = metadata() - return pod() - monkeypatch.setattr(client.ExtensionsV1beta1Api, - 'create_namespaced_deployment', - create_namespaced_deployment_mockreturn) - - def delete_namespaced_deployment_mockreturn(*args, **kwargs): - return None - - monkeypatch.setattr(client.ExtensionsV1beta1Api, - 'delete_namespaced_deployment', - delete_namespaced_deployment_mockreturn) - - def create_namespaced_service_mockreturn(*args, **kwargs): - return {} - monkeypatch.setattr(client.CoreV1Api, - 'create_namespaced_service', - create_namespaced_service_mockreturn) - - def delete_namespaced_service_mockreturn(*args, **kwargs): - return {} - monkeypatch.setattr(client.CoreV1Api, - 'delete_namespaced_service', - delete_namespaced_service_mockreturn) - - -def register_pods(m): - """ Modify the response from Requests module - """ - register_consul(m) - register_pdp(m) - # register_meta_rules(m) - register_policies(m) - register_models(m) - # register_policy_subject(m, "policy_id_1") - # register_policy_subject(m, "policy_id_2") - # register_policy_object(m, "policy_id_1") - # register_policy_object(m, "policy_id_2") - # register_policy_action(m, "policy_id_1") - # register_policy_action(m, "policy_id_2") - # register_policy_subject_assignment(m, "policy_id_1", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_1") - # register_policy_subject_assignment(m, "policy_id_2", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_2") - # register_policy_object_assignment(m, "policy_id_1", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_1") - # register_policy_object_assignment(m, "policy_id_2", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_2") - # register_policy_action_assignment(m, "policy_id_1", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_1") - # register_policy_action_assignment(m, "policy_id_2", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_2") - # register_rules(m, "policy_id1") - - -def register_consul(m): - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': get_b64_conf(component)}] - ) - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components/port_start', - json=[ - { - "LockIndex": 0, - "Key": "components/port_start", - "Flags": 0, - "Value": "MzEwMDE=", - "CreateIndex": 9, - "ModifyIndex": 9 - } - ], - ) - m.register_uri( - 'PUT', 'http://consul:8500/v1/kv/components/port_start', - json=[], - ) - # m.register_uri( - # 'GET', 'http://consul:8500/v1/kv/plugins?recurse=true', - # json=[ - # { - # "LockIndex": 0, - # "Key": "plugins/authz", - # "Flags": 0, - # "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=", - # "CreateIndex": 14, - # "ModifyIndex": 656 - # } - # ], - # ) - - -def register_pdp(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'pdp'), - json={'pdps': pdp_mock} - ) - - -def register_meta_rules(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'meta_rules'), - json={'meta_rules': meta_rules_mock} - ) - - -def register_policies(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies'), - json={'policies': policies_mock} - ) - - -def register_models(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'models'), - json={'models': models_mock} - ) - - -def register_policy_subject(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'subjects': subject_mock[policy_id]} - ) - - -def register_policy_object(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'objects': object_mock[policy_id]} - ) - - -def register_policy_action(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'actions': action_mock[policy_id]} - ) - - -def register_policy_subject_assignment(m, policy_id, subj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - subj_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_subject_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_object_assignment(m, policy_id, obj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - obj_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_object_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_action_assignment(m, policy_id, action_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - action_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_policy_action_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_rules(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, 'rules'), - json={'rules': rules_mock} - )
\ No newline at end of file diff --git a/moon_orchestrator/tests/unit_python/requirements.txt b/moon_orchestrator/tests/unit_python/requirements.txt deleted file mode 100644 index 21975ce3..00000000 --- a/moon_orchestrator/tests/unit_python/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -flask -flask_cors -flask_restful -python_moondb -python_moonutilities
\ No newline at end of file diff --git a/moon_orchestrator/tests/unit_python/test_pods.py b/moon_orchestrator/tests/unit_python/test_pods.py deleted file mode 100644 index 5e1b3767..00000000 --- a/moon_orchestrator/tests/unit_python/test_pods.py +++ /dev/null @@ -1,287 +0,0 @@ -import json -from mock_pods import patch_k8s -from utilities import get_json - - -def test_get_pods(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - req = _client.get("/pods") - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "pods" in data - assert data["pods"] - - -def test_get_pods_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - req = _client.get("/pods/invalid") - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert not data["pods"] - -############################ /post ############################ - -def test_add_pods_with_pipeline(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "pods" in data - assert data["pods"] - - -def test_add_pods_without_pipeline_with_bad_slave_name_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "slave_name": "test", - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 400 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert 'The slave is unknown.' in data['message'] - - -def test_add_pods_without_pipeline_with_good_slave_name(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "slave_name": "active_context", - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "pods" in data - assert data["pods"] - - -def test_add_pods_without_pipeline_without_slave_name_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 400 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert 'The slave is unknown.' in data['message'] - - -def test_add_pods_with_no_data_failure(context, monkeypatch): - patch_k8s(monkeypatch) - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - req = _client.post("/pods", data=json.dumps({}), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 400 - assert req.data - data = get_json(req.data) - assert 'The slave is unknown.' in data['message'] - - -def test_add_pods_with_no_policies_no_models(context, monkeypatch, no_requests): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - no_requests.get("http://manager:8082/policies", - json={'policies': {}}) - - no_requests.get("http://manager:8082/models", - json={'models': {}}) - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - - -def test_add_pods_with_empty_pdp_id_and_keystone_project_id_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": "", - "pdp_id": "", - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 400 - assert req.data - data = get_json(req.data) - assert "The pdp is unknown." in data['message'] - - -def test_add_pods_with_empty_security_pipeline_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": "", - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 400 - assert req.data - data = get_json(req.data) - assert 'The policy is unknown.' in data['message'] - - -def test_add_different_pods_with_same_pdp_id(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - data["keystone_project_id"] = data["keystone_project_id"] + "x" - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - - -def test_add_different_pods_with_same_keystone_project_id_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - data["pdp_id"] = data["pdp_id"] + "xyz" - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 409 - data = get_json(req.data) - assert isinstance(data, dict) - assert 'A Pipeline already exist for the specified slave.' in data['message'] - - -def test_add_pod_with_slave_more_than_once_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "slave_name": "active_context", - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 409 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert 'A Wrapper already exist for the specified slave.' in data['message'] - -############################ /delete ############################ - -def test_delete_pod_valid_uuid(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - for key in data["pods"]: - req = _client.delete("/pods/{}".format(key)) - assert req.status_code == 200 - -def test_delete_pod_Invalid_uuid_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - - req = _client.delete("/pods/invalid") - assert req.status_code == 400 - data = get_json(req.data) - assert 'The slave is unknown.' in data['message'] - -def test_delete_pod_without_uuid_failure(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - - req = _client.delete("/pods/") - assert req.status_code == 400 - data = get_json(req.data) - assert 'The slave is unknown.' in data['message']
\ No newline at end of file diff --git a/moon_orchestrator/tests/unit_python/test_slaves.py b/moon_orchestrator/tests/unit_python/test_slaves.py deleted file mode 100644 index 88ff7e55..00000000 --- a/moon_orchestrator/tests/unit_python/test_slaves.py +++ /dev/null @@ -1,17 +0,0 @@ -import json -from mock_pods import patch_k8s -from utilities import get_json - - -def test_get_slaves(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.create_server() - _client = server.app.test_client() - req = _client.get("/slaves") - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "slaves" in data diff --git a/moon_orchestrator/tests/unit_python/utilities.py b/moon_orchestrator/tests/unit_python/utilities.py deleted file mode 100644 index bc4aebcc..00000000 --- a/moon_orchestrator/tests/unit_python/utilities.py +++ /dev/null @@ -1,171 +0,0 @@ -import base64 -import json -import pytest -from uuid import uuid4 - - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "interface" - }, - "pipeline": { - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - }, - "authz": { - "bind": "0.0.0.0", - "port": 8081, - "container": "wukongsun/moon_authz:v4.3", - "hostname": "authz" - }, - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - - -CONTEXT = { - "project_id": "a64beb1cc224474fb4badd43173e7101", - "subject_name": "testuser", - "object_name": "vm1", - "action_name": "boot", - "request_id": uuid4().hex, - "interface_name": "interface", - "manager_url": "http://{}:{}".format( - CONF["components"]["manager"]["hostname"], - CONF["components"]["manager"]["port"] - ), - "cookie": uuid4().hex, - "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd", - "security_pipeline": ["f8f49a779ceb47b3ac810f01ef71b4e0"] - } - - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/pipeline", - "components/wrapper", -) - - -def get_b64_conf(component=None): - if component == "components": - return base64.b64encode( - json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8') - elif component in CONF: - return base64.b64encode( - json.dumps( - CONF[component]).encode('utf-8')+b"\n").decode('utf-8') - elif not component: - return base64.b64encode( - json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') - elif "/" in component: - key1, _, key2 = component.partition("/") - return base64.b64encode( - json.dumps( - CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') - - -def get_json(data): - return json.loads(data.decode("utf-8")) - - |