From 9519d179cda8734fa0890d136c4bd2019bb7ddc4 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Mon, 6 Nov 2017 14:02:18 +0100 Subject: Fix the bug on the connection between interface and authz. Change-Id: Iea2f763fb2cfb90250be76d91cb2fe0e9b481716 --- .../moon_orchestrator/api/pods.py | 11 ++++++- .../moon_orchestrator/moon_orchestrator/drivers.py | 24 +++++++------- .../moon_orchestrator/http_server.py | 37 ++++++++++++++++------ 3 files changed, 49 insertions(+), 23 deletions(-) (limited to 'moonv4/moon_orchestrator') diff --git a/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py b/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py index a7ca1cbc..c5c5b2c4 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/api/pods.py @@ -25,6 +25,7 @@ class Pods(Resource): def __init__(self, **kwargs): self.driver = kwargs.get("driver") + self.create_security_function = kwargs.get("create_security_function_hook") @check_auth def get(self, uuid=None, user_id=None): @@ -72,7 +73,15 @@ class Pods(Resource): } } """ - return {"pods": None} + LOG.info("POST param={}".format(request.json)) + self.create_security_function( + request.json.get("keystone_project_id"), + request.json.get("pdp_id"), + request.json.get("security_pipeline"), + manager_data=request.json, + active_context=None, + active_context_name=None) + return {"pods": self.driver.get_pods(request.json.get("pdp_id"))} @check_auth def delete(self, uuid=None, user_id=None): diff --git a/moonv4/moon_orchestrator/moon_orchestrator/drivers.py b/moonv4/moon_orchestrator/moon_orchestrator/drivers.py index 63631c00..63ca8f3c 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/drivers.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/drivers.py @@ -8,14 +8,14 @@ import logging import urllib3.exceptions from moon_utilities import configuration -logger = logging.getLogger("moon.orchestrator.drivers") +LOG = logging.getLogger("moon.orchestrator.drivers") def get_driver(): try: return K8S() except urllib3.exceptions.MaxRetryError as e: - logger.exception(e) + LOG.exception(e) return Docker() @@ -60,12 +60,12 @@ class K8S(Driver): if name: pods = self.client.list_pod_for_all_namespaces(watch=False) for pod in pods.items: - logger.info("get_pods {}".format(pod.metadata.name)) + LOG.info("get_pods {}".format(pod.metadata.name)) if name in pod.metadata.name: return pod else: return None - logger.info("get_pods cache={}".format(self.cache)) + LOG.info("get_pods cache={}".format(self.cache)) return self.cache @staticmethod @@ -101,7 +101,7 @@ class K8S(Driver): {'name': "TYPE", "value": _data.get('genre', "None")}, {'name': "PORT", "value": str(_data.get('port', 80))}, {'name': "PDP_ID", "value": _data.get('pdp_id', "None")}, - {'name': "META_RULE_ID", "value": "None"}, + {'name': "META_RULE_ID", "value": _data.get('meta_rule_id', "None")}, {'name': "KEYSTONE_PROJECT_ID", "value": _data.get('keystone_project_id', "None")}, ] @@ -109,7 +109,7 @@ class K8S(Driver): ) resp = client.create_namespaced_deployment(body=pod_manifest, namespace='moon') - logger.info("Pod {} created!".format(data[0].get('name'))) + LOG.info("Pod {} created!".format(data[0].get('name'))) # logger.info(yaml.dump(pod_manifest, sys.stdout)) # logger.info(resp) return resp @@ -131,7 +131,7 @@ class K8S(Driver): 'selector': { 'app': data.get('name') }, - 'type': 'NodePort', + # 'type': 'NodePort', 'endpoints': [{ 'port': data.get('port', 80), 'protocol': 'TCP', @@ -144,7 +144,7 @@ class K8S(Driver): service_manifest['spec']['type'] = "NodePort" resp = client.create_namespaced_service(namespace="moon", body=service_manifest) - logger.info("Service {} created!".format(data.get('name'))) + LOG.info("Service {} created!".format(data.get('name'))) return resp def load_pod(self, data, api_client=None, ext_client=None, expose=False): @@ -152,12 +152,12 @@ class K8S(Driver): pod = self.__create_pod(client=ext_client, data=data) service = self.__create_service(client=_client, data=data[0], expose=expose) - # logger.info("load_poad data={}".format(data)) + # logger.info("load_pod data={}".format(data)) # logger.info("pod.metadata.uid={}".format(pod.metadata.uid)) self.cache[pod.metadata.uid] = data def delete_pod(self, uuid=None, name=None): - logger.info("Deleting pod {}".format(uuid)) + LOG.info("Deleting pod {}".format(uuid)) # TODO: delete_namespaced_deployment # https://github.com/kubernetes-incubator/client-python/blob/master/kubernetes/client/apis/extensions_v1beta1_api.py @@ -169,9 +169,9 @@ class K8S(Driver): class Docker(Driver): def load_pod(self, data, api_client=None, ext_client=None): - logger.info("Creating pod {}".format(data[0].get('name'))) + LOG.info("Creating pod {}".format(data[0].get('name'))) raise NotImplementedError def delete_pod(self, uuid=None, name=None): - logger.info("Deleting pod {}".format(uuid)) + LOG.info("Deleting pod {}".format(uuid)) raise NotImplementedError diff --git a/moonv4/moon_orchestrator/moon_orchestrator/http_server.py b/moonv4/moon_orchestrator/moon_orchestrator/http_server.py index 70c5e2d2..c9816f5b 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/http_server.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/http_server.py @@ -154,6 +154,8 @@ class HTTPServer(Server): self.api.add_resource(Pods, *Pods.__urls__, resource_class_kwargs={ "driver": self.driver, + "create_security_function_hook": + self.create_security_function, }) def run(self): @@ -190,7 +192,8 @@ class HTTPServer(Server): LOG.debug('wrapper pod={}'.format(pod)) def create_security_function(self, keystone_project_id, - pdp_id, policy_ids, active_context=None, + pdp_id, policy_ids, manager_data={}, + active_context=None, active_context_name=None): """ Create security functions @@ -203,13 +206,14 @@ class HTTPServer(Server): security function in all context (ie, in all slaves) :return: None """ - LOG.debug(self.driver.get_pods()) + # LOG.info(self.driver.get_pods()) for key, value in self.driver.get_pods().items(): for _pod in value: if _pod.get('keystone_project_id') == keystone_project_id: LOG.warning("A pod for this Keystone project {} " "already exists.".format(keystone_project_id)) return + plugins = configuration.get_plugins() conf = configuration.get_configuration("components/interface") i_hostname = conf["components/interface"].get("hostname", "interface") @@ -228,12 +232,21 @@ class HTTPServer(Server): "namespace": "moon" }, ] - policies = requests.get("http://{}:{}/policies".format( - self.manager_hostname, self.manager_port)).json().get( - "policies", dict()) - models = requests.get("http://{}:{}/models".format( - self.manager_hostname, self.manager_port)).json().get( - "models", dict()) + LOG.info("data={}".format(data)) + policies = manager_data.get('policies') + if not policies: + LOG.info("No policy data from Manager, trying to get them") + policies = requests.get("http://{}:{}/policies".format( + self.manager_hostname, self.manager_port)).json().get( + "policies", dict()) + LOG.info("policies={}".format(policies)) + models = manager_data.get('models') + if not models: + LOG.info("No models data from Manager, trying to get them") + models = requests.get("http://{}:{}/models".format( + self.manager_hostname, self.manager_port)).json().get( + "models", dict()) + LOG.info("models={}".format(models)) for policy_id in policy_ids: if policy_id in policies: @@ -251,7 +264,10 @@ class HTTPServer(Server): 'keystone_project_id': keystone_project_id, "namespace": "moon" }) + LOG.info("data={}".format(data)) contexts, _active_context = self.driver.get_slaves() + LOG.info("active_context_name={}".format(active_context_name)) + LOG.info("active_context={}".format(active_context)) if active_context_name: for _context in contexts: if _context["name"] == active_context_name: @@ -264,13 +280,14 @@ class HTTPServer(Server): LOG.debug("_config={}".format(_config)) api_client = client.CoreV1Api(_config) ext_client = client.ExtensionsV1beta1Api(_config) - self.driver.load_pod(data, api_client, ext_client) + self.driver.load_pod(data, api_client, ext_client, expose=False) return + LOG.info("contexts={}".format(contexts)) for _ctx in contexts: _config = config.new_client_from_config(context=_ctx['name']) LOG.debug("_config={}".format(_config)) api_client = client.CoreV1Api(_config) ext_client = client.ExtensionsV1beta1Api(_config) - self.driver.load_pod(data, api_client, ext_client) + self.driver.load_pod(data, api_client, ext_client, expose=False) -- cgit 1.2.3-korg