From 8cbf11c78259540f9a2b0661842bb82558ea2648 Mon Sep 17 00:00:00 2001 From: asteroide Date: Tue, 25 Jul 2017 17:45:50 +0200 Subject: Update to get configuration from the consul and clean the code Change-Id: I52d554132b6751cf21c7ece21233291f5de37c6c --- .../moon_interface/api/assignments.py | 6 +- moonv4/moon_interface/moon_interface/api/authz.py | 5 +- moonv4/moon_interface/moon_interface/api/data.py | 6 +- .../moon_interface/moon_interface/api/generic.py | 6 +- .../moon_interface/moon_interface/api/meta_data.py | 6 +- .../moon_interface/api/meta_rules.py | 6 +- moonv4/moon_interface/moon_interface/api/models.py | 6 +- moonv4/moon_interface/moon_interface/api/pdp.py | 6 +- .../moon_interface/moon_interface/api/perimeter.py | 6 +- .../moon_interface/moon_interface/api/policies.py | 6 +- moonv4/moon_interface/moon_interface/api/rules.py | 6 +- .../moon_interface/moon_interface/http_server.py | 43 ++---------- moonv4/moon_interface/moon_interface/server.py | 28 +++++--- moonv4/moon_interface/moon_interface/tools.py | 79 ---------------------- moonv4/moon_interface/requirements.txt | 3 +- 15 files changed, 44 insertions(+), 174 deletions(-) delete mode 100644 moonv4/moon_interface/moon_interface/tools.py diff --git a/moonv4/moon_interface/moon_interface/api/assignments.py b/moonv4/moon_interface/moon_interface/api/assignments.py index 34a0ea3f..855a9049 100644 --- a/moonv4/moon_interface/moon_interface/api/assignments.py +++ b/moonv4/moon_interface/moon_interface/api/assignments.py @@ -9,15 +9,13 @@ Assignments allow to connect data with elements of perimeter from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.2.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class SubjectAssignments(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py index d5242869..69de0f80 100644 --- a/moonv4/moon_interface/moon_interface/api/authz.py +++ b/moonv4/moon_interface/moon_interface/api/authz.py @@ -9,15 +9,12 @@ Authz is the endpoint to get authorization response from uuid import uuid4 import time from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Authz(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/data.py b/moonv4/moon_interface/moon_interface/api/data.py index e378b3d3..6d959095 100644 --- a/moonv4/moon_interface/moon_interface/api/data.py +++ b/moonv4/moon_interface/moon_interface/api/data.py @@ -9,15 +9,13 @@ Data are elements used to create rules from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.2.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class SubjectData(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py index d7afd6fb..80e8abff 100644 --- a/moonv4/moon_interface/moon_interface/api/generic.py +++ b/moonv4/moon_interface/moon_interface/api/generic.py @@ -7,16 +7,14 @@ Those API are helping API used to manage the Moon platform. """ from flask_restful import Resource, request -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call import moon_interface.api -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Status(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/meta_data.py b/moonv4/moon_interface/moon_interface/api/meta_data.py index 2f115e94..3c933759 100644 --- a/moonv4/moon_interface/moon_interface/api/meta_data.py +++ b/moonv4/moon_interface/moon_interface/api/meta_data.py @@ -9,15 +9,13 @@ Meta Data are elements used to create Meta data (skeleton of security policies) from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.2.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class SubjectCategories(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/meta_rules.py b/moonv4/moon_interface/moon_interface/api/meta_rules.py index a3648fbf..85072243 100644 --- a/moonv4/moon_interface/moon_interface/api/meta_rules.py +++ b/moonv4/moon_interface/moon_interface/api/meta_rules.py @@ -9,15 +9,13 @@ Meta rules are skeleton for security policies from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class MetaRules(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/models.py b/moonv4/moon_interface/moon_interface/api/models.py index 66e2e1d8..f905db63 100644 --- a/moonv4/moon_interface/moon_interface/api/models.py +++ b/moonv4/moon_interface/moon_interface/api/models.py @@ -8,15 +8,13 @@ Models aggregate multiple meta rules from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Models(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/pdp.py b/moonv4/moon_interface/moon_interface/api/pdp.py index 13a76bfa..5316227b 100644 --- a/moonv4/moon_interface/moon_interface/api/pdp.py +++ b/moonv4/moon_interface/moon_interface/api/pdp.py @@ -9,15 +9,13 @@ PDP are Policy Decision Point. from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class PDP(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/perimeter.py b/moonv4/moon_interface/moon_interface/api/perimeter.py index df7b6dd1..177161f6 100644 --- a/moonv4/moon_interface/moon_interface/api/perimeter.py +++ b/moonv4/moon_interface/moon_interface/api/perimeter.py @@ -10,15 +10,13 @@ from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.2.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Subjects(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/policies.py b/moonv4/moon_interface/moon_interface/api/policies.py index b9ccb4be..5a84b612 100644 --- a/moonv4/moon_interface/moon_interface/api/policies.py +++ b/moonv4/moon_interface/moon_interface/api/policies.py @@ -9,15 +9,13 @@ Policies are instances of security models and implement security policies from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Policies(Resource): diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py index 882a7d9f..1111729c 100644 --- a/moonv4/moon_interface/moon_interface/api/rules.py +++ b/moonv4/moon_interface/moon_interface/api/rules.py @@ -8,15 +8,13 @@ Rules (TODO) from flask import request from flask_restful import Resource -from oslo_config import cfg from oslo_log import log as logging from moon_utilities.security_functions import call -from moon_interface.tools import check_auth +from moon_utilities.security_functions import check_auth __version__ = "0.1.0" -LOG = logging.getLogger(__name__) -CONF = cfg.CONF +LOG = logging.getLogger("moon.interface.api." + __name__) class Rules(Resource): diff --git a/moonv4/moon_interface/moon_interface/http_server.py b/moonv4/moon_interface/moon_interface/http_server.py index b475e141..046337a2 100644 --- a/moonv4/moon_interface/moon_interface/http_server.py +++ b/moonv4/moon_interface/moon_interface/http_server.py @@ -3,12 +3,12 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from flask import Flask, request +from flask import Flask from flask_cors import CORS, cross_origin -from flask_restful import Resource, Api, reqparse +from flask_restful import Resource, Api import logging from moon_interface import __version__ -from moon_interface.api.generic import Status, Logs, API, InternalAPI +from moon_interface.api.generic import Status, Logs, API from moon_interface.api.models import Models from moon_interface.api.policies import Policies from moon_interface.api.pdp import PDP @@ -21,7 +21,7 @@ from moon_interface.api.rules import Rules from moon_interface.api.authz import Authz from moon_utilities import exceptions -logger = logging.getLogger(__name__) +logger = logging.getLogger("moon.interface.http") class Server: @@ -133,41 +133,6 @@ class HTTPServer(Server): for api in __API__: self.api.add_resource(api, *api.__urls__) - # self.api.add_resource(Status, *Status.__urls__) - # self.api.add_resource(Logs, *Logs.__urls__) - # self.api.add_resource(API, *API.__urls__) - # self.api.add_resource(InternalAPI, *InternalAPI.__urls__) - # - # self.api.add_resource(InternalAPI, *InternalAPI.__urls__) - # - # self.api.add_resource(IntraExtensions, *IntraExtensions.__urls__) - # self.api.add_resource(SubMetaRuleAlgorithm, *SubMetaRuleAlgorithm.__urls__) - # self.api.add_resource(AggregationAlgorithm, *AggregationAlgorithm.__urls__) - # - # self.api.add_resource(Templates, *Templates.__urls__) - # self.api.add_resource(SubMetaRuleAlgorithms, *SubMetaRuleAlgorithms.__urls__) - # self.api.add_resource(AggregationAlgorithms, *AggregationAlgorithms.__urls__) - # - # self.api.add_resource(Subjects, *Subjects.__urls__) - # self.api.add_resource(SubjectCategories, *SubjectCategories.__urls__) - # self.api.add_resource(SubjectScopes, *SubjectScopes.__urls__) - # self.api.add_resource(SubjectAssignments, *SubjectAssignments.__urls__) - # - # self.api.add_resource(Objects, *Objects.__urls__) - # self.api.add_resource(ObjectCategories, *ObjectCategories.__urls__) - # self.api.add_resource(ObjectScopes, *ObjectScopes.__urls__) - # self.api.add_resource(ObjectAssignments, *ObjectAssignments.__urls__) - # - # self.api.add_resource(Actions, *Actions.__urls__) - # self.api.add_resource(ActionCategories, *ActionCategories.__urls__) - # self.api.add_resource(ActionScopes, *ActionScopes.__urls__) - # self.api.add_resource(ActionAssignments, *ActionAssignments.__urls__) - # - # self.api.add_resource(Rules, *Rules.__urls__) - # self.api.add_resource(SubMetaRules, *SubMetaRules.__urls__) - # - # self.api.add_resource(Mappings, *Mappings.__urls__) - def run(self): self.app.run(debug=True, host=self._host, port=self._port) # nosec diff --git a/moonv4/moon_interface/moon_interface/server.py b/moonv4/moon_interface/moon_interface/server.py index e70cec89..711aa00a 100644 --- a/moonv4/moon_interface/moon_interface/server.py +++ b/moonv4/moon_interface/moon_interface/server.py @@ -3,22 +3,28 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -import os -from oslo_config import cfg -from oslo_log import log as logging -from moon_utilities import options # noqa +import logging +from moon_utilities import configuration, exceptions from moon_interface.http_server import HTTPServer -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_interface" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) +LOG = logging.getLogger("moon.interface") def main(): - LOG.info("Starting server with IP {} on port {}".format(CONF.interface.host, CONF.interface.port)) - server = HTTPServer(host=CONF.interface.host, port=CONF.interface.port) + configuration.init_logging() + try: + conf = configuration.get_configuration("components/interface") + LOG.debug("interface.conf={}".format(conf)) + hostname = conf["components/interface"].get("hostname", "interface") + port = conf["components/interface"].get("port", 80) + bind = conf["components/interface"].get("bind", "127.0.0.1") + except exceptions.ConsulComponentNotFound: + hostname = "interface" + bind = "127.0.0.1" + port = 80 + configuration.add_component(uuid="interface", name=hostname, port=port, bind=bind) + LOG.info("Starting server with IP {} on port {} bind to {}".format(hostname, port, bind)) + server = HTTPServer(host=bind, port=port) server.run() diff --git a/moonv4/moon_interface/moon_interface/tools.py b/moonv4/moon_interface/moon_interface/tools.py deleted file mode 100644 index 0d43a857..00000000 --- a/moonv4/moon_interface/moon_interface/tools.py +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import requests -import time -from functools import wraps -from flask import request -from oslo_config import cfg -from oslo_log import log as logging -import oslo_messaging -from moon_utilities import exceptions - - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF - -TOKENS = {} - - -def check_token(token, url=None): - _verify = False - if CONF.keystone.server_crt: - _verify = CONF.keystone.server_crt - try: - os.environ.pop("http_proxy") - os.environ.pop("https_proxy") - except KeyError: - pass - if not url: - url = CONF.keystone.url - headers = { - "Content-Type": "application/json", - 'X-Subject-Token': token, - 'X-Auth-Token': token, - } - if CONF.keystone.check_token.lower() in ("false", "no", "n"): - # TODO (asteroide): must send the admin id - return "admin" if not token else token - if CONF.keystone.check_token.lower() in ("yes", "y", "true"): - if token in TOKENS: - delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime()) - if delta > 0: - return TOKENS[token]["user"] - raise exceptions.KeystoneError - else: - req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify) - if req.status_code in (200, 201): - # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete - # characters after the dot - token_time = req.json().get("token").get("expires_at").split(".") - TOKENS[token] = dict() - TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S") - TOKENS[token]["user"] = req.json().get("token").get("user").get("id") - return TOKENS[token]["user"] - LOG.error("{} - {}".format(req.status_code, req.text)) - raise exceptions.KeystoneError - elif CONF.keystone.check_token.lower() == "strict": - req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify) - if req.status_code in (200, 201): - return token - LOG.error("{} - {}".format(req.status_code, req.text)) - raise exceptions.KeystoneError - raise exceptions.KeystoneError - - -def check_auth(function): - @wraps(function) - def wrapper(*args, **kwargs): - token = request.headers.get('X-Auth-Token') - token = check_token(token) - if not token: - raise exceptions.AuthException - user_id = kwargs.pop("user_id", token) - result = function(*args, **kwargs, user_id=user_id) - return result - return wrapper diff --git a/moonv4/moon_interface/requirements.txt b/moonv4/moon_interface/requirements.txt index d851e630..ee4b455e 100644 --- a/moonv4/moon_interface/requirements.txt +++ b/moonv4/moon_interface/requirements.txt @@ -5,4 +5,5 @@ vine flask flask_restful flask_cors -babel \ No newline at end of file +babel +moon_utilities \ No newline at end of file -- cgit 1.2.3-korg