+++ /dev/null
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-from uuid import uuid4
-from moon_utilities import exceptions
-from moon_db.api.managers import Managers
-from moon_utilities.security_functions import filter_input, enforce
-from oslo_log import log as logging
-
-LOG = logging.getLogger("moon.db.api.tenants")
-
-
-class TenantManager(Managers):
-
- def __init__(self, connector=None):
- self.driver = connector.driver
- Managers.TenantManager = self
-
- @filter_input
- @enforce("read", "tenants")
- def get_tenants_dict(self, user_id):
- """
- Return a dictionary with all tenants
- :return: {
- tenant_id1: {
- name: xxx,
- description: yyy,
- intra_authz_extension_id: zzz,
- intra_admin_extension_id: zzz,
- },
- tenant_id2: {...},
- ...
- }
- """
- return self.driver.get_tenants_dict()
-
- def __get_keystone_tenant_dict(self, tenant_id="", tenant_name=""):
- tenants = Managers.KeystoneManager.list_projects()
- for tenant in tenants:
- if tenant_id and tenant_id == tenant['id']:
- return tenant
- if tenant_name and tenant_name == tenant['name']:
- return tenant
- if not tenant_id:
- tenant_id = uuid4().hex
- if not tenant_name:
- tenant_name = tenant_id
- tenant = {
- "id": tenant_id,
- "name": tenant_name,
- "description": "Auto generated tenant from Moon platform",
- "enabled": True,
- "domain_id": "default"
- }
- keystone_tenant = Managers.KeystoneManager.create_project(tenant["id"], tenant)
- return keystone_tenant
-
- @filter_input
- @enforce(("read", "write"), "tenants")
- def add_tenant_dict(self, user_id, tenant_id, tenant_dict):
- tenants_dict = self.driver.get_tenants_dict()
- for tenant_id in tenants_dict:
- if tenants_dict[tenant_id]['name'] == tenant_dict['name']:
- raise exceptions.TenantAddedNameExisting()
-
- # Check (and eventually sync) Keystone tenant
- if 'id' not in tenant_dict:
- tenant_dict['id'] = None
- keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
- for att in keystone_tenant:
- if keystone_tenant[att]:
- tenant_dict[att] = keystone_tenant[att]
- # Sync users between intra_authz_extension and intra_admin_extension
- LOG.debug("add_tenant_dict {}".format(tenant_dict))
- if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']:
- if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']:
- authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- Managers.IntraExtensionAdminManager.add_subject_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- Managers.IntraExtensionAdminManager.add_subject_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
-
- return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
-
- @filter_input
- @enforce("read", "tenants")
- def get_tenant_dict(self, user_id, tenant_id):
- tenants_dict = self.driver.get_tenants_dict()
- if tenant_id not in tenants_dict:
- raise exceptions.TenantUnknown()
- return tenants_dict[tenant_id]
-
- @filter_input
- @enforce(("read", "write"), "tenants")
- def del_tenant(self, user_id, tenant_id):
- if tenant_id not in self.driver.get_tenants_dict():
- raise exceptions.TenantUnknown()
- self.driver.del_tenant(tenant_id)
-
- @filter_input
- @enforce(("read", "write"), "tenants")
- def set_tenant_dict(self, user_id, tenant_id, tenant_dict):
- tenants_dict = self.driver.get_tenants_dict()
- if tenant_id not in tenants_dict:
- raise exceptions.TenantUnknown()
-
- # Sync users between intra_authz_extension and intra_admin_extension
- if 'intra_admin_extension_id' in tenant_dict:
- if 'intra_authz_extension_id' in tenant_dict:
- authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
- authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
- admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
- admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
- for _subject_id in authz_subjects_dict:
- if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
- Managers.IntraExtensionAdminManager.add_subject_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
- for _subject_id in admin_subjects_dict:
- if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
- Managers.IntraExtensionAdminManager.add_subject_dict(
- Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
-
- return self.driver.set_tenant_dict(tenant_id, tenant_dict)
-
+++ /dev/null
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import json
-import logging
-import hashlib
-from glob import glob
-from oslo_config import cfg
-from moon_db.core import ConfigurationDriver
-
-LOG = logging.getLogger("moon.db.driver.memory")
-CONF = cfg.CONF
-
-
-class ConfigurationConnector(object):
-
- def __init__(self, engine):
- super(ConfigurationConnector, self).__init__()
- self.policy_directory = CONF.policy_directory
- self.aggregation_algorithms_dict = dict()
- self.aggregation_algorithms_dict[hashlib.sha224("all_true".encode("utf-8")).hexdigest()[:32]] = \
- {'name': 'all_true', 'description': 'all rules must match'}
- self.aggregation_algorithms_dict[hashlib.sha224("one_true".encode("utf-8")).hexdigest()[:32]] = \
- {'name': 'one_true', 'description': 'only one rule has to match'}
- self.sub_meta_rule_algorithms_dict = dict()
- self.sub_meta_rule_algorithms_dict[hashlib.sha224("inclusion".encode("utf-8")).hexdigest()[:32]] = \
- {'name': 'inclusion', 'description': 'inclusion'}
- self.sub_meta_rule_algorithms_dict[hashlib.sha224("comparison".encode("utf-8")).hexdigest()[:32]] = \
- {'name': 'comparison', 'description': 'comparison'}
-
- def get_policy_templates_dict(self):
- """
- :return: {
- template_id1: {name: template_name, description: template_description},
- template_id2: {name: template_name, description: template_description},
- ...
- }
- """
- nodes = glob(os.path.join(self.policy_directory, "*"))
- LOG.info("get_policy_templates_dict {} {}".format(self.policy_directory, nodes))
- templates = dict()
- for node in nodes:
- try:
- metadata = json.load(open(os.path.join(node, "metadata.json")))
- except IOError:
- # Note (asteroide): it's not a true policy directory, so we forgive it
- continue
- templates[os.path.basename(node)] = dict()
- templates[os.path.basename(node)]["name"] = metadata["name"]
- templates[os.path.basename(node)]["description"] = metadata["description"]
- return templates
-
- def get_aggregation_algorithms_dict(self):
- return self.aggregation_algorithms_dict
-
- def get_sub_meta_rule_algorithms_dict(self):
- return self.sub_meta_rule_algorithms_dict
Code Review / moon.git / commitdiff