def get_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, ADMIN_USER,
ADMIN_PASSWORD, ADMIN_TOKEN):
'''Ge Project detail of a domain
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- PROJECT_ID: id of project
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
Return:
- project detail
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"PROJECT_ID": "%s" % PROJECT_ID,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
}
self.logger.debug("FLOW get_project invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
ADMIN_PASSWORD)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
# Ensure DOMAIN_NAME and PROJECT_NAME
DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
PROJECT_ID, None)
self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))
# PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN,
# DOMAIN_ID)
# for project in PROJECTS:
# if project['id'] == PROJECT_ID:
# PROJECT = project
try:
PROJECT = self.idm.getProject(ADMIN_TOKEN, PROJECT_ID)
except Exception, ex:
PROJECT = {
'project': {
'description': PROJECT_NAME,
'domain_id': DOMAIN_ID,
'id': PROJECT_ID,
'name': '/' + PROJECT_NAME
}
}
self.logger.debug("PROJECT=%s" % PROJECT)
def user(self,
SERVICE_ID,
SERVICE_NAME,
USER_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN):
'''Get user detail
In case of HTTP error, return HTTP error
Params:
- SERVICE_ID: Service ID
- SERVICE_NAME: Service NAME
- USER_ID: User ID
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
'''
data_log = {
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_NAME": "%s" % SERVICE_NAME,
"USER_ID": "%s" % USER_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
}
self.logger.debug("FLOW user invoked with: %s" % json.dumps(
data_log,
indent=3)
)
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
DETAIL_USER = self.idm.detailUser(SERVICE_ADMIN_TOKEN,
USER_ID)
self.logger.debug("DETAIL_USER=%s" % json.dumps(DETAIL_USER, indent=3))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def list_activated_modules(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN):
'''List Activated IoT Modules
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- SERVICE_USER_NAME: Service admin username
- SERVICE_USER_PASSWORD: Service admin password
- SERVICE_USER_TOKEN: Service admin token
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
"SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
"SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
}
self.logger.debug("FLOW list_activated_modules invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_USER_TOKEN:
if not DOMAIN_ID:
SERVICE_USER_TOKEN = self.idm.getToken(
DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
DOMAIN_NAME)
else:
SERVICE_USER_TOKEN = self.idm.getToken2(
DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
# Ensure DOMAIN_NAME
DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
DOMAIN_ID, DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)
self.logger.debug("Trying to get list subscriptions from CB...")
cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN,
DOMAIN_NAME, "")
self.logger.debug("getListSubscriptions res=%s" %
json.dumps(cb_res, indent=3))
modules = self.cb.extract_modules_from_subscriptions(
self, IOTMODULES, cb_res)
self.logger.debug("modules=%s" % json.dumps(modules, indent=3))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def update_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
ADMIN_TOKEN, NEW_SERVICE_DESCRIPTION):
'''Update Domain.
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: Service Id
- DOMAIN_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_SERVICE_DESCRIPTION: New service description
Return:
- domain detail
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN),
"NEW_SERVICE_DESCRIPTION": "%s" % NEW_SERVICE_DESCRIPTION,
}
self.logger.debug("FLOW updateDomain invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
# UpdateDomain can be only done by cloud_admin
ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER,
ADMIN_PASSWORD)
if not DOMAIN_ID and DOMAIN_NAME:
DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME,
False)
if not DOMAIN_NAME:
DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
DOMAIN_NAME = DOMAIN['domain']['name']
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
DOMAIN = self.idm.updateDomain(ADMIN_TOKEN, DOMAIN_ID,
NEW_SERVICE_DESCRIPTION)
self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def projects(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
ADMIN_TOKEN):
'''Get Projects of a domain.
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
Return:
- project array list
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
}
self.logger.debug("FLOW projects invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
if not DOMAIN_ID:
ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
ADMIN_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
else:
ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
ADMIN_PASSWORD)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
# Ensure DOMAIN_NAME and PROJECT_NAME
DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID)
self.logger.debug("PROJECTS=%s" % json.dumps(PROJECTS, indent=3))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def get_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
ADMIN_TOKEN):
'''Get Domain.
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: Service Id
- DOMAIN_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
Return:
- domain detail
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
}
self.logger.debug("FLOW get_domain invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
if DOMAIN_ID:
ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
ADMIN_PASSWORD, False)
else:
ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
ADMIN_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
DOMAIN_NAME = DOMAIN['domain']['name']
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def getDomainRolePolicies(self, SERVICE_ID, SERVICE_NAME,
SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN, ROLE_NAME, ROLE_ID):
'''Get domain role policies
In case of HTTP error, return HTTP error
Params:
- SERVICE_ID: Service Id
- SERVICE_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- ROLE_NAME: Role Name
- ROLE_ID: Role Id
Return:
- XACML policies
'''
data_log = {
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"ROLE_NAME": "%s" % ROLE_NAME,
"ROLE_ID": "%s" % ROLE_ID,
}
self.logger.debug("FLOW get_domain_role_policies invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
# Get Role ID
if not ROLE_ID and ROLE_NAME:
if ROLE_NAME == "Admin":
SERVICE_ADMIN_ID = self.idm.getUserId(
SERVICE_ADMIN_TOKEN, SERVICE_ADMIN_USER)
# Get KEYSTONE CONF from base idm class
roles_flow = Roles(self.idm.KEYSTONE_PROTOCOL,
self.idm.KEYSTONE_HOST,
self.idm.KEYSTONE_PORT)
roles = roles_flow.roles_assignments(
SERVICE_ID, None, None, None, None, None,
SERVICE_ADMIN_ID, None, None, None,
SERVICE_ADMIN_TOKEN, True)
for role in roles['role_assignments']:
if role['role']['name'] == 'admin':
ROLE_ID = role['role']['id']
break
else:
ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, ROLE_NAME)
self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))
# Get policies in Access Control
if self.idm.isTokenAdmin(SERVICE_ADMIN_TOKEN, SERVICE_ID):
policies = self.ac.getRolePolicies(SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ROLE_ID)
self.logger.debug("POLICIES=%s" % policies)
else:
raise Exception("not admin role found to perform this action")
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def delete_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
ADMIN_TOKEN):
'''Delete a Domain.
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: Service Id
- DOMAIN_NAME: Service Name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
Return:
- domain detail
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
}
self.logger.debug("FLOW delete_domain invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER,
ADMIN_PASSWORD)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
if not DOMAIN_ID and DOMAIN_NAME:
# This only returns all DOMAINS for cloud_admin
DOMAINS = self.idm.getDomains(ADMIN_TOKEN)
for domain in DOMAINS['domains']:
if domain['name'] == DOMAIN_NAME:
DOMAIN_ID = domain['id']
break
if not DOMAIN_ID:
raise Exception(
404, "DOMAIN_NAME %s not found in domains by user %s" %
(DOMAIN_NAME, self.get_extended_token(ADMIN_TOKEN)))
if not DOMAIN_NAME:
DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
DOMAIN_NAME = DOMAIN['domain']['name']
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
# Get all subservices
projects = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID)
for project in projects['projects']:
PROJECT_NAME = project['name'].split('/')[1]
self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))
#
# Delete all devices in subservice
#
devices_deleted = self.iota.deleteAllDevices(
ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
if (len(devices_deleted) > 0):
self.logger.info("devices deleted %s", devices_deleted)
#
# Delete all subscriptions in subservice
#
subscriptions_deleted = self.cb.deleteAllSubscriptions(
ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
if (len(subscriptions_deleted) > 0):
self.logger.info("subscriptions deleted %s",
subscriptions_deleted)
#
# Delete all rules in a subservice
#
rules_deleted = self.perseo.deleteAllRules(
ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
if (len(rules_deleted) > 0):
self.logger.info("rules deleted %s", rules_deleted)
#
# Delete all devices
#
devices_deleted = self.iota.deleteAllDevices(
ADMIN_TOKEN, DOMAIN_NAME)
#
# Delete all subscriptions
#
subscriptions_deleted = self.cb.deleteAllSubscriptions(
ADMIN_TOKEN, DOMAIN_NAME)
if (len(subscriptions_deleted) > 0):
self.logger.info("subscriptions deleted %s",
subscriptions_deleted)
#
# Delete all roles
#
roles = self.idm.getDomainRoles(ADMIN_TOKEN, DOMAIN_ID)
for role in roles['roles']:
self.idm.removeRole(ADMIN_TOKEN, DOMAIN_ID, role['id'])
#
# Disable Domain
#
DOMAIN = self.idm.disableDomain(ADMIN_TOKEN, DOMAIN_ID)
self.idm.deleteDomain(ADMIN_TOKEN, DOMAIN_ID)
# Delete policy of roles in Access Control
self.ac.deleteTenantPolicies(DOMAIN_NAME, ADMIN_TOKEN)
self.logger.debug("DOMAIN=%s" % DOMAIN)
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def __init__(self,
KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT,
KEYPASS_PROTOCOL=None,
KEYPASS_HOST=None,
KEYPASS_PORT=None,
ORION_PROTOCOL="http",
ORION_HOST="localhost",
ORION_PORT="1026",
PERSEO_PROTOCOL="http",
PERSEO_HOST="localhost",
PERSEO_PORT="9090",
LDAP_HOST="localhost",
LDAP_PORT="389",
LDAP_BASEDN="dc=openstack,dc=org",
MAILER_HOST="localhost",
MAILER_PORT="587",
MAILER_USER="******",
MAILER_PASSWORD="******",
MAILER_FROM="smtpuser",
MAILER_TO="smtpuser",
TRANSACTION_ID=None,
CORRELATOR_ID=None):
# Generate Transaction ID
self.TRANSACTION_ID = uuid.uuid4()
if not CORRELATOR_ID:
self.CORRELATOR_ID = self.TRANSACTION_ID
else:
self.CORRELATOR_ID = CORRELATOR_ID
self.logger = logging.getLogger('orchestrator_core')
# Put collector into logger
self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID))
self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID))
self.logger.addFilter(ContextFilterService(None))
self.logger.addFilter(ContextFilterSubService(""))
self.idm = IdMOperations(KEYSTONE_PROTOCOL, KEYSTONE_HOST,
KEYSTONE_PORT)
self.ac = AccCOperations(KEYPASS_PROTOCOL,
KEYPASS_HOST,
KEYPASS_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.cb = CBOperations(ORION_PROTOCOL,
ORION_HOST,
ORION_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.perseo = PerseoOperations(PERSEO_PROTOCOL,
PERSEO_HOST,
PERSEO_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.ldap = OpenLdapOperations(LDAP_HOST,
LDAP_PORT,
LDAP_BASEDN,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.mailer = MailerOperations(MAILER_HOST,
MAILER_PORT,
MAILER_USER,
MAILER_PASSWORD,
MAILER_FROM,
MAILER_TO,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.endpoints = {}
self.iotmodules_aliases = {}
self.sum = {
"serviceTime": 0,
"serviceTimeTotal": 0,
"outgoingTransactions": 0,
"outgoingTransactionRequestSize": 0,
"outgoingTransactionResponseSize": 0,
"outgoingTransactionErrors": 0,
}
def createNewSubService(self,
SERVICE_NAME,
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
NEW_SUBSERVICE_NAME,
NEW_SUBSERVICE_DESCRIPTION,
NEW_SUBSERVICE_ADMIN_USER=None,
NEW_SUBSERVICE_ADMIN_PASSWORD=None,
NEW_SUBSERVICE_ADMIN_EMAIL=None):
'''Creates a new SubService (aka project keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_SUBSERVICE_NAME: New subservice name (required)
- NEW_SUBSERVICE_DESCRIPTION: New subservice description
- NEW_SUBSERVICE_ADMIN_USER: New subservice admin username
- NEW_SUBSERVICE_ADMIN_PASSWORD: New subservice admin password
- NEW_SUBSERVICE_ADMIN_EMAIL: New subservice admin email (optional)
Return:
- ID: New subservice id
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"NEW_SUBSERVICE_NAME": "%s" % NEW_SUBSERVICE_NAME,
"NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION,
"NEW_SUBSERVICE_ADMIN_USER": "******" % NEW_SUBSERVICE_ADMIN_USER,
"NEW_SUBSERVICE_ADMIN_PASSWORD":
"******" % NEW_SUBSERVICE_ADMIN_PASSWORD,
"NEW_SUBSERVICE_ADMIN_EMAIL": "%s" % NEW_SUBSERVICE_ADMIN_EMAIL
}
self.logger.debug("FLOW createNewSubService invoked with: %s" %
json.dumps(data_log, indent=3))
ID_PRO1 = None
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
#
# 1. Get service (aka domain)
#
if not SERVICE_ID:
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
self.logger.debug("ID of your service %s:%s" %
(SERVICE_NAME, SERVICE_ID))
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Create subservice (aka project)
#
ID_PRO1 = self.idm.createProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
NEW_SUBSERVICE_NAME,
NEW_SUBSERVICE_DESCRIPTION)
self.logger.debug("ID of new subservice %s: %s" %
(NEW_SUBSERVICE_NAME, ID_PRO1))
#
# 3. Create SubService Admin user (optional)
#
if NEW_SUBSERVICE_ADMIN_USER and NEW_SUBSERVICE_ADMIN_PASSWORD:
try:
ID_USER = self.idm.createUserDomain(
SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME,
NEW_SUBSERVICE_ADMIN_USER,
NEW_SUBSERVICE_ADMIN_PASSWORD,
NEW_SUBSERVICE_ADMIN_EMAIL, None)
except Exception, ex:
self.logger.warn("ERROR creating user %s: %s" %
(NEW_SUBSERVICE_ADMIN_USER, ex))
self.logger.info("Removing uncomplete created project %s" %
ID_PRO1)
self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
ID_PRO1)
self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1)
return self.composeErrorCode(ex)
self.logger.debug("ID of user %s: %s" %
(NEW_SUBSERVICE_ADMIN_USER, ID_USER))
ROLE_NAME = 'SubServiceAdmin'
ID_ROLE = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, ROLE_NAME)
self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ID_ROLE))
self.idm.grantProjectRole(SERVICE_ADMIN_TOKEN, ID_PRO1,
ID_USER, ID_ROLE)
except Exception, ex:
if ID_PRO1:
self.logger.info("removing uncomplete created project %s" %
ID_PRO1)
self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
ID_PRO1)
self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1)
self.logger.error(ex)
return self.composeErrorCode(ex)
def removeGroup(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, GROUP_NAME,
GROUP_ID):
'''Removes an group Service (aka domain group keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- GROUP_NAME: Group name
- GROUP_ID: Group id
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"GROUP_NAME": "%s" % GROUP_NAME,
"GROUP_ID": "%s" % GROUP_ID
}
self.logger.debug("FLOW remove group invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Get group ID
#
if not GROUP_ID:
GROUP_ID = self.idm.getDomainGroupId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, GROUP_NAME)
self.logger.debug("ID of group %s: %s" % (GROUP_NAME, GROUP_ID))
#
# 3. Remove group ID
#
self.idm.removeGroup(SERVICE_ADMIN_TOKEN, GROUP_ID)
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def delete_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME,
ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN):
'''Delete Project of domain
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- PROJECT_ID: id of project
- PROJECT_NAME: name of project
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"PROJECT_ID": "%s" % PROJECT_ID,
"PROJECT_NAME": "%s" % PROJECT_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
}
self.logger.debug("FLOW get_project invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
if not DOMAIN_ID:
ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
ADMIN_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
else:
ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
ADMIN_PASSWORD)
# Ensure DOMAIN_NAME and PROJECT_NAME
DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
if not PROJECT_ID:
PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME,
PROJECT_NAME)
PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
PROJECT_ID,
PROJECT_NAME)
self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))
self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
self.logger.debug("PROJECT_NAME=%s" % PROJECT_NAME)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
#
# Delete all subscriptions
#
subscriptions_deleted = self.cb.deleteAllSubscriptions(
ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
if (len(subscriptions_deleted) > 0):
self.logger.info("subscriptions deleted %s",
subscriptions_deleted)
#
# Delete all rules in a subservice
#
rules_deleted = self.perseo.deleteAllRules(ADMIN_TOKEN,
DOMAIN_NAME,
PROJECT_NAME)
if (len(rules_deleted) > 0):
self.logger.info("rules deleted %s", rules_deleted)
PROJECT = self.idm.disableProject(ADMIN_TOKEN, DOMAIN_ID,
PROJECT_ID)
self.idm.deleteProject(ADMIN_TOKEN, PROJECT_ID)
self.logger.debug("PROJECT=%s" % PROJECT)
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def update_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME,
ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN,
NEW_SUBSERVICE_DESCRIPTION):
'''Update Project detail of a domain
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- PROJECT_ID: id of project
- PROJECT_NAME: name of project
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_SUBSERVICE_DESCRIPTION: New subservice description
Return:
- project detail
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"PROJECT_ID": "%s" % PROJECT_ID,
"PROJECT_NAME": "%s" % PROJECT_NAME,
"ADMIN_USER": "******" % ADMIN_USER,
"ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
"ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN),
"NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION,
}
self.logger.debug("FLOW update_project invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not ADMIN_TOKEN:
if not DOMAIN_ID:
ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
ADMIN_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
else:
ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
ADMIN_PASSWORD)
self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
# Ensure DOMAIN_NAME and PROJECT_NAME
DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
if not PROJECT_ID:
PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME,
PROJECT_NAME)
PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
PROJECT_ID,
PROJECT_NAME)
self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))
PROJECT = self.idm.updateProject(ADMIN_TOKEN, DOMAIN_ID,
PROJECT_ID,
NEW_SUBSERVICE_DESCRIPTION)
self.logger.debug("PROJECT=%s" % PROJECT)
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
import jsonschema
import logging
from rest_framework.exceptions import ParseError
from rest_framework.parsers import JSONParser
from orchestrator.api import schemas
from orchestrator.common.util import ContextFilterCorrelatorId
from orchestrator.common.util import ContextFilterTransactionId
from orchestrator.common.util import ContextFilterService
from orchestrator.common.util import ContextFilterSubService
logger = logging.getLogger('orchestrator_api')
logger.addFilter(ContextFilterCorrelatorId("n/a"))
logger.addFilter(ContextFilterTransactionId("n/a"))
logger.addFilter(ContextFilterService("None"))
logger.addFilter(ContextFilterSubService(""))
class JSONSchemaParser(JSONParser):
def parse(self, stream, media_type=None, parser_context=None):
data = super(JSONSchemaParser, self).parse(stream, media_type,
parser_context)
try:
jsonschema.validate(
data, schemas.json[parser_context['view'].schema_name])
except (ValueError, jsonschema.exceptions.ValidationError) as error:
logger.debug(error.message)
raise ParseError(detail=error.message)
else:
return data
def removeUser(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, USER_NAME,
USER_ID):
'''Removes an user Service (aka domain user keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service name
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- USER_NAME: User name
- USER_ID: User id
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"USER_NAME": "%s" % USER_NAME,
"USER_ID": "%s" % USER_ID
}
self.logger.debug("FLOW remove user invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Get user ID
#
if not USER_ID:
USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, USER_NAME)
self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID))
# TODO: disable us before remove it ?
#
# 3. Remove user ID
#
self.idm.removeUser(SERVICE_ADMIN_TOKEN, USER_ID)
# self.logger.debug("ID of user %s: %s" % (USER_NAME, ID_USER))
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def groups(self,
SERVICE_NAME,
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
START_INDEX=None,
COUNT=None):
'''Get groups.
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- START_INDEX: where pagination start
- COUNT: number of results
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"START_INDEX": "%s" % START_INDEX,
"COUNT": "%s" % COUNT,
}
self.logger.debug("FLOW groups invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
SERVICE_GROUPS = self.idm.getDomainGroups(SERVICE_ADMIN_TOKEN,
SERVICE_ID, START_INDEX,
COUNT)
self.logger.debug("SERVICE_GROUPS=%s" %
json.dumps(SERVICE_GROUPS, indent=3))
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def activate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN, IOTMODULE):
'''Activate Module
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- SERVICE_USER_NAME: Service admin username
- SERVICE_USER_PASSWORD: Service admin password
- SERVICE_USER_TOKEN: Service admin token
- IOTMODULE: IoT Module to activate: STH, PERSEO
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
"SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
"SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
"IOTMODULE": "%s" % IOTMODULE,
}
self.logger.debug("FLOW activate_module invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_USER_TOKEN:
if not DOMAIN_ID:
SERVICE_USER_TOKEN = self.idm.getToken(
DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
DOMAIN_NAME)
else:
SERVICE_USER_TOKEN = self.idm.getToken2(
DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
# Ensure DOMAIN_NAME
DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
DOMAIN_ID, DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)
REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE)
DURATION = "P1Y"
# Set default ATTRIBUTES for subscription
ATTRIBUTES = []
# self.logger.debug("Trying to getContextTypes...")
# cb_res = self.cb.getContextTypes(
# SERVICE_USER_TOKEN,
# DOMAIN_NAME,
# "",
# None)
# self.logger.debug("getContextTypes res=%s" % cb_res)
# for entity_type in cb_res['types']:
# for att in entity_type["attributes"] :
# ATTRIBUTES.append(att)
# Set default ENTITIES for subscription
ENTITIES = [{"isPattern": "true", "id": ".*"}]
# Set default Notify conditions
NOTIFY_ATTRIBUTES = []
NOTIFY_ATTRIBUTES.append("TimeInstant")
NOTIFY_CONDITIONS = [{
"type": "ONCHANGE",
"condValues": NOTIFY_ATTRIBUTES
}]
self.logger.debug("Trying to subscribe moduleiot in CB...")
cb_res = self.cb.subscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME,
"", REFERENCE_URL, DURATION,
ENTITIES, ATTRIBUTES,
NOTIFY_CONDITIONS)
self.logger.debug("subscribeContext res=%s" % cb_res)
subscriptionid = cb_res['subscribeResponse']['subscriptionId']
self.logger.debug("subscription id=%s" % subscriptionid)
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def deactivate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN,
IOTMODULE):
''' Deactivate IoT Module
In case of HTTP error, return HTTP error
Params:
- DOMAIN_ID: id of domain
- DOMAIN_NAME: name of domain
- SERVICE_USER_NAME: Service admin username
- SERVICE_USER_PASSWORD: Service admin password
- SERVICE_USER_TOKEN: Service admin token
- IOTMODULE: IoT Module to activate: STH, PERSEO
'''
data_log = {
"DOMAIN_ID": "%s" % DOMAIN_ID,
"DOMAIN_NAME": "%s" % DOMAIN_NAME,
"SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
"SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
"SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
"IOTMODULE": "%s" % IOTMODULE,
}
self.logger.debug("FLOW deactivate_module invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_USER_TOKEN:
if not DOMAIN_ID:
SERVICE_USER_TOKEN = self.idm.getToken(
DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
DOMAIN_NAME)
else:
SERVICE_USER_TOKEN = self.idm.getToken2(
DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
# Ensure DOMAIN_NAME
DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
DOMAIN_ID, DOMAIN_NAME)
self.logger.addFilter(ContextFilterService(DOMAIN_NAME))
self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)
REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE)
self.logger.debug("Trying to get list subscriptions from CB...")
cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN,
DOMAIN_NAME, "")
self.logger.debug("getListSubscriptions res=%s" %
json.dumps(cb_res, indent=3))
for sub in cb_res:
subs_url = self.cb.get_subscription_callback_endpoint(sub)
subscriptionid = sub['id']
if subs_url.startswith(REFERENCE_URL):
self.cb.unsubscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME,
"", sub['id'])
break
# self.logger.debug("subscribeContext res=%s" % cb_res)
# subscriptionid = cb_res['subscribeResponse']['subscriptionId']
# self.logger.debug("subscription id=%s" % subscriptionid)
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def changeUserPassword(self,
SERVICE_NAME,
SERVICE_ID,
USER_ID,
SERVICE_USER_NAME,
SERVICE_USER_PASSWORD,
SERVICE_USER_TOKEN,
NEW_USER_PASSWORD):
'''Change user password.
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- USER_ID: user id
- SERVICE_USER_NAME: Service admin username
- SERVICE_USER_PASSWORD: Service admin password
- SERVICE_USER_TOKEN: Service admin token
- NEW_USER_PASSWORD: new user password
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"USER_ID": "%s" % USER_ID,
"SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
"SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
"SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
"NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD
}
self.logger.debug("FLOW change password invoked with: %s" % json.dumps(
data_log,
indent=3)
)
try:
if not SERVICE_USER_TOKEN:
if not SERVICE_ID:
SERVICE_USER_TOKEN = self.idm.getToken(
SERVICE_NAME,
SERVICE_USER_NAME,
SERVICE_USER_PASSWORD,
SCOPED=False)
SERVICE_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
SERVICE_NAME,
SCOPED=False)
else:
SERVICE_USER_TOKEN = self.idm.getToken2(
SERVICE_ID,
SERVICE_USER_NAME,
SERVICE_USER_PASSWORD,
SCOPED=False)
self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Get user ID
#
if not USER_ID and SERVICE_USER_NAME:
USER_ID = self.idm.getUserId(SERVICE_USER_TOKEN,
SERVICE_USER_NAME)
self.logger.debug("ID of user %s: %s" % (SERVICE_USER_NAME, USER_ID))
#
# 3. ChangeUserPassword
#
self.idm.changeUserPassword(SERVICE_USER_TOKEN,
USER_ID,
SERVICE_USER_PASSWORD,
NEW_USER_PASSWORD)
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def createNewServiceRole(self, SERVICE_ID, SERVICE_NAME,
SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN, NEW_ROLE_NAME, XACML_POLICY):
'''Creates a new role Service (aka domain role keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_ID: Service Id
- SERVICE_NAME: Service name
- SERVICE_ADMIN_USER: Service admin token
- SERVICE_ADMIN_PASSWORD: Service admin token
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_ROLE_NAME: New role name
- XACML_POLICY: XACML POLICY for new role
Return:
- id: New role Id
'''
data_log = {
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"NEW_ROLE_NAME": "%s" % NEW_ROLE_NAME,
"XACML_POLICY": "%s" % XACML_POLICY
}
self.logger.debug("FLOW createNewServiceRole invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
#
# 1. Get service (aka domain)
#
if not SERVICE_ID:
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
self.logger.debug("ID of your service %s:%s" %
(SERVICE_NAME, SERVICE_ID))
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Create role
#
ID_ROLE = self.idm.createRoleDomain(SERVICE_ADMIN_TOKEN,
SERVICE_ID, NEW_ROLE_NAME)
self.logger.debug("ID of user %s: %s" % (NEW_ROLE_NAME, ID_ROLE))
#
# 3. Provision policy provided in keypass
#
if XACML_POLICY:
self.logger.debug("set XACML_POLICY %s for role %s" %
(XACML_POLICY, ID_ROLE))
self.ac.provisionPolicyByContent(SERVICE_NAME,
SERVICE_ADMIN_TOKEN, ID_ROLE,
XACML_POLICY)
if NEW_ROLE_NAME == 'ServiceCustomer':
self.logger.debug("set default XACML policies for role %s" %
NEW_ROLE_NAME)
self.ac.provisionPolicy(
SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ID_ROLE,
POLICY_FILE_NAME='policy-orion-customer2.xml')
self.ac.provisionPolicy(
SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ID_ROLE,
POLICY_FILE_NAME='policy-perseo-customer2.xml')
self.ac.provisionPolicy(
SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ID_ROLE,
POLICY_FILE_NAME='policy-iotagent-customer2.xml')
self.ac.provisionPolicy(
SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ID_ROLE,
POLICY_FILE_NAME='policy-sth-customer2.xml')
self.ac.provisionPolicy(
SERVICE_NAME,
SERVICE_ADMIN_TOKEN,
ID_ROLE,
POLICY_FILE_NAME='policy-keypass-customer2.xml')
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def __init__(self,
KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT,
KEYPASS_PROTOCOL=None,
KEYPASS_HOST=None,
KEYPASS_PORT=None,
IOTA_PROTOCOL="http",
IOTA_HOST="localhost",
IOTA_PORT="4041",
ORION_PROTOCOL="http",
ORION_HOST="localhost",
ORION_PORT="1026",
CA_PROTOCOL="http",
CA_HOST="localhost",
CA_PORT="9999",
PERSEO_PROTOCOL="http",
PERSEO_HOST="localhost",
PERSEO_PORT="9090",
TRANSACTION_ID=None,
CORRELATOR_ID=None):
# Generate Transaction ID
self.TRANSACTION_ID = uuid.uuid4()
if not CORRELATOR_ID:
self.CORRELATOR_ID = self.TRANSACTION_ID
else:
self.CORRELATOR_ID = CORRELATOR_ID
self.logger = logging.getLogger('orchestrator_core')
# Put collector into logger
self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID))
self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID))
self.logger.addFilter(ContextFilterService(None))
self.logger.addFilter(ContextFilterSubService(""))
self.idm = IdMOperations(KEYSTONE_PROTOCOL,
KEYSTONE_HOST,
KEYSTONE_PORT)
self.ac = AccCOperations(KEYPASS_PROTOCOL,
KEYPASS_HOST,
KEYPASS_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.iota = IoTAOperations(IOTA_PROTOCOL,
IOTA_HOST,
IOTA_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.cb = CBOperations(ORION_PROTOCOL,
ORION_HOST,
ORION_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
self.perseo = PerseoOperations(PERSEO_PROTOCOL,
PERSEO_HOST,
PERSEO_PORT,
CORRELATOR_ID=self.CORRELATOR_ID,
TRANSACTION_ID=self.TRANSACTION_ID)
if CA_PROTOCOL:
# CA for Blackbutton notification flow
self.ca_endpoint = CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+"/v1"+"/notify"
self.endpoints = {}
self.iotmodules_aliases = {}
if CA_PROTOCOL:
# CA for Geolocation
self.endpoints['CA'] = \
CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+""+"/v1/notifyGeolocation"
self.sum = {
"serviceTime": 0,
"serviceTimeTotal": 0,
"outgoingTransactions": 0,
"outgoingTransactionRequestSize": 0,
"outgoingTransactionResponseSize": 0,
"outgoingTransactionErrors": 0,
}
def updateUser(self,
SERVICE_NAME,
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
USER_NAME,
USER_ID,
USER_DATA_VALUE):
'''Update an User Service (aka domain user keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- USER_NAME: User name
- USER_ID: User Id
- USER_DATA_VALUE: user data value in json
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
"USER_NAME": "%s" % USER_NAME,
"USER_ID": "%s" % USER_ID,
"USER_DATA_VALUE": "%s" % USER_DATA_VALUE
}
self.logger.debug("FLOW updateUser invoked with: %s" % json.dumps(
data_log,
indent=3)
)
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Get user ID
#
if not USER_ID:
USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
USER_NAME)
self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID))
#
# 3. Updateuser
#
self.idm.updateUser(SERVICE_ADMIN_TOKEN,
USER_ID,
USER_DATA_VALUE)
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def users(self,
SERVICE_NAME,
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
START_INDEX=None,
COUNT=None):
'''Get users.
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- START_INDEX: where pagination start
- COUNT: number of results
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
"START_INDEX": "%s" % START_INDEX,
"COUNT": "%s" % COUNT,
}
self.logger.debug("FLOW users invoked with: %s" % json.dumps(
data_log,
indent=3)
)
try:
if not SERVICE_ADMIN_TOKEN:
if not SERVICE_ID:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
else:
SERVICE_ADMIN_TOKEN = self.idm.getToken2(
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
# SERVICE_ROLES = self.idm.getDomainRoles(SERVICE_ADMIN_TOKEN,
# SERVICE_ID)
# self.logger.debug("SERVICE_ROLES=%s" % json.dumps(SERVICE_ROLES,
# indent=3))
SERVICE_USERS = self.idm.getDomainUsers(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
START_INDEX,
COUNT)
self.logger.debug("SERVICE_USERS=%s" % json.dumps(SERVICE_USERS,
indent=3))
# Get Roles de SubServicio
# Listar los usuarios de un Servicio
# Obtener roles de usuario
# Listar los usuarios de un Subservicio
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
def createNewServiceUser(self,
SERVICE_NAME,
SERVICE_ID,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN,
NEW_USER_NAME,
NEW_USER_PASSWORD,
NEW_USER_EMAIL,
NEW_USER_DESCRIPTION):
'''Creates a new user Service (aka domain user keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_USER_NAME: New user name (required)
- NEW_USER_PASSWORD: New user password (required)
- NEW_USER_EMAIL: New user email (optional)
- NEW_USER_DESCRIPTION: New user description (optional)
Return:
- id: New user Id
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
"NEW_USER_NAME": "%s" % NEW_USER_NAME,
"NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD,
"NEW_USER_EMAIL": "%s" % NEW_USER_EMAIL,
"NEW_USER_DESCRIPTION": "%s" % NEW_USER_DESCRIPTION
}
self.logger.debug("FLOW createNewServiceUser invoked with: %s" % json.dumps(
data_log,
indent=3)
)
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken(SERVICE_NAME,
SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
#
# 1. Get service (aka domain)
#
if not SERVICE_ID:
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME,
SERVICE_ID))
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Create user
#
ID_USER = self.idm.createUserDomain(SERVICE_ADMIN_TOKEN,
SERVICE_ID,
SERVICE_NAME,
NEW_USER_NAME,
NEW_USER_PASSWORD,
NEW_USER_EMAIL,
NEW_USER_DESCRIPTION)
self.logger.debug("ID of user %s: %s" % (NEW_USER_NAME, ID_USER))
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
import json
from django.conf import settings
from orchestrator.core.keystone import IdMKeystoneOperations as IdMOperations
from orchestrator.core.keypass import AccCKeypassOperations as AccCOperations
from orchestrator.common.util import ContextFilterCorrelatorId
from orchestrator.common.util import ContextFilterTransactionId
from orchestrator.common.util import ContextFilterService
from orchestrator.common.util import ContextFilterSubService
logger = logging.getLogger('orchestrator_api')
logger.addFilter(ContextFilterCorrelatorId("n/a"))
logger.addFilter(ContextFilterTransactionId("n/a"))
logger.addFilter(ContextFilterService("None"))
logger.addFilter(ContextFilterSubService(""))
logger1 = logging.getLogger('orchestrator_core')
logger1.addFilter(ContextFilterCorrelatorId("n/a"))
logger1.addFilter(ContextFilterTransactionId("n/a"))
logger1.addFilter(ContextFilterService("None"))
logger1.addFilter(ContextFilterSubService(""))
logger2 = logging.getLogger('django')
logger2.addFilter(ContextFilterCorrelatorId("n/a"))
logger2.addFilter(ContextFilterTransactionId("n/a"))
logger2.addFilter(ContextFilterService("None"))
logger2.addFilter(ContextFilterSubService(""))
logger3 = logging.getLogger('django.request')
def createTrustToken(self, SERVICE_NAME, SERVICE_ID, SUBSERVICE_NAME,
SUBSERVICE_ID, SERVICE_ADMIN_USER,
SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN,
ROLE_NAME, ROLE_ID, TRUSTEE_USER_NAME,
TRUSTEE_USER_ID, TRUSTOR_USER_NAME, TRUSTOR_USER_ID):
'''Creates a trust token
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- SUBSERVICE_NAME: SubService name
- SUBSERVICE_ID: SubService Id
- SERVICE_ADMIN_USER: Service admin token
- SERVICE_ADMIN_PASSWORD: Service admin token
- SERVICE_ADMIN_TOKEN: Service admin token
- ROLE_NAME: Role name
- ROLE_ID: Role name
- TRUSTEE_USER_NAME:
- TRUSTEE_USER_ID:
- TRUSTOR_USER_NAME:
- TRUSTOR_USER_ID:
Return:
- token: Trust Token
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SUBSERVICE_NAME": "%s" % SUBSERVICE_NAME,
"SUBSERVICE_ID": "%s" % SUBSERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"ROLE_NAME": "%s" % ROLE_NAME,
"ROLE_ID": "%s" % ROLE_ID,
"TRUSTEE_USER_NAME": "%s" % TRUSTEE_USER_NAME,
"TRUSTEE_USER_ID": "%s" % TRUSTEE_USER_ID,
"TRUSTOR_USER_NAME": "%s" % TRUSTOR_USER_NAME,
"TRUSTOR_USER_ID": "%s" % TRUSTOR_USER_ID,
}
self.logger.debug("FLOW createTrustToken invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
#
# 1. Get service (aka domain)
#
if not SERVICE_ID and SERVICE_NAME:
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
self.logger.debug("ID of your service %s" % SERVICE_ID)
if not SERVICE_NAME:
SERVICE = self.idm.getDomain(SERVICE_ADMIN_TOKEN, SERVICE_ID)
SERVICE_NAME = SERVICE['domain']['name']
self.logger.debug("ID of your service %s:%s" %
(SERVICE_NAME, SERVICE_ID))
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
#
# 2. Get SubService (aka project)
#
if not SUBSERVICE_ID and SUBSERVICE_NAME:
SUBSERVICE_ID = self.idm.getProjectId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME,
SUBSERVICE_NAME)
self.logger.debug("ID of your subservice %s:%s" %
(SUBSERVICE_NAME, SUBSERVICE_ID))
self.logger.addFilter(ContextFilterSubService(SUBSERVICE_NAME))
#
# 3. Get role
#
if not ROLE_ID and ROLE_NAME:
if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME:
ROLE_ID = self.idm.getUserRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SUBSERVICE_ID,
ROLE_NAME)
else:
ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
SERVICE_ID, ROLE_NAME)
self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))
#
# 4. Get Trustee User
#
if not TRUSTEE_USER_ID and TRUSTEE_USER_NAME:
# We are asuming that trustee belong to SERVICE!!
if TRUSTEE_USER_NAME == "iotagent":
IOTAGENT_TOKEN = self.idm.getToken('default',
IOTAGENT['user'],
IOTAGENT['password'],
False)
TRUSTEE_USER_ID = self.idm.getUserId(
IOTAGENT_TOKEN, TRUSTEE_USER_NAME)
else:
TRUSTEE_USER_ID = self.idm.getDomainUserId(
SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTEE_USER_NAME)
self.logger.debug("ID of trustee user %s: %s" %
(TRUSTEE_USER_NAME, TRUSTEE_USER_ID))
#
# 5. Get Trustor User
#
if not TRUSTOR_USER_ID and TRUSTOR_USER_NAME:
if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME:
TRUSTOR_USER_ID = self.idm.getUserId(
SERVICE_ADMIN_TOKEN, TRUSTOR_USER_NAME)
else:
TRUSTOR_USER_ID = self.idm.getDomainUserId(
SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTOR_USER_NAME)
self.logger.debug("ID of trustor user %s: %s" %
(TRUSTOR_USER_NAME, TRUSTOR_USER_ID))
#
# 6. Create trust
#
ID_TRUST = self.idm.createTrustToken(SERVICE_ADMIN_TOKEN,
SUBSERVICE_ID, ROLE_ID,
TRUSTEE_USER_ID,
TRUSTOR_USER_ID)
self.logger.debug("ID of Trust %s" % (ID_TRUST))
except Exception, ex:
self.logger.error(ex)
return self.composeErrorCode(ex)
def createNewServiceGroup(self, SERVICE_NAME, SERVICE_ID,
SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
SERVICE_ADMIN_TOKEN, NEW_SERVICE_GROUP_NAME,
NEW_SERVICE_GROUP_DESCRIPTION):
'''Creates a new group Service (aka domain group keystone).
In case of HTTP error, return HTTP error
Params:
- SERVICE_NAME: Service name
- SERVICE_ID: Service Id
- SERVICE_ADMIN_USER: Service admin username
- SERVICE_ADMIN_PASSWORD: Service admin password
- SERVICE_ADMIN_TOKEN: Service admin token
- NEW_SERVICE_GROUP_NAME: New group name (required)
- NEW_SERVICE_GROUP_DESCRIPTION: New group description (optional)
Return:
- id: New group Id
'''
data_log = {
"SERVICE_NAME": "%s" % SERVICE_NAME,
"SERVICE_ID": "%s" % SERVICE_ID,
"SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
"SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
"SERVICE_ADMIN_TOKEN":
self.get_extended_token(SERVICE_ADMIN_TOKEN),
"NEW_SERVICE_GROUP_NAME": "%s" % NEW_SERVICE_GROUP_NAME,
"NEW_SERVICE_GROUP_DESCRIPTION":
"%s" % NEW_SERVICE_GROUP_DESCRIPTION
}
self.logger.debug("FLOW createNewServiceGroup invoked with: %s" %
json.dumps(data_log, indent=3))
try:
if not SERVICE_ADMIN_TOKEN:
SERVICE_ADMIN_TOKEN = self.idm.getToken(
SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)
#
# 1. Get service (aka domain)
#
if not SERVICE_ID:
SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
SERVICE_NAME)
self.logger.debug("ID of your service %s:%s" %
(SERVICE_NAME, SERVICE_ID))
# Ensure SERVICE_NAME
SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
SERVICE_ID, SERVICE_NAME)
self.logger.addFilter(ContextFilterService(SERVICE_NAME))
self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
#
# 2. Create group
#
ID_GROUP = self.idm.createGroupDomain(
SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME,
NEW_SERVICE_GROUP_NAME, NEW_SERVICE_GROUP_DESCRIPTION)
self.logger.debug("ID of group %s: %s" %
(NEW_SERVICE_GROUP_NAME, ID_GROUP))
except Exception, ex:
error_code = self.composeErrorCode(ex)
self.logError(self.logger, error_code, ex)
return error_code
