def _rr(self):
"""
Returns the active resource registry instance or client.
Used to directly contact the resource registry via the container if available,
otherwise the messaging client to the RR service is returned.
"""
if self.container.has_capability('RESOURCE_REGISTRY'):
return self.container.resource_registry
if self._rr_client is None:
self._rr_client = ResourceRegistryServiceProcessClient(process=self.container)
return self._rr_client
def start(self):
log.debug("GovernanceController starting ...")
self._CFG = CFG
self.enabled = CFG.get_safe(
'interceptor.interceptors.governance.config.enabled', False)
if not self.enabled:
log.warn("GovernanceInterceptor disabled by configuration")
self.policy_event_subscriber = None
# Containers default to not Org Boundary and ION Root Org
self._is_container_org_boundary = CFG.get_safe(
'container.org_boundary', False)
self._container_org_name = CFG.get_safe(
'container.org_name', CFG.get_safe('system.root_org', 'ION'))
self._container_org_id = None
self._system_root_org_name = CFG.get_safe('system.root_org', 'ION')
self._is_root_org_container = (
self._container_org_name == self._system_root_org_name)
self.system_actor_id = None
self.system_actor_user_header = None
self.rr_client = ResourceRegistryServiceProcessClient(
process=self.container)
self.policy_client = PolicyManagementServiceProcessClient(
process=self.container)
if self.enabled:
config = CFG.get_safe('interceptor.interceptors.governance.config')
self.initialize_from_config(config)
self.policy_event_subscriber = EventSubscriber(
event_type=OT.PolicyEvent, callback=self.policy_event_callback)
self.policy_event_subscriber.start()
self._policy_snapshot = self._get_policy_snapshot()
self._log_policy_update("start_governance_ctrl",
message="Container start")
def __init__(self, process, config, response_class):
global sg_instance
sg_instance = self
self.name = "service_gateway"
self.process = process
self.config = config
self.response_class = response_class
self.gateway_base_url = process.gateway_base_url
self.develop_mode = self.config.get_safe(CFG_PREFIX +
".develop_mode") is True
self.require_login = self.config.get_safe(CFG_PREFIX +
".require_login") is True
self.token_from_session = self.config.get_safe(
CFG_PREFIX + ".token_from_session") is True
# Optional list of trusted originators can be specified in config.
self.trusted_originators = self.config.get_safe(CFG_PREFIX +
".trusted_originators")
if not self.trusted_originators:
self.trusted_originators = None
log.info(
"Service Gateway will not check requests against trusted originators since none are configured."
)
# Service screening
self.service_blacklist = self.config.get_safe(
CFG_PREFIX + ".service_blacklist") or []
self.service_whitelist = self.config.get_safe(
CFG_PREFIX + ".service_whitelist") or []
self.no_login_whitelist = set(
self.config.get_safe(CFG_PREFIX + ".no_login_whitelist") or [])
self.set_cors_headers = self.config.get_safe(CFG_PREFIX +
".set_cors") is True
self.strict_types = self.config.get_safe(CFG_PREFIX +
".strict_types") is True
# Swagger spec generation support
self.swagger_cfg = self.config.get_safe(CFG_PREFIX +
".swagger_spec") or {}
self._swagger_gen = None
if self.swagger_cfg.get("enable", None) is True:
self._swagger_gen = SwaggerSpecGenerator(config=self.swagger_cfg)
# Get the user_cache_size
self.user_cache_size = self.config.get_safe(
CFG_PREFIX + ".user_cache_size", DEFAULT_USER_CACHE_SIZE)
# Initialize an LRU Cache to keep user roles cached for performance reasons
#maxSize = maximum number of elements to keep in cache
#maxAgeMs = oldest entry to keep
self.user_role_cache = LRUCache(self.user_cache_size, 0, 0)
self.request_callback = None
self.log_errors = self.config.get_safe(CFG_PREFIX + ".log_errors",
True)
self.rr_client = ResourceRegistryServiceProcessClient(
process=self.process)
self.idm_client = IdentityManagementServiceProcessClient(
process=self.process)
self.org_client = OrgManagementServiceProcessClient(
process=self.process)
