diff options
Diffstat (limited to 'old/moon_interface/moon_interface/api')
| -rw-r--r-- | old/moon_interface/moon_interface/api/__init__.py | 0 | ||||
| -rw-r--r-- | old/moon_interface/moon_interface/api/authz.py | 162 | ||||
| -rw-r--r-- | old/moon_interface/moon_interface/api/generic.py | 96 | ||||
| -rw-r--r-- | old/moon_interface/moon_interface/api/update.py | 49 |
4 files changed, 307 insertions, 0 deletions
diff --git a/old/moon_interface/moon_interface/api/__init__.py b/old/moon_interface/moon_interface/api/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/old/moon_interface/moon_interface/api/__init__.py diff --git a/old/moon_interface/moon_interface/api/authz.py b/old/moon_interface/moon_interface/api/authz.py new file mode 100644 index 00000000..b82a14f1 --- /dev/null +++ b/old/moon_interface/moon_interface/api/authz.py @@ -0,0 +1,162 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Authz is the endpoint to get authorization response +""" + +from flask import request +from flask_restful import Resource +import logging +import pickle +import time +from uuid import uuid4 +from python_moonutilities import exceptions + +from moon_interface.authz_requests import AuthzRequest + +__version__ = "4.3.1" + +logger = logging.getLogger("moon.interface.api.authz." + __name__) + + +def get_pdp_from_cache(cache, uuid): + """Check if a PDP exist with this ID in the cache of this component + + :param cache: Cache to use + :param uuid: Keystone Project ID + :return: True or False + """ + if uuid in cache.pdp: + return cache.pdp.get(uuid) + + cache.update() + + if uuid in cache.pdp: + return cache.pdp.get(uuid) + + raise exceptions.PdpUnknown + + +def create_authz_request(cache, interface_name, manager_url, pdp_id, subject_name, object_name, action_name): + """Create the authorization request and make the first call to the Authz function + + :param cache: Cache to use + :param interface_name: hostname of the interface + :param manager_url: URL of the manager + :param pdp_id: Keystone Project ID + :param subject_name: name of the subject + :param object_name: name of the object + :param action_name: name of the action + :return: Authorisation request + """ + req_id = uuid4().hex + keystone_project_id = cache.get_keystone_project_id_from_pdp_id(pdp_id) + logger.info("keystone_project_id={}".format(keystone_project_id)) + ctx = { + "project_id": keystone_project_id, + "subject_name": subject_name, + "object_name": object_name, + "action_name": action_name, + "request_id": req_id, + "interface_name": interface_name, + "manager_url": manager_url, + "cookie": uuid4().hex + } + cache.authz_requests[req_id] = AuthzRequest(ctx) + return cache.authz_requests[req_id] + + +def delete_authz_request(cache, req_id): + cache.authz_requests.pop(req_id) + + +class Authz(Resource): + """ + Endpoint for authz requests + """ + + __urls__ = ( + "/authz/<string:pdp_id>", + "/authz/<string:pdp_id>/<string:subject_name>/<string:object_name>/<string:action_name>", + ) + + def __init__(self, **kwargs): + self.CACHE = kwargs.get("cache") + self.INTERFACE_NAME = kwargs.get("interface_name", "interface") + self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080") + self.TIMEOUT = 5 + + def get(self, pdp_id, subject_name=None, object_name=None, action_name=None): + """Get a response on an authorization request + + :param pdp_id: uuid of a tenant or an intra_extension + :param subject_name: name of the subject or the request + :param object_name: name of the object + :param action_name: name of the action + :return: { + "args": {}, + "ctx": { + "action_name": "4567", + "id": "123456", + "method": "authz", + "object_name": "234567", + "subject_name": "123456", + "user_id": "admin" + }, + "error": { + "code": 500, + "description": "", + "title": "Moon Error" + }, + "intra_extension_id": "123456", + "result": false + } + :internal_api: authz + """ + try: + get_pdp_from_cache(self.CACHE, pdp_id) + except exceptions.PdpUnknown: + return { + "result": False, + "message": "Unknown PDP ID."}, 403 + + authz_request = create_authz_request( + cache=self.CACHE, + pdp_id=pdp_id, + interface_name=self.INTERFACE_NAME, + manager_url=self.MANAGER_URL, + subject_name=subject_name, + object_name=object_name, + action_name=action_name) + cpt = 0 + while True: + if cpt > self.TIMEOUT*10: + delete_authz_request(self.CACHE, authz_request.request_id) + return {"result": False, + "message": "Authz request had timed out."}, 500 + if authz_request.is_authz(): + if authz_request.final_result == "Grant": + delete_authz_request(self.CACHE, authz_request.request_id) + return {"result": True, "message": ""}, 200 + delete_authz_request(self.CACHE, authz_request.request_id) + return {"result": False, "message": ""}, 401 + cpt += 1 + time.sleep(0.1) + + def patch(self, uuid=None, subject_name=None, object_name=None, action_name=None): + """Get a response on an authorization request + + :param uuid: uuid of the authorization request + :param subject_name: not used + :param object_name: not used + :param action_name: not used + :request body: a Context object + :return: {} + :internal_api: authz + """ + if uuid in self.CACHE.authz_requests: + self.CACHE.authz_requests[uuid].set_result(pickle.loads(request.data)) + return "", 201 + return {"result": False, "message": "The request ID is unknown"}, 500 diff --git a/old/moon_interface/moon_interface/api/generic.py b/old/moon_interface/moon_interface/api/generic.py new file mode 100644 index 00000000..dadac259 --- /dev/null +++ b/old/moon_interface/moon_interface/api/generic.py @@ -0,0 +1,96 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Those API are helping API used to manage the Moon platform. +""" + +from flask_restful import Resource +import logging +import moon_interface.api +from python_moonutilities.security_functions import check_auth + +__version__ = "4.3.1" + +logger = logging.getLogger("moon.interface.api." + __name__) + + +class Status(Resource): + """ + Endpoint for status requests + """ + + __urls__ = ("/status", "/status/", "/status/<string:component_id>") + + def get(self, component_id=None): + """Retrieve status of all components + + :return: { + "orchestrator": { + "status": "Running" + }, + "security_router": { + "status": "Running" + } + } + """ + return {"result": True, "message": ""} + + +class API(Resource): + """ + Endpoint for API requests + """ + + __urls__ = ( + "/api", + "/api/", + "/api/<string:group_id>", + "/api/<string:group_id>/", + "/api/<string:group_id>/<string:endpoint_id>") + + @check_auth + def get(self, group_id="", endpoint_id="", user_id=""): + """Retrieve all API endpoints or a specific endpoint if endpoint_id is given + + :param group_id: the name of one existing group (ie generic, ...) + :param endpoint_id: the name of one existing component (ie Logs, Status, ...) + :return: { + "group_name": { + "endpoint_name": { + "description": "a description", + "methods": { + "get": "description of the HTTP method" + }, + "urls": ('/api', '/api/', '/api/<string:endpoint_id>') + } + } + """ + __methods = ("get", "post", "put", "delete", "options", "patch") + api_list = filter(lambda x: "__" not in x, dir(moon_interface.api)) + api_desc = dict() + for api_name in api_list: + api_desc[api_name] = {} + group_api_obj = eval("moon_interface.api.{}".format(api_name)) + api_desc[api_name]["description"] = group_api_obj.__doc__ + if "__version__" in dir(group_api_obj): + api_desc[api_name]["version"] = group_api_obj.__version__ + object_list = list(filter(lambda x: "__" not in x, dir(group_api_obj))) + for obj in map(lambda x: eval("moon_interface.api.{}.{}".format(api_name, x)), object_list): + if "__urls__" in dir(obj): + api_desc[api_name][obj.__name__] = dict() + api_desc[api_name][obj.__name__]["urls"] = obj.__urls__ + api_desc[api_name][obj.__name__]["methods"] = dict() + for _method in filter(lambda x: x in __methods, dir(obj)): + docstring = eval("moon_interface.api.{}.{}.{}.__doc__".format(api_name, obj.__name__, _method)) + api_desc[api_name][obj.__name__]["methods"][_method] = docstring + api_desc[api_name][obj.__name__]["description"] = str(obj.__doc__) + if group_id in api_desc: + if endpoint_id in api_desc[group_id]: + return {group_id: {endpoint_id: api_desc[group_id][endpoint_id]}} + elif len(endpoint_id) > 0: + logger.error("Unknown endpoint_id {}".format(endpoint_id)) + return {"error": "Unknown endpoint_id {}".format(endpoint_id)} + return {group_id: api_desc[group_id]} + return api_desc diff --git a/old/moon_interface/moon_interface/api/update.py b/old/moon_interface/moon_interface/api/update.py new file mode 100644 index 00000000..e798059c --- /dev/null +++ b/old/moon_interface/moon_interface/api/update.py @@ -0,0 +1,49 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +""" +Authz is the endpoint to get authorization response +""" + +from flask import request +from flask_restful import Resource +import requests +import logging + +__version__ = "4.3.1" + +logger = logging.getLogger("moon.interface.api." + __name__) + + +class Update(Resource): + """ + Endpoint for update requests + """ + + __urls__ = ( + "/update", + ) + + def __init__(self, **kwargs): + self.CACHE = kwargs.get("cache") + self.INTERFACE_NAME = kwargs.get("interface_name", "interface") + self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080") + self.TIMEOUT = 5 + + def put(self): + try: + self.CACHE.update_assignments( + request.form.get("policy_id", None), + request.form.get("perimeter_id", None), + ) + for project_id in self.CACHE.container_chaining: + hostname = self.CACHE.container_chaining[project_id][0]["hostip"] + port = self.CACHE.container_chaining[project_id][0]["port"] + req = requests.put("http://{}:{}/update".format(hostname, port), request.form) + if req.status_code != 200: + logger.error("Cannot connect to {} on port {}".format(hostname, port)) + except Exception as e: + logger.exception(e) + return {"result": False, "reason": str(e)} + return {"result": True} |