def update_process_policies(self,
process_instance,
safe_mode=False,
force_update=True):
"""
Load any applicable process policies for a container process.
To be called by when spawning a new process, or when policy is reset.
@param process_instance The ION process for which to load policy
@param safe_mode If True, will not attempt to read policy if Policy MS not available
"""
# NOTE: During restart, we rely on the bootstrap code to remove registration of Policy MS
if safe_mode and not self._is_policy_management_service_available():
if not is_testing() and (process_instance.name not in {
"resource_registry", "system_management", "directory",
"identity_management"
} and process_instance._proc_name != "event_persister"):
# We are in the early phases of bootstrapping
log.warn(
"update_process_policies(%s) - No update. Policy MS not available",
process_instance._proc_name)
self._log_policy_update(
"update_process_policies",
message="No update. Policy MS not available",
process=process_instance)
return
self._ensure_system_actor()
if process_instance._proc_type == PROCTYPE_SERVICE:
self.update_service_access_policy(
process_instance._proc_listen_name, force_update=force_update)
elif process_instance._proc_type == PROCTYPE_AGENT:
# Load any existing policies for this agent with type or name
if process_instance.resource_type is None:
self.update_service_access_policy(process_instance.name,
force_update=force_update)
else:
self.update_service_access_policy(
process_instance.resource_type, force_update=force_update)
if process_instance.resource_id:
# Load any existing policies for this resource
self.update_resource_access_policy(
process_instance.resource_id, force_update=force_update)
self._log_policy_update("update_process_policies",
message="Checked",
process=process_instance)
def update_container_policies(self, process_instance, safe_mode=False):
"""
Load any applicable process policies. To be called by the container proc manager after
registering a new process.
@param process_instance The ION process for which to load policy
@param safe_mode If True, will not attempt to read policy if Policy MS not available
"""
# This method can be called before policy management service is available during system startup
if safe_mode and not self._is_policy_management_service_available():
if not is_testing() and (process_instance.name not in (
"resource_registry", "system_management", "directory", "identity_management") and
process_instance._proc_name != "event_persister"):
# We are in the early phases of bootstrapping
log.warn("update_container_policies(%s) - No update. Policy MS not available" % process_instance._proc_name)
self._log_policy_update("update_container_policies",
message="No update. Policy MS not available",
process=process_instance)
return
# Need to check to set here to set after the system actor is created
if self.system_actor_id is None:
system_actor = get_system_actor()
if system_actor is not None:
self.system_actor_id = system_actor._id
self.system_actor_user_header = get_system_actor_header()
if process_instance._proc_type == SERVICE_PROCESS_TYPE:
# look to load any existing policies for this service
self.update_service_access_policy(process_instance._proc_listen_name)
elif process_instance._proc_type == AGENT_PROCESS_TYPE:
# look to load any existing policies for this agent service
if process_instance.resource_type is None:
self.update_service_access_policy(process_instance.name)
else:
self.update_service_access_policy(process_instance.resource_type)
if process_instance.resource_id:
# look to load any existing policies for this resource
self.update_resource_access_policy(process_instance.resource_id)
self._log_policy_update("update_container_policies",
message="Updated",
process=process_instance)
def update_container_policies(self, process_instance, safe_mode=False):
"""
This must be called after registering a new process to load any applicable policies
@param process_instance:
@return:
"""
#This method can be called before policy management service is available during system startup
if safe_mode and not self._is_policy_management_service_available():
if not is_testing():
log.warn("Requested update_container_policies() but ignore - Policy MS not available")
return
#Need to check to set here to set after the system actor is created
if self.system_actor_id is None:
system_actor = get_system_actor()
if system_actor is not None:
self.system_actor_id = system_actor._id
self.system_actor_user_header = get_system_actor_header()
if process_instance._proc_type == SERVICE_PROCESS_TYPE:
# look to load any existing policies for this service
self.update_service_access_policy(process_instance._proc_listen_name)
elif process_instance._proc_type == AGENT_PROCESS_TYPE:
# look to load any existing policies for this agent service
if process_instance.resource_type is None:
self.update_service_access_policy(process_instance.name)
else:
self.update_service_access_policy(process_instance.resource_type)
if process_instance.resource_id:
# look to load any existing policies for this resource
self.update_resource_access_policy(process_instance.resource_id)
def update_process_policies(self, process_instance, safe_mode=False, force_update=True):
"""
Load any applicable process policies for a container process.
To be called by when spawning a new process, or when policy is reset.
@param process_instance The ION process for which to load policy
@param safe_mode If True, will not attempt to read policy if Policy MS not available
"""
# NOTE: During restart, we rely on the bootstrap code to remove registration of Policy MS
if safe_mode and not self._is_policy_management_service_available():
if not is_testing() and (process_instance.name not in {"resource_registry", "system_management",
"directory", "identity_management"} and process_instance._proc_name != "event_persister"):
# We are in the early phases of bootstrapping
log.warn("update_process_policies(%s) - No update. Policy MS not available", process_instance._proc_name)
self._log_policy_update("update_process_policies",
message="No update. Policy MS not available",
process=process_instance)
return
self._ensure_system_actor()
if process_instance._proc_type == PROCTYPE_SERVICE:
self.update_service_access_policy(process_instance._proc_listen_name, force_update=force_update)
elif process_instance._proc_type == PROCTYPE_AGENT:
# Load any existing policies for this agent with type or name
if process_instance.resource_type is None:
self.update_service_access_policy(process_instance.name, force_update=force_update)
else:
self.update_service_access_policy(process_instance.resource_type, force_update=force_update)
if process_instance.resource_id:
# Load any existing policies for this resource
self.update_resource_access_policy(process_instance.resource_id, force_update=force_update)
self._log_policy_update("update_process_policies",
message="Checked",
process=process_instance)
def initialize_ion_int_tests():
# Bootstrap pyon CFG, logging and object/resource interfaces
bootstrap_pyon()
if bootstrap.is_testing():
IonIntegrationTestCase._force_clean(False)
pre_initialize_ion()
def initialize_ion_int_tests():
# Bootstrap pyon CFG, logging and object/resource interfaces
bootstrap_pyon()
if bootstrap.is_testing():
IonIntegrationTestCase._force_clean(False, initial=True)
pre_initialize_ion()
