def get_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN): '''Ge Project detail of a domain In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - PROJECT_ID: id of project - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token Return: - project detail ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "PROJECT_ID": "%s" % PROJECT_ID, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN) } self.logger.debug("FLOW get_project invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER, ADMIN_PASSWORD) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) # Ensure DOMAIN_NAME and PROJECT_NAME DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID, PROJECT_ID, None) self.logger.addFilter(ContextFilterSubService(PROJECT_NAME)) # PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN, # DOMAIN_ID) # for project in PROJECTS: # if project['id'] == PROJECT_ID: # PROJECT = project try: PROJECT = self.idm.getProject(ADMIN_TOKEN, PROJECT_ID) except Exception, ex: PROJECT = { 'project': { 'description': PROJECT_NAME, 'domain_id': DOMAIN_ID, 'id': PROJECT_ID, 'name': '/' + PROJECT_NAME } } self.logger.debug("PROJECT=%s" % PROJECT)
def user(self, SERVICE_ID, SERVICE_NAME, USER_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN): '''Get user detail In case of HTTP error, return HTTP error Params: - SERVICE_ID: Service ID - SERVICE_NAME: Service NAME - USER_ID: User ID - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token ''' data_log = { "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_NAME": "%s" % SERVICE_NAME, "USER_ID": "%s" % USER_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), } self.logger.debug("FLOW user invoked with: %s" % json.dumps( data_log, indent=3) ) try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) DETAIL_USER = self.idm.detailUser(SERVICE_ADMIN_TOKEN, USER_ID) self.logger.debug("DETAIL_USER=%s" % json.dumps(DETAIL_USER, indent=3)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def list_activated_modules(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN): '''List Activated IoT Modules In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - SERVICE_USER_NAME: Service admin username - SERVICE_USER_PASSWORD: Service admin password - SERVICE_USER_TOKEN: Service admin token ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME, "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD, "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN), } self.logger.debug("FLOW list_activated_modules invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_USER_TOKEN: if not DOMAIN_ID: SERVICE_USER_TOKEN = self.idm.getToken( DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN, DOMAIN_NAME) else: SERVICE_USER_TOKEN = self.idm.getToken2( DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) # Ensure DOMAIN_NAME DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME) self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN) self.logger.debug("Trying to get list subscriptions from CB...") cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN, DOMAIN_NAME, "") self.logger.debug("getListSubscriptions res=%s" % json.dumps(cb_res, indent=3)) modules = self.cb.extract_modules_from_subscriptions( self, IOTMODULES, cb_res) self.logger.debug("modules=%s" % json.dumps(modules, indent=3)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def update_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN, NEW_SERVICE_DESCRIPTION): '''Update Domain. In case of HTTP error, return HTTP error Params: - DOMAIN_ID: Service Id - DOMAIN_NAME: Service Name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - NEW_SERVICE_DESCRIPTION: New service description Return: - domain detail ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN), "NEW_SERVICE_DESCRIPTION": "%s" % NEW_SERVICE_DESCRIPTION, } self.logger.debug("FLOW updateDomain invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: # UpdateDomain can be only done by cloud_admin ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER, ADMIN_PASSWORD) if not DOMAIN_ID and DOMAIN_NAME: DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME, False) if not DOMAIN_NAME: DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID) DOMAIN_NAME = DOMAIN['domain']['name'] self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) DOMAIN = self.idm.updateDomain(ADMIN_TOKEN, DOMAIN_ID, NEW_SERVICE_DESCRIPTION) self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def projects(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN): '''Get Projects of a domain. In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token Return: - project array list ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN) } self.logger.debug("FLOW projects invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: if not DOMAIN_ID: ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD) DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME) else: ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER, ADMIN_PASSWORD) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) # Ensure DOMAIN_NAME and PROJECT_NAME DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID) self.logger.debug("PROJECTS=%s" % json.dumps(PROJECTS, indent=3)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def get_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN): '''Get Domain. In case of HTTP error, return HTTP error Params: - DOMAIN_ID: Service Id - DOMAIN_NAME: Service Name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token Return: - domain detail ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN) } self.logger.debug("FLOW get_domain invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: if DOMAIN_ID: ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER, ADMIN_PASSWORD, False) else: ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD) DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID) DOMAIN_NAME = DOMAIN['domain']['name'] self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def getDomainRolePolicies(self, SERVICE_ID, SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, ROLE_NAME, ROLE_ID): '''Get domain role policies In case of HTTP error, return HTTP error Params: - SERVICE_ID: Service Id - SERVICE_NAME: Service Name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - ROLE_NAME: Role Name - ROLE_ID: Role Id Return: - XACML policies ''' data_log = { "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "ROLE_NAME": "%s" % ROLE_NAME, "ROLE_ID": "%s" % ROLE_ID, } self.logger.debug("FLOW get_domain_role_policies invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # Get Role ID if not ROLE_ID and ROLE_NAME: if ROLE_NAME == "Admin": SERVICE_ADMIN_ID = self.idm.getUserId( SERVICE_ADMIN_TOKEN, SERVICE_ADMIN_USER) # Get KEYSTONE CONF from base idm class roles_flow = Roles(self.idm.KEYSTONE_PROTOCOL, self.idm.KEYSTONE_HOST, self.idm.KEYSTONE_PORT) roles = roles_flow.roles_assignments( SERVICE_ID, None, None, None, None, None, SERVICE_ADMIN_ID, None, None, None, SERVICE_ADMIN_TOKEN, True) for role in roles['role_assignments']: if role['role']['name'] == 'admin': ROLE_ID = role['role']['id'] break else: ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN, SERVICE_ID, ROLE_NAME) self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID)) # Get policies in Access Control if self.idm.isTokenAdmin(SERVICE_ADMIN_TOKEN, SERVICE_ID): policies = self.ac.getRolePolicies(SERVICE_NAME, SERVICE_ADMIN_TOKEN, ROLE_ID) self.logger.debug("POLICIES=%s" % policies) else: raise Exception("not admin role found to perform this action") except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def delete_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN): '''Delete a Domain. In case of HTTP error, return HTTP error Params: - DOMAIN_ID: Service Id - DOMAIN_NAME: Service Name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token Return: - domain detail ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN) } self.logger.debug("FLOW delete_domain invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER, ADMIN_PASSWORD) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) if not DOMAIN_ID and DOMAIN_NAME: # This only returns all DOMAINS for cloud_admin DOMAINS = self.idm.getDomains(ADMIN_TOKEN) for domain in DOMAINS['domains']: if domain['name'] == DOMAIN_NAME: DOMAIN_ID = domain['id'] break if not DOMAIN_ID: raise Exception( 404, "DOMAIN_NAME %s not found in domains by user %s" % (DOMAIN_NAME, self.get_extended_token(ADMIN_TOKEN))) if not DOMAIN_NAME: DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID) DOMAIN_NAME = DOMAIN['domain']['name'] self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) # Get all subservices projects = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID) for project in projects['projects']: PROJECT_NAME = project['name'].split('/')[1] self.logger.addFilter(ContextFilterSubService(PROJECT_NAME)) # # Delete all devices in subservice # devices_deleted = self.iota.deleteAllDevices( ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) if (len(devices_deleted) > 0): self.logger.info("devices deleted %s", devices_deleted) # # Delete all subscriptions in subservice # subscriptions_deleted = self.cb.deleteAllSubscriptions( ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) if (len(subscriptions_deleted) > 0): self.logger.info("subscriptions deleted %s", subscriptions_deleted) # # Delete all rules in a subservice # rules_deleted = self.perseo.deleteAllRules( ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) if (len(rules_deleted) > 0): self.logger.info("rules deleted %s", rules_deleted) # # Delete all devices # devices_deleted = self.iota.deleteAllDevices( ADMIN_TOKEN, DOMAIN_NAME) # # Delete all subscriptions # subscriptions_deleted = self.cb.deleteAllSubscriptions( ADMIN_TOKEN, DOMAIN_NAME) if (len(subscriptions_deleted) > 0): self.logger.info("subscriptions deleted %s", subscriptions_deleted) # # Delete all roles # roles = self.idm.getDomainRoles(ADMIN_TOKEN, DOMAIN_ID) for role in roles['roles']: self.idm.removeRole(ADMIN_TOKEN, DOMAIN_ID, role['id']) # # Disable Domain # DOMAIN = self.idm.disableDomain(ADMIN_TOKEN, DOMAIN_ID) self.idm.deleteDomain(ADMIN_TOKEN, DOMAIN_ID) # Delete policy of roles in Access Control self.ac.deleteTenantPolicies(DOMAIN_NAME, ADMIN_TOKEN) self.logger.debug("DOMAIN=%s" % DOMAIN) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def __init__(self, KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT, KEYPASS_PROTOCOL=None, KEYPASS_HOST=None, KEYPASS_PORT=None, ORION_PROTOCOL="http", ORION_HOST="localhost", ORION_PORT="1026", PERSEO_PROTOCOL="http", PERSEO_HOST="localhost", PERSEO_PORT="9090", LDAP_HOST="localhost", LDAP_PORT="389", LDAP_BASEDN="dc=openstack,dc=org", MAILER_HOST="localhost", MAILER_PORT="587", MAILER_USER="******", MAILER_PASSWORD="******", MAILER_FROM="smtpuser", MAILER_TO="smtpuser", TRANSACTION_ID=None, CORRELATOR_ID=None): # Generate Transaction ID self.TRANSACTION_ID = uuid.uuid4() if not CORRELATOR_ID: self.CORRELATOR_ID = self.TRANSACTION_ID else: self.CORRELATOR_ID = CORRELATOR_ID self.logger = logging.getLogger('orchestrator_core') # Put collector into logger self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID)) self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID)) self.logger.addFilter(ContextFilterService(None)) self.logger.addFilter(ContextFilterSubService("")) self.idm = IdMOperations(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT) self.ac = AccCOperations(KEYPASS_PROTOCOL, KEYPASS_HOST, KEYPASS_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.cb = CBOperations(ORION_PROTOCOL, ORION_HOST, ORION_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.perseo = PerseoOperations(PERSEO_PROTOCOL, PERSEO_HOST, PERSEO_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.ldap = OpenLdapOperations(LDAP_HOST, LDAP_PORT, LDAP_BASEDN, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.mailer = MailerOperations(MAILER_HOST, MAILER_PORT, MAILER_USER, MAILER_PASSWORD, MAILER_FROM, MAILER_TO, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.endpoints = {} self.iotmodules_aliases = {} self.sum = { "serviceTime": 0, "serviceTimeTotal": 0, "outgoingTransactions": 0, "outgoingTransactionRequestSize": 0, "outgoingTransactionResponseSize": 0, "outgoingTransactionErrors": 0, }
def createNewSubService(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, NEW_SUBSERVICE_NAME, NEW_SUBSERVICE_DESCRIPTION, NEW_SUBSERVICE_ADMIN_USER=None, NEW_SUBSERVICE_ADMIN_PASSWORD=None, NEW_SUBSERVICE_ADMIN_EMAIL=None): '''Creates a new SubService (aka project keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - NEW_SUBSERVICE_NAME: New subservice name (required) - NEW_SUBSERVICE_DESCRIPTION: New subservice description - NEW_SUBSERVICE_ADMIN_USER: New subservice admin username - NEW_SUBSERVICE_ADMIN_PASSWORD: New subservice admin password - NEW_SUBSERVICE_ADMIN_EMAIL: New subservice admin email (optional) Return: - ID: New subservice id ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "NEW_SUBSERVICE_NAME": "%s" % NEW_SUBSERVICE_NAME, "NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION, "NEW_SUBSERVICE_ADMIN_USER": "******" % NEW_SUBSERVICE_ADMIN_USER, "NEW_SUBSERVICE_ADMIN_PASSWORD": "******" % NEW_SUBSERVICE_ADMIN_PASSWORD, "NEW_SUBSERVICE_ADMIN_EMAIL": "%s" % NEW_SUBSERVICE_ADMIN_EMAIL } self.logger.debug("FLOW createNewSubService invoked with: %s" % json.dumps(data_log, indent=3)) ID_PRO1 = None try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # # 1. Get service (aka domain) # if not SERVICE_ID: SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME, SERVICE_ID)) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Create subservice (aka project) # ID_PRO1 = self.idm.createProject(SERVICE_ADMIN_TOKEN, SERVICE_ID, NEW_SUBSERVICE_NAME, NEW_SUBSERVICE_DESCRIPTION) self.logger.debug("ID of new subservice %s: %s" % (NEW_SUBSERVICE_NAME, ID_PRO1)) # # 3. Create SubService Admin user (optional) # if NEW_SUBSERVICE_ADMIN_USER and NEW_SUBSERVICE_ADMIN_PASSWORD: try: ID_USER = self.idm.createUserDomain( SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME, NEW_SUBSERVICE_ADMIN_USER, NEW_SUBSERVICE_ADMIN_PASSWORD, NEW_SUBSERVICE_ADMIN_EMAIL, None) except Exception, ex: self.logger.warn("ERROR creating user %s: %s" % (NEW_SUBSERVICE_ADMIN_USER, ex)) self.logger.info("Removing uncomplete created project %s" % ID_PRO1) self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID, ID_PRO1) self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1) return self.composeErrorCode(ex) self.logger.debug("ID of user %s: %s" % (NEW_SUBSERVICE_ADMIN_USER, ID_USER)) ROLE_NAME = 'SubServiceAdmin' ID_ROLE = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN, SERVICE_ID, ROLE_NAME) self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ID_ROLE)) self.idm.grantProjectRole(SERVICE_ADMIN_TOKEN, ID_PRO1, ID_USER, ID_ROLE) except Exception, ex: if ID_PRO1: self.logger.info("removing uncomplete created project %s" % ID_PRO1) self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID, ID_PRO1) self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1) self.logger.error(ex) return self.composeErrorCode(ex)
def removeGroup(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, GROUP_NAME, GROUP_ID): '''Removes an group Service (aka domain group keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - GROUP_NAME: Group name - GROUP_ID: Group id ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "GROUP_NAME": "%s" % GROUP_NAME, "GROUP_ID": "%s" % GROUP_ID } self.logger.debug("FLOW remove group invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Get group ID # if not GROUP_ID: GROUP_ID = self.idm.getDomainGroupId(SERVICE_ADMIN_TOKEN, SERVICE_ID, GROUP_NAME) self.logger.debug("ID of group %s: %s" % (GROUP_NAME, GROUP_ID)) # # 3. Remove group ID # self.idm.removeGroup(SERVICE_ADMIN_TOKEN, GROUP_ID) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def delete_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN): '''Delete Project of domain In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - PROJECT_ID: id of project - PROJECT_NAME: name of project - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "PROJECT_ID": "%s" % PROJECT_ID, "PROJECT_NAME": "%s" % PROJECT_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN) } self.logger.debug("FLOW get_project invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: if not DOMAIN_ID: ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD) DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME) else: ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER, ADMIN_PASSWORD) # Ensure DOMAIN_NAME and PROJECT_NAME DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) if not PROJECT_ID: PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID, PROJECT_ID, PROJECT_NAME) self.logger.addFilter(ContextFilterSubService(PROJECT_NAME)) self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME) self.logger.debug("PROJECT_NAME=%s" % PROJECT_NAME) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) # # Delete all subscriptions # subscriptions_deleted = self.cb.deleteAllSubscriptions( ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) if (len(subscriptions_deleted) > 0): self.logger.info("subscriptions deleted %s", subscriptions_deleted) # # Delete all rules in a subservice # rules_deleted = self.perseo.deleteAllRules(ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) if (len(rules_deleted) > 0): self.logger.info("rules deleted %s", rules_deleted) PROJECT = self.idm.disableProject(ADMIN_TOKEN, DOMAIN_ID, PROJECT_ID) self.idm.deleteProject(ADMIN_TOKEN, PROJECT_ID) self.logger.debug("PROJECT=%s" % PROJECT) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def update_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME, ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN, NEW_SUBSERVICE_DESCRIPTION): '''Update Project detail of a domain In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - PROJECT_ID: id of project - PROJECT_NAME: name of project - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - NEW_SUBSERVICE_DESCRIPTION: New subservice description Return: - project detail ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "PROJECT_ID": "%s" % PROJECT_ID, "PROJECT_NAME": "%s" % PROJECT_NAME, "ADMIN_USER": "******" % ADMIN_USER, "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD, "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN), "NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION, } self.logger.debug("FLOW update_project invoked with: %s" % json.dumps(data_log, indent=3)) try: if not ADMIN_TOKEN: if not DOMAIN_ID: ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD) DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME) else: ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER, ADMIN_PASSWORD) self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN) # Ensure DOMAIN_NAME and PROJECT_NAME DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) if not PROJECT_ID: PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME) PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID, PROJECT_ID, PROJECT_NAME) self.logger.addFilter(ContextFilterSubService(PROJECT_NAME)) PROJECT = self.idm.updateProject(ADMIN_TOKEN, DOMAIN_ID, PROJECT_ID, NEW_SUBSERVICE_DESCRIPTION) self.logger.debug("PROJECT=%s" % PROJECT) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
import jsonschema import logging from rest_framework.exceptions import ParseError from rest_framework.parsers import JSONParser from orchestrator.api import schemas from orchestrator.common.util import ContextFilterCorrelatorId from orchestrator.common.util import ContextFilterTransactionId from orchestrator.common.util import ContextFilterService from orchestrator.common.util import ContextFilterSubService logger = logging.getLogger('orchestrator_api') logger.addFilter(ContextFilterCorrelatorId("n/a")) logger.addFilter(ContextFilterTransactionId("n/a")) logger.addFilter(ContextFilterService("None")) logger.addFilter(ContextFilterSubService("")) class JSONSchemaParser(JSONParser): def parse(self, stream, media_type=None, parser_context=None): data = super(JSONSchemaParser, self).parse(stream, media_type, parser_context) try: jsonschema.validate( data, schemas.json[parser_context['view'].schema_name]) except (ValueError, jsonschema.exceptions.ValidationError) as error: logger.debug(error.message) raise ParseError(detail=error.message) else: return data
def removeUser(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, USER_NAME, USER_ID): '''Removes an user Service (aka domain user keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service name - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - USER_NAME: User name - USER_ID: User id ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "USER_NAME": "%s" % USER_NAME, "USER_ID": "%s" % USER_ID } self.logger.debug("FLOW remove user invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Get user ID # if not USER_ID: USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN, SERVICE_ID, USER_NAME) self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID)) # TODO: disable us before remove it ? # # 3. Remove user ID # self.idm.removeUser(SERVICE_ADMIN_TOKEN, USER_ID) # self.logger.debug("ID of user %s: %s" % (USER_NAME, ID_USER)) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def groups(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, START_INDEX=None, COUNT=None): '''Get groups. In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - START_INDEX: where pagination start - COUNT: number of results ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "START_INDEX": "%s" % START_INDEX, "COUNT": "%s" % COUNT, } self.logger.debug("FLOW groups invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) SERVICE_GROUPS = self.idm.getDomainGroups(SERVICE_ADMIN_TOKEN, SERVICE_ID, START_INDEX, COUNT) self.logger.debug("SERVICE_GROUPS=%s" % json.dumps(SERVICE_GROUPS, indent=3)) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def activate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN, IOTMODULE): '''Activate Module In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - SERVICE_USER_NAME: Service admin username - SERVICE_USER_PASSWORD: Service admin password - SERVICE_USER_TOKEN: Service admin token - IOTMODULE: IoT Module to activate: STH, PERSEO ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME, "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD, "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN), "IOTMODULE": "%s" % IOTMODULE, } self.logger.debug("FLOW activate_module invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_USER_TOKEN: if not DOMAIN_ID: SERVICE_USER_TOKEN = self.idm.getToken( DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN, DOMAIN_NAME) else: SERVICE_USER_TOKEN = self.idm.getToken2( DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) # Ensure DOMAIN_NAME DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME) self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN) REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE) DURATION = "P1Y" # Set default ATTRIBUTES for subscription ATTRIBUTES = [] # self.logger.debug("Trying to getContextTypes...") # cb_res = self.cb.getContextTypes( # SERVICE_USER_TOKEN, # DOMAIN_NAME, # "", # None) # self.logger.debug("getContextTypes res=%s" % cb_res) # for entity_type in cb_res['types']: # for att in entity_type["attributes"] : # ATTRIBUTES.append(att) # Set default ENTITIES for subscription ENTITIES = [{"isPattern": "true", "id": ".*"}] # Set default Notify conditions NOTIFY_ATTRIBUTES = [] NOTIFY_ATTRIBUTES.append("TimeInstant") NOTIFY_CONDITIONS = [{ "type": "ONCHANGE", "condValues": NOTIFY_ATTRIBUTES }] self.logger.debug("Trying to subscribe moduleiot in CB...") cb_res = self.cb.subscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME, "", REFERENCE_URL, DURATION, ENTITIES, ATTRIBUTES, NOTIFY_CONDITIONS) self.logger.debug("subscribeContext res=%s" % cb_res) subscriptionid = cb_res['subscribeResponse']['subscriptionId'] self.logger.debug("subscription id=%s" % subscriptionid) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def deactivate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN, IOTMODULE): ''' Deactivate IoT Module In case of HTTP error, return HTTP error Params: - DOMAIN_ID: id of domain - DOMAIN_NAME: name of domain - SERVICE_USER_NAME: Service admin username - SERVICE_USER_PASSWORD: Service admin password - SERVICE_USER_TOKEN: Service admin token - IOTMODULE: IoT Module to activate: STH, PERSEO ''' data_log = { "DOMAIN_ID": "%s" % DOMAIN_ID, "DOMAIN_NAME": "%s" % DOMAIN_NAME, "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME, "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD, "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN), "IOTMODULE": "%s" % IOTMODULE, } self.logger.debug("FLOW deactivate_module invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_USER_TOKEN: if not DOMAIN_ID: SERVICE_USER_TOKEN = self.idm.getToken( DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN, DOMAIN_NAME) else: SERVICE_USER_TOKEN = self.idm.getToken2( DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD) # Ensure DOMAIN_NAME DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN, DOMAIN_ID, DOMAIN_NAME) self.logger.addFilter(ContextFilterService(DOMAIN_NAME)) self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME) self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN) REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE) self.logger.debug("Trying to get list subscriptions from CB...") cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN, DOMAIN_NAME, "") self.logger.debug("getListSubscriptions res=%s" % json.dumps(cb_res, indent=3)) for sub in cb_res: subs_url = self.cb.get_subscription_callback_endpoint(sub) subscriptionid = sub['id'] if subs_url.startswith(REFERENCE_URL): self.cb.unsubscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME, "", sub['id']) break # self.logger.debug("subscribeContext res=%s" % cb_res) # subscriptionid = cb_res['subscribeResponse']['subscriptionId'] # self.logger.debug("subscription id=%s" % subscriptionid) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def changeUserPassword(self, SERVICE_NAME, SERVICE_ID, USER_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN, NEW_USER_PASSWORD): '''Change user password. In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - USER_ID: user id - SERVICE_USER_NAME: Service admin username - SERVICE_USER_PASSWORD: Service admin password - SERVICE_USER_TOKEN: Service admin token - NEW_USER_PASSWORD: new user password ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "USER_ID": "%s" % USER_ID, "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME, "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD, "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN), "NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD } self.logger.debug("FLOW change password invoked with: %s" % json.dumps( data_log, indent=3) ) try: if not SERVICE_USER_TOKEN: if not SERVICE_ID: SERVICE_USER_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SCOPED=False) SERVICE_ID = self.idm.getDomainId(SERVICE_USER_TOKEN, SERVICE_NAME, SCOPED=False) else: SERVICE_USER_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD, SCOPED=False) self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_USER_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Get user ID # if not USER_ID and SERVICE_USER_NAME: USER_ID = self.idm.getUserId(SERVICE_USER_TOKEN, SERVICE_USER_NAME) self.logger.debug("ID of user %s: %s" % (SERVICE_USER_NAME, USER_ID)) # # 3. ChangeUserPassword # self.idm.changeUserPassword(SERVICE_USER_TOKEN, USER_ID, SERVICE_USER_PASSWORD, NEW_USER_PASSWORD) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def createNewServiceRole(self, SERVICE_ID, SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, NEW_ROLE_NAME, XACML_POLICY): '''Creates a new role Service (aka domain role keystone). In case of HTTP error, return HTTP error Params: - SERVICE_ID: Service Id - SERVICE_NAME: Service name - SERVICE_ADMIN_USER: Service admin token - SERVICE_ADMIN_PASSWORD: Service admin token - SERVICE_ADMIN_TOKEN: Service admin token - NEW_ROLE_NAME: New role name - XACML_POLICY: XACML POLICY for new role Return: - id: New role Id ''' data_log = { "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "NEW_ROLE_NAME": "%s" % NEW_ROLE_NAME, "XACML_POLICY": "%s" % XACML_POLICY } self.logger.debug("FLOW createNewServiceRole invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # # 1. Get service (aka domain) # if not SERVICE_ID: SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME, SERVICE_ID)) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Create role # ID_ROLE = self.idm.createRoleDomain(SERVICE_ADMIN_TOKEN, SERVICE_ID, NEW_ROLE_NAME) self.logger.debug("ID of user %s: %s" % (NEW_ROLE_NAME, ID_ROLE)) # # 3. Provision policy provided in keypass # if XACML_POLICY: self.logger.debug("set XACML_POLICY %s for role %s" % (XACML_POLICY, ID_ROLE)) self.ac.provisionPolicyByContent(SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, XACML_POLICY) if NEW_ROLE_NAME == 'ServiceCustomer': self.logger.debug("set default XACML policies for role %s" % NEW_ROLE_NAME) self.ac.provisionPolicy( SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, POLICY_FILE_NAME='policy-orion-customer2.xml') self.ac.provisionPolicy( SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, POLICY_FILE_NAME='policy-perseo-customer2.xml') self.ac.provisionPolicy( SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, POLICY_FILE_NAME='policy-iotagent-customer2.xml') self.ac.provisionPolicy( SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, POLICY_FILE_NAME='policy-sth-customer2.xml') self.ac.provisionPolicy( SERVICE_NAME, SERVICE_ADMIN_TOKEN, ID_ROLE, POLICY_FILE_NAME='policy-keypass-customer2.xml') except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def __init__(self, KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT, KEYPASS_PROTOCOL=None, KEYPASS_HOST=None, KEYPASS_PORT=None, IOTA_PROTOCOL="http", IOTA_HOST="localhost", IOTA_PORT="4041", ORION_PROTOCOL="http", ORION_HOST="localhost", ORION_PORT="1026", CA_PROTOCOL="http", CA_HOST="localhost", CA_PORT="9999", PERSEO_PROTOCOL="http", PERSEO_HOST="localhost", PERSEO_PORT="9090", TRANSACTION_ID=None, CORRELATOR_ID=None): # Generate Transaction ID self.TRANSACTION_ID = uuid.uuid4() if not CORRELATOR_ID: self.CORRELATOR_ID = self.TRANSACTION_ID else: self.CORRELATOR_ID = CORRELATOR_ID self.logger = logging.getLogger('orchestrator_core') # Put collector into logger self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID)) self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID)) self.logger.addFilter(ContextFilterService(None)) self.logger.addFilter(ContextFilterSubService("")) self.idm = IdMOperations(KEYSTONE_PROTOCOL, KEYSTONE_HOST, KEYSTONE_PORT) self.ac = AccCOperations(KEYPASS_PROTOCOL, KEYPASS_HOST, KEYPASS_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.iota = IoTAOperations(IOTA_PROTOCOL, IOTA_HOST, IOTA_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.cb = CBOperations(ORION_PROTOCOL, ORION_HOST, ORION_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) self.perseo = PerseoOperations(PERSEO_PROTOCOL, PERSEO_HOST, PERSEO_PORT, CORRELATOR_ID=self.CORRELATOR_ID, TRANSACTION_ID=self.TRANSACTION_ID) if CA_PROTOCOL: # CA for Blackbutton notification flow self.ca_endpoint = CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+"/v1"+"/notify" self.endpoints = {} self.iotmodules_aliases = {} if CA_PROTOCOL: # CA for Geolocation self.endpoints['CA'] = \ CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+""+"/v1/notifyGeolocation" self.sum = { "serviceTime": 0, "serviceTimeTotal": 0, "outgoingTransactions": 0, "outgoingTransactionRequestSize": 0, "outgoingTransactionResponseSize": 0, "outgoingTransactionErrors": 0, }
def updateUser(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, USER_NAME, USER_ID, USER_DATA_VALUE): '''Update an User Service (aka domain user keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - USER_NAME: User name - USER_ID: User Id - USER_DATA_VALUE: user data value in json ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "USER_NAME": "%s" % USER_NAME, "USER_ID": "%s" % USER_ID, "USER_DATA_VALUE": "%s" % USER_DATA_VALUE } self.logger.debug("FLOW updateUser invoked with: %s" % json.dumps( data_log, indent=3) ) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Get user ID # if not USER_ID: USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN, SERVICE_ID, USER_NAME) self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID)) # # 3. Updateuser # self.idm.updateUser(SERVICE_ADMIN_TOKEN, USER_ID, USER_DATA_VALUE) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def users(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, START_INDEX=None, COUNT=None): '''Get users. In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - START_INDEX: where pagination start - COUNT: number of results ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "START_INDEX": "%s" % START_INDEX, "COUNT": "%s" % COUNT, } self.logger.debug("FLOW users invoked with: %s" % json.dumps( data_log, indent=3) ) try: if not SERVICE_ADMIN_TOKEN: if not SERVICE_ID: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) else: SERVICE_ADMIN_TOKEN = self.idm.getToken2( SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # SERVICE_ROLES = self.idm.getDomainRoles(SERVICE_ADMIN_TOKEN, # SERVICE_ID) # self.logger.debug("SERVICE_ROLES=%s" % json.dumps(SERVICE_ROLES, # indent=3)) SERVICE_USERS = self.idm.getDomainUsers(SERVICE_ADMIN_TOKEN, SERVICE_ID, START_INDEX, COUNT) self.logger.debug("SERVICE_USERS=%s" % json.dumps(SERVICE_USERS, indent=3)) # Get Roles de SubServicio # Listar los usuarios de un Servicio # Obtener roles de usuario # Listar los usuarios de un Subservicio except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code
def createNewServiceUser(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, NEW_USER_NAME, NEW_USER_PASSWORD, NEW_USER_EMAIL, NEW_USER_DESCRIPTION): '''Creates a new user Service (aka domain user keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - NEW_USER_NAME: New user name (required) - NEW_USER_PASSWORD: New user password (required) - NEW_USER_EMAIL: New user email (optional) - NEW_USER_DESCRIPTION: New user description (optional) Return: - id: New user Id ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "NEW_USER_NAME": "%s" % NEW_USER_NAME, "NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD, "NEW_USER_EMAIL": "%s" % NEW_USER_EMAIL, "NEW_USER_DESCRIPTION": "%s" % NEW_USER_DESCRIPTION } self.logger.debug("FLOW createNewServiceUser invoked with: %s" % json.dumps( data_log, indent=3) ) try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken(SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # # 1. Get service (aka domain) # if not SERVICE_ID: SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME, SERVICE_ID)) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Create user # ID_USER = self.idm.createUserDomain(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME, NEW_USER_NAME, NEW_USER_PASSWORD, NEW_USER_EMAIL, NEW_USER_DESCRIPTION) self.logger.debug("ID of user %s: %s" % (NEW_USER_NAME, ID_USER)) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
import json from django.conf import settings from orchestrator.core.keystone import IdMKeystoneOperations as IdMOperations from orchestrator.core.keypass import AccCKeypassOperations as AccCOperations from orchestrator.common.util import ContextFilterCorrelatorId from orchestrator.common.util import ContextFilterTransactionId from orchestrator.common.util import ContextFilterService from orchestrator.common.util import ContextFilterSubService logger = logging.getLogger('orchestrator_api') logger.addFilter(ContextFilterCorrelatorId("n/a")) logger.addFilter(ContextFilterTransactionId("n/a")) logger.addFilter(ContextFilterService("None")) logger.addFilter(ContextFilterSubService("")) logger1 = logging.getLogger('orchestrator_core') logger1.addFilter(ContextFilterCorrelatorId("n/a")) logger1.addFilter(ContextFilterTransactionId("n/a")) logger1.addFilter(ContextFilterService("None")) logger1.addFilter(ContextFilterSubService("")) logger2 = logging.getLogger('django') logger2.addFilter(ContextFilterCorrelatorId("n/a")) logger2.addFilter(ContextFilterTransactionId("n/a")) logger2.addFilter(ContextFilterService("None")) logger2.addFilter(ContextFilterSubService("")) logger3 = logging.getLogger('django.request')
def createTrustToken(self, SERVICE_NAME, SERVICE_ID, SUBSERVICE_NAME, SUBSERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, ROLE_NAME, ROLE_ID, TRUSTEE_USER_NAME, TRUSTEE_USER_ID, TRUSTOR_USER_NAME, TRUSTOR_USER_ID): '''Creates a trust token In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - SUBSERVICE_NAME: SubService name - SUBSERVICE_ID: SubService Id - SERVICE_ADMIN_USER: Service admin token - SERVICE_ADMIN_PASSWORD: Service admin token - SERVICE_ADMIN_TOKEN: Service admin token - ROLE_NAME: Role name - ROLE_ID: Role name - TRUSTEE_USER_NAME: - TRUSTEE_USER_ID: - TRUSTOR_USER_NAME: - TRUSTOR_USER_ID: Return: - token: Trust Token ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SUBSERVICE_NAME": "%s" % SUBSERVICE_NAME, "SUBSERVICE_ID": "%s" % SUBSERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "ROLE_NAME": "%s" % ROLE_NAME, "ROLE_ID": "%s" % ROLE_ID, "TRUSTEE_USER_NAME": "%s" % TRUSTEE_USER_NAME, "TRUSTEE_USER_ID": "%s" % TRUSTEE_USER_ID, "TRUSTOR_USER_NAME": "%s" % TRUSTOR_USER_NAME, "TRUSTOR_USER_ID": "%s" % TRUSTOR_USER_ID, } self.logger.debug("FLOW createTrustToken invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # # 1. Get service (aka domain) # if not SERVICE_ID and SERVICE_NAME: SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) self.logger.debug("ID of your service %s" % SERVICE_ID) if not SERVICE_NAME: SERVICE = self.idm.getDomain(SERVICE_ADMIN_TOKEN, SERVICE_ID) SERVICE_NAME = SERVICE['domain']['name'] self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME, SERVICE_ID)) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) # # 2. Get SubService (aka project) # if not SUBSERVICE_ID and SUBSERVICE_NAME: SUBSERVICE_ID = self.idm.getProjectId(SERVICE_ADMIN_TOKEN, SERVICE_NAME, SUBSERVICE_NAME) self.logger.debug("ID of your subservice %s:%s" % (SUBSERVICE_NAME, SUBSERVICE_ID)) self.logger.addFilter(ContextFilterSubService(SUBSERVICE_NAME)) # # 3. Get role # if not ROLE_ID and ROLE_NAME: if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME: ROLE_ID = self.idm.getUserRoleId(SERVICE_ADMIN_TOKEN, SERVICE_ID, SUBSERVICE_ID, ROLE_NAME) else: ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN, SERVICE_ID, ROLE_NAME) self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID)) # # 4. Get Trustee User # if not TRUSTEE_USER_ID and TRUSTEE_USER_NAME: # We are asuming that trustee belong to SERVICE!! if TRUSTEE_USER_NAME == "iotagent": IOTAGENT_TOKEN = self.idm.getToken('default', IOTAGENT['user'], IOTAGENT['password'], False) TRUSTEE_USER_ID = self.idm.getUserId( IOTAGENT_TOKEN, TRUSTEE_USER_NAME) else: TRUSTEE_USER_ID = self.idm.getDomainUserId( SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTEE_USER_NAME) self.logger.debug("ID of trustee user %s: %s" % (TRUSTEE_USER_NAME, TRUSTEE_USER_ID)) # # 5. Get Trustor User # if not TRUSTOR_USER_ID and TRUSTOR_USER_NAME: if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME: TRUSTOR_USER_ID = self.idm.getUserId( SERVICE_ADMIN_TOKEN, TRUSTOR_USER_NAME) else: TRUSTOR_USER_ID = self.idm.getDomainUserId( SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTOR_USER_NAME) self.logger.debug("ID of trustor user %s: %s" % (TRUSTOR_USER_NAME, TRUSTOR_USER_ID)) # # 6. Create trust # ID_TRUST = self.idm.createTrustToken(SERVICE_ADMIN_TOKEN, SUBSERVICE_ID, ROLE_ID, TRUSTEE_USER_ID, TRUSTOR_USER_ID) self.logger.debug("ID of Trust %s" % (ID_TRUST)) except Exception, ex: self.logger.error(ex) return self.composeErrorCode(ex)
def createNewServiceGroup(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, NEW_SERVICE_GROUP_NAME, NEW_SERVICE_GROUP_DESCRIPTION): '''Creates a new group Service (aka domain group keystone). In case of HTTP error, return HTTP error Params: - SERVICE_NAME: Service name - SERVICE_ID: Service Id - SERVICE_ADMIN_USER: Service admin username - SERVICE_ADMIN_PASSWORD: Service admin password - SERVICE_ADMIN_TOKEN: Service admin token - NEW_SERVICE_GROUP_NAME: New group name (required) - NEW_SERVICE_GROUP_DESCRIPTION: New group description (optional) Return: - id: New group Id ''' data_log = { "SERVICE_NAME": "%s" % SERVICE_NAME, "SERVICE_ID": "%s" % SERVICE_ID, "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER, "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD, "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN), "NEW_SERVICE_GROUP_NAME": "%s" % NEW_SERVICE_GROUP_NAME, "NEW_SERVICE_GROUP_DESCRIPTION": "%s" % NEW_SERVICE_GROUP_DESCRIPTION } self.logger.debug("FLOW createNewServiceGroup invoked with: %s" % json.dumps(data_log, indent=3)) try: if not SERVICE_ADMIN_TOKEN: SERVICE_ADMIN_TOKEN = self.idm.getToken( SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD) self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN) # # 1. Get service (aka domain) # if not SERVICE_ID: SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN, SERVICE_NAME) self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME, SERVICE_ID)) # Ensure SERVICE_NAME SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME) self.logger.addFilter(ContextFilterService(SERVICE_NAME)) self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME) # # 2. Create group # ID_GROUP = self.idm.createGroupDomain( SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME, NEW_SERVICE_GROUP_NAME, NEW_SERVICE_GROUP_DESCRIPTION) self.logger.debug("ID of group %s: %s" % (NEW_SERVICE_GROUP_NAME, ID_GROUP)) except Exception, ex: error_code = self.composeErrorCode(ex) self.logError(self.logger, error_code, ex) return error_code