コード例 #1
0
    def get_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, ADMIN_USER,
                    ADMIN_PASSWORD, ADMIN_TOKEN):
        '''Ge Project detail of a domain

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - PROJECT_ID: id of project
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        Return:
        - project detail
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "PROJECT_ID": "%s" % PROJECT_ID,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
        }
        self.logger.debug("FLOW get_project invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
                                                 ADMIN_PASSWORD)
            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            # Ensure DOMAIN_NAME and PROJECT_NAME
            DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
                                                   DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
                                                       PROJECT_ID, None)
            self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))

            # PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN,
            #                                       DOMAIN_ID)
            # for project in PROJECTS:
            #     if project['id'] == PROJECT_ID:
            #         PROJECT = project

            try:
                PROJECT = self.idm.getProject(ADMIN_TOKEN, PROJECT_ID)
            except Exception, ex:
                PROJECT = {
                    'project': {
                        'description': PROJECT_NAME,
                        'domain_id': DOMAIN_ID,
                        'id': PROJECT_ID,
                        'name': '/' + PROJECT_NAME
                    }
                }
            self.logger.debug("PROJECT=%s" % PROJECT)
コード例 #2
0
    def user(self,
             SERVICE_ID,
             SERVICE_NAME,
             USER_ID,
             SERVICE_ADMIN_USER,
             SERVICE_ADMIN_PASSWORD,
             SERVICE_ADMIN_TOKEN):

        '''Get user detail

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_ID: Service ID
        - SERVICE_NAME: Service NAME
        - USER_ID: User ID
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token

        '''
        data_log = {
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "USER_ID": "%s" % USER_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
        }
        self.logger.debug("FLOW user invoked with: %s" % json.dumps(
            data_log,
            indent=3)
        )
        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                    SERVICE_ID,
                    SERVICE_ADMIN_USER,
                    SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID,
                                                    SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            DETAIL_USER = self.idm.detailUser(SERVICE_ADMIN_TOKEN,
                                              USER_ID)
            self.logger.debug("DETAIL_USER=%s" % json.dumps(DETAIL_USER, indent=3))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #3
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def list_activated_modules(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
                               SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN):
        '''List Activated IoT Modules

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - SERVICE_USER_NAME: Service admin username
        - SERVICE_USER_PASSWORD: Service admin password
        - SERVICE_USER_TOKEN: Service admin token
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
            "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
            "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
        }
        self.logger.debug("FLOW list_activated_modules invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:

            if not SERVICE_USER_TOKEN:
                if not DOMAIN_ID:
                    SERVICE_USER_TOKEN = self.idm.getToken(
                        DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
                                                     DOMAIN_NAME)
                else:
                    SERVICE_USER_TOKEN = self.idm.getToken2(
                        DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
            # Ensure DOMAIN_NAME
            DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
                                                   DOMAIN_ID, DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
            self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)

            self.logger.debug("Trying to get list subscriptions from CB...")
            cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN,
                                                  DOMAIN_NAME, "")
            self.logger.debug("getListSubscriptions res=%s" %
                              json.dumps(cb_res, indent=3))
            modules = self.cb.extract_modules_from_subscriptions(
                self, IOTMODULES, cb_res)
            self.logger.debug("modules=%s" % json.dumps(modules, indent=3))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #4
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def update_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
                      ADMIN_TOKEN, NEW_SERVICE_DESCRIPTION):
        '''Update Domain.

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: Service Id
        - DOMAIN_NAME: Service Name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_SERVICE_DESCRIPTION: New service description
        Return:
        - domain detail
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN),
            "NEW_SERVICE_DESCRIPTION": "%s" % NEW_SERVICE_DESCRIPTION,
        }
        self.logger.debug("FLOW updateDomain invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                # UpdateDomain can be only done by cloud_admin
                ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER,
                                                ADMIN_PASSWORD)
            if not DOMAIN_ID and DOMAIN_NAME:
                DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME,
                                                 False)

            if not DOMAIN_NAME:
                DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
                DOMAIN_NAME = DOMAIN['domain']['name']
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)
            DOMAIN = self.idm.updateDomain(ADMIN_TOKEN, DOMAIN_ID,
                                           NEW_SERVICE_DESCRIPTION)

            self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #5
0
    def projects(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
                 ADMIN_TOKEN):
        '''Get Projects of a domain.

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        Return:
        - project array list
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
        }
        self.logger.debug("FLOW projects invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                if not DOMAIN_ID:
                    ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
                                                    ADMIN_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)

                else:
                    ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
                                                     ADMIN_PASSWORD)
            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            # Ensure DOMAIN_NAME and PROJECT_NAME
            DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
                                                   DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            PROJECTS = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID)

            self.logger.debug("PROJECTS=%s" % json.dumps(PROJECTS, indent=3))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #6
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def get_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
                   ADMIN_TOKEN):
        '''Get Domain.

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: Service Id
        - DOMAIN_NAME: Service Name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        Return:
        - domain detail
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
        }
        self.logger.debug("FLOW get_domain invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                if DOMAIN_ID:
                    ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
                                                     ADMIN_PASSWORD, False)
                else:
                    ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
                                                    ADMIN_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)

            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
            DOMAIN_NAME = DOMAIN['domain']['name']
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            self.logger.debug("DOMAIN=%s" % json.dumps(DOMAIN, indent=3))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #7
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def getDomainRolePolicies(self, SERVICE_ID, SERVICE_NAME,
                              SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
                              SERVICE_ADMIN_TOKEN, ROLE_NAME, ROLE_ID):
        '''Get domain role policies

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_ID: Service Id
        - SERVICE_NAME: Service Name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - ROLE_NAME: Role Name
        - ROLE_ID: Role Id
        Return:
        - XACML policies
        '''
        data_log = {
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "ROLE_NAME": "%s" % ROLE_NAME,
            "ROLE_ID": "%s" % ROLE_ID,
        }
        self.logger.debug("FLOW get_domain_role_policies invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:

            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME, SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)

            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            # Get Role ID
            if not ROLE_ID and ROLE_NAME:
                if ROLE_NAME == "Admin":
                    SERVICE_ADMIN_ID = self.idm.getUserId(
                        SERVICE_ADMIN_TOKEN, SERVICE_ADMIN_USER)
                    # Get KEYSTONE CONF from base idm class
                    roles_flow = Roles(self.idm.KEYSTONE_PROTOCOL,
                                       self.idm.KEYSTONE_HOST,
                                       self.idm.KEYSTONE_PORT)
                    roles = roles_flow.roles_assignments(
                        SERVICE_ID, None, None, None, None, None,
                        SERVICE_ADMIN_ID, None, None, None,
                        SERVICE_ADMIN_TOKEN, True)
                    for role in roles['role_assignments']:
                        if role['role']['name'] == 'admin':
                            ROLE_ID = role['role']['id']
                            break
                else:
                    ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
                                                       SERVICE_ID, ROLE_NAME)
            self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))

            # Get policies in Access Control
            if self.idm.isTokenAdmin(SERVICE_ADMIN_TOKEN, SERVICE_ID):

                policies = self.ac.getRolePolicies(SERVICE_NAME,
                                                   SERVICE_ADMIN_TOKEN,
                                                   ROLE_ID)
                self.logger.debug("POLICIES=%s" % policies)
            else:
                raise Exception("not admin role found to perform this action")

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #8
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def delete_domain(self, DOMAIN_ID, DOMAIN_NAME, ADMIN_USER, ADMIN_PASSWORD,
                      ADMIN_TOKEN):
        '''Delete a Domain.

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: Service Id
        - DOMAIN_NAME: Service Name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        Return:
        - domain detail
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
        }
        self.logger.debug("FLOW delete_domain invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                ADMIN_TOKEN = self.idm.getToken("admin_domain", ADMIN_USER,
                                                ADMIN_PASSWORD)

            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            if not DOMAIN_ID and DOMAIN_NAME:
                # This only returns all DOMAINS for cloud_admin
                DOMAINS = self.idm.getDomains(ADMIN_TOKEN)
                for domain in DOMAINS['domains']:
                    if domain['name'] == DOMAIN_NAME:
                        DOMAIN_ID = domain['id']
                        break

            if not DOMAIN_ID:
                raise Exception(
                    404, "DOMAIN_NAME %s not found in domains by user %s" %
                    (DOMAIN_NAME, self.get_extended_token(ADMIN_TOKEN)))

            if not DOMAIN_NAME:
                DOMAIN = self.idm.getDomain(ADMIN_TOKEN, DOMAIN_ID)
                DOMAIN_NAME = DOMAIN['domain']['name']
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            # Get all subservices
            projects = self.idm.getDomainProjects(ADMIN_TOKEN, DOMAIN_ID)
            for project in projects['projects']:

                PROJECT_NAME = project['name'].split('/')[1]
                self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))

                #
                # Delete all devices in subservice
                #
                devices_deleted = self.iota.deleteAllDevices(
                    ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)

                if (len(devices_deleted) > 0):
                    self.logger.info("devices deleted %s", devices_deleted)

                #
                # Delete all subscriptions in subservice
                #
                subscriptions_deleted = self.cb.deleteAllSubscriptions(
                    ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
                if (len(subscriptions_deleted) > 0):
                    self.logger.info("subscriptions deleted %s",
                                     subscriptions_deleted)

                #
                # Delete all rules in a subservice
                #
                rules_deleted = self.perseo.deleteAllRules(
                    ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
                if (len(rules_deleted) > 0):
                    self.logger.info("rules deleted %s", rules_deleted)

            #
            # Delete all devices
            #

            devices_deleted = self.iota.deleteAllDevices(
                ADMIN_TOKEN, DOMAIN_NAME)

            #
            # Delete all subscriptions
            #
            subscriptions_deleted = self.cb.deleteAllSubscriptions(
                ADMIN_TOKEN, DOMAIN_NAME)
            if (len(subscriptions_deleted) > 0):
                self.logger.info("subscriptions deleted %s",
                                 subscriptions_deleted)

            #
            # Delete all roles
            #
            roles = self.idm.getDomainRoles(ADMIN_TOKEN, DOMAIN_ID)
            for role in roles['roles']:
                self.idm.removeRole(ADMIN_TOKEN, DOMAIN_ID, role['id'])

            #
            # Disable Domain
            #
            DOMAIN = self.idm.disableDomain(ADMIN_TOKEN, DOMAIN_ID)

            self.idm.deleteDomain(ADMIN_TOKEN, DOMAIN_ID)

            # Delete policy of roles in Access Control
            self.ac.deleteTenantPolicies(DOMAIN_NAME, ADMIN_TOKEN)

            self.logger.debug("DOMAIN=%s" % DOMAIN)

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #9
0
ファイル: base.py プロジェクト: StephaneRouxNCA/orchestrator
    def __init__(self,
                 KEYSTONE_PROTOCOL,
                 KEYSTONE_HOST,
                 KEYSTONE_PORT,
                 KEYPASS_PROTOCOL=None,
                 KEYPASS_HOST=None,
                 KEYPASS_PORT=None,
                 ORION_PROTOCOL="http",
                 ORION_HOST="localhost",
                 ORION_PORT="1026",
                 PERSEO_PROTOCOL="http",
                 PERSEO_HOST="localhost",
                 PERSEO_PORT="9090",
                 LDAP_HOST="localhost",
                 LDAP_PORT="389",
                 LDAP_BASEDN="dc=openstack,dc=org",
                 MAILER_HOST="localhost",
                 MAILER_PORT="587",
                 MAILER_USER="******",
                 MAILER_PASSWORD="******",
                 MAILER_FROM="smtpuser",
                 MAILER_TO="smtpuser",
                 TRANSACTION_ID=None,
                 CORRELATOR_ID=None):

        # Generate Transaction ID
        self.TRANSACTION_ID = uuid.uuid4()

        if not CORRELATOR_ID:
            self.CORRELATOR_ID = self.TRANSACTION_ID
        else:
            self.CORRELATOR_ID = CORRELATOR_ID

        self.logger = logging.getLogger('orchestrator_core')

        # Put collector into logger
        self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID))
        self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID))
        self.logger.addFilter(ContextFilterService(None))
        self.logger.addFilter(ContextFilterSubService(""))

        self.idm = IdMOperations(KEYSTONE_PROTOCOL, KEYSTONE_HOST,
                                 KEYSTONE_PORT)

        self.ac = AccCOperations(KEYPASS_PROTOCOL,
                                 KEYPASS_HOST,
                                 KEYPASS_PORT,
                                 CORRELATOR_ID=self.CORRELATOR_ID,
                                 TRANSACTION_ID=self.TRANSACTION_ID)

        self.cb = CBOperations(ORION_PROTOCOL,
                               ORION_HOST,
                               ORION_PORT,
                               CORRELATOR_ID=self.CORRELATOR_ID,
                               TRANSACTION_ID=self.TRANSACTION_ID)

        self.perseo = PerseoOperations(PERSEO_PROTOCOL,
                                       PERSEO_HOST,
                                       PERSEO_PORT,
                                       CORRELATOR_ID=self.CORRELATOR_ID,
                                       TRANSACTION_ID=self.TRANSACTION_ID)

        self.ldap = OpenLdapOperations(LDAP_HOST,
                                       LDAP_PORT,
                                       LDAP_BASEDN,
                                       CORRELATOR_ID=self.CORRELATOR_ID,
                                       TRANSACTION_ID=self.TRANSACTION_ID)

        self.mailer = MailerOperations(MAILER_HOST,
                                       MAILER_PORT,
                                       MAILER_USER,
                                       MAILER_PASSWORD,
                                       MAILER_FROM,
                                       MAILER_TO,
                                       CORRELATOR_ID=self.CORRELATOR_ID,
                                       TRANSACTION_ID=self.TRANSACTION_ID)

        self.endpoints = {}
        self.iotmodules_aliases = {}

        self.sum = {
            "serviceTime": 0,
            "serviceTimeTotal": 0,
            "outgoingTransactions": 0,
            "outgoingTransactionRequestSize": 0,
            "outgoingTransactionResponseSize": 0,
            "outgoingTransactionErrors": 0,
        }
コード例 #10
0
    def createNewSubService(self,
                            SERVICE_NAME,
                            SERVICE_ID,
                            SERVICE_ADMIN_USER,
                            SERVICE_ADMIN_PASSWORD,
                            SERVICE_ADMIN_TOKEN,
                            NEW_SUBSERVICE_NAME,
                            NEW_SUBSERVICE_DESCRIPTION,
                            NEW_SUBSERVICE_ADMIN_USER=None,
                            NEW_SUBSERVICE_ADMIN_PASSWORD=None,
                            NEW_SUBSERVICE_ADMIN_EMAIL=None):
        '''Creates a new SubService (aka project keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_SUBSERVICE_NAME: New subservice name (required)
        - NEW_SUBSERVICE_DESCRIPTION: New subservice description
        - NEW_SUBSERVICE_ADMIN_USER: New subservice admin username
        - NEW_SUBSERVICE_ADMIN_PASSWORD: New subservice admin password
        - NEW_SUBSERVICE_ADMIN_EMAIL: New subservice admin email (optional)
        Return:
        - ID: New subservice id
        '''

        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "NEW_SUBSERVICE_NAME": "%s" % NEW_SUBSERVICE_NAME,
            "NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION,
            "NEW_SUBSERVICE_ADMIN_USER": "******" % NEW_SUBSERVICE_ADMIN_USER,
            "NEW_SUBSERVICE_ADMIN_PASSWORD":
            "******" % NEW_SUBSERVICE_ADMIN_PASSWORD,
            "NEW_SUBSERVICE_ADMIN_EMAIL": "%s" % NEW_SUBSERVICE_ADMIN_EMAIL
        }
        self.logger.debug("FLOW createNewSubService invoked with: %s" %
                          json.dumps(data_log, indent=3))
        ID_PRO1 = None
        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken(
                    SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            #
            # 1. Get service (aka domain)
            #
            if not SERVICE_ID:
                SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                  SERVICE_NAME)

            self.logger.debug("ID of your service %s:%s" %
                              (SERVICE_NAME, SERVICE_ID))

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))

            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2.  Create subservice (aka project)
            #
            ID_PRO1 = self.idm.createProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
                                             NEW_SUBSERVICE_NAME,
                                             NEW_SUBSERVICE_DESCRIPTION)
            self.logger.debug("ID of new subservice %s: %s" %
                              (NEW_SUBSERVICE_NAME, ID_PRO1))

            #
            # 3. Create SubService Admin user (optional)
            #
            if NEW_SUBSERVICE_ADMIN_USER and NEW_SUBSERVICE_ADMIN_PASSWORD:
                try:
                    ID_USER = self.idm.createUserDomain(
                        SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME,
                        NEW_SUBSERVICE_ADMIN_USER,
                        NEW_SUBSERVICE_ADMIN_PASSWORD,
                        NEW_SUBSERVICE_ADMIN_EMAIL, None)
                except Exception, ex:
                    self.logger.warn("ERROR creating user %s: %s" %
                                     (NEW_SUBSERVICE_ADMIN_USER, ex))
                    self.logger.info("Removing uncomplete created project %s" %
                                     ID_PRO1)
                    self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
                                            ID_PRO1)
                    self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1)
                    return self.composeErrorCode(ex)

                self.logger.debug("ID of user %s: %s" %
                                  (NEW_SUBSERVICE_ADMIN_USER, ID_USER))

                ROLE_NAME = 'SubServiceAdmin'
                ID_ROLE = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
                                                   SERVICE_ID, ROLE_NAME)
                self.logger.debug("ID of role  %s: %s" % (ROLE_NAME, ID_ROLE))

                self.idm.grantProjectRole(SERVICE_ADMIN_TOKEN, ID_PRO1,
                                          ID_USER, ID_ROLE)

        except Exception, ex:
            if ID_PRO1:
                self.logger.info("removing uncomplete created project %s" %
                                 ID_PRO1)
                self.idm.disableProject(SERVICE_ADMIN_TOKEN, SERVICE_ID,
                                        ID_PRO1)
                self.idm.deleteProject(SERVICE_ADMIN_TOKEN, ID_PRO1)
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #11
0
    def removeGroup(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER,
                    SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, GROUP_NAME,
                    GROUP_ID):
        '''Removes an group Service (aka domain group keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - GROUP_NAME: Group name
        - GROUP_ID: Group id
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "GROUP_NAME": "%s" % GROUP_NAME,
            "GROUP_ID": "%s" % GROUP_ID
        }
        self.logger.debug("FLOW remove group invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME, SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2. Get group ID
            #
            if not GROUP_ID:
                GROUP_ID = self.idm.getDomainGroupId(SERVICE_ADMIN_TOKEN,
                                                     SERVICE_ID, GROUP_NAME)
            self.logger.debug("ID of group %s: %s" % (GROUP_NAME, GROUP_ID))

            #
            # 3. Remove group ID
            #
            self.idm.removeGroup(SERVICE_ADMIN_TOKEN, GROUP_ID)

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #12
0
    def delete_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME,
                       ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN):
        '''Delete Project of domain

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - PROJECT_ID: id of project
        - PROJECT_NAME: name of project
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "PROJECT_ID": "%s" % PROJECT_ID,
            "PROJECT_NAME": "%s" % PROJECT_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN)
        }
        self.logger.debug("FLOW get_project invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:

            if not ADMIN_TOKEN:
                if not DOMAIN_ID:
                    ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
                                                    ADMIN_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
                else:
                    ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
                                                     ADMIN_PASSWORD)

            # Ensure DOMAIN_NAME and PROJECT_NAME
            DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
                                                   DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            if not PROJECT_ID:
                PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME,
                                                   PROJECT_NAME)

            PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
                                                       PROJECT_ID,
                                                       PROJECT_NAME)
            self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))

            self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
            self.logger.debug("PROJECT_NAME=%s" % PROJECT_NAME)
            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            #
            # Delete all subscriptions
            #
            subscriptions_deleted = self.cb.deleteAllSubscriptions(
                ADMIN_TOKEN, DOMAIN_NAME, PROJECT_NAME)
            if (len(subscriptions_deleted) > 0):
                self.logger.info("subscriptions deleted %s",
                                 subscriptions_deleted)

            #
            # Delete all rules in a subservice
            #
            rules_deleted = self.perseo.deleteAllRules(ADMIN_TOKEN,
                                                       DOMAIN_NAME,
                                                       PROJECT_NAME)
            if (len(rules_deleted) > 0):
                self.logger.info("rules deleted %s", rules_deleted)

            PROJECT = self.idm.disableProject(ADMIN_TOKEN, DOMAIN_ID,
                                              PROJECT_ID)

            self.idm.deleteProject(ADMIN_TOKEN, PROJECT_ID)

            self.logger.debug("PROJECT=%s" % PROJECT)

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #13
0
    def update_project(self, DOMAIN_ID, DOMAIN_NAME, PROJECT_ID, PROJECT_NAME,
                       ADMIN_USER, ADMIN_PASSWORD, ADMIN_TOKEN,
                       NEW_SUBSERVICE_DESCRIPTION):
        '''Update Project detail of a domain

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - PROJECT_ID: id of project
        - PROJECT_NAME: name of project
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_SUBSERVICE_DESCRIPTION: New subservice description
        Return:
        - project detail
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "PROJECT_ID": "%s" % PROJECT_ID,
            "PROJECT_NAME": "%s" % PROJECT_NAME,
            "ADMIN_USER": "******" % ADMIN_USER,
            "ADMIN_PASSWORD": "******" % ADMIN_PASSWORD,
            "ADMIN_TOKEN": self.get_extended_token(ADMIN_TOKEN),
            "NEW_SUBSERVICE_DESCRIPTION": "%s" % NEW_SUBSERVICE_DESCRIPTION,
        }
        self.logger.debug("FLOW update_project invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not ADMIN_TOKEN:
                if not DOMAIN_ID:
                    ADMIN_TOKEN = self.idm.getToken(DOMAIN_NAME, ADMIN_USER,
                                                    ADMIN_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(ADMIN_TOKEN, DOMAIN_NAME)
                else:
                    ADMIN_TOKEN = self.idm.getToken2(DOMAIN_ID, ADMIN_USER,
                                                     ADMIN_PASSWORD)
            self.logger.debug("ADMIN_TOKEN=%s" % ADMIN_TOKEN)

            # Ensure DOMAIN_NAME and PROJECT_NAME
            DOMAIN_NAME = self.ensure_service_name(ADMIN_TOKEN, DOMAIN_ID,
                                                   DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            if not PROJECT_ID:
                PROJECT_ID = self.idm.getProjectId(ADMIN_TOKEN, DOMAIN_NAME,
                                                   PROJECT_NAME)
            PROJECT_NAME = self.ensure_subservice_name(ADMIN_TOKEN, DOMAIN_ID,
                                                       PROJECT_ID,
                                                       PROJECT_NAME)
            self.logger.addFilter(ContextFilterSubService(PROJECT_NAME))

            PROJECT = self.idm.updateProject(ADMIN_TOKEN, DOMAIN_ID,
                                             PROJECT_ID,
                                             NEW_SUBSERVICE_DESCRIPTION)

            self.logger.debug("PROJECT=%s" % PROJECT)

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #14
0
import jsonschema
import logging
from rest_framework.exceptions import ParseError
from rest_framework.parsers import JSONParser

from orchestrator.api import schemas

from orchestrator.common.util import ContextFilterCorrelatorId
from orchestrator.common.util import ContextFilterTransactionId
from orchestrator.common.util import ContextFilterService
from orchestrator.common.util import ContextFilterSubService

logger = logging.getLogger('orchestrator_api')
logger.addFilter(ContextFilterCorrelatorId("n/a"))
logger.addFilter(ContextFilterTransactionId("n/a"))
logger.addFilter(ContextFilterService("None"))
logger.addFilter(ContextFilterSubService(""))


class JSONSchemaParser(JSONParser):
    def parse(self, stream, media_type=None, parser_context=None):
        data = super(JSONSchemaParser, self).parse(stream, media_type,
                                                   parser_context)
        try:
            jsonschema.validate(
                data, schemas.json[parser_context['view'].schema_name])
        except (ValueError, jsonschema.exceptions.ValidationError) as error:
            logger.debug(error.message)
            raise ParseError(detail=error.message)
        else:
            return data
コード例 #15
0
    def removeUser(self, SERVICE_NAME, SERVICE_ID, SERVICE_ADMIN_USER,
                   SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN, USER_NAME,
                   USER_ID):
        '''Removes an user Service (aka domain user keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service name
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - USER_NAME: User name
        - USER_ID: User id
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "USER_NAME": "%s" % USER_NAME,
            "USER_ID": "%s" % USER_ID
        }
        self.logger.debug("FLOW remove user invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME, SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2. Get user ID
            #
            if not USER_ID:
                USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN,
                                                   SERVICE_ID, USER_NAME)
            self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID))

            # TODO: disable us before remove it ?

            #
            # 3. Remove user ID
            #
            self.idm.removeUser(SERVICE_ADMIN_TOKEN, USER_ID)
            # self.logger.debug("ID of user %s: %s" % (USER_NAME, ID_USER))

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #16
0
    def groups(self,
               SERVICE_NAME,
               SERVICE_ID,
               SERVICE_ADMIN_USER,
               SERVICE_ADMIN_PASSWORD,
               SERVICE_ADMIN_TOKEN,
               START_INDEX=None,
               COUNT=None):
        '''Get groups.

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - START_INDEX: where pagination start
        - COUNT: number of results
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "START_INDEX": "%s" % START_INDEX,
            "COUNT": "%s" % COUNT,
        }
        self.logger.debug("FLOW groups invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME, SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            SERVICE_GROUPS = self.idm.getDomainGroups(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_ID, START_INDEX,
                                                      COUNT)

            self.logger.debug("SERVICE_GROUPS=%s" %
                              json.dumps(SERVICE_GROUPS, indent=3))

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #17
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def activate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
                        SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN, IOTMODULE):
        '''Activate Module

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - SERVICE_USER_NAME: Service admin username
        - SERVICE_USER_PASSWORD: Service admin password
        - SERVICE_USER_TOKEN: Service admin token
        - IOTMODULE: IoT Module to activate: STH,  PERSEO
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
            "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
            "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
            "IOTMODULE": "%s" % IOTMODULE,
        }
        self.logger.debug("FLOW activate_module invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:

            if not SERVICE_USER_TOKEN:
                if not DOMAIN_ID:
                    SERVICE_USER_TOKEN = self.idm.getToken(
                        DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
                                                     DOMAIN_NAME)

                else:
                    SERVICE_USER_TOKEN = self.idm.getToken2(
                        DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
            # Ensure DOMAIN_NAME
            DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
                                                   DOMAIN_ID, DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
            self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)

            REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE)

            DURATION = "P1Y"

            # Set default ATTRIBUTES for subscription
            ATTRIBUTES = []
            # self.logger.debug("Trying to getContextTypes...")
            # cb_res = self.cb.getContextTypes(
            #     SERVICE_USER_TOKEN,
            #     DOMAIN_NAME,
            #     "",
            #     None)
            # self.logger.debug("getContextTypes res=%s" % cb_res)
            # for entity_type in cb_res['types']:
            #     for att in entity_type["attributes"] :
            #         ATTRIBUTES.append(att)

            # Set default ENTITIES for subscription
            ENTITIES = [{"isPattern": "true", "id": ".*"}]

            # Set default Notify conditions
            NOTIFY_ATTRIBUTES = []
            NOTIFY_ATTRIBUTES.append("TimeInstant")
            NOTIFY_CONDITIONS = [{
                "type": "ONCHANGE",
                "condValues": NOTIFY_ATTRIBUTES
            }]
            self.logger.debug("Trying to subscribe moduleiot in CB...")
            cb_res = self.cb.subscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME,
                                              "", REFERENCE_URL, DURATION,
                                              ENTITIES, ATTRIBUTES,
                                              NOTIFY_CONDITIONS)
            self.logger.debug("subscribeContext res=%s" % cb_res)
            subscriptionid = cb_res['subscribeResponse']['subscriptionId']
            self.logger.debug("subscription id=%s" % subscriptionid)

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #18
0
ファイル: Domains.py プロジェクト: IstanbulBoy/orchestrator
    def deactivate_module(self, DOMAIN_NAME, DOMAIN_ID, SERVICE_USER_NAME,
                          SERVICE_USER_PASSWORD, SERVICE_USER_TOKEN,
                          IOTMODULE):
        ''' Deactivate IoT Module

        In case of HTTP error, return HTTP error

        Params:
        - DOMAIN_ID: id of domain
        - DOMAIN_NAME: name of domain
        - SERVICE_USER_NAME: Service admin username
        - SERVICE_USER_PASSWORD: Service admin password
        - SERVICE_USER_TOKEN: Service admin token
        - IOTMODULE: IoT Module to activate: STH, PERSEO
        '''
        data_log = {
            "DOMAIN_ID": "%s" % DOMAIN_ID,
            "DOMAIN_NAME": "%s" % DOMAIN_NAME,
            "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
            "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
            "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
            "IOTMODULE": "%s" % IOTMODULE,
        }
        self.logger.debug("FLOW deactivate_module invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:

            if not SERVICE_USER_TOKEN:
                if not DOMAIN_ID:
                    SERVICE_USER_TOKEN = self.idm.getToken(
                        DOMAIN_NAME, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
                    DOMAIN_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
                                                     DOMAIN_NAME)
                else:
                    SERVICE_USER_TOKEN = self.idm.getToken2(
                        DOMAIN_ID, SERVICE_USER_NAME, SERVICE_USER_PASSWORD)
            # Ensure DOMAIN_NAME
            DOMAIN_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
                                                   DOMAIN_ID, DOMAIN_NAME)
            self.logger.addFilter(ContextFilterService(DOMAIN_NAME))

            self.logger.debug("DOMAIN_NAME=%s" % DOMAIN_NAME)
            self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)

            REFERENCE_URL = self.get_endpoint_iot_module(IOTMODULE)

            self.logger.debug("Trying to get list subscriptions from CB...")
            cb_res = self.cb.getListSubscriptions(SERVICE_USER_TOKEN,
                                                  DOMAIN_NAME, "")
            self.logger.debug("getListSubscriptions res=%s" %
                              json.dumps(cb_res, indent=3))

            for sub in cb_res:
                subs_url = self.cb.get_subscription_callback_endpoint(sub)
                subscriptionid = sub['id']
                if subs_url.startswith(REFERENCE_URL):

                    self.cb.unsubscribeContext(SERVICE_USER_TOKEN, DOMAIN_NAME,
                                               "", sub['id'])
                    break

            # self.logger.debug("subscribeContext res=%s" % cb_res)
            # subscriptionid = cb_res['subscribeResponse']['subscriptionId']
            # self.logger.debug("subscription id=%s" % subscriptionid)

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #19
0
    def changeUserPassword(self,
                           SERVICE_NAME,
                           SERVICE_ID,
                           USER_ID,
                           SERVICE_USER_NAME,
                           SERVICE_USER_PASSWORD,
                           SERVICE_USER_TOKEN,
                           NEW_USER_PASSWORD):

        '''Change user password.

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - USER_ID: user id
        - SERVICE_USER_NAME: Service admin username
        - SERVICE_USER_PASSWORD: Service admin password
        - SERVICE_USER_TOKEN: Service admin token
        - NEW_USER_PASSWORD: new user password
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "USER_ID": "%s" % USER_ID,
            "SERVICE_USER_NAME": "%s" % SERVICE_USER_NAME,
            "SERVICE_USER_PASSWORD": "******" % SERVICE_USER_PASSWORD,
            "SERVICE_USER_TOKEN": self.get_extended_token(SERVICE_USER_TOKEN),
            "NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD
        }
        self.logger.debug("FLOW change password invoked with: %s" % json.dumps(
            data_log,
            indent=3)
        )
        try:
            if not SERVICE_USER_TOKEN:
                if not SERVICE_ID:
                    SERVICE_USER_TOKEN = self.idm.getToken(
                        SERVICE_NAME,
                        SERVICE_USER_NAME,
                        SERVICE_USER_PASSWORD,
                        SCOPED=False)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_USER_TOKEN,
                                                      SERVICE_NAME,
                                                      SCOPED=False)
                else:
                    SERVICE_USER_TOKEN = self.idm.getToken2(
                        SERVICE_ID,
                        SERVICE_USER_NAME,
                        SERVICE_USER_PASSWORD,
                        SCOPED=False)
            self.logger.debug("SERVICE_USER_TOKEN=%s" % SERVICE_USER_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_USER_TOKEN,
                                                    SERVICE_ID,
                                                    SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)
            #
            # 2. Get user ID
            #
            if not USER_ID and SERVICE_USER_NAME:
                USER_ID = self.idm.getUserId(SERVICE_USER_TOKEN,
                                             SERVICE_USER_NAME)
                self.logger.debug("ID of user %s: %s" % (SERVICE_USER_NAME, USER_ID))

            #
            # 3. ChangeUserPassword
            #
            self.idm.changeUserPassword(SERVICE_USER_TOKEN,
                                        USER_ID,
                                        SERVICE_USER_PASSWORD,
                                        NEW_USER_PASSWORD)

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #20
0
    def createNewServiceRole(self, SERVICE_ID, SERVICE_NAME,
                             SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
                             SERVICE_ADMIN_TOKEN, NEW_ROLE_NAME, XACML_POLICY):
        '''Creates a new role Service (aka domain role keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_ID: Service Id
        - SERVICE_NAME: Service name
        - SERVICE_ADMIN_USER: Service admin token
        - SERVICE_ADMIN_PASSWORD: Service admin token
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_ROLE_NAME: New role name
        - XACML_POLICY: XACML POLICY for new role
        Return:
        - id: New role Id
        '''
        data_log = {
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "NEW_ROLE_NAME": "%s" % NEW_ROLE_NAME,
            "XACML_POLICY": "%s" % XACML_POLICY
        }
        self.logger.debug("FLOW createNewServiceRole invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken(
                    SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            #
            # 1. Get service (aka domain)
            #
            if not SERVICE_ID:
                SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                  SERVICE_NAME)

            self.logger.debug("ID of your service %s:%s" %
                              (SERVICE_NAME, SERVICE_ID))

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2. Create role
            #
            ID_ROLE = self.idm.createRoleDomain(SERVICE_ADMIN_TOKEN,
                                                SERVICE_ID, NEW_ROLE_NAME)
            self.logger.debug("ID of user %s: %s" % (NEW_ROLE_NAME, ID_ROLE))

            #
            # 3. Provision policy provided in keypass
            #
            if XACML_POLICY:
                self.logger.debug("set XACML_POLICY %s for role %s" %
                                  (XACML_POLICY, ID_ROLE))
                self.ac.provisionPolicyByContent(SERVICE_NAME,
                                                 SERVICE_ADMIN_TOKEN, ID_ROLE,
                                                 XACML_POLICY)

            if NEW_ROLE_NAME == 'ServiceCustomer':
                self.logger.debug("set default XACML policies for role %s" %
                                  NEW_ROLE_NAME)
                self.ac.provisionPolicy(
                    SERVICE_NAME,
                    SERVICE_ADMIN_TOKEN,
                    ID_ROLE,
                    POLICY_FILE_NAME='policy-orion-customer2.xml')
                self.ac.provisionPolicy(
                    SERVICE_NAME,
                    SERVICE_ADMIN_TOKEN,
                    ID_ROLE,
                    POLICY_FILE_NAME='policy-perseo-customer2.xml')
                self.ac.provisionPolicy(
                    SERVICE_NAME,
                    SERVICE_ADMIN_TOKEN,
                    ID_ROLE,
                    POLICY_FILE_NAME='policy-iotagent-customer2.xml')
                self.ac.provisionPolicy(
                    SERVICE_NAME,
                    SERVICE_ADMIN_TOKEN,
                    ID_ROLE,
                    POLICY_FILE_NAME='policy-sth-customer2.xml')
                self.ac.provisionPolicy(
                    SERVICE_NAME,
                    SERVICE_ADMIN_TOKEN,
                    ID_ROLE,
                    POLICY_FILE_NAME='policy-keypass-customer2.xml')

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #21
0
ファイル: base.py プロジェクト: IstanbulBoy/orchestrator
    def __init__(self,
                 KEYSTONE_PROTOCOL,
                 KEYSTONE_HOST,
                 KEYSTONE_PORT,
                 KEYPASS_PROTOCOL=None,
                 KEYPASS_HOST=None,
                 KEYPASS_PORT=None,
                 IOTA_PROTOCOL="http",
                 IOTA_HOST="localhost",
                 IOTA_PORT="4041",
                 ORION_PROTOCOL="http",
                 ORION_HOST="localhost",
                 ORION_PORT="1026",
                 CA_PROTOCOL="http",
                 CA_HOST="localhost",
                 CA_PORT="9999",
                 PERSEO_PROTOCOL="http",
                 PERSEO_HOST="localhost",
                 PERSEO_PORT="9090",
                 TRANSACTION_ID=None,
                 CORRELATOR_ID=None):

        # Generate Transaction ID
        self.TRANSACTION_ID = uuid.uuid4()

        if not CORRELATOR_ID:
            self.CORRELATOR_ID = self.TRANSACTION_ID
        else:
            self.CORRELATOR_ID = CORRELATOR_ID

        self.logger = logging.getLogger('orchestrator_core')

        # Put collector into logger
        self.logger.addFilter(ContextFilterCorrelatorId(self.CORRELATOR_ID))
        self.logger.addFilter(ContextFilterTransactionId(self.TRANSACTION_ID))
        self.logger.addFilter(ContextFilterService(None))
        self.logger.addFilter(ContextFilterSubService(""))

        self.idm = IdMOperations(KEYSTONE_PROTOCOL,
                                 KEYSTONE_HOST,
                                 KEYSTONE_PORT)

        self.ac = AccCOperations(KEYPASS_PROTOCOL,
                                 KEYPASS_HOST,
                                 KEYPASS_PORT,
                                 CORRELATOR_ID=self.CORRELATOR_ID,
                                 TRANSACTION_ID=self.TRANSACTION_ID)

        self.iota = IoTAOperations(IOTA_PROTOCOL,
                                   IOTA_HOST,
                                   IOTA_PORT,
                                   CORRELATOR_ID=self.CORRELATOR_ID,
                                   TRANSACTION_ID=self.TRANSACTION_ID)

        self.cb = CBOperations(ORION_PROTOCOL,
                               ORION_HOST,
                               ORION_PORT,
                               CORRELATOR_ID=self.CORRELATOR_ID,
                               TRANSACTION_ID=self.TRANSACTION_ID)

        self.perseo = PerseoOperations(PERSEO_PROTOCOL,
                                       PERSEO_HOST,
                                       PERSEO_PORT,
                                       CORRELATOR_ID=self.CORRELATOR_ID,
                                       TRANSACTION_ID=self.TRANSACTION_ID)

        if CA_PROTOCOL:
            # CA for Blackbutton notification flow
            self.ca_endpoint = CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+"/v1"+"/notify"


        self.endpoints = {}
        self.iotmodules_aliases = {}

        if CA_PROTOCOL:
            # CA for Geolocation
            self.endpoints['CA'] = \
              CA_PROTOCOL + "://"+CA_HOST+":"+CA_PORT+""+"/v1/notifyGeolocation"

        self.sum = {
            "serviceTime": 0,
            "serviceTimeTotal": 0,
            "outgoingTransactions": 0,
            "outgoingTransactionRequestSize": 0,
            "outgoingTransactionResponseSize": 0,
            "outgoingTransactionErrors": 0,
        }
コード例 #22
0
    def updateUser(self,
                   SERVICE_NAME,
                   SERVICE_ID,
                   SERVICE_ADMIN_USER,
                   SERVICE_ADMIN_PASSWORD,
                   SERVICE_ADMIN_TOKEN,
                   USER_NAME,
                   USER_ID,
                   USER_DATA_VALUE):

        '''Update an User Service (aka domain user keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - USER_NAME: User name
        - USER_ID: User Id
        - USER_DATA_VALUE: user data value in json
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "USER_NAME": "%s" % USER_NAME,
            "USER_ID": "%s" % USER_ID,
            "USER_DATA_VALUE": "%s" % USER_DATA_VALUE
        }
        self.logger.debug("FLOW updateUser invoked with: %s" % json.dumps(
            data_log,
            indent=3)
        )
        try:
            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME,
                        SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID,
                        SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID,
                                                    SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2. Get user ID
            #
            if not USER_ID:
                USER_ID = self.idm.getDomainUserId(SERVICE_ADMIN_TOKEN,
                                                   SERVICE_ID,
                                                   USER_NAME)
            self.logger.debug("ID of user %s: %s" % (USER_NAME, USER_ID))

            #
            # 3. Updateuser
            #
            self.idm.updateUser(SERVICE_ADMIN_TOKEN,
                                USER_ID,
                                USER_DATA_VALUE)

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #23
0
    def users(self,
              SERVICE_NAME,
              SERVICE_ID,
              SERVICE_ADMIN_USER,
              SERVICE_ADMIN_PASSWORD,
              SERVICE_ADMIN_TOKEN,
              START_INDEX=None,
              COUNT=None):

        '''Get users.

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - START_INDEX: where pagination start
        - COUNT: number of results
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "START_INDEX": "%s" % START_INDEX,
            "COUNT": "%s" % COUNT,
        }
        self.logger.debug("FLOW users invoked with: %s" % json.dumps(
            data_log,
            indent=3)
        )
        try:
            if not SERVICE_ADMIN_TOKEN:
                if not SERVICE_ID:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken(
                        SERVICE_NAME,
                        SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
                    SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME)
                else:
                    SERVICE_ADMIN_TOKEN = self.idm.getToken2(
                        SERVICE_ID,
                        SERVICE_ADMIN_USER,
                        SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID,
                                                    SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            # SERVICE_ROLES = self.idm.getDomainRoles(SERVICE_ADMIN_TOKEN,
            #                                         SERVICE_ID)

            # self.logger.debug("SERVICE_ROLES=%s" %  json.dumps(SERVICE_ROLES,
            #                                               indent=3))

            SERVICE_USERS = self.idm.getDomainUsers(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID,
                                                    START_INDEX,
                                                    COUNT)

            self.logger.debug("SERVICE_USERS=%s" % json.dumps(SERVICE_USERS,
                                                         indent=3))

            # Get Roles de SubServicio

            # Listar los usuarios de un Servicio
            # Obtener roles de usuario

            # Listar los usuarios de un Subservicio

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code
コード例 #24
0
    def createNewServiceUser(self,
                             SERVICE_NAME,
                             SERVICE_ID,
                             SERVICE_ADMIN_USER,
                             SERVICE_ADMIN_PASSWORD,
                             SERVICE_ADMIN_TOKEN,
                             NEW_USER_NAME,
                             NEW_USER_PASSWORD,
                             NEW_USER_EMAIL,
                             NEW_USER_DESCRIPTION):
        '''Creates a new user Service (aka domain user keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_USER_NAME: New user name (required)
        - NEW_USER_PASSWORD: New user password (required)
        - NEW_USER_EMAIL: New user email (optional)
        - NEW_USER_DESCRIPTION: New user description (optional)
        Return:
        - id: New user Id
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN": self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "NEW_USER_NAME": "%s" % NEW_USER_NAME,
            "NEW_USER_PASSWORD": "******" % NEW_USER_PASSWORD,
            "NEW_USER_EMAIL": "%s" % NEW_USER_EMAIL,
            "NEW_USER_DESCRIPTION": "%s" % NEW_USER_DESCRIPTION
        }
        self.logger.debug("FLOW createNewServiceUser invoked with: %s" % json.dumps(
            data_log,
            indent=3)
        )
        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken(SERVICE_NAME,
                                                        SERVICE_ADMIN_USER,
                                                        SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            #
            # 1. Get service (aka domain)
            #
            if not SERVICE_ID:
                SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                  SERVICE_NAME)

            self.logger.debug("ID of your service %s:%s" % (SERVICE_NAME,
                                                       SERVICE_ID))

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID,
                                                    SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2.  Create user
            #
            ID_USER = self.idm.createUserDomain(SERVICE_ADMIN_TOKEN,
                                                SERVICE_ID,
                                                SERVICE_NAME,
                                                NEW_USER_NAME,
                                                NEW_USER_PASSWORD,
                                                NEW_USER_EMAIL,
                                                NEW_USER_DESCRIPTION)
            self.logger.debug("ID of user %s: %s" % (NEW_USER_NAME, ID_USER))

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #25
0
import json

from django.conf import settings

from orchestrator.core.keystone import IdMKeystoneOperations as IdMOperations
from orchestrator.core.keypass import AccCKeypassOperations as AccCOperations

from orchestrator.common.util import ContextFilterCorrelatorId
from orchestrator.common.util import ContextFilterTransactionId
from orchestrator.common.util import ContextFilterService
from orchestrator.common.util import ContextFilterSubService

logger = logging.getLogger('orchestrator_api')
logger.addFilter(ContextFilterCorrelatorId("n/a"))
logger.addFilter(ContextFilterTransactionId("n/a"))
logger.addFilter(ContextFilterService("None"))
logger.addFilter(ContextFilterSubService(""))

logger1 = logging.getLogger('orchestrator_core')
logger1.addFilter(ContextFilterCorrelatorId("n/a"))
logger1.addFilter(ContextFilterTransactionId("n/a"))
logger1.addFilter(ContextFilterService("None"))
logger1.addFilter(ContextFilterSubService(""))

logger2 = logging.getLogger('django')
logger2.addFilter(ContextFilterCorrelatorId("n/a"))
logger2.addFilter(ContextFilterTransactionId("n/a"))
logger2.addFilter(ContextFilterService("None"))
logger2.addFilter(ContextFilterSubService(""))

logger3 = logging.getLogger('django.request')
コード例 #26
0
    def createTrustToken(self, SERVICE_NAME, SERVICE_ID, SUBSERVICE_NAME,
                         SUBSERVICE_ID, SERVICE_ADMIN_USER,
                         SERVICE_ADMIN_PASSWORD, SERVICE_ADMIN_TOKEN,
                         ROLE_NAME, ROLE_ID, TRUSTEE_USER_NAME,
                         TRUSTEE_USER_ID, TRUSTOR_USER_NAME, TRUSTOR_USER_ID):
        '''Creates a trust token

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - SUBSERVICE_NAME: SubService name
        - SUBSERVICE_ID: SubService Id
        - SERVICE_ADMIN_USER: Service admin token
        - SERVICE_ADMIN_PASSWORD: Service admin token
        - SERVICE_ADMIN_TOKEN: Service admin token
        - ROLE_NAME: Role name
        - ROLE_ID: Role name
        - TRUSTEE_USER_NAME:
        - TRUSTEE_USER_ID:
        - TRUSTOR_USER_NAME:
        - TRUSTOR_USER_ID:
        Return:
        - token: Trust Token
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SUBSERVICE_NAME": "%s" % SUBSERVICE_NAME,
            "SUBSERVICE_ID": "%s" % SUBSERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "ROLE_NAME": "%s" % ROLE_NAME,
            "ROLE_ID": "%s" % ROLE_ID,
            "TRUSTEE_USER_NAME": "%s" % TRUSTEE_USER_NAME,
            "TRUSTEE_USER_ID": "%s" % TRUSTEE_USER_ID,
            "TRUSTOR_USER_NAME": "%s" % TRUSTOR_USER_NAME,
            "TRUSTOR_USER_ID": "%s" % TRUSTOR_USER_ID,
        }
        self.logger.debug("FLOW createTrustToken invoked with: %s" %
                          json.dumps(data_log, indent=3))

        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken(
                    SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            #
            # 1. Get service (aka domain)
            #
            if not SERVICE_ID and SERVICE_NAME:
                SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                  SERVICE_NAME)
                self.logger.debug("ID of your service %s" % SERVICE_ID)

            if not SERVICE_NAME:
                SERVICE = self.idm.getDomain(SERVICE_ADMIN_TOKEN, SERVICE_ID)
                SERVICE_NAME = SERVICE['domain']['name']
                self.logger.debug("ID of your service %s:%s" %
                                  (SERVICE_NAME, SERVICE_ID))
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))

            #
            # 2. Get SubService (aka project)
            #
            if not SUBSERVICE_ID and SUBSERVICE_NAME:
                SUBSERVICE_ID = self.idm.getProjectId(SERVICE_ADMIN_TOKEN,
                                                      SERVICE_NAME,
                                                      SUBSERVICE_NAME)
                self.logger.debug("ID of your subservice %s:%s" %
                                  (SUBSERVICE_NAME, SUBSERVICE_ID))
            self.logger.addFilter(ContextFilterSubService(SUBSERVICE_NAME))

            #
            # 3. Get role
            #
            if not ROLE_ID and ROLE_NAME:
                if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME:
                    ROLE_ID = self.idm.getUserRoleId(SERVICE_ADMIN_TOKEN,
                                                     SERVICE_ID, SUBSERVICE_ID,
                                                     ROLE_NAME)
                else:
                    ROLE_ID = self.idm.getDomainRoleId(SERVICE_ADMIN_TOKEN,
                                                       SERVICE_ID, ROLE_NAME)

                self.logger.debug("ID of role %s: %s" % (ROLE_NAME, ROLE_ID))

            #
            # 4. Get Trustee User
            #
            if not TRUSTEE_USER_ID and TRUSTEE_USER_NAME:
                # We are asuming that trustee belong to SERVICE!!
                if TRUSTEE_USER_NAME == "iotagent":
                    IOTAGENT_TOKEN = self.idm.getToken('default',
                                                       IOTAGENT['user'],
                                                       IOTAGENT['password'],
                                                       False)
                    TRUSTEE_USER_ID = self.idm.getUserId(
                        IOTAGENT_TOKEN, TRUSTEE_USER_NAME)
                else:
                    TRUSTEE_USER_ID = self.idm.getDomainUserId(
                        SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTEE_USER_NAME)
                self.logger.debug("ID of trustee user %s: %s" %
                                  (TRUSTEE_USER_NAME, TRUSTEE_USER_ID))

            #
            # 5. Get Trustor User
            #
            if not TRUSTOR_USER_ID and TRUSTOR_USER_NAME:
                if SERVICE_ADMIN_USER and SERVICE_ADMIN_USER == TRUSTOR_USER_NAME:
                    TRUSTOR_USER_ID = self.idm.getUserId(
                        SERVICE_ADMIN_TOKEN, TRUSTOR_USER_NAME)
                else:
                    TRUSTOR_USER_ID = self.idm.getDomainUserId(
                        SERVICE_ADMIN_TOKEN, SERVICE_ID, TRUSTOR_USER_NAME)
                self.logger.debug("ID of trustor user %s: %s" %
                                  (TRUSTOR_USER_NAME, TRUSTOR_USER_ID))

            #
            # 6. Create trust
            #
            ID_TRUST = self.idm.createTrustToken(SERVICE_ADMIN_TOKEN,
                                                 SUBSERVICE_ID, ROLE_ID,
                                                 TRUSTEE_USER_ID,
                                                 TRUSTOR_USER_ID)

            self.logger.debug("ID of Trust %s" % (ID_TRUST))

        except Exception, ex:
            self.logger.error(ex)
            return self.composeErrorCode(ex)
コード例 #27
0
    def createNewServiceGroup(self, SERVICE_NAME, SERVICE_ID,
                              SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD,
                              SERVICE_ADMIN_TOKEN, NEW_SERVICE_GROUP_NAME,
                              NEW_SERVICE_GROUP_DESCRIPTION):
        '''Creates a new group Service (aka domain group keystone).

        In case of HTTP error, return HTTP error

        Params:
        - SERVICE_NAME: Service name
        - SERVICE_ID: Service Id
        - SERVICE_ADMIN_USER: Service admin username
        - SERVICE_ADMIN_PASSWORD: Service admin password
        - SERVICE_ADMIN_TOKEN: Service admin token
        - NEW_SERVICE_GROUP_NAME: New group name (required)
        - NEW_SERVICE_GROUP_DESCRIPTION: New group description (optional)
        Return:
        - id: New group Id
        '''
        data_log = {
            "SERVICE_NAME": "%s" % SERVICE_NAME,
            "SERVICE_ID": "%s" % SERVICE_ID,
            "SERVICE_ADMIN_USER": "******" % SERVICE_ADMIN_USER,
            "SERVICE_ADMIN_PASSWORD": "******" % SERVICE_ADMIN_PASSWORD,
            "SERVICE_ADMIN_TOKEN":
            self.get_extended_token(SERVICE_ADMIN_TOKEN),
            "NEW_SERVICE_GROUP_NAME": "%s" % NEW_SERVICE_GROUP_NAME,
            "NEW_SERVICE_GROUP_DESCRIPTION":
            "%s" % NEW_SERVICE_GROUP_DESCRIPTION
        }
        self.logger.debug("FLOW createNewServiceGroup invoked with: %s" %
                          json.dumps(data_log, indent=3))
        try:
            if not SERVICE_ADMIN_TOKEN:
                SERVICE_ADMIN_TOKEN = self.idm.getToken(
                    SERVICE_NAME, SERVICE_ADMIN_USER, SERVICE_ADMIN_PASSWORD)
            self.logger.debug("SERVICE_ADMIN_TOKEN=%s" % SERVICE_ADMIN_TOKEN)

            #
            # 1. Get service (aka domain)
            #
            if not SERVICE_ID:
                SERVICE_ID = self.idm.getDomainId(SERVICE_ADMIN_TOKEN,
                                                  SERVICE_NAME)

            self.logger.debug("ID of your service %s:%s" %
                              (SERVICE_NAME, SERVICE_ID))

            # Ensure SERVICE_NAME
            SERVICE_NAME = self.ensure_service_name(SERVICE_ADMIN_TOKEN,
                                                    SERVICE_ID, SERVICE_NAME)
            self.logger.addFilter(ContextFilterService(SERVICE_NAME))
            self.logger.debug("SERVICE_NAME=%s" % SERVICE_NAME)

            #
            # 2.  Create group
            #
            ID_GROUP = self.idm.createGroupDomain(
                SERVICE_ADMIN_TOKEN, SERVICE_ID, SERVICE_NAME,
                NEW_SERVICE_GROUP_NAME, NEW_SERVICE_GROUP_DESCRIPTION)
            self.logger.debug("ID of group %s: %s" %
                              (NEW_SERVICE_GROUP_NAME, ID_GROUP))

        except Exception, ex:
            error_code = self.composeErrorCode(ex)
            self.logError(self.logger, error_code, ex)
            return error_code