aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_interface/moon_interface/authz_requests.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_interface/moon_interface/authz_requests.py')
-rw-r--r--moonv4/moon_interface/moon_interface/authz_requests.py159
1 files changed, 0 insertions, 159 deletions
diff --git a/moonv4/moon_interface/moon_interface/authz_requests.py b/moonv4/moon_interface/moon_interface/authz_requests.py
deleted file mode 100644
index 3f99cb93..00000000
--- a/moonv4/moon_interface/moon_interface/authz_requests.py
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import logging
-import itertools
-import pickle
-import requests
-from python_moonutilities import configuration, exceptions
-from python_moonutilities.security_functions import Context
-from python_moonutilities.cache import Cache
-
-LOG = logging.getLogger("moon.interface.authz_requests")
-
-
-CACHE = Cache()
-CACHE.update()
-
-
-class AuthzRequest:
-
- result = None
- final_result = "Deny"
- req_max_delay = 2
-
- def __init__(self, ctx, args=None):
- self.context = Context(ctx, CACHE)
- self.args = args
- self.request_id = ctx["request_id"]
- if ctx['project_id'] not in CACHE.container_chaining:
- raise exceptions.KeystoneProjectError("Unknown Project ID {}".format(ctx['project_id']))
- self.container_chaining = CACHE.container_chaining[ctx['project_id']]
- if len(self.container_chaining) == 0:
- raise exceptions.MoonError('Void container chaining')
- self.pdp_container = self.container_chaining[0]["container_id"]
- self.run()
-
- def run(self):
- self.context.delete_cache()
- req = None
- try:
- req = requests.post("http://{}:{}/authz".format(
- self.container_chaining[0]["hostip"],
- self.container_chaining[0]["port"],
- ), data=pickle.dumps(self.context))
- if req.status_code != 200:
- raise exceptions.AuthzException(
- "Receive bad response from Authz function "
- "(with IP address - {})".format(
- req.status_code
- ))
- except requests.exceptions.ConnectionError:
- LOG.error("Cannot connect to {}".format(
- "http://{}:{}/authz".format(
- self.container_chaining[0]["hostip"],
- self.container_chaining[0]["port"]
- )))
- except ValueError:
- try:
- req = requests.post("http://{}:{}/authz".format(
- self.container_chaining[0]["hostname"],
- self.container_chaining[0]["port"],
- ), data=pickle.dumps(self.context))
- if req.status_code != 200:
- raise exceptions.AuthzException(
- "Receive bad response from Authz function "
- "(with hostname - {})".format(
- req.status_code
- ))
- except requests.exceptions.ConnectionError:
- LOG.error("Cannot connect to {}".format(
- "http://{}:{}/authz".format(
- self.container_chaining[0]["hostname"],
- self.container_chaining[0]["port"]
- )))
- raise exceptions.AuthzException(
- "Cannot connect to Authz function")
- self.context.set_cache(CACHE)
- if req and len(self.container_chaining) == 1:
- self.result = pickle.loads(req.content)
-
- # def __exec_next_state(self, rule_found):
- # index = self.context.index
- # current_meta_rule = self.context.headers[index]
- # current_container = self.__get_container_from_meta_rule(current_meta_rule)
- # current_container_genre = current_container["genre"]
- # try:
- # next_meta_rule = self.context.headers[index + 1]
- # except IndexError:
- # next_meta_rule = None
- # if current_container_genre == "authz":
- # if rule_found:
- # return True
- # pass
- # if next_meta_rule:
- # # next will be session if current is deny and session is unset
- # if self.payload["authz_context"]['pdp_set'][next_meta_rule]['effect'] == "unset":
- # return notify(
- # request_id=self.payload["authz_context"]["request_id"],
- # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'],
- # payload=self.payload)
- # # next will be delegation if current is deny and session is passed or deny and delegation is unset
- # else:
- # LOG.error("Delegation is not developed!")
- #
- # else:
- # # else next will be None and the request is sent to router
- # return self.__return_to_router()
- # elif current_container_genre == "session":
- # pass
- # # next will be next container in headers if current is passed
- # if self.payload["authz_context"]['pdp_set'][current_meta_rule]['effect'] == "passed":
- # return notify(
- # request_id=self.payload["authz_context"]["request_id"],
- # container_id=self.__get_container_from_meta_rule(next_meta_rule)['container_id'],
- # payload=self.payload)
- # # next will be None if current is grant and the request is sent to router
- # else:
- # return self.__return_to_router()
- # elif current_container_genre == "delegation":
- # LOG.error("Delegation is not developed!")
- # # next will be authz if current is deny
- # # next will be None if current is grant and the request is sent to router
-
- def set_result(self, result):
- self.result = result
-
- def is_authz(self):
- if not self.result:
- return False
- authz_results = []
- for key in self.result.pdp_set:
- if "effect" in self.result.pdp_set[key]:
- if self.result.pdp_set[key]["effect"] == "grant":
- # the pdp is a authorization PDP and grant the request
- authz_results.append(True)
- elif self.result.pdp_set[key]["effect"] == "passed":
- # the pdp is not a authorization PDP (session or delegation) and had run normally
- authz_results.append(True)
- elif self.result.pdp_set[key]["effect"] == "unset":
- # the pdp is not a authorization PDP (session or delegation) and had not yep run
- authz_results.append(True)
- else:
- # the pdp is (or not) a authorization PDP and had run badly
- authz_results.append(False)
- if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]:
- self.result.pdp_set["effect"] = "grant"
- if self.result:
- if self.result.pdp_set["effect"] == "grant":
- self.final_result = "Grant"
- return True
- self.final_result = "Deny"
- return True
-
- # def notify(self, request_id, container_id, payload):
- # LOG.info("notify {} {} {}".format(request_id, container_id, payload))
- # # TODO: send the notification and wait for the result
- # # req = requests.get()