aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_manager/moon_manager/api/master.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_manager/moon_manager/api/master.py')
-rw-r--r--moonv4/moon_manager/moon_manager/api/master.py345
1 files changed, 0 insertions, 345 deletions
diff --git a/moonv4/moon_manager/moon_manager/api/master.py b/moonv4/moon_manager/moon_manager/api/master.py
deleted file mode 100644
index 6c1796ad..00000000
--- a/moonv4/moon_manager/moon_manager/api/master.py
+++ /dev/null
@@ -1,345 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from oslo_log import log as logging
-from moon_utilities.security_functions import call, notify
-from moon_db.core import PDPManager, PolicyManager, ModelManager
-
-LOG = logging.getLogger(__name__)
-
-
-class Master(object):
- """
- Retrieve the current status of all components.
- """
-
- __version__ = "0.1.0"
- __policies = None
- __policy_ids = []
- __models = None
- __model_ids = []
- __meta_rules = None
- __meta_rule_ids = []
-
- @property
- def policies(self):
- if not self.__policies:
- self.__policies = {}
- if self.__policy_ids:
- for policy_id in self.__policy_ids:
- self.__policies.update(call("moon_manager",
- method="get_policies",
- ctx={
- "id": policy_id,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["policies"])
- else:
- self.__policies = call("moon_manager",
- method="get_policies",
- ctx={
- "id": None,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["policies"]
- LOG.info("__get_policies={}".format(self.__policies))
- return self.__policies
-
- @property
- def models(self):
- if not self.__models:
- self.__models = {}
- if self.__model_ids:
- for model_id in self.__model_ids:
- self.__models.update(call("moon_manager",
- method="get_models",
- ctx={
- "id": model_id,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["models"])
- else:
- self.__models = call("moon_manager",
- method="get_models",
- ctx={
- "id": None,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["models"]
- LOG.info("__get_models={}".format(self.__models))
- return self.__models
-
- @property
- def meta_rules(self):
- if not self.__meta_rules:
- self.__meta_rules = {}
- if self.__meta_rule_ids:
- for meta_rule_id in self.__meta_rule_ids:
- self.__meta_rules.update(call("moon_manager",
- method="get_meta_rules",
- ctx={
- "meta_rule_id": meta_rule_id,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["meta_rules"])
- else:
- self.__meta_rules = call("moon_manager",
- method="get_meta_rules",
- ctx={
- "meta_rule_id": None,
- "call_master": True,
- "user_id": "admin"
- },
- args={})["meta_rules"]
- LOG.info("__get_meta_rules={}".format(self.__meta_rules))
- return self.__meta_rules
-
- def __add_meta_data(self):
- subject_categories = ModelManager.get_subject_categories("admin")
- object_categories = ModelManager.get_object_categories("admin")
- action_categories = ModelManager.get_action_categories("admin")
- for meta_rule_id, meta_rule_value in self.meta_rules.items():
- for _scat in meta_rule_value['subject_categories']:
- if _scat not in subject_categories:
- master_category = call("moon_manager", method="get_subject_categories",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": None,
- },
- args={"category_id": _scat})["subject_categories"]
- ModelManager.add_subject_category("admin", _scat, master_category[_scat])
- for _ocat in meta_rule_value['object_categories']:
- if _ocat not in object_categories:
- master_category = call("moon_manager", method="get_object_categories",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": None,
- },
- args={"category_id": _ocat})["object_categories"]
- LOG.info("Add scat {} {}".format(_ocat, master_category[_ocat]))
- ModelManager.add_object_category("admin", _ocat, master_category[_ocat])
- for _acat in meta_rule_value['action_categories']:
- if _acat not in action_categories:
- master_category = call("moon_manager", method="get_action_categories",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": None,
- },
- args={"category_id": _acat})["action_categories"]
- LOG.info("Add scat {} {}".format(_acat, master_category[_acat]))
- ModelManager.add_action_category("admin", _acat, master_category[_acat])
-
- def __add_meta_rule(self):
- meta_rules = ModelManager.get_meta_rules("admin")
- for uuid, value in self.meta_rules.items():
- if uuid not in meta_rules:
- ModelManager.add_meta_rule("admin", uuid, value=value)
-
- def __add_perimeter(self, subject_name=None, object_name=None):
- for policy_id in self.policies:
- subjects = call("moon_manager", method="get_subjects",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- },
- args={"perimeter_id": None, "perimeter_name": subject_name})["subjects"]
- for subject_id, subject_value in subjects.items():
- # FIXME (asteroide): if a subject with the same name had been already created before
- # it will not have the same ID as the subject in master
- PolicyManager.add_subject("admin", policy_id=policy_id, perimeter_id=subject_id, value=subject_value)
- for policy_id in self.policies:
- objects = call("moon_manager", method="get_objects",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- },
- args={"perimeter_id": None, "perimeter_name": object_name})["objects"]
- for object_id, object_value in objects.items():
- # FIXME (asteroide): if a object with the same name had been already created before
- # it will not have the same ID as the object in master
- PolicyManager.add_object("admin", policy_id=policy_id, perimeter_id=object_id, value=object_value)
- for policy_id in self.policies:
- actions = call("moon_manager", method="get_actions",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- },
- args={"perimeter_id": None})["actions"]
- for action_id, action_value in actions.items():
- # FIXME (asteroide): if a action with the same name had been already created before
- # it will not have the same ID as the action in master
- PolicyManager.add_action("admin", policy_id=policy_id, perimeter_id=action_id, value=action_value)
-
- def __add_data(self):
- subject_categories = ModelManager.get_subject_categories("admin")
- object_categories = ModelManager.get_object_categories("admin")
- action_categories = ModelManager.get_action_categories("admin")
- for policy_id in self.policies:
- for category in subject_categories.keys():
- subject_data = call("moon_manager", method="get_subject_data",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "category_id": category
- },
- args={"data_id": None})["subject_data"]
- if not subject_data:
- continue
- for data in subject_data:
- PolicyManager.set_subject_data("admin", policy_id=policy_id,
- category_id=data['category_id'], value=data)
- for category in object_categories:
- object_data = call("moon_manager", method="get_object_data",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "category_id": category
- },
- args={"data_id": None})["object_data"]
- if not object_data:
- continue
- for data in object_data:
- PolicyManager.add_object_data("admin", policy_id=policy_id,
- category_id=data['category_id'], value=data)
- for category in action_categories:
- action_data = call("moon_manager", method="get_action_data",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "category_id": category
- },
- args={"data_id": None})["action_data"]
- if not action_data:
- continue
- for data in action_data:
- PolicyManager.add_action_data("admin", policy_id=policy_id,
- category_id=data['category_id'], value=data)
-
- def __add_assignments(self, subject_name=None, object_name=None):
- for policy_id in self.policies:
- assignments = call("moon_manager", method="get_subject_assignments",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "perimeter_id": None,
- "perimeter_name": subject_name,
- "category_id": None,
- },
- args={})["subject_assignments"]
- for assignment_id, assignment_value in assignments.items():
- _subject_id = assignment_value['subject_id']
- _category_id = assignment_value['category_id']
- for _data_id in assignment_value['assignments']:
- PolicyManager.add_subject_assignment("admin", policy_id=policy_id,
- subject_id=_subject_id, category_id=_category_id,
- data_id=_data_id)
- assignments = call("moon_manager", method="get_object_assignments",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "perimeter_id": None,
- "perimeter_name": object_name,
- "category_id": None,
- },
- args={})["object_assignments"]
- for assignment_id, assignment_value in assignments.items():
- _object_id = assignment_value['object_id']
- _category_id = assignment_value['category_id']
- for _data_id in assignment_value['assignments']:
- PolicyManager.add_object_assignment("admin", policy_id=policy_id,
- object_id=_object_id, category_id=_category_id,
- data_id=_data_id)
- assignments = call("moon_manager", method="get_action_assignments",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "perimeter_id": None,
- "category_id": None,
- },
- args={})["action_assignments"]
- for assignment_id, assignment_value in assignments.items():
- _action_id = assignment_value['action_id']
- _category_id = assignment_value['category_id']
- for _data_id in assignment_value['assignments']:
- PolicyManager.add_action_assignment("admin", policy_id=policy_id,
- action_id=_action_id, category_id=_category_id,
- data_id=_data_id)
-
- def __add_rules(self):
- for policy_id in self.policies:
- _rules = call("moon_manager", method="get_rules",
- ctx={
- "user_id": "admin",
- "call_master": True,
- "id": policy_id,
- "rule_id": None
- },
- args={})["rules"]
- for rule in _rules["rules"]:
- LOG.info("__add_rules {}".format(rule))
- if rule["meta_rule_id"] in self.__meta_rule_ids:
- PolicyManager.add_rule("admin",
- policy_id=policy_id,
- meta_rule_id=rule["meta_rule_id"],
- value=rule)
-
- def update_from_master(self, ctx, args):
- LOG.info("update_from_master {}".format(ctx))
- if "security_pipeline" in ctx:
- self.__policy_ids = ctx["security_pipeline"]
-
- for policy_id, policy_value in self.policies.items():
- self.__model_ids.append(policy_value["model_id"])
-
- for model_id, model_value in self.models.items():
- self.__meta_rule_ids.extend(model_value['meta_rules'])
-
- self.__add_meta_data()
-
- self.__add_meta_rule()
-
- for policy_id in ctx["security_pipeline"]:
- if policy_id in self.policies:
- res = PolicyManager.add_policy("admin", policy_id, self.__policies[policy_id])
-
- self.__add_perimeter(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
-
- self.__add_data()
-
- self.__add_assignments(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
-
- self.__add_rules()
-
- models = ModelManager.get_models("admin")
- for model_id, model_value in self.models.items():
- if model_id not in models:
- ModelManager.add_model("admin", model_id, model_value)
-
- if args:
- pdp = PDPManager.add_pdp(user_id="admin", pdp_id=ctx["pdp_id"], value=args)
- if "error" in pdp:
- LOG.error("Error when adding PDP from master {}".format(pdp))
- return False
- call("orchestrator", method="add_container",
- ctx={"id": ctx.get("id"), "pipeline": ctx['security_pipeline']})
- return True
-