1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
# This software is distributed under the terms and conditions of the 'Apache-2.0'
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
"""
Authz is the endpoint to get authorization response
"""
from uuid import uuid4
import time
from flask_restful import Resource
from oslo_log import log as logging
from moon_utilities.security_functions import call
__version__ = "0.1.0"
LOG = logging.getLogger("moon.interface.api." + __name__)
class Authz(Resource):
"""
Endpoint for authz requests
"""
__urls__ = ("/authz/<string:uuid>/<string:subject_name>/<string:object_name>/<string:action_name>", )
def get(self, uuid=None, subject_name=None, object_name=None, action_name=None):
"""Get a response on an authorization request
:param uuid: uuid of a tenant or an intra_extension
:param subject_name: name of the subject or the request
:param object_name: name of the object
:param action_name: name of the action
:return: {
"args": {},
"ctx": {
"action_name": "4567",
"id": "123456",
"method": "authz",
"object_name": "234567",
"subject_name": "123456",
"user_id": "admin"
},
"error": {
"code": 500,
"description": "",
"title": "Moon Error"
},
"intra_extension_id": "123456",
"result": false
}
:internal_api: authz
"""
# Note (asteroide): user_id default to admin to be able to read the database
# it would be better to have a read-only user.
start_time = time.time()
result = call("security_router", ctx={"id": uuid,
"call_master": False,
"method": "authz",
"subject_name": subject_name,
"object_name": object_name,
"action_name": action_name,
"user_id": "admin",
"request_id": uuid4().hex}, args={})
end_time = time.time()
result['time'] = {"start": start_time, "end": end_time}
return result
|
