def _rr(self): """ Returns the active resource registry instance or client. Used to directly contact the resource registry via the container if available, otherwise the messaging client to the RR service is returned. """ if self.container.has_capability('RESOURCE_REGISTRY'): return self.container.resource_registry if self._rr_client is None: self._rr_client = ResourceRegistryServiceProcessClient(process=self.container) return self._rr_client
def start(self): log.debug("GovernanceController starting ...") self._CFG = CFG self.enabled = CFG.get_safe( 'interceptor.interceptors.governance.config.enabled', False) if not self.enabled: log.warn("GovernanceInterceptor disabled by configuration") self.policy_event_subscriber = None # Containers default to not Org Boundary and ION Root Org self._is_container_org_boundary = CFG.get_safe( 'container.org_boundary', False) self._container_org_name = CFG.get_safe( 'container.org_name', CFG.get_safe('system.root_org', 'ION')) self._container_org_id = None self._system_root_org_name = CFG.get_safe('system.root_org', 'ION') self._is_root_org_container = ( self._container_org_name == self._system_root_org_name) self.system_actor_id = None self.system_actor_user_header = None self.rr_client = ResourceRegistryServiceProcessClient( process=self.container) self.policy_client = PolicyManagementServiceProcessClient( process=self.container) if self.enabled: config = CFG.get_safe('interceptor.interceptors.governance.config') self.initialize_from_config(config) self.policy_event_subscriber = EventSubscriber( event_type=OT.PolicyEvent, callback=self.policy_event_callback) self.policy_event_subscriber.start() self._policy_snapshot = self._get_policy_snapshot() self._log_policy_update("start_governance_ctrl", message="Container start")
def __init__(self, process, config, response_class): global sg_instance sg_instance = self self.name = "service_gateway" self.process = process self.config = config self.response_class = response_class self.gateway_base_url = process.gateway_base_url self.develop_mode = self.config.get_safe(CFG_PREFIX + ".develop_mode") is True self.require_login = self.config.get_safe(CFG_PREFIX + ".require_login") is True self.token_from_session = self.config.get_safe( CFG_PREFIX + ".token_from_session") is True # Optional list of trusted originators can be specified in config. self.trusted_originators = self.config.get_safe(CFG_PREFIX + ".trusted_originators") if not self.trusted_originators: self.trusted_originators = None log.info( "Service Gateway will not check requests against trusted originators since none are configured." ) # Service screening self.service_blacklist = self.config.get_safe( CFG_PREFIX + ".service_blacklist") or [] self.service_whitelist = self.config.get_safe( CFG_PREFIX + ".service_whitelist") or [] self.no_login_whitelist = set( self.config.get_safe(CFG_PREFIX + ".no_login_whitelist") or []) self.set_cors_headers = self.config.get_safe(CFG_PREFIX + ".set_cors") is True self.strict_types = self.config.get_safe(CFG_PREFIX + ".strict_types") is True # Swagger spec generation support self.swagger_cfg = self.config.get_safe(CFG_PREFIX + ".swagger_spec") or {} self._swagger_gen = None if self.swagger_cfg.get("enable", None) is True: self._swagger_gen = SwaggerSpecGenerator(config=self.swagger_cfg) # Get the user_cache_size self.user_cache_size = self.config.get_safe( CFG_PREFIX + ".user_cache_size", DEFAULT_USER_CACHE_SIZE) # Initialize an LRU Cache to keep user roles cached for performance reasons #maxSize = maximum number of elements to keep in cache #maxAgeMs = oldest entry to keep self.user_role_cache = LRUCache(self.user_cache_size, 0, 0) self.request_callback = None self.log_errors = self.config.get_safe(CFG_PREFIX + ".log_errors", True) self.rr_client = ResourceRegistryServiceProcessClient( process=self.process) self.idm_client = IdentityManagementServiceProcessClient( process=self.process) self.org_client = OrgManagementServiceProcessClient( process=self.process)