Connect the Moon subjects with the Keystone users.

Change-Id: I67a8956e86cda0853f352743ab0886169bdc2902

diff --git a/moonv4/kubernetes/start_moon.sh b/moonv4/kubernetes/start_moon.sh
index 705ca22..8121e31 100644 (file)
--- a/moonv4/kubernetes/start_moon.sh
+++ b/moonv4/kubernetes/start_moon.sh
@@ -16,7 +16,7 @@ echo =========================================
 kubectl get pods -n moon
 echo =========================================
 
-sleep 5
+sleep 10
 kubectl create -n moon -f kubernetes/templates/moon_configuration.yaml
 
 echo Waiting for jobs moonforming

diff --git a/moonv4/moon_db/Changelog b/moonv4/moon_db/Changelog
index 16452f6..fa84ca9 100644 (file)
--- a/moonv4/moon_db/Changelog
+++ b/moonv4/moon_db/Changelog
@@ -28,3 +28,7 @@ CHANGES
 - Fix a bug in core.py
 - Update db_manager
 
+1.1.0
+-----
+- When adding a subject, check the existence of that user in the Keystone DB and
+  create it if necessary

diff --git a/moonv4/moon_db/moon_db/__init__.py b/moonv4/moon_db/moon_db/__init__.py
index d42cdbd..ac01418 100644 (file)
--- a/moonv4/moon_db/moon_db/__init__.py
+++ b/moonv4/moon_db/moon_db/__init__.py
@@ -3,5 +3,5 @@
 # license which can be found in the file 'LICENSE' in this package distribution
 # or at 'http://www.apache.org/licenses/LICENSE-2.0'.
 
-__version__ = "1.0.3"
+__version__ = "1.1.0"
 

diff --git a/moonv4/moon_db/moon_db/api/policy.py b/moonv4/moon_db/moon_db/api/policy.py
index e0413bd..093d14b 100644 (file)
--- a/moonv4/moon_db/moon_db/api/policy.py
+++ b/moonv4/moon_db/moon_db/api/policy.py
@@ -4,11 +4,10 @@
 # or at 'http://www.apache.org/licenses/LICENSE-2.0'.
 
 from uuid import uuid4
-from oslo_log import log as logging
-from moon_utilities.security_functions import filter_input, enforce
+import logging
+from moon_utilities.security_functions import enforce
 from moon_db.api.managers import Managers
 
-
 LOG = logging.getLogger("moon.db.api.policy")
 
 
@@ -52,9 +51,17 @@ class PolicyManager(Managers):
 
     @enforce(("read", "write"), "perimeter")
     def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+        k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
+        if not k_user['users']:
+            k_user = Managers.KeystoneManager.create_user(value)
         if not perimeter_id:
-            perimeter_id = uuid4().hex
-        # TODO (asteroide): must check and add Keystone ID here
+            try:
+                perimeter_id = k_user['users'][0].get('id', uuid4().hex)
+            except IndexError:
+                k_user = Managers.KeystoneManager.get_user_by_name(
+                    value.get('name'))
+                perimeter_id = uuid4().hex
+        value.update(k_user['users'][0])
         return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
 
     @enforce(("read", "write"), "perimeter")

diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog
index ca67cbd..81b7c46 100644 (file)
--- a/moonv4/moon_utilities/Changelog
+++ b/moonv4/moon_utilities/Changelog
@@ -55,3 +55,7 @@ CHANGES
 -----
 - Fix a bug on the connection between interface and authz
 
+1.4.0
+-----
+- Add a waiting loop when the Keystone server is not currently available
+

diff --git a/moonv4/moon_utilities/build.sh b/moonv4/moon_utilities/build.sh
index b327e49..3068b65 100644 (file)
--- a/moonv4/moon_utilities/build.sh
+++ b/moonv4/moon_utilities/build.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-VERSION=moon_utilities-1.3.4
+VERSION=moon_utilities-1.4.0
 
 python3 setup.py sdist bdist_wheel
 
@@ -12,17 +12,27 @@ gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz
 if [ "$1" = "upload" ]; then
     twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc
     twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc
+    rm -f ../moon_orchestrator/dist/moon_utilities*
+    rm -f ../moon_interface/dist/moon_utilities*
+    rm -f ../moon_manager/dist/moon_utilities*
+    rm -f ../moon_authz/dist/moon_utilities*
+    rm -f ../moon_wrapper/dist/moon_utilities*
 fi
 
 if [ "$1" = "copy" ]; then
     mkdir -p ../moon_orchestrator/dist/ 2>/dev/null
+    rm -f ../moon_orchestrator/dist/moon_utilities*
     cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
     mkdir -p ../moon_interface/dist/ 2>/dev/null
+    rm -f ../moon_interface/dist/moon_utilities*
     cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
     mkdir -p ../moon_manager/dist/ 2>/dev/null
+    rm -f ../moon_manager/dist/moon_utilities*
     cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
     mkdir -p ../moon_authz/dist/ 2>/dev/null
+    rm -f ../moon_authz/dist/moon_utilities*
     cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
     mkdir -p ../moon_wrapper/dist/ 2>/dev/null
+    rm -f ../moon_wrapper/dist/moon_utilities*
     cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/
 fi

diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py
index 3e59b6a..8b353f9 100644 (file)
--- a/moonv4/moon_utilities/moon_utilities/__init__.py
+++ b/moonv4/moon_utilities/moon_utilities/__init__.py
@@ -3,4 +3,4 @@
 # license which can be found in the file 'LICENSE' in this package distribution
 # or at 'http://www.apache.org/licenses/LICENSE-2.0'.
 
-__version__ = "1.3.4"
+__version__ = "1.4.0"

diff --git a/moonv4/moon_utilities/moon_utilities/security_functions.py b/moonv4/moon_utilities/moon_utilities/security_functions.py
index fc90d30..f55620b 100644 (file)
--- a/moonv4/moon_utilities/moon_utilities/security_functions.py
+++ b/moonv4/moon_utilities/moon_utilities/security_functions.py
@@ -98,6 +98,7 @@ def enforce(action_names, object_name, **extra):
 
 
 def login(user=None, password=None, domain=None, project=None, url=None):
+    start_time = time.time()
     if not user:
         user = keystone_config['user']
     if not password:
@@ -138,15 +139,19 @@ def login(user=None, password=None, domain=None, project=None, url=None):
         }
     }
 
-    req = requests.post("{}/auth/tokens".format(url),
-                        json=data_auth, headers=headers,
-                        verify=keystone_config['certificate'])
-
-    if req.status_code in (200, 201, 204):
-        headers['X-Auth-Token'] = req.headers['X-Subject-Token']
-        return headers
-    LOG.error(req.text)
-    raise exceptions.KeystoneError
+    while True:
+        req = requests.post("{}/auth/tokens".format(url),
+                            json=data_auth, headers=headers,
+                            verify=keystone_config['certificate'])
+
+        if req.status_code in (200, 201, 204):
+            headers['X-Auth-Token'] = req.headers['X-Subject-Token']
+            return headers
+        LOG.warning("Waiting for Keystone...")
+        if time.time() - start_time == 100:
+            LOG.error(req.text)
+            raise exceptions.KeystoneError
+        time.sleep(5)
 
 
 def logout(headers, url=None):