From 9a2e6721376547244e53dbb92ea596f526a9c865 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Wed, 7 Mar 2018 10:53:41 +0100 Subject: Add Moon stub for the tempest and patrole tests. Change-Id: Icb3cc72f69636b3a99a3c7c19be3c4e407cb24dc --- external_policy_checker/Changelog | 13 + external_policy_checker/Dockerfile | 8 + external_policy_checker/README.md | 46 ++ .../conf/templates/cinder.policy.json | 99 +++++ .../conf/templates/glance.policy.json | 61 +++ .../conf/templates/keystone.policy.json | 250 +++++++++++ .../conf/templates/neutron.policy.json | 235 ++++++++++ .../conf/templates/nova.policy.json | 488 +++++++++++++++++++++ .../external_policy_checker/__init__.py | 1 + .../external_policy_checker/__main__.py | 9 + .../external_policy_checker/conf_installer.py | 83 ++++ .../external_policy_checker/server.py | 135 ++++++ external_policy_checker/requirements.txt | 1 + external_policy_checker/setup.cfg | 2 + external_policy_checker/setup.py | 47 ++ 15 files changed, 1478 insertions(+) create mode 100644 external_policy_checker/Changelog create mode 100644 external_policy_checker/Dockerfile create mode 100644 external_policy_checker/README.md create mode 100644 external_policy_checker/conf/templates/cinder.policy.json create mode 100644 external_policy_checker/conf/templates/glance.policy.json create mode 100644 external_policy_checker/conf/templates/keystone.policy.json create mode 100644 external_policy_checker/conf/templates/neutron.policy.json create mode 100644 external_policy_checker/conf/templates/nova.policy.json create mode 100644 external_policy_checker/external_policy_checker/__init__.py create mode 100644 external_policy_checker/external_policy_checker/__main__.py create mode 100644 external_policy_checker/external_policy_checker/conf_installer.py create mode 100644 external_policy_checker/external_policy_checker/server.py create mode 100644 external_policy_checker/requirements.txt create mode 100644 external_policy_checker/setup.cfg create mode 100644 external_policy_checker/setup.py diff --git a/external_policy_checker/Changelog b/external_policy_checker/Changelog new file mode 100644 index 00000000..cd4ffb7e --- /dev/null +++ b/external_policy_checker/Changelog @@ -0,0 +1,13 @@ +# Copyright 2018 Orange +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +CHANGES +======= + +1.0.0 +----- +- First version of the external_policy_checker + diff --git a/external_policy_checker/Dockerfile b/external_policy_checker/Dockerfile new file mode 100644 index 00000000..ed013935 --- /dev/null +++ b/external_policy_checker/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3 + +ADD . /root +RUN pip install -r /root/requirements.txt --upgrade +WORKDIR /root +RUN pip install . + +CMD ["python", "-m", "moon_bouchon"] \ No newline at end of file diff --git a/external_policy_checker/README.md b/external_policy_checker/README.md new file mode 100644 index 00000000..ac44af0e --- /dev/null +++ b/external_policy_checker/README.md @@ -0,0 +1,46 @@ +#External Policy Checker + +OpenStack component (like Nova, Glance, Cinder, ...) must populate 3 attributes to allow computing an authorization. +Those 3 attributes are: +- target +- credentials +- rule +In all those attributes, we must find the following information: +- In the 'credentials' attribute: + - the user ID: this is given in general by Keystone + - the project ID: this is given in general by Keystone + - as a proposal, the domain ID: this is given in general by Keystone +- In the 'target' attribute: + - the resource ID (ie nova virtual machine ID, Glance image ID, ...): this must come from the component source of the request (Nova, Glance, …) +- In the 'rule' attribute: + - the action name: this must come from the component source of the request (Nova, Glance, ) + +This server must be used to verify that all information given from OpenStack components can be retrieved in those attributes. + + +## Usage: + +### server + +To start the server locally: + + cd external_policy_checker + python3 server.py + +To start the server as a docker container: + + docker run -ti -p 8080:8080 moon_platform/external_policy_checker:latest + +### API + +Here are the API, you can request: + + POST /policy_checker + POST /authz/grant + POST /authz/deny + +The `/policy_checker` allows to check if all information can be retrieve. +The `/authz/grant` will always send a "True" response. +The `/authz/deny` will always send a "False" response. + + diff --git a/external_policy_checker/conf/templates/cinder.policy.json b/external_policy_checker/conf/templates/cinder.policy.json new file mode 100644 index 00000000..7716e00b --- /dev/null +++ b/external_policy_checker/conf/templates/cinder.policy.json @@ -0,0 +1,99 @@ +{ + + "volume:create": "{{wrapper}}", + "volume:delete": "{{wrapper}}", + "volume:get": "{{wrapper}}", + "volume:get_all": "{{wrapper}}", + "volume:get_volume_metadata": "{{wrapper}}", + "volume:delete_volume_metadata": "{{wrapper}}", + "volume:update_volume_metadata": "{{wrapper}}", + "volume:get_volume_admin_metadata": "{{wrapper}}", + "volume:update_volume_admin_metadata": "{{wrapper}}", + "volume:get_snapshot": "{{wrapper}}", + "volume:get_all_snapshots": "{{wrapper}}", + "volume:create_snapshot": "{{wrapper}}", + "volume:delete_snapshot": "{{wrapper}}", + "volume:update_snapshot": "{{wrapper}}", + "volume:extend": "{{wrapper}}", + "volume:update_readonly_flag": "{{wrapper}}", + "volume:retype": "{{wrapper}}", + "volume:update": "{{wrapper}}", + + "volume_extension:types_manage": "{{wrapper}}", + "volume_extension:types_extra_specs": "{{wrapper}}", + "volume_extension:access_types_qos_specs_id": "{{wrapper}}", + "volume_extension:access_types_extra_specs": "{{wrapper}}", + "volume_extension:volume_type_access": "{{wrapper}}", + "volume_extension:volume_type_access:addProjectAccess": "{{wrapper}}", + "volume_extension:volume_type_access:removeProjectAccess": "{{wrapper}}", + "volume_extension:volume_type_encryption": "{{wrapper}}", + "volume_extension:volume_encryption_metadata": "{{wrapper}}", + "volume_extension:extended_snapshot_attributes": "{{wrapper}}", + "volume_extension:volume_image_metadata": "{{wrapper}}", + + "volume_extension:quotas:show": "{{wrapper}}", + "volume_extension:quotas:update": "{{wrapper}}", + "volume_extension:quotas:delete": "{{wrapper}}", + "volume_extension:quota_classes": "{{wrapper}}", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "{{wrapper}}", + + "volume_extension:volume_admin_actions:reset_status": "{{wrapper}}", + "volume_extension:snapshot_admin_actions:reset_status": "{{wrapper}}", + "volume_extension:backup_admin_actions:reset_status": "{{wrapper}}", + "volume_extension:volume_admin_actions:force_delete": "{{wrapper}}", + "volume_extension:volume_admin_actions:force_detach": "{{wrapper}}", + "volume_extension:snapshot_admin_actions:force_delete": "{{wrapper}}", + "volume_extension:backup_admin_actions:force_delete": "{{wrapper}}", + "volume_extension:volume_admin_actions:migrate_volume": "{{wrapper}}", + "volume_extension:volume_admin_actions:migrate_volume_completion": "{{wrapper}}", + + "volume_extension:volume_host_attribute": "{{wrapper}}", + "volume_extension:volume_tenant_attribute": "{{wrapper}}", + "volume_extension:volume_mig_status_attribute": "{{wrapper}}", + "volume_extension:hosts": "{{wrapper}}", + "volume_extension:services:index": "{{wrapper}}", + "volume_extension:services:update" : "{{wrapper}}", + + "volume_extension:volume_manage": "{{wrapper}}", + "volume_extension:volume_unmanage": "{{wrapper}}", + + "volume_extension:capabilities": "{{wrapper}}", + + "volume:create_transfer": "{{wrapper}}", + "volume:accept_transfer": "{{wrapper}}", + "volume:delete_transfer": "{{wrapper}}", + "volume:get_all_transfers": "{{wrapper}}", + + "volume_extension:replication:promote": "{{wrapper}}", + "volume_extension:replication:reenable": "{{wrapper}}", + + "volume:enable_replication": "{{wrapper}}", + "volume:disable_replication": "{{wrapper}}", + "volume:failover_replication": "{{wrapper}}", + "volume:list_replication_targets": "{{wrapper}}", + + "backup:create" : "{{wrapper}}", + "backup:delete": "{{wrapper}}", + "backup:get": "{{wrapper}}", + "backup:get_all": "{{wrapper}}", + "backup:restore": "{{wrapper}}", + "backup:backup-import": "{{wrapper}}", + "backup:backup-export": "{{wrapper}}", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "{{wrapper}}", + "snapshot_extension:snapshot_manage": "{{wrapper}}", + "snapshot_extension:snapshot_unmanage": "{{wrapper}}", + + "consistencygroup:create" : "{{wrapper}}", + "consistencygroup:delete": "{{wrapper}}", + "consistencygroup:update": "{{wrapper}}", + "consistencygroup:get": "{{wrapper}}", + "consistencygroup:get_all": "{{wrapper}}", + + "consistencygroup:create_cgsnapshot" : "{{wrapper}}", + "consistencygroup:delete_cgsnapshot": "{{wrapper}}", + "consistencygroup:get_cgsnapshot": "{{wrapper}}", + "consistencygroup:get_all_cgsnapshots": "{{wrapper}}", + + "scheduler_extension:scheduler_stats:get_pools" : "{{wrapper}}" +} diff --git a/external_policy_checker/conf/templates/glance.policy.json b/external_policy_checker/conf/templates/glance.policy.json new file mode 100644 index 00000000..ec79d381 --- /dev/null +++ b/external_policy_checker/conf/templates/glance.policy.json @@ -0,0 +1,61 @@ +{ + + "add_image": "{{wrapper}}", + "delete_image": "{{wrapper}}", + "get_image": "{{wrapper}}", + "get_images": "{{wrapper}}", + "modify_image": "{{wrapper}}", + "publicize_image": "{{wrapper}}", + "communitize_image": "{{wrapper}}", + "copy_from": "{{wrapper}}", + + "download_image": "{{wrapper}}", + "upload_image": "{{wrapper}}", + + "delete_image_location": "{{wrapper}}", + "get_image_location": "{{wrapper}}", + "set_image_location": "{{wrapper}}", + + "add_member": "{{wrapper}}", + "delete_member": "{{wrapper}}", + "get_member": "{{wrapper}}", + "get_members": "{{wrapper}}", + "modify_member": "{{wrapper}}", + + "manage_image_cache": "{{wrapper}}", + + "get_task": "{{wrapper}}", + "get_tasks": "{{wrapper}}", + "add_task": "{{wrapper}}", + "modify_task": "{{wrapper}}", + "tasks_api_access": "{{wrapper}}", + + "deactivate": "{{wrapper}}", + "reactivate": "{{wrapper}}", + + "get_metadef_namespace": "{{wrapper}}", + "get_metadef_namespaces":"{{wrapper}}", + "modify_metadef_namespace":"{{wrapper}}", + "add_metadef_namespace":"{{wrapper}}", + + "get_metadef_object":"{{wrapper}}", + "get_metadef_objects":"{{wrapper}}", + "modify_metadef_object":"{{wrapper}}", + "add_metadef_object":"{{wrapper}}", + + "list_metadef_resource_types":"{{wrapper}}", + "get_metadef_resource_type":"{{wrapper}}", + "add_metadef_resource_type_association":"{{wrapper}}", + + "get_metadef_property":"{{wrapper}}", + "get_metadef_properties":"{{wrapper}}", + "modify_metadef_property":"{{wrapper}}", + "add_metadef_property":"{{wrapper}}", + + "get_metadef_tag":"{{wrapper}}", + "get_metadef_tags":"{{wrapper}}", + "modify_metadef_tag":"{{wrapper}}", + "add_metadef_tag":"{{wrapper}}", + "add_metadef_tags":"{{wrapper}}" + +} diff --git a/external_policy_checker/conf/templates/keystone.policy.json b/external_policy_checker/conf/templates/keystone.policy.json new file mode 100644 index 00000000..7fc967d5 --- /dev/null +++ b/external_policy_checker/conf/templates/keystone.policy.json @@ -0,0 +1,250 @@ +{ + + "identity:get_region": "{{wrapper}}", + "identity:list_regions": "{{wrapper}}", + "identity:create_region": "{{wrapper}}", + "identity:update_region": "{{wrapper}}", + "identity:delete_region": "{{wrapper}}", + + "identity:get_service": "{{wrapper}}", + "identity:list_services": "{{wrapper}}", + "identity:create_service": "{{wrapper}}", + "identity:update_service": "{{wrapper}}", + "identity:delete_service": "{{wrapper}}", + + "identity:get_endpoint": "{{wrapper}}", + "identity:list_endpoints": "{{wrapper}}", + "identity:create_endpoint": "{{wrapper}}", + "identity:update_endpoint": "{{wrapper}}", + "identity:delete_endpoint": "{{wrapper}}", + + "identity:get_registered_limit": "{{wrapper}}", + "identity:list_registered_limits": "{{wrapper}}", + "identity:create_registered_limits": "{{wrapper}}", + "identity:update_registered_limits": "{{wrapper}}", + "identity:delete_registered_limit": "{{wrapper}}", + + "identity:get_limit": "{{wrapper}}", + "identity:list_limits": "{{wrapper}}", + "identity:create_limits": "{{wrapper}}", + "identity:update_limits": "{{wrapper}}", + "identity:delete_limit": "{{wrapper}}", + + "identity:get_domain": "{{wrapper}}", + "identity:list_domains": "{{wrapper}}", + "identity:create_domain": "{{wrapper}}", + "identity:update_domain": "{{wrapper}}", + "identity:delete_domain": "{{wrapper}}", + + "admin_and_matching_target_project_domain_id": "{{wrapper}}", + "admin_and_matching_project_domain_id": "{{wrapper}}", + "identity:get_project": "{{wrapper}}", + "identity:list_projects": "{{wrapper}}", + "identity:list_user_projects": "{{wrapper}}", + "identity:create_project": "{{wrapper}}", + "identity:update_project": "{{wrapper}}", + "identity:delete_project": "{{wrapper}}", + "identity:create_project_tag": "{{wrapper}}", + "identity:delete_project_tag": "{{wrapper}}", + "identity:get_project_tag": "{{wrapper}}", + "identity:list_project_tags": "{{wrapper}}", + "identity:delete_project_tags": "{{wrapper}}", + "identity:update_project_tags": "{{wrapper}}", + + "admin_and_matching_target_user_domain_id": "{{wrapper}}", + "admin_and_matching_user_domain_id": "{{wrapper}}", + "identity:get_user": "{{wrapper}}", + "identity:list_users": "{{wrapper}}", + "identity:create_user": "{{wrapper}}", + "identity:update_user": "{{wrapper}}", + "identity:delete_user": "{{wrapper}}", + + "admin_and_matching_target_group_domain_id": "{{wrapper}}", + "admin_and_matching_group_domain_id": "{{wrapper}}", + "identity:get_group": "{{wrapper}}", + "identity:list_groups": "{{wrapper}}", + "identity:list_groups_for_user": "{{wrapper}}", + "identity:create_group": "{{wrapper}}", + "identity:update_group": "{{wrapper}}", + "identity:delete_group": "{{wrapper}}", + "identity:list_users_in_group": "{{wrapper}}", + "identity:remove_user_from_group": "{{wrapper}}", + "identity:check_user_in_group": "{{wrapper}}", + "identity:add_user_to_group": "{{wrapper}}", + + "identity:get_credential": "{{wrapper}}", + "identity:list_credentials": "{{wrapper}}", + "identity:create_credential": "{{wrapper}}", + "identity:update_credential": "{{wrapper}}", + "identity:delete_credential": "{{wrapper}}", + + "identity:ec2_get_credential": "{{wrapper}}", + "identity:ec2_list_credentials": "{{wrapper}}", + "identity:ec2_create_credential": "{{wrapper}}", + "identity:ec2_delete_credential": "{{wrapper}}", + + "identity:get_role": "{{wrapper}}", + "identity:list_roles": "{{wrapper}}", + "identity:create_role": "{{wrapper}}", + "identity:update_role": "{{wrapper}}", + "identity:delete_role": "{{wrapper}}", + + "identity:get_domain_role": "{{wrapper}}", + "identity:list_domain_roles": "{{wrapper}}", + "identity:create_domain_role": "{{wrapper}}", + "identity:update_domain_role": "{{wrapper}}", + "identity:delete_domain_role": "{{wrapper}}", + "domain_admin_matches_domain_role": "{{wrapper}}", + "get_domain_roles": "{{wrapper}}", + "domain_admin_matches_target_domain_role": "{{wrapper}}", + "project_admin_matches_target_domain_role": "{{wrapper}}", + "list_domain_roles": "{{wrapper}}", + "domain_admin_matches_filter_on_list_domain_roles": "{{wrapper}}", + "project_admin_matches_filter_on_list_domain_roles": "{{wrapper}}", + "admin_and_matching_prior_role_domain_id": "{{wrapper}}", + "implied_role_matches_prior_role_domain_or_global": "{{wrapper}}", + + "identity:get_implied_role": "{{wrapper}}", + "identity:list_implied_roles": "{{wrapper}}", + "identity:create_implied_role": "{{wrapper}}", + "identity:delete_implied_role": "{{wrapper}}", + "identity:list_role_inference_rules": "{{wrapper}}", + "identity:check_implied_role": "{{wrapper}}", + + "identity:list_system_grants_for_user": "{{wrapper}}", + "identity:check_system_grant_for_user": "{{wrapper}}", + "identity:create_system_grant_for_user": "{{wrapper}}", + "identity:revoke_system_grant_for_user": "{{wrapper}}", + + "identity:list_system_grants_for_group": "{{wrapper}}", + "identity:check_system_grant_for_group": "{{wrapper}}", + "identity:create_system_grant_for_group": "{{wrapper}}", + "identity:revoke_system_grant_for_group": "{{wrapper}}", + + "identity:check_grant": "{{wrapper}}", + "identity:list_grants": "{{wrapper}}", + "identity:create_grant": "{{wrapper}}", + "identity:revoke_grant": "{{wrapper}}", + "domain_admin_for_grants": "{{wrapper}}", + "domain_admin_for_global_role_grants": "{{wrapper}}", + "domain_admin_for_domain_role_grants": "{{wrapper}}", + "domain_admin_grant_match": "{{wrapper}}", + "project_admin_for_grants": "{{wrapper}}", + "project_admin_for_global_role_grants": "{{wrapper}}", + "project_admin_for_domain_role_grants": "{{wrapper}}", + "domain_admin_for_list_grants": "{{wrapper}}", + "project_admin_for_list_grants": "{{wrapper}}", + + "admin_on_domain_filter": "{{wrapper}}", + "admin_on_project_filter": "{{wrapper}}", + "admin_on_domain_of_project_filter": "{{wrapper}}", + "identity:list_role_assignments": "{{wrapper}}", + "identity:list_role_assignments_for_tree": "{{wrapper}}", + "identity:get_policy": "{{wrapper}}", + "identity:list_policies": "{{wrapper}}", + "identity:create_policy": "{{wrapper}}", + "identity:update_policy": "{{wrapper}}", + "identity:delete_policy": "{{wrapper}}", + + "identity:check_token": "{{wrapper}}", + "identity:validate_token": "{{wrapper}}", + "identity:validate_token_head": "{{wrapper}}", + "identity:revocation_list": "{{wrapper}}", + "identity:revoke_token": "{{wrapper}}", + + "identity:create_trust": "{{wrapper}}", + "identity:list_trusts": "{{wrapper}}", + "identity:list_roles_for_trust": "{{wrapper}}", + "identity:get_role_for_trust": "{{wrapper}}", + "identity:delete_trust": "{{wrapper}}", + "identity:get_trust": "{{wrapper}}", + + "identity:create_consumer": "{{wrapper}}", + "identity:get_consumer": "{{wrapper}}", + "identity:list_consumers": "{{wrapper}}", + "identity:delete_consumer": "{{wrapper}}", + "identity:update_consumer": "{{wrapper}}", + + "identity:authorize_request_token": "{{wrapper}}", + "identity:list_access_token_roles": "{{wrapper}}", + "identity:get_access_token_role": "{{wrapper}}", + "identity:list_access_tokens": "{{wrapper}}", + "identity:get_access_token": "{{wrapper}}", + "identity:delete_access_token": "{{wrapper}}", + + "identity:list_projects_for_endpoint": "{{wrapper}}", + "identity:add_endpoint_to_project": "{{wrapper}}", + "identity:check_endpoint_in_project": "{{wrapper}}", + "identity:list_endpoints_for_project": "{{wrapper}}", + "identity:remove_endpoint_from_project": "{{wrapper}}", + + "identity:create_endpoint_group": "{{wrapper}}", + "identity:list_endpoint_groups": "{{wrapper}}", + "identity:get_endpoint_group": "{{wrapper}}", + "identity:update_endpoint_group": "{{wrapper}}", + "identity:delete_endpoint_group": "{{wrapper}}", + "identity:list_projects_associated_with_endpoint_group": "{{wrapper}}", + "identity:list_endpoints_associated_with_endpoint_group": "{{wrapper}}", + "identity:get_endpoint_group_in_project": "{{wrapper}}", + "identity:list_endpoint_groups_for_project": "{{wrapper}}", + "identity:add_endpoint_group_to_project": "{{wrapper}}", + "identity:remove_endpoint_group_from_project": "{{wrapper}}", + + "identity:create_identity_provider": "{{wrapper}}", + "identity:list_identity_providers": "{{wrapper}}", + "identity:get_identity_provider": "{{wrapper}}", + "identity:update_identity_provider": "{{wrapper}}", + "identity:delete_identity_provider": "{{wrapper}}", + + "identity:create_protocol": "{{wrapper}}", + "identity:update_protocol": "{{wrapper}}", + "identity:get_protocol": "{{wrapper}}", + "identity:list_protocols": "{{wrapper}}", + "identity:delete_protocol": "{{wrapper}}", + + "identity:create_mapping": "{{wrapper}}", + "identity:get_mapping": "{{wrapper}}", + "identity:list_mappings": "{{wrapper}}", + "identity:delete_mapping": "{{wrapper}}", + "identity:update_mapping": "{{wrapper}}", + + "identity:create_service_provider": "{{wrapper}}", + "identity:list_service_providers": "{{wrapper}}", + "identity:get_service_provider": "{{wrapper}}", + "identity:update_service_provider": "{{wrapper}}", + "identity:delete_service_provider": "{{wrapper}}", + + "identity:get_auth_catalog": "{{wrapper}}", + "identity:get_auth_projects": "{{wrapper}}", + "identity:get_auth_domains": "{{wrapper}}", + "identity:get_auth_system": "{{wrapper}}", + + "identity:list_projects_for_user": "{{wrapper}}", + "identity:list_domains_for_user": "{{wrapper}}", + + "identity:list_revoke_events": "{{wrapper}}", + + "identity:create_policy_association_for_endpoint": "{{wrapper}}", + "identity:check_policy_association_for_endpoint": "{{wrapper}}", + "identity:delete_policy_association_for_endpoint": "{{wrapper}}", + "identity:create_policy_association_for_service": "{{wrapper}}", + "identity:check_policy_association_for_service": "{{wrapper}}", + "identity:delete_policy_association_for_service": "{{wrapper}}", + "identity:create_policy_association_for_region_and_service": "{{wrapper}}", + "identity:check_policy_association_for_region_and_service": "{{wrapper}}", + "identity:delete_policy_association_for_region_and_service": "{{wrapper}}", + "identity:get_policy_for_endpoint": "{{wrapper}}", + "identity:list_endpoints_for_policy": "{{wrapper}}", + + "identity:create_domain_config": "{{wrapper}}", + "identity:get_domain_config": "{{wrapper}}", + "identity:get_security_compliance_domain_config": "{{wrapper}}", + "identity:update_domain_config": "{{wrapper}}", + "identity:delete_domain_config": "{{wrapper}}", + "identity:get_domain_config_default": "{{wrapper}}", + + "identity:get_application_credential": "{{wrapper}}", + "identity:list_application_credentials": "{{wrapper}}", + "identity:create_application_credential": "{{wrapper}}", + "identity:delete_application_credential": "{{wrapper}}", +} diff --git a/external_policy_checker/conf/templates/neutron.policy.json b/external_policy_checker/conf/templates/neutron.policy.json new file mode 100644 index 00000000..d0ab0b63 --- /dev/null +++ b/external_policy_checker/conf/templates/neutron.policy.json @@ -0,0 +1,235 @@ +{ + "context_is_admin": "role:admin or user_name:neutron", + "owner": "{{wrapper}}", + "admin_or_owner": "{{wrapper}}", + "context_is_advsvc": "role:advsvc", + "admin_or_network_owner": "{{wrapper}}", + "admin_owner_or_network_owner": "{{wrapper}}", + "admin_only": "{{wrapper}}", + "regular_user": "{{wrapper}}", + "admin_or_data_plane_int": "{{wrapper}}", + "shared": "{{wrapper}}", + "shared_subnetpools": "{{wrapper}}", + "shared_address_scopes": "{{wrapper}}", + "external": "{{wrapper}}", + "default": "{{wrapper}}", + + "create_subnet": "{{wrapper}}", + "create_subnet:segment_id": "{{wrapper}}", + "create_subnet:service_types": "{{wrapper}}", + "get_subnet": "{{wrapper}}", + "get_subnet:segment_id": "{{wrapper}}", + "update_subnet": "{{wrapper}}", + "update_subnet:service_types": "{{wrapper}}", + "delete_subnet": "{{wrapper}}", + + "create_subnetpool": "{{wrapper}}", + "create_subnetpool:shared": "{{wrapper}}", + "create_subnetpool:is_default": "{{wrapper}}", + "get_subnetpool": "{{wrapper}}", + "update_subnetpool": "{{wrapper}}", + "update_subnetpool:is_default": "{{wrapper}}", + "delete_subnetpool": "{{wrapper}}", + + "create_address_scope": "{{wrapper}}", + "create_address_scope:shared": "{{wrapper}}", + "get_address_scope": "{{wrapper}}", + "update_address_scope": "{{wrapper}}", + "update_address_scope:shared": "{{wrapper}}", + "delete_address_scope": "{{wrapper}}", + + "create_network": "{{wrapper}}", + "get_network": "{{wrapper}}", + "get_network:router:external": "{{wrapper}}", + "get_network:segments": "{{wrapper}}", + "get_network:provider:network_type": "{{wrapper}}", + "get_network:provider:physical_network": "{{wrapper}}", + "get_network:provider:segmentation_id": "{{wrapper}}", + "get_network:queue_id": "{{wrapper}}", + "get_network_ip_availabilities": "{{wrapper}}", + "get_network_ip_availability": "{{wrapper}}", + "create_network:shared": "{{wrapper}}", + "create_network:router:external": "{{wrapper}}", + "create_network:is_default": "{{wrapper}}", + "create_network:segments": "{{wrapper}}", + "create_network:provider:network_type": "{{wrapper}}", + "create_network:provider:physical_network": "{{wrapper}}", + "create_network:provider:segmentation_id": "{{wrapper}}", + "update_network": "{{wrapper}}", + "update_network:segments": "{{wrapper}}", + "update_network:shared": "{{wrapper}}", + "update_network:provider:network_type": "{{wrapper}}", + "update_network:provider:physical_network": "{{wrapper}}", + "update_network:provider:segmentation_id": "{{wrapper}}", + "update_network:router:external": "{{wrapper}}", + "delete_network": "{{wrapper}}", + + "create_segment": "{{wrapper}}", + "get_segment": "{{wrapper}}", + "update_segment": "{{wrapper}}", + "delete_segment": "{{wrapper}}", + + "network_device": "{{wrapper}}", + "create_port": "{{wrapper}}", + "create_port:device_owner": "{{wrapper}}", + "create_port:mac_address": "{{wrapper}}", + "create_port:fixed_ips:ip_address": "{{wrapper}}", + "create_port:fixed_ips:subnet_id": "{{wrapper}}", + "create_port:port_security_enabled": "{{wrapper}}", + "create_port:binding:host_id": "{{wrapper}}", + "create_port:binding:profile": "{{wrapper}}", + "create_port:mac_learning_enabled": "{{wrapper}}", + "create_port:allowed_address_pairs": "{{wrapper}}", + "get_port": "{{wrapper}}", + "get_port:queue_id": "{{wrapper}}", + "get_port:binding:vif_type": "{{wrapper}}", + "get_port:binding:vif_details": "{{wrapper}}", + "get_port:binding:host_id": "{{wrapper}}", + "get_port:binding:profile": "{{wrapper}}", + "update_port": "{{wrapper}}", + "update_port:device_owner": "{{wrapper}}", + "update_port:mac_address": "{{wrapper}}", + "update_port:fixed_ips:ip_address": "{{wrapper}}", + "update_port:fixed_ips:subnet_id": "{{wrapper}}", + "update_port:port_security_enabled": "{{wrapper}}", + "update_port:binding:host_id": "{{wrapper}}", + "update_port:binding:profile": "{{wrapper}}", + "update_port:mac_learning_enabled": "{{wrapper}}", + "update_port:allowed_address_pairs": "{{wrapper}}", + "update_port:data_plane_status": "{{wrapper}}", + "delete_port": "{{wrapper}}", + + "get_router:ha": "{{wrapper}}", + "create_router": "{{wrapper}}", + "create_router:external_gateway_info:enable_snat": "{{wrapper}}", + "create_router:distributed": "{{wrapper}}", + "create_router:ha": "{{wrapper}}", + "get_router": "{{wrapper}}", + "get_router:distributed": "{{wrapper}}", + "update_router": "{{wrapper}}", + "update_router:external_gateway_info": "{{wrapper}}", + "update_router:external_gateway_info:network_id": "{{wrapper}}", + "update_router:external_gateway_info:enable_snat": "{{wrapper}}", + "update_router:distributed": "{{wrapper}}", + "update_router:ha": "{{wrapper}}", + "delete_router": "{{wrapper}}", + + "add_router_interface": "{{wrapper}}", + "remove_router_interface": "{{wrapper}}", + + "create_router:external_gateway_info:external_fixed_ips": "{{wrapper}}", + "update_router:external_gateway_info:external_fixed_ips": "{{wrapper}}", + + "create_qos_queue": "{{wrapper}}", + "get_qos_queue": "{{wrapper}}", + + "update_agent": "{{wrapper}}", + "delete_agent": "{{wrapper}}", + "get_agent": "{{wrapper}}", + + "create_dhcp-network": "{{wrapper}}", + "delete_dhcp-network": "{{wrapper}}", + "get_dhcp-networks": "{{wrapper}}", + "create_l3-router": "{{wrapper}}", + "delete_l3-router": "{{wrapper}}", + "get_l3-routers": "{{wrapper}}", + "get_dhcp-agents": "{{wrapper}}", + "get_l3-agents": "{{wrapper}}", + "get_loadbalancer-agent": "{{wrapper}}", + "get_loadbalancer-pools": "{{wrapper}}", + "get_agent-loadbalancers": "{{wrapper}}", + "get_loadbalancer-hosting-agent": "{{wrapper}}", + + "create_floatingip": "{{wrapper}}", + "create_floatingip:floating_ip_address": "{{wrapper}}", + "update_floatingip": "{{wrapper}}", + "delete_floatingip": "{{wrapper}}", + "get_floatingip": "{{wrapper}}", + + "create_network_profile": "{{wrapper}}", + "update_network_profile": "{{wrapper}}", + "delete_network_profile": "{{wrapper}}", + "get_network_profiles": "{{wrapper}}", + "get_network_profile": "{{wrapper}}", + "update_policy_profiles": "{{wrapper}}", + "get_policy_profiles": "{{wrapper}}", + "get_policy_profile": "{{wrapper}}", + + "create_metering_label": "{{wrapper}}", + "delete_metering_label": "{{wrapper}}", + "get_metering_label": "{{wrapper}}", + + "create_metering_label_rule": "{{wrapper}}", + "delete_metering_label_rule": "{{wrapper}}", + "get_metering_label_rule": "{{wrapper}}", + + "get_service_provider": "{{wrapper}}", + "get_lsn": "{{wrapper}}", + "create_lsn": "{{wrapper}}", + + "create_flavor": "{{wrapper}}", + "update_flavor": "{{wrapper}}", + "delete_flavor": "{{wrapper}}", + "get_flavors": "{{wrapper}}", + "get_flavor": "{{wrapper}}", + "create_service_profile": "{{wrapper}}", + "update_service_profile": "{{wrapper}}", + "delete_service_profile": "{{wrapper}}", + "get_service_profiles": "{{wrapper}}", + "get_service_profile": "{{wrapper}}", + + "get_policy": "{{wrapper}}", + "create_policy": "{{wrapper}}", + "update_policy": "{{wrapper}}", + "delete_policy": "{{wrapper}}", + "get_policy_bandwidth_limit_rule": "{{wrapper}}", + "create_policy_bandwidth_limit_rule": "{{wrapper}}", + "delete_policy_bandwidth_limit_rule": "{{wrapper}}", + "update_policy_bandwidth_limit_rule": "{{wrapper}}", + "get_policy_dscp_marking_rule": "{{wrapper}}", + "create_policy_dscp_marking_rule": "{{wrapper}}", + "delete_policy_dscp_marking_rule": "{{wrapper}}", + "update_policy_dscp_marking_rule": "{{wrapper}}", + "get_rule_type": "{{wrapper}}", + "get_policy_minimum_bandwidth_rule": "{{wrapper}}", + "create_policy_minimum_bandwidth_rule": "{{wrapper}}", + "delete_policy_minimum_bandwidth_rule": "{{wrapper}}", + "update_policy_minimum_bandwidth_rule": "{{wrapper}}", + + "restrict_wildcard": "{{wrapper}}", + "create_rbac_policy": "{{wrapper}}", + "create_rbac_policy:target_tenant": "{{wrapper}}", + "update_rbac_policy": "{{wrapper}}", + "update_rbac_policy:target_tenant": "{{wrapper}}", + "get_rbac_policy": "{{wrapper}}", + "delete_rbac_policy": "{{wrapper}}", + + "create_flavor_service_profile": "{{wrapper}}", + "delete_flavor_service_profile": "{{wrapper}}", + "get_flavor_service_profile": "{{wrapper}}", + "get_auto_allocated_topology": "{{wrapper}}", + + "create_trunk": "{{wrapper}}", + "get_trunk": "{{wrapper}}", + "delete_trunk": "{{wrapper}}", + "get_subports": "{{wrapper}}", + "add_subports": "{{wrapper}}", + "remove_subports": "{{wrapper}}", + + "get_security_groups": "{{wrapper}}", + "get_security_group": "{{wrapper}}", + "create_security_group": "{{wrapper}}", + "update_security_group": "{{wrapper}}", + "delete_security_group": "{{wrapper}}", + "get_security_group_rules": "{{wrapper}}", + "get_security_group_rule": "{{wrapper}}", + "create_security_group_rule": "{{wrapper}}", + "delete_security_group_rule": "{{wrapper}}", + + "get_loggable_resources": "{{wrapper}}", + "create_log": "{{wrapper}}", + "update_log": "{{wrapper}}", + "delete_log": "{{wrapper}}", + "get_logs": "{{wrapper}}", + "get_log": "{{wrapper}}", +} diff --git a/external_policy_checker/conf/templates/nova.policy.json b/external_policy_checker/conf/templates/nova.policy.json new file mode 100644 index 00000000..e5de675f --- /dev/null +++ b/external_policy_checker/conf/templates/nova.policy.json @@ -0,0 +1,488 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "{{wrapper}}", + + "cells_scheduler_filter:TargetCellFilter": "{{wrapper}}", + + "compute:create": "{{wrapper}}", + "compute:create:attach_network": "{{wrapper}}", + "compute:create:attach_volume": "{{wrapper}}", + "compute:create:forced_host": "{{wrapper}}", + + "compute:get": "{{wrapper}}", + "compute:get_all": "{{wrapper}}", + "compute:get_all_tenants": "{{wrapper}}", + + "compute:update": "{{wrapper}}", + + "compute:get_instance_metadata": "{{wrapper}}", + "compute:get_all_instance_metadata": "{{wrapper}}", + "compute:get_all_instance_system_metadata": "{{wrapper}}", + "compute:update_instance_metadata": "{{wrapper}}", + "compute:delete_instance_metadata": "{{wrapper}}", + + "compute:get_instance_faults": "{{wrapper}}", + "compute:get_diagnostics": "{{wrapper}}", + "compute:get_instance_diagnostics": "{{wrapper}}", + + "compute:start": "{{wrapper}}", + "compute:stop": "{{wrapper}}", + + "compute:get_lock": "{{wrapper}}", + "compute:lock": "{{wrapper}}", + "compute:unlock": "{{wrapper}}", + "compute:unlock_override": "{{wrapper}}", + + "compute:get_vnc_console": "{{wrapper}}", + "compute:get_spice_console": "{{wrapper}}", + "compute:get_rdp_console": "{{wrapper}}", + "compute:get_serial_console": "{{wrapper}}", + "compute:get_mks_console": "{{wrapper}}", + "compute:get_console_output": "{{wrapper}}", + + "compute:reset_network": "{{wrapper}}", + "compute:inject_network_info": "{{wrapper}}", + "compute:add_fixed_ip": "{{wrapper}}", + "compute:remove_fixed_ip": "{{wrapper}}", + + "compute:attach_volume": "{{wrapper}}", + "compute:detach_volume": "{{wrapper}}", + "compute:swap_volume": "{{wrapper}}", + + "compute:attach_interface": "{{wrapper}}", + "compute:detach_interface": "{{wrapper}}", + + "compute:set_admin_password": "{{wrapper}}", + + "compute:rescue": "{{wrapper}}", + "compute:unrescue": "{{wrapper}}", + + "compute:suspend": "{{wrapper}}", + "compute:resume": "{{wrapper}}", + + "compute:pause": "{{wrapper}}", + "compute:unpause": "{{wrapper}}", + + "compute:shelve": "{{wrapper}}", + "compute:shelve_offload": "{{wrapper}}", + "compute:unshelve": "{{wrapper}}", + + "compute:snapshot": "{{wrapper}}", + "compute:snapshot_volume_backed": "{{wrapper}}", + "compute:backup": "{{wrapper}}", + + "compute:resize": "{{wrapper}}", + "compute:confirm_resize": "{{wrapper}}", + "compute:revert_resize": "{{wrapper}}", + + "compute:rebuild": "{{wrapper}}", + "compute:reboot": "{{wrapper}}", + "compute:delete": "{{wrapper}}", + "compute:soft_delete": "{{wrapper}}", + "compute:force_delete": "{{wrapper}}", + + "compute:security_groups:add_to_instance": "{{wrapper}}", + "compute:security_groups:remove_from_instance": "{{wrapper}}", + + "compute:delete": "{{wrapper}}", + "compute:soft_delete": "{{wrapper}}", + "compute:force_delete": "{{wrapper}}", + "compute:restore": "{{wrapper}}", + + "compute:volume_snapshot_create": "{{wrapper}}", + "compute:volume_snapshot_delete": "{{wrapper}}", + + "admin_api": "{{wrapper}}", + "compute_extension:accounts": "{{wrapper}}", + "compute_extension:admin_actions": "{{wrapper}}", + "compute_extension:admin_actions:pause": "{{wrapper}}", + "compute_extension:admin_actions:unpause": "{{wrapper}}", + "compute_extension:admin_actions:suspend": "{{wrapper}}", + "compute_extension:admin_actions:resume": "{{wrapper}}", + "compute_extension:admin_actions:lock": "{{wrapper}}", + "compute_extension:admin_actions:unlock": "{{wrapper}}", + "compute_extension:admin_actions:resetNetwork": "{{wrapper}}", + "compute_extension:admin_actions:injectNetworkInfo": "{{wrapper}}", + "compute_extension:admin_actions:createBackup": "{{wrapper}}", + "compute_extension:admin_actions:migrateLive": "{{wrapper}}", + "compute_extension:admin_actions:resetState": "{{wrapper}}", + "compute_extension:admin_actions:migrate": "{{wrapper}}", + "compute_extension:aggregates": "{{wrapper}}", + "compute_extension:agents": "{{wrapper}}", + "compute_extension:attach_interfaces": "{{wrapper}}", + "compute_extension:baremetal_nodes": "{{wrapper}}", + "compute_extension:cells": "{{wrapper}}", + "compute_extension:cells:create": "{{wrapper}}", + "compute_extension:cells:delete": "{{wrapper}}", + "compute_extension:cells:update": "{{wrapper}}", + "compute_extension:cells:sync_instances": "{{wrapper}}", + "compute_extension:certificates": "{{wrapper}}", + "compute_extension:cloudpipe": "{{wrapper}}", + "compute_extension:cloudpipe_update": "{{wrapper}}", + "compute_extension:config_drive": "{{wrapper}}", + "compute_extension:console_output": "{{wrapper}}", + "compute_extension:consoles": "{{wrapper}}", + "compute_extension:createserverext": "{{wrapper}}", + "compute_extension:deferred_delete": "{{wrapper}}", + "compute_extension:disk_config": "{{wrapper}}", + "compute_extension:evacuate": "{{wrapper}}", + "compute_extension:extended_server_attributes": "{{wrapper}}", + "compute_extension:extended_status": "{{wrapper}}", + "compute_extension:extended_availability_zone": "{{wrapper}}", + "compute_extension:extended_ips": "{{wrapper}}", + "compute_extension:extended_ips_mac": "{{wrapper}}", + "compute_extension:extended_vif_net": "{{wrapper}}", + "compute_extension:extended_volumes": "{{wrapper}}", + "compute_extension:fixed_ips": "{{wrapper}}", + "compute_extension:flavor_access": "{{wrapper}}", + "compute_extension:flavor_access:addTenantAccess": "{{wrapper}}", + "compute_extension:flavor_access:removeTenantAccess": "{{wrapper}}", + "compute_extension:flavor_disabled": "{{wrapper}}", + "compute_extension:flavor_rxtx": "{{wrapper}}", + "compute_extension:flavor_swap": "{{wrapper}}", + "compute_extension:flavorextradata": "{{wrapper}}", + "compute_extension:flavorextraspecs:index": "{{wrapper}}", + "compute_extension:flavorextraspecs:show": "{{wrapper}}", + "compute_extension:flavorextraspecs:create": "{{wrapper}}", + "compute_extension:flavorextraspecs:update": "{{wrapper}}", + "compute_extension:flavorextraspecs:delete": "{{wrapper}}", + "compute_extension:flavormanage": "{{wrapper}}", + "compute_extension:floating_ip_dns": "{{wrapper}}", + "compute_extension:floating_ip_pools": "{{wrapper}}", + "compute_extension:floating_ips": "{{wrapper}}", + "compute_extension:floating_ips_bulk": "{{wrapper}}", + "compute_extension:fping": "{{wrapper}}", + "compute_extension:fping:all_tenants": "{{wrapper}}", + "compute_extension:hide_server_addresses": "{{wrapper}}", + "compute_extension:hosts": "{{wrapper}}", + "compute_extension:hypervisors": "{{wrapper}}", + "compute_extension:image_size": "{{wrapper}}", + "compute_extension:instance_actions": "{{wrapper}}", + "compute_extension:instance_actions:events": "{{wrapper}}", + "compute_extension:instance_usage_audit_log": "{{wrapper}}", + "compute_extension:keypairs": "{{wrapper}}", + "compute_extension:keypairs:index": "{{wrapper}}", + "compute_extension:keypairs:show": "{{wrapper}}", + "compute_extension:keypairs:create": "{{wrapper}}", + "compute_extension:keypairs:delete": "{{wrapper}}", + "compute_extension:multinic": "{{wrapper}}", + "compute_extension:networks": "{{wrapper}}", + "compute_extension:networks:view": "{{wrapper}}", + "compute_extension:networks_associate": "{{wrapper}}", + "compute_extension:os-tenant-networks": "{{wrapper}}", + "compute_extension:quotas:show": "{{wrapper}}", + "compute_extension:quotas:update": "{{wrapper}}", + "compute_extension:quotas:delete": "{{wrapper}}", + "compute_extension:quota_classes": "{{wrapper}}", + "compute_extension:rescue": "{{wrapper}}", + "compute_extension:security_group_default_rules": "{{wrapper}}", + "compute_extension:security_groups": "{{wrapper}}", + "compute_extension:server_diagnostics": "{{wrapper}}", + "compute_extension:server_groups": "{{wrapper}}", + "compute_extension:server_password": "{{wrapper}}", + "compute_extension:server_usage": "{{wrapper}}", + "compute_extension:services": "{{wrapper}}", + "compute_extension:shelve": "{{wrapper}}", + "compute_extension:shelveOffload": "{{wrapper}}", + "compute_extension:simple_tenant_usage:show": "{{wrapper}}", + "compute_extension:simple_tenant_usage:list": "{{wrapper}}", + "compute_extension:unshelve": "{{wrapper}}", + "compute_extension:users": "{{wrapper}}", + "compute_extension:virtual_interfaces": "{{wrapper}}", + "compute_extension:virtual_storage_arrays": "{{wrapper}}", + "compute_extension:volumes": "{{wrapper}}", + "compute_extension:volume_attachments:index": "{{wrapper}}", + "compute_extension:volume_attachments:show": "{{wrapper}}", + "compute_extension:volume_attachments:create": "{{wrapper}}", + "compute_extension:volume_attachments:update": "{{wrapper}}", + "compute_extension:volume_attachments:delete": "{{wrapper}}", + "compute_extension:volumetypes": "{{wrapper}}", + "compute_extension:availability_zone:list": "{{wrapper}}", + "compute_extension:availability_zone:detail": "{{wrapper}}", + "compute_extension:used_limits_for_admin": "{{wrapper}}", + "compute_extension:migrations:index": "{{wrapper}}", + "compute_extension:os-assisted-volume-snapshots:create": "{{wrapper}}", + "compute_extension:os-assisted-volume-snapshots:delete": "{{wrapper}}", + "compute_extension:console_auth_tokens": "{{wrapper}}", + "compute_extension:os-server-external-events:create": "{{wrapper}}", + + "network:get_all": "{{wrapper}}", + "network:get": "{{wrapper}}", + "network:create": "{{wrapper}}", + "network:delete": "{{wrapper}}", + "network:associate": "{{wrapper}}", + "network:disassociate": "{{wrapper}}", + "network:get_vifs_by_instance": "{{wrapper}}", + "network:allocate_for_instance": "{{wrapper}}", + "network:deallocate_for_instance": "{{wrapper}}", + "network:validate_networks": "{{wrapper}}", + "network:get_instance_uuids_by_ip_filter": "{{wrapper}}", + "network:get_instance_id_by_floating_address": "{{wrapper}}", + "network:setup_networks_on_host": "{{wrapper}}", + "network:get_backdoor_port": "{{wrapper}}", + + "network:get_floating_ip": "{{wrapper}}", + "network:get_floating_ip_pools": "{{wrapper}}", + "network:get_floating_ip_by_address": "{{wrapper}}", + "network:get_floating_ips_by_project": "{{wrapper}}", + "network:get_floating_ips_by_fixed_address": "{{wrapper}}", + "network:allocate_floating_ip": "{{wrapper}}", + "network:associate_floating_ip": "{{wrapper}}", + "network:disassociate_floating_ip": "{{wrapper}}", + "network:release_floating_ip": "{{wrapper}}", + "network:migrate_instance_start": "{{wrapper}}", + "network:migrate_instance_finish": "{{wrapper}}", + + "network:get_fixed_ip": "{{wrapper}}", + "network:get_fixed_ip_by_address": "{{wrapper}}", + "network:add_fixed_ip_to_instance": "{{wrapper}}", + "network:remove_fixed_ip_from_instance": "{{wrapper}}", + "network:add_network_to_project": "{{wrapper}}", + "network:get_instance_nw_info": "{{wrapper}}", + + "network:get_dns_domains": "{{wrapper}}", + "network:add_dns_entry": "{{wrapper}}", + "network:modify_dns_entry": "{{wrapper}}", + "network:delete_dns_entry": "{{wrapper}}", + "network:get_dns_entries_by_address": "{{wrapper}}", + "network:get_dns_entries_by_name": "{{wrapper}}", + "network:create_private_dns_domain": "{{wrapper}}", + "network:create_public_dns_domain": "{{wrapper}}", + "network:delete_dns_domain": "{{wrapper}}", + "network:attach_external_network": "{{wrapper}}", + "network:get_vif_by_mac_address": "{{wrapper}}", + + "os_compute_api:servers:detail:get_all_tenants": "{{wrapper}}", + "os_compute_api:servers:index:get_all_tenants": "{{wrapper}}", + "os_compute_api:servers:confirm_resize": "{{wrapper}}", + "os_compute_api:servers:create": "{{wrapper}}", + "os_compute_api:servers:create:attach_network": "{{wrapper}}", + "os_compute_api:servers:create:attach_volume": "{{wrapper}}", + "os_compute_api:servers:create:forced_host": "{{wrapper}}", + "os_compute_api:servers:delete": "{{wrapper}}", + "os_compute_api:servers:update": "{{wrapper}}", + "os_compute_api:servers:detail": "{{wrapper}}", + "os_compute_api:servers:index": "{{wrapper}}", + "os_compute_api:servers:reboot": "{{wrapper}}", + "os_compute_api:servers:rebuild": "{{wrapper}}", + "os_compute_api:servers:resize": "{{wrapper}}", + "os_compute_api:servers:revert_resize": "{{wrapper}}", + "os_compute_api:servers:show": "{{wrapper}}", + "os_compute_api:servers:create_image": "{{wrapper}}", + "os_compute_api:servers:create_image:allow_volume_backed": "{{wrapper}}", + "os_compute_api:servers:start": "{{wrapper}}", + "os_compute_api:servers:stop": "{{wrapper}}", + "os_compute_api:os-access-ips:discoverable": "{{wrapper}}", + "os_compute_api:os-access-ips": "{{wrapper}}", + "os_compute_api:os-admin-actions": "{{wrapper}}", + "os_compute_api:os-admin-actions:discoverable": "{{wrapper}}", + "os_compute_api:os-admin-actions:reset_network": "{{wrapper}}", + "os_compute_api:os-admin-actions:inject_network_info": "{{wrapper}}", + "os_compute_api:os-admin-actions:reset_state": "{{wrapper}}", + "os_compute_api:os-admin-password": "{{wrapper}}", + "os_compute_api:os-admin-password:discoverable": "{{wrapper}}", + "os_compute_api:os-aggregates:discoverable": "{{wrapper}}", + "os_compute_api:os-aggregates:index": "{{wrapper}}", + "os_compute_api:os-aggregates:create": "{{wrapper}}", + "os_compute_api:os-aggregates:show": "{{wrapper}}", + "os_compute_api:os-aggregates:update": "{{wrapper}}", + "os_compute_api:os-aggregates:delete": "{{wrapper}}", + "os_compute_api:os-aggregates:add_host": "{{wrapper}}", + "os_compute_api:os-aggregates:remove_host": "{{wrapper}}", + "os_compute_api:os-aggregates:set_metadata": "{{wrapper}}", + "os_compute_api:os-agents": "{{wrapper}}", + "os_compute_api:os-agents:discoverable": "{{wrapper}}", + "os_compute_api:os-attach-interfaces": "{{wrapper}}", + "os_compute_api:os-attach-interfaces:discoverable": "{{wrapper}}", + "os_compute_api:os-baremetal-nodes": "{{wrapper}}", + "os_compute_api:os-baremetal-nodes:discoverable": "{{wrapper}}", + "os_compute_api:os-block-device-mapping-v1:discoverable": "{{wrapper}}", + "os_compute_api:os-cells": "{{wrapper}}", + "os_compute_api:os-cells:create": "{{wrapper}}", + "os_compute_api:os-cells:delete": "{{wrapper}}", + "os_compute_api:os-cells:update": "{{wrapper}}", + "os_compute_api:os-cells:sync_instances": "{{wrapper}}", + "os_compute_api:os-cells:discoverable": "{{wrapper}}", + "os_compute_api:os-certificates:create": "{{wrapper}}", + "os_compute_api:os-certificates:show": "{{wrapper}}", + "os_compute_api:os-certificates:discoverable": "{{wrapper}}", + "os_compute_api:os-cloudpipe": "{{wrapper}}", + "os_compute_api:os-cloudpipe:discoverable": "{{wrapper}}", + "os_compute_api:os-config-drive": "{{wrapper}}", + "os_compute_api:os-consoles:discoverable": "{{wrapper}}", + "os_compute_api:os-consoles:create": "{{wrapper}}", + "os_compute_api:os-consoles:delete": "{{wrapper}}", + "os_compute_api:os-consoles:index": "{{wrapper}}", + "os_compute_api:os-consoles:show": "{{wrapper}}", + "os_compute_api:os-console-output:discoverable": "{{wrapper}}", + "os_compute_api:os-console-output": "{{wrapper}}", + "os_compute_api:os-remote-consoles": "{{wrapper}}", + "os_compute_api:os-remote-consoles:discoverable": "{{wrapper}}", + "os_compute_api:os-create-backup:discoverable": "{{wrapper}}", + "os_compute_api:os-create-backup": "{{wrapper}}", + "os_compute_api:os-deferred-delete": "{{wrapper}}", + "os_compute_api:os-deferred-delete:discoverable": "{{wrapper}}", + "os_compute_api:os-disk-config": "{{wrapper}}", + "os_compute_api:os-disk-config:discoverable": "{{wrapper}}", + "os_compute_api:os-evacuate": "{{wrapper}}", + "os_compute_api:os-evacuate:discoverable": "{{wrapper}}", + "os_compute_api:os-extended-server-attributes": "{{wrapper}}", + "os_compute_api:os-extended-server-attributes:discoverable": "{{wrapper}}", + "os_compute_api:os-extended-status": "{{wrapper}}", + "os_compute_api:os-extended-status:discoverable": "{{wrapper}}", + "os_compute_api:os-extended-availability-zone": "{{wrapper}}", + "os_compute_api:os-extended-availability-zone:discoverable": "{{wrapper}}", + "os_compute_api:extensions": "{{wrapper}}", + "os_compute_api:extension_info:discoverable": "{{wrapper}}", + "os_compute_api:os-extended-volumes": "{{wrapper}}", + "os_compute_api:os-extended-volumes:discoverable": "{{wrapper}}", + "os_compute_api:os-fixed-ips": "{{wrapper}}", + "os_compute_api:os-fixed-ips:discoverable": "{{wrapper}}", + "os_compute_api:os-flavor-access": "{{wrapper}}", + "os_compute_api:os-flavor-access:discoverable": "{{wrapper}}", + "os_compute_api:os-flavor-access:remove_tenant_access": "{{wrapper}}", + "os_compute_api:os-flavor-access:add_tenant_access": "{{wrapper}}", + "os_compute_api:os-flavor-rxtx": "{{wrapper}}", + "os_compute_api:os-flavor-rxtx:discoverable": "{{wrapper}}", + "os_compute_api:flavors:discoverable": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:discoverable": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:index": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:show": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:create": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:update": "{{wrapper}}", + "os_compute_api:os-flavor-extra-specs:delete": "{{wrapper}}", + "os_compute_api:os-flavor-manage:discoverable": "{{wrapper}}", + "os_compute_api:os-flavor-manage": "{{wrapper}}", + "os_compute_api:os-floating-ip-dns": "{{wrapper}}", + "os_compute_api:os-floating-ip-dns:discoverable": "{{wrapper}}", + "os_compute_api:os-floating-ip-dns:domain:update": "{{wrapper}}", + "os_compute_api:os-floating-ip-dns:domain:delete": "{{wrapper}}", + "os_compute_api:os-floating-ip-pools": "{{wrapper}}", + "os_compute_api:os-floating-ip-pools:discoverable": "{{wrapper}}", + "os_compute_api:os-floating-ips": "{{wrapper}}", + "os_compute_api:os-floating-ips:discoverable": "{{wrapper}}", + "os_compute_api:os-floating-ips-bulk": "{{wrapper}}", + "os_compute_api:os-floating-ips-bulk:discoverable": "{{wrapper}}", + "os_compute_api:os-fping": "{{wrapper}}", + "os_compute_api:os-fping:discoverable": "{{wrapper}}", + "os_compute_api:os-fping:all_tenants": "{{wrapper}}", + "os_compute_api:os-hide-server-addresses": "{{wrapper}}", + "os_compute_api:os-hide-server-addresses:discoverable": "{{wrapper}}", + "os_compute_api:os-hosts": "{{wrapper}}", + "os_compute_api:os-hosts:discoverable": "{{wrapper}}", + "os_compute_api:os-hypervisors": "{{wrapper}}", + "os_compute_api:os-hypervisors:discoverable": "{{wrapper}}", + "os_compute_api:images:discoverable": "{{wrapper}}", + "os_compute_api:image-size": "{{wrapper}}", + "os_compute_api:image-size:discoverable": "{{wrapper}}", + "os_compute_api:os-instance-actions": "{{wrapper}}", + "os_compute_api:os-instance-actions:discoverable": "{{wrapper}}", + "os_compute_api:os-instance-actions:events": "{{wrapper}}", + "os_compute_api:os-instance-usage-audit-log": "{{wrapper}}", + "os_compute_api:os-instance-usage-audit-log:discoverable": "{{wrapper}}", + "os_compute_api:ips:discoverable": "{{wrapper}}", + "os_compute_api:ips:index": "{{wrapper}}", + "os_compute_api:ips:show": "{{wrapper}}", + "os_compute_api:os-keypairs:discoverable": "{{wrapper}}", + "os_compute_api:os-keypairs": "{{wrapper}}", + "os_compute_api:os-keypairs:index": "{{wrapper}}", + "os_compute_api:os-keypairs:show": "{{wrapper}}", + "os_compute_api:os-keypairs:create": "{{wrapper}}", + "os_compute_api:os-keypairs:delete": "{{wrapper}}", + "os_compute_api:limits:discoverable": "{{wrapper}}", + "os_compute_api:limits": "{{wrapper}}", + "os_compute_api:os-lock-server:discoverable": "{{wrapper}}", + "os_compute_api:os-lock-server:lock": "{{wrapper}}", + "os_compute_api:os-lock-server:unlock": "{{wrapper}}", + "os_compute_api:os-lock-server:unlock:unlock_override": "{{wrapper}}", + "os_compute_api:os-migrate-server:discoverable": "{{wrapper}}", + "os_compute_api:os-migrate-server:migrate": "{{wrapper}}", + "os_compute_api:os-migrate-server:migrate_live": "{{wrapper}}", + "os_compute_api:os-multinic": "{{wrapper}}", + "os_compute_api:os-multinic:discoverable": "{{wrapper}}", + "os_compute_api:os-networks": "{{wrapper}}", + "os_compute_api:os-networks:view": "{{wrapper}}", + "os_compute_api:os-networks:discoverable": "{{wrapper}}", + "os_compute_api:os-networks-associate": "{{wrapper}}", + "os_compute_api:os-networks-associate:discoverable": "{{wrapper}}", + "os_compute_api:os-pause-server:discoverable": "{{wrapper}}", + "os_compute_api:os-pause-server:pause": "{{wrapper}}", + "os_compute_api:os-pause-server:unpause": "{{wrapper}}", + "os_compute_api:os-pci:pci_servers": "{{wrapper}}", + "os_compute_api:os-pci:discoverable": "{{wrapper}}", + "os_compute_api:os-pci:index": "{{wrapper}}", + "os_compute_api:os-pci:detail": "{{wrapper}}", + "os_compute_api:os-pci:show": "{{wrapper}}", + "os_compute_api:os-personality:discoverable": "{{wrapper}}", + "os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "{{wrapper}}", + "os_compute_api:os-quota-sets:discoverable": "{{wrapper}}", + "os_compute_api:os-quota-sets:show": "{{wrapper}}", + "os_compute_api:os-quota-sets:defaults": "{{wrapper}}", + "os_compute_api:os-quota-sets:update": "{{wrapper}}", + "os_compute_api:os-quota-sets:delete": "{{wrapper}}", + "os_compute_api:os-quota-sets:detail": "{{wrapper}}", + "os_compute_api:os-quota-class-sets:update": "{{wrapper}}", + "os_compute_api:os-quota-class-sets:show": "{{wrapper}}", + "os_compute_api:os-quota-class-sets:discoverable": "{{wrapper}}", + "os_compute_api:os-rescue": "{{wrapper}}", + "os_compute_api:os-rescue:discoverable": "{{wrapper}}", + "os_compute_api:os-scheduler-hints:discoverable": "{{wrapper}}", + "os_compute_api:os-security-group-default-rules:discoverable": "{{wrapper}}", + "os_compute_api:os-security-group-default-rules": "{{wrapper}}", + "os_compute_api:os-security-groups": "{{wrapper}}", + "os_compute_api:os-security-groups:discoverable": "{{wrapper}}", + "os_compute_api:os-server-diagnostics": "{{wrapper}}", + "os_compute_api:os-server-diagnostics:discoverable": "{{wrapper}}", + "os_compute_api:os-server-password": "{{wrapper}}", + "os_compute_api:os-server-password:discoverable": "{{wrapper}}", + "os_compute_api:os-server-usage": "{{wrapper}}", + "os_compute_api:os-server-usage:discoverable": "{{wrapper}}", + "os_compute_api:os-server-groups": "{{wrapper}}", + "os_compute_api:os-server-groups:discoverable": "{{wrapper}}", + "os_compute_api:os-services": "{{wrapper}}", + "os_compute_api:os-services:discoverable": "{{wrapper}}", + "os_compute_api:server-metadata:discoverable": "{{wrapper}}", + "os_compute_api:server-metadata:index": "{{wrapper}}", + "os_compute_api:server-metadata:show": "{{wrapper}}", + "os_compute_api:server-metadata:delete": "{{wrapper}}", + "os_compute_api:server-metadata:create": "{{wrapper}}", + "os_compute_api:server-metadata:update": "{{wrapper}}", + "os_compute_api:server-metadata:update_all": "{{wrapper}}", + "os_compute_api:servers:discoverable": "{{wrapper}}", + "os_compute_api:os-shelve:shelve": "{{wrapper}}", + "os_compute_api:os-shelve:shelve:discoverable": "{{wrapper}}", + "os_compute_api:os-shelve:shelve_offload": "{{wrapper}}", + "os_compute_api:os-simple-tenant-usage:discoverable": "{{wrapper}}", + "os_compute_api:os-simple-tenant-usage:show": "{{wrapper}}", + "os_compute_api:os-simple-tenant-usage:list": "{{wrapper}}", + "os_compute_api:os-suspend-server:discoverable": "{{wrapper}}", + "os_compute_api:os-suspend-server:suspend": "{{wrapper}}", + "os_compute_api:os-suspend-server:resume": "{{wrapper}}", + "os_compute_api:os-tenant-networks": "{{wrapper}}", + "os_compute_api:os-tenant-networks:discoverable": "{{wrapper}}", + "os_compute_api:os-shelve:unshelve": "{{wrapper}}", + "os_compute_api:os-user-data:discoverable": "{{wrapper}}", + "os_compute_api:os-virtual-interfaces": "{{wrapper}}", + "os_compute_api:os-virtual-interfaces:discoverable": "{{wrapper}}", + "os_compute_api:os-volumes": "{{wrapper}}", + "os_compute_api:os-volumes:discoverable": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:index": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:show": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:create": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:update": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:delete": "{{wrapper}}", + "os_compute_api:os-volumes-attachments:discoverable": "{{wrapper}}", + "os_compute_api:os-availability-zone:list": "{{wrapper}}", + "os_compute_api:os-availability-zone:discoverable": "{{wrapper}}", + "os_compute_api:os-availability-zone:detail": "{{wrapper}}", + "os_compute_api:os-used-limits": "{{wrapper}}", + "os_compute_api:os-used-limits:discoverable": "{{wrapper}}", + "os_compute_api:os-migrations:index": "{{wrapper}}", + "os_compute_api:os-migrations:discoverable": "{{wrapper}}", + "os_compute_api:os-assisted-volume-snapshots:create": "{{wrapper}}", + "os_compute_api:os-assisted-volume-snapshots:delete": "{{wrapper}}", + "os_compute_api:os-assisted-volume-snapshots:discoverable": "{{wrapper}}", + "os_compute_api:os-console-auth-tokens": "{{wrapper}}", + "os_compute_api:os-server-external-events:create": "{{wrapper}}", +} diff --git a/external_policy_checker/external_policy_checker/__init__.py b/external_policy_checker/external_policy_checker/__init__.py new file mode 100644 index 00000000..a4e2017f --- /dev/null +++ b/external_policy_checker/external_policy_checker/__init__.py @@ -0,0 +1 @@ +__version__ = "0.1" diff --git a/external_policy_checker/external_policy_checker/__main__.py b/external_policy_checker/external_policy_checker/__main__.py new file mode 100644 index 00000000..4499a96b --- /dev/null +++ b/external_policy_checker/external_policy_checker/__main__.py @@ -0,0 +1,9 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +import moon_bouchon.server + +moon_bouchon.server.main() diff --git a/external_policy_checker/external_policy_checker/conf_installer.py b/external_policy_checker/external_policy_checker/conf_installer.py new file mode 100644 index 00000000..ec45003b --- /dev/null +++ b/external_policy_checker/external_policy_checker/conf_installer.py @@ -0,0 +1,83 @@ +import shutil +import logging +import argparse +import os +from uuid import uuid4 +import glob + +logger = logging.getLogger(__name__) + +COMPONENTS = ( + "cinder", + "nova", + "neutron", + "glance", + "keystone" +) + + +def init(): + parser = argparse.ArgumentParser() + parser.add_argument("--verbose", '-v', action='store_true', help='verbose mode') + parser.add_argument("--debug", '-d', action='store_true', help='debug mode') + parser.add_argument("--templates", '-t', help='set template directory', default="templates/") + parser.add_argument("--out-dir", '-o', help='if set, copy the files in this directory', default=None) + parser.add_argument("wrapper_url", help='Wrapper URL to use', nargs="*", + default=["http://127.0.0.1:8080/policy_checker"]) + args = parser.parse_args() + logging_format = "%(levelname)s: %(message)s" + if args.verbose: + logging.basicConfig(level=logging.INFO, format=logging_format) + if args.debug: + logging.basicConfig(level=logging.DEBUG, format=logging_format) + return args + + +def update_templates(templates_dir, wrapper_url): + tmp_dir = os.path.join("/tmp", str(uuid4())) + wrapper_url = wrapper_url[0].strip('"').strip("'") + os.mkdir(tmp_dir) + for comp in COMPONENTS: + input_file = os.path.join(templates_dir, comp + ".policy.json") + output_file = os.path.join(tmp_dir, comp + ".policy.json") + output_fd = open(output_file, "w") + for line in open(input_file): + output_fd.write(line.replace("{{wrapper}}", wrapper_url)) + return tmp_dir + + +def remove_tmp_files(tmp_dir): + for _filename in glob.glob(os.path.join(tmp_dir, "*")): + logger.debug("{} {}".format(_filename, os.path.isfile(_filename))) + if os.path.isfile(_filename): + logger.debug("Trying to delete {}".format(_filename)) + os.remove(_filename) + logger.debug("Delete done") + os.removedirs(tmp_dir) + + +def main(templates_dir, wrapper_url, out_dir=None): + logger.info("Moving configuration files") + tmp_dir = update_templates(templates_dir, wrapper_url) + if out_dir: + logger.info("Moving to {}".format(out_dir)) + try: + os.mkdir(out_dir) + except FileExistsError: + logger.warning("Output directory exists, writing on it!") + for comp in COMPONENTS: + logger.info("Moving {}".format(comp)) + shutil.copy(os.path.join(tmp_dir, comp + ".policy.json"), + os.path.join(out_dir, comp + ".policy.json")) + else: + logger.info("Moving to /etc") + for comp in COMPONENTS: + logger.info("Moving {}".format(comp)) + shutil.copy(os.path.join(tmp_dir, comp + ".policy.json"), + os.path.join("etc", comp, "policy.json")) + remove_tmp_files(tmp_dir) + + +if __name__ == "__main__": + args = init() + main(args.templates, args.wrapper_url, args.out_dir) diff --git a/external_policy_checker/external_policy_checker/server.py b/external_policy_checker/external_policy_checker/server.py new file mode 100644 index 00000000..cbb4a933 --- /dev/null +++ b/external_policy_checker/external_policy_checker/server.py @@ -0,0 +1,135 @@ +# Copyright 2018 Orange +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import sys +import flask +from flask import Flask +from flask import request +import json +import logging +import random + +logger = logging.getLogger(__name__) +logging.basicConfig(level=logging.INFO) +app = Flask(__name__) + + +def test_target(data, result): + if "resource_id" in data: + result["resource_id"] = data['object_id'] + if "object_id" in data: + result["resource_id"] = data['object_id'] + if 'project_id' in data: + result["project_id"] = data['project_id'] + if 'user_id' in data: + result["user_id"] = data['user_id'] + + +def test_credentials(data, result): + if 'project_id' in data: + result["project_id"] = data['project_id'] + if 'user_id' in data: + result["user_id"] = data['user_id'] + if 'project_domain_id' in data: + result["domain_id"] = data['project_domain_id'] + + +def test_rule(data, result): + result['action_name'] = data + + +def test_data(): + data = request.form + result = { + "user_id": "", + "project_id": "", + "action_name": "", + "resource_id": "", + "domain_id": "", + } + if not dict(request.form): + data = json.loads(request.data.decode("utf-8")) + try: + target = json.loads(data.get('target', {})) + except Exception: + raise Exception("Error reading target") + try: + credentials = json.loads(data.get('credentials', {})) + except Exception: + raise Exception("Error reading credentials") + try: + rule = data.get('rule', "") + except Exception: + raise Exception("Error reading rule") + test_target(target, result) + test_credentials(credentials, result) + test_rule(rule, result) + return_value = True + logger.info("Analysing request with {}".format(rule)) + for key in result: + if not result[key] and key != "domain_id": + return_value = False + logger.error("Attribute {} is absent".format(key)) + if not result[key] and key == "domain_id": + logger.warning("Attribute {} is missing.".format(key)) + return return_value + + +@app.route("/policy_checker", methods=["POST"]) +def checker(): + information_is_complete = False + try: + information_is_complete = test_data() + except Exception as e: + logger.exception(e) + if information_is_complete: + response = flask.make_response("True") + response.headers['content-type'] = 'application/octet-stream' + return response + else: + response = flask.make_response("False") + response.headers['content-type'] = 'application/octet-stream' + return response, 403 + + +def get_target(): + data = request.form + if not dict(request.form): + data = json.loads(request.data.decode("utf-8")) + try: + return json.loads(data.get('target', {})) + except Exception: + raise Exception("Error reading target") + + +@app.route("/authz/grant", methods=["POST"]) +def wrapper_grant(): + logger.info("Requesting wrapper authz with {}".format(get_target())) + response = flask.make_response("True") + response.headers['content-type'] = 'application/octet-stream' + return response + + +@app.route("/authz/deny", methods=["POST"]) +def wrapper_deny(): + logger.info("Requesting wrapper authz with {}".format(get_target())) + response = flask.make_response("False") + response.headers['content-type'] = 'application/octet-stream' + return response, 403 + + +def main(): + port = 8080 + if len(sys.argv) > 1: + try: + port = int(sys.argv[1]) + except ValueError: + logger.error("Argument for Port in command line is not an integer") + sys.exit(1) + app.run(host="0.0.0.0", port=port) + + +if __name__ == "__main__": + main() diff --git a/external_policy_checker/requirements.txt b/external_policy_checker/requirements.txt new file mode 100644 index 00000000..8ab6294c --- /dev/null +++ b/external_policy_checker/requirements.txt @@ -0,0 +1 @@ +flask \ No newline at end of file diff --git a/external_policy_checker/setup.cfg b/external_policy_checker/setup.cfg new file mode 100644 index 00000000..7c2b2874 --- /dev/null +++ b/external_policy_checker/setup.cfg @@ -0,0 +1,2 @@ +[bdist_wheel] +universal = 1 \ No newline at end of file diff --git a/external_policy_checker/setup.py b/external_policy_checker/setup.py new file mode 100644 index 00000000..acd994a6 --- /dev/null +++ b/external_policy_checker/setup.py @@ -0,0 +1,47 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from setuptools import setup, find_packages +import external_policy_checker + + +setup( + + name='external_policy_checker', + + version=external_policy_checker.__version__, + + packages=find_packages(), + + author="Thomas Duval", + + author_email="thomas.duval@orange.com", + + description="", + + long_description=open('README.md').read(), + + install_requires=["flask"], + + include_package_data=True, + + url='https://git.opnfv.org/cgit/moon', + + classifiers=[ + "Programming Language :: Python", + "Development Status :: 1 - Planning", + "License :: OSI Approved", + "Natural Language :: French", + "Operating System :: OS Independent", + "Programming Language :: Python :: 3", + ], + + entry_points={ + 'console_scripts': [ + 'external_policy_checker = external_policy_checker.server:main', + ], + } + +) -- cgit 1.2.3-korg