diff options
Diffstat (limited to 'moonv4/moon_interface/moon_interface/api')
| -rw-r--r-- | moonv4/moon_interface/moon_interface/api/__init__.py | 0 | ||||
| -rw-r--r-- | moonv4/moon_interface/moon_interface/api/authz.py | 193 | ||||
| -rw-r--r-- | moonv4/moon_interface/moon_interface/api/generic.py | 131 |
3 files changed, 0 insertions, 324 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/__init__.py b/moonv4/moon_interface/moon_interface/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_interface/moon_interface/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py deleted file mode 100644 index c9f4697f..00000000 --- a/moonv4/moon_interface/moon_interface/api/authz.py +++ /dev/null @@ -1,193 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Authz is the endpoint to get authorization response -""" - -from flask import request -from flask_restful import Resource -import logging -import pickle -import requests -import time -from uuid import uuid4 - -from moon_interface.authz_requests import AuthzRequest - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.api." + __name__) - - -def pdp_in_cache(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the cache of this component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - for item_uuid, item_value in cache.pdp.items(): - if uuid == item_value['keystone_project_id']: - return item_uuid, item_value - return None, None - - -def pdp_in_manager(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the Manager component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - cache.update() - return pdp_in_cache(cache, uuid) - - -def container_exist(cache, uuid): - """Check if a PDP exist with this Keystone Project ID in the Manager component - - :param cache: Cache to use - :param uuid: Keystone Project ID - :return: True or False - """ - for key, value in cache.containers.items(): - if "keystone_project_id" not in value: - continue - if value["keystone_project_id"] == uuid: - try: - req = requests.head("http://{}:{}/".format( - value.get("hostname"), - value.get("port")[0].get("PublicPort"))) - LOG.info("container_exist {}".format(req.status_code)) - if req.status_code in (200, 201): - return value - return - except requests.exceptions.ConnectionError: - pass - # maybe hostname is not working so trying with IP address - try: - req = requests.head("http://{}:{}/".format( - value.get("ip"), - value.get("port")[0].get("PublicPort"))) - if req.status_code in (200, 201): - return value - return - except requests.exceptions.ConnectionError: - return - - -def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name): - """Create the authorization request and make the first call to the Authz function - - :param cache: Cache to use - :param interface_name: hostname of the interface - :param manager_url: URL of the manager - :param uuid: Keystone Project ID - :param subject_name: name of the subject - :param object_name: name of the object - :param action_name: name of the action - :return: Authorisation request - """ - req_id = uuid4().hex - ctx = { - "project_id": uuid, - "subject_name": subject_name, - "object_name": object_name, - "action_name": action_name, - "request_id": req_id, - "interface_name": interface_name, - "manager_url": manager_url, - "cookie": uuid4().hex - } - cache.authz_requests[req_id] = AuthzRequest(ctx) - return cache.authz_requests[req_id] - - -class Authz(Resource): - """ - Endpoint for authz requests - """ - - __urls__ = ( - "/authz/<string:uuid>", - "/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>", - ) - - def __init__(self, **kwargs): - self.CACHE = kwargs.get("cache") - self.INTERFACE_NAME = kwargs.get("interface_name", "interface") - self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080") - self.TIMEOUT = 5 - - def get(self, uuid=None, subject_name=None, object_name=None, action_name=None): - """Get a response on an authorization request - - :param uuid: uuid of a tenant or an intra_extension - :param subject_name: name of the subject or the request - :param object_name: name of the object - :param action_name: name of the action - :return: { - "args": {}, - "ctx": { - "action_name": "4567", - "id": "123456", - "method": "authz", - "object_name": "234567", - "subject_name": "123456", - "user_id": "admin" - }, - "error": { - "code": 500, - "description": "", - "title": "Moon Error" - }, - "intra_extension_id": "123456", - "result": false - } - :internal_api: authz - """ - pdp_id, pdp_value = pdp_in_cache(self.CACHE, uuid) - if not pdp_id: - pdp_id, pdp_value = pdp_in_manager(self.CACHE, uuid) - if not pdp_id: - return { - "result": False, - "message": "Unknown Project ID or " - "Project ID is not bind to a PDP."}, 403 - authz_request = create_authz_request( - cache=self.CACHE, - uuid=uuid, - interface_name=self.INTERFACE_NAME, - manager_url=self.MANAGER_URL, - subject_name=subject_name, - object_name=object_name, - action_name=action_name) - cpt = 0 - while True: - if cpt > self.TIMEOUT*10: - return {"result": False, - "message": "Authz request had timed out."}, 500 - if authz_request.is_authz(): - if authz_request.final_result == "Grant": - return {"result": True, "message": ""}, 200 - return {"result": False, "message": ""}, 401 - cpt += 1 - time.sleep(0.1) - - def patch(self, uuid=None, subject_name=None, object_name=None, action_name=None): - """Get a response on an authorization request - - :param uuid: uuid of the authorization request - :param subject_name: not used - :param object_name: not used - :param action_name: not used - :request body: a Context object - :return: {} - :internal_api: authz - """ - if uuid in self.CACHE.authz_requests: - self.CACHE.authz_requests[uuid].set_result(pickle.loads(request.data)) - return "", 201 - return {"result": False, "message": "The request ID is unknown"}, 500 diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py deleted file mode 100644 index 51de9214..00000000 --- a/moonv4/moon_interface/moon_interface/api/generic.py +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Those API are helping API used to manage the Moon platform. -""" - -from flask_restful import Resource, request -import logging -import moon_interface.api -from python_moonutilities.security_functions import check_auth - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.api." + __name__) - - -class Status(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/status", "/status/", "/status/<string:component_id>") - - def get(self, component_id=None): - """Retrieve status of all components - - :return: { - "orchestrator": { - "status": "Running" - }, - "security_router": { - "status": "Running" - } - } - """ - raise NotImplemented - - -class Logs(Resource): - """ - Endpoint for logs requests - """ - - __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") - - def get(self, component_id=None): - """Get logs from the Moon platform - - :param component_id: the ID of the component your are looking for (optional) - :return: [ - "2015-04-15-13:45:20 - "2015-04-15-13:45:21 - "2015-04-15-13:45:22 - "2015-04-15-13:45:23 - ] - """ - filter_str = request.args.get('filter', '') - from_str = request.args.get('from', '') - to_str = request.args.get('to', '') - event_number = request.args.get('event_number', '') - try: - event_number = int(event_number) - except ValueError: - event_number = None - args = dict() - args["filter"] = filter_str - args["from"] = from_str - args["to"] = to_str - args["event_number"] = event_number - - raise NotImplemented - - -class API(Resource): - """ - Endpoint for API requests - """ - - __urls__ = ( - "/api", - "/api/", - "/api/<string:group_id>", - "/api/<string:group_id>/", - "/api/<string:group_id>/<string:endpoint_id>") - - @check_auth - def get(self, group_id="", endpoint_id="", user_id=""): - """Retrieve all API endpoints or a specific endpoint if endpoint_id is given - - :param group_id: the name of one existing group (ie generic, ...) - :param endpoint_id: the name of one existing component (ie Logs, Status, ...) - :return: { - "group_name": { - "endpoint_name": { - "description": "a description", - "methods": { - "get": "description of the HTTP method" - }, - "urls": ('/api', '/api/', '/api/<string:endpoint_id>') - } - } - """ - __methods = ("get", "post", "put", "delete", "options", "patch") - api_list = filter(lambda x: "__" not in x, dir(moon_interface.api)) - api_desc = dict() - for api_name in api_list: - api_desc[api_name] = {} - group_api_obj = eval("moon_interface.api.{}".format(api_name)) - api_desc[api_name]["description"] = group_api_obj.__doc__ - if "__version__" in dir(group_api_obj): - api_desc[api_name]["version"] = group_api_obj.__version__ - object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) - for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list): - if "__urls__" in dir(obj): - api_desc[api_name][obj.__name__] = dict() - api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ - api_desc[api_name][obj.__name__]["methods"] = dict() - for _method in filter(lambda x: x in __methods, dir(obj)): - docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) - api_desc[api_name][obj.__name__]["methods"][_method] = docstring - api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) - if group_id in api_desc: - if endpoint_id in api_desc[group_id]: - return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} - elif len(endpoint_id) > 0: - LOG.error("Unknown endpoint_id {}".format(endpoint_id)) - return {"error": "Unknown endpoint_id {}".format(endpoint_id)} - return {group_id: api_desc[group_id]} - return api_desc |