1 files changed, 99 insertions, 0 deletions
diff --git a/moonv4/moon_interface/moon_interface/tools.py b/moonv4/moon_interface/moon_interface/tools.py
new file mode 100644
index 00000000..3c0fffa5
--- /dev/null
+++ b/moonv4/moon_interface/moon_interface/tools.py
@@ -0,0 +1,99 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import time
+from functools import wraps
+from flask import request
+from oslo_config import cfg
+from oslo_log import log as logging
+import oslo_messaging
+from moon_utilities import exceptions
+
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+TOKENS = {}
+
+
+def timeit(function):
+    def wrapper(*args, **kwargs):
+        LOG.info("Calling {} with {} {}...".format(function, args, kwargs))
+        ret = function(*args, **kwargs)
+        LOG.info("End of {}".format(function))
+        return ret
+    return wrapper
+
+
+@timeit
+def call(topic="security_router", ctx=None, method="route", **kwargs):
+    if not ctx:
+        ctx = dict()
+    transport = oslo_messaging.get_transport(CONF)
+    target = oslo_messaging.Target(topic=topic, version='1.0')
+    client = oslo_messaging.RPCClient(transport, target)
+    LOG.info("Calling {} on {}...".format(method, topic))
+    return client.call(ctx, method, **kwargs)
+
+
+def check_token(token, url=None):
+    _verify = False
+    if CONF.keystone.server_crt:
+        _verify = CONF.keystone.server_crt
+    try:
+        os.environ.pop("http_proxy")
+        os.environ.pop("https_proxy")
+    except KeyError:
+        pass
+    if not url:
+        url = CONF.keystone.url
+    headers = {
+        "Content-Type": "application/json",
+        'X-Subject-Token': token,
+        'X-Auth-Token': token,
+    }
+    if CONF.keystone.check_token.lower() in ("false", "no", "n"):
+        # TODO (asteroide): must send the admin id
+        return "admin" if not token else token
+    if CONF.keystone.check_token.lower() in ("yes", "y", "true"):
+        if token in TOKENS:
+            delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
+            if delta > 0:
+                return TOKENS[token]["user"]
+            raise exceptions.KeystoneError
+        else:
+            req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+            if req.status_code in (200, 201):
+                # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
+                # characters after the dot
+                token_time = req.json().get("token").get("expires_at").split(".")
+                TOKENS[token] = dict()
+                TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
+                TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
+                return TOKENS[token]["user"]
+            LOG.error("{} - {}".format(req.status_code, req.text))
+            raise exceptions.KeystoneError
+    elif CONF.keystone.check_token.lower() == "strict":
+        req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+        if req.status_code in (200, 201):
+            return token
+        LOG.error("{} - {}".format(req.status_code, req.text))
+        raise exceptions.KeystoneError
+    raise exceptions.KeystoneError
+
+
+def check_auth(function):
+    @wraps(function)
+    def wrapper(*args, **kwargs):
+        token = request.headers.get('X-Auth-Token')
+        token = check_token(token)
+        if not token:
+            raise exceptions.AuthException
+        user_id = kwargs.pop("user_id", token)
+        result = function(*args, **kwargs, user_id=user_id)
+        return result
+    return wrapper