From dcf2ce1b8cd039b3a13e7c70ef94ce968ffc4de0 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Wed, 22 Nov 2017 11:26:41 +0100 Subject: Add waiting code for Keystone, re-add the ability to connect a PDP to the "admin" Keystone project and fix some bugs Change-Id: Ic3afdb1306a72bd09f9071e96aabfae602153e94 --- moonv4/templates/moonforming/Dockerfile | 4 +++- .../templates/moonforming/populate_default_values.py | 18 +++++++++--------- moonv4/templates/moonforming/run.sh | 19 +++++++++++++++---- moonv4/templates/moonforming/utils/pdp.py | 10 ++++++---- moonv4/templates/moonforming/utils/policies.py | 5 +++++ 5 files changed, 38 insertions(+), 18 deletions(-) diff --git a/moonv4/templates/moonforming/Dockerfile b/moonv4/templates/moonforming/Dockerfile index 3410a5f4..87a067f9 100644 --- a/moonv4/templates/moonforming/Dockerfile +++ b/moonv4/templates/moonforming/Dockerfile @@ -2,7 +2,9 @@ FROM python:3 WORKDIR /usr/src/app RUN pip install --no-cache-dir --upgrade requests pyyaml moon_utilities moon_db +ENV POPULATE_ARGS "-v" + ADD . /root WORKDIR /root -CMD ["sh", "/root/run.sh" ] \ No newline at end of file +CMD sh /root/run.sh ${POPULATE_ARGS} \ No newline at end of file diff --git a/moonv4/templates/moonforming/populate_default_values.py b/moonv4/templates/moonforming/populate_default_values.py index 10b66201..fa099458 100644 --- a/moonv4/templates/moonforming/populate_default_values.py +++ b/moonv4/templates/moonforming/populate_default_values.py @@ -32,7 +32,7 @@ requests_log = logging.getLogger("requests.packages.urllib3") requests_log.setLevel(logging.WARNING) requests_log.propagate = True -logger = logging.getLogger(__name__) +logger = logging.getLogger("moonforming") if args.filename: print("Loading: {}".format(args.filename[0])) @@ -204,13 +204,13 @@ def create_policy(model_id, meta_rule_list): def create_pdp(policy_id=None): logger.info("Creating PDP {}".format(scenario.pdp_name)) - # projects = get_keystone_projects() - # project_id = args.keystone_pid - # if not project_id: - # for _project in projects['projects']: - # if _project['name'] == "admin": - # project_id = _project['id'] - # assert project_id + projects = get_keystone_projects() + project_id = args.keystone_pid + if not project_id: + for _project in projects['projects']: + if _project['name'] == "admin": + project_id = _project['id'] + assert project_id pdps = check_pdp()["pdps"] for pdp_id, pdp_value in pdps.items(): if scenario.pdp_name == pdp_value["name"]: @@ -218,7 +218,7 @@ def create_pdp(policy_id=None): logger.debug("Found existing PDP named {} (will add policy {})".format(scenario.pdp_name, policy_id)) return pdp_id _pdp_id = add_pdp(name=scenario.pdp_name, policy_id=policy_id) - # map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) + map_to_keystone(pdp_id=_pdp_id, keystone_project_id=project_id) return _pdp_id if __name__ == "__main__": diff --git a/moonv4/templates/moonforming/run.sh b/moonv4/templates/moonforming/run.sh index e3c052c5..71543f9e 100644 --- a/moonv4/templates/moonforming/run.sh +++ b/moonv4/templates/moonforming/run.sh @@ -1,12 +1,14 @@ #!/usr/bin/env bash +populate_args=$* + echo "Waiting for Consul (http://consul:8500)" while ! python -c "import requests; req = requests.get('http://consul:8500')" 2>/dev/null ; do sleep 5 ; echo "." done -echo "Manager (http://consul:8500) is up." +echo "Consul (http://consul:8500) is up." python3 /root/conf2consul.py /etc/moon/moon.conf @@ -16,10 +18,18 @@ while ! python -c "import socket, sys; s = socket.socket(socket.AF_INET, socket. echo "." done -echo "Manager (http://db:3306) is up." +echo "Database (http://db:3306) is up." moon_db_manager upgrade +echo "Waiting for Keystone (http://keystone:5000)" +while ! python -c "import requests; req = requests.get('http://keystone:5000')" 2>/dev/null ; do + sleep 5 ; + echo "." +done + +echo "Keystone (http://keystone:5000) is up." + echo "Waiting for Manager (http://manager:8082)" while ! python -c "import requests; req = requests.get('http://manager:8082')" 2>/dev/null ; do sleep 5 ; @@ -29,5 +39,6 @@ done echo "Manager (http://manager:8082) is up." cd /root -python3 populate_default_values.py -v /root/conf/rbac.py -python3 populate_default_values.py -v /root/conf/mls.py + +python3 populate_default_values.py $populate_args /root/conf/rbac.py +python3 populate_default_values.py $populate_args /root/conf/mls.py diff --git a/moonv4/templates/moonforming/utils/pdp.py b/moonv4/templates/moonforming/utils/pdp.py index 676b216b..f3c6df37 100644 --- a/moonv4/templates/moonforming/utils/pdp.py +++ b/moonv4/templates/moonforming/utils/pdp.py @@ -1,7 +1,9 @@ +import logging import requests import utils.config config = utils.config.get_config_data() +logger = logging.getLogger("moonforming.utils.policies") URL = "http://{}:{}".format( config['components']['manager']['hostname'], @@ -46,8 +48,8 @@ def get_keystone_projects(): } req = requests.post("{}/auth/tokens".format(KEYSTONE_SERVER), json=data_auth, headers=HEADERS) - print("{}/auth/tokens".format(KEYSTONE_SERVER)) - print(req.text) + logger.debug("{}/auth/tokens".format(KEYSTONE_SERVER)) + logger.debug(req.text) assert req.status_code in (200, 201) TOKEN = req.headers['X-Subject-Token'] HEADERS['X-Auth-Token'] = TOKEN @@ -97,8 +99,8 @@ def add_pdp(name="test_pdp", policy_id=None): if policy_id: pdp_template['security_pipeline'].append(policy_id) req = requests.post(URL + "/pdp", json=pdp_template, headers=HEADERS) - print(req.status_code) - print(req) + logger.debug(req.status_code) + logger.debug(req) assert req.status_code == 200 result = req.json() assert type(result) is dict diff --git a/moonv4/templates/moonforming/utils/policies.py b/moonv4/templates/moonforming/utils/policies.py index df7f5f57..bd08291a 100644 --- a/moonv4/templates/moonforming/utils/policies.py +++ b/moonv4/templates/moonforming/utils/policies.py @@ -1,7 +1,9 @@ +import logging import requests import utils.config config = utils.config.get_config_data() +logger = logging.getLogger("moonforming.utils.policies") URL = "http://{}:{}".format(config['components']['manager']['hostname'], config['components']['manager']['port']) URL = URL + "{}" @@ -108,10 +110,13 @@ def delete_policy(policy_id): def add_subject(policy_id=None, name="test_subject"): subject_template['name'] = name if policy_id: + logger.debug(URL.format("/policies/{}/subjects".format(policy_id))) req = requests.post(URL.format("/policies/{}/subjects".format(policy_id)), json=subject_template, headers=HEADERS) else: + logger.debug(URL.format("/subjects")) req = requests.post(URL.format("/subjects"), json=subject_template, headers=HEADERS) + logger.debug(req.text) assert req.status_code == 200 result = req.json() assert "subjects" in result -- cgit 1.2.3-korg