aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/python_moonutilities
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/python_moonutilities')
-rw-r--r--moonv4/python_moonutilities/Changelog72
-rw-r--r--moonv4/python_moonutilities/LICENSE202
-rw-r--r--moonv4/python_moonutilities/MANIFEST.in10
-rw-r--r--moonv4/python_moonutilities/README.md33
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/__init__.py6
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/api.py28
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/auth.py76
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/cache.py543
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/configuration.py114
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/exceptions.py522
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/misc.py142
-rw-r--r--moonv4/python_moonutilities/python_moonutilities/security_functions.py531
-rw-r--r--moonv4/python_moonutilities/requirements.txt3
-rw-r--r--moonv4/python_moonutilities/setup.py42
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/conftest.py17
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_cache.py321
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_components.py27
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/mock_keystone.py23
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/requirements.txt2
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/test_cache.py75
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/test_configuration.py5
-rw-r--r--moonv4/python_moonutilities/tests/unit_python/utilities.py136
22 files changed, 0 insertions, 2930 deletions
diff --git a/moonv4/python_moonutilities/Changelog b/moonv4/python_moonutilities/Changelog
deleted file mode 100644
index dd441427..00000000
--- a/moonv4/python_moonutilities/Changelog
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-CHANGES
-=======
-
-0.1.0
------
-- First version of the moon_utilities library.
-
-1.0.0
------
-- First public version of the moon_utilities library.
-
-1.0.1
------
-- Update setup.py to force the installation of requirements.
-
-1.0.2
------
-- Test PyPi upload
-
-1.1.0
------
-- Add functions to get configuration from Consul
-
-1.1.1
------
-- Add a missing requirements
-
-1.2.0
------
-- Add authentication features for interface
-
-1.3.0
------
-- Add cache functionality
-
-1.3.1
------
-- Delete Oslo config possibilities
-
-1.3.2
------
-- Delete Oslo logging and config
-
-1.3.3
------
-- Update the cache
-
-1.3.4
------
-- Fix a bug on the connection between interface and authz
-
-1.4.0
------
-- Add a waiting loop when the Keystone server is not currently available
-
-1.4.1
------
-- Cleanup moon_utilities code
-
-1.4.2
------
-- Update the name of the library (from moon_utilities)
-
-1.4.3
------
-- Fix a bug in MANIFEST.in
diff --git a/moonv4/python_moonutilities/LICENSE b/moonv4/python_moonutilities/LICENSE
deleted file mode 100644
index d6456956..00000000
--- a/moonv4/python_moonutilities/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/moonv4/python_moonutilities/MANIFEST.in b/moonv4/python_moonutilities/MANIFEST.in
deleted file mode 100644
index 2a5ac509..00000000
--- a/moonv4/python_moonutilities/MANIFEST.in
+++ /dev/null
@@ -1,10 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-include README.md
-include LICENSE
-include Changelog
-include setup.py
-include requirements.txt
diff --git a/moonv4/python_moonutilities/README.md b/moonv4/python_moonutilities/README.md
deleted file mode 100644
index 8e21966a..00000000
--- a/moonv4/python_moonutilities/README.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# python-moonutilities Package
-This package contains the core module for the Moon project.
-It is designed to provide authorization feature to all OpenStack components.
-
-For any other information, refer to the parent project:
-
- https://git.opnfv.org/moon
-
-python-moonutilities is a common Python lib for other Moon Python packages
-
-## Build
-### Build Python Package
-```bash
-cd ${MOON_HOME}/python_moonutilities
-python3 setup.py sdist bdist_wheel
-```
-
-### Push Python Package to PIP
-```bash
-cd ${MOON_HOME}/python_moonutilities
-gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonutilities-X.Y.Z-py3-none-any.whl
-gpg --detach-sign -u "${GPG_ID}" -a dist/python_moonutilities-X.Y.Z.tar.gz
-twine upload dist/python_moonutilities-X.Y.Z-py3-none-any.whl dist/python_moonutilities-X.Y.Z-py3-none-any.whl.asc
-twine upload dist/python_moonutilities-X.Y.Z.tar.gz dist/python_moonutilities-X.Y.Z.tar.gz.asc
-```
-
-## Test
-### Python Unit Test
-launch Docker for Python unit tests
-```bash
-cd ${MOON_HOME}/python_moonutilities
-docker run --rm --volume $(pwd):/data wukongsun/moon_python_unit_test:latest
-```
diff --git a/moonv4/python_moonutilities/python_moonutilities/__init__.py b/moonv4/python_moonutilities/python_moonutilities/__init__.py
deleted file mode 100644
index fb899fe2..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/__init__.py
+++ /dev/null
@@ -1,6 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-__version__ = "1.4.3"
diff --git a/moonv4/python_moonutilities/python_moonutilities/api.py b/moonv4/python_moonutilities/python_moonutilities/api.py
deleted file mode 100644
index 8e80c21d..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/api.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-class APIList(object):
-
- API_LIST = ()
-
- def __init__(self, api_list):
- self.API_LIST = api_list
-
- def list_api(self, ctx):
- api = dict()
- for obj in self.API_LIST:
- api[obj.__name__] = dict()
- api[obj.__name__]["description"] = obj.__doc__.strip() if obj.__doc__ else ""
- api[obj.__name__]["version"] = obj.__version__
- api[obj.__name__]["commands"] = dict()
- for cmd in filter(lambda x: not x.startswith("__"), dir(obj)):
- doc = eval("obj.{}.__doc__".format(cmd))
- if not doc:
- doc = ""
- api[obj.__name__]["commands"][cmd] = doc.strip()
- return api
-
-
diff --git a/moonv4/python_moonutilities/python_moonutilities/auth.py b/moonv4/python_moonutilities/python_moonutilities/auth.py
deleted file mode 100644
index 7656f4e7..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/auth.py
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import requests
-import time
-from functools import wraps
-from flask import request
-from oslo_log import log as logging
-from python_moonutilities import exceptions, configuration
-
-
-LOG = logging.getLogger(__name__)
-KEYSTONE_CONFIG = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
-TOKENS = {}
-
-
-def check_token(token, url=None):
- _verify = False
- if KEYSTONE_CONFIG['certificate']:
- _verify = KEYSTONE_CONFIG['certificate']
- try:
- os.environ.pop("http_proxy")
- os.environ.pop("https_proxy")
- except KeyError:
- pass
- if not url:
- url = KEYSTONE_CONFIG['url']
- headers = {
- "Content-Type": "application/json",
- 'X-Subject-Token': token,
- 'X-Auth-Token': token,
- }
- if KEYSTONE_CONFIG['check_token'].lower() in ("false", "no", "n"):
- # TODO (asteroide): must send the admin id
- return "admin" if not token else token
- if KEYSTONE_CONFIG['check_token'].lower() in ("yes", "y", "true"):
- if token in TOKENS:
- delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
- if delta > 0:
- return TOKENS[token]["user"]
- raise exceptions.KeystoneError
- else:
- req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
- # characters after the dot
- token_time = req.json().get("token").get("expires_at").split(".")
- TOKENS[token] = dict()
- TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
- TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
- return TOKENS[token]["user"]
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- elif KEYSTONE_CONFIG['check_token'].lower() == "strict":
- req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- return token
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- raise exceptions.KeystoneError
-
-
-def check_auth(function):
- @wraps(function)
- def wrapper(*args, **kwargs):
- token = request.headers.get('X-Auth-Token')
- token = check_token(token)
- if not token:
- raise exceptions.AuthException
- user_id = kwargs.pop("user_id", token)
- result = function(*args, **kwargs, user_id=user_id)
- return result
- return wrapper
diff --git a/moonv4/python_moonutilities/python_moonutilities/cache.py b/moonv4/python_moonutilities/python_moonutilities/cache.py
deleted file mode 100644
index 93e3daca..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/cache.py
+++ /dev/null
@@ -1,543 +0,0 @@
-import logging
-import time
-import requests
-from uuid import uuid4
-from python_moonutilities import configuration, exceptions
-
-LOG = logging.getLogger("moon.utilities.cache")
-
-
-class Cache(object):
- # TODO (asteroide): set cache integer in CONF file
- '''
- [NOTE] Propose to define the following variables inside the init method
- as defining them out side the init, will be treated as private static variables
- and keep tracks with any changes done anywhere
- for more info : you can check https://docs.python.org/3/tutorial/classes.html#class-and-instance-variables
- '''
- __UPDATE_INTERVAL = 10
-
- __CONTAINERS = {}
- __CONTAINERS_UPDATE = 0
-
- __CONTAINER_CHAINING_UPDATE = 0
- __CONTAINER_CHAINING = {}
-
- __PDP = {}
- __PDP_UPDATE = 0
-
- __POLICIES = {}
- __POLICIES_UPDATE = 0
-
- __MODELS = {}
- __MODELS_UPDATE = 0
-
- __SUBJECTS = {}
- __OBJECTS = {}
- __ACTIONS = {}
-
- __SUBJECT_ASSIGNMENTS = {}
- __OBJECT_ASSIGNMENTS = {}
- __ACTION_ASSIGNMENTS = {}
-
- __SUBJECT_CATEGORIES = {}
- __SUBJECT_CATEGORIES_UPDATE = 0
- __OBJECT_CATEGORIES = {}
- __OBJECT_CATEGORIES_UPDATE = 0
- __ACTION_CATEGORIES = {}
- __ACTION_CATEGORIES_UPDATE = 0
-
- __META_RULES = {}
- __META_RULES_UPDATE = 0
-
- __RULES = {}
- __RULES_UPDATE = 0
-
- __AUTHZ_REQUESTS = {}
-
- def __init__(self):
- self.manager_url = "{}://{}:{}".format(
- configuration.get_components()['manager'].get('protocol', 'http'),
- configuration.get_components()['manager']['hostname'],
- configuration.get_components()['manager']['port']
- )
- self.orchestrator_url = "{}://{}:{}".format(
- configuration.get_components()['orchestrator'].get('protocol', 'http'),
- configuration.get_components()['orchestrator']['hostname'],
- configuration.get_components()['orchestrator']['port']
- )
-
- def update(self):
- self.__update_container()
- self.__update_pdp()
- self.__update_policies()
- self.__update_models()
- for key, value in self.__PDP.items():
- # LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"]))
- self.__update_container_chaining(value["keystone_project_id"])
-
- @property
- def authz_requests(self):
- return self.__AUTHZ_REQUESTS
-
- # perimeter functions
-
- @property
- def subjects(self):
- return self.__SUBJECTS
-
- def update_subjects(self, policy_id=None):
- req = requests.get("{}/policies/{}/subjects".format(
- self.manager_url, policy_id))
- self.__SUBJECTS[policy_id] = req.json()['subjects']
-
- def get_subject(self, policy_id, name):
- try:
- for _subject_id, _subject_dict in self.__SUBJECTS[policy_id].items():
- if _subject_dict["name"] == name:
- return _subject_id
- except KeyError:
- pass
- self.update_subjects(policy_id)
- for _subject_id, _subject_dict in self.__SUBJECTS[policy_id].items():
- if _subject_dict["name"] == name:
- return _subject_id
- raise exceptions.SubjectUnknown("Cannot find subject {}".format(name))
-
- @property
- def objects(self):
- return self.__OBJECTS
-
- def update_objects(self, policy_id=None):
- req = requests.get("{}/policies/{}/objects".format(
- self.manager_url, policy_id))
- self.__OBJECTS[policy_id] = req.json()['objects']
-
- def get_object(self, policy_id, name):
- try:
- for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
- if _object_dict["name"] == name:
- return _object_id
- except KeyError:
- pass
- self.update_objects(policy_id)
- for _object_id, _object_dict in self.__OBJECTS[policy_id].items():
- if _object_dict["name"] == name:
- return _object_id
- raise exceptions.SubjectUnknown("Cannot find object {}".format(name))
-
- @property
- def actions(self):
- return self.__ACTIONS
-
- def update_actions(self, policy_id=None):
- req = requests.get("{}/policies/{}/actions".format(
- self.manager_url, policy_id))
- self.__ACTIONS[policy_id] = req.json()['actions']
-
- def get_action(self, policy_id, name):
- try:
- for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
- if _action_dict["name"] == name:
- return _action_id
- except KeyError:
- pass
- self.update_actions(policy_id)
- for _action_id, _action_dict in self.__ACTIONS[policy_id].items():
- if _action_dict["name"] == name:
- return _action_id
- raise exceptions.SubjectUnknown("Cannot find action {}".format(name))
-
- # meta_rule functions
-
- @property
- def meta_rules(self):
- current_time = time.time()
- if self.__META_RULES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_meta_rules()
- self.__META_RULES_UPDATE = current_time
- return self.__META_RULES
-
- def __update_meta_rules(self):
- req = requests.get("{}/meta_rules".format(self.manager_url))
- self.__META_RULES = req.json()['meta_rules']
-
- # rule functions
-
- @property
- def rules(self):
- current_time = time.time()
- if self.__RULES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_rules()
- self.__RULES_UPDATE = current_time
- return self.__RULES
-
- def __update_rules(self):
- for policy_id in self.__POLICIES:
- LOG.info("Get {}".format("{}/policies/{}/rules".format(
- self.manager_url, policy_id)))
- req = requests.get("{}/policies/{}/rules".format(
- self.manager_url, policy_id))
- self.__RULES[policy_id] = req.json()['rules']
- LOG.info("UPDATE RULES {}".format(self.__RULES))
-
- # assignment functions
-
- @property
- def subject_assignments(self):
- return self.__SUBJECT_ASSIGNMENTS
-
- def update_subject_assignments(self, policy_id=None, perimeter_id=None):
- if perimeter_id:
- req = requests.get("{}/policies/{}/subject_assignments/{}".format(
- self.manager_url, policy_id, perimeter_id))
- else:
- req = requests.get("{}/policies/{}/subject_assignments".format(
- self.manager_url, policy_id))
- if policy_id not in self.__SUBJECT_ASSIGNMENTS:
- self.__SUBJECT_ASSIGNMENTS[policy_id] = {}
- self.__SUBJECT_ASSIGNMENTS[policy_id].update(
- req.json()['subject_assignments'])
-
- def get_subject_assignments(self, policy_id, perimeter_id, category_id):
- if policy_id not in self.subject_assignments:
- self.update_subject_assignments(policy_id, perimeter_id)
- '''
- [NOTE] invalid condition for testing existence of policy_id
- because update_subject_assignments function already add an empty object
- with the given policy_id and then assign the response to it
- as mentioned in these lines of code (line 191,192)
-
- Note: the same condition applied for the object,action assignment
- line 234, 260
- '''
- if policy_id not in self.subject_assignments:
- raise Exception("Cannot found the policy {}".format(policy_id))
- for key, value in self.subject_assignments[policy_id].items():
- if perimeter_id == value['subject_id'] and category_id == value['category_id']:
- return value['assignments']
- return []
-
- @property
- def object_assignments(self):
- return self.__OBJECT_ASSIGNMENTS
-
- def update_object_assignments(self, policy_id=None, perimeter_id=None):
- if perimeter_id:
- req = requests.get("{}/policies/{}/object_assignments/{}".format(
- self.manager_url, policy_id, perimeter_id))
- else:
- req = requests.get("{}/policies/{}/object_assignments".format(
- self.manager_url, policy_id))
- if policy_id not in self.__OBJECT_ASSIGNMENTS:
- self.__OBJECT_ASSIGNMENTS[policy_id] = {}
- self.__OBJECT_ASSIGNMENTS[policy_id].update(
- req.json()['object_assignments'])
-
- def get_object_assignments(self, policy_id, perimeter_id, category_id):
- if policy_id not in self.object_assignments:
- self.update_object_assignments(policy_id, perimeter_id)
- if policy_id not in self.object_assignments:
- raise Exception("Cannot found the policy {}".format(policy_id))
- for key, value in self.object_assignments[policy_id].items():
- if perimeter_id == value['object_id'] and category_id == value['category_id']:
- return value['assignments']
- return []
-
- @property
- def action_assignments(self):
- return self.__ACTION_ASSIGNMENTS
-
- def update_action_assignments(self, policy_id=None, perimeter_id=None):
- if perimeter_id:
- req = requests.get("{}/policies/{}/action_assignments/{}".format(
- self.manager_url, policy_id, perimeter_id))
- else:
- req = requests.get("{}/policies/{}/action_assignments".format(
- self.manager_url, policy_id))
- if policy_id not in self.__ACTION_ASSIGNMENTS:
- self.__ACTION_ASSIGNMENTS[policy_id] = {}
- self.__ACTION_ASSIGNMENTS[policy_id].update(
- req.json()['action_assignments'])
-
- def get_action_assignments(self, policy_id, perimeter_id, category_id):
- if policy_id not in self.action_assignments:
- self.update_action_assignments(policy_id, perimeter_id)
- if policy_id not in self.action_assignments:
- raise Exception("Cannot found the policy {}".format(policy_id))
- for key, value in self.action_assignments[policy_id].items():
- if perimeter_id == value['action_id'] and category_id == value['category_id']:
- return value['assignments']
- return []
-
- # category functions
-
- @property
- def subject_categories(self):
- current_time = time.time()
- if self.__SUBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_subject_categories()
- self.__SUBJECT_CATEGORIES_UPDATE = current_time
- return self.__SUBJECT_CATEGORIES
-
- def __update_subject_categories(self):
- req = requests.get("{}/policies/subject_categories".format(
- self.manager_url))
- self.__SUBJECT_CATEGORIES.update(req.json()['subject_categories'])
-
- @property
- def object_categories(self):
- current_time = time.time()
- if self.__OBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_object_categories()
- self.__OBJECT_CATEGORIES_UPDATE = current_time
- return self.__OBJECT_CATEGORIES
-
- def __update_object_categories(self):
- req = requests.get("{}/policies/object_categories".format(
- self.manager_url))
- self.__OBJECT_CATEGORIES.update(req.json()['object_categories'])
-
- @property
- def action_categories(self):
- current_time = time.time()
- if self.__ACTION_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_action_categories()
- self.__ACTION_CATEGORIES_UPDATE = current_time
- return self.__ACTION_CATEGORIES
-
- def __update_action_categories(self):
- req = requests.get("{}/policies/action_categories".format(
- self.manager_url))
- self.__ACTION_CATEGORIES.update(req.json()['action_categories'])
-
- # PDP functions
-
- def __update_pdp(self):
- req = requests.get("{}/pdp".format(self.manager_url))
- pdp = req.json()
- for _pdp in pdp["pdps"].values():
- if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING:
- self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {}
- # Note (asteroide): force update of chaining
- self.__update_container_chaining(_pdp['keystone_project_id'])
- for key, value in pdp["pdps"].items():
- self.__PDP[key] = value
-
- @property
- def pdp(self):
- """Policy Decision Point
- Example of content:
- {
- "pdp_id": {
- "keystone_project_id": "keystone_project_id",
- "name": "pdp1",
- "description": "test",
- "security_pipeline": [
- "policy_id"
- ]
- }
- }
-
- :return:
- """
- current_time = time.time()
- if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_pdp()
- self.__PDP_UPDATE = current_time
- return self.__PDP
-
- # policy functions
- def __update_policies(self):
- req = requests.get("{}/policies".format(self.manager_url))
- policies = req.json()
- for key, value in policies["policies"].items():
- self.__POLICIES[key] = value
-
- @property
- def policies(self):
- current_time = time.time()
- if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_policies()
- self.__POLICIES_UPDATE = current_time
- return self.__POLICIES
-
- # model functions
-
- def __update_models(self):
- req = requests.get("{}/models".format(self.manager_url))
- models = req.json()
- for key, value in models["models"].items():
- self.__MODELS[key] = value
-
- @property
- def models(self):
- current_time = time.time()
- if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_models()
- self.__MODELS_UPDATE = current_time
- return self.__MODELS
-
- # helper functions
-
- def get_policy_from_meta_rules(self, meta_rule_id):
- for pdp_key, pdp_value in self.pdp.items():
- for policy_id in pdp_value["security_pipeline"]:
- model_id = self.policies[policy_id]["model_id"]
- if meta_rule_id in self.models[model_id]["meta_rules"]:
- return policy_id
-
- def get_pdp_from_keystone_project(self, keystone_project_id):
- for pdp_key, pdp_value in self.pdp.items():
- if keystone_project_id == pdp_value["keystone_project_id"]:
- return pdp_key
-
- def get_keystone_project_id_from_policy_id(self, policy_id):
- for pdp_key, pdp_value in self.pdp.items():
- if policy_id in pdp_value["security_pipeline"]:
- return pdp_value["keystone_project_id"]
- # for policy_id in pdp_value["security_pipeline"]:
- # model_id = self.policies[policy_id]["model_id"]
- # if meta_rule_id in self.models[model_id]["meta_rules"]:
- # return pdp_value["keystone_project_id"]
-
- def get_containers_from_keystone_project_id(self, keystone_project_id,
- meta_rule_id=None):
- for container_id, container_values in self.containers.items():
- for container_value in container_values:
- if 'keystone_project_id' not in container_value:
- continue
- if container_value['keystone_project_id'] == keystone_project_id:
- if not meta_rule_id:
- yield container_id, container_value
- elif container_value.get('meta_rule_id') == meta_rule_id:
- yield container_id, container_value
- break
-
- # containers functions
-
- def __update_container(self):
- req = requests.get("{}/pods".format(self.orchestrator_url))
- pods = req.json()
- for key, value in pods["pods"].items():
- # if key not in self.__CONTAINERS:
- self.__CONTAINERS[key] = value
- # else:
- # for container in value:
- # self.__CONTAINERS[key].update(value)
-
- def add_container(self, container_data):
- """Add a new container in the cache
-
- :param container_data: dictionary with information for the container
- Example:
- {
- "name": name,
- "hostname": name,
- "port": {
- "PrivatePort": tcp_port,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": tcp_port
- },
- "keystone_project_id": uuid,
- "pdp_id": self.CACHE.get_pdp_from_keystone_project(uuid),
- "meta_rule_id": meta_rule_id,
- "container_name": container_name,
- "plugin_name": plugin_name
- "container_id": "container_id"
- }
-
- :return:
- """
- self.__CONTAINERS[uuid4().hex] = {
- "keystone_project_id": container_data['keystone_project_id'],
- "name": container_data['name'],
- "container_id": container_data['container_id'],
- "hostname": container_data['name'],
- "policy_id": container_data['policy_id'],
- "meta_rule_id": container_data['meta_rule_id'],
- "port": [
- {
- "PublicPort": container_data['port']["PublicPort"],
- "Type": container_data['port']["Type"],
- "IP": container_data['port']["IP"],
- "PrivatePort": container_data['port']["PrivatePort"]
- }
- ],
- "genre": container_data['plugin_name']
- }
- self.__update_container_chaining(self.get_keystone_project_id_from_policy_id(container_data['policy_id']))
-
- @property
- def containers(self):
- """Containers cache
- example of content :
- {
- "policy_uuid1": "component_hostname1",
- "policy_uuid2": "component_hostname2",
- }
- :return:
- """
- current_time = time.time()
- if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time:
- self.__update_container()
- self.__CONTAINERS_UPDATE = current_time
- return self.__CONTAINERS
-
- @property
- def container_chaining(self):
- """Cache for mapping Keystone Project ID with meta_rule ID and container ID
- Example of content:
- {
- "keystone_project_id": [
- {
- "container_id": "container_id",
- "genre": "genre",
- "policy_id": "policy_id",
- "meta_rule_id": "meta_rule_id",
- }
- ]
- }
-
- :return:
- """
- current_time = time.time()
- if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time:
- for key, value in self.pdp.items():
- if not value["keystone_project_id"]:
- continue
- self.__update_container_chaining(value["keystone_project_id"])
- self.__CONTAINER_CHAINING_UPDATE = current_time
- LOG.info(self.__CONTAINER_CHAINING_UPDATE)
- return self.__CONTAINER_CHAINING
-
- def __update_container_chaining(self, keystone_project_id):
- container_ids = []
- for pdp_id, pdp_value, in self.__PDP.items():
- if pdp_value:
- if pdp_value["keystone_project_id"] == keystone_project_id:
- for policy_id in pdp_value["security_pipeline"]:
- model_id = self.__POLICIES[policy_id]['model_id']
- for meta_rule_id in self.__MODELS[model_id]["meta_rules"]:
- for container_id, container_value in self.get_containers_from_keystone_project_id(
- keystone_project_id,
- meta_rule_id
- ):
- _raw = requests.get("{}/pods/{}".format(
- self.orchestrator_url, container_value["name"])
- )
- LOG.debug("_raw={}".format(_raw.text))
- container_ids.append(
- {
- "container_id": container_value["name"],
- "genre": container_value["genre"],
- "policy_id": policy_id,
- "meta_rule_id": meta_rule_id,
- "hostname": container_value["name"],
- "hostip": "127.0.0.1",
- "port": container_value["port"],
- }
- )
- self.__CONTAINER_CHAINING[keystone_project_id] = container_ids
-
diff --git a/moonv4/python_moonutilities/python_moonutilities/configuration.py b/moonv4/python_moonutilities/python_moonutilities/configuration.py
deleted file mode 100644
index f0ef74a6..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/configuration.py
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-import base64
-import json
-import requests
-import logging
-import logging.config
-from python_moonutilities import exceptions
-
-LOG = logging.getLogger("moon.utilities")
-
-CONSUL_HOST = "consul"
-CONSUL_PORT = "8500"
-
-DATABASE = "database"
-KEYSTONE = "keystone"
-DOCKER = "docker"
-COMPONENTS = "components"
-
-
-def init_logging():
- config = get_configuration("logging")
- logging.config.dictConfig(config['logging'])
-
-
-def increment_port():
- components_port_start = int(get_configuration("components_port_start")['components_port_start'])
- components_port_start += 1
- url = "http://{}:{}/v1/kv/components_port_start".format(CONSUL_HOST, CONSUL_PORT)
- req = requests.put(url, json=str(components_port_start))
- if req.status_code != 200:
- LOG.info("url={}".format(url))
- raise exceptions.ConsulError
- return components_port_start
-
-
-def get_configuration(key):
- url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key)
- req = requests.get(url)
- if req.status_code != 200:
- LOG.error("url={}".format(url))
- raise exceptions.ConsulComponentNotFound("error={}: {}".format(req.status_code, req.text))
- data = req.json()
- if len(data) == 1:
- data = data[0]
- return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
- else:
- return [
- {item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8"))}
- for item in data
- ]
-
-
-def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra=None, container=None):
- data = {
- "hostname": name,
- "keystone_id": keystone_id,
- "bind": bind,
- "port": port,
- "extra": extra,
- "container": container
- }
- req = requests.put(
- "http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid),
- headers={"content-type": "application/json"},
- json=data
- )
- if req.status_code != 200:
- LOG.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid)))
- LOG.debug("data={}".format(data))
- raise exceptions.ConsulError
- LOG.info("Add component {}".format(req.text))
- return get_configuration("components/"+uuid)
-
-
-def get_plugins():
- url = "http://{}:{}/v1/kv/plugins?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
- req = requests.get(url)
- if req.status_code != 200:
- LOG.info("url={}".format(url))
- raise exceptions.ConsulError
- data = req.json()
- if len(data) == 1:
- data = data[0]
- return {data["Key"].replace("plugins/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
- else:
- return {
- item["Key"].replace("plugins/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
- for item in data
- }
-
-
-def get_components():
- url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT)
- req = requests.get(url)
- if req.status_code != 200:
- LOG.info("url={}".format(url))
- raise exceptions.ConsulError
- data = req.json()
- if len(data) == 1:
- data = data[0]
- return {data["Key"].replace("components/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))}
- else:
- return {
- item["Key"].replace("components/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
- for item in data
- }
-
-
-init_logging()
diff --git a/moonv4/python_moonutilities/python_moonutilities/exceptions.py b/moonv4/python_moonutilities/python_moonutilities/exceptions.py
deleted file mode 100644
index 5bbab2be..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/exceptions.py
+++ /dev/null
@@ -1,522 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from oslo_log import log as logging
-from werkzeug.exceptions import HTTPException
-
-LOG = logging.getLogger("moon.utilities.exceptions")
-_ = str
-
-
-class MoonErrorMetaClass(type):
-
- def __init__(cls, name, bases, dct):
- super(MoonErrorMetaClass, cls).__init__(name, bases, dct)
- cls.hierarchy += "/"+str(name)
-
-
-class MoonError(HTTPException):
- __metaclass__ = MoonErrorMetaClass
- hierarchy = ""
- description = _("There is an error requesting the Moon platform.")
- code = 400
- title = 'Moon Error'
- logger = "ERROR"
-
- def __init__(self, message="", status_code=None, payload=""):
- if message:
- self.description = message
- if status_code:
- self.code = status_code
- self.payload = payload
- super(MoonError, self).__init__()
-
- def __str__(self):
- return "{}: {}".format(self.code, self.title)
-
- def __del__(self):
- message = "{} ({}) {}".format(self.hierarchy, self.description, self.payload)
- if self.logger == "ERROR":
- try:
- LOG.error(message)
- except AttributeError:
- LOG.error(message)
- elif self.logger == "WARNING":
- try:
- LOG.warning(message)
- except AttributeError:
- LOG.warning(message)
- elif self.logger == "CRITICAL":
- try:
- LOG.critical(message)
- except AttributeError:
- LOG.critical(message)
- elif self.logger == "AUTHZ":
- try:
- LOG.authz(self.hierarchy)
- LOG.error(message)
- except AttributeError:
- LOG.error(message)
- else:
- try:
- LOG.info(message)
- except AttributeError:
- LOG.info(message)
-
- # def to_dict(self):
- # rv = dict(self.payload or ())
- # rv['message'] = "{} ({})".format(self.hierarchy, self.description)
- # rv['title'] = self.title
- # rv['code'] = self.code
- # return rv
-
-
-# Exceptions for Tenant
-
-class TenantException(MoonError):
- description = _("There is an error requesting this tenant.")
- code = 400
- title = 'Tenant Error'
- logger = "ERROR"
-
-
-class TenantUnknown(TenantException):
- description = _("The tenant is unknown.")
- code = 400
- title = 'Tenant Unknown'
- logger = "ERROR"
-
-
-class TenantAddedNameExisting(TenantException):
- description = _("The tenant name is existing.")
- code = 400
- title = 'Added Tenant Name Existing'
- logger = "ERROR"
-
-
-class TenantNoIntraExtension(TenantException):
- description = _("The tenant has not intra_extension.")
- code = 400
- title = 'Tenant No Intra_Extension'
- logger = "ERROR"
-
-
-class TenantNoIntraAuthzExtension(TenantNoIntraExtension):
- description = _("The tenant has not intra_admin_extension.")
- code = 400
- title = 'Tenant No Intra_Admin_Extension'
- logger = "ERROR"
-
-# Exceptions for IntraExtension
-
-
-class IntraExtensionException(MoonError):
- description = _("There is an error requesting this IntraExtension.")
- code = 400
- title = 'Extension Error'
-
-
-class IntraExtensionUnknown(IntraExtensionException):
- description = _("The intra_extension is unknown.")
- code = 400
- title = 'Intra Extension Unknown'
- logger = "Error"
-
-
-class ModelUnknown(MoonError):
- description = _("The model is unknown.")
- code = 400
- title = 'Model Unknown'
- logger = "Error"
-
-
-class ModelExisting(MoonError):
- description = _("The model already exists.")
- code = 409
- title = 'Model Error'
- logger = "Error"
-
-
-# Authz exceptions
-
-class AuthzException(MoonError):
- description = _("There is an authorization error requesting this IntraExtension.")
- code = 403
- title = 'Authz Exception'
- logger = "AUTHZ"
-
-
-# Auth exceptions
-
-class AuthException(MoonError):
- description = _("There is an authentication error requesting this API. "
- "You must provide a valid token from Keystone.")
- code = 401
- title = 'Auth Exception'
- logger = "AUTHZ"
-
-
-# Admin exceptions
-
-class AdminException(MoonError):
- description = _("There is an error requesting this Authz IntraExtension.")
- code = 400
- title = 'Authz Exception'
- logger = "AUTHZ"
-
-
-class AdminMetaData(AdminException):
- code = 400
- title = 'Metadata Exception'
-
-
-class AdminPerimeter(AdminException):
- code = 400
- title = 'Perimeter Exception'
-
-
-class AdminScope(AdminException):
- code = 400
- title = 'Scope Exception'
-
-
-class AdminAssignment(AdminException):
- code = 400
- title = 'Assignment Exception'
-
-
-class AdminMetaRule(AdminException):
- code = 400
- title = 'Aggregation Algorithm Exception'
-
-
-class AdminRule(AdminException):
- code = 400
- title = 'Rule Exception'
-
-
-class SubjectCategoryNameExisting(AdminMetaData):
- description = _("The given subject category name already exists.")
- code = 409
- title = 'Subject Category Name Existing'
- logger = "ERROR"
-
-
-class SubjectCategoryExisting(AdminMetaData):
- description = _("The given subject category already exists.")
- code = 409
- title = 'Subject Category Existing'
- logger = "ERROR"
-
-
-class ObjectCategoryNameExisting(AdminMetaData):
- description = _("The given object category name already exists.")
- code = 409
- title = 'Object Category Name Existing'
- logger = "ERROR"
-
-
-class ObjectCategoryExisting(AdminMetaData):
- description = _("The given object category already exists.")
- code = 409
- title = 'Object Category Existing'
- logger = "ERROR"
-
-
-class ActionCategoryNameExisting(AdminMetaData):
- description = _("The given action category name already exists.")
- code = 409
- title = 'Action Category Name Existing'
- logger = "ERROR"
-
-
-class ActionCategoryExisting(AdminMetaData):
- description = _("The given action category already exists.")
- code = 409
- title = 'Action Category Existing'
- logger = "ERROR"
-
-
-class SubjectCategoryUnknown(AdminMetaData):
- description = _("The given subject category is unknown.")
- code = 400
- title = 'Subject Category Unknown'
- logger = "ERROR"
-
-
-class ObjectCategoryUnknown(AdminMetaData):
- description = _("The given object category is unknown.")
- code = 400
- title = 'Object Category Unknown'
- logger = "ERROR"
-
-
-class ActionCategoryUnknown(AdminMetaData):
- description = _("The given action category is unknown.")
- code = 400
- title = 'Action Category Unknown'
- logger = "ERROR"
-
-
-class SubjectUnknown(AdminPerimeter):
- description = _("The given subject is unknown.")
- code = 400
- title = 'Subject Unknown'
- logger = "ERROR"
-
-
-class ObjectUnknown(AdminPerimeter):
- description = _("The given object is unknown.")
- code = 400
- title = 'Object Unknown'
- logger = "ERROR"
-
-
-class ActionUnknown(AdminPerimeter):
- description = _("The given action is unknown.")
- code = 400
- title = 'Action Unknown'
- logger = "ERROR"
-
-
-class SubjectNameExisting(AdminPerimeter):
- description = _("The given subject name is existing.")
- code = 400
- title = 'Subject Name Existing'
- logger = "ERROR"
-
-
-class ObjectNameExisting(AdminPerimeter):
- description = _("The given object name is existing.")
- code = 400
- title = 'Object Name Existing'
- logger = "ERROR"
-
-
-class ActionNameExisting(AdminPerimeter):
- description = _("The given action name is existing.")
- code = 400
- title = 'Action Name Existing'
- logger = "ERROR"
-
-
-class ObjectsWriteNoAuthorized(AdminPerimeter):
- description = _("The modification on Objects is not authorized.")
- code = 400
- title = 'Objects Write No Authorized'
- logger = "AUTHZ"
-
-
-class ActionsWriteNoAuthorized(AdminPerimeter):
- description = _("The modification on Actions is not authorized.")
- code = 400
- title = 'Actions Write No Authorized'
- logger = "AUTHZ"
-
-
-class SubjectScopeUnknown(AdminScope):
- description = _("The given subject scope is unknown.")
- code = 400
- title = 'Subject Scope Unknown'
- logger = "ERROR"
-
-
-class ObjectScopeUnknown(AdminScope):
- description = _("The given object scope is unknown.")
- code = 400
- title = 'Object Scope Unknown'
- logger = "ERROR"
-
-
-class ActionScopeUnknown(AdminScope):
- description = _("The given action scope is unknown.")
- code = 400
- title = 'Action Scope Unknown'
- logger = "ERROR"
-
-
-class SubjectScopeNameExisting(AdminScope):
- description = _("The given subject scope name is existing.")
- code = 400
- title = 'Subject Scope Name Existing'
- logger = "ERROR"
-
-
-class ObjectScopeNameExisting(AdminScope):
- description = _("The given object scope name is existing.")
- code = 400
- title = 'Object Scope Name Existing'
- logger = "ERROR"
-
-
-class ActionScopeNameExisting(AdminScope):
- description = _("The given action scope name is existing.")
- code = 400
- title = 'Action Scope Name Existing'
- logger = "ERROR"
-
-
-class SubjectAssignmentUnknown(AdminAssignment):
- description = _("The given subject assignment value is unknown.")
- code = 400
- title = 'Subject Assignment Unknown'
- logger = "ERROR"
-
-
-class ObjectAssignmentUnknown(AdminAssignment):
- description = _("The given object assignment value is unknown.")
- code = 400
- title = 'Object Assignment Unknown'
- logger = "ERROR"
-
-
-class ActionAssignmentUnknown(AdminAssignment):
- description = _("The given action assignment value is unknown.")
- code = 400
- title = 'Action Assignment Unknown'
- logger = "ERROR"
-
-
-class SubjectAssignmentExisting(AdminAssignment):
- description = _("The given subject assignment value is existing.")
- code = 400
- title = 'Subject Assignment Existing'
- logger = "ERROR"
-
-
-class ObjectAssignmentExisting(AdminAssignment):
- description = _("The given object assignment value is existing.")
- code = 400
- title = 'Object Assignment Existing'
- logger = "ERROR"
-
-
-class ActionAssignmentExisting(AdminAssignment):
- description = _("The given action assignment value is existing.")
- code = 400
- title = 'Action Assignment Existing'
- logger = "ERROR"
-
-
-class AggregationAlgorithmNotExisting(AdminMetaRule):
- description = _("The given aggregation algorithm is not existing.")
- code = 400
- title = 'Aggregation Algorithm Not Existing'
- logger = "ERROR"
-
-
-class AggregationAlgorithmUnknown(AdminMetaRule):
- description = _("The given aggregation algorithm is unknown.")
- code = 400
- title = 'Aggregation Algorithm Unknown'
- logger = "ERROR"
-
-
-class SubMetaRuleAlgorithmNotExisting(AdminMetaRule):
- description = _("The given sub_meta_rule algorithm is unknown.")
- code = 400
- title = 'Sub_meta_rule Algorithm Unknown'
- logger = "ERROR"
-
-
-class MetaRuleUnknown(AdminMetaRule):
- description = _("The given sub meta rule is unknown.")
- code = 400
- title = 'Sub Meta Rule Unknown'
- logger = "ERROR"
-
-
-class SubMetaRuleNameExisting(AdminMetaRule):
- description = _("The sub meta rule name already exists.")
- code = 400
- title = 'Sub Meta Rule Name Existing'
- logger = "ERROR"
-
-
-class MetaRuleExisting(AdminMetaRule):
- description = _("The sub meta rule already exists.")
- code = 400
- title = 'Sub Meta Rule Existing'
- logger = "ERROR"
-
-
-class RuleExisting(AdminRule):
- description = _("The rule already exists.")
- code = 400
- title = 'Rule Existing'
- logger = "ERROR"
-
-
-class RuleUnknown(AdminRule):
- description = _("The rule for that request doesn't exist.")
- code = 400
- title = 'Rule Unknown'
- logger = "ERROR"
-
-
-# Keystone exceptions
-
-
-class KeystoneError(MoonError):
- description = _("There is an error connecting to Keystone.")
- code = 400
- title = 'Keystone error'
- logger = "ERROR"
-
-
-class KeystoneProjectError(KeystoneError):
- description = _("There is an error retrieving projects from the Keystone service.")
- code = 400
- title = 'Keystone project error'
- logger = "ERROR"
-
-
-class KeystoneUserError(KeystoneError):
- description = _("There is an error retrieving users from the Keystone service.")
- code = 400
- title = 'Keystone user error'
- logger = "ERROR"
-
-
-class KeystoneUserConflict(KeystoneUserError):
- description = _("A user with that name already exist.")
- code = 400
- title = 'Keystone user error'
- logger = "ERROR"
-
-
-# Consul exceptions
-
-
-class ConsulError(MoonError):
- description = _("There is an error connecting to Consul.")
- code = 400
- title = 'Consul error'
- logger = "ERROR"
-
-
-class ConsulComponentNotFound(ConsulError):
- description = _("The component do not exist in Consul database.")
- code = 500
- title = 'Consul error'
- logger = "WARNING"
-
-
-# Containers exceptions
-
-
-class DockerError(MoonError):
- description = _("There is an error with Docker.")
- code = 400
- title = 'Docker error'
- logger = "ERROR"
-
-
-class ContainerMissing(DockerError):
- description = _("Some containers are missing.")
- code = 400
- title = 'Container missing'
- logger = "ERROR"
-
diff --git a/moonv4/python_moonutilities/python_moonutilities/misc.py b/moonv4/python_moonutilities/python_moonutilities/misc.py
deleted file mode 100644
index b83523c3..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/misc.py
+++ /dev/null
@@ -1,142 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-import logging
-import random
-
-LOG = logging.getLogger(__name__)
-
-
-def get_uuid_from_name(name, elements, **kwargs):
- for element in elements:
- if type(elements[element]) is dict and elements[element].get('name') == name:
- if kwargs:
- for args in kwargs:
- if elements[element].get(args) != kwargs[args]:
- return
- else:
- return element
- else:
- return element
-
-
-def get_name_from_uuid(uuid, elements, **kwargs):
- for element in elements:
- if element == uuid:
- if kwargs:
- for args in kwargs:
- if elements[element].get(args) != kwargs[args]:
- return
- else:
- return elements[element].get('name')
- else:
- return elements[element].get('name')
-
-
-def get_random_name():
- _list = (
- "windy",
- "vengeful",
- "precious",
- "vivacious",
- "quiet",
- "confused",
- "exultant",
- "impossible",
- "thick",
- "obsolete",
- "piquant",
- "fanatical",
- "tame",
- "perfect",
- "animated",
- "dark",
- "stimulating",
- "drunk",
- "depressed",
- "fumbling",
- "like",
- "undesirable",
- "spurious",
- "subsequent",
- "spiteful",
- "last",
- "stale",
- "hulking",
- "giddy",
- "minor",
- "careful",
- "possessive",
- "gullible",
- "fragile",
- "divergent",
- "ill-informed",
- "false",
- "jumpy",
- "damaged",
- "likeable",
- "volatile",
- "handsomely",
- "wet",
- "long-term",
- "pretty",
- "taboo",
- "normal",
- "magnificent",
- "nutty",
- "puzzling",
- "small",
- "kind",
- "devilish",
- "chubby",
- "paltry",
- "cultured",
- "old",
- "defective",
- "hanging",
- "innocent",
- "jagged",
- "economic",
- "good",
- "sulky",
- "real",
- "bent",
- "shut",
- "furry",
- "terrific",
- "hollow",
- "terrible",
- "mammoth",
- "pleasant",
- "scared",
- "obnoxious",
- "absorbing",
- "imported",
- "infamous",
- "grieving",
- "ill-fated",
- "mighty",
- "handy",
- "comfortable",
- "astonishing",
- "brown",
- "assorted",
- "wrong",
- "unsightly",
- "spooky",
- "delightful",
- "acid",
- "inconclusive",
- "mere",
- "careless",
- "historical",
- "flashy",
- "squealing",
- "quarrelsome",
- "empty",
- "long",
- )
- return random.choice(_list)
diff --git a/moonv4/python_moonutilities/python_moonutilities/security_functions.py b/moonv4/python_moonutilities/python_moonutilities/security_functions.py
deleted file mode 100644
index 6d9307fe..00000000
--- a/moonv4/python_moonutilities/python_moonutilities/security_functions.py
+++ /dev/null
@@ -1,531 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-
-import copy
-import re
-import os
-import types
-import requests
-import time
-from functools import wraps
-from flask import request
-import logging
-from python_moonutilities import exceptions, configuration
-
-LOG = logging.getLogger("moon.utilities." + __name__)
-
-keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
-TOKENS = {}
-__targets = {}
-
-
-def filter_input(func_or_str):
-
- def __filter(string):
- if string and type(string) is str:
- return "".join(re.findall("[\w\- +]*", string))
- return string
-
- def __filter_dict(arg):
- result = dict()
- for key in arg.keys():
- if key == "email":
- result["email"] = __filter_email(arg[key])
- elif key == "password":
- result["password"] = arg['password']
- else:
- result[key] = __filter(arg[key])
- return result
-
- def __filter_email(string):
- if string and type(string) is str:
- return "".join(re.findall("[\w@\._\- +]*", string))
- return string
-
- def wrapped(*args, **kwargs):
- _args = []
- for arg in args:
- if isinstance(arg, str):
- arg = __filter(arg)
- elif isinstance(arg, list):
- arg = [__filter(item) for item in arg]
- elif isinstance(arg, tuple):
- arg = (__filter(item) for item in arg)
- elif isinstance(arg, dict):
- arg = __filter_dict(arg)
- _args.append(arg)
- for arg in kwargs:
- if type(kwargs[arg]) is str:
- kwargs[arg] = __filter(kwargs[arg])
- if isinstance(kwargs[arg], str):
- kwargs[arg] = __filter(kwargs[arg])
- elif isinstance(kwargs[arg], list):
- kwargs[arg] = [__filter(item) for item in kwargs[arg]]
- elif isinstance(kwargs[arg], tuple):
- kwargs[arg] = (__filter(item) for item in kwargs[arg])
- elif isinstance(kwargs[arg], dict):
- kwargs[arg] = __filter_dict(kwargs[arg])
- return func_or_str(*_args, **kwargs)
-
- if isinstance(func_or_str, str):
- return __filter(func_or_str)
- if isinstance(func_or_str, list):
- return [__filter(item) for item in func_or_str]
- if isinstance(func_or_str, tuple):
- return (__filter(item) for item in func_or_str)
- if isinstance(func_or_str, dict):
- return __filter_dict(func_or_str)
- if isinstance(func_or_str, types.FunctionType):
- return wrapped
- return None
-
-
-def enforce(action_names, object_name, **extra):
- """Fake version of the enforce decorator"""
- def wrapper_func(func):
- def wrapper_args(*args, **kwargs):
- # LOG.info("kwargs={}".format(kwargs))
- # kwargs['user_id'] = kwargs.pop('user_id', "admin")
- # LOG.info("Calling enforce on {} with args={} kwargs={}".format(func.__name__, args, kwargs))
- return func(*args, **kwargs)
- return wrapper_args
- return wrapper_func
-
-
-def login(user=None, password=None, domain=None, project=None, url=None):
- start_time = time.time()
- if not user:
- user = keystone_config['user']
- if not password:
- password = keystone_config['password']
- if not domain:
- domain = keystone_config['domain']
- if not project:
- project = keystone_config['project']
- if not url:
- url = keystone_config['url']
- headers = {
- "Content-Type": "application/json"
- }
- data_auth = {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "domain": {
- "id": domain
- },
- "name": user,
- "password": password
- }
- }
- },
- "scope": {
- "project": {
- "domain": {
- "id": domain
- },
- "name": project
- }
- }
- }
- }
-
- while True:
- req = requests.post("{}/auth/tokens".format(url),
- json=data_auth, headers=headers,
- verify=keystone_config['certificate'])
-
- if req.status_code in (200, 201, 204):
- headers['X-Auth-Token'] = req.headers['X-Subject-Token']
- return headers
- LOG.warning("Waiting for Keystone...")
- if time.time() - start_time == 100:
- LOG.error(req.text)
- raise exceptions.KeystoneError
- time.sleep(5)
-
-
-def logout(headers, url=None):
- if not url:
- url = keystone_config['url']
- headers['X-Subject-Token'] = headers['X-Auth-Token']
- req = requests.delete("{}/auth/tokens".format(url), headers=headers, verify=keystone_config['certificate'])
- if req.status_code in (200, 201, 204):
- return
- LOG.error(req.text)
- raise exceptions.KeystoneError
-
-
-class Context:
-
- def __init__(self, init_context, cache):
- self.cache = cache
- self.__keystone_project_id = init_context.get("project_id")
- self.__pdp_id = None
- self.__pdp_value = None
- for _pdp_key, _pdp_value in self.cache.pdp.items():
- if _pdp_value["keystone_project_id"] == self.__keystone_project_id:
- self.__pdp_id = _pdp_key
- self.__pdp_value = copy.deepcopy(_pdp_value)
- break
- if not self.__pdp_value:
- raise exceptions.AuthzException(
- "Cannot create context for authz "
- "with Keystone project ID {}".format(
- self.__keystone_project_id
- ))
- self.__subject = init_context.get("subject_name")
- self.__object = init_context.get("object_name")
- self.__action = init_context.get("action_name")
- self.__current_request = None
- self.__request_id = init_context.get("req_id")
- self.__cookie = init_context.get("cookie")
- self.__manager_url = init_context.get("manager_url")
- self.__interface_name = init_context.get("interface_name")
- self.__index = -1
- # self.__init_initial_request()
- self.__headers = []
- policies = self.cache.policies
- models = self.cache.models
- for policy_id in self.__pdp_value["security_pipeline"]:
- model_id = policies[policy_id]["model_id"]
- for meta_rule in models[model_id]["meta_rules"]:
- self.__headers.append(meta_rule)
- self.__meta_rules = self.cache.meta_rules
- self.__pdp_set = {}
- # self.__init_pdp_set()
-
- def delete_cache(self):
- self.cache = {}
-
- def set_cache(self, cache):
- self.cache = cache
-
- def increment_index(self):
- self.__index += 1
- self.__init_current_request()
- self.__init_pdp_set()
-
- @property
- def current_state(self):
- return self.__pdp_set[self.__headers[self.__index]]['effect']
-
- @current_state.setter
- def current_state(self, state):
- if state not in ("grant", "deny", "passed"):
- state = "passed"
- self.__pdp_set[self.__headers[self.__index]]['effect'] = state
-
- @current_state.deleter
- def current_state(self):
- self.__pdp_set[self.__headers[self.__index]]['effect'] = "unset"
-
- @property
- def current_policy_id(self):
- return self.__pdp_value["security_pipeline"][self.__index]
-
- @current_policy_id.setter
- def current_policy_id(self, value):
- pass
-
- @current_policy_id.deleter
- def current_policy_id(self):
- pass
-
- def __init_current_request(self):
- self.__subject = self.cache.get_subject(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__subject)
- self.__object = self.cache.get_object(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__object)
- self.__action = self.cache.get_action(
- self.__pdp_value["security_pipeline"][self.__index],
- self.__action)
- self.__current_request = dict(self.initial_request)
-
- def __init_pdp_set(self):
- for header in self.__headers:
- self.__pdp_set[header] = dict()
- self.__pdp_set[header]["meta_rules"] = self.__meta_rules[header]
- self.__pdp_set[header]["target"] = self.__add_target(header)
- self.__pdp_set[header]["effect"] = "unset"
- self.__pdp_set["effect"] = "deny"
-
- # def update_target(self, context):
- # # result = dict()
- # current_request = context['current_request']
- # _subject = current_request.get("subject")
- # _object = current_request.get("object")
- # _action = current_request.get("action")
- # meta_rule_id = context['headers'][context['index']]
- # policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
- # meta_rules = self.cache.meta_rules()
- # # for meta_rule_id in meta_rules:
- # for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- # if sub_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][sub_cat] = []
- # for assign in self.cache.get_subject_assignments(policy_id, _subject, sub_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][sub_cat]:
- # context["pdp_set"][meta_rule_id]["target"][sub_cat].append(assign)
- # for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- # if obj_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][obj_cat] = []
- # for assign in self.cache.get_object_assignments(policy_id, _object, obj_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][obj_cat]:
- # context["pdp_set"][meta_rule_id]["target"][obj_cat].append(assign)
- # for act_cat in meta_rules[meta_rule_id]['action_categories']:
- # if act_cat not in context["pdp_set"][meta_rule_id]["target"]:
- # context["pdp_set"][meta_rule_id]["target"][act_cat] = []
- # for assign in self.cache.get_action_assignments(policy_id, _action, act_cat).values():
- # for assign in assign["assignments"]:
- # if assign not in context["pdp_set"][meta_rule_id]["target"][act_cat]:
- # context["pdp_set"][meta_rule_id]["target"][act_cat].append(assign)
- # # context["pdp_set"][meta_rule_id]["target"].update(result)
-
- def __add_target(self, meta_rule_id):
- """build target from meta_rule
-
- Target is dict of categories as keys ; and the value of each category
- will be a list of assignments
-
- """
- result = dict()
- _subject = self.__current_request["subject"]
- _object = self.__current_request["object"]
- _action = self.__current_request["action"]
- meta_rules = self.cache.meta_rules
- policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id)
- for sub_cat in meta_rules[meta_rule_id]['subject_categories']:
- if sub_cat not in result:
- result[sub_cat] = []
- result[sub_cat].extend(
- self.cache.get_subject_assignments(policy_id, _subject, sub_cat))
- for obj_cat in meta_rules[meta_rule_id]['object_categories']:
- if obj_cat not in result:
- result[obj_cat] = []
- result[obj_cat].extend(
- self.cache.get_object_assignments(policy_id, _object, obj_cat))
- for act_cat in meta_rules[meta_rule_id]['action_categories']:
- if act_cat not in result:
- result[act_cat] = []
- result[act_cat].extend(
- self.cache.get_action_assignments(policy_id, _action, act_cat))
- return result
-
- def __repr__(self):
- return """PDP ID: {id}
-current_request: {current_request}
-request_id: {request_id}
-index: {index}
-headers: {headers}
-pdp_set: {pdp_set}
- """.format(
- id=self.__pdp_id,
- current_request=self.__current_request,
- request_id=self.__request_id,
- headers=self.__headers,
- pdp_set=self.__pdp_set,
- index=self.__index
- )
-
- def to_dict(self):
- return {
- "initial_request": copy.deepcopy(self.initial_request),
- "current_request": copy.deepcopy(self.__current_request),
- "headers": copy.deepcopy(self.__headers),
- "index": copy.deepcopy(self.__index),
- "pdp_set": copy.deepcopy(self.__pdp_set),
- "request_id": copy.deepcopy(self.__request_id),
- "manager_url": copy.deepcopy(self.__manager_url),
- "interface_name": copy.deepcopy(self.__interface_name),
- }
-
- @property
- def request_id(self):
- return self.__request_id
-
- @request_id.setter
- def request_id(self, value):
- raise Exception("You cannot update the request_id")
-
- @request_id.deleter
- def request_id(self):
- raise Exception("You cannot update the request_id")
-
- @property
- def manager_url(self):
- return self.__manager_url
-
- @manager_url.setter
- def manager_url(self, value):
- raise Exception("You cannot update the manager_url")
-
- @manager_url.deleter
- def manager_url(self):
- raise Exception("You cannot update the manager_url")
-
- @property
- def interface_name(self):
- return self.__interface_name
-
- @interface_name.setter
- def interface_name(self, value):
- raise Exception("You cannot update the interface_name")
-
- @interface_name.deleter
- def interface_name(self):
- raise Exception("You cannot update the interface_name")
-
- @property
- def cookie(self):
- return self.__cookie
-
- @cookie.setter
- def cookie(self, value):
- raise Exception("You cannot update the cookie")
-
- @cookie.deleter
- def cookie(self):
- raise Exception("You cannot delete the cookie")
-
- @property
- def initial_request(self):
- return {
- "subject": self.__subject,
- "object": self.__object,
- "action": self.__action,
- }
-
- @initial_request.setter
- def initial_request(self, value):
- raise Exception("You are not allowed to update the initial_request")
-
- @initial_request.deleter
- def initial_request(self):
- raise Exception("You are not allowed to delete the initial_request")
-
- @property
- def current_request(self):
- if not self.__current_request:
- self.__current_request = copy.deepcopy(self.initial_request)
- return self.__current_request
-
- @current_request.setter
- def current_request(self, value):
- self.__current_request = copy.deepcopy(value)
- # Note (asteroide): if the current request is modified,
- # we must update the PDP Set.
- self.__init_pdp_set()
-
- @current_request.deleter
- def current_request(self):
- self.__current_request = {}
- self.__pdp_set = {}
-
- @property
- def headers(self):
- return self.__headers
-
- @headers.setter
- def headers(self, headers):
- self.__headers = headers
-
- @headers.deleter
- def headers(self):
- self.__headers = list()
-
- @property
- def index(self):
- return self.__index
-
- @index.setter
- def index(self, index):
- self.__index += 1
-
- @index.deleter
- def index(self):
- self.__index = -1
-
- @property
- def pdp_set(self):
- return self.__pdp_set
-
- @pdp_set.setter
- def pdp_set(self, value):
- raise Exception("You are not allowed to modify the pdp_set")
-
- @pdp_set.deleter
- def pdp_set(self):
- self.__pdp_set = {}
-
-
-def check_token(token, url=None):
- _verify = False
- if keystone_config['certificate']:
- _verify = keystone_config['certificate']
- try:
- os.environ.pop("http_proxy")
- os.environ.pop("https_proxy")
- except KeyError:
- pass
- if not url:
- url = keystone_config['url']
- headers = {
- "Content-Type": "application/json",
- 'X-Subject-Token': token,
- 'X-Auth-Token': token,
- }
- if not keystone_config['check_token']:
- # TODO (asteroide): must send the admin id
- return "admin" if not token else token
- elif keystone_config['check_token'].lower() in ("false", "no", "n"):
- # TODO (asteroide): must send the admin id
- return "admin" if not token else token
- if keystone_config['check_token'].lower() in ("yes", "y", "true"):
- if token in TOKENS:
- delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
- if delta > 0:
- return TOKENS[token]["user"]
- raise exceptions.KeystoneError
- else:
- req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
- # characters after the dot
- token_time = req.json().get("token").get("expires_at").split(".")
- TOKENS[token] = dict()
- TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
- TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
- return TOKENS[token]["user"]
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- elif keystone_config['check_token'].lower() == "strict":
- req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
- if req.status_code in (200, 201):
- return token
- LOG.error("{} - {}".format(req.status_code, req.text))
- raise exceptions.KeystoneError
- raise exceptions.KeystoneError
-
-
-def check_auth(function):
- @wraps(function)
- def wrapper(*args, **kwargs):
- token = request.headers.get('X-Auth-Token')
- token = check_token(token)
- if not token:
- raise exceptions.AuthException
- user_id = kwargs.pop("user_id", token)
- result = function(*args, **kwargs, user_id=user_id)
- return result
- return wrapper
diff --git a/moonv4/python_moonutilities/requirements.txt b/moonv4/python_moonutilities/requirements.txt
deleted file mode 100644
index 5b80e5f2..00000000
--- a/moonv4/python_moonutilities/requirements.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-werkzeug
-flask
-requests \ No newline at end of file
diff --git a/moonv4/python_moonutilities/setup.py b/moonv4/python_moonutilities/setup.py
deleted file mode 100644
index 4a2eef5d..00000000
--- a/moonv4/python_moonutilities/setup.py
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from setuptools import setup, find_packages
-import python_moonutilities
-
-with open('requirements.txt') as f:
- required = f.read().splitlines()
-
-setup(
-
- name='python-moonutilities',
-
- version=python_moonutilities.__version__,
-
- packages=find_packages(),
-
- author='Thomas Duval',
-
- author_email='thomas.duval@orange.com',
-
- description='Some utilities for all the Moon components',
-
- long_description=open('README.md').read(),
-
- install_requires=required,
-
- include_package_data=True,
-
- url='https://git.opnfv.org/cgit/moon',
-
- classifiers=[
- 'Programming Language :: Python :: 3',
- 'Development Status :: 1 - Planning',
- 'License :: OSI Approved',
- 'Natural Language :: English',
- 'Operating System :: OS Independent',
- ],
-
-)
diff --git a/moonv4/python_moonutilities/tests/unit_python/conftest.py b/moonv4/python_moonutilities/tests/unit_python/conftest.py
deleted file mode 100644
index 7217586a..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/conftest.py
+++ /dev/null
@@ -1,17 +0,0 @@
-import pytest
-import requests_mock
-import mock_components
-import mock_keystone
-import mock_cache
-
-
-@pytest.fixture(autouse=True)
-def no_requests(monkeypatch):
- """ Modify the response from Requests module
- """
- with requests_mock.Mocker(real_http=True) as m:
- mock_components.register_components(m)
- mock_keystone.register_keystone(m)
- mock_cache.register_cache(m)
- print("End registering URI")
- yield m \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_cache.py b/moonv4/python_moonutilities/tests/unit_python/mock_cache.py
deleted file mode 100644
index b2b287a9..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/mock_cache.py
+++ /dev/null
@@ -1,321 +0,0 @@
-from utilities import CONF
-
-pdp_mock = {
- "pdp_id1": {
- "name": "...",
- "security_pipeline": ["policy_id_1", "policy_id_2"],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- },
- "pdp_id12": {
- "name": "...",
- "security_pipeline": ["policy_id_1", "policy_id_2"],
- "keystone_project_id": "keystone_project_id1",
- "description": "...",
- }
-}
-
-meta_rules_mock = {
- "meta_rule_id1": {
- "name": "meta_rule1",
- "algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- },
- "meta_rule_id2": {
- "name": "name of the meta rules2",
- "algorithm": "name of the meta rule algorithm",
- "subject_categories": ["subject_category_id1",
- "subject_category_id2"],
- "object_categories": ["object_category_id1"],
- "action_categories": ["action_category_id1"]
- }
-}
-
-policies_mock = {
- "policy_id_1": {
- "name": "test_policy1",
- "model_id": "model_id_1",
- "genre": "authz",
- "description": "test",
- },
- "policy_id_2": {
- "name": "test_policy2",
- "model_id": "model_id_2",
- "genre": "authz",
- "description": "test",
- }
-}
-
-subject_mock = {
- "policy_id_1": {
- "subject_id": {
- "name": "subject_name",
- "keystone_id": "keystone_project_id1",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "subject_id": {
- "name": "subject_name",
- "keystone_id": "keystone_project_id1",
- "description": "a description"
- }
- }
-}
-
-subject_assignment_mock = {
- "subject_id": {
- "policy_id": "ID of the policy",
- "subject_id": "ID of the subject",
- "category_id": "ID of the category",
- "assignments": [],
- }
-}
-
-object_mock = {
- "policy_id_1": {
- "object_id": {
- "name": "object_name",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "object_id": {
- "name": "object_name",
- "description": "a description"
- }
- }
-}
-
-object_assignment_mock = {
- "object_id": {
- "policy_id": "ID of the policy",
- "object_id": "ID of the object",
- "category_id": "ID of the category",
- "assignments": [],
- }
-}
-
-action_mock = {
- "policy_id_1": {
- "action_id": {
- "name": "action_name",
- "description": "a description"
- }
- },
- "policy_id_2": {
- "action_id": {
- "name": "action_name",
- "description": "a description"
- }
- }
-}
-
-action_assignment_mock = {
- "action_id": {
- "policy_id": "ID of the policy",
- "action_id": "ID of the action",
- "category_id": "ID of the category",
- "assignments": [],
- }
-}
-
-models_mock = {
- "model_id_1": {
- "name": "test_model",
- "description": "test",
- "meta_rules": ["meta_rule_id1"]
- },
- "model_id_2": {
- "name": "test_model",
- "description": "test",
- "meta_rules": ["meta_rule_id2"]
- },
-}
-
-rules_mock = {
- "rules": {
- "meta_rule_id": "meta_rule_id1",
- "rule_id1": {
- "rule": ["subject_data_id1",
- "object_data_id1",
- "action_data_id1"],
- "instructions": (
- {"decision": "grant"},
- # "grant" to immediately exit,
- # "continue" to wait for the result of next policy
- # "deny" to deny the request
- )
- },
- "rule_id2": {
- "rule": ["subject_data_id2",
- "object_data_id2",
- "action_data_id2"],
- "instructions": (
- {
- "update": {
- "operation": "add",
- # operations may be "add" or "delete"
- "target": "rbac:role:admin"
- # add the role admin to the current user
- }
- },
- {"chain": {"name": "rbac"}}
- # chain with the policy named rbac
- )
- }
- }
-}
-
-
-def register_cache(m):
- """ Modify the response from Requests module
- """
- register_pdp(m)
- register_meta_rules(m)
- register_policies(m)
- register_models(m)
- register_policy_subject(m, "policy_id_1")
- register_policy_subject(m, "policy_id_2")
- register_policy_object(m, "policy_id_1")
- register_policy_object(m, "policy_id_2")
- register_policy_action(m, "policy_id_1")
- register_policy_action(m, "policy_id_2")
- register_policy_subject_assignment(m, "policy_id_1", "subject_id")
- # register_policy_subject_assignment_list(m1, "policy_id_1")
- register_policy_subject_assignment(m, "policy_id_2", "subject_id")
- # register_policy_subject_assignment_list(m1, "policy_id_2")
- register_policy_object_assignment(m, "policy_id_1", "object_id")
- # register_policy_object_assignment_list(m1, "policy_id_1")
- register_policy_object_assignment(m, "policy_id_2", "object_id")
- # register_policy_object_assignment_list(m1, "policy_id_2")
- register_policy_action_assignment(m, "policy_id_1", "action_id")
- # register_policy_action_assignment_list(m1, "policy_id_1")
- register_policy_action_assignment(m, "policy_id_2", "action_id")
- # register_policy_action_assignment_list(m1, "policy_id_2")
- register_rules(m, "policy_id1")
-
-
-def register_pdp(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'pdp'),
- json={'pdps': pdp_mock}
- )
-
-
-def register_meta_rules(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'meta_rules'),
- json={'meta_rules': meta_rules_mock}
- )
-
-
-def register_policies(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies'),
- json={'policies': policies_mock}
- )
-
-
-def register_models(m):
- m.register_uri(
- 'GET', 'http://{}:{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'models'),
- json={'models': models_mock}
- )
-
-
-def register_policy_subject(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subjects'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'subjects': subject_mock[policy_id]}
- )
-
-
-def register_policy_object(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/objects'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'objects': object_mock[policy_id]}
- )
-
-
-def register_policy_action(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/actions'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies', policy_id),
- json={'actions': action_mock[policy_id]}
- )
-
-
-def register_policy_subject_assignment(m, policy_id, subj_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subject_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- subj_id),
- json={'subject_assignments': subject_assignment_mock}
- )
-
-
-def register_policy_subject_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/subject_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'subject_assignments': subject_assignment_mock}
- )
-
-
-def register_policy_object_assignment(m, policy_id, obj_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/object_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- obj_id),
- json={'object_assignments': object_assignment_mock}
- )
-
-
-def register_policy_object_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/object_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'object_assignments': object_assignment_mock}
- )
-
-
-def register_policy_action_assignment(m, policy_id, action_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/action_assignments/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id,
- action_id),
- json={'action_assignments': action_assignment_mock}
- )
-
-
-def register_policy_action_assignment_list(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/action_assignments'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id),
- json={'action_assignments': action_assignment_mock}
- )
-
-
-def register_rules(m, policy_id):
- m.register_uri(
- 'GET', 'http://{}:{}/{}/{}/{}'.format(CONF['components']['manager']['hostname'],
- CONF['components']['manager']['port'], 'policies',
- policy_id, 'rules'),
- json={'rules': rules_mock}
- ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_components.py b/moonv4/python_moonutilities/tests/unit_python/mock_components.py
deleted file mode 100644
index a0319e1a..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/mock_components.py
+++ /dev/null
@@ -1,27 +0,0 @@
-import utilities
-
-COMPONENTS = (
- "logging",
- "openstack/keystone",
- "database",
- "slave",
- "components/manager",
- "components/orchestrator",
- "components/interface",
-)
-
-
-def register_components(m):
- for component in COMPONENTS:
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/{}'.format(component),
- json=[{'Key': component, 'Value': utilities.get_b64_conf(component)}]
- )
-
- m.register_uri(
- 'GET', 'http://consul:8500/v1/kv/components?recurse=true',
- json=[
- {"Key": key, "Value": utilities.get_b64_conf(key)} for key in COMPONENTS
- ],
- # json={'Key': "components", 'Value': get_b64_conf("components")}
- ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py b/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py
deleted file mode 100644
index c0b26b88..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/mock_keystone.py
+++ /dev/null
@@ -1,23 +0,0 @@
-def register_keystone(m):
- m.register_uri(
- 'POST', 'http://keystone:5000/v3/auth/tokens',
- headers={'X-Subject-Token': "111111111"}
- )
- m.register_uri(
- 'DELETE', 'http://keystone:5000/v3/auth/tokens',
- headers={'X-Subject-Token': "111111111"}
- )
- m.register_uri(
- 'POST', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
- json={"users": {}}
- )
- m.register_uri(
- 'GET', 'http://keystone:5000/v3/users?name=testuser&domain_id=default',
- json={"users": {}}
- )
- m.register_uri(
- 'POST', 'http://keystone:5000/v3/users/',
- json={"users": [{
- "id": "1111111111111"
- }]}
- ) \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/requirements.txt b/moonv4/python_moonutilities/tests/unit_python/requirements.txt
deleted file mode 100644
index 3c1ad607..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/requirements.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-pytest
-requests_mock \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/test_cache.py b/moonv4/python_moonutilities/tests/unit_python/test_cache.py
deleted file mode 100644
index c479395b..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/test_cache.py
+++ /dev/null
@@ -1,75 +0,0 @@
-import pytest
-
-
-def test_authz_request():
- from python_moonutilities import cache
- c = cache.Cache()
- assert isinstance(c.authz_requests, dict)
-
-
-def test_get_subject_success():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'subject_name'
- subject_id = cache_obj.get_subject(policy_id, name)
- assert subject_id is not None
-
-
-def test_get_subject_failure():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'invalid name'
- with pytest.raises(Exception) as exception_info:
- cache_obj.get_subject(policy_id, name)
- assert str(exception_info.value) == '400: Subject Unknown'
-
-
-def test_get_object_success():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'object_name'
- object_id = cache_obj.get_object(policy_id, name)
- assert object_id is not None
-
-
-def test_get_object_failure():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'invalid name'
- with pytest.raises(Exception) as exception_info:
- cache_obj.get_object(policy_id, name)
- assert str(exception_info.value) == '400: Subject Unknown'
-
-
-def test_get_action_success():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'action_name'
- action_id = cache_obj.get_action(policy_id, name)
- assert action_id is not None
-
-
-def test_get_action_failure():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- policy_id = 'policy_id_1'
- name = 'invalid name'
- with pytest.raises(Exception) as exception_info:
- cache_obj.get_action(policy_id, name)
- assert str(exception_info.value) == '400: Subject Unknown'
-
-
-def test_cache_manager():
- from python_moonutilities import cache
- cache_obj = cache.Cache()
- assert cache_obj.pdp is not None
- assert cache_obj.meta_rules is not None
- assert len(cache_obj.meta_rules) == 2
- assert cache_obj.policies is not None
- assert len(cache_obj.policies) == 2
- assert cache_obj.models is not None \ No newline at end of file
diff --git a/moonv4/python_moonutilities/tests/unit_python/test_configuration.py b/moonv4/python_moonutilities/tests/unit_python/test_configuration.py
deleted file mode 100644
index 48699062..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/test_configuration.py
+++ /dev/null
@@ -1,5 +0,0 @@
-
-def test_get_components():
- from python_moonutilities import configuration
- assert isinstance(configuration.get_components(), dict)
-
diff --git a/moonv4/python_moonutilities/tests/unit_python/utilities.py b/moonv4/python_moonutilities/tests/unit_python/utilities.py
deleted file mode 100644
index 1d79d890..00000000
--- a/moonv4/python_moonutilities/tests/unit_python/utilities.py
+++ /dev/null
@@ -1,136 +0,0 @@
-import base64
-import json
-
-
-CONF = {
- "openstack": {
- "keystone": {
- "url": "http://keystone:5000/v3",
- "user": "admin",
- "check_token": False,
- "password": "p4ssw0rd",
- "domain": "default",
- "certificate": False,
- "project": "admin"
- }
- },
- "components": {
- "wrapper": {
- "bind": "0.0.0.0",
- "port": 8080,
- "container": "wukongsun/moon_wrapper:v4.3",
- "timeout": 5,
- "hostname": "wrapper"
- },
- "manager": {
- "bind": "0.0.0.0",
- "port": 8082,
- "container": "wukongsun/moon_manager:v4.3",
- "hostname": "manager"
- },
- "port_start": 31001,
- "orchestrator": {
- "bind": "0.0.0.0",
- "port": 8083,
- "container": "wukongsun/moon_orchestrator:v4.3",
- "hostname": "interface"
- },
- "interface": {
- "bind": "0.0.0.0",
- "port": 8080,
- "container": "wukongsun/moon_interface:v4.3",
- "hostname": "interface"
- }
- },
- "plugins": {
- "session": {
- "port": 8082,
- "container": "asteroide/session:latest"
- },
- "authz": {
- "port": 8081,
- "container": "wukongsun/moon_authz:v4.3"
- }
- },
- "logging": {
- "handlers": {
- "file": {
- "filename": "/tmp/moon.log",
- "class": "logging.handlers.RotatingFileHandler",
- "level": "DEBUG",
- "formatter": "custom",
- "backupCount": 3,
- "maxBytes": 1048576
- },
- "console": {
- "class": "logging.StreamHandler",
- "formatter": "brief",
- "level": "INFO",
- "stream": "ext://sys.stdout"
- }
- },
- "formatters": {
- "brief": {
- "format": "%(levelname)s %(name)s %(message)-30s"
- },
- "custom": {
- "format": "%(asctime)-15s %(levelname)s %(name)s %(message)s"
- }
- },
- "root": {
- "handlers": [
- "console"
- ],
- "level": "ERROR"
- },
- "version": 1,
- "loggers": {
- "moon": {
- "handlers": [
- "console",
- "file"
- ],
- "propagate": False,
- "level": "DEBUG"
- }
- }
- },
- "slave": {
- "name": None,
- "master": {
- "url": None,
- "login": None,
- "password": None
- }
- },
- "docker": {
- "url": "tcp://172.88.88.1:2376",
- "network": "moon"
- },
- "database": {
- "url": "sqlite:///database.db",
- # "url": "mysql+pymysql://moon:p4sswOrd1@db/moon",
- "driver": "sql"
- },
- "messenger": {
- "url": "rabbit://moon:p4sswOrd1@messenger:5672/moon"
- }
-}
-
-
-def get_b64_conf(component=None):
- if component == "components":
- return base64.b64encode(
- json.dumps(CONF["components"]).encode('utf-8')+b"\n").decode('utf-8')
- elif component in CONF:
- return base64.b64encode(
- json.dumps(
- CONF[component]).encode('utf-8')+b"\n").decode('utf-8')
- elif not component:
- return base64.b64encode(
- json.dumps(CONF).encode('utf-8')+b"\n").decode('utf-8')
- elif "/" in component:
- key1, _, key2 = component.partition("/")
- return base64.b64encode(
- json.dumps(
- CONF[key1][key2]).encode('utf-8')+b"\n").decode('utf-8')