diff options
Diffstat (limited to 'moonv4/moon_router')
| -rw-r--r-- | moonv4/moon_router/Dockerfile | 11 | ||||
| -rw-r--r-- | moonv4/moon_router/LICENSE | 204 | ||||
| -rw-r--r-- | moonv4/moon_router/MANIFEST.in | 9 | ||||
| -rw-r--r-- | moonv4/moon_router/README.md | 18 | ||||
| -rw-r--r-- | moonv4/moon_router/doc/api-moon-secrouter.pdf | bin | 195778 -> 0 bytes | |||
| -rw-r--r-- | moonv4/moon_router/doc/api.pdf | bin | 195377 -> 0 bytes | |||
| -rw-r--r-- | moonv4/moon_router/moon_router/__init__.py | 6 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/__main__.py | 3 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/api/__init__.py | 0 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/api/generic.py | 46 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/api/route.py | 472 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/messenger.py | 69 | ||||
| -rw-r--r-- | moonv4/moon_router/moon_router/server.py | 63 | ||||
| -rw-r--r-- | moonv4/moon_router/requirements.txt | 7 | ||||
| -rw-r--r-- | moonv4/moon_router/setup.py | 46 | ||||
| -rw-r--r-- | moonv4/moon_router/tests/moon_db-0.1.0.tar.gz | bin | 21423 -> 0 bytes | |||
| -rw-r--r-- | moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz | bin | 8640 -> 0 bytes |
17 files changed, 0 insertions, 954 deletions
diff --git a/moonv4/moon_router/Dockerfile b/moonv4/moon_router/Dockerfile deleted file mode 100644 index 1722b801..00000000 --- a/moonv4/moon_router/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM ubuntu:latest - -RUN apt update && apt install python3.5 python3-pip -y -RUN pip3 install pip --upgrade - -ADD . /root -WORKDIR /root/ -RUN pip3 install -r requirements.txt --upgrade -RUN pip3 install . - -CMD ["python3", "-m", "moon_router"]
\ No newline at end of file diff --git a/moonv4/moon_router/LICENSE b/moonv4/moon_router/LICENSE deleted file mode 100644 index 4143aac2..00000000 --- a/moonv4/moon_router/LICENSE +++ /dev/null @@ -1,204 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - ---- License for python-keystoneclient versions prior to 2.1 --- - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of this project nor the names of its contributors may - be used to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/moonv4/moon_router/MANIFEST.in b/moonv4/moon_router/MANIFEST.in deleted file mode 100644 index 1f674d50..00000000 --- a/moonv4/moon_router/MANIFEST.in +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt diff --git a/moonv4/moon_router/README.md b/moonv4/moon_router/README.md deleted file mode 100644 index 91899b31..00000000 --- a/moonv4/moon_router/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Router: Core module for the Moon project - -This package contains the core module for the Moon project -It is designed to provide authorization features to all OpenStack components. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon - -## Build Image -```bash -docker image build -t wukongsun/moon_router:v4.1 . -``` - -## Push Image -```bash -docker push wukongsun/moon_router:v4.1 -```
\ No newline at end of file diff --git a/moonv4/moon_router/doc/api-moon-secrouter.pdf b/moonv4/moon_router/doc/api-moon-secrouter.pdf Binary files differdeleted file mode 100644 index 9ba75db0..00000000 --- a/moonv4/moon_router/doc/api-moon-secrouter.pdf +++ /dev/null diff --git a/moonv4/moon_router/doc/api.pdf b/moonv4/moon_router/doc/api.pdf Binary files differdeleted file mode 100644 index b7d91293..00000000 --- a/moonv4/moon_router/doc/api.pdf +++ /dev/null diff --git a/moonv4/moon_router/moon_router/__init__.py b/moonv4/moon_router/moon_router/__init__.py deleted file mode 100644 index 903c6518..00000000 --- a/moonv4/moon_router/moon_router/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "0.1.0" diff --git a/moonv4/moon_router/moon_router/__main__.py b/moonv4/moon_router/moon_router/__main__.py deleted file mode 100644 index 0d7a8fe6..00000000 --- a/moonv4/moon_router/moon_router/__main__.py +++ /dev/null @@ -1,3 +0,0 @@ -from moon_router.server import main - -main() diff --git a/moonv4/moon_router/moon_router/api/__init__.py b/moonv4/moon_router/moon_router/api/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/moonv4/moon_router/moon_router/api/__init__.py +++ /dev/null diff --git a/moonv4/moon_router/moon_router/api/generic.py b/moonv4/moon_router/moon_router/api/generic.py deleted file mode 100644 index d066f715..00000000 --- a/moonv4/moon_router/moon_router/api/generic.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from moon_utilities.security_functions import call - - -class Status(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def __get_status(self, ctx, args={}): - return {"status": "Running"} - - def get_status(self, ctx, args={}): - status = dict() - if "component_id" in ctx and ctx["component_id"] == "security_router": - return {"security_router": self.__get_status(ctx, args)} - elif "component_id" in ctx and ctx["component_id"]: - # TODO (dthom): check if component exist - status[ctx["component_id"]] = call(ctx["component_id"], ctx, "get_status", args=args) - else: - # TODO (dthom): must get the status of all containers - status["orchestrator"] = call("orchestrator", ctx, "get_status", args=args) - status["security_router"] = self.__get_status(ctx, args) - return status - - -class Logs(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def get_logs(self, ctx, args={}): - logs = dict() - logs["orchestrator"] = call("orchestrator", ctx, "get_logs", args=args) - # TODO (dthom): must get the logs of all containers - logs["security_router"] = {"error": "Not implemented", "ctx": ctx, "args": args} - return logs - - diff --git a/moonv4/moon_router/moon_router/api/route.py b/moonv4/moon_router/moon_router/api/route.py deleted file mode 100644 index c9cfb82a..00000000 --- a/moonv4/moon_router/moon_router/api/route.py +++ /dev/null @@ -1,472 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import copy -import time -import itertools -from uuid import uuid4 -from oslo_log import log as logging -from moon_utilities.security_functions import call, notify -from moon_router.api.generic import Status, Logs -from moon_utilities import configuration - -LOG = logging.getLogger("moon.router.api.route") - -API = { - "orchestrator": ( - "add_container", - "delete_container", - "add_slave", - "get_slaves", - "delete_slave" - ), - # TODO (asteroide): need to check if some of those calls need (or not) to be called "update_" - "manager": ( - "get_subject_assignments", - "set_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "set_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "set_action_assignment", - "delete_action_assignment", - "get_subject_data", - "add_subject_data", - "delete_subject_data", - "get_object_data", - "add_object_data", - "delete_object_data", - "get_action_data", - "add_action_data", - "delete_action_data", - "get_subject_categories", - "set_subject_category", - "delete_subject_category", - "get_object_categories", - "set_object_category", - "delete_object_category", - "get_action_categories", - "set_action_category", - "delete_action_category", - "add_meta_rules", - "delete_meta_rules", - "get_meta_rules", - "set_meta_rules", - "get_models", - "add_model", - "delete_model", - "update_model", - "get_pdp", - "add_pdp", - "delete_pdp", - "update_pdp", - "get_subjects", - "set_subject", - "delete_subject", - "get_objects", - "set_object", - "delete_object", - "get_actions", - "set_action", - "delete_action", - "get_policies", - "add_policy", - "delete_policy", - "update_policy", - "get_subject_assignments", - "update_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "update_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "update_action_assignment", - "delete_action_assignment", - "get_rules", - "add_rule", - "delete_rule", - "update_from_master" - ), - "function": ( - "authz", - "return_authz", - ), -} - - -class Cache(object): - - # TODO (asteroide): set cache integer in CONF file - __UPDATE_INTERVAL = 10 - - __CONTAINERS = {} - __CONTAINERS_UPDATE = 0 - - __CONTAINER_CHAINING_UPDATE = 0 - __CONTAINER_CHAINING = {} - - __PDP = {} - __PDP_UPDATE = 0 - - __POLICIES = {} - __POLICIES_UPDATE = 0 - - __MODELS = {} - __MODELS_UPDATE = 0 - - __AUTHZ_REQUESTS = {} - - def update(self, component=None): - self.__update_container() - self.__update_pdp() - self.__update_policies() - self.__update_models() - for key, value in self.__PDP.items(): - LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) - self.__update_container_chaining(value["keystone_project_id"]) - - @property - def authz_requests(self): - return self.__AUTHZ_REQUESTS - - def __update_pdp(self): - pdp = call("moon_manager", method="get_pdp", ctx={"user_id": "admin"}, args={}) - if not pdp["pdps"]: - LOG.info("Updating PDP through master") - pdp = call("moon_manager", method="get_pdp", - ctx={ - "user_id": "admin", - 'call_master': True - }, - args={}) - for _pdp in pdp["pdps"].values(): - if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING: - self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} - # Note (asteroide): force update of chaining - self.__update_container_chaining(_pdp['keystone_project_id']) - for key, value in pdp["pdps"].items(): - self.__PDP[key] = value - - @property - def pdp(self): - current_time = time.time() - if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_pdp() - self.__PDP_UPDATE = current_time - return self.__PDP - - def __update_policies(self): - policies = call("moon_manager", method="get_policies", ctx={"user_id": "admin"}, args={}) - for key, value in policies["policies"].items(): - self.__POLICIES[key] = value - - @property - def policies(self): - current_time = time.time() - if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_policies() - self.__POLICIES_UPDATE = current_time - return self.__POLICIES - - def __update_models(self): - models = call("moon_manager", method="get_models", ctx={"user_id": "admin"}, args={}) - for key, value in models["models"].items(): - self.__MODELS[key] = value - - @property - def models(self): - current_time = time.time() - if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_models() - self.__MODELS_UPDATE = current_time - return self.__MODELS - - def __update_container(self): - containers = call("orchestrator", method="get_container", ctx={}, args={}) - for key, value in containers["containers"].items(): - self.__CONTAINERS[key] = value - - @property - def container_chaining(self): - current_time = time.time() - if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: - for key, value in self.pdp.items(): - self.__update_container_chaining(value["keystone_project_id"]) - self.__CONTAINER_CHAINING_UPDATE = current_time - return self.__CONTAINER_CHAINING - - def __update_container_chaining(self, keystone_project_id): - container_ids = [] - for pdp_id, pdp_value, in CACHE.pdp.items(): - LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) - if pdp_value: - if pdp_value["keystone_project_id"] == keystone_project_id: - for policy_id in pdp_value["security_pipeline"]: - model_id = CACHE.policies[policy_id]['model_id'] - LOG.info("model_id = {}".format(model_id)) - LOG.info("CACHE = {}".format(CACHE.models[model_id])) - for meta_rule_id in CACHE.models[model_id]["meta_rules"]: - LOG.info("CACHE.containers = {}".format(CACHE.containers)) - for container_id, container_values, in CACHE.containers.items(): - LOG.info("container_id, container_values = {}".format(container_id, container_values)) - for container_value in container_values: - LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) - if container_value["meta_rule_id"] == meta_rule_id: - container_ids.append( - { - "container_id": container_value["container_id"], - "genre": container_value["genre"] - } - ) - break - self.__CONTAINER_CHAINING[keystone_project_id] = container_ids - - @property - def containers(self): - """intra_extensions cache - example of content : - { - "pdp_uuid1": "component_uuid1", - "pdp_uuid2": "component_uuid2", - } - :return: - """ - current_time = time.time() - if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_container() - self.__CONTAINERS_UPDATE = current_time - return self.__CONTAINERS - - -CACHE = Cache() - - -class AuthzRequest: - - result = None - req_max_delay = 2 - - def __init__(self, ctx, args): - self.ctx = ctx - self.args = args - self.request_id = ctx["request_id"] - if self.ctx['id'] not in CACHE.container_chaining: - LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) - # TODO (asteroide): add a better exception handler - raise Exception("Unknown Project ID {}".format(self.ctx['id'])) - self.container_chaining = CACHE.container_chaining[self.ctx['id']] - ctx["container_chaining"] = copy.deepcopy(self.container_chaining) - LOG.info("self.container_chaining={}".format(self.container_chaining)) - self.pdp_container = self.container_chaining[0]["container_id"] - self.run() - - def run(self): - notify(request_id=self.request_id, container_id=self.pdp_container, payload=self.ctx) - cpt = 0 - while cpt < self.req_max_delay*10: - time.sleep(0.1) - cpt += 1 - if CACHE.authz_requests[self.request_id]: - self.result = CACHE.authz_requests[self.request_id] - return - LOG.warning("Request {} has timed out".format(self.request_id)) - - def is_authz(self): - if not self.result: - return False - authz_results = [] - for key in self.result["pdp_set"]: - if "effect" in self.result["pdp_set"][key]: - if self.result["pdp_set"][key]["effect"] == "grant": - # the pdp is a authorization PDP and grant the request - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "passed": - # the pdp is not a authorization PDP (session or delegation) and had run normally - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "unset": - # the pdp is not a authorization PDP (session or delegation) and had not yep run - authz_results.append(True) - else: - # the pdp is (or not) a authorization PDP and had run badly - authz_results.append(False) - if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: - self.result["pdp_set"]["effect"] = "grant" - if self.result: - if "pdp_set" in self.result and self.result["pdp_set"]["effect"] == "grant": - return True - return False - - -class Router(object): - """ - Route requests to all components. - """ - - __version__ = "0.1.0" - cache_requests = {} - slave_name = "" - - def __init__(self, add_master_cnx): - self.slave = configuration.get_configuration(configuration.SLAVE)["slave"] - try: - self.slave_name = self.slave['name'] - except KeyError: - pass - if self.slave_name and add_master_cnx: - result = call('security_router', method="route", - ctx={ - "name": self.slave_name, - "description": self.slave_name, - "call_master": True, - "method": "add_slave"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - self.slave_name, result - )) - self.slave_id = list(result['slaves'].keys())[0] - result = call('security_router', method="route", - ctx={ - "name": self.slave_name, - "description": self.slave_name, - "call_master": True, - "method": "get_slaves"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when receiving slave names {} {}".format( - self.slave_name, result - )) - LOG.info("SLAVES: {}".format(result)) - - def delete(self): - if self.slave_name and self.slave_id: - result = call('security_router', method="route", - ctx={ - "name": self.slave_name, - "description": self.slave_name, - "call_master": True, - "method": "delete_slave", - "id": self.slave_id}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - self.slave_name, result - )) - LOG.info("SLAVE CONNECTION ENDED!") - LOG.info(result) - - def check_pdp(self, ctx): - _ctx = copy.deepcopy(ctx) - keystone_id = _ctx.pop('id') - # LOG.info("_ctx {}".format(_ctx)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - # LOG.info("check_pdp {}".format(ext)) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - if self.slave_name: - _ctx['call_master'] = True - # update from master if exist and test again - LOG.info("Need to update from master {}".format(keystone_id)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - return False - else: - # Must update from Master - _ctx["keystone_id"] = keystone_id - _ctx["pdp_id"] = None - _ctx["security_pipeline"] = None - _ctx['call_master'] = False - pdp_value = {} - for pdp_id, pdp_value in ext["pdps"].items(): - if keystone_id == pdp_value["keystone_project_id"]: - _ctx["pdp_id"] = keystone_id - _ctx["security_pipeline"] = pdp_value["security_pipeline"] - break - call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) - CACHE.update() - return True - else: - # return False otherwise - return False - return True - - def send_update(self, api, ctx={}, args={}): - # TODO (asteroide): add threads here - if not self.slave_name: - # Note (asteroide): - # if adding or setting an element: do nothing - # if updating or deleting an element: force deletion in the slave - if "update_" in api or "delete_" in api: - for slave_id, slave_dict in call("orchestrator", method="get_slaves", ctx={}, args={})['slaves'].items(): - LOG.info('send_update slave_id={}'.format(slave_id)) - LOG.info('send_update slave_dict={}'.format(slave_dict)) - ctx['method'] = api.replace("update", "delete") - # TODO (asteroide): force data_id to None to force the deletion in the slave - result = call("security_router_"+slave_dict['name'], method="route", ctx=ctx, args=args) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending update to {} {}".format( - "security_router_"+slave_dict['name'], result - )) - - def route(self, ctx, args): - """Route the request to the right endpoint - - :param ctx: dictionary depending of the real destination - :param args: dictionary depending of the real destination - :return: dictionary depending of the real destination - """ - LOG.info("Get Route {} {}".format(ctx, args)) - if ctx["method"] == "get_status": - return Status().get_status(ctx=ctx, args=args) - if ctx["method"] == "get_logs": - return Logs().get_logs(ctx=ctx, args=args) - for component in API: - if ctx["method"] in API[component]: - if component == "orchestrator": - return call(component, method=ctx["method"], ctx=ctx, args=args) - if component == "manager": - result = call("moon_manager", method=ctx["method"], ctx=ctx, args=args) - if ctx["method"] == "get_pdp": - _ctx = copy.deepcopy(ctx) - _ctx["call_master"] = True - result2 = call("moon_manager", method=ctx["method"], ctx=_ctx, args=args) - result["pdps"].update(result2["pdps"]) - self.send_update(api=ctx["method"], ctx=ctx, args=args) - return result - if component == "function": - if ctx["method"] == "return_authz": - request_id = ctx["request_id"] - CACHE.authz_requests[request_id] = args - return args - elif self.check_pdp(ctx): - req_id = uuid4().hex - CACHE.authz_requests[req_id] = {} - ctx["request_id"] = req_id - req = AuthzRequest(ctx, args) - # result = copy.deepcopy(req.result) - if req.is_authz(): - return {"authz": True, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"authz": False, - "error": {'code': 403, 'title': 'Authz Error', - 'description': "The authz request is refused."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', - 'description': "Function component not found."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - - # TODO (asteroide): must raise an exception here ? - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', 'description': "Endpoint method not found."}, - "intra_extension_id": ctx["id"], - "ctx": ctx, "args": args} - diff --git a/moonv4/moon_router/moon_router/messenger.py b/moonv4/moon_router/moon_router/messenger.py deleted file mode 100644 index 0a377678..00000000 --- a/moonv4/moon_router/moon_router/messenger.py +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from oslo_config import cfg -import oslo_messaging -import time -from oslo_log import log as logging -from moon_router.api.generic import Status, Logs -from moon_router.api.route import Router -from moon_utilities.api import APIList -from moon_utilities import configuration - -LOG = logging.getLogger("moon.router.messenger") - - -class Server: - - TOPIC = "security_router" - - def __init__(self, add_master_cnx=False): - slave = configuration.get_configuration(configuration.SLAVE)["slave"] - cfg.CONF.transport_url = self.__get_transport_url() - if add_master_cnx and slave["master"]["url"]: - self.transport = oslo_messaging.get_transport(cfg.CONF, slave["master"]["url"]) - self.TOPIC = self.TOPIC + "_" + slave["name"] - else: - self.transport = oslo_messaging.get_transport(cfg.CONF) - self.target = oslo_messaging.Target(topic=self.TOPIC, server='server1') - LOG.info("Starting MQ server with topic: {}".format(self.TOPIC)) - self.endpoints = [ - APIList((Status, Logs, Router)), - Status(), - Logs(), - Router(add_master_cnx) - ] - self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, - executor='threading', - access_policy=oslo_messaging.DefaultRPCAccessPolicy) - self.__is_alive = False - - @staticmethod - def __get_transport_url(): - messenger = configuration.get_configuration(configuration.MESSENGER)["messenger"] - return messenger['url'] - - def stop(self): - self.__is_alive = False - self.endpoints[-1].delete() - - def run(self): - try: - self.__is_alive = True - self.server.start() - while True: - if self.__is_alive: - time.sleep(1) - else: - break - except KeyboardInterrupt: - print("Stopping server by crtl+c") - except SystemExit: - print("Stopping server with SystemExit") - print("Stopping server") - - self.server.stop() - self.server.wait() - diff --git a/moonv4/moon_router/moon_router/server.py b/moonv4/moon_router/moon_router/server.py deleted file mode 100644 index 1b2bddee..00000000 --- a/moonv4/moon_router/moon_router/server.py +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import threading -import signal -from oslo_log import log as logging -from moon_utilities import configuration, exceptions -from moon_router.messenger import Server - - -class AsyncServer(threading.Thread): - - def __init__(self, add_master_cnx): - threading.Thread.__init__(self) - self.server = Server(add_master_cnx=add_master_cnx) - - def run(self): - self.server.run() - -LOG = logging.getLogger("moon.router") - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) - -background_threads = [] - - -def stop_thread(): - for _t in background_threads: - _t.stop() - - -def main(): - global background_threads - configuration.init_logging() - try: - conf = configuration.get_configuration("components/router") - except exceptions.ConsulComponentNotFound: - conf = configuration.add_component("router", "router") - signal.signal(signal.SIGALRM, stop_thread) - signal.signal(signal.SIGTERM, stop_thread) - signal.signal(signal.SIGABRT, stop_thread) - background_master = None - slave = configuration.get_configuration(configuration.SLAVE)["slave"] - if slave['name']: - background_master = AsyncServer(add_master_cnx=True) - background_threads.append(background_master) - background_slave = AsyncServer(add_master_cnx=False) - background_threads.append(background_slave) - if slave['name']: - background_master.start() - LOG.info("Connecting to master...") - background_slave.start() - LOG.info("Starting main server {}".format(conf["components/router"]["hostname"])) - if slave['name']: - background_master.join() - background_slave.join() - - -if __name__ == '__main__': - main() diff --git a/moonv4/moon_router/requirements.txt b/moonv4/moon_router/requirements.txt deleted file mode 100644 index 9eb4e201..00000000 --- a/moonv4/moon_router/requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -kombu !=4.0.1,!=4.0.0 -oslo.messaging -oslo.config -vine -oslo.log -babel -moon_utilities
\ No newline at end of file diff --git a/moonv4/moon_router/setup.py b/moonv4/moon_router/setup.py deleted file mode 100644 index aabe8349..00000000 --- a/moonv4/moon_router/setup.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_router - - -setup( - - name='moon_router', - - version=moon_router.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.md').read(), - - # install_requires= , - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_router = moon_router.server:main', - ], - } -) diff --git a/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz b/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz Binary files differdeleted file mode 100644 index 14df1d47..00000000 --- a/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz +++ /dev/null diff --git a/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz b/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz Binary files differdeleted file mode 100644 index d3246532..00000000 --- a/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz +++ /dev/null |