class GovernanceController(object):
def __init__(self,container):
log.debug('GovernanceController.__init__()')
self.container = container
self.enabled = False
self.interceptor_by_name_dict = dict()
self.interceptor_order = []
self.policy_decision_point_manager = None
self.governance_dispatcher = None
def start(self):
log.debug("GovernanceController starting ...")
config = CFG.interceptor.interceptors.governance.config
if config is None:
config['enabled'] = False
if "enabled" in config:
self.enabled = config["enabled"]
log.debug("GovernanceInterceptor enabled: %s" % str(self.enabled))
self.resource_policy_event_subscriber = None
self.service_policy_event_subscriber = None
if self.enabled:
self.initialize_from_config(config)
self.resource_policy_event_subscriber = EventSubscriber(event_type="ResourcePolicyEvent", callback=self.resource_policy_event_callback)
self.resource_policy_event_subscriber.start()
self.service_policy_event_subscriber = EventSubscriber(event_type="ServicePolicyEvent", callback=self.service_policy_event_callback)
self.service_policy_event_subscriber.start()
self.rr_client = ResourceRegistryServiceProcessClient(node=self.container.node, process=self.container)
self.policy_client = PolicyManagementServiceProcessClient(node=self.container.node, process=self.container)
self.org_client = OrgManagementServiceProcessClient(node=self.container.node, process=self.container)
def initialize_from_config(self, config):
self.governance_dispatcher = GovernanceDispatcher()
self.policy_decision_point_manager = PolicyDecisionPointManager()
if 'interceptor_order' in config:
self.interceptor_order = config['interceptor_order']
if 'governance_interceptors' in config:
gov_ints = config['governance_interceptors']
for name in gov_ints:
interceptor_def = gov_ints[name]
# Instantiate and put in by_name array
parts = interceptor_def["class"].split('.')
modpath = ".".join(parts[:-1])
classname = parts[-1]
module = __import__(modpath, fromlist=[classname])
classobj = getattr(module, classname)
classinst = classobj()
# Put in by_name_dict for possible re-use
self.interceptor_by_name_dict[name] = classinst
def stop(self):
log.debug("GovernanceController stopping ...")
if self.resource_policy_event_subscriber is not None:
self.resource_policy_event_subscriber.stop()
if self.service_policy_event_subscriber is not None:
self.service_policy_event_subscriber.stop()
def process_incoming_message(self,invocation):
self.process_message(invocation, self.interceptor_order,'incoming' )
return self.governance_dispatcher.handle_incoming_message(invocation)
def process_outgoing_message(self,invocation):
self.process_message(invocation, reversed(self.interceptor_order),'outgoing')
return self.governance_dispatcher.handle_outgoing_message(invocation)
def process_message(self,invocation,interceptor_list, method):
for int_name in interceptor_list:
class_inst = self.interceptor_by_name_dict[int_name]
getattr(class_inst, method)(invocation)
return invocation
#Manage all of the policies in the container
def resource_policy_event_callback(self, *args, **kwargs):
resource_policy_event = args[0]
policy_id = resource_policy_event.origin
resource_id = resource_policy_event.resource_id
resource_type = resource_policy_event.resource_type
resource_name = resource_policy_event.resource_name
self.update_resource_access_policy(resource_id)
def service_policy_event_callback(self, *args, **kwargs):
service_policy_event = args[0]
policy_id = service_policy_event.origin
service_name = service_policy_event.service_name
if service_name:
if self.container.proc_manager.is_local_service_process(service_name):
self.update_service_access_policy(service_name)
else:
rules = self.policy_client.get_active_service_access_policy_rules('', CFG.container.org_name)
if self.policy_decision_point_manager is not None:
self.policy_decision_point_manager.load_common_service_policy_rules(rules)
#Reload all policies for existing services
for service_name in self.policy_decision_point_manager.get_list_service_policies():
if self.container.proc_manager.is_local_service_process(service_name):
self.update_service_access_policy(service_name)
def update_resource_access_policy(self, resource_id):
if self.policy_decision_point_manager is not None:
try:
policy_rules = self.policy_client.get_active_resource_access_policy_rules(resource_id)
self.policy_decision_point_manager.load_resource_policy_rules(resource_id, policy_rules)
except NotFound, e:
#If the resource does not exist, just ignore it - but log a warning.
log.warning("The resource %s is not found, so can't apply access policy" % resource_id)
pass
class GovernanceController(object):
def __init__(self, container):
log.debug('GovernanceController.__init__()')
self.container = container
self.enabled = False
self.interceptor_by_name_dict = dict()
self.interceptor_order = []
self.policy_decision_point_manager = None
self.governance_dispatcher = None
def start(self):
log.debug("GovernanceController starting ...")
config = CFG.interceptor.interceptors.governance.config
if config is None:
config['enabled'] = False
if "enabled" in config:
self.enabled = config["enabled"]
log.debug("GovernanceInterceptor enabled: %s" % str(self.enabled))
self.resource_policy_event_subscriber = None
self.service_policy_event_subscriber = None
if self.enabled:
self.initialize_from_config(config)
self.resource_policy_event_subscriber = EventSubscriber(
event_type="ResourcePolicyEvent",
callback=self.resource_policy_event_callback)
self.resource_policy_event_subscriber.start()
self.service_policy_event_subscriber = EventSubscriber(
event_type="ServicePolicyEvent",
callback=self.service_policy_event_callback)
self.service_policy_event_subscriber.start()
self.rr_client = ResourceRegistryServiceProcessClient(
node=self.container.node, process=self.container)
self.policy_client = PolicyManagementServiceProcessClient(
node=self.container.node, process=self.container)
self.org_client = OrgManagementServiceProcessClient(
node=self.container.node, process=self.container)
def initialize_from_config(self, config):
self.governance_dispatcher = GovernanceDispatcher()
self.policy_decision_point_manager = PolicyDecisionPointManager()
if 'interceptor_order' in config:
self.interceptor_order = config['interceptor_order']
if 'governance_interceptors' in config:
gov_ints = config['governance_interceptors']
for name in gov_ints:
interceptor_def = gov_ints[name]
# Instantiate and put in by_name array
parts = interceptor_def["class"].split('.')
modpath = ".".join(parts[:-1])
classname = parts[-1]
module = __import__(modpath, fromlist=[classname])
classobj = getattr(module, classname)
classinst = classobj()
# Put in by_name_dict for possible re-use
self.interceptor_by_name_dict[name] = classinst
def stop(self):
log.debug("GovernanceController stopping ...")
if self.resource_policy_event_subscriber is not None:
self.resource_policy_event_subscriber.stop()
if self.service_policy_event_subscriber is not None:
self.service_policy_event_subscriber.stop()
def process_incoming_message(self, invocation):
self.process_message(invocation, self.interceptor_order, 'incoming')
return self.governance_dispatcher.handle_incoming_message(invocation)
def process_outgoing_message(self, invocation):
self.process_message(invocation, reversed(self.interceptor_order),
'outgoing')
return self.governance_dispatcher.handle_outgoing_message(invocation)
def process_message(self, invocation, interceptor_list, method):
for int_name in interceptor_list:
class_inst = self.interceptor_by_name_dict[int_name]
getattr(class_inst, method)(invocation)
return invocation
#Manage all of the policies in the container
def resource_policy_event_callback(self, *args, **kwargs):
resource_policy_event = args[0]
policy_id = resource_policy_event.origin
resource_id = resource_policy_event.resource_id
resource_type = resource_policy_event.resource_type
resource_name = resource_policy_event.resource_name
self.update_resource_access_policy(resource_id)
def service_policy_event_callback(self, *args, **kwargs):
service_policy_event = args[0]
policy_id = service_policy_event.origin
service_name = service_policy_event.service_name
if service_name:
if self.container.proc_manager.is_local_service_process(
service_name):
self.update_service_access_policy(service_name)
else:
rules = self.policy_client.get_active_service_access_policy_rules(
'', CFG.container.org_name)
if self.policy_decision_point_manager is not None:
self.policy_decision_point_manager.load_common_service_policy_rules(
rules)
#Reload all policies for existing services
for service_name in self.policy_decision_point_manager.get_list_service_policies(
):
if self.container.proc_manager.is_local_service_process(
service_name):
self.update_service_access_policy(service_name)
def update_resource_access_policy(self, resource_id):
if self.policy_decision_point_manager is not None:
try:
policy_rules = self.policy_client.get_active_resource_access_policy_rules(
resource_id)
self.policy_decision_point_manager.load_resource_policy_rules(
resource_id, policy_rules)
except NotFound, e:
#If the resource does not exist, just ignore it - but log a warning.
log.warning(
"The resource %s is not found, so can't apply access policy"
% resource_id)
pass
