+#!/usr/bin/env bash
-
-VERSION=moon_utilities-1.2.0
+VERSION=moon_utilities-1.3.3
python3 setup.py sdist bdist_wheel
-rm dist/*.asc
+rm dist/*.asc 2>/dev/null
gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}-py3-none-any.whl
-gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.linux-x86_64.tar.gz
+gpg --detach-sign -u "A0A96E75" -a dist/${VERSION}.tar.gz
if [ "$1" = "upload" ]; then
twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc
- twine upload dist/${VERSION}.linux-x86_64.tar.gz dist/${VERSION}.linux-x86_64.tar.gz.asc
+ twine upload dist/${VERSION}.tar.gz dist/${VERSION}.tar.gz.asc
fi
-cp dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_router/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
-cp dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
+if [ "$1" = "copy" ]; then
+ mkdir -p ../moon_orchestrator/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_orchestrator/dist/
+ mkdir -p ../moon_interface/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_interface/dist/
+ mkdir -p ../moon_manager/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_manager/dist/
+ mkdir -p ../moon_authz/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_authz/dist/
+ mkdir -p ../moon_wrapper/dist/ 2>/dev/null
+ cp -v dist/${VERSION}-py3-none-any.whl ../moon_wrapper/dist/
+fi
__AUTHZ_REQUESTS = {}
-
def __init__(self):
self.manager_url = "{}://{}:{}".format(
configuration.get_components()['manager'].get('protocol', 'http'),
return self.__SUBJECTS
def update_subjects(self, policy_id=None):
- req = requests.get("{}/policies/{}/subjects".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/subjects".format(
+ self.manager_url, policy_id))
self.__SUBJECTS[policy_id] = req.json()['subjects']
def get_subject(self, policy_id, name):
return self.__OBJECTS
def update_objects(self, policy_id=None):
- req = requests.get("{}/policies/{}/objects".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/objects".format(
+ self.manager_url, policy_id))
self.__OBJECTS[policy_id] = req.json()['objects']
def get_object(self, policy_id, name):
return self.__ACTIONS
def update_actions(self, policy_id=None):
- req = requests.get("{}/policies/{}/actions".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/actions".format(
+ self.manager_url, policy_id))
self.__ACTIONS[policy_id] = req.json()['actions']
def get_action(self, policy_id, name):
req = requests.get("{}/policies/{}/subject_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/subject_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/subject_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__SUBJECT_ASSIGNMENTS:
self.__SUBJECT_ASSIGNMENTS[policy_id] = {}
- self.__SUBJECT_ASSIGNMENTS[policy_id].update(req.json()['subject_assignments'])
+ self.__SUBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['subject_assignments'])
def get_subject_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.subject_assignments:
req = requests.get("{}/policies/{}/object_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/object_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/object_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__OBJECT_ASSIGNMENTS:
self.__OBJECT_ASSIGNMENTS[policy_id] = {}
- self.__OBJECT_ASSIGNMENTS[policy_id].update(req.json()['object_assignments'])
+ self.__OBJECT_ASSIGNMENTS[policy_id].update(
+ req.json()['object_assignments'])
def get_object_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.object_assignments:
req = requests.get("{}/policies/{}/action_assignments/{}".format(
self.manager_url, policy_id, perimeter_id))
else:
- req = requests.get("{}/policies/{}/action_assignments".format(self.manager_url, policy_id))
+ req = requests.get("{}/policies/{}/action_assignments".format(
+ self.manager_url, policy_id))
if policy_id not in self.__ACTION_ASSIGNMENTS:
self.__ACTION_ASSIGNMENTS[policy_id] = {}
- self.__ACTION_ASSIGNMENTS[policy_id].update(req.json()['action_assignments'])
+ self.__ACTION_ASSIGNMENTS[policy_id].update(
+ req.json()['action_assignments'])
def get_action_assignments(self, policy_id, perimeter_id, category_id):
if policy_id not in self.action_assignments:
# if meta_rule_id in self.models[model_id]["meta_rules"]:
# return pdp_value["keystone_project_id"]
- def get_containers_from_keystone_project_id(self, keystone_project_id, meta_rule_id=None):
+ def get_containers_from_keystone_project_id(self, keystone_project_id,
+ meta_rule_id=None):
for container_id, container_value in self.containers.items():
+ LOG.info("container={}".format(container_value))
if 'keystone_project_id' not in container_value:
continue
if container_value['keystone_project_id'] == keystone_project_id:
if not meta_rule_id:
yield container_id, container_value
- elif container_value['meta_rule_id'] == meta_rule_id:
+ elif container_value.get('meta_rule_id') == meta_rule_id:
yield container_id, container_value
break
# containers functions
def __update_container(self):
- req = requests.get("{}/containers".format(self.manager_url))
- containers = req.json()
- for key, value in containers["containers"].items():
+ LOG.info("orchestrator={}".format("{}/pods".format(self.orchestrator_url)))
+ req = requests.get("{}/pods".format(self.orchestrator_url))
+ LOG.info("pods={}".format(req.text))
+ pods = req.json()
+ for key, value in pods["pods"].items():
if key not in self.__CONTAINERS:
self.__CONTAINERS[key] = value
else:
def __update_container_chaining(self, keystone_project_id):
container_ids = []
for pdp_id, pdp_value, in self.__PDP.items():
- # LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value))
- # LOG.info("__POLICIES = {}".format(self.__POLICIES))
if pdp_value:
if pdp_value["keystone_project_id"] == keystone_project_id:
for policy_id in pdp_value["security_pipeline"]:
model_id = self.__POLICIES[policy_id]['model_id']
- # LOG.info("model_id = {}".format(model_id))
- # LOG.info("CACHE = {}".format(self.__MODELS[model_id]))
- # LOG.info("CACHE.containers = {}".format(self.__CONTAINERS))
- # LOG.info("CACHE.models = {}".format(self.__MODELS))
for meta_rule_id in self.__MODELS[model_id]["meta_rules"]:
- # LOG.info("meta_rule = {}".format(self.__MODELS[model_id]["meta_rules"]))
for container_id, container_value in self.get_containers_from_keystone_project_id(
keystone_project_id,
meta_rule_id
):
- # LOG.info("CONTAINER: {} {}".format(container_id, container_value))
container_ids.append(
{
- "container_id": self.__CONTAINERS[container_id]["container_id"],
+ "container_id": self.__CONTAINERS[container_id]["name"],
"genre": self.__CONTAINERS[container_id]["genre"],
"policy_id": policy_id,
"meta_rule_id": meta_rule_id,
- "hostname": self.__CONTAINERS[container_id]["hostname"],
- "hostip": self.__CONTAINERS[container_id]["port"][0]["IP"],
- "port": self.__CONTAINERS[container_id]["port"][0]["PublicPort"],
+ "hostname": self.__CONTAINERS[container_id]["name"],
+ "port": self.__CONTAINERS[container_id]["port"],
}
)
- # LOG.info("__update_container_chaining={}".format(container_ids))
self.__CONTAINER_CHAINING[keystone_project_id] = container_ids
import time
from functools import wraps
from flask import request
-from oslo_log import log as logging
-from oslo_config import cfg
-import oslo_messaging
+import logging
from moon_utilities import exceptions
from moon_utilities import configuration
LOG = logging.getLogger("moon.utilities." + __name__)
-CONF = cfg.CONF
keystone_config = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
-slave = configuration.get_configuration(configuration.SLAVE)["slave"]
-
-__transport_master = oslo_messaging.get_transport(cfg.CONF, slave.get("master_url"))
-__transport = oslo_messaging.get_transport(CONF)
-
-__n_transport = oslo_messaging.get_notification_transport(CONF)
-__n_notifier = oslo_messaging.Notifier(__n_transport,
- 'router.host',
- driver='messagingv2',
- topics=['authz-workers'])
-__n_notifier = __n_notifier.prepare(publisher_id='router')
+# slave = configuration.get_configuration(configuration.SLAVE)["slave"]
__targets = {}
raise exceptions.KeystoneError
-def notify(request_id, container_id, payload, event_type="authz"):
- ctxt = {
- 'request_id': request_id,
- 'container_id': container_id
- }
- __n_notifier.critical(ctxt, event_type, payload=payload)
- # FIXME (asteroide): the notification mus be done 2 times otherwise the notification
- # may not be sent (need to search why)
- __n_notifier.critical(ctxt, event_type, payload=payload)
-
-
-def call(endpoint="security_router", ctx=None, method="route", **kwargs):
- if not ctx:
- ctx = dict()
- if endpoint not in __targets:
- __targets[endpoint] = dict()
- __targets[endpoint]["endpoint"] = oslo_messaging.Target(topic=endpoint, version='1.0')
- __targets[endpoint]["client"] = dict()
- __targets[endpoint]["client"]["internal"] = oslo_messaging.RPCClient(__transport,
- __targets[endpoint]["endpoint"])
- __targets[endpoint]["client"]["external"] = oslo_messaging.RPCClient(__transport_master,
- __targets[endpoint]["endpoint"])
- if 'call_master' in ctx and ctx['call_master'] and slave.get("master_url"):
- client = __targets[endpoint]["client"]["external"]
- LOG.info("Calling master {} on {}...".format(method, endpoint))
- else:
- client = __targets[endpoint]["client"]["internal"]
- LOG.info("Calling {} on {}...".format(method, endpoint))
- result = copy.deepcopy(client.call(ctx, method, **kwargs))
- LOG.info("result={}".format(result))
- del client
- return result
-
-
class Context:
def __init__(self, init_context, cache):
Code Review / moon.git / commitdiff