ADD . /root
WORKDIR /root/
RUN pip3 install -r requirements.txt --upgrade
+RUN pip3 install /root/dist/* --upgrade
RUN pip3 install .
CMD ["python3", "-m", "moon_interface"]
\ No newline at end of file
import time
from uuid import uuid4
-from moon_interface.containers import DockerManager
from moon_interface.authz_requests import AuthzRequest
-from moon_utilities import configuration
__version__ = "0.1.0"
return
-def build_container(cache, manager_url, uuid, meta_rule_id, plugin_name="authz"):
- """Create the container and update the cache with the given perimeter elements
-
- :param cache: Cache to use
- :param manager_url: URL of the manager
- :param uuid: Keystone Project ID
- :param meta_rule_id: UUID of the meta_rule
- :param plugin_name: name of the plugin to use
- :return: True or False
- """
- LOG.info("Building a new container for {}".format(plugin_name))
- manager = DockerManager()
- tcp_port = configuration.increment_port()
- container_name = configuration.get_plugins()[plugin_name]['container']
- name = "{}_{}".format(plugin_name, uuid4().hex)
- policy_id = cache.get_policy_from_meta_rules(meta_rule_id)
- container_data = {
- "name": name,
- "hostname": name,
- "port": {
- "PrivatePort": tcp_port,
- "Type": "tcp",
- "IP": "0.0.0.0",
- "PublicPort": tcp_port
- },
- "keystone_project_id": uuid,
- "pdp_id": cache.get_pdp_from_keystone_project(uuid),
- "meta_rule_id": meta_rule_id,
- "policy_id": policy_id,
- "container_name": container_name,
- "plugin_name": plugin_name
- }
- container = manager.create_container(container_data)
- container_data['container_id'] = container.id
- container_data['port']["IP"] = container.ip
- container_data['start_time'] = time.time()
- req = requests.post("{}/containers".format(manager_url),
- json=container_data)
- if req.status_code == 200:
- cache.add_container(container_data)
- return True
-
-
-def create_containers(cache, manager_url, uuid, plugin_name="authz"):
- """Create the container and update the cache with the given perimeter elements
-
- :param cache: Cache to use
- :param manager_url: URL of the manager
- :param uuid: Keystone Project ID
- :param plugin_name: name of the plugin to use
- :return: True or False
- """
- LOG.info("Need to create some containers for {}".format(uuid))
- for pdp_id, pdp_value in cache.pdp.items():
- LOG.info("pdp {}".format(pdp_value))
- if uuid == pdp_value.get("keystone_project_id", ""):
- LOG.info("uuid {}".format(uuid))
- for policy_id in pdp_value.get("security_pipeline", []):
- LOG.info("policy {}".format(policy_id))
- model_id = cache.policies[policy_id]["model_id"]
- model_value = cache.models[model_id]
- for meta_rule_id in model_value["meta_rules"]:
- LOG.info("meta_rule {}".format(meta_rule_id))
- build_container(
- cache=cache,
- uuid=uuid,
- manager_url=manager_url,
- meta_rule_id=meta_rule_id,
- plugin_name=plugin_name)
- return
-
-
def create_authz_request(cache, interface_name, manager_url, uuid, subject_name, object_name, action_name):
"""Create the authorization request and make the first call to the Authz function
"result": False,
"message": "Unknown Project ID or "
"Project ID is not bind to a PDP."}, 403
- if not container_exist(self.CACHE, uuid):
- create_containers(
- cache=self.CACHE,
- uuid=uuid,
- manager_url=self.MANAGER_URL,
- plugin_name="authz")
authz_request = create_authz_request(
cache=self.CACHE,
uuid=uuid,
"""
from flask_restful import Resource, request
-from oslo_log import log as logging
-from moon_utilities.security_functions import call
+import logging
import moon_interface.api
from moon_utilities.security_functions import check_auth
}
}
"""
- return call("security_router", method="get_status", ctx={"component_id": component_id})
+ raise NotImplemented
class Logs(Resource):
args["to"] = to_str
args["event_number"] = event_number
- return call("security_router", method="get_logs", ctx={"component_id": component_id}, args=args)
+ raise NotImplemented
class API(Resource):
return {"error": "Unknown endpoint_id {}".format(endpoint_id)}
return {group_id: api_desc[group_id]}
return api_desc
-
-
-class InternalAPI(Resource):
- """
- Endpoint for status requests
- """
-
- __urls__ = ("/internal_api", "/internal_api/", "/internal_api/<string:component_id>")
-
- def get(self, component_id=None, user_id=""):
- api_list = ("orchestrator", "security_router")
- if not component_id:
- return {"api": api_list}
- if component_id in api_list:
- api_desc = dict()
- api_desc["name"] = component_id
- api_desc["endpoints"] = call("security_router", component_id, {}, "list_api")
- return api_desc
-
+++ /dev/null
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-"""
-Authz is the endpoint to get authorization response
-"""
-
-import flask
-from flask import request
-from flask_restful import Resource
-import logging
-import json
-import requests
-import time
-from uuid import uuid4
-
-from moon_interface.api.authz import pdp_in_cache, pdp_in_manager, container_exist, \
- create_containers, create_authz_request
-from moon_interface.authz_requests import AuthzRequest
-from moon_utilities import configuration
-
-__version__ = "0.1.0"
-
-LOG = logging.getLogger("moon.interface.api." + __name__)
-
-
-class Wrapper(Resource):
- """
- Endpoint for authz requests
- """
-
- __urls__ = (
- "/authz/wrapper",
- "/authz/wrapper/",
- )
-
- def __init__(self, **kwargs):
- self.port = kwargs.get("port")
- self.CACHE = kwargs.get("cache", {})
- self.INTERFACE_NAME = kwargs.get("interface_name", "interface")
- self.MANAGER_URL = kwargs.get("manager_url", "http://manager:8080")
- self.TIMEOUT = 5
-
- def get(self):
- LOG.info("GET")
- return self.manage_data()
-
- def post(self):
- LOG.info("POST {}".format(request.form))
- response = flask.make_response("False")
- if self.manage_data():
- response = flask.make_response("True")
- response.headers['content-type'] = 'application/octet-stream'
- return response
-
- @staticmethod
- def __get_subject(target, credentials):
- _subject = target.get("user_id", "")
- if not _subject:
- _subject = credentials.get("user_id", "none")
- return _subject
-
- @staticmethod
- def __get_object(target, credentials):
- try:
- # note: case of Glance
- return target['target']['name']
- except KeyError:
- pass
-
- # note: default case
- return target.get("project_id", "none")
-
- @staticmethod
- def __get_project_id(target, credentials):
- return target.get("project_id", "none")
-
- def manage_data(self):
- target = json.loads(request.form.get('target', {}))
- credentials = json.loads(request.form.get('credentials', {}))
- rule = request.form.get('rule', "")
- _subject = self.__get_subject(target, credentials)
- _object = self.__get_object(target, credentials)
- _project_id = self.__get_project_id(target, credentials)
- LOG.info("GET with args project={} / "
- "subject={} - object={} - action={}".format(
- _project_id, _subject, _object, rule))
- pdp_id, pdp_value = pdp_in_cache(self.CACHE, _project_id)
- if not pdp_id:
- pdp_id, pdp_value = pdp_in_manager(self.CACHE, _project_id)
- if not pdp_id:
- LOG.error("Unknown Project ID or "
- "Project ID is not bind to a PDP.")
- return False
- if not container_exist(self.CACHE, _project_id):
- create_containers(self.CACHE, _project_id, self.MANAGER_URL,
- plugin_name="authz")
- authz_request = create_authz_request(
- cache=self.CACHE,
- uuid=_project_id,
- interface_name=self.INTERFACE_NAME,
- manager_url=self.MANAGER_URL,
- subject_name=_subject,
- object_name=_object,
- action_name=rule)
- cpt = 0
- while True:
- LOG.info("Wait")
- if cpt > self.TIMEOUT*10:
- LOG.error("Authz request had timed out.")
- return False
- if authz_request.is_authz():
- if authz_request.final_result == "Grant":
- LOG.info("Grant")
- return True
- LOG.info("Deny")
- return False
- cpt += 1
- time.sleep(0.1)
from moon_interface import __version__
from moon_interface.api.generic import Status, Logs, API
from moon_interface.api.authz import Authz
-from moon_interface.api.wrapper import Wrapper
from moon_interface.authz_requests import CACHE
from moon_utilities import configuration, exceptions
for api in __API__:
self.api.add_resource(api, *api.__urls__)
- self.api.add_resource(Wrapper, *Wrapper.__urls__,
- resource_class_kwargs={
- "port": self.port,
- "cache": CACHE,
- "interface_name": self.host,
- "manager_url": "http://{}:{}".format(self.manager_hostname, self.manager_port),
- }
- )
self.api.add_resource(Authz, *Authz.__urls__,
resource_class_kwargs={
"cache": CACHE,
-kombu !=4.0.1,!=4.0.0
-oslo.messaging
-oslo.config
-vine
flask
flask_restful
flask_cors
-babel
moon_utilities
\ No newline at end of file
Code Review / moon.git / commitdiff