diff options
Diffstat (limited to 'moonv4/moon_orchestrator')
60 files changed, 0 insertions, 2861 deletions
diff --git a/moonv4/moon_orchestrator/Changelog b/moonv4/moon_orchestrator/Changelog deleted file mode 100644 index 31aabf5d..00000000 --- a/moonv4/moon_orchestrator/Changelog +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -CHANGES -======= - -0.1.0 ------ -- First version of the moon_orchestrator library. - -1.0.0 ------ -- First public version of the moon_orchestrator library. - -1.0.1 ------ -- add Changelog - -1.1.0 ------ -- add bootstrap file to start Orchestrator with all configuration - diff --git a/moonv4/moon_orchestrator/Dockerfile b/moonv4/moon_orchestrator/Dockerfile deleted file mode 100644 index aafe1784..00000000 --- a/moonv4/moon_orchestrator/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM ubuntu:latest - -ENV CONSUL_HOST=consul -ENV CONSUL_PORT=8500 - -RUN apt update && apt install python3.5 python3-pip python3-mysql.connector -y -RUN pip3 install pip --upgrade - -ADD . /root -WORKDIR /root/ -RUN pip3 install -r requirements.txt --upgrade -#RUN pip3 install /root/dist/* --upgrade -RUN pip3 install . --upgrade - -CMD ["python3", "-m", "moon_orchestrator"]
\ No newline at end of file diff --git a/moonv4/moon_orchestrator/LICENSE b/moonv4/moon_orchestrator/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/moonv4/moon_orchestrator/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/moonv4/moon_orchestrator/MANIFEST.in b/moonv4/moon_orchestrator/MANIFEST.in deleted file mode 100644 index 8de5a391..00000000 --- a/moonv4/moon_orchestrator/MANIFEST.in +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt -graft conf diff --git a/moonv4/moon_orchestrator/README.md b/moonv4/moon_orchestrator/README.md deleted file mode 100644 index d4cdc4fb..00000000 --- a/moonv4/moon_orchestrator/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Moon Orchestrator -Internal orchestrator used for the Moon framework - diff --git a/moonv4/moon_orchestrator/conf/dockers/template.dockerfile b/moonv4/moon_orchestrator/conf/dockers/template.dockerfile deleted file mode 100644 index 6bb8a0c6..00000000 --- a/moonv4/moon_orchestrator/conf/dockers/template.dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Pull base image. -FROM ubuntu:latest - -{{ proxy }} - -RUN apt-get update && apt-get install python3.5 python3-pip -y - -ADD dist/moon_utilities-0.1.0.tar.gz /root -WORKDIR /root/moon_utilities-0.1.0 -RUN pip3 install pip --upgrade -RUN pip3 install --upgrade -r requirements.txt -RUN pip3 install --upgrade . - -ADD dist/moon_db-0.1.0.tar.gz /root -WORKDIR /root/moon_db-0.1.0 -RUN pip3 install --upgrade -r requirements.txt -RUN pip3 install --upgrade . - -{{ run }} - -{% for port in ports %} -EXPOSE {{ port }} -{% endfor %} - -CMD {{ cmd }} diff --git a/moonv4/moon_orchestrator/conf/moon.conf b/moonv4/moon_orchestrator/conf/moon.conf deleted file mode 100644 index 49086d48..00000000 --- a/moonv4/moon_orchestrator/conf/moon.conf +++ /dev/null @@ -1,84 +0,0 @@ -database: - url: mysql+pymysql://moon:p4sswOrd1@db/moon - driver: sql - -messenger: - url: rabbit://moon:p4sswOrd1@messenger:5672/moon - -docker: - url: tcp://172.88.88.1:2376 - network: moon - -slave: - name: - master: - url: - login: - password: - -openstack: - keystone: - url: http://keystone:5000/v3 - user: admin - password: p4ssw0rd - domain: default - project: admin - check_token: false - certificate: false - -plugins: - authz: - container: wukongsun/moon_authz:v4.1 - session: - container: asteroide/session:latest - -components: - interface: - port: 8081 - hostname: interface - bind: 0.0.0.0 - container: wukongsun/moon_interface:v4.1 - router: - container: wukongsun/moon_router:v4.1 - hostname: router - manager: - container: wukongsun/moon_manager:v4.1 - hostname: manager - orchestrator: - container: wukongsun/moon_orchestrator:v4.1 - hostname: orchestrator - port_start: 38001 - -logging: - version: 1 - - formatters: - brief: - format: "%(levelname)s %(name)s %(message)-30s" - custom: - format: "%(asctime)-15s %(levelname)s %(name)s %(message)s" - - handlers: - console: - class : logging.StreamHandler - formatter: brief - level : INFO - stream : ext://sys.stdout - file: - class : logging.handlers.RotatingFileHandler - formatter: custom - level : DEBUG - filename: /tmp/moon.log - maxBytes: 1048576 - backupCount: 3 - - loggers: - moon: - level: DEBUG - handlers: [console, file] - propagate: no - - root: - level: ERROR - handlers: [console] - diff --git a/moonv4/moon_orchestrator/conf/plugins/authz.py b/moonv4/moon_orchestrator/conf/plugins/authz.py deleted file mode 100644 index 4a1441c9..00000000 --- a/moonv4/moon_orchestrator/conf/plugins/authz.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -import hashlib -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (asteroide): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") -# TODO (asteroide): add specific configuration options for that plugin - - -class AuthzFunction(DockerBase): - - id = "moon_authz_function" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, uuid, conf_file="", docker=None, network_config=None): - self.id = "authz_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest() - super(AuthzFunction, self).__init__( - name="moon_authz", - run_cmd=["python3", "-m", "moon_authz", uuid], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag="" - # tag=CONF.security_function.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - # self.get_status() - - def get_status(self): - return True - # transport = oslo_messaging.get_transport(CONF) - # target = oslo_messaging.Target(topic=self.id, version='1.0') - # client = oslo_messaging.RPCClient(transport, target) - # LOG.info("Calling Status on {}".format(self.id)) - # ret = client.call({"component_id": self.id}, 'get_status', args=None) - # LOG.info(ret) - # return ret - - -def run(uuid, conf_file="", docker=None, network_config=None): - return AuthzFunction(uuid, - conf_file=conf_file, - docker=docker, - network_config=network_config) diff --git a/moonv4/moon_orchestrator/conf/plugins/session.py b/moonv4/moon_orchestrator/conf/plugins/session.py deleted file mode 100644 index 6fa2cfe2..00000000 --- a/moonv4/moon_orchestrator/conf/plugins/session.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import time -import hashlib -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_orchestrator.dockers import DockerBase - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) -# TODO (asteroide): select the right template folder -TEMPLATES_FOLDER = os.path.join(__CWD__, "..", "conf", "dockers") -# TODO (asteroide): add specific configuration options for that plugin - - -class AuthzFunction(DockerBase): - - id = "moon_session_function" - __build = """RUN mkdir -p /etc/moon/ -COPY conf /etc/moon/ -ADD dist/{py_pkg}.tar.gz /root -WORKDIR /root/{py_pkg} -RUN pip3 install -r requirements.txt -RUN pip3 install . -""" - - def __init__(self, uuid, conf_file="", docker=None, network_config=None): - self.id = "session_"+hashlib.sha224(uuid.encode("utf-8")).hexdigest() - super(AuthzFunction, self).__init__( - name="moon_authz", - run_cmd=["python3", "-m", "moon_authz", uuid], - conf_file=conf_file, - docker=docker, - network_config=network_config, - build_cmd=self.__build, - id=self.id, - tag="" - # tag=CONF.security_function.container - ) - # note(asteroide): time to let the new docker boot - time.sleep(3) - # self.get_status() - - def get_status(self): - return True - # transport = oslo_messaging.get_transport(CONF) - # target = oslo_messaging.Target(topic=self.id, version='1.0') - # client = oslo_messaging.RPCClient(transport, target) - # LOG.info("Calling Status on {}".format(self.id)) - # ret = client.call({"component_id": self.id}, 'get_status', args=None) - # LOG.info(ret) - # return ret - - -def run(uuid, conf_file="", docker=None, network_config=None): - return AuthzFunction(uuid, - conf_file=conf_file, - docker=docker, - network_config=network_config) diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json deleted file mode 100644 index 7a6c722e..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/assignment.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - "admin": ["high"], - "demo": ["medium"] - }, - "domain":{ - "admin": ["ft"], - "demo": ["xx"] - }, - "role": { - "admin": ["admin"], - "demo": ["dev"] - } - }, - - "action_assignments": { - "resource_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"], - "storage_list": ["storage_access"], - "download": ["storage_access"], - "post": ["storage_admin"], - "upload": ["storage_admin"] - }, - "access": { - "pause": ["write"], - "unpause": ["write"], - "start": ["write"], - "stop": ["write"], - "list": ["read"], - "create": ["write"], - "storage_list": ["read"], - "download": ["read"], - "post": ["write"], - "upload": ["write"] - } - }, - - "object_assignments": { - "object_security_level": { - "servers": ["low"] - }, - "type": { - "servers": ["computing"] - }, - "object_id": { - "servers": ["servers"] - } - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json deleted file mode 100644 index 21a99eb2..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/metadata.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "name": "Simple_Policy", - "genre": "authz", - "description": "Simple Security Policy", - "pdp_pipeline": ["authz:rbac_rule", "authz:mls_rule"], - - "subject_categories": [ - "subject_security_level", - "domain", - "role" - ], - - "action_categories": [ - "resource_action", - "access" - ], - - "object_categories": [ - "object_security_level", - "type", - "object_id" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json deleted file mode 100644 index c9afd6c2..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/metarule.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": ["subject_security_level"], - "action_categories": ["resource_action"], - "object_categories": ["object_security_level"], - "algorithm": "inclusion" - }, - "dte_rule": { - "subject_categories": ["domain"], - "action_categories": ["access"], - "object_categories": ["type"], - "algorithm": "inclusion" - }, - "rbac_rule": { - "subject_categories": ["role", "domain"], - "action_categories": ["access"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json deleted file mode 100644 index 47a8ee45..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/perimeter.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "pause", - "unpause", - "start", - "stop", - "create", - "list", - "upload", - "download", - "post", - "storage_list" - ], - "objects": [ - "servers" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json deleted file mode 100644 index 25f9d93a..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/rule.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "mls_rule":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "high"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "medium"], - ["medium", "vm_access", "low"], - ["low", "vm_access", "low"] - ], - "dte_rule":[ - ["ft", "read", "computing"], - ["ft", "write", "computing"], - ["ft", "read", "storage"], - ["ft", "write", "storage"], - ["xx", "read", "storage"] - ], - "rbac_rule":[ - ["dev", "xx", "read", "servers"], - ["admin", "xx", "read", "servers"], - ["admin", "ft", "read", "servers"] - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json deleted file mode 100644 index 9b313daf..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_authz/scope.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "admin", - "dev" - ], - "subject_security_level": [ - "high", - "medium", - "low" - ], - "domain": [ - "ft", - "xx" - ] - }, - - "action_scopes": { - "resource_action": [ - "vm_admin", - "vm_access", - "storage_admin", - "storage_access" - ], - "access": [ - "write", - "read" - ] - }, - - "object_scopes": { - "object_security_level": [ - "high", - "medium", - "low" - ], - "type": [ - "computing", - "storage" - ], - "object_id": [ - "servers", - "vm1", - "vm2", - "file1", - "file2" - ] - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json deleted file mode 100644 index 24018a09..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/assignment.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_assignments": {}, - - "action_assignments": {}, - - "object_assignments": {} -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json deleted file mode 100644 index 3c9be2e5..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "Empty_Policy", - "model": "", - "genre": "admin", - "description": "Empty Policy", - - "subject_categories": [], - - "action_categories": [], - - "object_categories": [] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json deleted file mode 100644 index 7acd8848..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": [], - "action_categories": [], - "object_categories": [], - "algorithm": "" - } - }, - "aggregation": "" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json deleted file mode 100644 index 54dbfc31..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/perimeter.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subjects": [], - "actions": [ - "read", - "write" - ], - "objects": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/rule.json deleted file mode 100644 index fe4fae5a..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/rule.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mls_rule":[] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/scope.json deleted file mode 100644 index 1efebe6f..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_admin/scope.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_scopes": {}, - - "action_scopes": {}, - - "object_scopes": {} -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json deleted file mode 100644 index 24018a09..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/assignment.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_assignments": {}, - - "action_assignments": {}, - - "object_assignments": {} -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json deleted file mode 100644 index 4f300d78..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metadata.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "MLS_Policy", - "model": "MLS", - "genre": "authz", - "description": "Multi Level Security Policy", - - "subject_categories": [], - - "action_categories": [], - - "object_categories": [] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json deleted file mode 100644 index 7acd8848..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": [], - "action_categories": [], - "object_categories": [], - "algorithm": "" - } - }, - "aggregation": "" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json deleted file mode 100644 index 9da8a8c0..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/perimeter.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "subjects": [], - "actions": [], - "objects": [] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/rule.json deleted file mode 100644 index fe4fae5a..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/rule.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mls_rule":[] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/scope.json deleted file mode 100644 index 1efebe6f..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_empty_authz/scope.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "subject_scopes": {}, - - "action_scopes": {}, - - "object_scopes": {} -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json deleted file mode 100644 index 0712dfbc..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/assignment.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "subject_assignments": { - "subject_security_level":{ - "admin": ["high"], - "demo": ["medium"] - } - }, - - "action_assignments": { - "resource_action":{ - "pause": ["vm_admin"], - "unpause": ["vm_admin"], - "start": ["vm_admin"], - "stop": ["vm_admin"], - "list": ["vm_access", "vm_admin"], - "create": ["vm_admin"], - "storage_list": ["storage_access"], - "download": ["storage_access"], - "post": ["storage_admin"], - "upload": ["storage_admin"] - } - }, - - "object_assignments": { - "object_security_level": { - "servers": ["low"] - } - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json deleted file mode 100644 index c419c815..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "MLS_Policy", - "model": "MLS", - "genre": "authz", - "description": "Multi Level Security Policy", - - "subject_categories": [ - "subject_security_level" - ], - - "action_categories": [ - "resource_action" - ], - - "object_categories": [ - "object_security_level" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json deleted file mode 100644 index e068927c..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "mls_rule": { - "subject_categories": ["subject_security_level"], - "action_categories": ["resource_action"], - "object_categories": ["object_security_level"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json deleted file mode 100644 index 47a8ee45..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/perimeter.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "pause", - "unpause", - "start", - "stop", - "create", - "list", - "upload", - "download", - "post", - "storage_list" - ], - "objects": [ - "servers" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/rule.json deleted file mode 100644 index b17dc822..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/rule.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "mls_rule":[ - ["high", "vm_admin", "medium"], - ["high", "vm_admin", "low"], - ["medium", "vm_admin", "low"], - ["high", "vm_access", "medium"], - ["high", "vm_access", "low"], - ["medium", "vm_access", "low"], - ["high", "storage_admin", "medium"], - ["high", "storage_admin", "low"], - ["medium", "storage_admin", "low"], - ["high", "storage_access", "medium"], - ["high", "storage_access", "low"], - ["medium", "storage_access", "low"] - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/scope.json deleted file mode 100644 index 6cc1c28e..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_mls_authz/scope.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subject_scopes": { - "subject_security_level": [ - "high", - "medium", - "low" - ] - }, - - "action_scopes": { - "resource_action": [ - "vm_admin", - "vm_access", - "storage_admin", - "storage_access" - ] - }, - - "object_scopes": { - "object_security_level": [ - "high", - "medium", - "low" - ] - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json deleted file mode 100644 index f2378333..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/assignment.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "subject_assignments": { - "role": { - "admin": ["root_role"], - "demo": ["dev_role"] - } - }, - "action_assignments": { - "action_id": { - "read": ["read"], - "write": ["write"] - } - }, - "object_assignments": { - "object_id": { - "authz.subjects": ["authz.subjects"], - "authz.objects": ["authz.objects"], - "authz.actions": ["authz.actions"], - "authz.subject_categories": ["authz.subject_categories"], - "authz.object_categories": ["authz.object_categories"], - "authz.action_categories": ["authz.action_categories"], - "authz.subject_scopes": ["authz.subject_scopes"], - "authz.object_scopes": ["authz.object_scopes"], - "authz.action_scopes": ["authz.action_scopes"], - "authz.subject_assignments": ["authz.subject_assignments"], - "authz.object_assignments": ["authz.object_assignments"], - "authz.action_assignments": ["authz.action_assignments"], - "authz.aggregation_algorithm": ["authz.aggregation_algorithm"], - "authz.sub_meta_rules": ["authz.sub_meta_rules"], - "authz.rules": ["authz.rules"], - "admin.subjects": ["admin.subjects"], - "admin.objects": ["admin.objects"], - "admin.actions": ["admin.actions"], - "admin.subject_categories": ["admin.subject_categories"], - "admin.object_categories": ["admin.object_categories"], - "admin.action_categories": ["admin.action_categories"], - "admin.subject_scopes": ["admin.subject_scopes"], - "admin.object_scopes": ["admin.object_scopes"], - "admin.action_scopes": ["admin.action_scopes"], - "admin.subject_assignments": ["admin.subject_assignments"], - "admin.object_assignments": ["admin.object_assignments"], - "admin.action_assignments": ["admin.action_assignments"], - "admin.aggregation_algorithm": ["admin.aggregation_algorithm"], - "admin.sub_meta_rules": ["admin.sub_meta_rules"], - "admin.rules": ["admin.rules"] - } - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json deleted file mode 100644 index 9ee8a11d..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metadata.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "RBAC Admin Policy", - "model": "RBAC", - "genre": "admin", - "description": "", - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "action_id" - ], - - "object_categories": [ - "object_id" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json deleted file mode 100644 index 86dbfad2..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "rbac_rule": { - "subject_categories": ["role"], - "action_categories": ["action_id"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json deleted file mode 100644 index 1155533e..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/perimeter.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "subjects": [ - "admin", - "demo" - ], - "actions": [ - "read", - "write" - ], - "objects": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json deleted file mode 100644 index c89ceff3..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/rule.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "rbac_rule":[ - ["root_role" , "read", "authz.subjects"], - ["root_role" , "read", "authz.objects"], - ["root_role" , "read", "authz.actions"], - ["root_role" , "read", "authz.subject_categories"], - ["root_role" , "read", "authz.object_categories"], - ["root_role" , "read", "authz.action_categories"], - ["root_role" , "read", "authz.subject_scopes"], - ["root_role" , "read", "authz.object_scopes"], - ["root_role" , "read", "authz.action_scopes"], - ["root_role" , "read", "authz.subject_assignments"], - ["root_role" , "read", "authz.object_assignments"], - ["root_role" , "read", "authz.action_assignments"], - ["root_role" , "read", "authz.aggregation_algorithm"], - ["root_role" , "read", "authz.sub_meta_rules"], - ["root_role" , "read", "authz.rules"], - ["root_role" , "write", "authz.subjects"], - ["root_role" , "write", "authz.objects"], - ["root_role" , "write", "authz.actions"], - ["root_role" , "write", "authz.subject_categories"], - ["root_role" , "write", "authz.object_categories"], - ["root_role" , "write", "authz.action_categories"], - ["root_role" , "write", "authz.subject_scopes"], - ["root_role" , "write", "authz.object_scopes"], - ["root_role" , "write", "authz.action_scopes"], - ["root_role" , "write", "authz.subject_assignments"], - ["root_role" , "write", "authz.object_assignments"], - ["root_role" , "write", "authz.action_assignments"], - ["root_role" , "write", "authz.aggregation_algorithm"], - ["root_role" , "write", "authz.sub_meta_rules"], - ["root_role" , "write", "authz.rules"], - ["root_role" , "read", "admin.subjects"], - ["root_role" , "read", "admin.objects"], - ["root_role" , "read", "admin.actions"], - ["root_role" , "read", "admin.subject_categories"], - ["root_role" , "read", "admin.object_categories"], - ["root_role" , "read", "admin.action_categories"], - ["root_role" , "read", "admin.subject_scopes"], - ["root_role" , "read", "admin.object_scopes"], - ["root_role" , "read", "admin.action_scopes"], - ["root_role" , "read", "admin.subject_assignments"], - ["root_role" , "read", "admin.object_assignments"], - ["root_role" , "read", "admin.action_assignments"], - ["root_role" , "read", "admin.aggregation_algorithm"], - ["root_role" , "read", "admin.sub_meta_rules"], - ["root_role" , "read", "admin.rules"], - ["root_role" , "write", "admin.subjects"], - ["root_role" , "write", "admin.objects"], - ["root_role" , "write", "admin.actions"], - ["root_role" , "write", "admin.subject_categories"], - ["root_role" , "write", "admin.object_categories"], - ["root_role" , "write", "admin.action_categories"], - ["root_role" , "write", "admin.subject_scopes"], - ["root_role" , "write", "admin.object_scopes"], - ["root_role" , "write", "admin.action_scopes"], - ["root_role" , "write", "admin.subject_assignments"], - ["root_role" , "write", "admin.object_assignments"], - ["root_role" , "write", "admin.action_assignments"], - ["root_role" , "write", "admin.aggregation_algorithm"], - ["root_role" , "write", "admin.sub_meta_rules"], - ["root_role" , "write", "admin.rules"], - ["dev_role" , "read", "authz.subjects"], - ["dev_role" , "read", "authz.objects"], - ["dev_role" , "read", "authz.actions"], - ["dev_role" , "read", "authz.subject_categories"], - ["dev_role" , "read", "authz.object_categories"], - ["dev_role" , "read", "authz.action_categories"], - ["dev_role" , "read", "authz.subject_scopes"], - ["dev_role" , "read", "authz.object_scopes"], - ["dev_role" , "read", "authz.action_scopes"], - ["dev_role" , "read", "authz.subject_assignments"], - ["dev_role" , "read", "authz.object_assignments"], - ["dev_role" , "read", "authz.action_assignments"], - ["dev_role" , "read", "authz.aggregation_algorithm"], - ["dev_role" , "read", "authz.sub_meta_rules"], - ["dev_role" , "read", "authz.rules"], - ["dev_role" , "read", "admin.subjects"], - ["dev_role" , "read", "admin.objects"], - ["dev_role" , "read", "admin.actions"], - ["dev_role" , "read", "admin.subject_categories"], - ["dev_role" , "read", "admin.object_categories"], - ["dev_role" , "read", "admin.action_categories"], - ["dev_role" , "read", "admin.subject_scopes"], - ["dev_role" , "read", "admin.object_scopes"], - ["dev_role" , "read", "admin.action_scopes"], - ["dev_role" , "read", "admin.subject_assignments"], - ["dev_role" , "read", "admin.object_assignments"], - ["dev_role" , "read", "admin.action_assignments"], - ["dev_role" , "read", "admin.aggregation_algorithm"], - ["dev_role" , "read", "admin.sub_meta_rules"], - ["dev_role" , "read", "admin.rules"] - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json deleted file mode 100644 index 149056a6..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_rbac_admin/scope.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "root_role", - "dev_role" - ] - }, - "action_scopes": { - "action_id": [ - "read", - "write" - ] - }, - "object_scopes": { - "object_id": [ - "authz.subjects", - "authz.objects", - "authz.actions", - "authz.subject_categories", - "authz.object_categories", - "authz.action_categories", - "authz.subject_scopes", - "authz.object_scopes", - "authz.action_scopes", - "authz.subject_assignments", - "authz.object_assignments", - "authz.action_assignments", - "authz.aggregation_algorithm", - "authz.sub_meta_rules", - "authz.rules", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_scopes", - "admin.object_scopes", - "admin.action_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/assignment.json b/moonv4/moon_orchestrator/conf/policies/policy_root/assignment.json deleted file mode 100644 index e849ae13..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/assignment.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subject_assignments": { - "role": { - "admin": ["root_role"] - } - }, - - "action_assignments": { - "action_id": { - "read": ["read"], - "write": ["write"] - } - }, - - "object_assignments": { - "object_id": { - "templates": ["templates"], - "sub_meta_rule_algorithms": ["sub_meta_rule_algorithms"], - "aggregation_algorithms": ["aggregation_algorithms"], - "tenants": ["tenants"], - "intra_extensions": ["intra_extensions"], - "admin.subjects": ["admin.subjects"], - "admin.objects": ["admin.objects"], - "admin.actions": ["admin.actions"], - "admin.subject_categories": ["admin.subject_categories"], - "admin.object_categories": ["admin.object_categories"], - "admin.action_categories": ["admin.action_categories"], - "admin.subject_category_scopes": ["admin.subject_category_scopes"], - "admin.object_category_scopes": ["admin.object_category_scopes"], - "admin.action_category_scopes": ["admin.action_category_scopes"], - "admin.subject_assignments": ["admin.subject_assignments"], - "admin.object_assignments": ["admin.object_assignments"], - "admin.action_assignments": ["admin.action_assignments"], - "admin.aggregation_algorithm": ["admin.aggregation_algorithm"], - "admin.sub_meta_rules": ["admin.sub_meta_rules"], - "admin.rules": ["admin.rules"] - } - } -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/metadata.json b/moonv4/moon_orchestrator/conf/policies/policy_root/metadata.json deleted file mode 100644 index 9dd7a928..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/metadata.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Root Policy", - "model": "RBAC", - "genre": "admin", - "description": "root extension", - "pdp_pipeline": ["authz:rbac_rule"], - - "subject_categories": [ - "role" - ], - - "action_categories": [ - "action_id" - ], - - "object_categories": [ - "object_id" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/metarule.json b/moonv4/moon_orchestrator/conf/policies/policy_root/metarule.json deleted file mode 100644 index 86dbfad2..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/metarule.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "sub_meta_rules": { - "rbac_rule": { - "subject_categories": ["role"], - "action_categories": ["action_id"], - "object_categories": ["object_id"], - "algorithm": "inclusion" - } - }, - "aggregation": "all_true" -} - diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/perimeter.json b/moonv4/moon_orchestrator/conf/policies/policy_root/perimeter.json deleted file mode 100644 index 788a27f2..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/perimeter.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "subjects": [ - "admin" - ], - "actions": [ - "read", - "write" - ], - "objects": [ - "templates", - "aggregation_algorithms", - "sub_meta_rule_algorithms", - "tenants", - "intra_extensions", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_category_scopes", - "admin.object_category_scopes", - "admin.action_category_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/rule.json b/moonv4/moon_orchestrator/conf/policies/policy_root/rule.json deleted file mode 100644 index 9bbd5e4c..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/rule.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "rbac_rule":[ - ["root_role" , "read", "templates"], - ["root_role" , "read", "aggregation_algorithms"], - ["root_role" , "read", "sub_meta_rule_algorithms"], - ["root_role" , "read", "tenants"], - ["root_role" , "read", "intra_extensions"], - ["root_role" , "write", "templates"], - ["root_role" , "write", "aggregation_algorithms"], - ["root_role" , "write", "sub_meta_rule_algorithms"], - ["root_role" , "write", "tenants"], - ["root_role" , "write", "intra_extensions"], - ["root_role" , "read", "admin.subjects"], - ["root_role" , "read", "admin.objects"], - ["root_role" , "read", "admin.actions"], - ["root_role" , "read", "admin.subject_categories"], - ["root_role" , "read", "admin.object_categories"], - ["root_role" , "read", "admin.action_categories"], - ["root_role" , "read", "admin.subject_category_scopes"], - ["root_role" , "read", "admin.object_category_scopes"], - ["root_role" , "read", "admin.action_category_scopes"], - ["root_role" , "read", "admin.subject_assignments"], - ["root_role" , "read", "admin.object_assignments"], - ["root_role" , "read", "admin.action_assignments"], - ["root_role" , "read", "admin.aggregation_algorithm"], - ["root_role" , "read", "admin.sub_meta_rules"], - ["root_role" , "read", "admin.rules"], - ["root_role" , "write", "admin.subjects"], - ["root_role" , "write", "admin.objects"], - ["root_role" , "write", "admin.actions"], - ["root_role" , "write", "admin.subject_categories"], - ["root_role" , "write", "admin.object_categories"], - ["root_role" , "write", "admin.action_categories"], - ["root_role" , "write", "admin.subject_category_scopes"], - ["root_role" , "write", "admin.object_category_scopes"], - ["root_role" , "write", "admin.action_category_scopes"], - ["root_role" , "write", "admin.subject_assignments"], - ["root_role" , "write", "admin.object_assignments"], - ["root_role" , "write", "admin.action_assignments"], - ["root_role" , "write", "admin.aggregation_algorithm"], - ["root_role" , "write", "admin.sub_meta_rules"], - ["root_role" , "write", "admin.rules"] - ] -} diff --git a/moonv4/moon_orchestrator/conf/policies/policy_root/scope.json b/moonv4/moon_orchestrator/conf/policies/policy_root/scope.json deleted file mode 100644 index 43f9ced8..00000000 --- a/moonv4/moon_orchestrator/conf/policies/policy_root/scope.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "subject_scopes": { - "role": [ - "root_role" - ] - }, - - "action_scopes": { - "action_id": [ - "read", - "write" - ] - }, - - "object_scopes": { - "object_id": [ - "templates", - "aggregation_algorithms", - "sub_meta_rule_algorithms", - "tenants", - "intra_extensions", - "admin.subjects", - "admin.objects", - "admin.actions", - "admin.subject_categories", - "admin.object_categories", - "admin.action_categories", - "admin.subject_category_scopes", - "admin.object_category_scopes", - "admin.action_category_scopes", - "admin.subject_assignments", - "admin.object_assignments", - "admin.action_assignments", - "admin.aggregation_algorithm", - "admin.sub_meta_rules", - "admin.rules" - ] - } -} diff --git a/moonv4/moon_orchestrator/moon_orchestrator/__init__.py b/moonv4/moon_orchestrator/moon_orchestrator/__init__.py deleted file mode 100644 index 2302dea9..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "1.1.0" diff --git a/moonv4/moon_orchestrator/moon_orchestrator/__main__.py b/moonv4/moon_orchestrator/moon_orchestrator/__main__.py deleted file mode 100644 index 9ebc3a7f..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/__main__.py +++ /dev/null @@ -1,4 +0,0 @@ -from moon_orchestrator.server import main - -server = main() -server.run() diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/__init__.py b/moonv4/moon_orchestrator/moon_orchestrator/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/generic.py b/moonv4/moon_orchestrator/moon_orchestrator/api/generic.py deleted file mode 100644 index 84de4e69..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/generic.py +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Those API are helping API used to manage the Moon platform. -""" - -from flask_restful import Resource, request -import logging -import moon_orchestrator.api -from python_moonutilities.security_functions import check_auth - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.orchestrator.api." + __name__) - - -class Status(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/status", "/status/", "/status/<string:component_id>") - - def get(self, component_id=None): - """Retrieve status of all components - - :return: { - "orchestrator": { - "status": "Running" - }, - "security_router": { - "status": "Running" - } - } - """ - raise NotImplemented - - -class Logs(Resource): - """ - Endpoint for logs requests - """ - - __urls__ = ("/logs", "/logs/", "/logs/<string:component_id>") - - def get(self, component_id=None): - """Get logs from the Moon platform - - :param component_id: the ID of the component your are looking for (optional) - :return: [ - "2015-04-15-13:45:20 - "2015-04-15-13:45:21 - "2015-04-15-13:45:22 - "2015-04-15-13:45:23 - ] - """ - filter_str = request.args.get('filter', '') - from_str = request.args.get('from', '') - to_str = request.args.get('to', '') - event_number = request.args.get('event_number', '') - try: - event_number = int(event_number) - except ValueError: - event_number = None - args = dict() - args["filter"] = filter_str - args["from"] = from_str - args["to"] = to_str - args["event_number"] = event_number - - raise NotImplemented - - -class API(Resource): - """ - Endpoint for API requests - """ - - __urls__ = ( - "/api", - "/api/", - "/api/<string:group_id>", - "/api/<string:group_id>/", - "/api/<string:group_id>/<string:endpoint_id>") - - @check_auth - def get(self, group_id="", endpoint_id="", user_id=""): - """Retrieve all API endpoints or a specific endpoint if endpoint_id is given - - :param group_id: the name of one existing group (ie generic, ...) - :param endpoint_id: the name of one existing component (ie Logs, Status, ...) - :return: { - "group_name": { - "endpoint_name": { - "description": "a description", - "methods": { - "get": "description of the HTTP method" - }, - "urls": ('/api', '/api/', '/api/<string:endpoint_id>') - } - } - """ - __methods = ("get", "post", "put", "delete", "options", "patch") - api_list = filter(lambda x: "__" not in x, dir(moon_orchestrator.api)) - api_desc = dict() - for api_name in api_list: - api_desc[api_name] = {} - group_api_obj = eval("moon_interface.api.{}".format(api_name)) - api_desc[api_name]["description"] = group_api_obj.__doc__ - if "__version__" in dir(group_api_obj): - api_desc[api_name]["version"] = group_api_obj.__version__ - object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) - for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list): - if "__urls__" in dir(obj): - api_desc[api_name][obj.__name__] = dict() - api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ - api_desc[api_name][obj.__name__]["methods"] = dict() - for _method in filter(lambda x: x in __methods, dir(obj)): - docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) - api_desc[api_name][obj.__name__]["methods"][_method] = docstring - api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) - if group_id in api_desc: - if endpoint_id in api_desc[group_id]: - return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} - elif len(endpoint_id) > 0: - LOG.error("Unknown endpoint_id {}".format(endpoint_id)) - return {"error": "Unknown endpoint_id {}".format(endpoint_id)} - return {group_id: api_desc[group_id]} - return api_desc diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py b/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py deleted file mode 100644 index 9bca4d93..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import request -from flask_restful import Resource -from python_moonutilities.security_functions import check_auth -import logging - -LOG = logging.getLogger("moon.orchestrator.api.pods") - - -class Pods(Resource): - """ - Endpoint for pdp requests - """ - - __urls__ = ( - "/pods", - "/pods/", - "/pods/<string:uuid>", - "/pods/<string:uuid>/", - ) - - def __init__(self, **kwargs): - self.driver = kwargs.get("driver") - self.create_security_function = kwargs.get("create_security_function_hook") - - @check_auth - def get(self, uuid=None, user_id=None): - """Retrieve all pods - - :param uuid: uuid of the pod - :param user_id: user ID who do the request - :return: { - "pod_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - :internal_api: get_pdp - """ - pods = {} - # LOG.info("pods={}".format(self.driver.get_pods())) - if uuid: - return {"pods": self.driver.get_pods(uuid)} - for _pod_key, _pod_values in self.driver.get_pods().items(): - pods[_pod_key] = [] - for _pod_value in _pod_values: - if _pod_value['namespace'] != "moon": - continue - pods[_pod_key].append(_pod_value) - return {"pods": pods} - - @check_auth - def post(self, uuid=None, user_id=None): - """Create a new pod. - - :param uuid: uuid of the pod (not used here) - :param user_id: user ID who do the request - :request body: { - "name": "...", - "description": "...", - "type": "plugin_name" - } - :return: { - "pdp_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - """ - LOG.info("POST param={}".format(request.json)) - self.create_security_function( - request.json.get("keystone_project_id"), - request.json.get("pdp_id"), - request.json.get("security_pipeline"), - manager_data=request.json, - active_context=None, - active_context_name=None) - pods = {} - for _pod_key, _pod_values in self.driver.get_pods().items(): - pods[_pod_key] = [] - for _pod_value in _pod_values: - if _pod_value['namespace'] != "moon": - continue - pods[_pod_key].append(_pod_value) - return {"pods": pods} - - @check_auth - def delete(self, uuid=None, user_id=None): - """Delete a pod - - :param uuid: uuid of the pod to delete - :param user_id: user ID who do the request - :return: { - "result": "True or False", - "message": "optional message" - } - """ - return {"result": True} - - @check_auth - def patch(self, uuid=None, user_id=None): - """Update a pod - - :param uuid: uuid of the pdp to update - :param user_id: user ID who do the request - :request body: { - "name": "...", - "replicas": "...", - "description": "...", - } - :return: { - "pod_id1": { - "name": "...", - "replicas": "...", - "description": "...", - } - } - :internal_api: update_pdp - """ - return {"pods": None} - diff --git a/moonv4/moon_orchestrator/moon_orchestrator/drivers.py b/moonv4/moon_orchestrator/moon_orchestrator/drivers.py deleted file mode 100644 index 08c53be3..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/drivers.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from kubernetes import client, config -import logging -import urllib3.exceptions -from python_moonutilities import configuration - -LOG = logging.getLogger("moon.orchestrator.drivers") - - -def get_driver(): - try: - return K8S() - except urllib3.exceptions.MaxRetryError as e: - LOG.exception(e) - return Docker() - - -class Driver: - - def __init__(self): - self.cache = {} - # example of cache: - # { - # "uuid_of_pod": { - # "ip": "", - # "hostname": "", - # "port": 30001, - # "pdp": "", - # "keystone_project_id": "", - # "plugin_name": "", - # "namespace": "" - # } - # } - - def get_pods(self, namespace=None): - raise NotImplementedError - - def load_pod(self, data, api_client=None, ext_client=None): - raise NotImplementedError - - def delete_pod(self, uuid=None, name=None): - raise NotImplementedError - - def get_slaves(self): - raise NotImplementedError - - -class K8S(Driver): - - def __init__(self): - super(K8S, self).__init__() - config.load_kube_config() - self.client = client.CoreV1Api() - - def get_pods(self, name=None): - if name: - pods = self.client.list_pod_for_all_namespaces(watch=False) - for pod in pods.items: - LOG.info("get_pods {}".format(pod.metadata.name)) - if name in pod.metadata.name: - return pod - else: - return None - LOG.info("get_pods cache={}".format(self.cache)) - return self.cache - - @staticmethod - def __create_pod(client, data): - pod_manifest = { - 'apiVersion': 'extensions/v1beta1', - 'kind': 'Deployment', - 'metadata': { - 'name': data[0].get('name') - }, - 'spec': { - 'replicas': 1, - 'template': { - 'metadata': {'labels': {'app': data[0].get('name')}}, - 'hostname': data[0].get('name'), - 'spec': { - 'containers': [] - } - }, - } - } - for _data in data: - pod_manifest['spec']['template']['spec']['containers'].append( - { - 'image': _data.get('container', "busybox"), - 'name': _data.get('name'), - 'hostname': _data.get('name'), - 'ports': [ - {"containerPort": _data.get('port', 80)}, - ], - 'env': [ - {'name': "UUID", "value": _data.get('name', "None")}, - {'name': "TYPE", "value": _data.get('genre', "None")}, - {'name': "PORT", "value": str(_data.get('port', 80))}, - {'name': "PDP_ID", "value": _data.get('pdp_id', "None")}, - {'name': "META_RULE_ID", "value": _data.get('meta_rule_id', "None")}, - {'name': "KEYSTONE_PROJECT_ID", - "value": _data.get('keystone_project_id', "None")}, - ] - } - ) - resp = client.create_namespaced_deployment(body=pod_manifest, - namespace='moon') - LOG.info("Pod {} created!".format(data[0].get('name'))) - # logger.info(yaml.dump(pod_manifest, sys.stdout)) - # logger.info(resp) - return resp - - @staticmethod - def __create_service(client, data, expose=False): - service_manifest = { - 'apiVersion': 'v1', - 'kind': 'Service', - 'metadata': { - 'name': data.get('name'), - 'namespace': 'moon' - }, - 'spec': { - 'ports': [{ - 'port': data.get('port', 80), - 'targetPort': data.get('port', 80) - }], - 'selector': { - 'app': data.get('name') - }, - # 'type': 'NodePort', - 'endpoints': [{ - 'port': data.get('port', 80), - 'protocol': 'TCP', - }], - } - } - if expose: - service_manifest['spec']['ports'][0]['nodePort'] = \ - configuration.increment_port() - service_manifest['spec']['type'] = "NodePort" - resp = client.create_namespaced_service(namespace="moon", - body=service_manifest) - LOG.info("Service {} created!".format(data.get('name'))) - return resp - - def load_pod(self, data, api_client=None, ext_client=None, expose=False): - _client = api_client if api_client else self.client - pod = self.__create_pod(client=ext_client, data=data) - service = self.__create_service(client=_client, data=data[0], - expose=expose) - self.cache[pod.metadata.uid] = data - - def delete_pod(self, uuid=None, name=None): - LOG.info("Deleting pod {}".format(uuid)) - # TODO: delete_namespaced_deployment - # https://github.com/kubernetes-incubator/client-python/blob/master/kubernetes/client/apis/extensions_v1beta1_api.py - - def get_slaves(self): - contexts, active_context = config.list_kube_config_contexts() - return contexts, active_context - - -class Docker(Driver): - - def load_pod(self, data, api_client=None, ext_client=None): - LOG.info("Creating pod {}".format(data[0].get('name'))) - raise NotImplementedError - - def delete_pod(self, uuid=None, name=None): - LOG.info("Deleting pod {}".format(uuid)) - raise NotImplementedError diff --git a/moonv4/moon_orchestrator/moon_orchestrator/http_server.py b/moonv4/moon_orchestrator/moon_orchestrator/http_server.py deleted file mode 100644 index e6a5ee57..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/http_server.py +++ /dev/null @@ -1,292 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from flask import Flask, jsonify -from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api -import logging -from kubernetes import client, config -import random -import requests -import time -from moon_orchestrator import __version__ -from moon_orchestrator.api.pods import Pods -from moon_orchestrator.api.generic import Logs, Status -from python_moonutilities import configuration, exceptions -from python_moonutilities.misc import get_random_name -from moon_orchestrator.drivers import get_driver - -LOG = logging.getLogger("moon.orchestrator.http") - - -class Server: - """Base class for HTTP server""" - - def __init__(self, host="localhost", port=80, api=None, **kwargs): - """Run a server - - :param host: hostname of the server - :param port: port for the running server - :param kwargs: optional parameters - :return: a running server - """ - self._host = host - self._port = port - self._api = api - self._extra = kwargs - - @property - def host(self): - return self._host - - @host.setter - def host(self, name): - self._host = name - - @host.deleter - def host(self): - self._host = "" - - @property - def port(self): - return self._port - - @port.setter - def port(self, number): - self._port = number - - @port.deleter - def port(self): - self._port = 80 - - def run(self): - raise NotImplementedError() - -__API__ = ( - Status, Logs - ) - - -class Root(Resource): - """ - The root of the web service - """ - __urls__ = ("/", ) - __methods = ("get", "post", "put", "delete", "options") - - def get(self): - tree = {"/": {"methods": ("get",), "description": "List all methods for that service."}} - for item in __API__: - tree[item.__name__] = {"urls": item.__urls__} - _methods = [] - for _method in self.__methods: - if _method in dir(item): - _methods.append(_method) - tree[item.__name__]["methods"] = _methods - tree[item.__name__]["description"] = item.__doc__.strip() - return { - "version": __version__, - "tree": tree - } - - -class HTTPServer(Server): - - def __init__(self, host="localhost", port=80, **kwargs): - super(HTTPServer, self).__init__(host=host, port=port, **kwargs) - self.app = Flask(__name__) - conf = configuration.get_configuration("components/orchestrator") - self.orchestrator_hostname = conf["components/orchestrator"].get("hostname", "orchestrator") - self.orchestrator_port = conf["components/orchestrator"].get("port", 80) - conf = configuration.get_configuration("components/manager") - self.manager_hostname = conf["components/manager"].get("hostname", "manager") - self.manager_port = conf["components/manager"].get("port", 80) - # TODO : specify only few urls instead of * - # CORS(self.app) - self.api = Api(self.app) - self.driver = get_driver() - LOG.info("Driver = {}".format(self.driver.__class__)) - self.__set_route() - self.__hook_errors() - pdp = None - while True: - try: - pdp = requests.get( - "http://{}:{}/pdp".format(self.manager_hostname, - self.manager_port)) - except requests.exceptions.ConnectionError: - LOG.warning("Manager is not ready, standby...") - time.sleep(1) - except KeyError: - LOG.warning("Manager is not ready, standby...") - time.sleep(1) - else: - if "pdps" in pdp.json(): - break - LOG.debug("pdp={}".format(pdp)) - self.create_wrappers() - for _pdp_key, _pdp_value in pdp.json()['pdps'].items(): - if _pdp_value.get('keystone_project_id'): - # TODO: select context to add security function - self.create_security_function( - keystone_project_id=_pdp_value.get('keystone_project_id'), - pdp_id=_pdp_key, - policy_ids=_pdp_value.get('security_pipeline', [])) - - def __hook_errors(self): - - def get_404_json(e): - return jsonify({"result": False, "code": 404, "description": str(e)}), 404 - self.app.register_error_handler(404, get_404_json) - - def get_400_json(e): - return jsonify({"result": False, "code": 400, "description": str(e)}), 400 - self.app.register_error_handler(400, lambda e: get_400_json) - self.app.register_error_handler(403, exceptions.AuthException) - - def __set_route(self): - self.api.add_resource(Root, '/') - - for api in __API__: - self.api.add_resource(api, *api.__urls__) - self.api.add_resource(Pods, *Pods.__urls__, - resource_class_kwargs={ - "driver": self.driver, - "create_security_function_hook": - self.create_security_function, - }) - - def run(self): - self.app.run(host=self._host, port=self._port) # nosec - - @staticmethod - def __filter_str(data): - return data.replace("@", "-") - - def create_wrappers(self): - contexts, active_context = self.driver.get_slaves() - LOG.debug("contexts: {}".format(contexts)) - LOG.debug("active_context: {}".format(active_context)) - conf = configuration.get_configuration("components/wrapper") - hostname = conf["components/wrapper"].get( - "hostname", "wrapper") - port = conf["components/wrapper"].get("port", 80) - container = conf["components/wrapper"].get( - "container", - "wukongsun/moon_wrapper:v4.3") - for _ctx in contexts: - _config = config.new_client_from_config(context=_ctx['name']) - LOG.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - # TODO: get data from consul - data = [{ - "name": hostname + "-" + get_random_name(), - "container": container, - "port": port, - "namespace": "moon" - }, ] - pod = self.driver.load_pod(data, api_client, ext_client, expose=True) - LOG.debug('wrapper pod={}'.format(pod)) - - def create_security_function(self, keystone_project_id, - pdp_id, policy_ids, manager_data={}, - active_context=None, - active_context_name=None): - """ Create security functions - - :param policy_id: the policy ID mapped to this security function - :param active_context: if present, add the security function in this - context - :param active_context_name: if present, add the security function in - this context name - if active_context_name and active_context are not present, add the - security function in all context (ie, in all slaves) - :return: None - """ - for key, value in self.driver.get_pods().items(): - for _pod in value: - if _pod.get('keystone_project_id') == keystone_project_id: - LOG.warning("A pod for this Keystone project {} " - "already exists.".format(keystone_project_id)) - return - - plugins = configuration.get_plugins() - conf = configuration.get_configuration("components/interface") - i_hostname = conf["components/interface"].get("hostname", "interface") - i_port = conf["components/interface"].get("port", 80) - i_container = conf["components/interface"].get( - "container", - "wukongsun/moon_interface:v4.3") - data = [ - { - "name": i_hostname + "-" + get_random_name(), - "container": i_container, - "port": i_port, - 'pdp_id': pdp_id, - 'genre': "interface", - 'keystone_project_id': keystone_project_id, - "namespace": "moon" - }, - ] - LOG.info("data={}".format(data)) - policies = manager_data.get('policies') - if not policies: - LOG.info("No policy data from Manager, trying to get them") - policies = requests.get("http://{}:{}/policies".format( - self.manager_hostname, self.manager_port)).json().get( - "policies", dict()) - LOG.info("policies={}".format(policies)) - models = manager_data.get('models') - if not models: - LOG.info("No models data from Manager, trying to get them") - models = requests.get("http://{}:{}/models".format( - self.manager_hostname, self.manager_port)).json().get( - "models", dict()) - LOG.info("models={}".format(models)) - - for policy_id in policy_ids: - if policy_id in policies: - genre = policies[policy_id].get("genre", "authz") - if genre in plugins: - for meta_rule in models[policies[policy_id]['model_id']]['meta_rules']: - data.append({ - "name": genre + "-" + get_random_name(), - "container": plugins[genre]['container'], - 'pdp_id': pdp_id, - "port": plugins[genre].get('port', 8080), - 'genre': genre, - 'policy_id': policy_id, - 'meta_rule_id': meta_rule, - 'keystone_project_id': keystone_project_id, - "namespace": "moon" - }) - LOG.info("data={}".format(data)) - contexts, _active_context = self.driver.get_slaves() - LOG.info("active_context_name={}".format(active_context_name)) - LOG.info("active_context={}".format(active_context)) - if active_context_name: - for _context in contexts: - if _context["name"] == active_context_name: - active_context = _context - break - if active_context: - active_context = _active_context - _config = config.new_client_from_config( - context=active_context['name']) - LOG.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.driver.load_pod(data, api_client, ext_client, expose=False) - return - LOG.info("contexts={}".format(contexts)) - for _ctx in contexts: - _config = config.new_client_from_config(context=_ctx['name']) - LOG.debug("_config={}".format(_config)) - api_client = client.CoreV1Api(_config) - ext_client = client.ExtensionsV1beta1Api(_config) - self.driver.load_pod(data, api_client, ext_client, expose=False) - - diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py deleted file mode 100644 index 0cbd535a..00000000 --- a/moonv4/moon_orchestrator/moon_orchestrator/server.py +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import logging -from python_moonutilities import configuration, exceptions -from moon_orchestrator.http_server import HTTPServer - -LOG = logging.getLogger("moon.orchestrator") -DOMAIN = "moon_orchestrator" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) - - -def main(): - configuration.init_logging() - try: - conf = configuration.get_configuration("components/orchestrator") - hostname = conf["components/orchestrator"].get("hostname", "orchestrator") - port = conf["components/orchestrator"].get("port", 80) - bind = conf["components/orchestrator"].get("bind", "127.0.0.1") - except exceptions.ConsulComponentNotFound: - hostname = "orchestrator" - bind = "127.0.0.1" - port = 80 - configuration.add_component(uuid="orchestrator", name=hostname, port=port, bind=bind) - LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) - server = HTTPServer(host=bind, port=port) - return server - - -if __name__ == '__main__': - server = main() - server.run() diff --git a/moonv4/moon_orchestrator/requirements.txt b/moonv4/moon_orchestrator/requirements.txt deleted file mode 100644 index 0d952e6c..00000000 --- a/moonv4/moon_orchestrator/requirements.txt +++ /dev/null @@ -1,8 +0,0 @@ -flask -flask_restful -flask_cors -werkzeug -python_moonutilities -python_moondb -kubernetes -pyaml
\ No newline at end of file diff --git a/moonv4/moon_orchestrator/setup.py b/moonv4/moon_orchestrator/setup.py deleted file mode 100644 index 624dba94..00000000 --- a/moonv4/moon_orchestrator/setup.py +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_orchestrator - - -with open('requirements.txt') as f: - required = f.read().splitlines() - -setup( - - name='moon_orchestrator', - - version=moon_orchestrator.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.md').read(), - - install_requires=required, - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon/', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_orchestrator = moon_orchestrator.server:main', - ], - } - -) diff --git a/moonv4/moon_orchestrator/tests/unit_python/conftest.py b/moonv4/moon_orchestrator/tests/unit_python/conftest.py deleted file mode 100644 index 044489e6..00000000 --- a/moonv4/moon_orchestrator/tests/unit_python/conftest.py +++ /dev/null @@ -1,18 +0,0 @@ -import pytest -import requests_mock -import mock_pods -from utilities import CONTEXT - - -@pytest.fixture -def context(): - return CONTEXT - - -@pytest.fixture(autouse=True) -def no_requests(monkeypatch): - """ Modify the response from Requests module - """ - with requests_mock.Mocker(real_http=True) as m: - mock_pods.register_pods(m) - yield m
\ No newline at end of file diff --git a/moonv4/moon_orchestrator/tests/unit_python/mock_pods.py b/moonv4/moon_orchestrator/tests/unit_python/mock_pods.py deleted file mode 100644 index c5633152..00000000 --- a/moonv4/moon_orchestrator/tests/unit_python/mock_pods.py +++ /dev/null @@ -1,404 +0,0 @@ -from kubernetes import client, config -from utilities import CONF, get_b64_conf, COMPONENTS - -pdp_mock = { - "pdp_id1": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - }, - "pdp_id12": { - "name": "...", - "security_pipeline": ["policy_id_1", "policy_id_2"], - "keystone_project_id": "keystone_project_id1", - "description": "...", - } -} - -meta_rules_mock = { - "meta_rule_id1": { - "name": "meta_rule1", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - }, - "meta_rule_id2": { - "name": "name of the meta rules2", - "algorithm": "name of the meta rule algorithm", - "subject_categories": ["subject_category_id1", - "subject_category_id2"], - "object_categories": ["object_category_id1"], - "action_categories": ["action_category_id1"] - } -} - -policies_mock = { - "policy_id_1": { - "name": "test_policy1", - "model_id": "model_id_1", - "genre": "authz", - "description": "test", - }, - "policy_id_2": { - "name": "test_policy2", - "model_id": "model_id_2", - "genre": "authz", - "description": "test", - } -} - -subject_mock = { - "policy_id_1": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - }, - "policy_id_2": { - "subject_id": { - "name": "subject_name", - "keystone_id": "keystone_project_id1", - "description": "a description" - } - } -} - -subject_assignment_mock = { - "subject_id": { - "policy_id": "ID of the policy", - "subject_id": "ID of the subject", - "category_id": "ID of the category", - "assignments": [], - } -} - -object_mock = { - "policy_id_1": { - "object_id": { - "name": "object_name", - "description": "a description" - } - }, - "policy_id_2": { - "object_id": { - "name": "object_name", - "description": "a description" - } - } -} - -object_assignment_mock = { - "object_id": { - "policy_id": "ID of the policy", - "object_id": "ID of the object", - "category_id": "ID of the category", - "assignments": [], - } -} - -action_mock = { - "policy_id_1": { - "action_id": { - "name": "action_name", - "description": "a description" - } - }, - "policy_id_2": { - "action_id": { - "name": "action_name", - "description": "a description" - } - } -} - -action_assignment_mock = { - "action_id": { - "policy_id": "ID of the policy", - "action_id": "ID of the action", - "category_id": "ID of the category", - "assignments": [], - } -} - -models_mock = { - "model_id_1": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id1"] - }, - "model_id_2": { - "name": "test_model", - "description": "test", - "meta_rules": ["meta_rule_id2"] - }, -} - -rules_mock = { - "rules": { - "meta_rule_id": "meta_rule_id1", - "rule_id1": { - "rule": ["subject_data_id1", - "object_data_id1", - "action_data_id1"], - "instructions": ( - {"decision": "grant"}, - # "grant" to immediately exit, - # "continue" to wait for the result of next policy - # "deny" to deny the request - ) - }, - "rule_id2": { - "rule": ["subject_data_id2", - "object_data_id2", - "action_data_id2"], - "instructions": ( - { - "update": { - "operation": "add", - # operations may be "add" or "delete" - "target": "rbac:role:admin" - # add the role admin to the current user - } - }, - {"chain": {"name": "rbac"}} - # chain with the policy named rbac - ) - } - } -} - - -def patch_k8s(monkeypatch): - def _load_kube_config_mockreturn(*args, **kwargs): - return - monkeypatch.setattr(config, 'load_kube_config', - _load_kube_config_mockreturn) - - def list_kube_config_contexts_mockreturn(*args, **kwargs): - return [{"name": "active_context"}], {"name": "active_context"} - monkeypatch.setattr(config, 'list_kube_config_contexts', - list_kube_config_contexts_mockreturn) - - def new_client_from_config_mockreturn(*args, **kwargs): - return {"client": True} - monkeypatch.setattr(config, 'new_client_from_config', - new_client_from_config_mockreturn) - - def list_pod_for_all_namespaces_mockreturn(*args, **kwargs): - class pods: - items = [] - return pods - monkeypatch.setattr(client.CoreV1Api, 'list_pod_for_all_namespaces', - list_pod_for_all_namespaces_mockreturn) - - def create_namespaced_deployment_mockreturn(*args, **kwargs): - - class metadata: - uid = "123456789" - - class pod: - def __init__(self): - self.metadata = metadata() - return pod() - monkeypatch.setattr(client.ExtensionsV1beta1Api, - 'create_namespaced_deployment', - create_namespaced_deployment_mockreturn) - - def create_namespaced_service_mockreturn(*args, **kwargs): - return {} - monkeypatch.setattr(client.CoreV1Api, - 'create_namespaced_service', - create_namespaced_service_mockreturn) - - -def register_pods(m): - """ Modify the response from Requests module - """ - register_consul(m) - register_pdp(m) - # register_meta_rules(m) - register_policies(m) - register_models(m) - # register_policy_subject(m, "policy_id_1") - # register_policy_subject(m, "policy_id_2") - # register_policy_object(m, "policy_id_1") - # register_policy_object(m, "policy_id_2") - # register_policy_action(m, "policy_id_1") - # register_policy_action(m, "policy_id_2") - # register_policy_subject_assignment(m, "policy_id_1", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_1") - # register_policy_subject_assignment(m, "policy_id_2", "subject_id") - # register_policy_subject_assignment_list(m1, "policy_id_2") - # register_policy_object_assignment(m, "policy_id_1", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_1") - # register_policy_object_assignment(m, "policy_id_2", "object_id") - # register_policy_object_assignment_list(m1, "policy_id_2") - # register_policy_action_assignment(m, "policy_id_1", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_1") - # register_policy_action_assignment(m, "policy_id_2", "action_id") - # register_policy_action_assignment_list(m1, "policy_id_2") - # register_rules(m, "policy_id1") - - -def register_consul(m): - for component in COMPONENTS: - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/{}'.format(component), - json=[{'Key': component, 'Value': get_b64_conf(component)}] - ) - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/components_port_start', - json=[ - { - "LockIndex": 0, - "Key": "components_port_start", - "Flags": 0, - "Value": "MzEwMDE=", - "CreateIndex": 9, - "ModifyIndex": 9 - } - ], - ) - m.register_uri( - 'PUT', 'http://consul:8500/v1/kv/components_port_start', - json=[], - ) - m.register_uri( - 'GET', 'http://consul:8500/v1/kv/plugins?recurse=true', - json=[ - { - "LockIndex": 0, - "Key": "plugins/authz", - "Flags": 0, - "Value": "eyJjb250YWluZXIiOiAid3Vrb25nc3VuL21vb25fYXV0aHo6djQuMyIsICJwb3J0IjogODA4MX0=", - "CreateIndex": 14, - "ModifyIndex": 656 - } - ], - ) - - -def register_pdp(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'pdp'), - json={'pdps': pdp_mock} - ) - - -def register_meta_rules(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'meta_rules'), - json={'meta_rules': meta_rules_mock} - ) - - -def register_policies(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies'), - json={'policies': policies_mock} - ) - - -def register_models(m): - m.register_uri( - 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'models'), - json={'models': models_mock} - ) - - -def register_policy_subject(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'subjects': subject_mock[policy_id]} - ) - - -def register_policy_object(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'objects': object_mock[policy_id]} - ) - - -def register_policy_action(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', policy_id), - json={'actions': action_mock[policy_id]} - ) - - -def register_policy_subject_assignment(m, policy_id, subj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - subj_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_subject_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'subject_assignments': subject_assignment_mock} - ) - - -def register_policy_object_assignment(m, policy_id, obj_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - obj_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_object_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'object_assignments': object_assignment_mock} - ) - - -def register_policy_action_assignment(m, policy_id, action_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, - action_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_policy_action_assignment_list(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id), - json={'action_assignments': action_assignment_mock} - ) - - -def register_rules(m, policy_id): - m.register_uri( - 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'], - CONF['components']['manager']['port'], 'policies', - policy_id, 'rules'), - json={'rules': rules_mock} - )
\ No newline at end of file diff --git a/moonv4/moon_orchestrator/tests/unit_python/requirements.txt b/moonv4/moon_orchestrator/tests/unit_python/requirements.txt deleted file mode 100644 index 21975ce3..00000000 --- a/moonv4/moon_orchestrator/tests/unit_python/requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -flask -flask_cors -flask_restful -python_moondb -python_moonutilities
\ No newline at end of file diff --git a/moonv4/moon_orchestrator/tests/unit_python/test_pods.py b/moonv4/moon_orchestrator/tests/unit_python/test_pods.py deleted file mode 100644 index 42c8404b..00000000 --- a/moonv4/moon_orchestrator/tests/unit_python/test_pods.py +++ /dev/null @@ -1,43 +0,0 @@ -import json -from mock_pods import patch_k8s -from utilities import get_json - - -def test_get_pods(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.main() - _client = server.app.test_client() - req = _client.get("/pods") - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "pods" in data - - -def test_add_pods(context, monkeypatch): - patch_k8s(monkeypatch) - - import moon_orchestrator.server - server = moon_orchestrator.server.main() - _client = server.app.test_client() - data = { - "keystone_project_id": context.get('project_id'), - "pdp_id": context.get('pdp_id'), - "security_pipeline": context.get('security_pipeline'), - } - req = _client.post("/pods", data=json.dumps(data), - headers={'Content-Type': 'application/json'}) - assert req.status_code == 200 - assert req.data - data = get_json(req.data) - assert isinstance(data, dict) - assert "pods" in data - assert data["pods"] - - -def test_delete_pods(context, monkeypatch): - # TODO - pass diff --git a/moonv4/moon_orchestrator/tests/unit_python/utilities.py b/moonv4/moon_orchestrator/tests/unit_python/utilities.py deleted file mode 100644 index aec03d9d..00000000 --- a/moonv4/moon_orchestrator/tests/unit_python/utilities.py +++ /dev/null @@ -1,173 +0,0 @@ -import base64 -import json -import pytest -from uuid import uuid4 - - -CONF = { - "openstack": { - "keystone": { - "url": "http://keystone:5000/v3", - "user": "admin", - "check_token": False, - "password": "p4ssw0rd", - "domain": "default", - "certificate": False, - "project": "admin" - } - }, - "components": { - "wrapper": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_wrapper:v4.3", - "timeout": 5, - "hostname": "wrapper" - }, - "manager": { - "bind": "0.0.0.0", - "port": 8082, - "container": "wukongsun/moon_manager:v4.3", - "hostname": "manager" - }, - "port_start": 31001, - "orchestrator": { - "bind": "0.0.0.0", - "port": 8083, - "container": "wukongsun/moon_orchestrator:v4.3", - "hostname": "interface" - }, - "interface": { - "bind": "0.0.0.0", - "port": 8080, - "container": "wukongsun/moon_interface:v4.3", - "hostname": "interface" - } - }, - "plugins": { - "session": { - "port": 8082, - "container": "asteroide/session:latest" - }, - "authz": { - "port": 8081, - "container": "wukongsun/moon_authz:v4.3" - } - }, - "logging": { - "handlers": { - "file": { - "filename": "/tmp/moon.log", - "class": "logging.handlers.RotatingFileHandler", - "level": "DEBUG", - "formatter": "custom", - "backupCount": 3, - "maxBytes": 1048576 - }, - "console": { - "class": "logging.StreamHandler", - "formatter": "brief", - "level": "INFO", - "stream": "ext://sys.stdout" - } - }, - "formatters": { - "brief": { - "format": "%(levelname)s %(name)s %(message)-30s" - }, - "custom": { - "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s" - } - }, - "root": { - "handlers": [ - "console" - ], - "level": "ERROR" - }, - "version": 1, - "loggers": { - "moon": { - "handlers": [ - "console", - "file" - ], - "propagate": False, - "level": "DEBUG" - } - } - }, - "slave": { - "name": None, - "master": { - "url": None, - "login": None, - "password": None - } - }, - "docker": { - "url": "tcp://172.88.88.1:2376", - "network": "moon" - }, - "database": { - "url": "sqlite:///database.db", - # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon", - "driver": "sql" - }, - "messenger": { - "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon" - } -} - - -CONTEXT = { - "project_id": "a64beb1cc224474fb4badd43173e7101", - "subject_name": "testuser", - "object_name": "vm1", - "action_name": "boot", - "request_id": uuid4().hex, - "interface_name": "interface", - "manager_url": "http://{}:{}".format( - CONF["components"]["manager"]["hostname"], - CONF["components"]["manager"]["port"] - ), - "cookie": uuid4().hex, - "pdp_id": "b3d3e18abf3340e8b635fd49e6634ccd", - "security_pipeline": ["f8f49a779ceb47b3ac810f01ef71b4e0"] - } - - -COMPONENTS = ( - "logging", - "openstack/keystone", - "database", - "slave", - "components/manager", - "components/orchestrator", - "components/interface", - "components/wrapper", -) - - -def get_b64_conf(component=None): - if component == "components": - return base64.b64encode( - json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8') - elif component in CONF: - return base64.b64encode( - json.dumps( - CONF[component]).encode('utf-8')+b"\n").decode('utf-8') - elif not component: - return base64.b64encode( - json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8') - elif "/" in component: - key1, _, key2 = component.partition("/") - return base64.b64encode( - json.dumps( - CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8') - - -def get_json(data): - return json.loads(data.decode("utf-8")) - - |