diff options
Diffstat (limited to 'moonv4/moon_interface/moon_interface/api')
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/__init__.py | 0 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/assignments.py | 261 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/authz.py | 66 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/data.py | 261 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/generic.py | 153 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/meta_data.py | 206 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/meta_rules.py | 140 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/models.py | 103 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/pdp.py | 108 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/perimeter.py | 314 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/policies.py | 108 | ||||
-rw-r--r-- | moonv4/moon_interface/moon_interface/api/rules.py | 95 |
12 files changed, 1815 insertions, 0 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/__init__.py b/moonv4/moon_interface/moon_interface/api/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/__init__.py diff --git a/moonv4/moon_interface/moon_interface/api/assignments.py b/moonv4/moon_interface/moon_interface/api/assignments.py new file mode 100644 index 00000000..c270440a --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/assignments.py @@ -0,0 +1,261 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Assignments allow to connect data with elements of perimeter + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.2.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class SubjectAssignments(Resource): + """ + Endpoint for subject assignment requests + """ + + __urls__ = ( + "/policies/<string:uuid>/subject_assignments", + "/policies/<string:uuid>/subject_assignments/", + "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>", + "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>", + "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Retrieve all subject assignments or a specific one for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the subject + :param category_id: uuid of the subject category + :param data_id: uuid of the subject scope + :param user_id: user ID who do the request + :return: { + "subject_data_id": { + "policy_id": "ID of the policy", + "subject_id": "ID of the subject", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: get_subject_assignments + """ + return call(ctx={"id": uuid, "method": "get_subject_assignments", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Create a subject assignment. + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the subject (not used here) + :param category_id: uuid of the subject category (not used here) + :param data_id: uuid of the subject scope (not used here) + :param user_id: user ID who do the request + :request body: { + "id": "UUID of the subject", + "category_id": "UUID of the category" + "data_id": "UUID of the scope" + } + :return: { + "subject_data_id": { + "policy_id": "ID of the policy", + "subject_id": "ID of the subject", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: update_subject_assignment + """ + return call(ctx={"id": uuid, "method": "update_subject_assignment", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Delete a subject assignment for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the subject + :param category_id: uuid of the subject category + :param data_id: uuid of the subject scope + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_subject_assignment + """ + return call(ctx={"id": uuid, "method": "delete_subject_assignment", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + +class ObjectAssignments(Resource): + """ + Endpoint for object assignment requests + """ + + __urls__ = ( + "/policies/<string:uuid>/object_assignments", + "/policies/<string:uuid>/object_assignments/", + "/policies/<string:uuid>/object_assignments/<string:perimeter_id>", + "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>", + "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Retrieve all object assignment or a specific one for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the object + :param category_id: uuid of the object category + :param data_id: uuid of the object scope + :param user_id: user ID who do the request + :return: { + "object_data_id": { + "policy_id": "ID of the policy", + "object_id": "ID of the object", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: get_object_assignments + """ + return call(ctx={"id": uuid, "method": "get_object_assignments", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Create an object assignment. + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the object (not used here) + :param category_id: uuid of the object category (not used here) + :param data_id: uuid of the object scope (not used here) + :param user_id: user ID who do the request + :request body: { + "id": "UUID of the action", + "category_id": "UUID of the category" + "data_id": "UUID of the scope" + } + :return: { + "object_data_id": { + "policy_id": "ID of the policy", + "object_id": "ID of the object", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: update_object_assignment + """ + return call(ctx={"id": uuid, "method": "update_object_assignment", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Delete a object assignment for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the object + :param category_id: uuid of the object category + :param data_id: uuid of the object scope + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_object_assignment + """ + return call(ctx={"id": uuid, "method": "delete_object_assignment", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + +class ActionAssignments(Resource): + """ + Endpoint for action assignment requests + """ + + __urls__ = ( + "/policies/<string:uuid>/action_assignments", + "/policies/<string:uuid>/action_assignments/", + "/policies/<string:uuid>/action_assignments/<string:perimeter_id>", + "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>", + "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Retrieve all action assignment or a specific one for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the action + :param category_id: uuid of the action category + :param data_id: uuid of the action scope + :param user_id: user ID who do the request + :return: { + "action_data_id": { + "policy_id": "ID of the policy", + "object_id": "ID of the action", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: get_action_assignments + """ + return call(ctx={"id": uuid, "method": "get_action_assignments", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Create an action assignment. + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the action (not used here) + :param category_id: uuid of the action category (not used here) + :param data_id: uuid of the action scope (not used here) + :param user_id: user ID who do the request + :request body: { + "id": "UUID of the action", + "category_id": "UUID of the category", + "data_id": "UUID of the scope" + } + :return: { + "action_data_id": { + "policy_id": "ID of the policy", + "object_id": "ID of the action", + "category_id": "ID of the category", + "assignments": "Assignments list (list of data_id)", + } + } + :internal_api: update_action_assignment + """ + return call(ctx={"id": uuid, "method": "update_action_assignment", "user_id": user_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): + """Delete a action assignment for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the action + :param category_id: uuid of the action category + :param data_id: uuid of the action scope + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_action_assignment + """ + return call(ctx={"id": uuid, "method": "delete_action_assignment", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py new file mode 100644 index 00000000..d1bf3407 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/authz.py @@ -0,0 +1,66 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Authz is the endpoint to get authorization response +""" + +from uuid import uuid4 +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Authz(Resource): + """ + Endpoint for authz requests + """ + + __urls__ = ("/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>", ) + + def get(self, uuid=None, subject_name=None, object_name=None, action_name=None): + """Get a response on an authorization request + + :param uuid: uuid of a tenant or an intra_extension + :param subject_name: name of the subject or the request + :param object_name: name of the object + :param action_name: name of the action + :return: { + "args": {}, + "ctx": { + "action_name": "4567", + "id": "123456", + "method": "authz", + "object_name": "234567", + "subject_name": "123456", + "user_id": "admin" + }, + "error": { + "code": 500, + "description": "", + "title": "Moon Error" + }, + "intra_extension_id": "123456", + "result": false + } + :internal_api: authz + """ + # Note (asteroide): user_id default to admin to be able to read the database + # it would be better to have a read-only user. + return call(ctx={"id": uuid, + "call_master": False, + "method": "authz", + "subject_name": subject_name, + "object_name": object_name, + "action_name": action_name, + "user_id": "admin", + "request_id": uuid4().hex}, args={}) + diff --git a/moonv4/moon_interface/moon_interface/api/data.py b/moonv4/moon_interface/moon_interface/api/data.py new file mode 100644 index 00000000..fdd28e9e --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/data.py @@ -0,0 +1,261 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Data are elements used to create rules + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.2.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class SubjectData(Resource): + """ + Endpoint for subject data requests + """ + + __urls__ = ( + "/policies/<string:uuid>/subject_data", + "/policies/<string:uuid>/subject_data/", + "/policies/<string:uuid>/subject_data/<string:category_id>", + "/policies/<string:uuid>/subject_data/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Retrieve all subject categories or a specific one if sid is given for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the subject category + :param data_id: uuid of the subject data + :param user_id: user ID who do the request + :return: [{ + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "subject_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + }] + :internal_api: get_subject_data + """ + return call(ctx={"id": uuid, "method": "get_subject_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Create or update a subject. + + :param uuid: uuid of the policy + :param category_id: uuid of the subject category + :param data_id: uuid of the subject data + :param user_id: user ID who do the request + :request body: { + "name": "name of the data", + "description": "description of the data" + } + :return: { + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "subject_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + } + :internal_api: add_subject_data + """ + return call(ctx={"id": uuid, "method": "add_subject_data", "category_id": category_id, "user_id": user_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Delete a subject for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the subject category + :param data_id: uuid of the subject data + :param user_id: user ID who do the request + :return: [{ + "result": "True or False", + "message": "optional message" + }] + :internal_api: delete_subject_data + """ + return call(ctx={"id": uuid, "method": "delete_subject_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + +class ObjectData(Resource): + """ + Endpoint for object data requests + """ + + __urls__ = ( + "/policies/<string:uuid>/object_data", + "/policies/<string:uuid>/object_data/", + "/policies/<string:uuid>/object_data/<string:category_id>", + "/policies/<string:uuid>/object_data/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Retrieve all object categories or a specific one if sid is given for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the object category + :param data_id: uuid of the object data + :param user_id: user ID who do the request + :return: [{ + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "object_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + }] + :internal_api: get_object_data + """ + return call(ctx={"id": uuid, "method": "get_object_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Create or update a object. + + :param uuid: uuid of the policy + :param category_id: uuid of the object category + :param data_id: uuid of the object data + :param user_id: user ID who do the request + :request body: { + "name": "name of the data", + "description": "description of the data" + } + :return: { + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "object_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + } + :internal_api: add_object_data + """ + return call(ctx={"id": uuid, "method": "add_object_data", "category_id": category_id, "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Delete a object for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the object category + :param data_id: uuid of the object data + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_object_data + """ + return call(ctx={"id": uuid, "method": "delete_object_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + +class ActionData(Resource): + """ + Endpoint for action data requests + """ + + __urls__ = ( + "/policies/<string:uuid>/action_data", + "/policies/<string:uuid>/action_data/", + "/policies/<string:uuid>/action_data/<string:category_id>", + "/policies/<string:uuid>/action_data/<string:category_id>/<string:data_id>", + ) + + @check_auth + def get(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Retrieve all action categories or a specific one if sid is given for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the action category + :param data_id: uuid of the action data + :param user_id: user ID who do the request + :return: [{ + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "action_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + }] + :internal_api: get_action_data + """ + return call(ctx={"id": uuid, "method": "get_action_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + @check_auth + def post(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Create or update a action. + + :param uuid: uuid of the policy + :param category_id: uuid of the action category + :param data_id: uuid of the action data + :param user_id: user ID who do the request + :request body: { + "name": "name of the data", + "description": "description of the data" + } + :return: { + "policy_id": "policy_id1", + "category_id": "category_id1", + "data": { + "action_data_id": { + "name": "name of the data", + "description": "description of the data" + } + } + } + :internal_api: add_action_data + """ + return call(ctx={"id": uuid, "method": "add_action_data", "category_id": category_id, "user_id": user_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): + """Delete a action for a given policy + + :param uuid: uuid of the policy + :param category_id: uuid of the action category + :param data_id: uuid of the action data + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_action_data + """ + return call(ctx={"id": uuid, "method": "delete_action_data", "category_id": category_id, "user_id": user_id}, + args={"data_id": data_id}) + + diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py new file mode 100644 index 00000000..6c29039d --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/generic.py @@ -0,0 +1,153 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Those API are helping API used to manage the Moon platform. +""" + +from flask_restful import Resource, request +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +import moon_interface.api +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Status(Resource): + """ + Endpoint for status requests + """ + + __urls__ = ("/status", "/status/", "/status/<string:component_id>") + + def get(self, component_id=None): + """Retrieve status of all components + + :return: { + "orchestrator": { + "status": "Running" + }, + "security_router": { + "status": "Running" + } + } + """ + return call(method="get_status", ctx={"component_id": component_id}) + + +class Logs(Resource): + """ + Endpoint for logs requests + """ + + __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") + + def get(self, component_id=None): + """Get logs from the Moon platform + + :param component_id: the ID of the component your are looking for (optional) + :return: [ + "2015-04-15-13:45:20 + "2015-04-15-13:45:21 + "2015-04-15-13:45:22 + "2015-04-15-13:45:23 + ] + """ + filter_str = request.args.get('filter', '') + from_str = request.args.get('from', '') + to_str = request.args.get('to', '') + event_number = request.args.get('event_number', '') + try: + event_number = int(event_number) + except ValueError: + event_number = None + args = dict() + args["filter"] = filter_str + args["from"] = from_str + args["to"] = to_str + args["event_number"] = event_number + + return call(method="get_logs", ctx={"component_id": component_id}, args=args) + + +class API(Resource): + """ + Endpoint for API requests + """ + + __urls__ = ( + "/api", + "/api/", + "/api/<string:group_id>", + "/api/<string:group_id>/", + "/api/<string:group_id>/<string:endpoint_id>") + + @check_auth + def get(self, group_id="", endpoint_id="", user_id=""): + """Retrieve all API endpoints or a specific endpoint if endpoint_id is given + + :param group_id: the name of one existing group (ie generic, ...) + :param endpoint_id: the name of one existing component (ie Logs, Status, ...) + :return: { + "group_name": { + "endpoint_name": { + "description": "a description", + "methods": { + "get": "description of the HTTP method" + }, + "urls": ('/api', '/api/', '/api/<string:endpoint_id>') + } + } + """ + __methods = ("get", "post", "put", "delete", "options", "patch") + api_list = filter(lambda x: "__" not in x, dir(moon_interface.api)) + api_desc = dict() + for api_name in api_list: + api_desc[api_name] = {} + group_api_obj = eval("moon_interface.api.{}".format(api_name)) + api_desc[api_name]["description"] = group_api_obj.__doc__ + if "__version__" in dir(group_api_obj): + api_desc[api_name]["version"] = group_api_obj.__version__ + object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) + for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list): + if "__urls__" in dir(obj): + api_desc[api_name][obj.__name__] = dict() + api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ + api_desc[api_name][obj.__name__]["methods"] = dict() + for _method in filter(lambda x: x in __methods, dir(obj)): + docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) + api_desc[api_name][obj.__name__]["methods"][_method] = docstring + api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) + if group_id in api_desc: + if endpoint_id in api_desc[group_id]: + return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} + elif len(endpoint_id) > 0: + LOG.error("Unknown endpoint_id {}".format(endpoint_id)) + return {"error": "Unknown endpoint_id {}".format(endpoint_id)} + return {group_id: api_desc[group_id]} + return api_desc + + +class InternalAPI(Resource): + """ + Endpoint for status requests + """ + + __urls__ = ("/internal_api", "/internal_api/", "/internal_api/<string:component_id>") + + def get(self, component_id=None, user_id=""): + api_list = ("orchestrator", "security_router") + if not component_id: + return {"api": api_list} + if component_id in api_list: + api_desc = dict() + api_desc["name"] = component_id + api_desc["endpoints"] = call(component_id, {}, "list_api") + return api_desc + diff --git a/moonv4/moon_interface/moon_interface/api/meta_data.py b/moonv4/moon_interface/moon_interface/api/meta_data.py new file mode 100644 index 00000000..c34faa20 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/meta_data.py @@ -0,0 +1,206 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Meta Data are elements used to create Meta data (skeleton of security policies) + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.2.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class SubjectCategories(Resource): + """ + Endpoint for subject categories requests + """ + + __urls__ = ( + "/subject_categories", + "/subject_categories/", + "/subject_categories/<string:category_id>", + ) + + @check_auth + def get(self, category_id=None, user_id=None): + """Retrieve all subject categories or a specific one + + :param category_id: uuid of the subject category + :param user_id: user ID who do the request + :return: { + "subject_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: get_subject_categories + """ + return call(ctx={"method": "get_subject_categories", "user_id": user_id}, args={"category_id": category_id}) + + @check_auth + def post(self, category_id=None, user_id=None): + """Create or update a subject category. + + :param category_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the category", + "description": "description of the category" + } + :return: { + "subject_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: add_subject_category + """ + return call(ctx={"method": "set_subject_category", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, category_id=None, user_id=None): + """Delete a subject category + + :param category_id: uuid of the subject category to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_subject_category + """ + return call(ctx={"method": "delete_subject_category", "user_id": user_id}, args={"category_id": category_id}) + + +class ObjectCategories(Resource): + """ + Endpoint for object categories requests + """ + + __urls__ = ( + "/object_categories", + "/object_categories/", + "/object_categories/<string:category_id>", + ) + + @check_auth + def get(self, category_id=None, user_id=None): + """Retrieve all object categories or a specific one + + :param category_id: uuid of the object category + :param user_id: user ID who do the request + :return: { + "object_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: get_object_categories + """ + return call(ctx={"method": "get_object_categories", "user_id": user_id}, args={"category_id": category_id}) + + @check_auth + def post(self, category_id=None, user_id=None): + """Create or update a object category. + + :param category_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the category", + "description": "description of the category" + } + :return: { + "object_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: add_object_category + """ + return call(ctx={"method": "set_object_category", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, category_id=None, user_id=None): + """Delete an object category + + :param category_id: uuid of the object category to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_object_category + """ + return call(ctx={"method": "delete_object_category", "user_id": user_id}, args={"category_id": category_id}) + + +class ActionCategories(Resource): + """ + Endpoint for action categories requests + """ + + __urls__ = ( + "/action_categories", + "/action_categories/", + "/action_categories/<string:category_id>", + ) + + @check_auth + def get(self, category_id=None, user_id=None): + """Retrieve all action categories or a specific one + + :param category_id: uuid of the action category + :param user_id: user ID who do the request + :return: { + "action_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: get_action_categories + """ + return call(ctx={"method": "get_action_categories", "user_id": user_id}, args={"category_id": category_id}) + + @check_auth + def post(self, category_id=None, user_id=None): + """Create or update an action category. + + :param category_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the category", + "description": "description of the category" + } + :return: { + "action_category_id": { + "name": "name of the category", + "description": "description of the category" + } + } + :internal_api: add_action_category + """ + return call(ctx={"method": "set_action_category", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, category_id=None, user_id=None): + """Delete an action + + :param category_id: uuid of the action category to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_action_category + """ + return call(ctx={"method": "delete_action_category", "user_id": user_id}, args={"category_id": category_id}) diff --git a/moonv4/moon_interface/moon_interface/api/meta_rules.py b/moonv4/moon_interface/moon_interface/api/meta_rules.py new file mode 100644 index 00000000..5e059109 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/meta_rules.py @@ -0,0 +1,140 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Meta rules are skeleton for security policies + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class MetaRules(Resource): + """ + Endpoint for meta rules requests + """ + + __urls__ = ("/meta_rules", + "/meta_rules/", + "/meta_rules/<string:meta_rule_id>", + "/meta_rules/<string:meta_rule_id>/") + + @check_auth + def get(self, meta_rule_id=None, user_id=None): + """Retrieve all sub meta rules + + :param meta_rule_id: Meta rule algorithm ID + :param user_id: user ID who do the request + :return: { + "meta_rules": { + "meta_rule_id1": { + "name": "name of the meta rule", + "algorithm": "name of the meta rule algorithm", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + } + } + :internal_api: get_meta_rules + """ + return call(ctx={"method": "get_meta_rules", + "user_id": user_id, + "meta_rule_id": meta_rule_id}, args={}) + + @check_auth + def post(self, meta_rule_id=None, user_id=None): + """Add a meta rule + + :param meta_rule_id: Meta rule ID + :param user_id: user ID who do the request + :request body: post = { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + :return: { + "meta_rules": { + "meta_rule_id1": { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + } + } + :internal_api: add_meta_rules + """ + return call(ctx={"method": "add_meta_rules", + "user_id": user_id, + "meta_rule_id": meta_rule_id}, args=request.json) + + @check_auth + def patch(self, meta_rule_id=None, user_id=None): + """Update a meta rule + + :param meta_rule_id: Meta rule ID + :param user_id: user ID who do the request + :request body: patch = { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + :return: { + "meta_rules": { + "meta_rule_id1": { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + } + } + :internal_api: set_meta_rules + """ + return call(ctx={"method": "set_meta_rules", + "user_id": user_id, + "meta_rule_id": meta_rule_id}, args=request.json) + + @check_auth + def delete(self, meta_rule_id=None, user_id=None): + """Delete a meta rule + + :param meta_rule_id: Meta rule ID + :param user_id: user ID who do the request + :request body: delete = { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + } + :return: { + "meta_rules": { + "meta_rule_id1": { + "name": "name of the meta rule", + "subject_categories": ["subject_category_id1", "subject_category_id2"], + "object_categories": ["object_category_id1"], + "action_categories": ["action_category_id1"] + }, + } + } + :internal_api: delete_meta_rules + """ + return call(ctx={"method": "delete_meta_rules", + "user_id": user_id, + "meta_rule_id": meta_rule_id}, args=request.json) + + diff --git a/moonv4/moon_interface/moon_interface/api/models.py b/moonv4/moon_interface/moon_interface/api/models.py new file mode 100644 index 00000000..0226a87e --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/models.py @@ -0,0 +1,103 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Models aggregate multiple meta rules +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Models(Resource): + """ + Endpoint for model requests + """ + + __urls__ = ( + "/models", + "/models/", + "/models/<string:uuid>", + "/models/<string:uuid>/", + ) + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all models + + :param uuid: uuid of the model + :param user_id: user ID who do the request + :return: { + "model_id1": { + "name": "...", + "description": "...", + "meta_rules": ["meta_rule_id1", ] + } + } + :internal_api: get_models + """ + return call(ctx={"id": uuid, "method": "get_models", "user_id": user_id}, args={}) + + @check_auth + def post(self, uuid=None, user_id=None): + """Create model. + + :param uuid: uuid of the model (not used here) + :param user_id: user ID who do the request + :request body: { + "name": "...", + "description": "...", + "meta_rules": ["meta_rule_id1", ] + } + :return: { + "model_id1": { + "name": "...", + "description": "...", + "meta_rules": ["meta_rule_id1", ] + } + } + :internal_api: add_model + """ + return call(ctx={"id": uuid, "method": "add_model", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, user_id=None): + """Delete a model + + :param uuid: uuid of the model to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_model + """ + return call(ctx={"id": uuid, "method": "delete_model", "user_id": user_id}, args={}) + + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a model + + :param uuid: uuid of the model to update + :param user_id: user ID who do the request + :return: { + "model_id1": { + "name": "...", + "description": "...", + "meta_rules": ["meta_rule_id1", ] + } + } + :internal_api: update_model + """ + return call(ctx={"id": uuid, "method": "update_model", "user_id": user_id}, args=request.json) + diff --git a/moonv4/moon_interface/moon_interface/api/pdp.py b/moonv4/moon_interface/moon_interface/api/pdp.py new file mode 100644 index 00000000..3a3519c4 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/pdp.py @@ -0,0 +1,108 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +PDP are Policy Decision Point. + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class PDP(Resource): + """ + Endpoint for pdp requests + """ + + __urls__ = ( + "/pdp", + "/pdp/", + "/pdp/<string:uuid>", + "/pdp/<string:uuid>/", + ) + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all pdp + + :param uuid: uuid of the pdp + :param user_id: user ID who do the request + :return: { + "pdp_id1": { + "name": "...", + "security_pipeline": [...], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + } + :internal_api: get_pdp + """ + return call(ctx={"id": uuid, "method": "get_pdp", "user_id": user_id}, args={}) + + @check_auth + def post(self, uuid=None, user_id=None): + """Create pdp. + + :param uuid: uuid of the pdp (not used here) + :param user_id: user ID who do the request + :request body: { + "name": "...", + "security_pipeline": [...], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + :return: { + "pdp_id1": { + "name": "...", + "security_pipeline": [...], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + } + :internal_api: add_pdp + """ + return call(ctx={"id": uuid, "method": "add_pdp", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, user_id=None): + """Delete a pdp + + :param uuid: uuid of the pdp to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_pdp + """ + return call(ctx={"id": uuid, "method": "delete_pdp", "user_id": user_id}, args={}) + + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a pdp + + :param uuid: uuid of the pdp to update + :param user_id: user ID who do the request + :return: { + "pdp_id1": { + "name": "...", + "security_pipeline": [...], + "keystone_project_id": "keystone_project_id1", + "description": "...", + } + } + :internal_api: update_pdp + """ + return call(ctx={"id": uuid, "method": "update_pdp", "user_id": user_id}, args=request.json) + diff --git a/moonv4/moon_interface/moon_interface/api/perimeter.py b/moonv4/moon_interface/moon_interface/api/perimeter.py new file mode 100644 index 00000000..8907c8f4 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/perimeter.py @@ -0,0 +1,314 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +* Subjects are the source of an action on an object (examples : users, virtual machines) +* Objects are the destination of an action (examples virtual machines, virtual Routers) +* Actions are what subject wants to do on an object +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.2.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Subjects(Resource): + """ + Endpoint for subjects requests + """ + + __urls__ = ( + "/subjects", + "/subjects/", + "/subjects/<string:perimeter_id>", + "/policies/<string:uuid>/subjects", + "/policies/<string:uuid>/subjects/", + "/policies/<string:uuid>/subjects/<string:perimeter_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, user_id=None): + """Retrieve all subjects or a specific one if perimeter_id is given for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the subject + :param user_id: user ID who do the request + :return: { + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject", + "description": "a description" + } + } + :internal_api: get_subjects + """ + return call(ctx={"id": uuid, "method": "get_subjects", "user_id": user_id}, args={"perimeter_id": perimeter_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a subject. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the subject", + "description": "description of the subject", + "password": "password for the subject", + "email": "email address of the subject" + } + :return: { + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject", + "description": "description of the subject", + "password": "password for the subject", + "email": "email address of the subject" + } + } + :internal_api: set_subject + """ + return call(ctx={"id": uuid, "method": "set_subject", "user_id": user_id, "perimeter_id": None}, + args=request.json) + + @check_auth + def patch(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a subject. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the subject", + "description": "description of the subject", + "password": "password for the subject", + "email": "email address of the subject" + } + :return: { + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject", + "description": "description of the subject", + "password": "password for the subject", + "email": "email address of the subject" + } + } + :internal_api: set_subject + """ + return call(ctx={"id": uuid, "method": "set_subject", "user_id": user_id, "perimeter_id": perimeter_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, user_id=None): + """Delete a subject for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the subject + :param user_id: user ID who do the request + :return: { + "subject_id": { + "name": "name of the subject", + "keystone_id": "keystone id of the subject", + "description": "description of the subject", + "password": "password for the subject", + "email": "email address of the subject" + } + } + :internal_api: delete_subject + """ + return call(ctx={"id": uuid, "method": "delete_subject", "user_id": user_id}, args={"perimeter_id": perimeter_id}) + + +class Objects(Resource): + """ + Endpoint for objects requests + """ + + __urls__ = ( + "/objects", + "/objects/", + "/objects/<string:perimeter_id>", + "/policies/<string:uuid>/objects", + "/policies/<string:uuid>/objects/", + "/policies/<string:uuid>/objects/<string:perimeter_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, user_id=None): + """Retrieve all objects or a specific one if perimeter_id is given for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the object + :param user_id: user ID who do the request + :return: { + "object_id": { + "name": "name of the object", + "description": "description of the object" + } + } + :internal_api: get_objects + """ + return call(ctx={"id": uuid, "method": "get_objects", "user_id": user_id}, args={"perimeter_id": perimeter_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a object. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "object_name": "name of the object", + "object_description": "description of the object" + } + :return: { + "object_id": { + "name": "name of the object", + "description": "description of the object" + } + } + :internal_api: set_object + """ + return call(ctx={"id": uuid, "method": "set_object", "user_id": user_id, "perimeter_id": None}, + args=request.json) + + @check_auth + def patch(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a object. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "object_name": "name of the object", + "object_description": "description of the object" + } + :return: { + "object_id": { + "name": "name of the object", + "description": "description of the object" + } + } + :internal_api: set_object + """ + return call(ctx={"id": uuid, "method": "set_object", "user_id": user_id, "perimeter_id": perimeter_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, user_id=None): + """Delete a object for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the object + :param user_id: user ID who do the request + :return: { + "object_id": { + "name": "name of the object", + "description": "description of the object" + } + } + :internal_api: delete_object + """ + return call(ctx={"id": uuid, "method": "delete_object", "user_id": user_id}, args={"perimeter_id": perimeter_id}) + + +class Actions(Resource): + """ + Endpoint for actions requests + """ + + __urls__ = ( + "/actions", + "/actions/", + "/actions/<string:perimeter_id>", + "/policies/<string:uuid>/actions", + "/policies/<string:uuid>/actions/", + "/policies/<string:uuid>/actions/<string:perimeter_id>", + ) + + @check_auth + def get(self, uuid=None, perimeter_id=None, user_id=None): + """Retrieve all actions or a specific one if perimeter_id is given for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the action + :param user_id: user ID who do the request + :return: { + "action_id": { + "name": "name of the action", + "description": "description of the action" + } + } + :internal_api: get_actions + """ + return call(ctx={"id": uuid, "method": "get_actions", "user_id": user_id}, args={"perimeter_id": perimeter_id}) + + @check_auth + def post(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a action. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the action", + "description": "description of the action" + } + :return: { + "action_id": { + "name": "name of the action", + "description": "description of the action" + } + } + :internal_api: set_action + """ + return call(ctx={"id": uuid, "method": "set_action", "user_id": user_id, "perimeter_id": None}, + args=request.json) + + @check_auth + def patch(self, uuid=None, perimeter_id=None, user_id=None): + """Create or update a action. + + :param uuid: uuid of the policy + :param perimeter_id: must not be used here + :param user_id: user ID who do the request + :request body: { + "name": "name of the action", + "description": "description of the action" + } + :return: { + "action_id": { + "name": "name of the action", + "description": "description of the action" + } + } + :internal_api: set_action + """ + return call(ctx={"id": uuid, "method": "set_action", "user_id": user_id, "perimeter_id": perimeter_id}, + args=request.json) + + @check_auth + def delete(self, uuid=None, perimeter_id=None, user_id=None): + """Delete a action for a given policy + + :param uuid: uuid of the policy + :param perimeter_id: uuid of the action + :param user_id: user ID who do the request + :return: { + "action_id": { + "name": "name of the action", + "description": "description of the action" + } + } + :internal_api: delete_action + """ + return call(ctx={"id": uuid, "method": "delete_action", "user_id": user_id}, args={"perimeter_id": perimeter_id}) diff --git a/moonv4/moon_interface/moon_interface/api/policies.py b/moonv4/moon_interface/moon_interface/api/policies.py new file mode 100644 index 00000000..ba2b2e1e --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/policies.py @@ -0,0 +1,108 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Policies are instances of security models and implement security policies + +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Policies(Resource): + """ + Endpoint for policy requests + """ + + __urls__ = ( + "/policies", + "/policies/", + "/policies/<string:uuid>", + "/policies/<string:uuid>/", + ) + + @check_auth + def get(self, uuid=None, user_id=None): + """Retrieve all policies + + :param uuid: uuid of the policy + :param user_id: user ID who do the request + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: get_policies + """ + return call(ctx={"id": uuid, "method": "get_policies", "user_id": user_id}, args={}) + + @check_auth + def post(self, uuid=None, user_id=None): + """Create policy. + + :param uuid: uuid of the policy (not used here) + :param user_id: user ID who do the request + :request body: { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: add_policy + """ + return call(ctx={"id": uuid, "method": "add_policy", "user_id": user_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, user_id=None): + """Delete a policy + + :param uuid: uuid of the policy to delete + :param user_id: user ID who do the request + :return: { + "result": "True or False", + "message": "optional message" + } + :internal_api: delete_policy + """ + return call(ctx={"id": uuid, "method": "delete_policy", "user_id": user_id}, args={}) + + @check_auth + def patch(self, uuid=None, user_id=None): + """Update a policy + + :param uuid: uuid of the policy to update + :param user_id: user ID who do the request + :return: { + "policy_id1": { + "name": "...", + "model_id": "...", + "genre": "...", + "description": "...", + } + } + :internal_api: update_policy + """ + return call(ctx={"id": uuid, "method": "update_policy", "user_id": user_id}, args=request.json) + diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py new file mode 100644 index 00000000..81639a37 --- /dev/null +++ b/moonv4/moon_interface/moon_interface/api/rules.py @@ -0,0 +1,95 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Rules (TODO) +""" + +from flask import request +from flask_restful import Resource +from oslo_config import cfg +from oslo_log import log as logging +from moon_interface.tools import call +from moon_interface.tools import check_auth + +__version__ = "0.1.0" + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +class Rules(Resource): + """ + Endpoint for rules requests + """ + + __urls__ = ("/policies/<string:uuid>/rules", + "/policies/<string:uuid>/rules/", + "/policies/<string:uuid>/rules/<string:rule_id>", + "/policies/<string:uuid>/rules/<string:rule_id>/", + ) + + @check_auth + def get(self, uuid=None, rule_id=None, user_id=None): + """Retrieve all rules or a specific one + + :param uuid: policy ID + :param rule_id: rule ID + :param user_id: user ID who do the request + :return: { + "rules": [ + "policy_id": "policy_id1", + "meta_rule_id": "meta_rule_id1", + "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"], + "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"], + ] + } + :internal_api: get_rules + """ + return call(ctx={"id": uuid, + "method": "get_rules", + "user_id": user_id, + "rule_id": rule_id}, args={}) + + @check_auth + def post(self, uuid=None, rule_id=None, user_id=None): + """Add a rule to a meta rule + + :param uuid: policy ID + :param rule_id: rule ID + :param user_id: user ID who do the request + :request body: post = { + "meta_rule_id": "meta_rule_id1", + "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], + "enabled": True + } + :return: { + "rules": [ + "meta_rule_id": "meta_rule_id1", + "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"], + "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"], + ] + } + :internal_api: add_rule + """ + return call(ctx={"id": uuid, + "method": "add_rule", + "user_id": user_id, + "rule_id": rule_id}, args=request.json) + + @check_auth + def delete(self, uuid=None, rule_id=None, user_id=None): + """Delete one rule linked to a specific sub meta rule + + :param uuid: policy ID + :param rule_id: rule ID + :param user_id: user ID who do the request + :return: { "result": true } + :internal_api: delete_rule + """ + return call(ctx={"id": uuid, + "method": "delete_rule", + "user_id": user_id, + "rule_id": rule_id}, args={}) + |