From daa1d92e31d2f683ebb52486810676fdc60e1912 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Sun, 29 Oct 2017 21:09:22 +0100 Subject: Delete wrapper API and use Kubernetes instead of Docker Change-Id: I803b8ad92ac7261d0fb41f43337221d41c8261e9 --- moonv4/moon_interface/Dockerfile | 1 + moonv4/moon_interface/moon_interface/api/authz.py | 80 -------------- .../moon_interface/moon_interface/api/generic.py | 26 +---- .../moon_interface/moon_interface/api/wrapper.py | 120 --------------------- .../moon_interface/moon_interface/http_server.py | 9 -- moonv4/moon_interface/requirements.txt | 5 - 6 files changed, 4 insertions(+), 237 deletions(-) delete mode 100644 moonv4/moon_interface/moon_interface/api/wrapper.py (limited to 'moonv4') diff --git a/moonv4/moon_interface/Dockerfile b/moonv4/moon_interface/Dockerfile index de5447b6..1bc7e87c 100644 --- a/moonv4/moon_interface/Dockerfile +++ b/moonv4/moon_interface/Dockerfile @@ -6,6 +6,7 @@ RUN pip3 install moon_utilities moon_db pip --upgrade ADD . /root WORKDIR /root/ RUN pip3 install -r requirements.txt --upgrade +RUN pip3 install /root/dist/* --upgrade RUN pip3 install . CMD ["python3", "-m", "moon_interface"] \ No newline at end of file diff --git a/moonv4/moon_interface/moon_interface/api/authz.py b/moonv4/moon_interface/moon_interface/api/authz.py index 3847cc73..c9f4697f 100644 --- a/moonv4/moon_interface/moon_interface/api/authz.py +++ b/moonv4/moon_interface/moon_interface/api/authz.py @@ -14,9 +14,7 @@ import requests import time from uuid import uuid4 -from moon_interface.containers import DockerManager from moon_interface.authz_requests import AuthzRequest -from moon_utilities import configuration __version__ = "0.1.0" @@ -80,78 +78,6 @@ def container_exist(cache, uuid): return -def build_container(cache, manager_url, uuid, meta_rule_id, plugin_name="authz"): - """Create the container and update the cache with the given perimeter elements - - :param cache: Cache to use - :param manager_url: URL of the manager - :param uuid: Keystone Project ID - :param meta_rule_id: UUID of the meta_rule - :param plugin_name: name of the plugin to use - :return: True or False - """ - LOG.info("Building a new container for {}".format(plugin_name)) - manager = DockerManager() - tcp_port = configuration.increment_port() - container_name = configuration.get_plugins()[plugin_name]['container'] - name = "{}_{}".format(plugin_name, uuid4().hex) - policy_id = cache.get_policy_from_meta_rules(meta_rule_id) - container_data = { - "name": name, - "hostname": name, - "port": { - "PrivatePort": tcp_port, - "Type": "tcp", - "IP": "0.0.0.0", - "PublicPort": tcp_port - }, - "keystone_project_id": uuid, - "pdp_id": cache.get_pdp_from_keystone_project(uuid), - "meta_rule_id": meta_rule_id, - "policy_id": policy_id, - "container_name": container_name, - "plugin_name": plugin_name - } - container = manager.create_container(container_data) - container_data['container_id'] = container.id - container_data['port']["IP"] = container.ip - container_data['start_time'] = time.time() - req = requests.post("{}/containers".format(manager_url), - json=container_data) - if req.status_code == 200: - cache.add_container(container_data) - return True - - -def create_containers(cache, manager_url, uuid, plugin_name="authz"): - """Create the container and update the cache with the given perimeter elements - - :param cache: Cache to use - :param manager_url: URL of the manager - :param uuid: Keystone Project ID - :param plugin_name: name of the plugin to use - :return: True or False - """ - LOG.info("Need to create some containers for {}".format(uuid)) - for pdp_id, pdp_value in cache.pdp.items(): - LOG.info("pdp {}".format(pdp_value)) - if uuid == pdp_value.get("keystone_project_id", ""): - LOG.info("uuid {}".format(uuid)) - for policy_id in pdp_value.get("security_pipeline", []): - LOG.info("policy {}".format(policy_id)) - model_id = cache.policies[policy_id]["model_id"] - model_value = cache.models[model_id] - for meta_rule_id in model_value["meta_rules"]: - LOG.info("meta_rule {}".format(meta_rule_id)) - build_container( - cache=cache, - uuid=uuid, - manager_url=manager_url, - meta_rule_id=meta_rule_id, - plugin_name=plugin_name) - return - - def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name): """Create the authorization request and make the first call to the Authz function @@ -230,12 +156,6 @@ class Authz(Resource): "result": False, "message": "Unknown Project ID or " "Project ID is not bind to a PDP."}, 403 - if not container_exist(self.CACHE, uuid): - create_containers( - cache=self.CACHE, - uuid=uuid, - manager_url=self.MANAGER_URL, - plugin_name="authz") authz_request = create_authz_request( cache=self.CACHE, uuid=uuid, diff --git a/moonv4/moon_interface/moon_interface/api/generic.py b/moonv4/moon_interface/moon_interface/api/generic.py index 80e8abff..702f33cf 100644 --- a/moonv4/moon_interface/moon_interface/api/generic.py +++ b/moonv4/moon_interface/moon_interface/api/generic.py @@ -7,8 +7,7 @@ Those API are helping API used to manage the Moon platform. """ from flask_restful import Resource, request -from oslo_log import log as logging -from moon_utilities.security_functions import call +import logging import moon_interface.api from moon_utilities.security_functions import check_auth @@ -36,7 +35,7 @@ class Status(Resource): } } """ - return call("security_router", method="get_status", ctx={"component_id": component_id}) + raise NotImplemented class Logs(Resource): @@ -71,7 +70,7 @@ class Logs(Resource): args["to"] = to_str args["event_number"] = event_number - return call("security_router", method="get_logs", ctx={"component_id": component_id}, args=args) + raise NotImplemented class API(Resource): @@ -130,22 +129,3 @@ class API(Resource): return {"error": "Unknown endpoint_id {}".format(endpoint_id)} return {group_id: api_desc[group_id]} return api_desc - - -class InternalAPI(Resource): - """ - Endpoint for status requests - """ - - __urls__ = ("/internal_api", "/internal_api/", "/internal_api/") - - def get(self, component_id=None, user_id=""): - api_list = ("orchestrator", "security_router") - if not component_id: - return {"api": api_list} - if component_id in api_list: - api_desc = dict() - api_desc["name"] = component_id - api_desc["endpoints"] = call("security_router", component_id, {}, "list_api") - return api_desc - diff --git a/moonv4/moon_interface/moon_interface/api/wrapper.py b/moonv4/moon_interface/moon_interface/api/wrapper.py deleted file mode 100644 index 5ba5779f..00000000 --- a/moonv4/moon_interface/moon_interface/api/wrapper.py +++ /dev/null @@ -1,120 +0,0 @@ -# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors -# This software is distributed under the terms and conditions of the 'Apache-2.0' -# license which can be found in the file 'LICENSE' in this package distribution -# or at 'http://www.apache.org/licenses/LICENSE-2.0'. -""" -Authz is the endpoint to get authorization response -""" - -import flask -from flask import request -from flask_restful import Resource -import logging -import json -import requests -import time -from uuid import uuid4 - -from moon_interface.api.authz import pdp_in_cache, pdp_in_manager, container_exist, \ - create_containers, create_authz_request -from moon_interface.authz_requests import AuthzRequest -from moon_utilities import configuration - -__version__ = "0.1.0" - -LOG = logging.getLogger("moon.interface.api." + __name__) - - -class Wrapper(Resource): - """ - Endpoint for authz requests - """ - - __urls__ = ( - "/authz/wrapper", - "/authz/wrapper/", - ) - - def __init__(self, **kwargs): - self.port = kwargs.get("port") - self.CACHE = kwargs.get("cache", {}) - self.INTERFACE_NAME = kwargs.get("interface_name", "interface") - self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080") - self.TIMEOUT = 5 - - def get(self): - LOG.info("GET") - return self.manage_data() - - def post(self): - LOG.info("POST {}".format(request.form)) - response = flask.make_response("False") - if self.manage_data(): - response = flask.make_response("True") - response.headers['content-type'] = 'application/octet-stream' - return response - - @staticmethod - def __get_subject(target, credentials): - _subject = target.get("user_id", "") - if not _subject: - _subject = credentials.get("user_id", "none") - return _subject - - @staticmethod - def __get_object(target, credentials): - try: - # note: case of Glance - return target['target']['name'] - except KeyError: - pass - - # note: default case - return target.get("project_id", "none") - - @staticmethod - def __get_project_id(target, credentials): - return target.get("project_id", "none") - - def manage_data(self): - target = json.loads(request.form.get('target', {})) - credentials = json.loads(request.form.get('credentials', {})) - rule = request.form.get('rule', "") - _subject = self.__get_subject(target, credentials) - _object = self.__get_object(target, credentials) - _project_id = self.__get_project_id(target, credentials) - LOG.info("GET with args project={} / " - "subject={} - object={} - action={}".format( - _project_id, _subject, _object, rule)) - pdp_id, pdp_value = pdp_in_cache(self.CACHE, _project_id) - if not pdp_id: - pdp_id, pdp_value = pdp_in_manager(self.CACHE, _project_id) - if not pdp_id: - LOG.error("Unknown Project ID or " - "Project ID is not bind to a PDP.") - return False - if not container_exist(self.CACHE, _project_id): - create_containers(self.CACHE, _project_id, self.MANAGER_URL, - plugin_name="authz") - authz_request = create_authz_request( - cache=self.CACHE, - uuid=_project_id, - interface_name=self.INTERFACE_NAME, - manager_url=self.MANAGER_URL, - subject_name=_subject, - object_name=_object, - action_name=rule) - cpt = 0 - while True: - LOG.info("Wait") - if cpt > self.TIMEOUT*10: - LOG.error("Authz request had timed out.") - return False - if authz_request.is_authz(): - if authz_request.final_result == "Grant": - LOG.info("Grant") - return True - LOG.info("Deny") - return False - cpt += 1 - time.sleep(0.1) diff --git a/moonv4/moon_interface/moon_interface/http_server.py b/moonv4/moon_interface/moon_interface/http_server.py index d7f8469c..387699f8 100644 --- a/moonv4/moon_interface/moon_interface/http_server.py +++ b/moonv4/moon_interface/moon_interface/http_server.py @@ -10,7 +10,6 @@ import logging from moon_interface import __version__ from moon_interface.api.generic import Status, Logs, API from moon_interface.api.authz import Authz -from moon_interface.api.wrapper import Wrapper from moon_interface.authz_requests import CACHE from moon_utilities import configuration, exceptions @@ -123,14 +122,6 @@ class HTTPServer(Server): for api in __API__: self.api.add_resource(api, *api.__urls__) - self.api.add_resource(Wrapper, *Wrapper.__urls__, - resource_class_kwargs={ - "port": self.port, - "cache": CACHE, - "interface_name": self.host, - "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port), - } - ) self.api.add_resource(Authz, *Authz.__urls__, resource_class_kwargs={ "cache": CACHE, diff --git a/moonv4/moon_interface/requirements.txt b/moonv4/moon_interface/requirements.txt index ee4b455e..36332aa4 100644 --- a/moonv4/moon_interface/requirements.txt +++ b/moonv4/moon_interface/requirements.txt @@ -1,9 +1,4 @@ -kombu !=4.0.1,!=4.0.0 -oslo.messaging -oslo.config -vine flask flask_restful flask_cors -babel moon_utilities \ No newline at end of file -- cgit 1.2.3-korg