diff options
Diffstat (limited to 'moonv4/moon_manager')
27 files changed, 0 insertions, 3185 deletions
diff --git a/moonv4/moon_manager/Dockerfile b/moonv4/moon_manager/Dockerfile deleted file mode 100644 index 873e3aa2..00000000 --- a/moonv4/moon_manager/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM ubuntu:latest - -RUN apt update && apt install python3.5 python3-pip -y -RUN pip3 install pip --upgrade - -ADD . /root -WORKDIR /root/ -RUN pip3 install -r requirements.txt -#RUN pip3 install /root/dist/* --upgrade -RUN pip3 install . - -CMD ["python3", "-m", "moon_manager"]
\ No newline at end of file diff --git a/moonv4/moon_manager/LICENSE b/moonv4/moon_manager/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/moonv4/moon_manager/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/moonv4/moon_manager/MANIFEST.in b/moonv4/moon_manager/MANIFEST.in deleted file mode 100644 index 1f674d50..00000000 --- a/moonv4/moon_manager/MANIFEST.in +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt diff --git a/moonv4/moon_manager/README.rst b/moonv4/moon_manager/README.rst deleted file mode 100644 index ded4e99a..00000000 --- a/moonv4/moon_manager/README.rst +++ /dev/null @@ -1,9 +0,0 @@ -Core module for the Moon project -================================ - -This package contains the core module for the Moon project -It is designed to provide authorization features to all OpenStack components. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon diff --git a/moonv4/moon_manager/moon_manager/__init__.py b/moonv4/moon_manager/moon_manager/__init__.py deleted file mode 100644 index 903c6518..00000000 --- a/moonv4/moon_manager/moon_manager/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "0.1.0" diff --git a/moonv4/moon_manager/moon_manager/__main__.py b/moonv4/moon_manager/moon_manager/__main__.py deleted file mode 100644 index 7d97f003..00000000 --- a/moonv4/moon_manager/moon_manager/__main__.py +++ /dev/null @@ -1,4 +0,0 @@ -from moon_manager.server import main - -server = main() -server.run() diff --git a/moonv4/moon_manager/moon_manager/api/__init__.py b/moonv4/moon_manager/moon_manager/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_manager/moon_manager/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_manager/moon_manager/api/assignments.py b/moonv4/moon_manager/moon_manager/api/assignments.py deleted file mode 100644 index c3ac45c8..00000000 --- a/moonv4/moon_manager/moon_manager/api/assignments.py +++ /dev/null @@ -1,334 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Assignments allow to connect data with elements of perimeter - -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PolicyManager - -__version__ = "0.2.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class SubjectAssignments(Resource): - """ - Endpoint for subject assignment requests - """ - - __urls__ = ( - "/policies/<string:uuid>/subject_assignments", - "/policies/<string:uuid>/subject_assignments/", - "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>", - "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>", - "/policies/<string:uuid>/subject_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Retrieve all subject assignments or a specific one for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject - :param category_id: uuid of the subject category - :param data_id: uuid of the subject scope - :param user_id: user ID who do the request - :return: { - "subject_data_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: get_subject_assignments - """ - # return call(ctx={"id": uuid, "method": "get_subject_assignments", "perimeter_id": perimeter_id, "category_id": category_id, "user_id": user_id}, - # args={"data_id": data_id}) - try: - # if "perimeter_name" in ctx: - # ctx["perimeter_id"] = self.__get_subject_id(ctx, ctx['perimeter_name']) - data = PolicyManager.get_subject_assignments(user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_assignments": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Create a subject assignment. - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject (not used here) - :param category_id: uuid of the subject category (not used here) - :param data_id: uuid of the subject scope (not used here) - :param user_id: user ID who do the request - :request body: { - "id": "UUID of the subject", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" - } - :return: { - "subject_data_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: update_subject_assignment - """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_subject_assignment(user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_assignments": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Delete a subject assignment for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject - :param category_id: uuid of the subject category - :param data_id: uuid of the subject scope - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_subject_assignment - """ - try: - data = PolicyManager.delete_subject_assignment(user_id=user_id, policy_id=uuid, - subject_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ObjectAssignments(Resource): - """ - Endpoint for object assignment requests - """ - - __urls__ = ( - "/policies/<string:uuid>/object_assignments", - "/policies/<string:uuid>/object_assignments/", - "/policies/<string:uuid>/object_assignments/<string:perimeter_id>", - "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>", - "/policies/<string:uuid>/object_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Retrieve all object assignment or a specific one for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object - :param category_id: uuid of the object category - :param data_id: uuid of the object scope - :param user_id: user ID who do the request - :return: { - "object_data_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: get_object_assignments - """ - try: - data = PolicyManager.get_object_assignments(user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_assignments": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Create an object assignment. - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object (not used here) - :param category_id: uuid of the object category (not used here) - :param data_id: uuid of the object scope (not used here) - :param user_id: user ID who do the request - :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category" - "data_id": "UUID of the scope" - } - :return: { - "object_data_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: update_object_assignment - """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_object_assignment(user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_assignments": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Delete a object assignment for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object - :param category_id: uuid of the object category - :param data_id: uuid of the object scope - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_object_assignment - """ - try: - data = PolicyManager.delete_object_assignment(user_id=user_id, policy_id=uuid, - object_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ActionAssignments(Resource): - """ - Endpoint for action assignment requests - """ - - __urls__ = ( - "/policies/<string:uuid>/action_assignments", - "/policies/<string:uuid>/action_assignments/", - "/policies/<string:uuid>/action_assignments/<string:perimeter_id>", - "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>", - "/policies/<string:uuid>/action_assignments/<string:perimeter_id>/<string:category_id>/<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Retrieve all action assignment or a specific one for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action - :param category_id: uuid of the action category - :param data_id: uuid of the action scope - :param user_id: user ID who do the request - :return: { - "action_data_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the action", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: get_action_assignments - """ - try: - data = PolicyManager.get_action_assignments(user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_assignments": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Create an action assignment. - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action (not used here) - :param category_id: uuid of the action category (not used here) - :param data_id: uuid of the action scope (not used here) - :param user_id: user ID who do the request - :request body: { - "id": "UUID of the action", - "category_id": "UUID of the category", - "data_id": "UUID of the scope" - } - :return: { - "action_data_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the action", - "category_id": "ID of the category", - "assignments": "Assignments list (list of data_id)", - } - } - :internal_api: update_action_assignment - """ - try: - data_id = request.json.get("data_id") - category_id = request.json.get("category_id") - perimeter_id = request.json.get("id") - data = PolicyManager.add_action_assignment(user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_assignments": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, category_id=None, data_id=None, user_id=None): - """Delete a action assignment for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action - :param category_id: uuid of the action category - :param data_id: uuid of the action scope - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_action_assignment - """ - try: - data = PolicyManager.delete_action_assignment(user_id=user_id, policy_id=uuid, - action_id=perimeter_id, category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/containers.py b/moonv4/moon_manager/moon_manager/api/containers.py deleted file mode 100644 index 6dc50ea5..00000000 --- a/moonv4/moon_manager/moon_manager/api/containers.py +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -PDP are Policy Decision Point. - -""" - -import copy -from docker import Client -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moonutilities import configuration - -docker_conf = configuration.get_configuration("docker")['docker'] -docker = Client(base_url=docker_conf['url']) - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Container(Resource): - """ - Endpoint for container requests - """ - - __urls__ = ( - "/containers", - "/containers/", - "/containers/<string:uuid>", - "/containers/<string:uuid>/", - ) - - def __init__(self): - self.containers = {} - self.update() - - def update(self): - for _container in docker.containers(): - if _container['Id'] not in self.containers: - self.containers[_container['Id']] = { - "name": _container["Names"], - "port": _container["Ports"], - } - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all containers - - :param uuid: uuid of the container - :param user_id: user ID who do the request - :return: { - "containers": { - "da0fd80fc1dc146e1b...a2e07d240cde09f0a": { - "name": [ - "/wrapper" - ], - "port": [ - { - "PrivatePort": 8080, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": 8080 - } - ] - }, - } - } - :internal_api: get_containers - """ - # try: - # data = [{"name": item["Names"], "port": item["Ports"], } for item in docker.containers()] - # except Exception as e: - # LOG.error(e, exc_info=True) - # return {"result": False, - # "error": str(e)} - return {"containers": self.containers} - - @check_auth - def post(self, uuid=None, user_id=None): - """Add a new container. - - :param uuid: uuid of the pdp (not used here) - :param user_id: user ID who do the request - :request body: { - "id": "id of the new container", - "name": "name of the new container", - "hostname": "hostname of the new container", - "port": { - "PrivatePort": 8080, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": 8080 - }, - "keystone_project_id": "keystone_project_id1", - "pdp_id": "PDP UUID", - "container_name": "wukongsun/moon_authz:v4.1" - } - :return: { - "containers": { - "da0fd80fc1dc146e1b...a2e07d240cde09f0a": { - "name": [ - "/wrapper" - ], - "port": [ - { - "PrivatePort": 8080, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": 8080 - } - ] - }, - } - } - :internal_api: add_container - """ - try: - self.update() - self.containers[request.json.get('id')] = copy.deepcopy(request.json) - LOG.info("Added a new container {}".format(request.json.get('name'))) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"containers": self.containers} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a pdp - - :param uuid: uuid of the pdp to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_pdp - """ - # try: - # data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) - # except Exception as e: - # LOG.error(e, exc_info=True) - # return {"result": False, - # "error": str(e)} - # return {"result": True} - raise NotImplementedError - - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a pdp - - :param uuid: uuid of the pdp to update - :param user_id: user ID who do the request - :return: { - "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - } - :internal_api: update_pdp - """ - # try: - # data = PDPManager.update_pdp(user_id=user_id, pdp_id=uuid, value=request.json) - # add_container(uuid=uuid, pipeline=data[uuid]['security_pipeline']) - # except Exception as e: - # LOG.error(e, exc_info=True) - # return {"result": False, - # "error": str(e)} - # return {"pdps": data} - raise NotImplementedError - diff --git a/moonv4/moon_manager/moon_manager/api/data.py b/moonv4/moon_manager/moon_manager/api/data.py deleted file mode 100644 index 61fe92bf..00000000 --- a/moonv4/moon_manager/moon_manager/api/data.py +++ /dev/null @@ -1,335 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Data are elements used to create rules - -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PolicyManager - -__version__ = "0.2.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class SubjectData(Resource): - """ - Endpoint for subject data requests - """ - - __urls__ = ( - "/policies/<string:uuid>/subject_data", - "/policies/<string:uuid>/subject_data/", - "/policies/<string:uuid>/subject_data/<string:category_id>", - "/policies/<string:uuid>/subject_data/<string:category_id>/" - "<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all subject categories or a specific one if sid is given - for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the subject category - :param data_id: uuid of the subject data - :param user_id: user ID who do the request - :return: [{ - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "subject_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - }] - :internal_api: get_subject_data - """ - try: - data = PolicyManager.get_subject_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_data": data} - - @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Create or update a subject. - - :param uuid: uuid of the policy - :param category_id: uuid of the subject category - :param data_id: uuid of the subject data - :param user_id: user ID who do the request - :request body: { - "name": "name of the data", - "description": "description of the data" - } - :return: { - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "subject_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - } - :internal_api: add_subject_data - """ - try: - data = PolicyManager.set_subject_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_data": data} - - @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Delete a subject for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the subject category - :param data_id: uuid of the subject data - :param user_id: user ID who do the request - :return: [{ - "result": "True or False", - "message": "optional message" - }] - :internal_api: delete_subject_data - """ - try: - data = PolicyManager.delete_subject_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ObjectData(Resource): - """ - Endpoint for object data requests - """ - - __urls__ = ( - "/policies/<string:uuid>/object_data", - "/policies/<string:uuid>/object_data/", - "/policies/<string:uuid>/object_data/<string:category_id>", - "/policies/<string:uuid>/object_data/<string:category_id>/" - "<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all object categories or a specific one if sid is given - for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the object category - :param data_id: uuid of the object data - :param user_id: user ID who do the request - :return: [{ - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "object_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - }] - :internal_api: get_object_data - """ - try: - data = PolicyManager.get_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_data": data} - - @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Create or update a object. - - :param uuid: uuid of the policy - :param category_id: uuid of the object category - :param data_id: uuid of the object data - :param user_id: user ID who do the request - :request body: { - "name": "name of the data", - "description": "description of the data" - } - :return: { - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "object_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - } - :internal_api: add_object_data - """ - try: - data = PolicyManager.add_object_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_data": data} - - @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Delete a object for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the object category - :param data_id: uuid of the object data - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_object_data - """ - try: - data = PolicyManager.delete_object_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ActionData(Resource): - """ - Endpoint for action data requests - """ - - __urls__ = ( - "/policies/<string:uuid>/action_data", - "/policies/<string:uuid>/action_data/", - "/policies/<string:uuid>/action_data/<string:category_id>", - "/policies/<string:uuid>/action_data/<string:category_id>/" - "<string:data_id>", - ) - - @check_auth - def get(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Retrieve all action categories or a specific one if sid is given - for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the action category - :param data_id: uuid of the action data - :param user_id: user ID who do the request - :return: [{ - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "action_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - }] - :internal_api: get_action_data - """ - try: - data = PolicyManager.get_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_data": data} - - @check_auth - def post(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Create or update a action. - - :param uuid: uuid of the policy - :param category_id: uuid of the action category - :param data_id: uuid of the action data - :param user_id: user ID who do the request - :request body: { - "name": "name of the data", - "description": "description of the data" - } - :return: { - "policy_id": "policy_id1", - "category_id": "category_id1", - "data": { - "action_data_id": { - "name": "name of the data", - "description": "description of the data" - } - } - } - :internal_api: add_action_data - """ - try: - data = PolicyManager.add_action_data(user_id=user_id, - policy_id=uuid, - category_id=category_id, - value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_data": data} - - @check_auth - def delete(self, uuid=None, category_id=None, data_id=None, user_id=None): - """Delete a action for a given policy - - :param uuid: uuid of the policy - :param category_id: uuid of the action category - :param data_id: uuid of the action data - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_action_data - """ - try: - data = PolicyManager.delete_action_data(user_id=user_id, - policy_id=uuid, - data_id=data_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - diff --git a/moonv4/moon_manager/moon_manager/api/generic.py b/moonv4/moon_manager/moon_manager/api/generic.py deleted file mode 100644 index bd7dcdac..00000000 --- a/moonv4/moon_manager/moon_manager/api/generic.py +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Those API are helping API used to manage the Moon platform. -""" - -from flask_restful import Resource, request -from oslo_log import log as logging -import moon_manager.api -from python_moonutilities.security_functions import check_auth - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Status(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/status", "/status/", "/status/<string:component_id>") - - def get(self, component_id=None): - """Retrieve status of all components - - :return: { - "orchestrator": { - "status": "Running" - }, - "security_router": { - "status": "Running" - } - } - """ - raise NotImplemented - - -class Logs(Resource): - """ - Endpoint for logs requests - """ - - __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") - - def get(self, component_id=None): - """Get logs from the Moon platform - - :param component_id: the ID of the component your are looking for (optional) - :return: [ - "2015-04-15-13:45:20 - "2015-04-15-13:45:21 - "2015-04-15-13:45:22 - "2015-04-15-13:45:23 - ] - """ - filter_str = request.args.get('filter', '') - from_str = request.args.get('from', '') - to_str = request.args.get('to', '') - event_number = request.args.get('event_number', '') - try: - event_number = int(event_number) - except ValueError: - event_number = None - args = dict() - args["filter"] = filter_str - args["from"] = from_str - args["to"] = to_str - args["event_number"] = event_number - - raise NotImplemented - - -class API(Resource): - """ - Endpoint for API requests - """ - - __urls__ = ( - "/api", - "/api/", - "/api/<string:group_id>", - "/api/<string:group_id>/", - "/api/<string:group_id>/<string:endpoint_id>") - - @check_auth - def get(self, group_id="", endpoint_id="", user_id=""): - """Retrieve all API endpoints or a specific endpoint if endpoint_id is given - - :param group_id: the name of one existing group (ie generic, ...) - :param endpoint_id: the name of one existing component (ie Logs, Status, ...) - :return: { - "group_name": { - "endpoint_name": { - "description": "a description", - "methods": { - "get": "description of the HTTP method" - }, - "urls": ('/api', '/api/', '/api/<string:endpoint_id>') - } - } - """ - __methods = ("get", "post", "put", "delete", "options", "patch") - api_list = filter(lambda x: "__" not in x, dir(moon_manager.api)) - api_desc = dict() - for api_name in api_list: - api_desc[api_name] = {} - group_api_obj = eval("moon_manager.api.{}".format(api_name)) - api_desc[api_name]["description"] = group_api_obj.__doc__ - if "__version__" in dir(group_api_obj): - api_desc[api_name]["version"] = group_api_obj.__version__ - object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) - for obj in map(lambda x: eval("moon_manager.api.{}.{}".format(api_name, x)), object_list): - if "__urls__" in dir(obj): - api_desc[api_name][obj.__name__] = dict() - api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ - api_desc[api_name][obj.__name__]["methods"] = dict() - for _method in filter(lambda x: x in __methods, dir(obj)): - docstring = eval("moon_manager.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) - api_desc[api_name][obj.__name__]["methods"][_method] = docstring - api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) - if group_id in api_desc: - if endpoint_id in api_desc[group_id]: - return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} - elif len(endpoint_id) > 0: - LOG.error("Unknown endpoint_id {}".format(endpoint_id)) - return {"error": "Unknown endpoint_id {}".format(endpoint_id)} - return {group_id: api_desc[group_id]} - return api_desc diff --git a/moonv4/moon_manager/moon_manager/api/meta_data.py b/moonv4/moon_manager/moon_manager/api/meta_data.py deleted file mode 100644 index 9dc04cc7..00000000 --- a/moonv4/moon_manager/moon_manager/api/meta_data.py +++ /dev/null @@ -1,267 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Meta Data are elements used to create Meta data (skeleton of security policies) - -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import ModelManager - -__version__ = "0.2.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class SubjectCategories(Resource): - """ - Endpoint for subject categories requests - """ - - __urls__ = ( - "/subject_categories", - "/subject_categories/", - "/subject_categories/<string:category_id>", - ) - - @check_auth - def get(self, category_id=None, user_id=None): - """Retrieve all subject categories or a specific one - - :param category_id: uuid of the subject category - :param user_id: user ID who do the request - :return: { - "subject_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: get_subject_categories - """ - try: - data = ModelManager.get_subject_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_categories": data} - - @check_auth - def post(self, category_id=None, user_id=None): - """Create or update a subject category. - - :param category_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the category", - "description": "description of the category" - } - :return: { - "subject_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: add_subject_category - """ - try: - data = ModelManager.add_subject_category( - user_id=user_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subject_categories": data} - - @check_auth - def delete(self, category_id=None, user_id=None): - """Delete a subject category - - :param category_id: uuid of the subject category to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_subject_category - """ - try: - data = ModelManager.delete_subject_category( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ObjectCategories(Resource): - """ - Endpoint for object categories requests - """ - - __urls__ = ( - "/object_categories", - "/object_categories/", - "/object_categories/<string:category_id>", - ) - - @check_auth - def get(self, category_id=None, user_id=None): - """Retrieve all object categories or a specific one - - :param category_id: uuid of the object category - :param user_id: user ID who do the request - :return: { - "object_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: get_object_categories - """ - try: - data = ModelManager.get_object_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_categories": data} - - @check_auth - def post(self, category_id=None, user_id=None): - """Create or update a object category. - - :param category_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the category", - "description": "description of the category" - } - :return: { - "object_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: add_object_category - """ - try: - data = ModelManager.add_object_category( - user_id=user_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"object_categories": data} - - @check_auth - def delete(self, category_id=None, user_id=None): - """Delete an object category - - :param category_id: uuid of the object category to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_object_category - """ - try: - data = ModelManager.delete_object_category( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class ActionCategories(Resource): - """ - Endpoint for action categories requests - """ - - __urls__ = ( - "/action_categories", - "/action_categories/", - "/action_categories/<string:category_id>", - ) - - @check_auth - def get(self, category_id=None, user_id=None): - """Retrieve all action categories or a specific one - - :param category_id: uuid of the action category - :param user_id: user ID who do the request - :return: { - "action_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: get_action_categories - """ - try: - data = ModelManager.get_action_categories( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_categories": data} - - @check_auth - def post(self, category_id=None, user_id=None): - """Create or update an action category. - - :param category_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the category", - "description": "description of the category" - } - :return: { - "action_category_id": { - "name": "name of the category", - "description": "description of the category" - } - } - :internal_api: add_action_category - """ - try: - data = ModelManager.add_action_category( - user_id=user_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"action_categories": data} - - @check_auth - def delete(self, category_id=None, user_id=None): - """Delete an action - - :param category_id: uuid of the action category to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_action_category - """ - try: - data = ModelManager.delete_action_category( - user_id=user_id, category_id=category_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/meta_rules.py b/moonv4/moon_manager/moon_manager/api/meta_rules.py deleted file mode 100644 index ceba0ffb..00000000 --- a/moonv4/moon_manager/moon_manager/api/meta_rules.py +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Meta rules are skeleton for security policies - -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import ModelManager - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class MetaRules(Resource): - """ - Endpoint for meta rules requests - """ - - __urls__ = ("/meta_rules", - "/meta_rules/", - "/meta_rules/<string:meta_rule_id>", - "/meta_rules/<string:meta_rule_id>/") - - @check_auth - def get(self, meta_rule_id=None, user_id=None): - """Retrieve all sub meta rules - - :param meta_rule_id: Meta rule algorithm ID - :param user_id: user ID who do the request - :return: { - "meta_rules": { - "meta_rule_id1": { - "name": "name of the meta rule", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - } - } - :internal_api: get_meta_rules - """ - try: - data = ModelManager.get_meta_rules( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"meta_rules": data} - - @check_auth - def post(self, meta_rule_id=None, user_id=None): - """Add a meta rule - - :param meta_rule_id: Meta rule ID - :param user_id: user ID who do the request - :request body: post = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } - :return: { - "meta_rules": { - "meta_rule_id1": { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - } - } - :internal_api: add_meta_rules - """ - try: - data = ModelManager.add_meta_rule( - user_id=user_id, meta_rule_id=None, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"meta_rules": data} - - @check_auth - def patch(self, meta_rule_id=None, user_id=None): - """Update a meta rule - - :param meta_rule_id: Meta rule ID - :param user_id: user ID who do the request - :request body: patch = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } - :return: { - "meta_rules": { - "meta_rule_id1": { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - } - } - :internal_api: set_meta_rules - """ - try: - data = ModelManager.set_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"meta_rules": data} - - @check_auth - def delete(self, meta_rule_id=None, user_id=None): - """Delete a meta rule - - :param meta_rule_id: Meta rule ID - :param user_id: user ID who do the request - :request body: delete = { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } - :return: { - "meta_rules": { - "meta_rule_id1": { - "name": "name of the meta rule", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - } - } - :internal_api: delete_meta_rules - """ - try: - data = ModelManager.delete_meta_rule( - user_id=user_id, meta_rule_id=meta_rule_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - diff --git a/moonv4/moon_manager/moon_manager/api/models.py b/moonv4/moon_manager/moon_manager/api/models.py deleted file mode 100644 index 62866191..00000000 --- a/moonv4/moon_manager/moon_manager/api/models.py +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Models aggregate multiple meta rules -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import ModelManager - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Models(Resource): - """ - Endpoint for model requests - """ - - __urls__ = ( - "/models", - "/models/", - "/models/<string:uuid>", - "/models/<string:uuid>/", - ) - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all models - - :param uuid: uuid of the model - :param user_id: user ID who do the request - :return: { - "model_id1": { - "name": "...", - "description": "...", - "meta_rules": ["meta_rule_id1", ] - } - } - :internal_api: get_models - """ - try: - data = ModelManager.get_models(user_id=user_id, model_id=uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"models": data} - - @check_auth - def post(self, uuid=None, user_id=None): - """Create model. - - :param uuid: uuid of the model (not used here) - :param user_id: user ID who do the request - :request body: { - "name": "...", - "description": "...", - "meta_rules": ["meta_rule_id1", ] - } - :return: { - "model_id1": { - "name": "...", - "description": "...", - "meta_rules": ["meta_rule_id1", ] - } - } - :internal_api: add_model - """ - try: - data = ModelManager.add_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"models": data} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a model - - :param uuid: uuid of the model to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_model - """ - try: - data = ModelManager.delete_model(user_id=user_id, model_id=uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a model - - :param uuid: uuid of the model to update - :param user_id: user ID who do the request - :return: { - "model_id1": { - "name": "...", - "description": "...", - "meta_rules": ["meta_rule_id1", ] - } - } - :internal_api: update_model - """ - try: - data = ModelManager.update_model( - user_id=user_id, model_id=uuid, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"models": data} - diff --git a/moonv4/moon_manager/moon_manager/api/pdp.py b/moonv4/moon_manager/moon_manager/api/pdp.py deleted file mode 100644 index 9183c25d..00000000 --- a/moonv4/moon_manager/moon_manager/api/pdp.py +++ /dev/null @@ -1,181 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -PDP are Policy Decision Point. - -""" - -from flask import request -from flask_restful import Resource -import logging -import requests -import time -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PDPManager -from python_moondb.core import PolicyManager -from python_moondb.core import ModelManager -from python_moonutilities import configuration - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -def delete_pod(uuid): - raise NotImplementedError - - -def add_pod(uuid, data): - if not data.get("keystone_project_id"): - return - LOG.info("Add a new pod {}".format(data)) - if "pdp_id" not in data: - data["pdp_id"] = uuid - data['policies'] = PolicyManager.get_policies(user_id="admin") - data['models'] = ModelManager.get_models(user_id="admin") - conf = configuration.get_configuration("components/orchestrator") - hostname = conf["components/orchestrator"].get("hostname", "orchestrator") - port = conf["components/orchestrator"].get("port", 80) - proto = conf["components/orchestrator"].get("protocol", "http") - while True: - try: - req = requests.post( - "{}://{}:{}/pods".format(proto, hostname, port), - json=data, - headers={"content-type": "application/json"}) - except requests.exceptions.ConnectionError: - LOG.warning("Orchestrator is not ready, standby...") - time.sleep(1) - else: - break - LOG.info(req.text) - - -class PDP(Resource): - """ - Endpoint for pdp requests - """ - - __urls__ = ( - "/pdp", - "/pdp/", - "/pdp/<string:uuid>", - "/pdp/<string:uuid>/", - ) - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all pdp - - :param uuid: uuid of the pdp - :param user_id: user ID who do the request - :return: { - "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - } - :internal_api: get_pdp - """ - try: - data = PDPManager.get_pdp(user_id=user_id, pdp_id=uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"pdps": data} - - @check_auth - def post(self, uuid=None, user_id=None): - """Create pdp. - - :param uuid: uuid of the pdp (not used here) - :param user_id: user ID who do the request - :request body: { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - :return: { - "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - } - :internal_api: add_pdp - """ - try: - data = dict(request.json) - if not data.get("keystone_project_id"): - data["keystone_project_id"] = None - data = PDPManager.add_pdp( - user_id=user_id, pdp_id=None, value=request.json) - uuid = list(data.keys())[0] - LOG.info("data={}".format(data)) - LOG.info("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"pdps": data} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a pdp - - :param uuid: uuid of the pdp to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_pdp - """ - try: - data = PDPManager.delete_pdp(user_id=user_id, pdp_id=uuid) - delete_pod(uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a pdp - - :param uuid: uuid of the pdp to update - :param user_id: user ID who do the request - :return: { - "pdp_id1": { - "name": "...", - "security_pipeline": [...], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } - } - :internal_api: update_pdp - """ - try: - _data = dict(request.json) - if not _data.get("keystone_project_id"): - _data["keystone_project_id"] = None - data = PDPManager.update_pdp( - user_id=user_id, pdp_id=uuid, value=_data) - LOG.info("data={}".format(data)) - LOG.info("uuid={}".format(uuid)) - add_pod(uuid=uuid, data=data[uuid]) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"pdps": data} - diff --git a/moonv4/moon_manager/moon_manager/api/perimeter.py b/moonv4/moon_manager/moon_manager/api/perimeter.py deleted file mode 100644 index 8196e627..00000000 --- a/moonv4/moon_manager/moon_manager/api/perimeter.py +++ /dev/null @@ -1,447 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -* Subjects are the source of an action on an object - (examples : users, virtual machines) -* Objects are the destination of an action - (examples virtual machines, virtual Routers) -* Actions are what subject wants to do on an object -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PolicyManager - -__version__ = "0.2.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Subjects(Resource): - """ - Endpoint for subjects requests - """ - - __urls__ = ( - "/subjects", - "/subjects/", - "/subjects/<string:perimeter_id>", - "/policies/<string:uuid>/subjects", - "/policies/<string:uuid>/subjects/", - "/policies/<string:uuid>/subjects/<string:perimeter_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all subjects or a specific one if perimeter_id is - given for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject - :param user_id: user ID who do the request - :return: { - "subject_id": { - "name": "name of the subject", - "keystone_id": "keystone id of the subject", - "description": "a description" - } - } - :internal_api: get_subjects - """ - try: - data = PolicyManager.get_subjects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subjects": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a subject. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the subject", - "description": "description of the subject", - "password": "password for the subject", - "email": "email address of the subject" - } - :return: { - "subject_id": { - "name": "name of the subject", - "keystone_id": "keystone id of the subject", - "description": "description of the subject", - "password": "password for the subject", - "email": "email address of the subject" - } - } - :internal_api: set_subject - """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subjects": data} - - @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a subject. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the subject", - "description": "description of the subject", - "password": "password for the subject", - "email": "email address of the subject" - } - :return: { - "subject_id": { - "name": "name of the subject", - "keystone_id": "keystone id of the subject", - "description": "description of the subject", - "password": "password for the subject", - "email": "email address of the subject" - } - } - :internal_api: set_subject - """ - try: - if not perimeter_id: - data = PolicyManager.get_subjects(user_id=user_id, - policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_subject( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"subjects": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, user_id=None): - """Delete a subject for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the subject - :param user_id: user ID who do the request - :return: { - "subject_id": { - "name": "name of the subject", - "keystone_id": "keystone id of the subject", - "description": "description of the subject", - "password": "password for the subject", - "email": "email address of the subject" - } - } - :internal_api: delete_subject - """ - try: - data = PolicyManager.delete_subject( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class Objects(Resource): - """ - Endpoint for objects requests - """ - - __urls__ = ( - "/objects", - "/objects/", - "/objects/<string:perimeter_id>", - "/policies/<string:uuid>/objects", - "/policies/<string:uuid>/objects/", - "/policies/<string:uuid>/objects/<string:perimeter_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all objects or a specific one if perimeter_id is - given for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object - :param user_id: user ID who do the request - :return: { - "object_id": { - "name": "name of the object", - "description": "description of the object" - } - } - :internal_api: get_objects - """ - try: - data = PolicyManager.get_objects( - user_id=user_id, - policy_id=uuid, - perimeter_id=perimeter_id - ) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"objects": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a object. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "object_name": "name of the object", - "object_description": "description of the object" - } - :return: { - "object_id": { - "name": "name of the object", - "description": "description of the object" - } - } - :internal_api: set_object - """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"objects": data} - - @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a object. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "object_name": "name of the object", - "object_description": "description of the object" - } - :return: { - "object_id": { - "name": "name of the object", - "description": "description of the object" - } - } - :internal_api: set_object - """ - try: - data = PolicyManager.get_objects(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_object( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"objects": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, user_id=None): - """Delete a object for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the object - :param user_id: user ID who do the request - :return: { - "object_id": { - "name": "name of the object", - "description": "description of the object" - } - } - :internal_api: delete_object - """ - try: - data = PolicyManager.delete_object( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - -class Actions(Resource): - """ - Endpoint for actions requests - """ - - __urls__ = ( - "/actions", - "/actions/", - "/actions/<string:perimeter_id>", - "/policies/<string:uuid>/actions", - "/policies/<string:uuid>/actions/", - "/policies/<string:uuid>/actions/<string:perimeter_id>", - ) - - @check_auth - def get(self, uuid=None, perimeter_id=None, user_id=None): - """Retrieve all actions or a specific one if perimeter_id - is given for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action - :param user_id: user ID who do the request - :return: { - "action_id": { - "name": "name of the action", - "description": "description of the action" - } - } - :internal_api: get_actions - """ - try: - data = PolicyManager.get_actions( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"actions": data} - - @check_auth - def post(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a action. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the action", - "description": "description of the action" - } - :return: { - "action_id": { - "name": "name of the action", - "description": "description of the action" - } - } - :internal_api: set_action - """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"actions": data} - - @check_auth - def patch(self, uuid=None, perimeter_id=None, user_id=None): - """Create or update a action. - - :param uuid: uuid of the policy - :param perimeter_id: must not be used here - :param user_id: user ID who do the request - :request body: { - "name": "name of the action", - "description": "description of the action" - } - :return: { - "action_id": { - "name": "name of the action", - "description": "description of the action" - } - } - :internal_api: set_action - """ - try: - data = PolicyManager.get_actions(user_id=user_id, policy_id=None) - if 'name' in request.json: - for data_id, data_value in data.items(): - if data_value['name'] == request.json['name']: - perimeter_id = data_id - break - data = PolicyManager.add_action( - user_id=user_id, policy_id=uuid, - perimeter_id=perimeter_id, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"actions": data} - - @check_auth - def delete(self, uuid=None, perimeter_id=None, user_id=None): - """Delete a action for a given policy - - :param uuid: uuid of the policy - :param perimeter_id: uuid of the action - :param user_id: user ID who do the request - :return: { - "action_id": { - "name": "name of the action", - "description": "description of the action" - } - } - :internal_api: delete_action - """ - try: - data = PolicyManager.delete_action( - user_id=user_id, policy_id=uuid, perimeter_id=perimeter_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py deleted file mode 100644 index f34276bb..00000000 --- a/moonv4/moon_manager/moon_manager/api/policies.py +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Policies are instances of security models and implement security policies - -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PolicyManager - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Policies(Resource): - """ - Endpoint for policy requests - """ - - __urls__ = ( - "/policies", - "/policies/", - "/policies/<string:uuid>", - "/policies/<string:uuid>/", - ) - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all policies - - :param uuid: uuid of the policy - :param user_id: user ID who do the request - :return: { - "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "...", - "description": "...", - } - } - :internal_api: get_policies - """ - try: - data = PolicyManager.get_policies(user_id=user_id, policy_id=uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"policies": data} - - @check_auth - def post(self, uuid=None, user_id=None): - """Create policy. - - :param uuid: uuid of the policy (not used here) - :param user_id: user ID who do the request - :request body: { - "name": "...", - "model_id": "...", - "genre": "...", - "description": "...", - } - :return: { - "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "...", - "description": "...", - } - } - :internal_api: add_policy - """ - try: - data = PolicyManager.add_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"policies": data} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a policy - - :param uuid: uuid of the policy to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - :internal_api: delete_policy - """ - try: - data = PolicyManager.delete_policy(user_id=user_id, policy_id=uuid) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a policy - - :param uuid: uuid of the policy to update - :param user_id: user ID who do the request - :return: { - "policy_id1": { - "name": "...", - "model_id": "...", - "genre": "...", - "description": "...", - } - } - :internal_api: update_policy - """ - try: - data = PolicyManager.update_policy( - user_id=user_id, policy_id=uuid, value=request.json) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"policies": data} - diff --git a/moonv4/moon_manager/moon_manager/api/rules.py b/moonv4/moon_manager/moon_manager/api/rules.py deleted file mode 100644 index b25365df..00000000 --- a/moonv4/moon_manager/moon_manager/api/rules.py +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Rules (TODO) -""" - -from flask import request -from flask_restful import Resource -from oslo_log import log as logging -from python_moonutilities.security_functions import check_auth -from python_moondb.core import PolicyManager - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.manager.api." + __name__) - - -class Rules(Resource): - """ - Endpoint for rules requests - """ - - __urls__ = ("/policies/<string:uuid>/rules", - "/policies/<string:uuid>/rules/", - "/policies/<string:uuid>/rules/<string:rule_id>", - "/policies/<string:uuid>/rules/<string:rule_id>/", - ) - - @check_auth - def get(self, uuid=None, rule_id=None, user_id=None): - """Retrieve all rules or a specific one - - :param uuid: policy ID - :param rule_id: rule ID - :param user_id: user ID who do the request - :return: { - "rules": [ - "policy_id": "policy_id1", - "meta_rule_id": "meta_rule_id1", - "rule_id1": - ["subject_data_id1", "object_data_id1", "action_data_id1"], - "rule_id2": - ["subject_data_id2", "object_data_id2", "action_data_id2"], - ] - } - :internal_api: get_rules - """ - try: - data = PolicyManager.get_rules(user_id=user_id, - policy_id=uuid, - rule_id=rule_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"rules": data} - - @check_auth - def post(self, uuid=None, rule_id=None, user_id=None): - """Add a rule to a meta rule - - :param uuid: policy ID - :param rule_id: rule ID - :param user_id: user ID who do the request - :request body: post = { - "meta_rule_id": "meta_rule_id1", - "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"], - "instructions": ( - {"decision": "grant"}, - ) - "enabled": True - } - :return: { - "rules": [ - "meta_rule_id": "meta_rule_id1", - "rule_id1": { - "rule": ["subject_data_id1", - "object_data_id1", - "action_data_id1"], - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request - ) - } - "rule_id2": { - "rule": ["subject_data_id2", - "object_data_id2", - "action_data_id2"], - "instructions": ( - { - "update": { - "operation": "add", - # operations may be "add" or "delete" - "target": "rbac:role:admin" - # add the role admin to the current user - } - }, - {"chain": {"name": "rbac"}} - # chain with the policy named rbac - ) - } - ] - } - :internal_api: add_rule - """ - args = request.json - try: - data = PolicyManager.add_rule(user_id=user_id, - policy_id=uuid, - meta_rule_id=args['meta_rule_id'], - value=args) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"rules": data} - - @check_auth - def delete(self, uuid=None, rule_id=None, user_id=None): - """Delete one rule linked to a specific sub meta rule - - :param uuid: policy ID - :param rule_id: rule ID - :param user_id: user ID who do the request - :return: { "result": true } - :internal_api: delete_rule - """ - try: - data = PolicyManager.delete_rule( - user_id=user_id, policy_id=uuid, rule_id=rule_id) - except Exception as e: - LOG.error(e, exc_info=True) - return {"result": False, - "error": str(e)}, 500 - return {"result": True} - diff --git a/moonv4/moon_manager/moon_manager/http_server.py b/moonv4/moon_manager/moon_manager/http_server.py deleted file mode 100644 index 584e71a2..00000000 --- a/moonv4/moon_manager/moon_manager/http_server.py +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import Flask, jsonify -from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api -import logging -import sqlalchemy.exc -import time -from moon_manager import __version__ -from moon_manager.api.generic import Status, Logs, API -from moon_manager.api.models import Models -from moon_manager.api.policies import Policies -from moon_manager.api.pdp import PDP -from moon_manager.api.meta_rules import MetaRules -from moon_manager.api.meta_data import SubjectCategories, ObjectCategories, ActionCategories -from moon_manager.api.perimeter import Subjects, Objects, Actions -from moon_manager.api.data import SubjectData, ObjectData, ActionData -from moon_manager.api.assignments import SubjectAssignments, ObjectAssignments, ActionAssignments -from moon_manager.api.rules import Rules -# from moon_manager.api.containers import Container -from python_moonutilities import configuration, exceptions -from python_moondb.core import PDPManager - - -LOG = logging.getLogger("moon.manager.http") - - -class Server: - """Base class for HTTP server""" - - def __init__(self, host="localhost", port=80, api=None, **kwargs): - """Run a server - - :param host: hostname of the server - :param port: port for the running server - :param kwargs: optional parameters - :return: a running server - """ - self._host = host - self._port = port - self._api = api - self._extra = kwargs - - @property - def host(self): - return self._host - - @host.setter - def host(self, name): - self._host = name - - @host.deleter - def host(self): - self._host = "" - - @property - def port(self): - return self._port - - @port.setter - def port(self, number): - self._port = number - - @port.deleter - def port(self): - self._port = 80 - - def run(self): - raise NotImplementedError() - -__API__ = ( - Status, Logs, API, - MetaRules, SubjectCategories, ObjectCategories, ActionCategories, - Subjects, Objects, Actions, - SubjectAssignments, ObjectAssignments, ActionAssignments, - SubjectData, ObjectData, ActionData, - Rules, #Container, - Models, Policies, PDP - ) - - -class Root(Resource): - """ - The root of the web service - """ - __urls__ = ("/", ) - __methods = ("get", "post", "put", "delete", "options") - - def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} - for item in __API__: - tree[item.__name__] = {"urls": item.__urls__} - _methods = [] - for _method in self.__methods: - if _method in dir(item): - _methods.append(_method) - tree[item.__name__]["methods"] = _methods - tree[item.__name__]["description"] = item.__doc__.strip() - return { - "version": __version__, - "tree": tree - } - - -class HTTPServer(Server): - - def __init__(self, host="localhost", port=80, **kwargs): - super(HTTPServer, self).__init__(host=host, port=port, **kwargs) - self.app = Flask(__name__) - conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") - self.manager_port = conf["components/manager"].get("port", 80) - #Todo : specify only few urls instead of * - CORS(self.app) - self.api = Api(self.app) - self.__set_route() - self.__hook_errors() - - def __hook_errors(self): - - def get_404_json(e): - return jsonify({"result": False, "code": 404, "description": str(e)}), 404 - self.app.register_error_handler(404, get_404_json) - - def get_400_json(e): - return jsonify({"result": False, "code": 400, "description": str(e)}), 400 - self.app.register_error_handler(400, lambda e: get_400_json) - self.app.register_error_handler(403, exceptions.AuthException) - - def __set_route(self): - self.api.add_resource(Root, '/') - - for api in __API__: - self.api.add_resource(api, *api.__urls__) - - @staticmethod - def __check_if_db_is_up(): - first = True - while True: - try: - PDPManager.get_pdp(user_id="admin", pdp_id=None) - except sqlalchemy.exc.ProgrammingError: - time.sleep(1) - if first: - LOG.warning("Waiting for the database...") - first = False - else: - LOG.warning("Database is up, resuming operations...") - break - - def run(self): - self.__check_if_db_is_up() - self.app.run(debug=True, host=self._host, port=self._port) # nosec - diff --git a/moonv4/moon_manager/moon_manager/server.py b/moonv4/moon_manager/moon_manager/server.py deleted file mode 100644 index bcc52cb3..00000000 --- a/moonv4/moon_manager/moon_manager/server.py +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -from oslo_config import cfg -from oslo_log import log as logging -from python_moonutilities import configuration, exceptions -from moon_manager.http_server import HTTPServer - -LOG = logging.getLogger("moon.manager") -CONF = cfg.CONF -DOMAIN = "moon_manager" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) - - -def main(): - configuration.init_logging() - try: - conf = configuration.get_configuration("components/manager") - hostname = conf["components/manager"].get("hostname", "manager") - port = conf["components/manager"].get("port", 80) - bind = conf["components/manager"].get("bind", "127.0.0.1") - except exceptions.ConsulComponentNotFound: - hostname = "manager" - bind = "127.0.0.1" - port = 80 - configuration.add_component(uuid="manager", name=hostname, port=port, bind=bind) - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) - server = HTTPServer(host=bind, port=port) - return server - - -if __name__ == '__main__': - server = main() - server.run() diff --git a/moonv4/moon_manager/requirements.txt b/moonv4/moon_manager/requirements.txt deleted file mode 100644 index 15ba715b..00000000 --- a/moonv4/moon_manager/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -flask -flask_restful -flask_cors -python_moonutilities -python_moondb -docker-py diff --git a/moonv4/moon_manager/setup.py b/moonv4/moon_manager/setup.py deleted file mode 100644 index a6fc5fc7..00000000 --- a/moonv4/moon_manager/setup.py +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_manager - - -setup( - - name='moon_manager', - - version=moon_manager.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.rst').read(), - - # install_requires= , - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_manager = moon_manager.server:main', - ], - } - -) diff --git a/moonv4/moon_manager/tests/unit_python/__init__.py b/moonv4/moon_manager/tests/unit_python/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_manager/tests/unit_python/__init__.py +++ /dev/null diff --git a/moonv4/moon_manager/tests/unit_python/api/__init__.py b/moonv4/moon_manager/tests/unit_python/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_manager/tests/unit_python/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_manager/tests/unit_python/api/test_perimeter.py b/moonv4/moon_manager/tests/unit_python/api/test_perimeter.py deleted file mode 100644 index 18d3837a..00000000 --- a/moonv4/moon_manager/tests/unit_python/api/test_perimeter.py +++ /dev/null @@ -1,59 +0,0 @@ -# import moon_manager -# import moon_manager.api -import json - - -def get_json(data): - return json.loads(data.decode("utf-8")) - - -def get_subjects(client): - req = client.get("/subjects") - assert req.status_code == 200 - subjects = get_json(req.data) - assert isinstance(subjects, dict) - assert "subjects" in subjects - return subjects - - -def add_subjects(client, name): - data = { - "name": name, - "description": "description of {}".format(name), - "password": "password for {}".format(name), - "email": "{}@moon".format(name) - } - req = client.post("/subjects", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - subjects = get_json(req.data) - assert isinstance(subjects, dict) - key = list(subjects["subjects"].keys())[0] - value = list(subjects["subjects"].values())[0] - assert "subjects" in subjects - assert key == "1111111111111" - assert value['id'] == "1111111111111" - assert value['name'] == name - assert value["description"] == "description of {}".format(name) - assert value["email"] == "{}@moon".format(name) - return subjects - - -def delete_subject(client, name): - subjects = get_subjects(client) - for key, value in subjects['subjects'].items(): - if value['name'] == name: - req = client.delete("/subjects/{}".format(key)) - assert req.status_code == 200 - break - subjects = get_subjects(client) - assert name not in [x['name'] for x in subjects["subjects"].values()] - - -def test_subject(): - import moon_manager.server - server = moon_manager.server.main() - client = server.app.test_client() - get_subjects(client) - add_subjects(client, "testuser") - delete_subject(client, "testuser") diff --git a/moonv4/moon_manager/tests/unit_python/conftest.py b/moonv4/moon_manager/tests/unit_python/conftest.py deleted file mode 100644 index c59fae40..00000000 --- a/moonv4/moon_manager/tests/unit_python/conftest.py +++ /dev/null @@ -1,195 +0,0 @@ -import base64 -import json -import logging -import pytest -import requests_mock - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "interface" - }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - } - }, - "plugins": { - "session": { - "port": 8082, - "container": "asteroide/session:latest" - }, - "authz": { - "port": 8081, - "container": "wukongsun/moon_authz:v4.3" - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", -) - - -def get_b64_conf(component=None): - if component in CONF: - return base64.b64encode( - json.dumps( - CONF[component]).encode('utf-8')+b"\n").decode('utf-8') - elif "/" in component: - key1, _, key2 = component.partition("/") - return base64.b64encode( - json.dumps( - CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') - else: - return base64.b64encode( - json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') - - -@pytest.fixture(autouse=True) -def no_requests(monkeypatch): - """ Modify the response from Requests module - """ - with requests_mock.Mocker(real_http=True) as m: - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': get_b64_conf(component)}] - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'DELETE', 'http://keystone:5000/v3/auth/tokens', - headers={'X-Subject-Token': "111111111"} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default', - json={"users": {}} - ) - m.register_uri( - 'POST', 'http://keystone:5000/v3/users/', - json={"users": [{ - "id": "1111111111111" - }]} - ) - print("Start populating the DB.") - from python_moondb.db_manager import init_engine, main - engine = init_engine() - print("engine={}".format(engine)) - main("upgrade", logging.getLogger("db_manager"), engine) - print("End populating the DB.") - yield m - - -# @pytest.fixture(autouse=True, scope="session") -# def manage_database(): -# from moon_db.db_manager import init_engine, run -# engine = init_engine() -# run("upgrade", logging.getLogger("db_manager"), engine) -# yield -# print("Will close the DB") - - diff --git a/moonv4/moon_manager/tests/unit_python/requirements.txt b/moonv4/moon_manager/tests/unit_python/requirements.txt deleted file mode 100644 index 21975ce3..00000000 --- a/moonv4/moon_manager/tests/unit_python/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -flask -flask_cors -flask_restful -python_moondb -python_moonutilities
\ No newline at end of file |