diff options
Diffstat (limited to 'python_moonutilities/python_moonutilities')
8 files changed, 0 insertions, 2488 deletions
diff --git a/python_moonutilities/python_moonutilities/__init__.py b/python_moonutilities/python_moonutilities/__init__.py deleted file mode 100644 index 6e924e93..00000000 --- a/python_moonutilities/python_moonutilities/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "1.4.22" diff --git a/python_moonutilities/python_moonutilities/cache.py b/python_moonutilities/python_moonutilities/cache.py deleted file mode 100644 index 49a3ef5b..00000000 --- a/python_moonutilities/python_moonutilities/cache.py +++ /dev/null @@ -1,703 +0,0 @@ -import logging -import time -import python_moonutilities.request_wrapper as requests -from uuid import uuid4 -from python_moonutilities import configuration, exceptions - -logger = logging.getLogger("moon.utilities.cache") - - -class Cache(object): - # TODO (asteroide): set cache integer in CONF file - ''' - [NOTE] Propose to define the following variables inside the init method - as defining them out side the init, will be treated as private static variables - and keep tracks with any changes done anywhere - for more info : you can check https://docs.python.org/3/tutorial/classes.html#class-and-instance-variables - ''' - __UPDATE_INTERVAL = 10 - - __CONTAINERS = {} - __CONTAINERS_UPDATE = 0 - - __CONTAINER_CHAINING_UPDATE = 0 - __CONTAINER_CHAINING = {} - - __PDP = {} - __PDP_UPDATE = 0 - - __POLICIES = {} - __POLICIES_UPDATE = 0 - - __MODELS = {} - __MODELS_UPDATE = 0 - - __SUBJECTS = {} - __OBJECTS = {} - __ACTIONS = {} - - __SUBJECT_ASSIGNMENTS = {} - __OBJECT_ASSIGNMENTS = {} - __ACTION_ASSIGNMENTS = {} - - __SUBJECT_CATEGORIES = {} - __SUBJECT_CATEGORIES_UPDATE = 0 - __OBJECT_CATEGORIES = {} - __OBJECT_CATEGORIES_UPDATE = 0 - __ACTION_CATEGORIES = {} - __ACTION_CATEGORIES_UPDATE = 0 - - __META_RULES = {} - __META_RULES_UPDATE = 0 - - __RULES = {} - __RULES_UPDATE = 0 - - __AUTHZ_REQUESTS = {} - - def __init__(self): - self.manager_url = "{}://{}:{}".format( - configuration.get_components()['manager'].get('protocol', 'http'), - configuration.get_components()['manager']['hostname'], - configuration.get_components()['manager']['port'] - ) - self.orchestrator_url = "{}://{}:{}".format( - configuration.get_components()['orchestrator'].get('protocol', 'http'), - configuration.get_components()['orchestrator']['hostname'], - configuration.get_components()['orchestrator']['port'] - ) - - def update(self): - self.__update_container() - self.__update_pdp() - self.__update_policies() - self.__update_models() - for key, value in self.__PDP.items(): - # LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) - if "keystone_project_id" in value: - self.__update_container_chaining(value["keystone_project_id"]) - else: - logger.warning("no 'keystone_project_id' found while Updating container_chaining") - - @property - def authz_requests(self): - return self.__AUTHZ_REQUESTS - - # perimeter functions - - @property - def subjects(self): - return self.__SUBJECTS - - def __update_subjects(self, policy_id): - response = requests.get("{}/policies/{}/subjects".format(self.manager_url, policy_id)) - if 'subjects' in response.json(): - self.__SUBJECTS[policy_id] = response.json()['subjects'] - else: - raise exceptions.SubjectUnknown("Cannot find subject within policy_id {}".format(policy_id)) - - def get_subject(self, policy_id, name): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id in self.subjects: - for _subject_id, _subject_dict in self.subjects[policy_id].items(): - if _subject_id == name or _subject_dict.get("name") == name: - return _subject_id - - self.__update_subjects(policy_id) - - if policy_id in self.subjects: - for _subject_id, _subject_dict in self.subjects[policy_id].items(): - if _subject_id == name or _subject_dict.get("name") == name: - return _subject_id - - raise exceptions.SubjectUnknown("Cannot find subject {}".format(name)) - - @property - def objects(self): - return self.__OBJECTS - - def __update_objects(self, policy_id): - response = requests.get("{}/policies/{}/objects".format(self.manager_url, policy_id)) - if 'objects' in response.json(): - self.__OBJECTS[policy_id] = response.json()['objects'] - else: - raise exceptions.ObjectUnknown("Cannot find object within policy_id {}".format(policy_id)) - - def get_object(self, policy_id, name): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id in self.objects: - for _object_id, _object_dict in self.__OBJECTS[policy_id].items(): - if _object_id == name or _object_dict.get("name") == name: - return _object_id - - self.__update_objects(policy_id) - - if policy_id in self.objects: - for _object_id, _object_dict in self.__OBJECTS[policy_id].items(): - if _object_id == name or _object_dict.get("name") == name: - return _object_id - - raise exceptions.ObjectUnknown("Cannot find object {}".format(name)) - - @property - def actions(self): - return self.__ACTIONS - - def __update_actions(self, policy_id): - response = requests.get("{}/policies/{}/actions".format(self.manager_url, policy_id)) - - if 'actions' in response.json(): - self.__ACTIONS[policy_id] = response.json()['actions'] - else: - raise exceptions.ActionUnknown("Cannot find action within policy_id {}".format(policy_id)) - - def get_action(self, policy_id, name): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id in self.actions: - for _action_id, _action_dict in self.__ACTIONS[policy_id].items(): - if _action_id == name or _action_dict.get("name") == name: - return _action_id - - self.__update_actions(policy_id) - - for _action_id, _action_dict in self.__ACTIONS[policy_id].items(): - if _action_id == name or _action_dict.get("name") == name: - return _action_id - - raise exceptions.ActionUnknown("Cannot find action {}".format(name)) - - # meta_rule functions - - @property - def meta_rules(self): - current_time = time.time() - if self.__META_RULES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__META_RULES_UPDATE = current_time - self.__update_meta_rules() - self.__META_RULES_UPDATE = current_time - return self.__META_RULES - - def __update_meta_rules(self): - response = requests.get("{}/meta_rules".format(self.manager_url)) - - if 'meta_rules' in response.json(): - self.__META_RULES = response.json()['meta_rules'] - else: - raise exceptions.MetaRuleUnknown("Cannot find meta rules") - - # rule functions - - @property - def rules(self): - current_time = time.time() - if self.__RULES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__RULES_UPDATE = current_time - self.__update_rules() - self.__RULES_UPDATE = current_time - return self.__RULES - - def __update_rules(self): - for policy_id in self.policies: - logger.debug("Get {}".format("{}/policies/{}/rules".format( - self.manager_url, policy_id))) - - response = requests.get("{}/policies/{}/rules".format( - self.manager_url, policy_id)) - if 'rules' in response.json(): - self.__RULES[policy_id] = response.json()['rules'] - else: - logger.warning(" no 'rules' found within policy_id: {}".format(policy_id)) - - logger.debug("UPDATE RULES {}".format(self.__RULES)) - - # assignment functions - - def update_assignments(self, policy_id=None, perimeter_id=None): - if policy_id: - self.__update_subject_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - self.__update_object_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - self.__update_action_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - else: - for policy_id in self.__POLICIES: - self.__update_subject_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - self.__update_object_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - self.__update_action_assignments(policy_id=policy_id, perimeter_id=perimeter_id) - - @property - def subject_assignments(self): - return self.__SUBJECT_ASSIGNMENTS - - def __update_subject_assignments(self, policy_id, perimeter_id=None): - if perimeter_id: - response = requests.get("{}/policies/{}/subject_assignments/{}".format( - self.manager_url, policy_id, perimeter_id)) - else: - response = requests.get("{}/policies/{}/subject_assignments".format( - self.manager_url, policy_id)) - - if 'subject_assignments' in response.json(): - if policy_id not in self.subject_assignments: - self.__SUBJECT_ASSIGNMENTS[policy_id] = {} - self.__SUBJECT_ASSIGNMENTS[policy_id] = response.json()['subject_assignments'] - else: - raise exceptions.SubjectAssignmentUnknown( - "Cannot find subject assignment within policy_id {}".format(policy_id)) - - def get_subject_assignments(self, policy_id, perimeter_id, category_id): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id not in self.subject_assignments: - self.__update_subject_assignments(policy_id, perimeter_id) - - for key, value in self.subject_assignments[policy_id].items(): - if all(k in value for k in ("subject_id", "category_id", "assignments")): - if perimeter_id == value['subject_id'] and category_id == value['category_id']: - return value['assignments'] - else: - logger.warning("'subject_id' or 'category_id' or 'assignments'" - " keys are not found in subject_assignments") - return [] - - @property - def object_assignments(self): - return self.__OBJECT_ASSIGNMENTS - - def __update_object_assignments(self, policy_id, perimeter_id=None): - if perimeter_id: - response = requests.get("{}/policies/{}/object_assignments/{}".format( - self.manager_url, policy_id, perimeter_id)) - else: - response = requests.get("{}/policies/{}/object_assignments".format( - self.manager_url, policy_id)) - - if 'object_assignments' in response.json(): - if policy_id not in self.object_assignments: - self.__OBJECT_ASSIGNMENTS[policy_id] = {} - - self.__OBJECT_ASSIGNMENTS[policy_id] = response.json()['object_assignments'] - else: - raise exceptions.ObjectAssignmentUnknown( - "Cannot find object assignment within policy_id {}".format(policy_id)) - - def get_object_assignments(self, policy_id, perimeter_id, category_id): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id not in self.object_assignments: - self.__update_object_assignments(policy_id, perimeter_id) - - for key, value in self.object_assignments[policy_id].items(): - if all(k in value for k in ("object_id", "category_id", "assignments")): - if perimeter_id == value['object_id'] and category_id == value['category_id']: - return value['assignments'] - else: - logger.warning("'object_id' or 'category_id' or'assignments'" - " keys are not found in object_assignments") - return [] - - @property - def action_assignments(self): - return self.__ACTION_ASSIGNMENTS - - def __update_action_assignments(self, policy_id, perimeter_id=None): - if perimeter_id: - response = requests.get("{}/policies/{}/action_assignments/{}".format( - self.manager_url, policy_id, perimeter_id)) - else: - response = requests.get("{}/policies/{}/action_assignments".format( - self.manager_url, policy_id)) - - if 'action_assignments' in response.json(): - if policy_id not in self.__ACTION_ASSIGNMENTS: - self.__ACTION_ASSIGNMENTS[policy_id] = {} - - self.__ACTION_ASSIGNMENTS[policy_id] = response.json()['action_assignments'] - else: - raise exceptions.ActionAssignmentUnknown( - "Cannot find action assignment within policy_id {}".format(policy_id)) - - def get_action_assignments(self, policy_id, perimeter_id, category_id): - if not policy_id: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id {}".format(policy_id)) - - if policy_id not in self.action_assignments: - self.__update_action_assignments(policy_id, perimeter_id) - - for key, value in self.action_assignments[policy_id].items(): - if all(k in value for k in ("action_id", "category_id", "assignments")): - if perimeter_id == value['action_id'] and category_id == value['category_id']: - return value['assignments'] - else: - logger.warning("'action_id' or 'category_id' or'assignments'" - " keys are not found in action_assignments") - return [] - - # category functions - - @property - def subject_categories(self): - current_time = time.time() - if self.__SUBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__SUBJECT_CATEGORIES_UPDATE = current_time - self.__update_subject_categories() - self.__SUBJECT_CATEGORIES_UPDATE = current_time - return self.__SUBJECT_CATEGORIES - - def __update_subject_categories(self): - response = requests.get("{}/policies/subject_categories".format( - self.manager_url)) - - if 'subject_categories' in response.json(): - self.__SUBJECT_CATEGORIES.update(response.json()['subject_categories']) - else: - raise exceptions.SubjectCategoryUnknown("Cannot find subject category") - - @property - def object_categories(self): - current_time = time.time() - if self.__OBJECT_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__OBJECT_CATEGORIES_UPDATE = current_time - self.__update_object_categories() - self.__OBJECT_CATEGORIES_UPDATE = current_time - return self.__OBJECT_CATEGORIES - - def __update_object_categories(self): - response = requests.get("{}/policies/object_categories".format(self.manager_url)) - - if 'object_categories' in response.json(): - self.__OBJECT_CATEGORIES.update(response.json()['object_categories']) - else: - raise exceptions.ObjectCategoryUnknown("Cannot find object category") - - @property - def action_categories(self): - current_time = time.time() - if self.__ACTION_CATEGORIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__ACTION_CATEGORIES_UPDATE = current_time - self.__update_action_categories() - self.__ACTION_CATEGORIES_UPDATE = current_time - return self.__ACTION_CATEGORIES - - def __update_action_categories(self): - response = requests.get("{}/policies/action_categories".format(self.manager_url)) - - if 'action_categories' in response.json(): - self.__ACTION_CATEGORIES.update(response.json()['action_categories']) - else: - raise exceptions.ActionCategoryUnknown("Cannot find action category") - - # PDP functions - - def __update_pdp(self): - response = requests.get("{}/pdp".format(self.manager_url)) - pdp = response.json() - if 'pdps' in pdp: - for _pdp in pdp["pdps"].values(): - if "keystone_project_id" in _pdp and _pdp['keystone_project_id'] not in self.container_chaining: - self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} - # Note (asteroide): force update of chaining - self.__update_container_chaining(_pdp['keystone_project_id']) - for key, value in pdp["pdps"].items(): - self.__PDP[key] = value - - else: - raise exceptions.PdpError("Cannot find 'pdps' key") - - @property - def pdp(self): - """Policy Decision Point - Example of content: - { - "pdp_id": { - "keystone_project_id": "keystone_project_id", - "name": "pdp1", - "description": "test", - "security_pipeline": [ - "policy_id" - ] - } - } - - :return: - """ - current_time = time.time() - if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__PDP_UPDATE = current_time - self.__update_pdp() - self.__PDP_UPDATE = current_time - return self.__PDP - - # policy functions - def __update_policies(self): - response = requests.get("{}/policies".format(self.manager_url)) - policies = response.json() - - if 'policies' in policies: - for key, value in policies["policies"].items(): - self.__POLICIES[key] = value - else: - raise exceptions.PolicytNotFound("Cannot find 'policies' key") - - @property - def policies(self): - current_time = time.time() - if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__POLICIES_UPDATE = current_time - self.__update_policies() - self.__POLICIES_UPDATE = current_time - return self.__POLICIES - - # model functions - - def __update_models(self): - response = requests.get("{}/models".format(self.manager_url)) - models = response.json() - if 'models' in models: - for key, value in models["models"].items(): - self.__MODELS[key] = value - else: - raise exceptions.ModelNotFound("Cannot find 'models' key") - - @property - def models(self): - current_time = time.time() - if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__MODELS_UPDATE = current_time - self.__update_models() - self.__MODELS_UPDATE = current_time - return self.__MODELS - - # helper functions - - def get_policy_from_meta_rules(self, meta_rule_id): - for pdp_key, pdp_value in self.pdp.items(): - if "security_pipeline" in pdp_value: - for policy_id in pdp_value["security_pipeline"]: - if policy_id in self.policies and "model_id" in self.policies[policy_id]: - model_id = self.policies[policy_id]["model_id"] - if model_id in self.models and "meta_rules" in self.models[model_id]: - if meta_rule_id in self.models[model_id]["meta_rules"]: - return policy_id - else: - logger.warning( - "Cannot find model_id: {} within " - "models and 'meta_rules' key".format(model_id)) - else: - logger.warning( - "Cannot find policy_id: {} " - "within policies and 'model_id' key".format( - policy_id)) - else: - logger.warning("Cannot find 'security_pipeline' " - "key within pdp ") - - def get_meta_rule_ids_from_pdp_value(self, pdp_value): - meta_rules = [] - if "security_pipeline" in pdp_value: - for policy_id in pdp_value["security_pipeline"]: - if policy_id not in self.policies or "model_id" not in self.policies[policy_id]: - raise exceptions.PolicyUnknown("Cannot find 'models' key") - model_id = self.policies[policy_id]["model_id"] - if model_id not in self.models or 'meta_rules' not in self.models[model_id]: - raise exceptions.ModelNotFound("Cannot find 'models' key") - for meta_rule in self.models[model_id]["meta_rules"]: - meta_rules.append(meta_rule) - return meta_rules - raise exceptions.PdpContentError - - def get_pdp_from_keystone_project(self, keystone_project_id): - for pdp_key, pdp_value in self.pdp.items(): - if "keystone_project_id" in pdp_value and \ - keystone_project_id == pdp_value["keystone_project_id"]: - return pdp_key - - def get_keystone_project_id_from_policy_id(self, policy_id): - for pdp_key, pdp_value in self.pdp.items(): - if "security_pipeline" in pdp_value and \ - "keystone_project_id" in pdp_value: - if policy_id in pdp_value["security_pipeline"]: - return pdp_value["keystone_project_id"] - else: - logger.warning(" 'security_pipeline','keystone_project_id' " - "key not in pdp {}".format(pdp_value)) - - def get_keystone_project_id_from_pdp_id(self, pdp_id): - if pdp_id in self.pdp: - pdp_value = self.pdp.get(pdp_id) - if "security_pipeline" in pdp_value and \ - "keystone_project_id" in pdp_value: - return pdp_value["keystone_project_id"] - logger.warning("Unknown PDP ID".format(pdp_id)) - - def get_containers_from_keystone_project_id(self, keystone_project_id, - meta_rule_id=None): - for container_id, container_values in self.containers.items(): - for container_value in container_values: - if 'keystone_project_id' not in container_value: - continue - if container_value['keystone_project_id'] == keystone_project_id: - if not meta_rule_id: - yield container_id, container_value - elif "meta_rule_id" in container_value and \ - container_value.get('meta_rule_id') == meta_rule_id: - yield container_id, container_value - break - - # containers functions - - def __update_container(self): - response = requests.get("{}/pods".format(self.orchestrator_url)) - pods = response.json() - if "pods" in pods: - for key, value in pods["pods"].items(): - # if key not in self.__CONTAINERS: - self.__CONTAINERS[key] = value - # else: - # for container in value: - # self.__CONTAINERS[key].update(value) - else: - raise exceptions.PodError("Cannot find 'pods' key") - - def add_container(self, container_data): - """Add a new container in the cache - - :param container_data: dictionary with information for the container - Example: - { - "name": name, - "hostname": name, - "port": { - "PrivatePort": tcp_port, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": tcp_port - }, - "keystone_project_id": uuid, - "pdp_id": self.CACHE.get_pdp_from_keystone_project(uuid), - "meta_rule_id": meta_rule_id, - "container_name": container_name, - "plugin_name": plugin_name - "container_id": "container_id" - } - - :return: - """ - if all(k in container_data for k in ("keystone_project_id", "name", "container_id", "policy_id", - "meta_rule_id", "port")) \ - and all(k in container_data['port'] for k in ("PublicPort", "Type", "IP", "PrivatePort")): - - self.__CONTAINERS[uuid4().hex] = { - "keystone_project_id": container_data['keystone_project_id'], - "name": container_data['name'], - "container_id": container_data['container_id'], - "hostname": container_data['name'], - "policy_id": container_data['policy_id'], - "meta_rule_id": container_data['meta_rule_id'], - "port": [ - { - "PublicPort": container_data['port']["PublicPort"], - "Type": container_data['port']["Type"], - "IP": container_data['port']["IP"], - "PrivatePort": container_data['port']["PrivatePort"] - } - ], - "genre": container_data['plugin_name'] - } - self.__update_container_chaining(self.get_keystone_project_id_from_policy_id(container_data['policy_id'])) - else: - raise exceptions.ContainerError("Cannot find 'container' parameters key") - - @property - def containers(self): - """Containers cache - example of content : - { - "policy_uuid1": "component_hostname1", - "policy_uuid2": "component_hostname2", - } - :return: - """ - current_time = time.time() - if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__CONTAINERS_UPDATE = current_time - self.__update_container() - self.__CONTAINERS_UPDATE = current_time - return self.__CONTAINERS - - @property - def container_chaining(self): - """Cache for mapping Keystone Project ID with meta_rule ID and container ID - Example of content: - { - "keystone_project_id": [ - { - "container_id": "container_id", - "genre": "genre", - "policy_id": "policy_id", - "meta_rule_id": "meta_rule_id", - } - ] - } - - :return: - """ - current_time = time.time() - if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__CONTAINER_CHAINING_UPDATE = current_time - for key, value in self.pdp.items(): - if "keystone_project_id" in value: - if not value["keystone_project_id"]: - continue - self.__update_container_chaining(value["keystone_project_id"]) - else: - logger.warning("no 'keystone_project_id' found") - self.__CONTAINER_CHAINING_UPDATE = current_time - return self.__CONTAINER_CHAINING - - def __update_container_chaining(self, keystone_project_id): - container_ids = [] - for pdp_id, pdp_value, in self.__PDP.items(): - if pdp_value: - if all(k in pdp_value for k in ("keystone_project_id", "security_pipeline")) \ - and pdp_value["keystone_project_id"] == keystone_project_id: - for policy_id in pdp_value["security_pipeline"]: - if policy_id in self.policies and "model_id" in self.policies[policy_id]: - model_id = self.policies[policy_id]['model_id'] - if model_id in self.models and "meta_rules" in self.models[model_id]: - for meta_rule_id in self.models[model_id]["meta_rules"]: - for container_id, container_value in self.get_containers_from_keystone_project_id( - keystone_project_id, - meta_rule_id - ): - if "name" in container_value: - if all(k in container_value for k in ("genre", "port")): - container_ids.append( - { - "container_id": container_value["name"], - "genre": container_value["genre"], - "policy_id": policy_id, - "meta_rule_id": meta_rule_id, - "hostname": container_value["name"], - "hostip": "127.0.0.1", - "port": container_value["port"], - } - ) - else: - logger.warning("Container content keys not found {}", container_value) - else: - logger.warning("Container content keys not found {}", container_value) - else: - raise exceptions.ModelUnknown("Cannot find model_id: {} in models and " - "may not contains 'meta_rules' key".format(model_id)) - else: - raise exceptions.PolicyUnknown("Cannot find policy within policy_id: {}, " - "and may not contains 'model_id' key".format(policy_id)) - - self.__CONTAINER_CHAINING[keystone_project_id] = container_ids diff --git a/python_moonutilities/python_moonutilities/configuration.py b/python_moonutilities/python_moonutilities/configuration.py deleted file mode 100644 index 0516274c..00000000 --- a/python_moonutilities/python_moonutilities/configuration.py +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -import base64 -import json -import python_moonutilities.request_wrapper as requests -import logging.config -from python_moonutilities import exceptions - -logger = logging.getLogger("moon.utilities.configuration") - -CONSUL_HOST = "consul" -CONSUL_PORT = "8500" - -DATABASE = "database" -KEYSTONE = "keystone" -DOCKER = "docker" -COMPONENTS = "components" - - -def init_logging(): - config = get_configuration("logging") - logging.config.dictConfig(config['logging']) - - -def increment_port(): - components_object = get_configuration("components/port_start") - if 'components/port_start' in components_object: - components_port_start = int(components_object['components/port_start']) - components_port_start += 1 - else: - raise exceptions.ConsulComponentContentError("error={}".format(components_object)) - url = "http://{}:{}/v1/kv/components/port_start".format(CONSUL_HOST, CONSUL_PORT) - req = requests.put(url, json=str(components_port_start)) - if req.status_code != 200: - logger.info("url={}".format(url)) - raise exceptions.ConsulError - return components_port_start - - -def get_configuration(key): - url = "http://{}:{}/v1/kv/{}".format(CONSUL_HOST, CONSUL_PORT, key) - req = requests.get(url) - if req.status_code != 200: - logger.error("url={}".format(url)) - raise exceptions.ConsulComponentNotFound("error={}: {}".format(req.status_code, req.text)) - data = req.json() - if len(data) == 1: - data = data[0] - if all( k in data for k in ("Key", "Value")) : - return {data["Key"]: json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} - raise exceptions.ConsulComponentContentError("error={}".format(data)) - else: - for item in data: - if not all(k in item for k in ("Key", "Value")): - logger.warning("invalidate content {}".format(item)) - raise exceptions.ConsulComponentContentError("error={}".format(data)) - return [ - { - item["Key"]: json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - } for item in data - ] - - -def add_component(name, uuid, port=None, bind="127.0.0.1", keystone_id="", extra=None, container=None): - data = { - "hostname": name, - "keystone_id": keystone_id, - "bind": bind, - "port": port, - "extra": extra, - "container": container - } - req = requests.put( - "http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid), - headers={"content-type": "application/json"}, - json=data - ) - if req.status_code != 200: - logger.debug("url={}".format("http://{}:{}/v1/kv/components/{}".format(CONSUL_HOST, CONSUL_PORT, uuid))) - logger.debug("data={}".format(data)) - raise exceptions.ConsulError - logger.info("Add component {}".format(req.text)) - return get_configuration("components/"+uuid) - - -def get_plugins(): - pipeline = get_configuration("components/pipeline") - logger.debug("pipeline={}".format(pipeline)) - components = pipeline.get("components/pipeline") - if 'interface' in components: - components.pop('interface') - else: - raise exceptions.ConsulComponentContentError("error= Components pipeline has no interface") - return components - - -def get_components(): - url = "http://{}:{}/v1/kv/components?recurse=true".format(CONSUL_HOST, CONSUL_PORT) - req = requests.get(url) - if req.status_code != 200: - logger.info("url={}".format(url)) - raise exceptions.ConsulError - data = req.json() - if len(data) == 1: - data = data[0] - if all(k in data for k in ("Key", "Value")): - return {data["Key"].replace("components/", ""): json.loads(base64.b64decode(data["Value"]).decode("utf-8"))} - raise exceptions.ConsulComponentContentError("error={}".format(data)) - else: - for item in data: - if not all(k in item for k in ("Key", "Value")): - logger.warning("invalidate content {}".format(item)) - raise exceptions.ConsulComponentContentError("error={}".format(data)) - return { - item["Key"].replace("components/", ""): json.loads(base64.b64decode(item["Value"]).decode("utf-8")) - for item in data - } - - -init_logging() diff --git a/python_moonutilities/python_moonutilities/context.py b/python_moonutilities/python_moonutilities/context.py deleted file mode 100644 index dc140b74..00000000 --- a/python_moonutilities/python_moonutilities/context.py +++ /dev/null @@ -1,353 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -import copy -import logging -from python_moonutilities import exceptions - -logger = logging.getLogger("moon.utilities." + __name__) - - -class Context: - - def __init__(self, init_context, cache): - if init_context is None: - raise Exception("Invalid context content object") - - self.cache = cache - self.__keystone_project_id = init_context.get("project_id") - self.__pdp_id = self.cache.get_pdp_from_keystone_project(self.__keystone_project_id) - - if not self.__pdp_id: - raise exceptions.AuthzException( - "Cannot create context for authz " - "with Keystone project ID {}".format( - self.__keystone_project_id - )) - self.__pdp_value = copy.deepcopy(self.cache.pdp[self.__pdp_id]) - - self.__subject = init_context.get("subject_name") - self.__object = init_context.get("object_name") - self.__action = init_context.get("action_name") - self.__request_id = init_context.get("req_id") - self.__cookie = init_context.get("cookie") - self.__manager_url = init_context.get("manager_url") - self.__interface_name = init_context.get("interface_name") - self.__current_request = None - - self.__index = -1 - # self.__init_initial_request() - self.__meta_rule_ids = self.cache.get_meta_rule_ids_from_pdp_value(self.__pdp_value) - self.__meta_rules = self.cache.meta_rules - - self.__pdp_set = {} - # self.__init_pdp_set() - - def delete_cache(self): - self.cache = {} - - def set_cache(self, cache): - self.cache = cache - - def increment_index(self): - self.__index += 1 - self.__init_current_request() - self.__init_pdp_set() - - @property - def current_state(self): - self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]]) - return self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect'] - - @current_state.setter - def current_state(self, state): - if state not in ("grant", "deny", "passed"): - state = "passed" - self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]]) - self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect'] = state - - @current_state.deleter - def current_state(self): - self.__validate_meta_rule_content(self.__pdp_set[self.__meta_rule_ids[self.__index]]) - self.__pdp_set[self.__meta_rule_ids[self.__index]]['effect'] = "unset" - - @property - def current_policy_id(self): - if "security_pipeline" not in self.__pdp_value: - raise exceptions.AuthzException('Cannot find security_pipeline key within pdp.') - return self.__pdp_value["security_pipeline"][self.__index] - - @current_policy_id.setter - def current_policy_id(self, value): - pass - - @current_policy_id.deleter - def current_policy_id(self): - pass - - def __init_current_request(self): - if "security_pipeline" not in self.__pdp_value: - raise exceptions.PdpContentError - self.__subject = self.cache.get_subject( - self.__pdp_value["security_pipeline"][self.__index], - self.__subject) - self.__object = self.cache.get_object( - self.__pdp_value["security_pipeline"][self.__index], - self.__object) - self.__action = self.cache.get_action( - self.__pdp_value["security_pipeline"][self.__index], - self.__action) - self.__current_request = dict(self.initial_request) - - def __init_pdp_set(self): - for meta_rule_id in self.__meta_rule_ids: - self.__pdp_set[meta_rule_id] = dict() - self.__pdp_set[meta_rule_id]["meta_rules"] = self.__meta_rules[meta_rule_id] - self.__pdp_set[meta_rule_id]["target"] = self.__add_target(meta_rule_id) - self.__pdp_set[meta_rule_id]["effect"] = "unset" - self.__pdp_set["effect"] = "deny" - - def update_target(self): - for meta_rule_id in self.__meta_rule_ids: - result = dict() - _subject = self.__current_request["subject"] - _object = self.__current_request["object"] - _action = self.__current_request["action"] - - meta_rules = self.cache.meta_rules - policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) - - if 'subject_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'subject_categories' key not found ") - - self.cache.update_assignments(policy_id) - - for sub_cat in meta_rules[meta_rule_id]['subject_categories']: - if sub_cat not in result: - result[sub_cat] = [] - result[sub_cat].extend( - self.cache.get_subject_assignments(policy_id, _subject, sub_cat)) - - if 'object_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'object_categories' key not found ") - - for obj_cat in meta_rules[meta_rule_id]['object_categories']: - if obj_cat not in result: - result[obj_cat] = [] - result[obj_cat].extend( - self.cache.get_object_assignments(policy_id, _object, obj_cat)) - - if 'action_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'action_categories' key not found ") - - for act_cat in meta_rules[meta_rule_id]['action_categories']: - if act_cat not in result: - result[act_cat] = [] - result[act_cat].extend( - self.cache.get_action_assignments(policy_id, _action, act_cat)) - - self.__pdp_set[meta_rule_id]["target"] = result - - def __add_target(self, meta_rule_id): - """build target from meta_rule - - Target is dict of categories as keys ; and the value of each category - will be a list of assignments - - """ - result = dict() - _subject = self.__current_request["subject"] - _object = self.__current_request["object"] - _action = self.__current_request["action"] - - meta_rules = self.cache.meta_rules - policy_id = self.cache.get_policy_from_meta_rules(meta_rule_id) - - if 'subject_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'subject_categories' key not found ") - - for sub_cat in meta_rules[meta_rule_id]['subject_categories']: - if sub_cat not in result: - result[sub_cat] = [] - result[sub_cat].extend( - self.cache.get_subject_assignments(policy_id, _subject, sub_cat)) - - if 'object_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'object_categories' key not found ") - - for obj_cat in meta_rules[meta_rule_id]['object_categories']: - if obj_cat not in result: - result[obj_cat] = [] - result[obj_cat].extend( - self.cache.get_object_assignments(policy_id, _object, obj_cat)) - - if 'action_categories' not in meta_rules[meta_rule_id]: - raise exceptions.MetaRuleContentError(" 'action_categories' key not found ") - - for act_cat in meta_rules[meta_rule_id]['action_categories']: - if act_cat not in result: - result[act_cat] = [] - result[act_cat].extend( - self.cache.get_action_assignments(policy_id, _action, act_cat)) - - return result - - def __repr__(self): - return """PDP ID: {id} -current_request: {current_request} -request_id: {request_id} -index: {index} -headers: {headers} -pdp_set: {pdp_set} - """.format( - id=self.__pdp_id, - current_request=self.__current_request, - request_id=self.__request_id, - headers=self.__meta_rule_ids, - pdp_set=self.__pdp_set, - index=self.__index - ) - - def to_dict(self): - return { - "initial_request": copy.deepcopy(self.initial_request), - "current_request": copy.deepcopy(self.__current_request), - "headers": copy.deepcopy(self.__meta_rule_ids), - "index": copy.deepcopy(self.__index), - "pdp_set": copy.deepcopy(self.__pdp_set), - "request_id": copy.deepcopy(self.__request_id), - "manager_url": copy.deepcopy(self.__manager_url), - "interface_name": copy.deepcopy(self.__interface_name), - } - - @property - def request_id(self): - return self.__request_id - - @request_id.setter - def request_id(self, value): - raise Exception("You cannot update the request_id") - - @request_id.deleter - def request_id(self): - raise Exception("You cannot update the request_id") - - @property - def manager_url(self): - return self.__manager_url - - @manager_url.setter - def manager_url(self, value): - raise Exception("You cannot update the manager_url") - - @manager_url.deleter - def manager_url(self): - raise Exception("You cannot update the manager_url") - - @property - def interface_name(self): - return self.__interface_name - - @interface_name.setter - def interface_name(self, value): - raise Exception("You cannot update the interface_name") - - @interface_name.deleter - def interface_name(self): - raise Exception("You cannot update the interface_name") - - @property - def cookie(self): - return self.__cookie - - @cookie.setter - def cookie(self, value): - raise Exception("You cannot update the cookie") - - @cookie.deleter - def cookie(self): - raise Exception("You cannot delete the cookie") - - @property - def initial_request(self): - return { - "subject": self.__subject, - "object": self.__object, - "action": self.__action, - } - - @initial_request.setter - def initial_request(self, value): - raise Exception("You are not allowed to update the initial_request") - - @initial_request.deleter - def initial_request(self): - raise Exception("You are not allowed to delete the initial_request") - - @property - def current_request(self): - if not self.__current_request: - self.__current_request = dict(self.initial_request) - return self.__current_request - - @current_request.setter - def current_request(self, value): - - self.__current_request = copy.deepcopy(value) - # Note (asteroide): if the current request is modified, - # we must update the PDP Set. - self.__init_pdp_set() - - @current_request.deleter - def current_request(self): - self.__current_request = {} - self.__pdp_set = {} - - ''' - [Note ] Refactor name of headers to meta_rule_ids done , - may need to refactor getter and setter of headers - ''' - - @property - def headers(self): - return self.__meta_rule_ids - - @headers.setter - def headers(self, meta_rule_ids): - self.__meta_rule_ids = meta_rule_ids - - @headers.deleter - def headers(self): - self.__meta_rule_ids = list() - - @property - def index(self): - return self.__index - - @index.setter - def index(self, index): - self.__index += 1 - - @index.deleter - def index(self): - self.__index = -1 - - @property - def pdp_set(self): - return self.__pdp_set - - @pdp_set.setter - def pdp_set(self, value): - raise Exception("You are not allowed to modify the pdp_set") - - @pdp_set.deleter - def pdp_set(self): - self.__pdp_set = {} - - def __validate_meta_rule_content(self, meta_rules): - if 'effect' not in meta_rules: - logger.error("meta_rules={}".format(meta_rules)) - raise exceptions.PdpContentError("effect not in meta_rules") diff --git a/python_moonutilities/python_moonutilities/exceptions.py b/python_moonutilities/python_moonutilities/exceptions.py deleted file mode 100644 index 8ad90e96..00000000 --- a/python_moonutilities/python_moonutilities/exceptions.py +++ /dev/null @@ -1,833 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import logging -from werkzeug.exceptions import HTTPException - -logger = logging.getLogger("moon.utilities.exceptions") -_ = str - - -class MoonErrorMetaClass(type): - - def __init__(cls, name, bases, dct): - super(MoonErrorMetaClass, cls).__init__(name, bases, dct) - cls.hierarchy += "/" + str(name) - - -class MoonError(HTTPException): - __metaclass__ = MoonErrorMetaClass - hierarchy = "" - description = _("There is an error requesting the Moon platform.") - code = 400 - title = 'Moon Error' - logger = "ERROR" - - def __init__(self, message="", status_code=None, payload=""): - if message: - self.description = message - if status_code: - self.code = status_code - self.payload = payload - super(MoonError, self).__init__() - - def __str__(self): - return "{}: {}".format(self.code, self.title) - - def __del__(self): - message = "{} ({}) {}".format(self.hierarchy, self.description, self.payload) - if self.logger == "ERROR": - try: - logger.error(message) - except AttributeError: - logger.error(message) - elif self.logger == "WARNING": - try: - logger.warning(message) - except AttributeError: - logger.warning(message) - elif self.logger == "CRITICAL": - try: - logger.critical(message) - except AttributeError: - logger.critical(message) - elif self.logger == "AUTHZ": - try: - logger.authz(self.hierarchy) - logger.error(message) - except AttributeError: - logger.error(message) - else: - try: - logger.info(message) - except AttributeError: - logger.info(message) - - # def to_dict(self): - # rv = dict(self.payload or ()) - # rv['message'] = "{} ({})".format(self.hierarchy, self.description) - # rv['title'] = self.title - # rv['code'] = self.code - # return rv - - -# Exceptions for Tenant - -class TenantException(MoonError): - description = _("There is an error requesting this tenant.") - code = 400 - title = 'Tenant Error' - logger = "ERROR" - - -class TenantUnknown(TenantException): - description = _("The tenant is unknown.") - code = 400 - title = 'Tenant Unknown' - logger = "ERROR" - - -class TenantAddedNameExisting(TenantException): - description = _("The tenant name is existing.") - code = 400 - title = 'Added Tenant Name Existing' - logger = "ERROR" - - -class TenantNoIntraExtension(TenantException): - description = _("The tenant has not intra_extension.") - code = 400 - title = 'Tenant No Intra_Extension' - logger = "ERROR" - - -class TenantNoIntraAuthzExtension(TenantNoIntraExtension): - description = _("The tenant has not intra_admin_extension.") - code = 400 - title = 'Tenant No Intra_Admin_Extension' - logger = "ERROR" - - -# Exceptions for IntraExtension - - -class IntraExtensionException(MoonError): - description = _("There is an error requesting this IntraExtension.") - code = 400 - title = 'Extension Error' - - -class IntraExtensionUnknown(IntraExtensionException): - description = _("The intra_extension is unknown.") - code = 400 - title = 'Intra Extension Unknown' - logger = "Error" - - -class ModelUnknown(MoonError): - description = _("The model is unknown.") - code = 400 - title = 'Model Unknown' - logger = "Error" - - -class ModelContentError(MoonError): - description = _("The model content is invalid.") - code = 400 - title = 'Model Unknown' - logger = "Error" - - -class ModelExisting(MoonError): - description = _("The model already exists.") - code = 409 - title = 'Model Error' - logger = "Error" - - -# Authz exceptions - -class AuthzException(MoonError): - description = _("There is an authorization error requesting this IntraExtension.") - code = 403 - title = 'Authz Exception' - logger = "AUTHZ" - - -# Auth exceptions - -class AuthException(MoonError): - description = _("There is an authentication error requesting this API. " - "You must provide a valid token from Keystone.") - code = 401 - title = 'Auth Exception' - logger = "AUTHZ" - - -# Admin exceptions - -class AdminException(MoonError): - description = _("There is an error requesting this Authz IntraExtension.") - code = 400 - title = 'Authz Exception' - logger = "AUTHZ" - - -class AdminMetaData(AdminException): - code = 400 - title = 'Metadata Exception' - - -class AdminPerimeter(AdminException): - code = 400 - title = 'Perimeter Exception' - - -class AdminScope(AdminException): - code = 400 - title = 'Scope Exception' - - -class AdminAssignment(AdminException): - code = 400 - title = 'Assignment Exception' - - -class AdminMetaRule(AdminException): - code = 400 - title = 'Aggregation Algorithm Exception' - - -class AdminRule(AdminException): - code = 400 - title = 'Rule Exception' - - -class CategoryNameInvalid(AdminMetaData): - description = _("The given category name is invalid.") - code = 400 - title = 'Category Name Invalid' - logger = "ERROR" - - -class SubjectCategoryExisting(AdminMetaData): - description = _("The given subject category already exists.") - code = 409 - title = 'Subject Category Existing' - logger = "ERROR" - -class ObjectCategoryExisting(AdminMetaData): - description = _("The given object category already exists.") - code = 409 - title = 'Object Category Existing' - logger = "ERROR" - -class ActionCategoryExisting(AdminMetaData): - description = _("The given action category already exists.") - code = 409 - title = 'Action Category Existing' - logger = "ERROR" - - -class SubjectCategoryUnknown(AdminMetaData): - description = _("The given subject category is unknown.") - code = 400 - title = 'Subject Category Unknown' - logger = "ERROR" - - -class DeleteSubjectCategoryWithMetaRule(MoonError): - description = _("Cannot delete subject category used in meta rule ") - code = 400 - title = 'Subject Category With Meta Rule Error' - logger = "Error" - - -class DeleteObjectCategoryWithMetaRule(MoonError): - description = _("Cannot delete Object category used in meta rule ") - code = 400 - title = 'Object Category With Meta Rule Error' - logger = "Error" - - -class ObjectCategoryUnknown(AdminMetaData): - description = _("The given object category is unknown.") - code = 400 - title = 'Object Category Unknown' - logger = "ERROR" - - -class DeleteActionCategoryWithMetaRule(MoonError): - description = _("Cannot delete Action category used in meta rule ") - code = 400 - title = 'Action Category With Meta Rule Error' - logger = "Error" - - -class ActionCategoryUnknown(AdminMetaData): - description = _("The given action category is unknown.") - code = 400 - title = 'Action Category Unknown' - logger = "ERROR" - -class PerimeterContentError(AdminPerimeter): - description = _("Perimeter content is invalid.") - code = 400 - title = 'Perimeter content is invalid.' - logger = "ERROR" - - -class DeletePerimeterWithAssignment(MoonError): - description = _("Cannot delete perimeter with assignment") - code = 400 - title = 'Perimeter With Assignment Error' - logger = "Error" - - -class SubjectUnknown(AdminPerimeter): - description = _("The given subject is unknown.") - code = 400 - title = 'Subject Unknown' - logger = "ERROR" - - -class ObjectUnknown(AdminPerimeter): - description = _("The given object is unknown.") - code = 400 - title = 'Object Unknown' - logger = "ERROR" - - -class ActionUnknown(AdminPerimeter): - description = _("The given action is unknown.") - code = 400 - title = 'Action Unknown' - logger = "ERROR" - - -class SubjectExisting(AdminPerimeter): - description = _("The given subject is existing.") - code = 409 - title = 'Subject Existing' - logger = "ERROR" - - -class ObjectExisting(AdminPerimeter): - description = _("The given object is existing.") - code = 409 - title = 'Object Existing' - logger = "ERROR" - - -class ActionExisting(AdminPerimeter): - description = _("The given action is existing.") - code = 409 - title = 'Action Existing' - logger = "ERROR" - - -class SubjectNameExisting(AdminPerimeter): - description = _("The given subject name is existing.") - code = 409 - title = 'Subject Name Existing' - logger = "ERROR" - - -class ObjectNameExisting(AdminPerimeter): - description = _("The given object name is existing.") - code = 409 - title = 'Object Name Existing' - logger = "ERROR" - - -class ActionNameExisting(AdminPerimeter): - description = _("The given action name is existing.") - code = 409 - title = 'Action Name Existing' - logger = "ERROR" - - -class ObjectsWriteNoAuthorized(AdminPerimeter): - description = _("The modification on Objects is not authorized.") - code = 400 - title = 'Objects Write No Authorized' - logger = "AUTHZ" - - -class ActionsWriteNoAuthorized(AdminPerimeter): - description = _("The modification on Actions is not authorized.") - code = 400 - title = 'Actions Write No Authorized' - logger = "AUTHZ" - - -class SubjectScopeUnknown(AdminScope): - description = _("The given subject scope is unknown.") - code = 400 - title = 'Subject Scope Unknown' - logger = "ERROR" - - -class ObjectScopeUnknown(AdminScope): - description = _("The given object scope is unknown.") - code = 400 - title = 'Object Scope Unknown' - logger = "ERROR" - - -class ActionScopeUnknown(AdminScope): - description = _("The given action scope is unknown.") - code = 400 - title = 'Action Scope Unknown' - logger = "ERROR" - - -class SubjectScopeExisting(AdminScope): - description = _("The given subject scope is existing.") - code = 409 - title = 'Subject Scope Existing' - logger = "ERROR" - - -class ObjectScopeExisting(AdminScope): - description = _("The given object scope is existing.") - code = 409 - title = 'Object Scope Existing' - logger = "ERROR" - - -class ActionScopeExisting(AdminScope): - description = _("The given action scope is existing.") - code = 409 - title = 'Action Scope Existing' - logger = "ERROR" - - -class SubjectScopeNameExisting(AdminScope): - description = _("The given subject scope name is existing.") - code = 409 - title = 'Subject Scope Name Existing' - logger = "ERROR" - - -class ObjectScopeNameExisting(AdminScope): - description = _("The given object scope name is existing.") - code = 409 - title = 'Object Scope Name Existing' - logger = "ERROR" - - -class ActionScopeNameExisting(AdminScope): - description = _("The given action scope name is existing.") - code = 409 - title = 'Action Scope Name Existing' - logger = "ERROR" - - -class SubjectAssignmentUnknown(AdminAssignment): - description = _("The given subject assignment value is unknown.") - code = 400 - title = 'Subject Assignment Unknown' - logger = "ERROR" - - -class ObjectAssignmentUnknown(AdminAssignment): - description = _("The given object assignment value is unknown.") - code = 400 - title = 'Object Assignment Unknown' - logger = "ERROR" - - -class ActionAssignmentUnknown(AdminAssignment): - description = _("The given action assignment value is unknown.") - code = 400 - title = 'Action Assignment Unknown' - logger = "ERROR" - - -class SubjectAssignmentExisting(AdminAssignment): - description = _("The given subject assignment value is existing.") - code = 409 - title = 'Subject Assignment Existing' - logger = "ERROR" - - -class ObjectAssignmentExisting(AdminAssignment): - description = _("The given object assignment value is existing.") - code = 409 - title = 'Object Assignment Existing' - logger = "ERROR" - - -class ActionAssignmentExisting(AdminAssignment): - description = _("The given action assignment value is existing.") - code = 409 - title = 'Action Assignment Existing' - logger = "ERROR" - - -class AggregationAlgorithmNotExisting(AdminMetaRule): - description = _("The given aggregation algorithm is not existing.") - code = 400 - title = 'Aggregation Algorithm Not Existing' - logger = "ERROR" - - -class AggregationAlgorithmUnknown(AdminMetaRule): - description = _("The given aggregation algorithm is unknown.") - code = 400 - title = 'Aggregation Algorithm Unknown' - logger = "ERROR" - - -class SubMetaRuleAlgorithmNotExisting(AdminMetaRule): - description = _("The given sub_meta_rule algorithm is unknown.") - code = 400 - title = 'Sub_meta_rule Algorithm Unknown' - logger = "ERROR" - - -class MetaRuleUnknown(AdminMetaRule): - description = _("The given meta rule is unknown.") - code = 400 - title = 'Meta Rule Unknown' - logger = "ERROR" - - -class MetaRuleNotLinkedWithPolicyModel(MoonError): - description = _("The meta rule is not found in the model attached to the policy.") - code = 400 - title = 'MetaRule Not Linked With Model - Policy' - logger = "Error" - - -class CategoryNotAssignedMetaRule(MoonError): - description = _("The category is not found in the meta rules attached to the policy.") - code = 400 - title = 'Category Not Linked With Meta Rule - Policy' - logger = "Error" - - -class SubMetaRuleNameExisting(AdminMetaRule): - description = _("The sub meta rule name already exists.") - code = 409 - title = 'Sub Meta Rule Name Existing' - logger = "ERROR" - - -class MetaRuleExisting(AdminMetaRule): - description = _("The meta rule already exists.") - code = 409 - title = 'Meta Rule Existing' - logger = "ERROR" - - -class MetaRuleContentError(AdminMetaRule): - description = _("Invalid content of meta rule.") - code = 400 - title = 'Meta Rule Error' - logger = "ERROR" - - -class MetaRuleUpdateError(AdminMetaRule): - description = _("Meta_rule is used in Rule.") - code = 400 - title = 'Meta_Rule Update Error' - logger = "ERROR" - - -class RuleExisting(AdminRule): - description = _("The rule already exists.") - code = 409 - title = 'Rule Existing' - logger = "ERROR" - - -class RuleContentError(AdminRule): - description = _("Invalid content of rule.") - code = 400 - title = 'Rule Error' - logger = "ERROR" - - -class RuleUnknown(AdminRule): - description = _("The rule for that request doesn't exist.") - code = 400 - title = 'Rule Unknown' - logger = "ERROR" - - -# Keystone exceptions - - -class KeystoneError(MoonError): - description = _("There is an error connecting to Keystone.") - code = 400 - title = 'Keystone error' - logger = "ERROR" - - -class KeystoneProjectError(KeystoneError): - description = _("There is an error retrieving projects from the Keystone service.") - code = 400 - title = 'Keystone project error' - logger = "ERROR" - - -class KeystoneUserError(KeystoneError): - description = _("There is an error retrieving users from the Keystone service.") - code = 400 - title = 'Keystone user error' - logger = "ERROR" - - -class KeystoneUserConflict(KeystoneUserError): - description = _("A user with that name already exist.") - code = 400 - title = 'Keystone user error' - logger = "ERROR" - - -# Consul exceptions - - -class ConsulError(MoonError): - description = _("There is an error connecting to Consul.") - code = 400 - title = 'Consul error' - logger = "ERROR" - - -class ConsulComponentNotFound(ConsulError): - description = _("The component do not exist in Consul database.") - code = 500 - title = 'Consul error' - logger = "WARNING" - - -class ConsulComponentContentError(ConsulError): - description = _("invalid content of component .") - code = 500 - title = 'Consul Content error' - logger = "WARNING" - - -# Containers exceptions - - -class DockerError(MoonError): - description = _("There is an error with Docker.") - code = 400 - title = 'Docker error' - logger = "ERROR" - - -class ContainerMissing(DockerError): - description = _("Some containers are missing.") - code = 400 - title = 'Container missing' - logger = "ERROR" - - -class WrapperConflict(MoonError): - description = _("A Wrapper already exist for the specified slave.") - code = 409 - title = 'Wrapper conflict' - logger = "ERROR" - - -class PipelineConflict(MoonError): - description = _("A Pipeline already exist for the specified slave.") - code = 409 - title = 'Pipeline conflict' - logger = "ERROR" - - -class PipelineUnknown(MoonError): - description = _("This Pipeline is unknown from the system.") - code = 400 - title = 'Pipeline Unknown' - logger = "ERROR" - - -class WrapperUnknown(MoonError): - description = _("This Wrapper is unknown from the system.") - code = 400 - title = 'Wrapper Unknown' - logger = "ERROR" - - -class SlaveNameUnknown(MoonError): - description = _("The slave is unknown.") - code = 400 - title = 'Slave Unknown' - logger = "Error" - - -class PdpUnknown(MoonError): - description = _("The pdp is unknown.") - code = 400 - title = 'Pdp Unknown' - logger = "Error" - - -class PdpExisting(MoonError): - description = _("The pdp already exists.") - code = 409 - title = 'Pdp Error' - logger = "Error" - - -class PdpContentError(MoonError): - description = _("Invalid content of pdp.") - code = 400 - title = 'Pdp Error' - logger = "Error" - - -class PdpKeystoneMappingConflict(MoonError): - description = _("A pdp is already mapped to that Keystone project.") - code = 409 - title = 'Pdp Mapping Error' - logger = "Error" - - -class PolicyUnknown(MoonError): - description = _("The policy is unknown.") - code = 400 - title = 'Policy Unknown' - logger = "Error" - -class PolicyContentError(MoonError): - description = _("The policy content is invalid.") - code = 400 - title = 'Policy Content Error' - logger = "Error" - - -class PolicyExisting(MoonError): - description = _("The policy already exists.") - code = 409 - title = 'Policy Already Exists' - logger = "Error" - - -class PolicyUpdateError(MoonError): - description = _("The policy data is used.") - code = 400 - title = 'Policy update error' - logger = "Error" - - -class DeleteData(MoonError): - description = _("Cannot delete data with assignment") - code = 400 - title = 'Data Error' - logger = "Error" - - -class DeleteCategoryWithData(MoonError): - description = _("Cannot delete category with data") - code = 400 - title = 'Category With Data Error' - logger = "Error" - - -class DeleteCategoryWithMetaRule(MoonError): - description = _("Cannot delete category with meta rule") - code = 400 - title = 'Category With MetaRule Error' - logger = "Error" - - -class DeleteCategoryWithAssignment(MoonError): - description = _("Cannot delete category with assignment ") - code = 400 - title = 'Category With Assignment Error' - logger = "Error" - - -class DeleteModelWithPolicy(MoonError): - description = _("Cannot delete model with policy") - code = 400 - title = 'Model With Policy Error' - logger = "Error" - - -class DeletePolicyWithPdp(MoonError): - description = _("Cannot delete policy with pdp") - code = 400 - title = 'Policy With PDP Error' - logger = "Error" - - -class DeletePolicyWithPerimeter(MoonError): - description = _("Cannot delete policy with perimeter") - code = 400 - title = 'Policy With Perimeter Error' - logger = "Error" - - -class DeletePolicyWithData(MoonError): - description = _("Cannot delete policy with data") - code = 400 - title = 'Policy With Data Error' - logger = "Error" - - -class DeletePolicyWithRules(MoonError): - description = _("Cannot delete policy with rules") - code = 400 - title = 'Policy With Rule Error' - logger = "Error" - - -class DeleteMetaRuleWithModel(MoonError): - description = _("Cannot delete meta rule with model") - code = 400 - title = 'Meta rule With Model Error' - logger = "Error" - - -class DeleteMetaRuleWithRule(MoonError): - description = _("Cannot delete meta rule with rule") - code = 400 - title = 'Meta rule With Model Error' - logger = "Error" - - -class DataUnknown(MoonError): - description = _("The data unknown.") - code = 400 - title = 'Data Unknown' - logger = "Error" - - -class ValidationContentError(MoonError): - description = _("The Content validation incorrect.") - code = 400 - title = 'Invalid Content' - logger = "Error" - - def __init__(self, message=""): - self.message = message - super().__init__(message) - - def __str__(self): - return self.message - - -class ValidationKeyError(MoonError): - description = _("The Key validation incorrect.") - code = 400 - title = 'Invalid Key' - logger = "Error" - - def __init__(self, message=""): - self.message = message - super().__init__(message) - - def __str__(self): - return self.message diff --git a/python_moonutilities/python_moonutilities/misc.py b/python_moonutilities/python_moonutilities/misc.py deleted file mode 100644 index 1db4d7cd..00000000 --- a/python_moonutilities/python_moonutilities/misc.py +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -import logging -import random - -logger = logging.getLogger("moon.utilities.misc") - - -def get_random_name(): - _list = ( - "windy", - "vengeful", - "precious", - "vivacious", - "quiet", - "confused", - "exultant", - "impossible", - "thick", - "obsolete", - "piquant", - "fanatical", - "tame", - "perfect", - "animated", - "dark", - "stimulating", - "drunk", - "depressed", - "fumbling", - "like", - "undesirable", - "spurious", - "subsequent", - "spiteful", - "last", - "stale", - "hulking", - "giddy", - "minor", - "careful", - "possessive", - "gullible", - "fragile", - "divergent", - "ill-informed", - "false", - "jumpy", - "damaged", - "likeable", - "volatile", - "handsomely", - "wet", - "long-term", - "pretty", - "taboo", - "normal", - "magnificent", - "nutty", - "puzzling", - "small", - "kind", - "devilish", - "chubby", - "paltry", - "cultured", - "old", - "defective", - "hanging", - "innocent", - "jagged", - "economic", - "good", - "sulky", - "real", - "bent", - "shut", - "furry", - "terrific", - "hollow", - "terrible", - "mammoth", - "pleasant", - "scared", - "obnoxious", - "absorbing", - "imported", - "infamous", - "grieving", - "ill-fated", - "mighty", - "handy", - "comfortable", - "astonishing", - "brown", - "assorted", - "wrong", - "unsightly", - "spooky", - "delightful", - "acid", - "inconclusive", - "mere", - "careless", - "historical", - "flashy", - "squealing", - "quarrelsome", - "empty", - "long", - ) - return random.choice(_list) diff --git a/python_moonutilities/python_moonutilities/request_wrapper.py b/python_moonutilities/python_moonutilities/request_wrapper.py deleted file mode 100644 index f1603b9d..00000000 --- a/python_moonutilities/python_moonutilities/request_wrapper.py +++ /dev/null @@ -1,22 +0,0 @@ -import sys -import requests -from python_moonutilities import exceptions - -def get(url): - try: - response = requests.get(url) - except requests.exceptions.RequestException as e: - raise exceptions.ConsulError("request failure ",e) - except: - raise exceptions.ConsulError("Unexpected error ", sys.exc_info()[0]) - return response - - -def put(url, json=""): - try: - response = requests.put(url,json=json) - except requests.exceptions.RequestException as e: - raise exceptions.ConsulError("request failure ",e) - except: - raise exceptions.ConsulError("Unexpected error ", sys.exc_info()[0]) - return response
\ No newline at end of file diff --git a/python_moonutilities/python_moonutilities/security_functions.py b/python_moonutilities/python_moonutilities/security_functions.py deleted file mode 100644 index 1069eb2f..00000000 --- a/python_moonutilities/python_moonutilities/security_functions.py +++ /dev/null @@ -1,331 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - - -import html -import re -import os -import types -import requests -import time -from functools import wraps -from flask import request -import logging -from python_moonutilities import exceptions, configuration - -logger = logging.getLogger("moon.utilities." + __name__) - -keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"] -TOKENS = {} -__targets = {} - - -def filter_input(func_or_str): - - def __filter(string): - if string and type(string) is str: - return "".join(re.findall("[\w\- +]*", string)) - return string - - def __filter_dict(arg): - result = dict() - for key in arg.keys(): - if key == "email": - result["email"] = __filter_email(arg[key]) - elif key == "password": - result["password"] = arg['password'] - else: - result[key] = __filter(arg[key]) - return result - - def __filter_email(string): - if string and type(string) is str: - return "".join(re.findall("[\w@\._\- +]*", string)) - return string - - def wrapped(*args, **kwargs): - _args = [] - for arg in args: - if isinstance(arg, str): - arg = __filter(arg) - elif isinstance(arg, list): - arg = [__filter(item) for item in arg] - elif isinstance(arg, tuple): - arg = (__filter(item) for item in arg) - elif isinstance(arg, dict): - arg = __filter_dict(arg) - _args.append(arg) - for arg in kwargs: - if type(kwargs[arg]) is str: - kwargs[arg] = __filter(kwargs[arg]) - if isinstance(kwargs[arg], str): - kwargs[arg] = __filter(kwargs[arg]) - elif isinstance(kwargs[arg], list): - kwargs[arg] = [__filter(item) for item in kwargs[arg]] - elif isinstance(kwargs[arg], tuple): - kwargs[arg] = (__filter(item) for item in kwargs[arg]) - elif isinstance(kwargs[arg], dict): - kwargs[arg] = __filter_dict(kwargs[arg]) - return func_or_str(*_args, **kwargs) - - if isinstance(func_or_str, str): - return __filter(func_or_str) - if isinstance(func_or_str, list): - return [__filter(item) for item in func_or_str] - if isinstance(func_or_str, tuple): - return (__filter(item) for item in func_or_str) - if isinstance(func_or_str, dict): - return __filter_dict(func_or_str) - if isinstance(func_or_str, types.FunctionType): - return wrapped - return None - - -""" -To do should check value of Dictionary but it's dependent on from where it's coming -""" - - -def validate_data(data): - def __validate_string(string): - temp_str = html.escape(string) - if string != temp_str: - raise exceptions.ValidationContentError('Forbidden characters in string') - - def __validate_list_or_tuple(container): - for i in container: - validate_data(i) - - def __validate_dict(dictionary): - for key in dictionary: - validate_data(dictionary[key]) - - if isinstance(data, bool): - return True - if data is None: - data = "" - if isinstance(data, str): - __validate_string(data) - elif isinstance(data, list) or isinstance(data, tuple): - __validate_list_or_tuple(data) - elif isinstance(data, dict): - __validate_dict(data) - else: - raise exceptions.ValidationContentError('Value is Not String or Container or Dictionary: {}'.format(data)) - - -def validate_input(type='get', args_state=[], kwargs_state=[], body_state=[]): - """ - this fucntion works only on List or tuple or dictionary of Strings ,and String direct - Check if input of function is Valid or not, Valid if not has spaces and values is not None or empty. - - :param type: type of request if function is used as decorator - :param args_state: list of Booleans for args, - values must be order as target values of arguments, - True if None is not Allowed and False if is allowed - :param kwargs_state: list of Booleans for kwargs as order of input kwargs, - values must be order as target values of arguments, - True if None is not Allowed and False if is allowed - :param body_state: list of Booleans for arguments in body of request if request is post, - values must be order as target values of arguments, - True if None is not Allowed and False if is allowed - :return: - """ - - def validate_input_decorator(func): - def wrapped(*args, **kwargs): - - temp_args = [] - """ - this loop made to filter args from object class, - when put this function as decorator in function control - then there is copy of this class add to front of args - """ - for arg in args: - if isinstance(arg, str) == True or \ - isinstance(arg, list) == True or \ - isinstance(arg, dict) == True: - temp_args.append(arg) - - while len(args_state) < len(temp_args): - args_state.append(True) - - for i in range(0, len(temp_args)): - if args_state[i]: - validate_data(temp_args[i]) - - while len(kwargs_state) < len(kwargs): - kwargs_state.append(False) - counter = 0 - for i in kwargs: - if kwargs_state[counter]: - validate_data(kwargs[i]) - - counter = counter + 1 - - if type == "post" or type == "patch": - body = request.json - # while len(body_state) < len(body): - # body_state.append(True) - # counter = 0 - for key in body_state: - if key in body: - if body_state[key]: - try: - validate_data(body.get(key)) - except exceptions.ValidationContentError as e: - raise exceptions.ValidationContentError("Key: '{}', [{}]".format(key, str(e))) - else: - raise exceptions.ValidationKeyError('Invalid Key :{} not found'.format(key)) - - # counter = counter + 1 - - return func(*args, **kwargs) - - return wrapped - - return validate_input_decorator - - -def enforce(action_names, object_name, **extra): - """Fake version of the enforce decorator""" - def wrapper_func(func): - def wrapper_args(*args, **kwargs): - # LOG.info("kwargs={}".format(kwargs)) - # kwargs['user_id'] = kwargs.pop('user_id', "admin") - # LOG.info("Calling enforce on {} with args={} kwargs={}".format(func.__name__, args, kwargs)) - return func(*args, **kwargs) - return wrapper_args - return wrapper_func - - -def login(user=None, password=None, domain=None, project=None, url=None): - start_time = time.time() - if not user: - user = keystone_config['user'] - if not password: - password = keystone_config['password'] - if not domain: - domain = keystone_config['domain'] - if not project: - project = keystone_config['project'] - if not url: - url = keystone_config['url'] - headers = { - "Content-Type": "application/json" - } - data_auth = { - "auth": { - "identity": { - "methods": [ - "password" - ], - "password": { - "user": { - "domain": { - "id": domain - }, - "name": user, - "password": password - } - } - }, - "scope": { - "project": { - "domain": { - "id": domain - }, - "name": project - } - } - } - } - - while True: - req = requests.post("{}/auth/tokens".format(url), - json=data_auth, headers=headers, - verify=keystone_config['certificate']) - - if req.status_code in (200, 201, 204): - headers['X-Auth-Token'] = req.headers['X-Subject-Token'] - return headers - logger.warning("Waiting for Keystone...") - if time.time() - start_time == 100: - logger.error(req.text) - raise exceptions.KeystoneError - time.sleep(5) - - -def logout(headers, url=None): - if not url: - url = keystone_config['url'] - headers['X-Subject-Token'] = headers['X-Auth-Token'] - req = requests.delete("{}/auth/tokens".format(url), headers=headers, verify=keystone_config['certificate']) - if req.status_code in (200, 201, 204): - return - logger.error(req.text) - raise exceptions.KeystoneError - - -def check_token(token, url=None): - _verify = False - if keystone_config['certificate']: - _verify = keystone_config['certificate'] - try: - os.environ.pop("http_proxy") - os.environ.pop("https_proxy") - except KeyError: - pass - if not url: - url = keystone_config['url'] - headers = { - "Content-Type": "application/json", - 'X-Subject-Token': token, - 'X-Auth-Token': token, - } - if not keystone_config['check_token']: - # TODO (asteroide): must send the admin id - return "admin" if not token else token - elif keystone_config['check_token'].lower() in ("false", "no", "n"): - # TODO (asteroide): must send the admin id - return "admin" if not token else token - if keystone_config['check_token'].lower() in ("yes", "y", "true"): - if token in TOKENS: - delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime()) - if delta > 0: - return TOKENS[token]["user"] - raise exceptions.KeystoneError - else: - req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify) - if req.status_code in (200, 201): - # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete - # characters after the dot - token_time = req.json().get("token").get("expires_at").split(".") - TOKENS[token] = dict() - TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S") - TOKENS[token]["user"] = req.json().get("token").get("user").get("id") - return TOKENS[token]["user"] - logger.error("{} - {}".format(req.status_code, req.text)) - raise exceptions.KeystoneError - elif keystone_config['check_token'].lower() == "strict": - req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify) - if req.status_code in (200, 201): - return token - logger.error("{} - {}".format(req.status_code, req.text)) - raise exceptions.KeystoneError - raise exceptions.KeystoneError - - -def check_auth(function): - @wraps(function) - def wrapper(*args, **kwargs): - token = request.headers.get('X-Auth-Token') - token = check_token(token) - if not token: - raise exceptions.AuthException - user_id = kwargs.pop("user_id", token) - result = function(*args, **kwargs, user_id=user_id) - return result - return wrapper |