Update code for master-slave communications

author asteroide <thomas.duval@orange.com>

Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)

committer asteroide <thomas.duval@orange.com>

Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)
author asteroide <thomas.duval@orange.com>
Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)
committer asteroide <thomas.duval@orange.com>
Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)
diff --git a/moonv4/moon_db/moon_db/api/model.py b/moonv4/moon_db/moon_db/api/model.py

index c1620da..22a5a83 100644 (file)
--- a/moonv4/moon_db/moon_db/api/model.py
+++ b/moonv4/moon_db/moon_db/api/model.py
@@ -89,7 +89,7 @@ class ModelManager(Managers):
              raise exceptions.SubjectCategoryExisting
          # if not category_id:
          #     category_id = uuid4().hex
-        return self.driver.add_subject_category(name=value["name"], description=value["description"])
+        return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id)
  
      @enforce(("read", "write"), "meta_data")
      def delete_subject_category(self, user_id, category_id):
@@ -100,7 +100,7 @@ class ModelManager(Managers):
          return self.driver.delete_subject_category(category_id=category_id)
  
      @enforce("read", "meta_data")
-    def get_object_categories(self, user_id, category_id):
+    def get_object_categories(self, user_id, category_id=None):
          return self.driver.get_object_categories(category_id)
  
      @enforce(("read", "write"), "meta_data")
@@ -109,7 +109,7 @@ class ModelManager(Managers):
              raise exceptions.ObjectCategoryExisting
          # if not category_id:
          #     category_id = uuid4().hex
-        return self.driver.add_object_category(name=value["name"], description=value["description"])
+        return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id)
  
      @enforce(("read", "write"), "meta_data")
      def delete_object_category(self, user_id, category_id):
@@ -120,7 +120,7 @@ class ModelManager(Managers):
          return self.driver.delete_object_category(category_id=category_id)
  
      @enforce("read", "meta_data")
-    def get_action_categories(self, user_id, category_id):
+    def get_action_categories(self, user_id, category_id=None):
          return self.driver.get_action_categories(category_id=category_id)
  
      @enforce(("read", "write"), "meta_data")
@@ -129,7 +129,7 @@ class ModelManager(Managers):
              raise exceptions.ActionCategoryExisting
          # if not category_id:
          #     category_id = uuid4().hex
-        return self.driver.add_action_category(name=value["name"], description=value["description"])
+        return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id)
  
      @enforce(("read", "write"), "meta_data")
      def delete_action_category(self, user_id, category_id):
diff --git a/moonv4/moon_manager/moon_manager/api/master.py b/moonv4/moon_manager/moon_manager/api/master.py

new file mode 100644 (file)

index 0000000..e63406c
--- /dev/null
+++ b/moonv4/moon_manager/moon_manager/api/master.py
@@ -0,0 +1,345 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from oslo_log import log as logging
+from moon_utilities.security_functions import call, notify
+from moon_db.core import PDPManager, PolicyManager, ModelManager
+
+LOG = logging.getLogger(__name__)
+
+
+class Master(object):
+    """
+    Retrieve the current status of all components.
+    """
+
+    __version__ = "0.1.0"
+    __policies = None
+    __policy_ids = []
+    __models = None
+    __model_ids = []
+    __meta_rules = None
+    __meta_rule_ids = []
+
+    @property
+    def policies(self):
+        if not self.__policies:
+            self.__policies = {}
+            if self.__policy_ids:
+                for policy_id in self.__policy_ids:
+                    self.__policies.update(call("moon_manager",
+                                                method="get_policies",
+                                                ctx={
+                                                    "id": policy_id,
+                                                    "call_master": True,
+                                                    "user_id": "admin"
+                                                },
+                                                args={})["policies"])
+            else:
+                self.__policies = call("moon_manager",
+                                       method="get_policies",
+                                       ctx={
+                                           "id": None,
+                                           "call_master": True,
+                                           "user_id": "admin"
+                                       },
+                                       args={})["policies"]
+        LOG.info("__get_policies={}".format(self.__policies))
+        return self.__policies
+
+    @property
+    def models(self):
+        if not self.__models:
+            self.__models = {}
+            if self.__model_ids:
+                for model_id in self.__model_ids:
+                    self.__models.update(call("moon_manager",
+                                              method="get_models",
+                                              ctx={
+                                                  "id": model_id,
+                                                  "call_master": True,
+                                                  "user_id": "admin"
+                                              },
+                                              args={})["models"])
+            else:
+                self.__models = call("moon_manager",
+                                     method="get_models",
+                                     ctx={
+                                         "id": None,
+                                         "call_master": True,
+                                         "user_id": "admin"
+                                     },
+                                     args={})["models"]
+        LOG.info("__get_models={}".format(self.__models))
+        return self.__models
+
+    @property
+    def meta_rules(self):
+        if not self.__meta_rules:
+            self.__meta_rules = {}
+            if self.__meta_rule_ids:
+                for meta_rule_id in self.__meta_rule_ids:
+                    self.__meta_rules.update(call("moon_manager",
+                                                  method="get_meta_rules",
+                                                  ctx={
+                                                      "meta_rule_id": meta_rule_id,
+                                                      "call_master": True,
+                                                      "user_id": "admin"
+                                                  },
+                                                  args={})["meta_rules"])
+            else:
+                self.__meta_rules = call("moon_manager",
+                                         method="get_meta_rules",
+                                         ctx={
+                                             "meta_rule_id": None,
+                                             "call_master": True,
+                                             "user_id": "admin"
+                                         },
+                                         args={})["meta_rules"]
+        LOG.info("__get_meta_rules={}".format(self.__meta_rules))
+        return self.__meta_rules
+
+    def __add_meta_data(self):
+        subject_categories = ModelManager.get_subject_categories("admin")
+        object_categories = ModelManager.get_object_categories("admin")
+        action_categories = ModelManager.get_action_categories("admin")
+        for meta_rule_id, meta_rule_value in self.meta_rules.items():
+            for _scat in meta_rule_value['subject_categories']:
+                if _scat not in subject_categories:
+                    master_category = call("moon_manager", method="get_subject_categories",
+                                           ctx={
+                                               "user_id": "admin",
+                                               "call_master": True,
+                                               "id": None,
+                                           },
+                                           args={"category_id": _scat})["subject_categories"]
+                    ModelManager.add_subject_category("admin", _scat, master_category[_scat])
+            for _ocat in meta_rule_value['object_categories']:
+                if _ocat not in object_categories:
+                    master_category = call("moon_manager", method="get_object_categories",
+                                           ctx={
+                                               "user_id": "admin",
+                                               "call_master": True,
+                                               "id": None,
+                                           },
+                                           args={"category_id": _ocat})["object_categories"]
+                    LOG.info("Add scat {} {}".format(_ocat, master_category[_ocat]))
+                    ModelManager.add_object_category("admin", _ocat, master_category[_ocat])
+            for _acat in meta_rule_value['action_categories']:
+                if _acat not in action_categories:
+                    master_category = call("moon_manager", method="get_action_categories",
+                                           ctx={
+                                               "user_id": "admin",
+                                               "call_master": True,
+                                               "id": None,
+                                           },
+                                           args={"category_id": _acat})["action_categories"]
+                    LOG.info("Add scat {} {}".format(_acat, master_category[_acat]))
+                    ModelManager.add_action_category("admin", _acat, master_category[_acat])
+
+    def __add_meta_rule(self):
+        meta_rules = ModelManager.get_meta_rules("admin")
+        LOG.info("meta_rules={}".format(meta_rules))
+        for uuid, value in self.meta_rules.items():
+            if uuid not in meta_rules:
+                ModelManager.add_meta_rule("admin", uuid, value=value)
+
+    def __add_perimeter(self, subject_name=None, object_name=None):
+        for policy_id in self.policies:
+            subjects = call("moon_manager", method="get_subjects",
+                            ctx={
+                                "user_id": "admin",
+                                "call_master": True,
+                                "id": policy_id,
+                            },
+                            args={"perimeter_id": None, "perimeter_name": subject_name})["subjects"]
+            for subject_id, subject_value in subjects.items():
+                # FIXME (asteroide): if a subject with the same name had been already created before
+                #                    it will not have the same ID as the subject in master
+                PolicyManager.add_subject("admin", policy_id=policy_id, perimeter_id=subject_id, value=subject_value)
+        for policy_id in self.policies:
+            objects = call("moon_manager", method="get_objects",
+                           ctx={
+                               "user_id": "admin",
+                               "call_master": True,
+                               "id": policy_id,
+                           },
+                           args={"perimeter_id": None, "perimeter_name": object_name})["objects"]
+            for object_id, object_value in objects.items():
+                # FIXME (asteroide): if a object with the same name had been already created before
+                #                    it will not have the same ID as the object in master
+                PolicyManager.add_object("admin", policy_id=policy_id, perimeter_id=object_id, value=object_value)
+        for policy_id in self.policies:
+            actions = call("moon_manager", method="get_actions",
+                           ctx={
+                               "user_id": "admin",
+                               "call_master": True,
+                               "id": policy_id,
+                           },
+                           args={"perimeter_id": None})["actions"]
+            for action_id, action_value in actions.items():
+                # FIXME (asteroide): if a action with the same name had been already created before
+                #                    it will not have the same ID as the action in master
+                PolicyManager.add_action("admin", policy_id=policy_id, perimeter_id=action_id, value=action_value)
+
+    def __add_data(self):
+        subject_categories = ModelManager.get_subject_categories("admin")
+        object_categories = ModelManager.get_object_categories("admin")
+        action_categories = ModelManager.get_action_categories("admin")
+        for policy_id in self.policies:
+            for category in subject_categories.keys():
+                subject_data = call("moon_manager", method="get_subject_data",
+                                    ctx={
+                                        "user_id": "admin",
+                                        "call_master": True,
+                                        "id": policy_id,
+                                        "category_id": category
+                                    },
+                                    args={"data_id": None})["subject_data"]
+                if not subject_data:
+                    continue
+                for data in subject_data:
+                    PolicyManager.set_subject_data("admin", policy_id=policy_id,
+                                                   category_id=data['category_id'], value=data)
+            for category in object_categories:
+                object_data = call("moon_manager", method="get_object_data",
+                                   ctx={
+                                       "user_id": "admin",
+                                       "call_master": True,
+                                       "id": policy_id,
+                                       "category_id": category
+                                   },
+                                   args={"data_id": None})["object_data"]
+                if not object_data:
+                    continue
+                for data in object_data:
+                    PolicyManager.add_object_data("admin", policy_id=policy_id,
+                                                  category_id=data['category_id'], value=data)
+            for category in action_categories:
+                action_data = call("moon_manager", method="get_action_data",
+                                   ctx={
+                                       "user_id": "admin",
+                                       "call_master": True,
+                                       "id": policy_id,
+                                       "category_id": category
+                                   },
+                                   args={"data_id": None})["action_data"]
+                if not action_data:
+                    continue
+                for data in action_data:
+                    PolicyManager.add_action_data("admin", policy_id=policy_id,
+                                                  category_id=data['category_id'], value=data)
+
+    def __add_assignments(self, subject_name=None, object_name=None):
+        for policy_id in self.policies:
+            assignments = call("moon_manager", method="get_subject_assignments",
+                               ctx={
+                                   "user_id": "admin",
+                                   "call_master": True,
+                                   "id": policy_id,
+                                   "perimeter_id": None,
+                                   "perimeter_name": subject_name,
+                                   "category_id": None,
+                               },
+                               args={})["subject_assignments"]
+            for assignment_id, assignment_value in assignments.items():
+                _subject_id = assignment_value['subject_id']
+                _category_id = assignment_value['category_id']
+                for _data_id in assignment_value['assignments']:
+                    PolicyManager.add_subject_assignment("admin", policy_id=policy_id,
+                                                         subject_id=_subject_id, category_id=_category_id,
+                                                         data_id=_data_id)
+            assignments = call("moon_manager", method="get_object_assignments",
+                               ctx={
+                                   "user_id": "admin",
+                                   "call_master": True,
+                                   "id": policy_id,
+                                   "perimeter_id": None,
+                                   "perimeter_name": object_name,
+                                   "category_id": None,
+                               },
+                               args={})["object_assignments"]
+            for assignment_id, assignment_value in assignments.items():
+                _object_id = assignment_value['object_id']
+                _category_id = assignment_value['category_id']
+                for _data_id in assignment_value['assignments']:
+                    PolicyManager.add_object_assignment("admin", policy_id=policy_id,
+                                                        object_id=_object_id, category_id=_category_id,
+                                                        data_id=_data_id)
+            assignments = call("moon_manager", method="get_action_assignments",
+                               ctx={
+                                   "user_id": "admin",
+                                   "call_master": True,
+                                   "id": policy_id,
+                                   "perimeter_id": None,
+                                   "category_id": None,
+                               },
+                               args={})["action_assignments"]
+            for assignment_id, assignment_value in assignments.items():
+                _action_id = assignment_value['action_id']
+                _category_id = assignment_value['category_id']
+                for _data_id in assignment_value['assignments']:
+                    PolicyManager.add_action_assignment("admin", policy_id=policy_id,
+                                                        action_id=_action_id, category_id=_category_id,
+                                                        data_id=_data_id)
+
+    def __add_rules(self):
+        for policy_id in self.policies:
+            _rules = call("moon_manager", method="get_rules",
+                          ctx={
+                              "user_id": "admin",
+                              "call_master": True,
+                              "id": policy_id,
+                              "rule_id": None
+                          },
+                          args={})["rules"]
+            for rule in _rules["rules"]:
+                LOG.info("__add_rules {}".format(rule))
+                if rule["meta_rule_id"] in self.__meta_rule_ids:
+                    PolicyManager.add_rule("admin",
+                                           policy_id=policy_id,
+                                           meta_rule_id=rule["meta_rule_id"],
+                                           value=rule)
+
+    def update_from_master(self, ctx, args):
+        LOG.info("update_from_master {}".format(ctx))
+        self.__policy_ids = ctx["security_pipeline"]
+
+        for policy_id, policy_value in self.policies.items():
+            self.__model_ids.append(policy_value["model_id"])
+
+        for model_id, model_value in self.models.items():
+            self.__meta_rule_ids.extend(model_value['meta_rules'])
+
+        self.__add_meta_data()
+
+        self.__add_meta_rule()
+
+        for policy_id in ctx["security_pipeline"]:
+            if policy_id in self.policies:
+                PolicyManager.add_policy("admin", policy_id, self.__policies[policy_id])
+
+        self.__add_perimeter(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
+
+        self.__add_data()
+
+        self.__add_assignments(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
+
+        self.__add_rules()
+
+        models = ModelManager.get_models("admin")
+        for model_id, model_value in self.models.items():
+            if model_id not in models:
+                ModelManager.add_model("admin", model_id, model_value)
+
+        pdp = PDPManager.add_pdp(user_id="admin", pdp_id=ctx["pdp_id"], value=args)
+        if "error" in pdp:
+            LOG.error("Error when adding PDP from master {}".format(pdp))
+            return False
+        LOG.info("pdp={}".format(pdp))
+        call("orchestrator", method="add_container",
+             ctx={"id": ctx.get("id"), "pipeline": ctx['security_pipeline']})
+        return True
+
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py

index 3c876fa..27e28a6 100644 (file)
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ b/moonv4/moon_manager/moon_manager/api/policies.py
@@ -64,7 +64,17 @@ class Perimeter(object):
  
      def get_subjects(self, ctx, args):
          try:
-            data = self.manager.get_subjects(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id'])
+            data = self.manager.get_subjects(
+                user_id=ctx["user_id"],
+                policy_id=ctx["id"],
+                perimeter_id=args['perimeter_id']
+            )
+            if not args['perimeter_id']:
+                if "perimeter_name" in args:
+                    for _data_id, _data_value in data.items():
+                        if _data_value['name'] == args['perimeter_name']:
+                            data = {_data_id: _data_value}
+                            break
          except Exception as e:
              LOG.error(e, exc_info=True)
              return {"result": False,
@@ -102,7 +112,17 @@ class Perimeter(object):
  
      def get_objects(self, ctx, args):
          try:
-            data = self.manager.get_objects(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id'])
+            data = self.manager.get_objects(
+                user_id=ctx["user_id"],
+                policy_id=ctx["id"],
+                perimeter_id=args['perimeter_id']
+            )
+            if not args['perimeter_id']:
+                if "perimeter_name" in args:
+                    for _data_id, _data_value in data.items():
+                        if _data_value['name'] == args['perimeter_name']:
+                            data = {_data_id: _data_value}
+                            break
          except Exception as e:
              LOG.error(e, exc_info=True)
              return {"result": False,
@@ -285,8 +305,30 @@ class Assignments(object):
      def __init__(self):
          self.manager = PolicyManager
  
+    def __get_subject_id(self, ctx, subject_name):
+        data = self.manager.get_subjects(
+            user_id=ctx["user_id"],
+            policy_id=ctx["id"],
+            perimeter_id=None
+        )
+        for _data_id, _data_value in data.items():
+            if _data_value['name'] == subject_name:
+                return _data_id
+
+    def __get_object_id(self, ctx, object_name):
+        data = self.manager.get_objects(
+            user_id=ctx["user_id"],
+            policy_id=ctx["id"],
+            perimeter_id=None
+        )
+        for _data_id, _data_value in data.items():
+            if _data_value['name'] == object_name:
+                return _data_id
+
      def get_subject_assignments(self, ctx, args):
          try:
+            if "perimeter_name" in args:
+                ctx["perimeter_id"] = self.__get_subject_id(ctx, args['perimeter_name'])
              data = self.manager.get_subject_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
                                                          subject_id=ctx["perimeter_id"], category_id=ctx["category_id"])
          except Exception as e:
@@ -322,6 +364,8 @@ class Assignments(object):
  
      def get_object_assignments(self, ctx, args):
          try:
+            if "perimeter_name" in args:
+                ctx["perimeter_id"] = self.__get_object_id(ctx, args['perimeter_name'])
              data = self.manager.get_object_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
                                                         object_id=ctx["perimeter_id"], category_id=ctx["category_id"])
          except Exception as e:
diff --git a/moonv4/moon_manager/moon_manager/messenger.py b/moonv4/moon_manager/moon_manager/messenger.py

index 784b9ea..3c44b6f 100644 (file)
--- a/moonv4/moon_manager/moon_manager/messenger.py
+++ b/moonv4/moon_manager/moon_manager/messenger.py
@@ -12,6 +12,7 @@ from moon_utilities.api import APIList
  from moon_manager.api.models import Models, MetaRules, MetaData
  from moon_manager.api.policies import Policies, Perimeter, Data, Assignments, Rules
  from moon_manager.api.pdp import PDP
+from moon_manager.api.master import Master
  from moon_utilities.security_functions import call
  from moon_utilities.exceptions import IntraExtensionUnknown
  
@@ -52,7 +53,8 @@ class Server:
              Data(),
              Assignments(),
              Rules(),
-            PDP()
+            PDP(),
+            Master()
          ]
          self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints,
                                                      executor='threading',
diff --git a/moonv4/moon_manager/requirements.txt b/moonv4/moon_manager/requirements.txt

index 3b684f8..a919c62 100644 (file)
--- a/moonv4/moon_manager/requirements.txt
+++ b/moonv4/moon_manager/requirements.txt
@@ -2,4 +2,5 @@ kombu !=4.0.1,!=4.0.0
  oslo.messaging
  oslo.config
  vine
-oslo.log
-\ No newline at end of file
+oslo.log
+babel
+\ No newline at end of file
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py

index ef69af7..85d7d3f 100644 (file)
--- a/moonv4/moon_orchestrator/moon_orchestrator/server.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/server.py
@@ -30,11 +30,6 @@ SLAVES = {}
  docker = Client(base_url=CONF.docker_url)
  
  
-# def get_template(filename="template.dockerfile"):
-#     simple_loader = FileSystemLoader(TEMPLATES_FOLDER)
-#     env = Environment(loader=simple_loader)
-#     return env.get_template(filename)
-
  def kill_handler(signum, frame):
      _exit(0)
  
@@ -102,7 +97,7 @@ def _exit(exit_number=0, error=None):
          else:
              docker.remove_container(container=_container)
  
-    # TODO (dthom): put in the debug log
+    # TODO (asteroide): put in the debug log
      if error:
          LOG.info(str(error))
      sys.exit(exit_number)
@@ -117,7 +112,8 @@ def __save_pid():
  
  
  def server():
-    # conf_file = options.configure(DOMAIN)
+    # TODO (asteroide): need to add some options:
+    #   --foreground: run in foreground
      __save_pid()
      LOG.info("Starting server with IP {}".format(CONF.orchestrator.host))
  
diff --git a/moonv4/moon_secrouter/moon_secrouter/api/route.py b/moonv4/moon_secrouter/moon_secrouter/api/route.py

index 7cce135..28a9a65 100644 (file)
--- a/moonv4/moon_secrouter/moon_secrouter/api/route.py
+++ b/moonv4/moon_secrouter/moon_secrouter/api/route.py
@@ -88,7 +88,8 @@ API = {
          "delete_action_assignment",
          "get_rules",
          "add_rule",
-        "delete_rule"
+        "delete_rule",
+        "update_from_master"
      ),
      "function": (
          "authz",
@@ -125,6 +126,7 @@ class Cache(object):
          self.__update_policies()
          self.__update_models()
          for key, value in self.__PDP.items():
+            LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"]))
              self.__update_container_chaining(value["keystone_project_id"])
  
      @property
@@ -192,13 +194,19 @@ class Cache(object):
      def __update_container_chaining(self, keystone_project_id):
          container_ids = []
          for pdp_id, pdp_value, in CACHE.pdp.items():
+            LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value))
              if pdp_value:
                  if pdp_value["keystone_project_id"] == keystone_project_id:
                      for policy_id in pdp_value["security_pipeline"]:
                          model_id = CACHE.policies[policy_id]['model_id']
+                        LOG.info("model_id = {}".format(model_id))
+                        LOG.info("CACHE = {}".format(CACHE.models[model_id]))
                          for meta_rule_id in CACHE.models[model_id]["meta_rules"]:
+                            LOG.info("CACHE.containers = {}".format(CACHE.containers))
                              for container_id, container_values, in CACHE.containers.items():
+                                LOG.info("container_id, container_values = {}".format(container_id, container_values))
                                  for container_value in container_values:
+                                    LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id))
                                      if container_value["meta_rule_id"] == meta_rule_id:
                                          container_ids.append(
                                              {
@@ -238,8 +246,13 @@ class AuthzRequest:
          self.ctx = ctx
          self.args = args
          self.request_id = ctx["request_id"]
+        if self.ctx['id'] not in CACHE.container_chaining:
+            LOG.warning("Unknown Project ID {}".format(self.ctx['id']))
+            # TODO (asteroide): add a better exception handler
+            raise Exception("Unknown Project ID {}".format(self.ctx['id']))
          self.container_chaining = CACHE.container_chaining[self.ctx['id']]
          ctx["container_chaining"] = copy.deepcopy(self.container_chaining)
+        LOG.info("self.container_chaining={}".format(self.container_chaining))
          self.pdp_container = self.container_chaining[0]["container_id"]
          self.run()
  
@@ -332,11 +345,43 @@ class Router(object):
      @staticmethod
      def check_pdp(ctx):
          _ctx = copy.deepcopy(ctx)
-        if CONF.slave.slave_name:
-            _ctx['call_master'] = True
+        keystone_id = _ctx.pop('id')
+        # LOG.info("_ctx {}".format(_ctx))
          ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={})
-        if "error" not in ext:
-            return True
+        # LOG.info("check_pdp {}".format(ext))
+        if "error" in ext:
+            return False
+        keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values())
+        if not ext['pdps'] or keystone_id not in keystone_id_list:
+            if CONF.slave.slave_name:
+                _ctx['call_master'] = True
+                # update from master if exist and test again
+                LOG.info("Need to update from master {}".format(keystone_id))
+                ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={})
+                if "error" in ext:
+                    return False
+                keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values())
+                if not ext['pdps'] or keystone_id not in keystone_id_list:
+                    return False
+                else:
+                    # Must update from Master
+                    _ctx["keystone_id"] = keystone_id
+                    _ctx["pdp_id"] = None
+                    _ctx["security_pipeline"] = None
+                    _ctx['call_master'] = False
+                    pdp_value = {}
+                    for pdp_id, pdp_value in ext["pdps"].items():
+                        if keystone_id == pdp_value["keystone_project_id"]:
+                            _ctx["pdp_id"] = keystone_id
+                            _ctx["security_pipeline"] = pdp_value["security_pipeline"]
+                            break
+                    call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value)
+                    CACHE.update()
+                    return True
+            else:
+                # return False otherwise
+                return False
+        return True
  
      def send_update(self, api, ctx={}, args={}):
          # TODO (asteroide): add threads here
diff --git a/moonv4/moon_secrouter/requirements.txt b/moonv4/moon_secrouter/requirements.txt

index 3b684f8..a919c62 100644 (file)
--- a/moonv4/moon_secrouter/requirements.txt
+++ b/moonv4/moon_secrouter/requirements.txt
@@ -2,4 +2,5 @@ kombu !=4.0.1,!=4.0.0
  oslo.messaging
  oslo.config
  vine
-oslo.log
-\ No newline at end of file
+oslo.log
+babel
+\ No newline at end of file
author	asteroide <thomas.duval@orange.com>
	Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)
committer	asteroide <thomas.duval@orange.com>
	Wed, 28 Jun 2017 13:23:40 +0000 (15:23 +0200)
moonv4/moon_db/moon_db/api/model.py		patch \| blob \| history
moonv4/moon_manager/moon_manager/api/master.py	[new file with mode: 0644]	patch \| blob
moonv4/moon_manager/moon_manager/api/policies.py		patch \| blob \| history
moonv4/moon_manager/moon_manager/messenger.py		patch \| blob \| history
moonv4/moon_manager/requirements.txt		patch \| blob \| history
moonv4/moon_orchestrator/moon_orchestrator/server.py		patch \| blob \| history
moonv4/moon_secrouter/moon_secrouter/api/route.py		patch \| blob \| history
moonv4/moon_secrouter/requirements.txt		patch \| blob \| history