From aba2806d6c399c89be0af2617267e75331d217d9 Mon Sep 17 00:00:00 2001 From: asteroide Date: Wed, 28 Jun 2017 15:23:40 +0200 Subject: Update code for master-slave communications Change-Id: Ic605fb25a68bfe1c9a197eb502704c25a9caef86 --- moonv4/moon_secrouter/moon_secrouter/api/route.py | 55 ++++++++++++++++++++--- moonv4/moon_secrouter/requirements.txt | 3 +- 2 files changed, 52 insertions(+), 6 deletions(-) (limited to 'moonv4/moon_secrouter') diff --git a/moonv4/moon_secrouter/moon_secrouter/api/route.py b/moonv4/moon_secrouter/moon_secrouter/api/route.py index 7cce1353..28a9a65f 100644 --- a/moonv4/moon_secrouter/moon_secrouter/api/route.py +++ b/moonv4/moon_secrouter/moon_secrouter/api/route.py @@ -88,7 +88,8 @@ API = { "delete_action_assignment", "get_rules", "add_rule", - "delete_rule" + "delete_rule", + "update_from_master" ), "function": ( "authz", @@ -125,6 +126,7 @@ class Cache(object): self.__update_policies() self.__update_models() for key, value in self.__PDP.items(): + LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"])) self.__update_container_chaining(value["keystone_project_id"]) @property @@ -192,13 +194,19 @@ class Cache(object): def __update_container_chaining(self, keystone_project_id): container_ids = [] for pdp_id, pdp_value, in CACHE.pdp.items(): + LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value)) if pdp_value: if pdp_value["keystone_project_id"] == keystone_project_id: for policy_id in pdp_value["security_pipeline"]: model_id = CACHE.policies[policy_id]['model_id'] + LOG.info("model_id = {}".format(model_id)) + LOG.info("CACHE = {}".format(CACHE.models[model_id])) for meta_rule_id in CACHE.models[model_id]["meta_rules"]: + LOG.info("CACHE.containers = {}".format(CACHE.containers)) for container_id, container_values, in CACHE.containers.items(): + LOG.info("container_id, container_values = {}".format(container_id, container_values)) for container_value in container_values: + LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id)) if container_value["meta_rule_id"] == meta_rule_id: container_ids.append( { @@ -238,8 +246,13 @@ class AuthzRequest: self.ctx = ctx self.args = args self.request_id = ctx["request_id"] + if self.ctx['id'] not in CACHE.container_chaining: + LOG.warning("Unknown Project ID {}".format(self.ctx['id'])) + # TODO (asteroide): add a better exception handler + raise Exception("Unknown Project ID {}".format(self.ctx['id'])) self.container_chaining = CACHE.container_chaining[self.ctx['id']] ctx["container_chaining"] = copy.deepcopy(self.container_chaining) + LOG.info("self.container_chaining={}".format(self.container_chaining)) self.pdp_container = self.container_chaining[0]["container_id"] self.run() @@ -332,11 +345,43 @@ class Router(object): @staticmethod def check_pdp(ctx): _ctx = copy.deepcopy(ctx) - if CONF.slave.slave_name: - _ctx['call_master'] = True + keystone_id = _ctx.pop('id') + # LOG.info("_ctx {}".format(_ctx)) ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) - if "error" not in ext: - return True + # LOG.info("check_pdp {}".format(ext)) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + if CONF.slave.slave_name: + _ctx['call_master'] = True + # update from master if exist and test again + LOG.info("Need to update from master {}".format(keystone_id)) + ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={}) + if "error" in ext: + return False + keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values()) + if not ext['pdps'] or keystone_id not in keystone_id_list: + return False + else: + # Must update from Master + _ctx["keystone_id"] = keystone_id + _ctx["pdp_id"] = None + _ctx["security_pipeline"] = None + _ctx['call_master'] = False + pdp_value = {} + for pdp_id, pdp_value in ext["pdps"].items(): + if keystone_id == pdp_value["keystone_project_id"]: + _ctx["pdp_id"] = keystone_id + _ctx["security_pipeline"] = pdp_value["security_pipeline"] + break + call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value) + CACHE.update() + return True + else: + # return False otherwise + return False + return True def send_update(self, api, ctx={}, args={}): # TODO (asteroide): add threads here diff --git a/moonv4/moon_secrouter/requirements.txt b/moonv4/moon_secrouter/requirements.txt index 3b684f8d..a919c625 100644 --- a/moonv4/moon_secrouter/requirements.txt +++ b/moonv4/moon_secrouter/requirements.txt @@ -2,4 +2,5 @@ kombu !=4.0.1,!=4.0.0 oslo.messaging oslo.config vine -oslo.log \ No newline at end of file +oslo.log +babel \ No newline at end of file -- cgit 1.2.3-korg