wrapper:
port: 8080
kport: 30010
+interface:
+ port: 8080
+authz:
+ port: 8081
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt --upgrade
-RUN pip3 install /root/dist/* --upgrade
+#RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_authz"]
\ No newline at end of file
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt --upgrade
-RUN pip3 install /root/dist/* --upgrade
+#RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_interface"]
\ No newline at end of file
self.context = Context(ctx, CACHE)
self.args = args
self.request_id = ctx["request_id"]
- # LOG.info("container={}".format(CACHE.containers))
- # LOG.info("container_chaining={}".format(CACHE.container_chaining))
if ctx['project_id'] not in CACHE.container_chaining:
raise exceptions.KeystoneProjectError("Unknown Project ID {}".format(ctx['project_id']))
self.container_chaining = CACHE.container_chaining[ctx['project_id']]
def run(self):
self.context.delete_cache()
+ req = None
try:
- LOG.debug("url=http://{}:{}/authz".format(
- self.container_chaining[0]["hostname"],
- self.container_chaining[0]["port"]))
req = requests.post("http://{}:{}/authz".format(
- self.container_chaining[0]["hostname"],
+ self.container_chaining[0]["hostip"],
self.container_chaining[0]["port"],
), data=pickle.dumps(self.context))
if req.status_code != 200:
- # LOG.error("Cannot connect to {}".format(
- # "http://{}:{}/authz".format(
- # self.container_chaining[0]["hostname"],
- # self.container_chaining[0]["port"]
- # )))
+ # LOG.error("req={}".format(req))
raise exceptions.AuthzException(
"Receive bad response from Authz function "
- "(with hostname - {})".format(
+ "(with IP address - {})".format(
req.status_code
))
except requests.exceptions.ConnectionError:
+ LOG.error("Cannot connect to {}".format(
+ "http://{}:{}/authz".format(
+ self.container_chaining[0]["hostip"],
+ self.container_chaining[0]["port"]
+ )))
+ except ValueError:
try:
req = requests.post("http://{}:{}/authz".format(
- self.container_chaining[0]["hostip"],
+ self.container_chaining[0]["hostname"],
self.container_chaining[0]["port"],
), data=pickle.dumps(self.context))
if req.status_code != 200:
- # LOG.error("req={}".format(req))
raise exceptions.AuthzException(
"Receive bad response from Authz function "
- "(with IP address - {})".format(
+ "(with hostname - {})".format(
req.status_code
))
except requests.exceptions.ConnectionError:
raise exceptions.AuthzException(
"Cannot connect to Authz function with IP address")
self.context.set_cache(CACHE)
- if len(self.container_chaining) == 1:
+ if req and len(self.container_chaining) == 1:
# req.raw.decode_content = True
self.result = pickle.loads(req.content)
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt
-RUN pip3 install /root/dist/* --upgrade
+#RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_manager"]
\ No newline at end of file
import time
from moon_utilities.security_functions import check_auth
from moon_db.core import PDPManager
+from moon_db.core import PolicyManager
+from moon_db.core import ModelManager
from moon_utilities import configuration
__version__ = "0.1.0"
def add_pod(uuid, data):
+ if not data.get("keystone_project_id"):
+ return
LOG.info("Add a new pod {}".format(data))
+ if "pdp_id" not in data:
+ data["pdp_id"] = uuid
+ data['policies'] = PolicyManager.get_policies(user_id="admin")
+ data['models'] = ModelManager.get_models(user_id="admin")
conf = configuration.get_configuration("components/orchestrator")
hostname = conf["components/orchestrator"].get("hostname", "orchestrator")
port = conf["components/orchestrator"].get("port", 80)
proto = conf["components/orchestrator"].get("protocol", "http")
while True:
try:
- req = requests.post("{}://{}:{}/pods".format(proto, hostname, port),
- data=data)
+ req = requests.post(
+ "{}://{}:{}/pods".format(proto, hostname, port),
+ json=data,
+ headers={"content-type": "application/json"})
except requests.exceptions.ConnectionError:
LOG.warning("Orchestrator is not ready, standby...")
time.sleep(1)
def __init__(self, **kwargs):
self.driver = kwargs.get("driver")
+ self.create_security_function = kwargs.get("create_security_function_hook")
@check_auth
def get(self, uuid=None, user_id=None):
}
}
"""
- return {"pods": None}
+ LOG.info("POST param={}".format(request.json))
+ self.create_security_function(
+ request.json.get("keystone_project_id"),
+ request.json.get("pdp_id"),
+ request.json.get("security_pipeline"),
+ manager_data=request.json,
+ active_context=None,
+ active_context_name=None)
+ return {"pods": self.driver.get_pods(request.json.get("pdp_id"))}
@check_auth
def delete(self, uuid=None, user_id=None):
import urllib3.exceptions
from moon_utilities import configuration
-logger = logging.getLogger("moon.orchestrator.drivers")
+LOG = logging.getLogger("moon.orchestrator.drivers")
def get_driver():
try:
return K8S()
except urllib3.exceptions.MaxRetryError as e:
- logger.exception(e)
+ LOG.exception(e)
return Docker()
if name:
pods = self.client.list_pod_for_all_namespaces(watch=False)
for pod in pods.items:
- logger.info("get_pods {}".format(pod.metadata.name))
+ LOG.info("get_pods {}".format(pod.metadata.name))
if name in pod.metadata.name:
return pod
else:
return None
- logger.info("get_pods cache={}".format(self.cache))
+ LOG.info("get_pods cache={}".format(self.cache))
return self.cache
@staticmethod
{'name': "TYPE", "value": _data.get('genre', "None")},
{'name': "PORT", "value": str(_data.get('port', 80))},
{'name': "PDP_ID", "value": _data.get('pdp_id', "None")},
- {'name': "META_RULE_ID", "value": "None"},
+ {'name': "META_RULE_ID", "value": _data.get('meta_rule_id', "None")},
{'name': "KEYSTONE_PROJECT_ID",
"value": _data.get('keystone_project_id', "None")},
]
)
resp = client.create_namespaced_deployment(body=pod_manifest,
namespace='moon')
- logger.info("Pod {} created!".format(data[0].get('name')))
+ LOG.info("Pod {} created!".format(data[0].get('name')))
# logger.info(yaml.dump(pod_manifest, sys.stdout))
# logger.info(resp)
return resp
'selector': {
'app': data.get('name')
},
- 'type': 'NodePort',
+ # 'type': 'NodePort',
'endpoints': [{
'port': data.get('port', 80),
'protocol': 'TCP',
service_manifest['spec']['type'] = "NodePort"
resp = client.create_namespaced_service(namespace="moon",
body=service_manifest)
- logger.info("Service {} created!".format(data.get('name')))
+ LOG.info("Service {} created!".format(data.get('name')))
return resp
def load_pod(self, data, api_client=None, ext_client=None, expose=False):
pod = self.__create_pod(client=ext_client, data=data)
service = self.__create_service(client=_client, data=data[0],
expose=expose)
- # logger.info("load_poad data={}".format(data))
+ # logger.info("load_pod data={}".format(data))
# logger.info("pod.metadata.uid={}".format(pod.metadata.uid))
self.cache[pod.metadata.uid] = data
def delete_pod(self, uuid=None, name=None):
- logger.info("Deleting pod {}".format(uuid))
+ LOG.info("Deleting pod {}".format(uuid))
# TODO: delete_namespaced_deployment
# https://github.com/kubernetes-incubator/client-python/blob/master/kubernetes/client/apis/extensions_v1beta1_api.py
class Docker(Driver):
def load_pod(self, data, api_client=None, ext_client=None):
- logger.info("Creating pod {}".format(data[0].get('name')))
+ LOG.info("Creating pod {}".format(data[0].get('name')))
raise NotImplementedError
def delete_pod(self, uuid=None, name=None):
- logger.info("Deleting pod {}".format(uuid))
+ LOG.info("Deleting pod {}".format(uuid))
raise NotImplementedError
self.api.add_resource(Pods, *Pods.__urls__,
resource_class_kwargs={
"driver": self.driver,
+ "create_security_function_hook":
+ self.create_security_function,
})
def run(self):
LOG.debug('wrapper pod={}'.format(pod))
def create_security_function(self, keystone_project_id,
- pdp_id, policy_ids, active_context=None,
+ pdp_id, policy_ids, manager_data={},
+ active_context=None,
active_context_name=None):
""" Create security functions
security function in all context (ie, in all slaves)
:return: None
"""
- LOG.debug(self.driver.get_pods())
+ # LOG.info(self.driver.get_pods())
for key, value in self.driver.get_pods().items():
for _pod in value:
if _pod.get('keystone_project_id') == keystone_project_id:
LOG.warning("A pod for this Keystone project {} "
"already exists.".format(keystone_project_id))
return
+
plugins = configuration.get_plugins()
conf = configuration.get_configuration("components/interface")
i_hostname = conf["components/interface"].get("hostname", "interface")
"namespace": "moon"
},
]
- policies = requests.get("http://{}:{}/policies".format(
- self.manager_hostname, self.manager_port)).json().get(
- "policies", dict())
- models = requests.get("http://{}:{}/models".format(
- self.manager_hostname, self.manager_port)).json().get(
- "models", dict())
+ LOG.info("data={}".format(data))
+ policies = manager_data.get('policies')
+ if not policies:
+ LOG.info("No policy data from Manager, trying to get them")
+ policies = requests.get("http://{}:{}/policies".format(
+ self.manager_hostname, self.manager_port)).json().get(
+ "policies", dict())
+ LOG.info("policies={}".format(policies))
+ models = manager_data.get('models')
+ if not models:
+ LOG.info("No models data from Manager, trying to get them")
+ models = requests.get("http://{}:{}/models".format(
+ self.manager_hostname, self.manager_port)).json().get(
+ "models", dict())
+ LOG.info("models={}".format(models))
for policy_id in policy_ids:
if policy_id in policies:
'keystone_project_id': keystone_project_id,
"namespace": "moon"
})
+ LOG.info("data={}".format(data))
contexts, _active_context = self.driver.get_slaves()
+ LOG.info("active_context_name={}".format(active_context_name))
+ LOG.info("active_context={}".format(active_context))
if active_context_name:
for _context in contexts:
if _context["name"] == active_context_name:
LOG.debug("_config={}".format(_config))
api_client = client.CoreV1Api(_config)
ext_client = client.ExtensionsV1beta1Api(_config)
- self.driver.load_pod(data, api_client, ext_client)
+ self.driver.load_pod(data, api_client, ext_client, expose=False)
return
+ LOG.info("contexts={}".format(contexts))
for _ctx in contexts:
_config = config.new_client_from_config(context=_ctx['name'])
LOG.debug("_config={}".format(_config))
api_client = client.CoreV1Api(_config)
ext_client = client.ExtensionsV1beta1Api(_config)
- self.driver.load_pod(data, api_client, ext_client)
+ self.driver.load_pod(data, api_client, ext_client, expose=False)
-----
- Update the cache
+1.3.4
+-----
+- Fix a bug on the connection between interface and authz
+
#!/usr/bin/env bash
-VERSION=moon_utilities-1.3.3
+VERSION=moon_utilities-1.3.4
python3 setup.py sdist bdist_wheel
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.3.3"
+__version__ = "1.3.4"
"policy_id": policy_id,
"meta_rule_id": meta_rule_id,
"hostname": container_value["name"],
+ "hostip": "127.0.0.1",
"port": container_value["port"],
}
)
ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt --upgrade
-#RUN pip3 install /root/dist/* --upgrade
+RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_wrapper"]
plugins:
authz:
container: wukongsun/moon_authz:v4.3
+ port: 8081
session:
container: asteroide/session:latest
+ port: 8082
components:
interface:
- port: 8081
+ port: 8080
bind: 0.0.0.0
hostname: interface
container: wukongsun/moon_interface:v4.3
Code Review / moon.git / commitdiff