1 files changed, 162 insertions, 0 deletions
diff --git a/old/moon_interface/moon_interface/api/authz.py b/old/moon_interface/moon_interface/api/authz.py
new file mode 100644
index 00000000..b82a14f1
--- /dev/null
+++ b/old/moon_interface/moon_interface/api/authz.py
@@ -0,0 +1,162 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+Authz is the endpoint to get authorization response
+"""
+
+from flask import request
+from flask_restful import Resource
+import logging
+import pickle
+import time
+from uuid import uuid4
+from python_moonutilities import exceptions
+
+from moon_interface.authz_requests import AuthzRequest
+
+__version__ = "4.3.1"
+
+logger = logging.getLogger("moon.interface.api.authz." + __name__)
+
+
+def get_pdp_from_cache(cache, uuid):
+    """Check if a PDP exist with this ID in the cache of this component
+
+    :param cache: Cache to use
+    :param uuid: Keystone Project ID
+    :return: True or False
+    """
+    if uuid in cache.pdp:
+        return cache.pdp.get(uuid)
+
+    cache.update()
+
+    if uuid in cache.pdp:
+        return cache.pdp.get(uuid)
+
+    raise exceptions.PdpUnknown
+
+
+def create_authz_request(cache, interface_name, manager_url, pdp_id, subject_name, object_name, action_name):
+    """Create the authorization request and make the first call to the Authz function
+
+    :param cache: Cache to use
+    :param interface_name: hostname of the interface
+    :param manager_url: URL of the manager
+    :param pdp_id: Keystone Project ID
+    :param subject_name: name of the subject
+    :param object_name: name of the object
+    :param action_name: name of the action
+    :return: Authorisation request
+    """
+    req_id = uuid4().hex
+    keystone_project_id = cache.get_keystone_project_id_from_pdp_id(pdp_id)
+    logger.info("keystone_project_id={}".format(keystone_project_id))
+    ctx = {
+        "project_id": keystone_project_id,
+        "subject_name": subject_name,
+        "object_name": object_name,
+        "action_name": action_name,
+        "request_id": req_id,
+        "interface_name": interface_name,
+        "manager_url": manager_url,
+        "cookie": uuid4().hex
+    }
+    cache.authz_requests[req_id] = AuthzRequest(ctx)
+    return cache.authz_requests[req_id]
+
+
+def delete_authz_request(cache, req_id):
+    cache.authz_requests.pop(req_id)
+
+
+class Authz(Resource):
+    """
+    Endpoint for authz requests
+    """
+
+    __urls__ = (
+        "/authz/<string:pdp_id>",
+        "/authz/<string:pdp_id>/<string:subject_name>/<string:object_name>/<string:action_name>",
+    )
+
+    def __init__(self, **kwargs):
+        self.CACHE = kwargs.get("cache")
+        self.INTERFACE_NAME = kwargs.get("interface_name", "interface")
+        self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080")
+        self.TIMEOUT = 5
+
+    def get(self, pdp_id, subject_name=None, object_name=None, action_name=None):
+        """Get a response on an authorization request
+
+        :param pdp_id: uuid of a tenant or an intra_extension
+        :param subject_name: name of the subject or the request
+        :param object_name: name of the object
+        :param action_name: name of the action
+        :return: {
+            "args": {},
+            "ctx": {
+                "action_name": "4567",
+                "id": "123456",
+                "method": "authz",
+                "object_name": "234567",
+                "subject_name": "123456",
+                "user_id": "admin"
+            },
+            "error": {
+                "code": 500,
+                "description": "",
+                "title": "Moon Error"
+            },
+            "intra_extension_id": "123456",
+            "result": false
+        }
+        :internal_api: authz
+        """
+        try:
+            get_pdp_from_cache(self.CACHE, pdp_id)
+        except exceptions.PdpUnknown:
+            return {
+                   "result": False,
+                   "message": "Unknown PDP ID."}, 403
+
+        authz_request = create_authz_request(
+            cache=self.CACHE,
+            pdp_id=pdp_id,
+            interface_name=self.INTERFACE_NAME,
+            manager_url=self.MANAGER_URL,
+            subject_name=subject_name,
+            object_name=object_name,
+            action_name=action_name)
+        cpt = 0
+        while True:
+            if cpt > self.TIMEOUT*10:
+                delete_authz_request(self.CACHE, authz_request.request_id)
+                return {"result": False,
+                        "message": "Authz request had timed out."}, 500
+            if authz_request.is_authz():
+                if authz_request.final_result == "Grant":
+                    delete_authz_request(self.CACHE, authz_request.request_id)
+                    return {"result": True, "message": ""}, 200
+                delete_authz_request(self.CACHE, authz_request.request_id)
+                return {"result": False, "message": ""}, 401
+            cpt += 1
+            time.sleep(0.1)
+
+    def patch(self, uuid=None, subject_name=None, object_name=None, action_name=None):
+        """Get a response on an authorization request
+
+        :param uuid: uuid of the authorization request
+        :param subject_name: not used
+        :param object_name: not used
+        :param action_name: not used
+        :request body: a Context object
+        :return: {}
+        :internal_api: authz
+        """
+        if uuid in self.CACHE.authz_requests:
+            self.CACHE.authz_requests[uuid].set_result(pickle.loads(request.data))
+            return "", 201
+        return {"result": False, "message": "The request ID is unknown"}, 500