From ffd694ebadb1d3b4e140104f9f0a81837c0e7258 Mon Sep 17 00:00:00 2001 From: WuKong Date: Wed, 19 Jul 2017 10:23:25 +0200 Subject: add pip package Change-Id: I8b4d3fa24f6ad7c7f9bb5dc93279c4a48bb0fe86 Signed-off-by: WuKong --- moonv4/DEV.md | 160 +++++++ moonv4/bin/build_all_pip.sh | 16 + moonv4/development.md | 129 ------ moonv4/moon_db/Changelog | 4 + moonv4/moon_db/moon_db/__init__.py | 2 +- moonv4/moon_orchestrator/Changelog | 21 + .../moon_orchestrator/__init__.py | 2 +- moonv4/moon_router/LICENSE | 204 +++++++++ moonv4/moon_router/MANIFEST.in | 9 + moonv4/moon_router/README.rst | 9 + moonv4/moon_router/doc/api-moon-secrouter.pdf | Bin 0 -> 195778 bytes moonv4/moon_router/doc/api.pdf | Bin 0 -> 195377 bytes moonv4/moon_router/moon_secrouter/__init__.py | 6 + moonv4/moon_router/moon_secrouter/__main__.py | 3 + moonv4/moon_router/moon_secrouter/api/__init__.py | 0 moonv4/moon_router/moon_secrouter/api/generic.py | 46 ++ moonv4/moon_router/moon_secrouter/api/route.py | 467 +++++++++++++++++++++ moonv4/moon_router/moon_secrouter/messenger.py | 61 +++ moonv4/moon_router/moon_secrouter/server.py | 59 +++ moonv4/moon_router/requirements.txt | 6 + moonv4/moon_router/setup.py | 47 +++ moonv4/moon_router/tests/moon_db-0.1.0.tar.gz | Bin 0 -> 21423 bytes moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz | Bin 0 -> 8640 bytes moonv4/moon_secrouter/LICENSE | 204 --------- moonv4/moon_secrouter/MANIFEST.in | 9 - moonv4/moon_secrouter/README.rst | 9 - moonv4/moon_secrouter/doc/api-moon-secrouter.pdf | Bin 195778 -> 0 bytes moonv4/moon_secrouter/doc/api.pdf | Bin 195377 -> 0 bytes moonv4/moon_secrouter/moon_secrouter/__init__.py | 6 - moonv4/moon_secrouter/moon_secrouter/__main__.py | 3 - .../moon_secrouter/moon_secrouter/api/__init__.py | 0 .../moon_secrouter/moon_secrouter/api/generic.py | 46 -- moonv4/moon_secrouter/moon_secrouter/api/route.py | 467 --------------------- moonv4/moon_secrouter/moon_secrouter/messenger.py | 61 --- moonv4/moon_secrouter/moon_secrouter/server.py | 59 --- moonv4/moon_secrouter/requirements.txt | 6 - moonv4/moon_secrouter/setup.py | 47 --- moonv4/moon_secrouter/tests/moon_db-0.1.0.tar.gz | Bin 21423 -> 0 bytes .../moon_secrouter/tests/moon_policy-0.1.0.tar.gz | Bin 8640 -> 0 bytes moonv4/moon_utilities/Changelog | 3 + moonv4/moon_utilities/moon_utilities/__init__.py | 2 +- moonv4/templates/moon_keystone/README.md | 2 +- 42 files changed, 1125 insertions(+), 1050 deletions(-) create mode 100644 moonv4/DEV.md create mode 100644 moonv4/bin/build_all_pip.sh delete mode 100644 moonv4/development.md create mode 100644 moonv4/moon_orchestrator/Changelog create mode 100644 moonv4/moon_router/LICENSE create mode 100644 moonv4/moon_router/MANIFEST.in create mode 100644 moonv4/moon_router/README.rst create mode 100644 moonv4/moon_router/doc/api-moon-secrouter.pdf create mode 100644 moonv4/moon_router/doc/api.pdf create mode 100644 moonv4/moon_router/moon_secrouter/__init__.py create mode 100644 moonv4/moon_router/moon_secrouter/__main__.py create mode 100644 moonv4/moon_router/moon_secrouter/api/__init__.py create mode 100644 moonv4/moon_router/moon_secrouter/api/generic.py create mode 100644 moonv4/moon_router/moon_secrouter/api/route.py create mode 100644 moonv4/moon_router/moon_secrouter/messenger.py create mode 100644 moonv4/moon_router/moon_secrouter/server.py create mode 100644 moonv4/moon_router/requirements.txt create mode 100644 moonv4/moon_router/setup.py create mode 100644 moonv4/moon_router/tests/moon_db-0.1.0.tar.gz create mode 100644 moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz delete mode 100644 moonv4/moon_secrouter/LICENSE delete mode 100644 moonv4/moon_secrouter/MANIFEST.in delete mode 100644 moonv4/moon_secrouter/README.rst delete mode 100644 moonv4/moon_secrouter/doc/api-moon-secrouter.pdf delete mode 100644 moonv4/moon_secrouter/doc/api.pdf delete mode 100644 moonv4/moon_secrouter/moon_secrouter/__init__.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/__main__.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/api/__init__.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/api/generic.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/api/route.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/messenger.py delete mode 100644 moonv4/moon_secrouter/moon_secrouter/server.py delete mode 100644 moonv4/moon_secrouter/requirements.txt delete mode 100644 moonv4/moon_secrouter/setup.py delete mode 100644 moonv4/moon_secrouter/tests/moon_db-0.1.0.tar.gz delete mode 100644 moonv4/moon_secrouter/tests/moon_policy-0.1.0.tar.gz diff --git a/moonv4/DEV.md b/moonv4/DEV.md new file mode 100644 index 00000000..70bcc4fc --- /dev/null +++ b/moonv4/DEV.md @@ -0,0 +1,160 @@ +# Build Python Packages and Docker Images + +## Python Package +### pre-requist +Get the code +```bash +git clone https://git.opnfv.org/moon +cd moon/moonv4 +export MOON_HOME=$(pwd) +sudo ln -s $(pwd)/conf /etc/moon +``` + +Install python wheel +```bash +sudo apt install python3-wheel +``` + +Install pip twine +```bash +sudo pip install twine +``` + +Package code, wheel is a new format instead of `tar.gz` +```bash +python setup.py sdist bdist_wheel +``` + +Upload to PyPi +```bash +twine upload dist/moon_xxx-y.y.y.whl +twine upload dist/moon_xxx-y.y.y.tar.gz +``` + +Install a package from PyPi +```bash +sudo pypi install moon_xxx --upgrade +``` + +### moon_db +- change version in `moon_db/__init__.py` +- add `Changelog` + +### moon_utilities +- change version in `moon_utilities/__init__.py` +- add `Changelog` + +### moon_orchestrator +- change version in `moon_orchestrator/__init__.py` +- add `Changelog` + + +### Build All Pip +```bash +sudo pip3 install pip --upgrade +cd ${MOON_HOME}/bin +source build_all_pip.sh +``` + + +## Container +## keystone_mitaka +see `templates/docker/keystone/README.md` to build the `keystone_mitaka` container + + +### moon_router + + +### moon_interface + + +### moon_manager + + +### moon_authz + + +### moon_gui + + +## How to hack the Moon platform +### Force the build of components + +If you want to rebuild one or more component, you have to modify the configuration file `moon.conf`. + +For example, if you want to rebuild the moon_interface, got to the `[interface]` section and delete the +value of the container key like this: + +``` +[interface] +host=172.18.0.11 +port=38001 +# Name of the container to download (if empty build from scratch) +# example: container=moon/moon_interface:latest +container= +``` + +You can configure the interface, the router and both the security_function and security_policy. +You can also force the version of the component like this: `container=moon/moon_interface:4.0.0` + +### Update the moon_interface + +Go to the directory `${MOON_HOME}/moon_interface` and update the code accordingly to your needs, +then update the python package. + +```bash +cd ${MOON_HOME}/moon_interface +python setup.py sdist +cp dist/moon_interface_* ../moon_orchestrator/dist +# kill moon_orchestrator if needed and restart it +``` + +### Update the moon_secrouter + +Go to the directory `${MOON_HOME}/moon_secrouter` and update the code accordingly to your needs, +then update the python package. + +```bash +cd ${MOON_HOME}/moon_secrouter +python setup.py sdist +cp dist/moon_secrouter* ../moon_orchestrator/dist +# kill moon_orchestrator if needed and restart it +``` + +## Problems that may arise + +If the moon_orchestrator doesn't want to start +(with, for example, the following error: `docker.errors.APIError: 409 Client Error: Conflict`), +check if the router and interface containers still exist and kill and delete them: + +```bash +docker kill moon_interface +docker kill moon_router +docker rm moon_interface +docker rm moon_router +``` + +If the moon_orchestrator complains that it cannot request the RabbitMQ server, +check if the messenger server is up and running: + +```bash +docker ps +# you must see the messenger running here +# if not, restart it +docker run -dti --net=moon --hostname messenger --name messenger --link messenger:messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=password -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -p 5671:5671 -p 5672:5672 rabbitmq:3-management +``` + +## Configure DB +### Relaunch Keystone docker +If error of `get_keystone_projects()`, then relaunch the Keystone docker, and wait 40 seconds!!! +```bash +docker rm -f keystone +docker run -dti --net moon --name keystone --hostname=keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka +``` + +### Add default data in DB +Pre-fill the DB with a RBAC policy +```bash +cd ${MOON_HOME}/moon_interface/tests/apitests +python3 populate_default_values.py scenario/ rbac.py +``` diff --git a/moonv4/bin/build_all_pip.sh b/moonv4/bin/build_all_pip.sh new file mode 100644 index 00000000..2b415bf0 --- /dev/null +++ b/moonv4/bin/build_all_pip.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + + +echo Building Moon_DB +cd $MOON_HOME/moon_db +python3 setup.py sdist bdist_wheel> /tmp/moon_db.log + + +echo Building Moon_Utilities +cd $MOON_HOME/moon_utilities +python3 setup.py sdist bdist_wheel> /tmp/moon_utilities.log + + +echo Building Moon_Orchestrator +cd $MOON_HOME/moon_orchestrator +python3 setup.py sdist bdist_wheel> /tmp/moon_orchestrator.log \ No newline at end of file diff --git a/moonv4/development.md b/moonv4/development.md deleted file mode 100644 index bc5f7e97..00000000 --- a/moonv4/development.md +++ /dev/null @@ -1,129 +0,0 @@ -# Build Python Packages and Containers - -## Python Package -### Get the code - -```bash -git clone https://git.opnfv.org/moon -cd moon/moonv4 -export MOON_HOME=$(pwd) -sudo ln -s $(pwd)/conf /etc/moon -``` - -### Build python packages for all components -```bash -sudo pip3 install pip --upgrade -cd ${MOON_HOME}/bin -source build_all.sh -``` - -### moon_db - - -### utilities - - -### moon_orchestrator - - -## Container -## keystone_mitaka -see `templates/docker/keystone/README.md` to build the `keystone_mitaka` container - - -### moon_router - - -### moon_interface - - -### moon_manager - - -### moon_authz - - -### moon_gui - - -## How to hack the Moon platform -### Force the build of components - -If you want to rebuild one or more component, you have to modify the configuration file `moon.conf`. - -For example, if you want to rebuild the moon_interface, got to the `[interface]` section and delete the -value of the container key like this: - -``` -[interface] -host=172.18.0.11 -port=38001 -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_interface:latest -container= -``` - -You can configure the interface, the router and both the security_function and security_policy. -You can also force the version of the component like this: `container=moon/moon_interface:4.0.0` - -### Update the moon_interface - -Go to the directory `${MOON_HOME}/moon_interface` and update the code accordingly to your needs, -then update the python package. - -```bash -cd ${MOON_HOME}/moon_interface -python setup.py sdist -cp dist/moon_interface_* ../moon_orchestrator/dist -# kill moon_orchestrator if needed and restart it -``` - -### Update the moon_secrouter - -Go to the directory `${MOON_HOME}/moon_secrouter` and update the code accordingly to your needs, -then update the python package. - -```bash -cd ${MOON_HOME}/moon_secrouter -python setup.py sdist -cp dist/moon_secrouter* ../moon_orchestrator/dist -# kill moon_orchestrator if needed and restart it -``` - -## Problems that may arise - -If the moon_orchestrator doesn't want to start -(with, for example, the following error: `docker.errors.APIError: 409 Client Error: Conflict`), -check if the router and interface containers still exist and kill and delete them: - -```bash -docker kill moon_interface -docker kill moon_router -docker rm moon_interface -docker rm moon_router -``` - -If the moon_orchestrator complains that it cannot request the RabbitMQ server, -check if the messenger server is up and running: - -```bash -docker ps -# you must see the messenger running here -# if not, restart it -docker run -dti --net=moon --hostname messenger --name messenger --link messenger:messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=password -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -p 5671:5671 -p 5672:5672 rabbitmq:3-management -``` - -## Configure DB -### Relaunch Keystone docker -If error of `get_keystone_projects()`, then relaunch the Keystone docker, and wait 40 seconds!!! -```bash -docker rm -f keystone -docker run -dti --net moon --name keystone --hostname=keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka -``` - -### Add default data in DB -Pre-fill the DB with a RBAC policy -```bash -cd ${MOON_HOME}/moon_interface/tests/apitests -python3 populate_default_values.py scenario/ rbac.py -``` diff --git a/moonv4/moon_db/Changelog b/moonv4/moon_db/Changelog index 94631fce..9295c0de 100644 --- a/moonv4/moon_db/Changelog +++ b/moonv4/moon_db/Changelog @@ -19,3 +19,7 @@ CHANGES ----- - Update setup.py to force the installation of requirements. +1.0.2 +----- +- Test PyPi upload + diff --git a/moonv4/moon_db/moon_db/__init__.py b/moonv4/moon_db/moon_db/__init__.py index ddfaf2bb..bfca6ef9 100644 --- a/moonv4/moon_db/moon_db/__init__.py +++ b/moonv4/moon_db/moon_db/__init__.py @@ -3,5 +3,5 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.0.1" +__version__ = "1.0.2" diff --git a/moonv4/moon_orchestrator/Changelog b/moonv4/moon_orchestrator/Changelog new file mode 100644 index 00000000..544e8fd1 --- /dev/null +++ b/moonv4/moon_orchestrator/Changelog @@ -0,0 +1,21 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + + +CHANGES +======= + +0.1.0 +----- +- First version of the moon_orchestrator library. + +1.0.0 +----- +- First public version of the moon_orchestrator library. + +1.0.1 +----- +- add Changelog + diff --git a/moonv4/moon_orchestrator/moon_orchestrator/__init__.py b/moonv4/moon_orchestrator/moon_orchestrator/__init__.py index 660beb1e..2249a1b6 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/__init__.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.0.0" +__version__ = "1.0.1" diff --git a/moonv4/moon_router/LICENSE b/moonv4/moon_router/LICENSE new file mode 100644 index 00000000..4143aac2 --- /dev/null +++ b/moonv4/moon_router/LICENSE @@ -0,0 +1,204 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +--- License for python-keystoneclient versions prior to 2.1 --- + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of this project nor the names of its contributors may + be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/moonv4/moon_router/MANIFEST.in b/moonv4/moon_router/MANIFEST.in new file mode 100644 index 00000000..1f674d50 --- /dev/null +++ b/moonv4/moon_router/MANIFEST.in @@ -0,0 +1,9 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +include README.rst +include LICENSE +include setup.py +include requirements.txt diff --git a/moonv4/moon_router/README.rst b/moonv4/moon_router/README.rst new file mode 100644 index 00000000..ded4e99a --- /dev/null +++ b/moonv4/moon_router/README.rst @@ -0,0 +1,9 @@ +Core module for the Moon project +================================ + +This package contains the core module for the Moon project +It is designed to provide authorization features to all OpenStack components. + +For any other information, refer to the parent project: + + https://git.opnfv.org/moon diff --git a/moonv4/moon_router/doc/api-moon-secrouter.pdf b/moonv4/moon_router/doc/api-moon-secrouter.pdf new file mode 100644 index 00000000..9ba75db0 Binary files /dev/null and b/moonv4/moon_router/doc/api-moon-secrouter.pdf differ diff --git a/moonv4/moon_router/doc/api.pdf b/moonv4/moon_router/doc/api.pdf new file mode 100644 index 00000000..b7d91293 Binary files /dev/null and b/moonv4/moon_router/doc/api.pdf differ diff --git a/moonv4/moon_router/moon_secrouter/__init__.py b/moonv4/moon_router/moon_secrouter/__init__.py new file mode 100644 index 00000000..903c6518 --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/__init__.py @@ -0,0 +1,6 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +__version__ = "0.1.0" diff --git a/moonv4/moon_router/moon_secrouter/__main__.py b/moonv4/moon_router/moon_secrouter/__main__.py new file mode 100644 index 00000000..8ec695db --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/__main__.py @@ -0,0 +1,3 @@ +from moon_secrouter.server import main + +main() diff --git a/moonv4/moon_router/moon_secrouter/api/__init__.py b/moonv4/moon_router/moon_secrouter/api/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/moonv4/moon_router/moon_secrouter/api/generic.py b/moonv4/moon_router/moon_secrouter/api/generic.py new file mode 100644 index 00000000..d066f715 --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/api/generic.py @@ -0,0 +1,46 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. +from moon_utilities.security_functions import call + + +class Status(object): + """ + Retrieve the current status of all components. + """ + + __version__ = "0.1.0" + + def __get_status(self, ctx, args={}): + return {"status": "Running"} + + def get_status(self, ctx, args={}): + status = dict() + if "component_id" in ctx and ctx["component_id"] == "security_router": + return {"security_router": self.__get_status(ctx, args)} + elif "component_id" in ctx and ctx["component_id"]: + # TODO (dthom): check if component exist + status[ctx["component_id"]] = call(ctx["component_id"], ctx, "get_status", args=args) + else: + # TODO (dthom): must get the status of all containers + status["orchestrator"] = call("orchestrator", ctx, "get_status", args=args) + status["security_router"] = self.__get_status(ctx, args) + return status + + +class Logs(object): + """ + Retrieve the current status of all components. + """ + + __version__ = "0.1.0" + + def get_logs(self, ctx, args={}): + logs = dict() + logs["orchestrator"] = call("orchestrator", ctx, "get_logs", args=args) + # TODO (dthom): must get the logs of all containers + logs["security_router"] = {"error": "Not implemented", "ctx": ctx, "args": args} + return logs + + diff --git a/moonv4/moon_router/moon_secrouter/api/route.py b/moonv4/moon_router/moon_secrouter/api/route.py new file mode 100644 index 00000000..2a2c54bc --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/api/route.py @@ -0,0 +1,467 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import copy +import time +import itertools +from uuid import uuid4 +from oslo_log import log as logging +from moon_utilities.security_functions import call, notify +from oslo_config import cfg +from moon_secrouter.api.generic import Status, Logs + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + +API = { + "orchestrator": ( + "add_container", + "delete_container", + "add_slave", + "get_slaves", + "delete_slave" + ), + # TODO (asteroide): need to check if some of those calls need (or not) to be called "update_" + "manager": ( + "get_subject_assignments", + "set_subject_assignment", + "delete_subject_assignment", + "get_object_assignments", + "set_object_assignment", + "delete_object_assignment", + "get_action_assignments", + "set_action_assignment", + "delete_action_assignment", + "get_subject_data", + "add_subject_data", + "delete_subject_data", + "get_object_data", + "add_object_data", + "delete_object_data", + "get_action_data", + "add_action_data", + "delete_action_data", + "get_subject_categories", + "set_subject_category", + "delete_subject_category", + "get_object_categories", + "set_object_category", + "delete_object_category", + "get_action_categories", + "set_action_category", + "delete_action_category", + "add_meta_rules", + "delete_meta_rules", + "get_meta_rules", + "set_meta_rules", + "get_models", + "add_model", + "delete_model", + "update_model", + "get_pdp", + "add_pdp", + "delete_pdp", + "update_pdp", + "get_subjects", + "set_subject", + "delete_subject", + "get_objects", + "set_object", + "delete_object", + "get_actions", + "set_action", + "delete_action", + "get_policies", + "add_policy", + "delete_policy", + "update_policy", + "get_subject_assignments", + "update_subject_assignment", + "delete_subject_assignment", + "get_object_assignments", + "update_object_assignment", + "delete_object_assignment", + "get_action_assignments", + "update_action_assignment", + "delete_action_assignment", + "get_rules", + "add_rule", + "delete_rule", + "update_from_master" + ), + "function": ( + "authz", + "return_authz", + ), +} + + +class Cache(object): + + # TODO (asteroide): set cache integer in CONF file + __UPDATE_INTERVAL = 10 + + __CONTAINERS = {} + __CONTAINERS_UPDATE = 0 + + __CONTAINER_CHAINING_UPDATE = 0 + __CONTAINER_CHAINING = {} + + __PDP = {} + __PDP_UPDATE = 0 + + __POLICIES = {} + __POLICIES_UPDATE = 0 + + __MODELS = {} + __MODELS_UPDATE = 0 + + __AUTHZ_REQUESTS = {} + + def update(self, component=None): + self.__update_container() + self.__update_pdp() + self.__update_policies() + self.__update_models() + for key, value in self.__PDP.items(): + LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) + self.__update_container_chaining(value["keystone_project_id"]) + + @property + def authz_requests(self): + return self.__AUTHZ_REQUESTS + + def __update_pdp(self): + pdp = call("moon_manager", method="get_pdp", ctx={"user_id": "admin"}, args={}) + if not pdp["pdps"]: + LOG.info("Updating PDP through master") + pdp = call("moon_manager", method="get_pdp", + ctx={ + "user_id": "admin", + 'call_master': True + }, + args={}) + for _pdp in pdp["pdps"].values(): + if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING: + self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} + # Note (asteroide): force update of chaining + self.__update_container_chaining(_pdp['keystone_project_id']) + for key, value in pdp["pdps"].items(): + self.__PDP[key] = value + + @property + def pdp(self): + current_time = time.time() + if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_pdp() + self.__PDP_UPDATE = current_time + return self.__PDP + + def __update_policies(self): + policies = call("moon_manager", method="get_policies", ctx={"user_id": "admin"}, args={}) + for key, value in policies["policies"].items(): + self.__POLICIES[key] = value + + @property + def policies(self): + current_time = time.time() + if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_policies() + self.__POLICIES_UPDATE = current_time + return self.__POLICIES + + def __update_models(self): + models = call("moon_manager", method="get_models", ctx={"user_id": "admin"}, args={}) + for key, value in models["models"].items(): + self.__MODELS[key] = value + + @property + def models(self): + current_time = time.time() + if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_models() + self.__MODELS_UPDATE = current_time + return self.__MODELS + + def __update_container(self): + containers = call("orchestrator", method="get_container", ctx={}, args={}) + for key, value in containers["containers"].items(): + self.__CONTAINERS[key] = value + + @property + def container_chaining(self): + current_time = time.time() + if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: + for key, value in self.pdp.items(): + self.__update_container_chaining(value["keystone_project_id"]) + self.__CONTAINER_CHAINING_UPDATE = current_time + return self.__CONTAINER_CHAINING + + def __update_container_chaining(self, keystone_project_id): + container_ids = [] + for pdp_id, pdp_value, in CACHE.pdp.items(): + LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) + if pdp_value: + if pdp_value["keystone_project_id"] == keystone_project_id: + for policy_id in pdp_value["security_pipeline"]: + model_id = CACHE.policies[policy_id]['model_id'] + LOG.info("model_id = {}".format(model_id)) + LOG.info("CACHE = {}".format(CACHE.models[model_id])) + for meta_rule_id in CACHE.models[model_id]["meta_rules"]: + LOG.info("CACHE.containers = {}".format(CACHE.containers)) + for container_id, container_values, in CACHE.containers.items(): + LOG.info("container_id, container_values = {}".format(container_id, container_values)) + for container_value in container_values: + LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) + if container_value["meta_rule_id"] == meta_rule_id: + container_ids.append( + { + "container_id": container_value["container_id"], + "genre": container_value["genre"] + } + ) + break + self.__CONTAINER_CHAINING[keystone_project_id] = container_ids + + @property + def containers(self): + """intra_extensions cache + example of content : + { + "pdp_uuid1": "component_uuid1", + "pdp_uuid2": "component_uuid2", + } + :return: + """ + current_time = time.time() + if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: + self.__update_container() + self.__CONTAINERS_UPDATE = current_time + return self.__CONTAINERS + + +CACHE = Cache() + + +class AuthzRequest: + + result = None + req_max_delay = 2 + + def __init__(self, ctx, args): + self.ctx = ctx + self.args = args + self.request_id = ctx["request_id"] + if self.ctx['id'] not in CACHE.container_chaining: + LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) + # TODO (asteroide): add a better exception handler + raise Exception("Unknown Project ID {}".format(self.ctx['id'])) + self.container_chaining = CACHE.container_chaining[self.ctx['id']] + ctx["container_chaining"] = copy.deepcopy(self.container_chaining) + LOG.info("self.container_chaining={}".format(self.container_chaining)) + self.pdp_container = self.container_chaining[0]["container_id"] + self.run() + + def run(self): + notify(request_id=self.request_id, container_id=self.pdp_container, payload=self.ctx) + cpt = 0 + while cpt < self.req_max_delay*10: + time.sleep(0.1) + cpt += 1 + if CACHE.authz_requests[self.request_id]: + self.result = CACHE.authz_requests[self.request_id] + return + LOG.warning("Request {} has timed out".format(self.request_id)) + + def is_authz(self): + if not self.result: + return False + authz_results = [] + for key in self.result["pdp_set"]: + if "effect" in self.result["pdp_set"][key]: + if self.result["pdp_set"][key]["effect"] == "grant": + # the pdp is a authorization PDP and grant the request + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "passed": + # the pdp is not a authorization PDP (session or delegation) and had run normally + authz_results.append(True) + elif self.result["pdp_set"][key]["effect"] == "unset": + # the pdp is not a authorization PDP (session or delegation) and had not yep run + authz_results.append(True) + else: + # the pdp is (or not) a authorization PDP and had run badly + authz_results.append(False) + if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: + self.result["pdp_set"]["effect"] = "grant" + if self.result: + if "pdp_set" in self.result and self.result["pdp_set"]["effect"] == "grant": + return True + return False + + +class Router(object): + """ + Route requests to all components. + """ + + __version__ = "0.1.0" + cache_requests = {} + + def __init__(self, add_master_cnx): + if CONF.slave.slave_name and add_master_cnx: + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "add_slave"}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending slave name {} {}".format( + CONF.slave.slave_name, result + )) + self.slave_id = list(result['slaves'].keys())[0] + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "get_slaves"}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when receiving slave names {} {}".format( + CONF.slave.slave_name, result + )) + LOG.info("SLAVES: {}".format(result)) + + def delete(self): + if CONF.slave.slave_name and self.slave_id: + result = call('security_router', method="route", + ctx={ + "name": CONF.slave.slave_name, + "description": CONF.slave.slave_name, + "call_master": True, + "method": "delete_slave", + "id": self.slave_id}, args={}) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending slave name {} {}".format( + CONF.slave.slave_name, result + )) + LOG.info("SLAVE CONNECTION ENDED!") + LOG.info(result) + + @staticmethod + def check_pdp(ctx): + _ctx = copy.deepcopy(ctx) + keystone_id = _ctx.pop('id') + # LOG.info("_ctx {}".format(_ctx)) + ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) + # LOG.info("check_pdp {}".format(ext)) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + if CONF.slave.slave_name: + _ctx['call_master'] = True + # update from master if exist and test again + LOG.info("Need to update from master {}".format(keystone_id)) + ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + return False + else: + # Must update from Master + _ctx["keystone_id"] = keystone_id + _ctx["pdp_id"] = None + _ctx["security_pipeline"] = None + _ctx['call_master'] = False + pdp_value = {} + for pdp_id, pdp_value in ext["pdps"].items(): + if keystone_id == pdp_value["keystone_project_id"]: + _ctx["pdp_id"] = keystone_id + _ctx["security_pipeline"] = pdp_value["security_pipeline"] + break + call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) + CACHE.update() + return True + else: + # return False otherwise + return False + return True + + def send_update(self, api, ctx={}, args={}): + # TODO (asteroide): add threads here + if not CONF.slave.slave_name: + # Note (asteroide): + # if adding or setting an element: do nothing + # if updating or deleting an element: force deletion in the slave + if "update_" in api or "delete_" in api: + for slave_id, slave_dict in call("orchestrator", method="get_slaves", ctx={}, args={})['slaves'].items(): + LOG.info('send_update slave_id={}'.format(slave_id)) + LOG.info('send_update slave_dict={}'.format(slave_dict)) + ctx['method'] = api.replace("update", "delete") + # TODO (asteroide): force data_id to None to force the deletion in the slave + result = call("security_router_"+slave_dict['name'], method="route", ctx=ctx, args=args) + if "result" in result and not result["result"]: + LOG.error("An error occurred when sending update to {} {}".format( + "security_router_"+slave_dict['name'], result + )) + + def route(self, ctx, args): + """Route the request to the right endpoint + + :param ctx: dictionary depending of the real destination + :param args: dictionary depending of the real destination + :return: dictionary depending of the real destination + """ + if ctx["method"] == "get_status": + return Status().get_status(ctx=ctx, args=args) + if ctx["method"] == "get_logs": + return Logs().get_logs(ctx=ctx, args=args) + for component in API: + if ctx["method"] in API[component]: + if component == "orchestrator": + return call(component, method=ctx["method"], ctx=ctx, args=args) + if component == "manager": + result = call("moon_manager", method=ctx["method"], ctx=ctx, args=args) + if ctx["method"] == "get_pdp": + _ctx = copy.deepcopy(ctx) + _ctx["call_master"] = True + result2 = call("moon_manager", method=ctx["method"], ctx=_ctx, args=args) + result["pdps"].update(result2["pdps"]) + self.send_update(api=ctx["method"], ctx=ctx, args=args) + return result + if component == "function": + if ctx["method"] == "return_authz": + request_id = ctx["request_id"] + CACHE.authz_requests[request_id] = args + return args + elif self.check_pdp(ctx): + req_id = uuid4().hex + CACHE.authz_requests[req_id] = {} + ctx["request_id"] = req_id + req = AuthzRequest(ctx, args) + # result = copy.deepcopy(req.result) + if req.is_authz(): + return {"authz": True, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + return {"authz": False, + "error": {'code': 403, 'title': 'Authz Error', + 'description': "The authz request is refused."}, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + return {"result": False, + "error": {'code': 500, 'title': 'Moon Error', + 'description': "Function component not found."}, + "pdp_id": ctx["id"], + "ctx": ctx, "args": args} + + # TODO (asteroide): must raise an exception here ? + return {"result": False, + "error": {'code': 500, 'title': 'Moon Error', 'description': "Endpoint method not found."}, + "intra_extension_id": ctx["id"], + "ctx": ctx, "args": args} + diff --git a/moonv4/moon_router/moon_secrouter/messenger.py b/moonv4/moon_router/moon_secrouter/messenger.py new file mode 100644 index 00000000..52e5c341 --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/messenger.py @@ -0,0 +1,61 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from oslo_config import cfg +import oslo_messaging +import time +from oslo_log import log as logging +from moon_secrouter.api.generic import Status, Logs +from moon_secrouter.api.route import Router +from moon_utilities.api import APIList + +LOG = logging.getLogger(__name__) + + +class Server: + + TOPIC = "security_router" + + def __init__(self, add_master_cnx=False): + if add_master_cnx and cfg.CONF.slave.master_url: + self.transport = oslo_messaging.get_transport(cfg.CONF, cfg.CONF.slave.master_url) + self.TOPIC = self.TOPIC + "_" + cfg.CONF.slave.slave_name + else: + self.transport = oslo_messaging.get_transport(cfg.CONF) + self.target = oslo_messaging.Target(topic=self.TOPIC, server='server1') + LOG.info("Starting MQ server with topic: {}".format(self.TOPIC)) + self.endpoints = [ + APIList((Status, Logs, Router)), + Status(), + Logs(), + Router(add_master_cnx) + ] + self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, + executor='threading', + access_policy=oslo_messaging.DefaultRPCAccessPolicy) + self.__is_alive = False + + def stop(self): + self.__is_alive = False + self.endpoints[-1].delete() + + def run(self): + try: + self.__is_alive = True + self.server.start() + while True: + if self.__is_alive: + time.sleep(1) + else: + break + except KeyboardInterrupt: + print("Stopping server by crtl+c") + except SystemExit: + print("Stopping server with SystemExit") + print("Stopping server") + + self.server.stop() + self.server.wait() + diff --git a/moonv4/moon_router/moon_secrouter/server.py b/moonv4/moon_router/moon_secrouter/server.py new file mode 100644 index 00000000..16f6ea9c --- /dev/null +++ b/moonv4/moon_router/moon_secrouter/server.py @@ -0,0 +1,59 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import os +import threading +import signal +from oslo_config import cfg +from oslo_log import log as logging +from moon_utilities import options # noqa +from moon_secrouter.messenger import Server + + +class AsyncServer(threading.Thread): + + def __init__(self, add_master_cnx): + threading.Thread.__init__(self) + self.server = Server(add_master_cnx=add_master_cnx) + + def run(self): + self.server.run() + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF +DOMAIN = "moon_secrouter" + +__CWD__ = os.path.dirname(os.path.abspath(__file__)) + +background_threads = [] + + +def stop_thread(): + for _t in background_threads: + _t.stop() + + +def main(): + global background_threads + LOG.info("Starting server with IP {}".format(CONF.security_router.host)) + signal.signal(signal.SIGALRM, stop_thread) + signal.signal(signal.SIGTERM, stop_thread) + signal.signal(signal.SIGABRT, stop_thread) + background_master = None + if CONF.slave.slave_name: + background_master = AsyncServer(add_master_cnx=True) + background_threads.append(background_master) + background_slave = AsyncServer(add_master_cnx=False) + background_threads.append(background_slave) + if CONF.slave.slave_name: + background_master.start() + background_slave.start() + if CONF.slave.slave_name: + background_master.join() + background_slave.join() + + +if __name__ == '__main__': + main() diff --git a/moonv4/moon_router/requirements.txt b/moonv4/moon_router/requirements.txt new file mode 100644 index 00000000..a919c625 --- /dev/null +++ b/moonv4/moon_router/requirements.txt @@ -0,0 +1,6 @@ +kombu !=4.0.1,!=4.0.0 +oslo.messaging +oslo.config +vine +oslo.log +babel \ No newline at end of file diff --git a/moonv4/moon_router/setup.py b/moonv4/moon_router/setup.py new file mode 100644 index 00000000..0c3b61ba --- /dev/null +++ b/moonv4/moon_router/setup.py @@ -0,0 +1,47 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +from setuptools import setup, find_packages +import moon_secrouter + + +setup( + + name='moon_secrouter', + + version=moon_secrouter.__version__, + + packages=find_packages(), + + author="Thomas Duval", + + author_email="thomas.duval@orange.com", + + description="", + + long_description=open('README.rst').read(), + + # install_requires= , + + include_package_data=True, + + url='https://git.opnfv.org/cgit/moon', + + classifiers=[ + "Programming Language :: Python", + "Development Status :: 1 - Planning", + "License :: OSI Approved", + "Natural Language :: French", + "Operating System :: OS Independent", + "Programming Language :: Python :: 3", + ], + + entry_points={ + 'console_scripts': [ + 'moon_secrouter = moon_secrouter.server:main', + ], + } + +) diff --git a/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz b/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz new file mode 100644 index 00000000..14df1d47 Binary files /dev/null and b/moonv4/moon_router/tests/moon_db-0.1.0.tar.gz differ diff --git a/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz b/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz new file mode 100644 index 00000000..d3246532 Binary files /dev/null and b/moonv4/moon_router/tests/moon_policy-0.1.0.tar.gz differ diff --git a/moonv4/moon_secrouter/LICENSE b/moonv4/moon_secrouter/LICENSE deleted file mode 100644 index 4143aac2..00000000 --- a/moonv4/moon_secrouter/LICENSE +++ /dev/null @@ -1,204 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - ---- License for python-keystoneclient versions prior to 2.1 --- - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of this project nor the names of its contributors may - be used to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/moonv4/moon_secrouter/MANIFEST.in b/moonv4/moon_secrouter/MANIFEST.in deleted file mode 100644 index 1f674d50..00000000 --- a/moonv4/moon_secrouter/MANIFEST.in +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -include README.rst -include LICENSE -include setup.py -include requirements.txt diff --git a/moonv4/moon_secrouter/README.rst b/moonv4/moon_secrouter/README.rst deleted file mode 100644 index ded4e99a..00000000 --- a/moonv4/moon_secrouter/README.rst +++ /dev/null @@ -1,9 +0,0 @@ -Core module for the Moon project -================================ - -This package contains the core module for the Moon project -It is designed to provide authorization features to all OpenStack components. - -For any other information, refer to the parent project: - - https://git.opnfv.org/moon diff --git a/moonv4/moon_secrouter/doc/api-moon-secrouter.pdf b/moonv4/moon_secrouter/doc/api-moon-secrouter.pdf deleted file mode 100644 index 9ba75db0..00000000 Binary files a/moonv4/moon_secrouter/doc/api-moon-secrouter.pdf and /dev/null differ diff --git a/moonv4/moon_secrouter/doc/api.pdf b/moonv4/moon_secrouter/doc/api.pdf deleted file mode 100644 index b7d91293..00000000 Binary files a/moonv4/moon_secrouter/doc/api.pdf and /dev/null differ diff --git a/moonv4/moon_secrouter/moon_secrouter/__init__.py b/moonv4/moon_secrouter/moon_secrouter/__init__.py deleted file mode 100644 index 903c6518..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -__version__ = "0.1.0" diff --git a/moonv4/moon_secrouter/moon_secrouter/__main__.py b/moonv4/moon_secrouter/moon_secrouter/__main__.py deleted file mode 100644 index 8ec695db..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/__main__.py +++ /dev/null @@ -1,3 +0,0 @@ -from moon_secrouter.server import main - -main() diff --git a/moonv4/moon_secrouter/moon_secrouter/api/__init__.py b/moonv4/moon_secrouter/moon_secrouter/api/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/moonv4/moon_secrouter/moon_secrouter/api/generic.py b/moonv4/moon_secrouter/moon_secrouter/api/generic.py deleted file mode 100644 index d066f715..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/api/generic.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -from moon_utilities.security_functions import call - - -class Status(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def __get_status(self, ctx, args={}): - return {"status": "Running"} - - def get_status(self, ctx, args={}): - status = dict() - if "component_id" in ctx and ctx["component_id"] == "security_router": - return {"security_router": self.__get_status(ctx, args)} - elif "component_id" in ctx and ctx["component_id"]: - # TODO (dthom): check if component exist - status[ctx["component_id"]] = call(ctx["component_id"], ctx, "get_status", args=args) - else: - # TODO (dthom): must get the status of all containers - status["orchestrator"] = call("orchestrator", ctx, "get_status", args=args) - status["security_router"] = self.__get_status(ctx, args) - return status - - -class Logs(object): - """ - Retrieve the current status of all components. - """ - - __version__ = "0.1.0" - - def get_logs(self, ctx, args={}): - logs = dict() - logs["orchestrator"] = call("orchestrator", ctx, "get_logs", args=args) - # TODO (dthom): must get the logs of all containers - logs["security_router"] = {"error": "Not implemented", "ctx": ctx, "args": args} - return logs - - diff --git a/moonv4/moon_secrouter/moon_secrouter/api/route.py b/moonv4/moon_secrouter/moon_secrouter/api/route.py deleted file mode 100644 index 2a2c54bc..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/api/route.py +++ /dev/null @@ -1,467 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import copy -import time -import itertools -from uuid import uuid4 -from oslo_log import log as logging -from moon_utilities.security_functions import call, notify -from oslo_config import cfg -from moon_secrouter.api.generic import Status, Logs - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF - -API = { - "orchestrator": ( - "add_container", - "delete_container", - "add_slave", - "get_slaves", - "delete_slave" - ), - # TODO (asteroide): need to check if some of those calls need (or not) to be called "update_" - "manager": ( - "get_subject_assignments", - "set_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "set_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "set_action_assignment", - "delete_action_assignment", - "get_subject_data", - "add_subject_data", - "delete_subject_data", - "get_object_data", - "add_object_data", - "delete_object_data", - "get_action_data", - "add_action_data", - "delete_action_data", - "get_subject_categories", - "set_subject_category", - "delete_subject_category", - "get_object_categories", - "set_object_category", - "delete_object_category", - "get_action_categories", - "set_action_category", - "delete_action_category", - "add_meta_rules", - "delete_meta_rules", - "get_meta_rules", - "set_meta_rules", - "get_models", - "add_model", - "delete_model", - "update_model", - "get_pdp", - "add_pdp", - "delete_pdp", - "update_pdp", - "get_subjects", - "set_subject", - "delete_subject", - "get_objects", - "set_object", - "delete_object", - "get_actions", - "set_action", - "delete_action", - "get_policies", - "add_policy", - "delete_policy", - "update_policy", - "get_subject_assignments", - "update_subject_assignment", - "delete_subject_assignment", - "get_object_assignments", - "update_object_assignment", - "delete_object_assignment", - "get_action_assignments", - "update_action_assignment", - "delete_action_assignment", - "get_rules", - "add_rule", - "delete_rule", - "update_from_master" - ), - "function": ( - "authz", - "return_authz", - ), -} - - -class Cache(object): - - # TODO (asteroide): set cache integer in CONF file - __UPDATE_INTERVAL = 10 - - __CONTAINERS = {} - __CONTAINERS_UPDATE = 0 - - __CONTAINER_CHAINING_UPDATE = 0 - __CONTAINER_CHAINING = {} - - __PDP = {} - __PDP_UPDATE = 0 - - __POLICIES = {} - __POLICIES_UPDATE = 0 - - __MODELS = {} - __MODELS_UPDATE = 0 - - __AUTHZ_REQUESTS = {} - - def update(self, component=None): - self.__update_container() - self.__update_pdp() - self.__update_policies() - self.__update_models() - for key, value in self.__PDP.items(): - LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) - self.__update_container_chaining(value["keystone_project_id"]) - - @property - def authz_requests(self): - return self.__AUTHZ_REQUESTS - - def __update_pdp(self): - pdp = call("moon_manager", method="get_pdp", ctx={"user_id": "admin"}, args={}) - if not pdp["pdps"]: - LOG.info("Updating PDP through master") - pdp = call("moon_manager", method="get_pdp", - ctx={ - "user_id": "admin", - 'call_master': True - }, - args={}) - for _pdp in pdp["pdps"].values(): - if _pdp['keystone_project_id'] not in self.__CONTAINER_CHAINING: - self.__CONTAINER_CHAINING[_pdp['keystone_project_id']] = {} - # Note (asteroide): force update of chaining - self.__update_container_chaining(_pdp['keystone_project_id']) - for key, value in pdp["pdps"].items(): - self.__PDP[key] = value - - @property - def pdp(self): - current_time = time.time() - if self.__PDP_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_pdp() - self.__PDP_UPDATE = current_time - return self.__PDP - - def __update_policies(self): - policies = call("moon_manager", method="get_policies", ctx={"user_id": "admin"}, args={}) - for key, value in policies["policies"].items(): - self.__POLICIES[key] = value - - @property - def policies(self): - current_time = time.time() - if self.__POLICIES_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_policies() - self.__POLICIES_UPDATE = current_time - return self.__POLICIES - - def __update_models(self): - models = call("moon_manager", method="get_models", ctx={"user_id": "admin"}, args={}) - for key, value in models["models"].items(): - self.__MODELS[key] = value - - @property - def models(self): - current_time = time.time() - if self.__MODELS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_models() - self.__MODELS_UPDATE = current_time - return self.__MODELS - - def __update_container(self): - containers = call("orchestrator", method="get_container", ctx={}, args={}) - for key, value in containers["containers"].items(): - self.__CONTAINERS[key] = value - - @property - def container_chaining(self): - current_time = time.time() - if self.__CONTAINER_CHAINING_UPDATE + self.__UPDATE_INTERVAL < current_time: - for key, value in self.pdp.items(): - self.__update_container_chaining(value["keystone_project_id"]) - self.__CONTAINER_CHAINING_UPDATE = current_time - return self.__CONTAINER_CHAINING - - def __update_container_chaining(self, keystone_project_id): - container_ids = [] - for pdp_id, pdp_value, in CACHE.pdp.items(): - LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) - if pdp_value: - if pdp_value["keystone_project_id"] == keystone_project_id: - for policy_id in pdp_value["security_pipeline"]: - model_id = CACHE.policies[policy_id]['model_id'] - LOG.info("model_id = {}".format(model_id)) - LOG.info("CACHE = {}".format(CACHE.models[model_id])) - for meta_rule_id in CACHE.models[model_id]["meta_rules"]: - LOG.info("CACHE.containers = {}".format(CACHE.containers)) - for container_id, container_values, in CACHE.containers.items(): - LOG.info("container_id, container_values = {}".format(container_id, container_values)) - for container_value in container_values: - LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) - if container_value["meta_rule_id"] == meta_rule_id: - container_ids.append( - { - "container_id": container_value["container_id"], - "genre": container_value["genre"] - } - ) - break - self.__CONTAINER_CHAINING[keystone_project_id] = container_ids - - @property - def containers(self): - """intra_extensions cache - example of content : - { - "pdp_uuid1": "component_uuid1", - "pdp_uuid2": "component_uuid2", - } - :return: - """ - current_time = time.time() - if self.__CONTAINERS_UPDATE + self.__UPDATE_INTERVAL < current_time: - self.__update_container() - self.__CONTAINERS_UPDATE = current_time - return self.__CONTAINERS - - -CACHE = Cache() - - -class AuthzRequest: - - result = None - req_max_delay = 2 - - def __init__(self, ctx, args): - self.ctx = ctx - self.args = args - self.request_id = ctx["request_id"] - if self.ctx['id'] not in CACHE.container_chaining: - LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) - # TODO (asteroide): add a better exception handler - raise Exception("Unknown Project ID {}".format(self.ctx['id'])) - self.container_chaining = CACHE.container_chaining[self.ctx['id']] - ctx["container_chaining"] = copy.deepcopy(self.container_chaining) - LOG.info("self.container_chaining={}".format(self.container_chaining)) - self.pdp_container = self.container_chaining[0]["container_id"] - self.run() - - def run(self): - notify(request_id=self.request_id, container_id=self.pdp_container, payload=self.ctx) - cpt = 0 - while cpt < self.req_max_delay*10: - time.sleep(0.1) - cpt += 1 - if CACHE.authz_requests[self.request_id]: - self.result = CACHE.authz_requests[self.request_id] - return - LOG.warning("Request {} has timed out".format(self.request_id)) - - def is_authz(self): - if not self.result: - return False - authz_results = [] - for key in self.result["pdp_set"]: - if "effect" in self.result["pdp_set"][key]: - if self.result["pdp_set"][key]["effect"] == "grant": - # the pdp is a authorization PDP and grant the request - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "passed": - # the pdp is not a authorization PDP (session or delegation) and had run normally - authz_results.append(True) - elif self.result["pdp_set"][key]["effect"] == "unset": - # the pdp is not a authorization PDP (session or delegation) and had not yep run - authz_results.append(True) - else: - # the pdp is (or not) a authorization PDP and had run badly - authz_results.append(False) - if list(itertools.accumulate(authz_results, lambda x, y: x & y))[-1]: - self.result["pdp_set"]["effect"] = "grant" - if self.result: - if "pdp_set" in self.result and self.result["pdp_set"]["effect"] == "grant": - return True - return False - - -class Router(object): - """ - Route requests to all components. - """ - - __version__ = "0.1.0" - cache_requests = {} - - def __init__(self, add_master_cnx): - if CONF.slave.slave_name and add_master_cnx: - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "add_slave"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - CONF.slave.slave_name, result - )) - self.slave_id = list(result['slaves'].keys())[0] - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "get_slaves"}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when receiving slave names {} {}".format( - CONF.slave.slave_name, result - )) - LOG.info("SLAVES: {}".format(result)) - - def delete(self): - if CONF.slave.slave_name and self.slave_id: - result = call('security_router', method="route", - ctx={ - "name": CONF.slave.slave_name, - "description": CONF.slave.slave_name, - "call_master": True, - "method": "delete_slave", - "id": self.slave_id}, args={}) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending slave name {} {}".format( - CONF.slave.slave_name, result - )) - LOG.info("SLAVE CONNECTION ENDED!") - LOG.info(result) - - @staticmethod - def check_pdp(ctx): - _ctx = copy.deepcopy(ctx) - keystone_id = _ctx.pop('id') - # LOG.info("_ctx {}".format(_ctx)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - # LOG.info("check_pdp {}".format(ext)) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - if CONF.slave.slave_name: - _ctx['call_master'] = True - # update from master if exist and test again - LOG.info("Need to update from master {}".format(keystone_id)) - ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - if "error" in ext: - return False - keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) - if not ext['pdps'] or keystone_id not in keystone_id_list: - return False - else: - # Must update from Master - _ctx["keystone_id"] = keystone_id - _ctx["pdp_id"] = None - _ctx["security_pipeline"] = None - _ctx['call_master'] = False - pdp_value = {} - for pdp_id, pdp_value in ext["pdps"].items(): - if keystone_id == pdp_value["keystone_project_id"]: - _ctx["pdp_id"] = keystone_id - _ctx["security_pipeline"] = pdp_value["security_pipeline"] - break - call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) - CACHE.update() - return True - else: - # return False otherwise - return False - return True - - def send_update(self, api, ctx={}, args={}): - # TODO (asteroide): add threads here - if not CONF.slave.slave_name: - # Note (asteroide): - # if adding or setting an element: do nothing - # if updating or deleting an element: force deletion in the slave - if "update_" in api or "delete_" in api: - for slave_id, slave_dict in call("orchestrator", method="get_slaves", ctx={}, args={})['slaves'].items(): - LOG.info('send_update slave_id={}'.format(slave_id)) - LOG.info('send_update slave_dict={}'.format(slave_dict)) - ctx['method'] = api.replace("update", "delete") - # TODO (asteroide): force data_id to None to force the deletion in the slave - result = call("security_router_"+slave_dict['name'], method="route", ctx=ctx, args=args) - if "result" in result and not result["result"]: - LOG.error("An error occurred when sending update to {} {}".format( - "security_router_"+slave_dict['name'], result - )) - - def route(self, ctx, args): - """Route the request to the right endpoint - - :param ctx: dictionary depending of the real destination - :param args: dictionary depending of the real destination - :return: dictionary depending of the real destination - """ - if ctx["method"] == "get_status": - return Status().get_status(ctx=ctx, args=args) - if ctx["method"] == "get_logs": - return Logs().get_logs(ctx=ctx, args=args) - for component in API: - if ctx["method"] in API[component]: - if component == "orchestrator": - return call(component, method=ctx["method"], ctx=ctx, args=args) - if component == "manager": - result = call("moon_manager", method=ctx["method"], ctx=ctx, args=args) - if ctx["method"] == "get_pdp": - _ctx = copy.deepcopy(ctx) - _ctx["call_master"] = True - result2 = call("moon_manager", method=ctx["method"], ctx=_ctx, args=args) - result["pdps"].update(result2["pdps"]) - self.send_update(api=ctx["method"], ctx=ctx, args=args) - return result - if component == "function": - if ctx["method"] == "return_authz": - request_id = ctx["request_id"] - CACHE.authz_requests[request_id] = args - return args - elif self.check_pdp(ctx): - req_id = uuid4().hex - CACHE.authz_requests[req_id] = {} - ctx["request_id"] = req_id - req = AuthzRequest(ctx, args) - # result = copy.deepcopy(req.result) - if req.is_authz(): - return {"authz": True, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"authz": False, - "error": {'code': 403, 'title': 'Authz Error', - 'description': "The authz request is refused."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', - 'description': "Function component not found."}, - "pdp_id": ctx["id"], - "ctx": ctx, "args": args} - - # TODO (asteroide): must raise an exception here ? - return {"result": False, - "error": {'code': 500, 'title': 'Moon Error', 'description': "Endpoint method not found."}, - "intra_extension_id": ctx["id"], - "ctx": ctx, "args": args} - diff --git a/moonv4/moon_secrouter/moon_secrouter/messenger.py b/moonv4/moon_secrouter/moon_secrouter/messenger.py deleted file mode 100644 index 52e5c341..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/messenger.py +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from oslo_config import cfg -import oslo_messaging -import time -from oslo_log import log as logging -from moon_secrouter.api.generic import Status, Logs -from moon_secrouter.api.route import Router -from moon_utilities.api import APIList - -LOG = logging.getLogger(__name__) - - -class Server: - - TOPIC = "security_router" - - def __init__(self, add_master_cnx=False): - if add_master_cnx and cfg.CONF.slave.master_url: - self.transport = oslo_messaging.get_transport(cfg.CONF, cfg.CONF.slave.master_url) - self.TOPIC = self.TOPIC + "_" + cfg.CONF.slave.slave_name - else: - self.transport = oslo_messaging.get_transport(cfg.CONF) - self.target = oslo_messaging.Target(topic=self.TOPIC, server='server1') - LOG.info("Starting MQ server with topic: {}".format(self.TOPIC)) - self.endpoints = [ - APIList((Status, Logs, Router)), - Status(), - Logs(), - Router(add_master_cnx) - ] - self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints, - executor='threading', - access_policy=oslo_messaging.DefaultRPCAccessPolicy) - self.__is_alive = False - - def stop(self): - self.__is_alive = False - self.endpoints[-1].delete() - - def run(self): - try: - self.__is_alive = True - self.server.start() - while True: - if self.__is_alive: - time.sleep(1) - else: - break - except KeyboardInterrupt: - print("Stopping server by crtl+c") - except SystemExit: - print("Stopping server with SystemExit") - print("Stopping server") - - self.server.stop() - self.server.wait() - diff --git a/moonv4/moon_secrouter/moon_secrouter/server.py b/moonv4/moon_secrouter/moon_secrouter/server.py deleted file mode 100644 index 16f6ea9c..00000000 --- a/moonv4/moon_secrouter/moon_secrouter/server.py +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -import os -import threading -import signal -from oslo_config import cfg -from oslo_log import log as logging -from moon_utilities import options # noqa -from moon_secrouter.messenger import Server - - -class AsyncServer(threading.Thread): - - def __init__(self, add_master_cnx): - threading.Thread.__init__(self) - self.server = Server(add_master_cnx=add_master_cnx) - - def run(self): - self.server.run() - -LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = "moon_secrouter" - -__CWD__ = os.path.dirname(os.path.abspath(__file__)) - -background_threads = [] - - -def stop_thread(): - for _t in background_threads: - _t.stop() - - -def main(): - global background_threads - LOG.info("Starting server with IP {}".format(CONF.security_router.host)) - signal.signal(signal.SIGALRM, stop_thread) - signal.signal(signal.SIGTERM, stop_thread) - signal.signal(signal.SIGABRT, stop_thread) - background_master = None - if CONF.slave.slave_name: - background_master = AsyncServer(add_master_cnx=True) - background_threads.append(background_master) - background_slave = AsyncServer(add_master_cnx=False) - background_threads.append(background_slave) - if CONF.slave.slave_name: - background_master.start() - background_slave.start() - if CONF.slave.slave_name: - background_master.join() - background_slave.join() - - -if __name__ == '__main__': - main() diff --git a/moonv4/moon_secrouter/requirements.txt b/moonv4/moon_secrouter/requirements.txt deleted file mode 100644 index a919c625..00000000 --- a/moonv4/moon_secrouter/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -kombu !=4.0.1,!=4.0.0 -oslo.messaging -oslo.config -vine -oslo.log -babel \ No newline at end of file diff --git a/moonv4/moon_secrouter/setup.py b/moonv4/moon_secrouter/setup.py deleted file mode 100644 index 0c3b61ba..00000000 --- a/moonv4/moon_secrouter/setup.py +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. - -from setuptools import setup, find_packages -import moon_secrouter - - -setup( - - name='moon_secrouter', - - version=moon_secrouter.__version__, - - packages=find_packages(), - - author="Thomas Duval", - - author_email="thomas.duval@orange.com", - - description="", - - long_description=open('README.rst').read(), - - # install_requires= , - - include_package_data=True, - - url='https://git.opnfv.org/cgit/moon', - - classifiers=[ - "Programming Language :: Python", - "Development Status :: 1 - Planning", - "License :: OSI Approved", - "Natural Language :: French", - "Operating System :: OS Independent", - "Programming Language :: Python :: 3", - ], - - entry_points={ - 'console_scripts': [ - 'moon_secrouter = moon_secrouter.server:main', - ], - } - -) diff --git a/moonv4/moon_secrouter/tests/moon_db-0.1.0.tar.gz b/moonv4/moon_secrouter/tests/moon_db-0.1.0.tar.gz deleted file mode 100644 index 14df1d47..00000000 Binary files a/moonv4/moon_secrouter/tests/moon_db-0.1.0.tar.gz and /dev/null differ diff --git a/moonv4/moon_secrouter/tests/moon_policy-0.1.0.tar.gz b/moonv4/moon_secrouter/tests/moon_policy-0.1.0.tar.gz deleted file mode 100644 index d3246532..00000000 Binary files a/moonv4/moon_secrouter/tests/moon_policy-0.1.0.tar.gz and /dev/null differ diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog index c91a0385..bd049b14 100644 --- a/moonv4/moon_utilities/Changelog +++ b/moonv4/moon_utilities/Changelog @@ -19,3 +19,6 @@ CHANGES ----- - Update setup.py to force the installation of requirements. +1.0.2 +----- +- Test PyPi upload \ No newline at end of file diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py index 2249a1b6..b254b246 100644 --- a/moonv4/moon_utilities/moon_utilities/__init__.py +++ b/moonv4/moon_utilities/moon_utilities/__init__.py @@ -3,4 +3,4 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.0.1" +__version__ = "1.0.2" diff --git a/moonv4/templates/moon_keystone/README.md b/moonv4/templates/moon_keystone/README.md index 77c90e98..cf77a74a 100644 --- a/moonv4/templates/moon_keystone/README.md +++ b/moonv4/templates/moon_keystone/README.md @@ -13,7 +13,7 @@ docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=ht ``` -## set up an execution environment +## Setup an execution environment ### clean up if necessary ```bash -- cgit 1.2.3-korg