moonv4/moon_orchestrator/moon_orchestrator/api/containers.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
# This software is distributed under the terms and conditions of the 'Apache-2.0'
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.

import hashlib
from oslo_config import cfg
from oslo_log import log as logging
# from moon_db.core import IntraExtensionRootManager
# from moon_db.core import ConfigurationManager
from moon_utilities.security_functions import call

LOG = logging.getLogger("moon.orchestrator.api.containers")
CONF = cfg.CONF


class Containers(object):
    """
    Manage containers.
    """

    __version__ = "0.1.0"

    def __init__(self, docker_manager):
        self.docker_manager = docker_manager
        self.components = dict()
        for pdp_key, pdp_value in call("moon_manager", method="get_pdp",
                                       ctx={"user_id": "admin", "id": None})["pdps"].items():
            self.add_container(ctx={"id": pdp_key, "pipeline": pdp_value["security_pipeline"]})

    def get_container(self, ctx, args=None):
        """Get containers linked to an intra-extension

        :param ctx: {
            "id": "intra_extension_uuid",
            "keystone_project_id": "Keystone Project UUID"
        }    
        :param args: {}
        :return: {
            "containers": {...},
        }
        """
        uuid = ctx.get("id")
        keystone_project_id = ctx.get("keystone_project_id")
        # _containers = self.docker_manager.get_component(uuid=uuid)
        # LOG.info("containers={}".format(_containers))
        if uuid:
            return self.components[uuid]
        elif keystone_project_id:
            for container_id, container_value in self.components.items():
                if container_value['keystone_project_id'] == keystone_project_id:
                    return {container_id: container_value}
            else:
                return {}
        return {"containers": self.components}

    def add_container(self, ctx, args=None):
        """Add containers

        :param ctx: {"id": "intra_extension_uuid"}
        :param args: {}
        :return: {
            "container_id1": {"status": True},
            "container_id2": {"status": True},
        }
        """
        LOG.info("add_container {}".format(ctx))
        pdp = call("moon_manager", method="get_pdp",
                   ctx={"user_id": "admin", "id": ctx["id"]},
                   args={})["pdps"]
        pdp_id = list(pdp.keys())[0]
        if not pdp[pdp_id]["keystone_project_id"]:
            return {"result": "False", "message": "Cannot find keystone_project_id in pdp"}
        keystone_project_id = pdp[pdp_id]["keystone_project_id"]
        self.components[ctx["id"]] = []
        for policy_key, policy_value in call("moon_manager", method="get_policies",
                                             ctx={"user_id": "admin", "id": None},
                                             args={})["policies"].items():
            if policy_key in ctx["pipeline"]:
                models = call("moon_manager", method="get_models",
                              ctx={"user_id": "admin", "id": None},
                              args={})["models"]
                for meta_rule in models[policy_value['model_id']]['meta_rules']:
                    genre = policy_value['genre']
                    pre_container_id = "pdp:{}_metarule:{}_project:{}".format(ctx["id"], meta_rule, keystone_project_id)
                    container_data = {"pdp": ctx["id"], "metarule": meta_rule, "project": keystone_project_id}
                    policy_component = self.docker_manager.load(component=genre,
                                                                uuid=pre_container_id,
                                                                container_data=container_data)
                    self.components[ctx["id"]].append({
                        "meta_rule_id": meta_rule,
                        "genre": policy_value['genre'],
                        "keystone_project_id": keystone_project_id,
                        "container_id": policy_value['genre']+"_"+hashlib.sha224(pre_container_id.encode("utf-8")).hexdigest()
                    })
        return {"containers": self.components[ctx["id"]]}

    def delete_container(self, ctx, args=None):
        """Delete a container

        :param ctx: {"id": "intra_extension_uuid"}
        :param args: {}
        :return: {}
        """
        try:
            self.docker_manager.kill(component_id="moon_secpolicy_"+ctx["id"])
            try:
                # FIXME (asteroide): need to select other security_function here
                self.docker_manager.kill(component_id="moon_secfunction_authz_"+ctx["id"])
            except Exception as e:
                LOG.error(e, exc_info=True)
                return {"result": True,
                        "error": {'code': 200, 'title': 'Moon Warning', 'description': str(e)},
                        "intra_extension_id": ctx["id"],
                        "ctx": ctx, "args": args}
        except Exception as e:
            LOG.error(e, exc_info=True)
            return {"result": False,
                    "error": {'code': 500, 'title': 'Moon Error', 'description': str(e)},
                    "intra_extension_id": ctx["id"],
                    "ctx": ctx, "args": args}
        return {"result": True}