aboutsummaryrefslogtreecommitdiffstats
path: root/python_moonclient/python_moonclient/core/pdp.py
diff options
context:
space:
mode:
Diffstat (limited to 'python_moonclient/python_moonclient/core/pdp.py')
-rw-r--r--python_moonclient/python_moonclient/core/pdp.py194
1 files changed, 0 insertions, 194 deletions
diff --git a/python_moonclient/python_moonclient/core/pdp.py b/python_moonclient/python_moonclient/core/pdp.py
deleted file mode 100644
index f67a4d01..00000000
--- a/python_moonclient/python_moonclient/core/pdp.py
+++ /dev/null
@@ -1,194 +0,0 @@
-import sys
-import logging
-import requests
-from python_moonclient.core import config
-from python_moonclient.core.check_tools import *
-
-LOGGER = logging.getLogger("python_moonclient.core.pdp")
-
-URL = None
-HEADERS = None
-KEYSTONE_USER = None
-KEYSTONE_PASSWORD = None
-KEYSTONE_PROJECT = None
-KEYSTONE_SERVER = None
-
-pdp_template = {
- "name": "test_pdp",
- "security_pipeline": [],
- "keystone_project_id": None,
- "description": "test",
-}
-
-
-def init(consul_host, consul_port):
- conf_data = config.get_config_data(consul_host, consul_port)
- global URL, HEADERS, KEYSTONE_USER, KEYSTONE_PASSWORD, KEYSTONE_PROJECT, KEYSTONE_SERVER
- URL = "http://{}:{}".format(
- conf_data['manager_host'],
- conf_data['manager_port'])
- # URL = URL + "{}"
- HEADERS = {"content-type": "application/json"}
- KEYSTONE_USER = conf_data['keystone_user']
- KEYSTONE_PASSWORD = conf_data['keystone_password']
- KEYSTONE_PROJECT = conf_data['keystone_project']
- KEYSTONE_SERVER = conf_data['keystone_host']
-
-
-def get_keystone_projects():
- global HEADERS
- HEADERS = {
- "Content-Type": "application/json"
- }
-
- data_auth = {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "name": KEYSTONE_USER,
- "domain": {
- "name": "Default"
- },
- "password": KEYSTONE_PASSWORD
- }
- }
- }
- }
- }
-
- req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS)
- LOGGER.debug("{}/auth/tokens".format(KEYSTONE_SERVER))
- LOGGER.debug(req.text)
- req.raise_for_status()
- token = req.headers['X-Subject-Token']
- HEADERS['X-Auth-Token'] = token
- req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS)
- if req.status_code not in (200, 201):
- data_auth["auth"]["scope"] = {
- "project": {
- "name": KEYSTONE_PROJECT,
- "domain": {
- "id": "default"
- }
- }
- }
- req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth,
- headers=HEADERS)
- req.raise_for_status()
- token = req.headers['X-Subject-Token']
- HEADERS['X-Auth-Token'] = token
- req = requests.get("{}/projects".format(KEYSTONE_SERVER), headers=HEADERS)
- req.raise_for_status()
- return req.json()
-
-
-def get_keystone_id(pdp_name):
- keystone_project_id = None
- for pdp_key, pdp_value in check_pdp()["pdps"].items():
- if pdp_name:
- if pdp_name != pdp_value["name"]:
- continue
- if pdp_value['security_pipeline'] and pdp_value["keystone_project_id"]:
- LOGGER.debug(
- "Found pdp with keystone_project_id={}".format(pdp_value["keystone_project_id"]))
- keystone_project_id = pdp_value["keystone_project_id"]
-
- if not keystone_project_id:
- LOGGER.error("Cannot find PDP with keystone project ID")
- sys.exit(1)
- return keystone_project_id
-
-
-def check_pdp(pdp_id=None, keystone_project_id=None, moon_url=None):
- _url = URL
- if moon_url:
- _url = moon_url
- req = requests.get(_url + "/pdp")
- req.raise_for_status()
- result = req.json()
- check_pdp_in_result(result)
- if pdp_id:
- check_pdp_name(pdp_template["name"], pdp_id, result)
- if keystone_project_id:
- check_pdp_project_id(keystone_project_id, pdp_id, result)
- return result
-
-
-def add_pdp(name="test_pdp", policy_id=None):
- pdp_template['name'] = name
- if policy_id:
- pdp_template['security_pipeline'].append(policy_id)
- req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS)
- LOGGER.debug(req.status_code)
- LOGGER.debug(req)
- req.raise_for_status()
- result = req.json()
- check_pdp_in_result(result)
- pdp_id = list(result['pdps'].keys())[0]
- check_pdp_name(pdp_template["name"], pdp_id, result)
- return pdp_id
-
-
-def update_pdp(pdp_id, policy_id=None):
- req = requests.get(URL + "/pdp/{}".format(pdp_id))
- req.raise_for_status()
- result = req.json()
- check_pdp_id(pdp_id, result)
- pipeline = result['pdps'][pdp_id]["security_pipeline"]
- if policy_id not in pipeline:
- pipeline.append(policy_id)
- req = requests.patch(URL + "/pdp/{}".format(pdp_id),
- json={"security_pipeline": pipeline})
- req.raise_for_status()
- result = req.json()
- check_pdp_id(pdp_id, result)
-
- req = requests.get(URL + "/pdp/{}".format(pdp_id))
- req.raise_for_status()
- result = req.json()
- check_pdp_id(pdp_id, result)
- check_policy_id_in_pipeline(pdp_id, pipeline)
-
-
-def map_to_keystone(pdp_id, keystone_project_id):
- req = requests.patch(URL + "/pdp/{}".format(pdp_id),
- json={"keystone_project_id": keystone_project_id},
- headers=HEADERS)
- req.raise_for_status()
- result = req.json()
- check_pdp_id(pdp_id, result)
- # assert "name" in result['pdps'][pdp_id]
- # assert pdp_template["name"] == result['pdps'][pdp_id]["name"]
- return pdp_id
-
-
-def delete_pdp(pdp_id):
- req = requests.delete(URL + "/pdp/{}".format(pdp_id))
- req.raise_for_status()
- result = req.json()
- check_result(result)
-
-
-def create_pdp(scenario, policy_id=None, project_id=None):
- LOGGER.info("Creating PDP {}".format(scenario.pdp_name))
- projects = get_keystone_projects()
- # if not project_id:
- # for _project in projects['projects']:
- # if _project['name'] == "admin":
- # project_id = _project['id']
- # assert project_id
- pdps = check_pdp()["pdps"]
- for pdp_id, pdp_value in pdps.items():
- if scenario.pdp_name == pdp_value["name"]:
- update_pdp(pdp_id, policy_id=policy_id)
- LOGGER.debug(
- "Found existing PDP named {} (will add policy {})".format(scenario.pdp_name,
- policy_id))
- return pdp_id
- _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id)
- # map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id)
- return _pdp_id