def list(self, filters=None, orders=None, offset=None, limit=None, hooks=None):
results = []
service_name = filters.get('serviceName', '') or ''
if not service_name:
raise exceptions.FieldRequired(
message=_('missing query param: %(attribute)s, eg. /v1/api?%(attribute)s=value') %
{'attribute': 'serviceName'})
client = wecube.WeCubeClient(CONF.wecube.base_url)
# subsys_token = cache.get_or_create(TOKEN_KEY, client.login_subsystem, expires=600)
# client.token = subsys_token
key = '/platform/v1/plugins/interfaces/enabled'
cached = cache.get(key, 15)
if cache.validate(cached):
resp = cached
else:
resp = client.retrieve('/platform/v1/plugins/interfaces/enabled')
cache.set(key, resp)
for interface in resp['data']:
if interface['serviceName'] == service_name:
for param in interface['inputParameters']:
results.append({
'type': param['dataType'],
'name': param['name'],
'value': 'inputParams.' + param['name']
})
return results
def cached_all(self, clusters, expires=3):
cached_key = 'k8s.' + ','.join([
cluster['id']
for cluster in sorted(clusters, key=lambda x: x['id'])
]) + '.' + self.__class__.__name__
cached_data = cache.get(cached_key, expires)
if not cache.validate(cached_data):
cached_data = self.all(clusters)
cache.set(cached_key, cached_data)
return cached_data
def get_token(base_url):
token = CONF.wecube_platform.token
if not CONF.wecube_platform.use_token:
token = cache.get(WECUBE_TOKEN)
if not cache.validate(token):
token = requests.post(base_url + '/auth/v1/api/login',
json={
"username":
CONF.wecube_platform.username,
"password": CONF.wecube_platform.password
}).json()['data'][1]['token']
cache.set(WECUBE_TOKEN, token)
return token
def list(self, filters=None, orders=None, offset=None, limit=None, hooks=None):
results = []
client = wecube.WeCubeClient(CONF.wecube.base_url)
# subsys_token = cache.get_or_create(TOKEN_KEY, client.login_subsystem, expires=600)
# client.token = subsys_token
key = '/platform/v1/plugins/interfaces/enabled'
cached = cache.get(key, 15)
if cache.validate(cached):
resp = cached
else:
resp = client.retrieve('/platform/v1/plugins/interfaces/enabled')
cache.set(key, resp)
results = resp['data']
return results
def wecmdb_ci_getter(expr_data, is_backref, guids, ci_mapping):
if expr_data['plugin'].lower() != 'wecmdb'.lower():
LOG.warning(
'wecmdb_ci_getter is for wecmdb only, but we got %s instead',
expr_data['plugin'])
return []
base_url = CONF.wecube_platform.base_url
token = get_token(base_url)
data = {'filters': expr_data['filters']}
# build json filters
if guids is not None:
if is_backref:
data['filters'].append({
'name': expr_data['backref_attribute'] + '.guid',
'operator': 'in',
'value': guids
})
else:
data['filters'].append({
'name': 'guid',
'operator': 'in',
'value': guids
})
ci_data_key = 'wecmdb/ci-types/%(ci)s' % {
'ci': ci_mapping[expr_data['ci']]
}
results = cache.get(ci_data_key, exipres=30)
if not cache.validate(results):
LOG.debug(
'wecmdb_ci_getter POST /wecmdb/ui/v2/ci-types/%s/ci-data/query' %
expr_data['ci'])
LOG.debug('wecmdb_ci_getter filters: %s', data)
resp = requests.post(base_url +
'/wecmdb/ui/v2/ci-types/%s/ci-data/query' %
ci_mapping[expr_data['ci']],
json={},
headers={'Authorization': 'Bearer ' + token})
results = resp.json()['data']['contents']
LOG.debug('wecmdb_ci_getter get %s result(all) length: %s' %
(expr_data['ci'], len(results)))
cache.set(ci_data_key, results)
results = [
ret for ret in results
if jsonfilter.match_all(data['filters'], ret['data'])
]
LOG.debug('wecmdb_ci_getter get %s result(filter) length: %s' %
(expr_data['ci'], len(results)))
return results
def wecube_expr_query(expr):
base_url = CONF.wecube.base_url
cache_key = 'wecube/expr/%s' % expr
results = cache.get(cache_key, exipres=3)
if not cache.validate(results):
LOG.debug('wecube_expr_query with %s' % expr)
cost_start = datetime.datetime.now()
client = wecube.WeCubeClient(base_url)
subsys_token = cache.get_or_create(TOKEN_KEY,
client.login_subsystem,
expires=600)
client.token = subsys_token
resp = client.post(
base_url + '/platform/v1/data-model/dme/integrated-query', {
'dataModelExpression': expr,
'filters': []
})
cost_end = datetime.datetime.now()
LOG.debug('wecube_expr_query time cost %s' % (cost_end - cost_start))
results = resp['data'] or []
cache.set(cache_key, results)
LOG.debug('wecube_expr_query result length: %s' % len(results))
return results
def _get_rules(self, data, boxes=None):
boxes = boxes or self.list(filters={
'policy.enabled': 1,
'subject.enabled': 1
})
rules = {}
hasher = hashlib.sha256()
hasher.update(json.dumps(data).encode('utf-8'))
digest = hasher.hexdigest()
LOG.debug('scope test with data - %s ...', str(data)[:4096])
for b in boxes:
LOG.debug('scope test of box[%s - %s]', b['id'], b['name'])
subject_included = False
for target in b['subject']['targets']:
target_included = True
# target with the same data is cached
key = 'scope/target/%s/data/%s' % (target['id'], digest)
cached = cache.get(key, 30)
if cache.validate(cached):
target_included = cached
LOG.debug('scope test of target[%s - %s]: %s',
target['id'], target['name'],
('accepted' if cached else 'rejected'))
else:
LOG.debug('scope test of target[%s - %s]', target['id'],
target['name'])
if target['enabled']:
if target['args_scope'] is not None:
target_included = scope.JsonScope(
target['args_scope']).is_match(data)
else:
target_included = True
if target_included:
LOG.debug('args scope: accepted')
if target['entity_scope'] is not None:
target_included = scope.WeCMDBScope(
target['entity_scope']).is_match(
data['entityInstances'])
else:
target_included = True
if target_included:
LOG.debug('entity scope: accepted')
else:
LOG.debug('entity scope: rejected')
else:
LOG.debug('args scope: rejected')
else:
LOG.debug('target: disabled')
target_included = False
cache.set(key, target_included)
if target_included:
subject_included = True
break
if subject_included:
# extend box rules(enabled)
for rule in b['policy']['rules']:
if rule['enabled']:
rules[rule['id']] = rule
LOG.debug('scope test of box[%s - %s]: accepted, rules: %s',
b['id'], b['name'], list(rules.keys()))
else:
LOG.debug('scope test of box[%s - %s]: rejected', b['id'],
b['name'])
return list(rules.values())
def _get_rules(self, data, boxes=None, without_subject_test=False):
boxes = boxes if boxes is not None else self.list(filters={
'policy.enabled': 1,
'subject.enabled': 1,
'enabled': 1
})
rules = {}
hasher = hashlib.sha256()
hasher.update(json.dumps(data).encode('utf-8'))
digest = hasher.hexdigest()
LOG.debug('scope test with data - %s ...', str(data)[:4096])
for b in boxes:
LOG.info('scope test of box[%s - %s]', b['id'], b['name'])
subject_included = False
if without_subject_test:
subject_included = True
else:
for target in b['subject']['targets']:
target_included = True
# target with the same data is cached
key = 'scope/target/%s/data/%s' % (target['id'], digest)
cached = cache.get(key, 10)
if cache.validate(cached):
target_included = cached
LOG.debug('scope test of target[%s - %s]: %s', target['id'], target['name'],
('accepted' if cached else 'rejected'))
else:
LOG.debug('scope test of target[%s - %s]', target['id'], target['name'])
if target['enabled']:
# jsonscope match & exprscope match
if target['args_scope']:
target_included = scope.JsonScope(target['args_scope']).is_match(data)
else:
target_included = True
if target_included:
LOG.debug('args scope: accepted')
if target['entity_scope']:
target_included = scope.WeCubeScope(target['entity_scope']).is_match(
data['entityInstances'], data.get('entityType', None))
else:
target_included = True
if target_included:
LOG.debug('entity scope: accepted')
else:
LOG.debug('entity scope: rejected')
else:
LOG.debug('args scope: rejected')
else:
LOG.debug('target: disabled')
target_included = False
cache.set(key, target_included)
# if any target are included, means subject is inlcuded
if target_included:
subject_included = True
break
if subject_included:
# extend box rules(enabled)
new_rules_map = {}
for rule in b['policy']['rules']:
if rule['enabled']:
new_rules_map[rule['id']] = rule
rules.update(new_rules_map)
LOG.info('scope test of box[%s - %s]: accepted, rules: %s', b['id'], b['name'],
list(new_rules_map.keys()))
else:
LOG.info('scope test of box[%s - %s]: rejected', b['id'], b['name'])
return list(rules.values())