1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
# This software is distributed under the terms and conditions of the 'Apache-2.0'
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
import hashlib
from oslo_config import cfg
from oslo_log import log as logging
# from moon_db.core import IntraExtensionRootManager
# from moon_db.core import ConfigurationManager
from moon_utilities.security_functions import call
LOG = logging.getLogger("moon.orchestrator.api.containers")
CONF = cfg.CONF
class Containers(object):
"""
Manage containers.
"""
__version__ = "0.1.0"
def __init__(self, docker_manager):
self.docker_manager = docker_manager
self.components = dict()
for pdp_key, pdp_value in call("moon_manager", method="get_pdp",
ctx={"user_id": "admin", "id": None})["pdps"].items():
self.add_container(ctx={"id": pdp_key, "pipeline": pdp_value["security_pipeline"]})
def get_container(self, ctx, args=None):
"""Get containers linked to an intra-extension
:param ctx: {
"id": "intra_extension_uuid",
"keystone_project_id": "Keystone Project UUID"
}
:param args: {}
:return: {
"containers": {...},
}
"""
uuid = ctx.get("id")
keystone_project_id = ctx.get("keystone_project_id")
# _containers = self.docker_manager.get_component(uuid=uuid)
# LOG.info("containers={}".format(_containers))
if uuid:
return self.components[uuid]
elif keystone_project_id:
for container_id, container_value in self.components.items():
if container_value['keystone_project_id'] == keystone_project_id:
return {container_id: container_value}
else:
return {}
return {"containers": self.components}
def add_container(self, ctx, args=None):
"""Add containers
:param ctx: {"id": "intra_extension_uuid"}
:param args: {}
:return: {
"container_id1": {"status": True},
"container_id2": {"status": True},
}
"""
LOG.info("add_container {}".format(ctx))
pdp = call("moon_manager", method="get_pdp",
ctx={"user_id": "admin", "id": ctx["id"]},
args={})["pdps"]
pdp_id = list(pdp.keys())[0]
if not pdp[pdp_id]["keystone_project_id"]:
return {"result": "False", "message": "Cannot find keystone_project_id in pdp"}
keystone_project_id = pdp[pdp_id]["keystone_project_id"]
self.components[ctx["id"]] = []
for policy_key, policy_value in call("moon_manager", method="get_policies",
ctx={"user_id": "admin", "id": None},
args={})["policies"].items():
if policy_key in ctx["pipeline"]:
models = call("moon_manager", method="get_models",
ctx={"user_id": "admin", "id": None},
args={})["models"]
for meta_rule in models[policy_value['model_id']]['meta_rules']:
genre = policy_value['genre']
pre_container_id = "pdp:{}_metarule:{}_project:{}".format(ctx["id"], meta_rule, keystone_project_id)
container_data = {"pdp": ctx["id"], "metarule": meta_rule, "project": keystone_project_id}
policy_component = self.docker_manager.load(component=genre,
uuid=pre_container_id,
container_data=container_data)
self.components[ctx["id"]].append({
"meta_rule_id": meta_rule,
"genre": policy_value['genre'],
"keystone_project_id": keystone_project_id,
"container_id": policy_value['genre']+"_"+hashlib.sha224(pre_container_id.encode("utf-8")).hexdigest()
})
return {"containers": self.components[ctx["id"]]}
def delete_container(self, ctx, args=None):
"""Delete a container
:param ctx: {"id": "intra_extension_uuid"}
:param args: {}
:return: {}
"""
try:
self.docker_manager.kill(component_id="moon_secpolicy_"+ctx["id"])
try:
# FIXME (asteroide): need to select other security_function here
self.docker_manager.kill(component_id="moon_secfunction_authz_"+ctx["id"])
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": True,
"error": {'code': 200, 'title': 'Moon Warning', 'description': str(e)},
"intra_extension_id": ctx["id"],
"ctx": ctx, "args": args}
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
"error": {'code': 500, 'title': 'Moon Error', 'description': str(e)},
"intra_extension_id": ctx["id"],
"ctx": ctx, "args": args}
return {"result": True}
|