示例#1
0
  def test_policyInvocation(self):
    cc = Mock()

    policies_modules = {'Site':['DT_Policy', 'GGUSTickets_Policy'],
                        'Service': ['PilotsEfficiency_Simple_Policy', 'JobsEfficiency_Simple_Policy'],
                        'Resource':['SAMResults_Policy', 'DT_Policy'],
                        'StorageElement':['SEOccupancy_Policy', 'TransferQuality_Policy']
                        }

    for g in ValidRes:
      for status in ValidStatus:
        self.mock_p.evaluate.return_value = {'Status':status,
                                             'Reason':'testReason',
                                             'PolicyName': 'test_P'}
        pc = PolicyCaller(commandCallerIn = cc)

        for pol_mod in policies_modules[g]:
          res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                    (g, 'XX'), None, pol_mod)
          self.assertEqual(res['Status'], status)

          res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                    None, None, pol_mod)
          self.assertEqual(res['Status'], status)

          for extraArgs in ((g, 'XX'), [(g, 'XX'), (g, 'XX')]):
            res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                      None, None, pol_mod, extraArgs)
            self.assertEqual(res['Status'], status)
示例#2
0
  def test_policyInvocation(self):
    cc = Mock()

    policies_modules = {'Site':['DT_Policy', 'GGUSTickets_Policy'],
                        'Service': ['PilotsEfficiency_Simple_Policy', 'JobsEfficiency_Simple_Policy'],
                        'Resource':['SAMResults_Policy', 'DT_Policy'],
                        'StorageElement':['SEOccupancy_Policy', 'TransferQuality_Policy']
                        }

    for g in ValidRes:
      for status in ValidStatus:
        self.mock_p.evaluate.return_value = {'Status':status,
                                             'Reason':'testReason',
                                             'PolicyName': 'test_P'}
        pc = PolicyCaller(commandCallerIn = cc)

        for pol_mod in policies_modules[g]:
          res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                    (g, 'XX'), None, pol_mod)
          self.assertEqual(res['Status'], status)

          res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                    None, None, pol_mod)
          self.assertEqual(res['Status'], status)

          for extraArgs in ((g, 'XX'), [(g, 'XX'), (g, 'XX')]):
            res = pc.policyInvocation(self.VO, g, 'XX', status, self.mock_p,
                                      None, None, pol_mod, extraArgs)
            self.assertEqual(res['Status'], status)
示例#3
0
    def __init__(self, clients=None):
        """ Constructor.

    examples:
      >>> pdp  = PDP( None )
      >>> pdp1 = PDP( {} )
      >>> pdp2 = PDP( { 'Client1' : Client1Object } )

    :Parameters:
      **clients** - [ None, `dict` ]
        dictionary with Clients to be used in the Commands. If None, the Commands
        will create their own clients.

    """

        # decision parameters used to match policies and actions
        self.decisionParams = None

        # Helpers to discover policies and RSS metadata in CS
        self.pCaller = PolicyCaller(clients)

        # RSS State Machine, used to calculate most penalizing state while merging them
        self.rssMachine = RSSMachine('Unknown')

        self.log = gLogger.getSubLogger('PDP')
示例#4
0
文件: PDP.py 项目: acasajus/DIRAC
    def __init__(self, clients):
        '''
      Constructor. Defines members that will be used later on.
    '''

        self.pCaller = PolicyCaller(clients=clients)
        self.iGetter = InfoGetter()

        self.decissionParams = {}
        self.rssMachine = RSSMachine('Unknown')
示例#5
0
文件: PDP.py 项目: DIRACGrid/DIRAC
  def __init__( self, clients = None ):
    """ Constructor.

    examples:
      >>> pdp  = PDP( None )
      >>> pdp1 = PDP( {} )
      >>> pdp2 = PDP( { 'Client1' : Client1Object } )

    :Parameters:
      **clients** - [ None, `dict` ]
        dictionary with Clients to be used in the Commands. If None, the Commands
        will create their own clients.

    """

    # decision parameters used to match policies and actions
    self.decisionParams = None

    # Helpers to discover policies and RSS metadata in CS
    self.pCaller = PolicyCaller( clients )

    # RSS State Machine, used to calculate most penalizing state while merging them
    self.rssMachine = RSSMachine( 'Unknown' )

    self.log = gLogger.getSubLogger( 'PDP' )
示例#6
0
文件: PDP.py 项目: quang-ifi/DIRAC
    def __init__(self, clients):
        """
      Constructor. Defines members that will be used later on.
    """

        self.pCaller = PolicyCaller(clients=clients)
        self.iGetter = InfoGetter()

        self.decissionParams = {}
        self.rssMachine = RSSMachine("Unknown")
示例#7
0
    def __init__(self, **clients):
        '''
      Constructor. Defines members that will be used later on.
    '''

        cc = CommandCaller()
        self.clients = clients
        self.pCaller = PolicyCaller(cc, **clients)
        self.iGetter = InfoGetter()

        self.__granularity = None
        self.__name = None
        self.__statusType = None
        self.__status = None
        self.__formerStatus = None
        self.__reason = None
        self.__siteType = None
        self.__serviceType = None
        self.__resourceType = None
        self.__useNewRes = None
示例#8
0
文件: PDP.py 项目: remenska/DIRAC
  def __init__(self, VOExtension, granularity = None, name = None, status = None, formerStatus = None,
               reason = None, siteType = None, serviceType = None, resourceType = None,
               useNewRes = False):
    """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`VOExtension`: string - VO extension (e.g. 'LHCb')

      :attr:`granularity`: string - a ValidRes

      :attr:`name`: string - name (e.g. of a site)

      :attr:`status`: string - status

      :attr:`formerStatus`: string - former status

      :attr:`reason`: string - optional reason for last status change

      :attr:`siteType`: string - optional site type

      :attr:`serviceType`: string - optional service type

      :attr:`resourceType`: string - optional resource type
    """

    self.VOExtension = VOExtension

    self.__granularity  = assignOrRaise(granularity, ValidRes, InvalidRes, self, self.__init__)
    self.__name         = name
    self.__status       = assignOrRaise(status, ValidStatus, InvalidStatus, self, self.__init__)
    self.__formerStatus = assignOrRaise(formerStatus, ValidStatus, InvalidStatus, self, self.__init__)
    self.__reason       = reason
    self.__siteType     = assignOrRaise(siteType, ValidSiteType, InvalidSiteType, self, self.__init__)
    self.__serviceType  = assignOrRaise(serviceType, ValidServiceType, InvalidServiceType, self, self.__init__)
    self.__resourceType = assignOrRaise(resourceType, ValidResourceType, InvalidResourceType, self, self.__init__)

    cc      = CommandCaller()
    self.pc = PolicyCaller(cc)

    self.useNewRes = useNewRes

    self.args      = None
    self.policy    = None
    self.knownInfo = None
    self.ig        = None
示例#9
0
文件: PDP.py 项目: bmb/DIRAC
  def __init__( self, **clients ):
    '''
      Constructor. Defines members that will be used later on.
    '''
    
    cc                  = CommandCaller()
    self.clients        = clients
    self.pCaller        = PolicyCaller( cc, **clients )
    self.iGetter        = InfoGetter()

    self.__granularity  = None
    self.__name         = None
    self.__statusType   = None
    self.__status       = None
    self.__formerStatus = None
    self.__reason       = None
    self.__siteType     = None
    self.__serviceType  = None
    self.__resourceType = None
    self.__useNewRes    = None
示例#10
0
文件: PDP.py 项目: cgrefe/DIRAC
class PDP:
  """
    The PDP (Policy Decision Point) module is used to:
    1. Decides which policies have to be applied.
    2. Invokes an evaluation of the policies, and returns the result (to a PEP)
  """

  def __init__( self, clients ):
    '''
      Constructor. Defines members that will be used later on.
    '''
    
    self.pCaller         = PolicyCaller( clients = clients )
    self.iGetter         = InfoGetter()

    self.decissionParams = {}  
    self.rssMachine      = RSSMachine( 'Unknown' )

  def setup( self, decissionParams = None ):

    standardParamsDict = {
                          'element'     : None,
                          'name'        : None,
                          'elementType' : None,
                          'statusType'  : None,
                          'status'      : None,
                          'reason'      : None,
                          'tokenOwner'  : None,
                          # Last parameter allows policies to be deactivated
                          'active'      : 'Active'
                          }

    if decissionParams is not None:
      standardParamsDict.update( decissionParams )
      
    self.decissionParams = standardParamsDict  
        
################################################################################

  def takeDecision( self ):#, policyIn = None, argsIn = None, knownInfo = None ):
    """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            #'EndDate: datetime.datetime (in a string)}
    """

    policiesThatApply = self.iGetter.getPoliciesThatApply( self.decissionParams )
    if not policiesThatApply[ 'OK' ]:
      return policiesThatApply
    policiesThatApply = policiesThatApply[ 'Value' ]
    
    singlePolicyResults   = self._runPolicies( policiesThatApply )
    if not singlePolicyResults[ 'OK' ]:
      return singlePolicyResults
    singlePolicyResults = singlePolicyResults[ 'Value' ]    
        
    policyCombinedResults = self._combineSinglePolicyResults( singlePolicyResults )
    if not policyCombinedResults[ 'OK' ]:
      return policyCombinedResults
    policyCombinedResults = policyCombinedResults[ 'Value' ]

    #FIXME: should also pass the result of the combination to the InfoGetter ?

    policyActionsThatApply = self.iGetter.getPolicyActionsThatApply( self.decissionParams )
    if not policyActionsThatApply[ 'OK' ]:
      return policyActionsThatApply
    policyActionsThatApply = policyActionsThatApply[ 'Value' ]
           
    policyCombinedResults[ 'PolicyAction' ] = policyActionsThatApply

    return S_OK( 
                { 
                 'singlePolicyResults'  : singlePolicyResults,
                 'policyCombinedResult' : policyCombinedResults,
                 'decissionParams'      : self.decissionParams 
                 }
                )

################################################################################

  def _runPolicies( self, policies, decissionParams = None ):
    
    if decissionParams is None:
      decissionParams = self.decissionParams
    
    validStatus             = RssConfiguration.getValidStatus()
    if not validStatus[ 'OK' ]:
      return validStatus
    validStatus = validStatus[ 'Value' ]
       
    policyInvocationResults = []
    
    for policyDict in policies:
      
      policyInvocationResult = self.pCaller.policyInvocation( decissionParams,
                                                              policyDict ) 
      if not policyInvocationResult[ 'OK' ]:
        # We should never enter this line ! Just in case there are policies
        # missconfigured !
        _msg = 'runPolicies no OK: %s' % policyInvocationResult
        gLogger.error( _msg )
        return S_ERROR( _msg )
       
      policyInvocationResult = policyInvocationResult[ 'Value' ]
      
      if not 'Status' in policyInvocationResult:
        _msg = 'runPolicies (no Status): %s' % policyInvocationResult
        gLogger.error( _msg )
        return S_ERROR( _msg )
        
      if not policyInvocationResult[ 'Status' ] in validStatus:
        _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult[ 'Status' ]
        gLogger.error( _msg )
        return S_ERROR( _msg )

      if not 'Reason' in policyInvocationResult:
        _msg = 'runPolicies (no Reason): %s' % policyInvocationResult
        gLogger.error( _msg )
        return S_ERROR( _msg )
       
      policyInvocationResults.append( policyInvocationResult )
      
    return S_OK( policyInvocationResults )   
    
################################################################################

  def _combineSinglePolicyResults( self, singlePolicyRes ):
    '''
      singlePolicyRes = [ { 'State' : X, 'Reason' : Y, ... }, ... ]
      
      If there are no policyResults, returns Unknown as there are no policies to
      apply.
      
      Order elements in list by state, being the lowest the most restrictive
      one in the hierarchy.
   
    '''

    # Dictionary to be returned
    policyCombined = { 
                       'Status'       : None,
                       'Reason'       : ''
                      }

    # If there are no policyResults, we return Unknown    
    if not singlePolicyRes:
      
      _msgTuple = ( self.decissionParams[ 'element' ], self.decissionParams[ 'name' ],
                    self.decissionParams[ 'elementType' ] )
      
      policyCombined[ 'Status' ] = 'Unknown'
      policyCombined[ 'Reason' ] = 'No policy applies to %s, %s, %s' % _msgTuple 
      
      return S_OK( policyCombined )

    # We set the rssMachine on the current state
    machineStatus = self.rssMachine.setState( self.decissionParams[ 'status' ] )
    if not machineStatus[ 'OK' ]:
      return machineStatus
    
    # Order statuses by most restrictive ( lower level first )
    self.rssMachine.orderPolicyResults( singlePolicyRes )
    #policyResults = self.rssMachine.orderPolicyResults( singlePolicyRes )
        
    # Get according to the RssMachine the next state, given a candidate    
    candidateState = singlePolicyRes[ 0 ][ 'Status' ]
    nextState      = self.rssMachine.getNextState( candidateState )
    
    if not nextState[ 'OK' ]:
      return nextState
    nextState = nextState[ 'Value' ]
    
    # If the RssMachine does not accept the candidate, return forcing message
    if candidateState != nextState:
                
      policyCombined[ 'Status' ] = nextState
      policyCombined[ 'Reason' ] = 'RssMachine forced status %s to %s' % ( candidateState, nextState )
      return S_OK( policyCombined )
    
    # If the RssMachine accepts the candidate, just concatenate the reasons
    for policyRes in singlePolicyRes:
      
      if policyRes[ 'Status' ] == nextState:
        policyCombined[ 'Reason' ] += '%s ###' % policyRes[ 'Reason' ]  
        
    policyCombined[ 'Status' ] = nextState
    
    return S_OK( policyCombined )                             

################################################################################

#  def __useOldPolicyRes( self, name, policyName ):
#    '''
#     Use the RSS Service to get an old policy result.
#     If such result is older than 2 hours, it returns {'Status':'Unknown'}
#    '''
#    res = self.clients[ 'ResourceManagementClient' ].getPolicyResult( name = name, policyName = policyName )
#    
#    if not res[ 'OK' ]:
#      return { 'Status' : 'Unknown' }
#    
#    res = res[ 'Value' ]
#
#    if res == []:
#      return { 'Status' : 'Unknown' }
#
#    res = res[ 0 ]
#
#    oldStatus     = res[ 5 ]
#    oldReason     = res[ 6 ]
#    lastCheckTime = res[ 8 ]
#
#    if ( lastCheckTime + datetime.timedelta(hours = 2) ) < datetime.datetime.utcnow():
#      return { 'Status' : 'Unknown' }
#
#    result = {}
#
#    result[ 'Status' ]     = oldStatus
#    result[ 'Reason' ]     = oldReason
#    result[ 'OLD' ]        = True
#    result[ 'PolicyName' ] = policyName
#
#    return result

################################################################################
#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF
示例#11
0
class PDP(object):
    """ PDP ( Policy Decision Point )
  """
    def __init__(self, clients=None):
        """ Constructor.

    examples:
      >>> pdp  = PDP( None )
      >>> pdp1 = PDP( {} )
      >>> pdp2 = PDP( { 'Client1' : Client1Object } )

    :Parameters:
      **clients** - [ None, `dict` ]
        dictionary with Clients to be used in the Commands. If None, the Commands
        will create their own clients.

    """

        # decision parameters used to match policies and actions
        self.decisionParams = None

        # Helpers to discover policies and RSS metadata in CS
        self.pCaller = PolicyCaller(clients)

        # RSS State Machine, used to calculate most penalizing state while merging them
        self.rssMachine = RSSMachine('Unknown')

        self.log = gLogger.getSubLogger('PDP')

    def setup(self, decisionParams=None):
        """ method that sanitizes the decisionParams and ensures that at least it has
    the keys in `standardParamsDict`. This will be relevant while doing the matching
    with the RSS Policies configuration in the CS.
    There is one key-value pair, `active` which is added on this method. This allows
    policies to be de-activated from the CS, changing their active matchParam to
    something else than `Active`.

    examples:
      >>> pdp.setup( None )
      >>> self.decisionParams
          { 'element' : None, 'name' : None, ... }
      >>> pdp.setup( { 'element' : 'AnElement' } )
      >>> self.decisionParams
          { 'element' : 'AnElement', 'name' : None, ... }
      >>> pdp.setup( { 'NonStandardKey' : 'Something' } )
      >>> self.decisionParams
          { 'NonStandardKey' : 'Something', 'element' : None,... }

    :Parameters:
      **decisionParams** - [ None, `dict` ]
        dictionary with the parameters to be matched with the RSS Policies configuration
        in the CS.

    """

        standardParamsDict = {
            'element': None,
            'name': None,
            'elementType': None,
            'statusType': None,
            'status': None,
            'reason': None,
            'tokenOwner': None,
            # Last parameter allows policies to be de-activated
            'active': 'Active'
        }

        if decisionParams is not None:
            standardParamsDict.update(decisionParams)
            if standardParamsDict['element'] is not None:
                self.log = gLogger.getSubLogger('PDP/%s' %
                                                standardParamsDict['element'])
                if standardParamsDict['name'] is not None:
                    self.log = gLogger.getSubLogger(
                        'PDP/%s/%s' % (standardParamsDict['element'],
                                       standardParamsDict['name']))
                    self.log.verbose("Setup - statusType: %s, status: %s" %
                                     (standardParamsDict['statusType'],
                                      standardParamsDict['status']))
            self.decisionParams = standardParamsDict

    def takeDecision(self):
        """ main PDP method which does all the work. If firstly finds all the policies
    defined in the CS that match <self.decisionParams> and runs them. Once it has
    all the singlePolicyResults, it combines them. Next step is action discovery:
    using a similar approach to the one used to discover the policies, but also
    taking into account the single policy results and their combined result, finds
    the actions to be triggered and returns.

    examples:
      >>> pdp.takeDecision()['Value'].keys()
          ['singlePolicyResults', 'policyCombinedResult', 'decisionParams']
      >>> pdp.takeDecision()['Value']['singlePolicyResults']
          [ { 'Status' : 'Active',
              'Reason' : 'blah',
              'Policy' : { 'name'        : 'AlwaysActiveForResource',
                           'type'        : 'AlwaysActive',
                           'module'      : 'AlwaysActivePolicy',
                           'description' : 'This is the AlwaysActive policy'
                           'command'     : None,
                           'args'        : {}
                         }
            }, ... ]
      >>> pdp.takeDecision()['Value']['policyCombinedResult']
          { 'Status'       : 'Active',
            'Reason'       : 'blah ###',
            'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ]
          }

    :return: S_OK( { 'singlePolicyResults'  : `list`,
                     'policyCombinedResult' : `dict`,
                     'decisionParams'      : `dict` } ) / S_ERROR

    """
        if self.decisionParams is None:
            return S_OK({
                'singlePolicyResults': [],
                'policyCombinedResult': {},
                'decisionParams': self.decisionParams
            })

        self.log.verbose("Taking decision")

        # Policies..................................................................

        # Get policies that match self.decisionParams
        policiesThatApply = getPoliciesThatApply(self.decisionParams)
        if not policiesThatApply['OK']:
            return policiesThatApply
        policiesThatApply = policiesThatApply['Value']
        self.log.verbose("Policies that apply: %s" %
                         ', '.join([po['name'] for po in policiesThatApply]))

        # Evaluate policies
        singlePolicyResults = self._runPolicies(policiesThatApply)
        if not singlePolicyResults['OK']:
            return singlePolicyResults
        singlePolicyResults = singlePolicyResults['Value']
        self.log.verbose("Single policy results: %s" % singlePolicyResults)

        # Combine policies and get most penalizing status ( see RSSMachine )
        policyCombinedResults = self._combineSinglePolicyResults(
            singlePolicyResults)
        if not policyCombinedResults['OK']:
            return policyCombinedResults
        policyCombinedResults = policyCombinedResults['Value']
        self.log.verbose("Combined policy result: %s" % policyCombinedResults)

        # Actions...................................................................

        policyActionsThatApply = getPolicyActionsThatApply(
            self.decisionParams, singlePolicyResults, policyCombinedResults)
        if not policyActionsThatApply['OK']:
            return policyActionsThatApply
        policyActionsThatApply = policyActionsThatApply['Value']
        self.log.verbose("Policy actions that apply: %s" %
                         ','.join(pata[0] for pata in policyActionsThatApply))

        policyCombinedResults['PolicyAction'] = policyActionsThatApply

        return S_OK({
            'singlePolicyResults': singlePolicyResults,
            'policyCombinedResult': policyCombinedResults,
            'decisionParams': self.decisionParams
        })

    def _runPolicies(self, policies):
        """ Given a list of policy dictionaries, loads them making use of the PolicyCaller
    and evaluates them. This method requires to have run setup previously.

    examples:
      >>> pdp._runPolicies([])['Value']
          []
      >>> policyDict = { 'name'        : 'AlwaysActiveResource',
                         'type'        : 'AlwaysActive',
                         'args'        : None,
                         'description' : 'This is the AlwaysActive policy',
                         'module'      : 'AlwaysActivePolicy',
                         'command'     : None }
      >>> pdp._runPolicies([ policyDict, ... ] )['Value']
          [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict }, ... ]

    :Parameters:
      **policies** - `list( dict )`
        list of dictionaries containing the policies selected to be run. Check the
        examples to get an idea of how the policy dictionaries look like.

    :return: S_OK() / S_ERROR

    """

        policyInvocationResults = []

        # Gets all valid status for RSS to avoid misconfigured policies returning statuses
        # that RSS does not understand.
        validStatus = self.rssMachine.getStates()

        for policyDict in policies:

            # Load and evaluate policy described in <policyDict> for element described
            # in <self.decisionParams>
            policyInvocationResult = self.pCaller.policyInvocation(
                self.decisionParams, policyDict)
            if not policyInvocationResult['OK']:
                # We should never enter this line ! Just in case there are policies
                # missconfigured !
                _msg = 'runPolicies no OK: %s' % policyInvocationResult
                self.log.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResult = policyInvocationResult['Value']

            # Sanity Checks ( they should never happen ! )
            if not 'Status' in policyInvocationResult:
                _msg = 'runPolicies (no Status): %s' % policyInvocationResult
                self.log.error(_msg)
                return S_ERROR(_msg)

            if not policyInvocationResult['Status'] in validStatus:
                _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult[
                    'Status']
                self.log.error(_msg)
                return S_ERROR(_msg)

            if not 'Reason' in policyInvocationResult:
                _msg = 'runPolicies (no Reason): %s' % policyInvocationResult
                self.log.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResults.append(policyInvocationResult)

        return S_OK(policyInvocationResults)

    def _combineSinglePolicyResults(self, singlePolicyRes):
        """ method that merges all the policies results into a combined one, which
    will be the most penalizing status and the reasons of the single policy
    results that returned the same penalizing status. All the rest, are ignored.
    If there are no single policy results, it is returned `Unknown` state. While
    combining policies, the ones containing the option `doNotCombine` are ignored.

    examples:
      >>> pdp._combineSingePolicyResults( [] )['Value']
          { 'Status' : 'Unknown', 'Reason' : 'No policy ..' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict } ] )
          { 'Status' : 'Active', 'Reason' : 'blah' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict },
                                            { 'Status' : 'Banned', 'Reason' : 'blah 2', 'Policy' : policyDict2 } ] )
          { 'Status' : 'Banned', 'Reason' : 'blah 2' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict },
                                            { 'Status' : 'Active', 'Reason' : 'blah 2', 'Policy' : policyDict2 } ] )
          { 'Status' : 'Banned', 'Reason' : 'blah ### blah 2' }

    :Parameters:
      **singlePolicyRes** - `list( dict )`
        list with every single policy result to be combined ( see _runPolicy for more details )

    :return: S_OK( dict( Status, Reason ) | S_ERROR

    """

        # Dictionary to be returned
        policyCombined = {
            'Status':
            'Unknown',  # default, it should be overridden by the policies, if they exist
            'Reason': ''
        }

        # If there are no policyResults, we return Unknown
        if not singlePolicyRes:
            policyCombined[
                'Reason'] = 'No policy applies to %(element)s, %(name)s, %(elementType)s' % self.decisionParams
            self.log.warn(policyCombined['Reason'])
            return S_OK(policyCombined)

        # We set the rssMachine on the current state ( ensures it is a valid one )
        # FIXME: probably this check can be done at takeDecision
        machineStatus = self.rssMachine.setState(self.decisionParams['status'])
        if not machineStatus['OK']:
            return machineStatus

        # Discard all single policy results which belongs to policies that have set
        # the option `doNotCombine` in the CS
        policiesToCombine = self._findPoliciesToCombine(singlePolicyRes)

        # Sort policy results using ther statuses by most restrictive ( lower level first )
        self.rssMachine.orderPolicyResults(policiesToCombine)

        # As they have been sorted by most restrictive status, the first one is going
        # to be our candidate new state. Let's ask the RSSMachine if it allows us to
        # make such transition.
        candidateState = policiesToCombine[0]['Status']
        nextState = self.rssMachine.getNextState(candidateState)

        if not nextState['OK']:
            return nextState
        nextState = nextState['Value']

        # If the RssMachine does not accept the candidate, return forcing message
        if candidateState != nextState:

            policyCombined['Status'] = nextState
            policyCombined['Reason'] = 'RssMachine forced status %s to %s' % (
                candidateState, nextState)
            return S_OK(policyCombined)

        # If the RssMachine accepts the candidate, just concatenate the reasons
        for policyRes in policiesToCombine:

            if policyRes['Status'] == nextState:
                policyCombined['Reason'] += '%s ###' % policyRes['Reason']

        policyCombined['Status'] = nextState

        return S_OK(policyCombined)

    def _findPoliciesToCombine(self, singlePolicyRes):
        """ method that iterates over the single policy results and checks the CS
    configuration of the policies looking for the option 'doNotCombine'. If it is
    present, that single policy result is discarded.

    :Parameters:
      **singlePolicyRes** - `list( dict )`
        list with every single policy result to be combined ( see _runPolicy for more details )

    :return: `list( dict )`

    """

        # Get policies configuration from the CS. We want to exclude the policies that
        # have set the option `doNotCombine` from this process.
        policiesConfiguration = RssConfiguration.getPolicies()
        if not policiesConfiguration['OK']:
            return policiesConfiguration
        policiesConfiguration = policiesConfiguration['Value']

        # Function that let's us know if we should combine the result of a single policy
        # or not.
        def combinePolicy(policyResult):
            # Extract policy name from the dictionary returned by PolicyCaller
            policyName = policyResult['Policy']['name']
            try:
                # If doNotCombineResult is defined, the policy is not taken into account
                # to create the combined result. However, the single policy result remains
                _ = policiesConfiguration[policyName]['doNotCombineResult']
                return False
            except KeyError:
                return True

        # Make a list of policies of which we want to merge their results
        return [
            policyResult for policyResult in singlePolicyRes
            if combinePolicy(policyResult)
        ]
示例#12
0
文件: PDP.py 项目: remenska/DIRAC
class PDP:
  """
  PDP = Policy Decision Point.

  Used to invoke policies and to take decision based on the polict results combination.
  """

#############################################################################

  def __init__(self, VOExtension, granularity = None, name = None, status = None, formerStatus = None,
               reason = None, siteType = None, serviceType = None, resourceType = None,
               useNewRes = False):
    """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`VOExtension`: string - VO extension (e.g. 'LHCb')

      :attr:`granularity`: string - a ValidRes

      :attr:`name`: string - name (e.g. of a site)

      :attr:`status`: string - status

      :attr:`formerStatus`: string - former status

      :attr:`reason`: string - optional reason for last status change

      :attr:`siteType`: string - optional site type

      :attr:`serviceType`: string - optional service type

      :attr:`resourceType`: string - optional resource type
    """

    self.VOExtension = VOExtension

    self.__granularity  = assignOrRaise(granularity, ValidRes, InvalidRes, self, self.__init__)
    self.__name         = name
    self.__status       = assignOrRaise(status, ValidStatus, InvalidStatus, self, self.__init__)
    self.__formerStatus = assignOrRaise(formerStatus, ValidStatus, InvalidStatus, self, self.__init__)
    self.__reason       = reason
    self.__siteType     = assignOrRaise(siteType, ValidSiteType, InvalidSiteType, self, self.__init__)
    self.__serviceType  = assignOrRaise(serviceType, ValidServiceType, InvalidServiceType, self, self.__init__)
    self.__resourceType = assignOrRaise(resourceType, ValidResourceType, InvalidResourceType, self, self.__init__)

    cc      = CommandCaller()
    self.pc = PolicyCaller(cc)

    self.useNewRes = useNewRes

    self.args      = None
    self.policy    = None
    self.knownInfo = None
    self.ig        = None


#############################################################################

  def takeDecision(self, policyIn=None, argsIn=None, knownInfo=None):
    """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            'EndDate: datetime.datetime (in a string)}
    """

    self.args = argsIn
    self.policy = policyIn
    self.knownInfo = knownInfo


    self.ig = InfoGetter(self.VOExtension)

    EVAL = self.ig.getInfoToApply(('policy', 'policyType'),
                                  granularity = self.__granularity,
                                  status = self.__status,
                                  formerStatus = self.__formerStatus,
                                  siteType = self.__siteType,
                                  serviceType = self.__serviceType,
                                  resourceType = self.__resourceType,
                                  useNewRes = self.useNewRes)

    policyCombinedResultsList = []

    for policyGroup in EVAL:

      policyType = policyGroup['PolicyType']

      if self.policy is not None:
        # Only the policy provided will be evaluated
        # FIXME: Check that the policies are valid.
        singlePolicyResults = self.policy.evaluate()
      else:
        if policyGroup['Policies'] is None:
          return {'SinglePolicyResults' : [],
                  'PolicyCombinedResult' : [{'PolicyType': policyType,
                                             'Action': False,
                                             'Reason':'No policy results'}]}
        else:
          singlePolicyResults = self._invocation(self.VOExtension, self.__granularity,
                                                 self.__name, self.__status, self.policy,
                                                 self.args, policyGroup['Policies'])

      policyCombinedResults = self._policyCombination(singlePolicyResults)

      if not policyCombinedResults:
        return { 'SinglePolicyResults': singlePolicyResults,
                 'PolicyCombinedResult': [] }


      #
      # policy results communication
      #

      newstatus = policyCombinedResults['Status']

      if newstatus != self.__status: # Policies satisfy
        reason = policyCombinedResults['Reason']
        newPolicyType = self.ig.getNewPolicyType(self.__granularity, newstatus)
        for npt in newPolicyType:
          if npt not in policyType:
            policyType.append(npt)
        decision = { 'PolicyType': policyType, 'Action': True, 'Status': newstatus, 'Reason': reason }
        if policyCombinedResults.has_key('EndDate'):
          decision['EndDate'] = policyCombinedResults['EndDate']
        policyCombinedResultsList.append(decision)

      else: # Policies does not satisfy
        reason = policyCombinedResults['Reason']
        decision = { 'PolicyType': policyType, 'Action': False, 'Reason': reason }
        if policyCombinedResults.has_key('EndDate'):
          decision['EndDate'] = policyCombinedResults['EndDate']
        policyCombinedResultsList.append(decision)

    res = { 'SinglePolicyResults' : singlePolicyResults,
           'PolicyCombinedResult' : policyCombinedResultsList }

    return res

#############################################################################

  def _invocation(self, VOExtension, granularity, name, status, policy, args, policies):
    """ One by one, use the PolicyCaller to invoke the policies, and putting
        their results in `policyResults`. When the status is `Unknown`, invokes
        `self.__useOldPolicyRes`.
    """

    policyResults = []

    for p in policies:
      pName = p['Name']
      pModule = p['Module']
      extraArgs = p['args']
      commandIn = p['commandIn']
      res = self.pc.policyInvocation(VOExtension, granularity = granularity, name = name,
                                     status = status, policy = policy, args = args, pName = pName,
                                     pModule = pModule, extraArgs = extraArgs, commandIn = commandIn)

      # If res is empty, return immediately
      if not res: return policyResults

      if not res.has_key('Status'):
        print("\n\n Policy result " + str(res) + " does not return 'Status'\n\n")
        raise TypeError

      # Else
      if res['Status'] == 'Unknown':
        res = self.__useOldPolicyRes(name = name, policyName = pName)

      if res['Status'] == 'NeedConfirmation':
        pName = p['ConfirmationPolicy']
        triggeredPolicy = self.ig.C_Policies[pName]
        pModule = triggeredPolicy['module']
        extraArgs = triggeredPolicy['args']
        commandIn = triggeredPolicy['commandIn']
        res = self.pc.policyInvocation(VOExtension, granularity = granularity, name = name,
                                       status = status, policy = policy, args = args, pName = pName,
                                       pModule = pModule, extraArgs = extraArgs, commandIn = commandIn)

      if res['Status'] not in ('Error', 'Unknown', 'NeedConfirmation'):
        policyResults.append(res)

    return policyResults

#############################################################################

  def _policyCombination(self, policies):
    """
    * Compute a new status, and store it in variable newStatus, of type integer.
    * Make a list of policies that have the worst result.
    * Concatenate the Reason fields
    * Take the first EndDate field that exists (FIXME: Do something more clever)
    * Finally, return the result
    """
    if policies == []: return {}

    policies.sort(key=value_of_policy)
    newStatus = -1 # First, set an always invalid status

    try:
      # We are in a special status, maybe forbidden transitions
      prio, access_list, gofun = statesInfo[self.__status]
      if access_list != set():
        # Restrictions on transitions, checking if one is suitable:
        for p in policies:
          if value_of_policy(p) in access_list:
            newStatus = value_of_policy(p)
            break

        # No status from policies suitable, applying stategy and
        # returning result.
        if newStatus == -1:
          newStatus = gofun(access_list)
          return { 'Status': status_of_value(newStatus), 'Reason': 'Status forced by PDP' }

      else:
        # Special Status, but no restriction on transitions
        newStatus = value_of_policy(policies[0])

    except KeyError:
      # We are in a "normal" status: All transitions are possible.
      newStatus = value_of_policy(policies[0])

    # At this point, a new status has been chosen. newStatus is an
    # integer.

    worstPolicies = [p for p in policies if value_of_policy(p) == newStatus]

    # Concatenate reasons
    def getReason(p):
      try:
        res = p['Reason']
      except KeyError:
        res = ''
      return res

    worstPoliciesReasons = [getReason(p) for p in worstPolicies]

    def catRes(x, y):
      if x and y : return x + ' |###| ' + y
      elif x or y:
        if x: return x
        else: return y
      else       : return ''

    concatenatedRes = reduce(catRes, worstPoliciesReasons, '')

    # Handle EndDate
    endDatePolicies = [p for p in worstPolicies if p.has_key('EndDate')]

    # Building and returning result
    res = {}
    res['Status'] = status_of_value(newStatus)
    if concatenatedRes != '': res['Reason']  = concatenatedRes
    if endDatePolicies != []: res['EndDate'] = endDatePolicies[0]['EndDate']
    return res

#############################################################################

  def __useOldPolicyRes(self, name, policyName):
    """ Use the RSS Service to get an old policy result.
        If such result is older than 2 hours, it returns {'Status':'Unknown'}
    """

    from DIRAC.Core.DISET.RPCClient import RPCClient
    rsS = RPCClient("ResourceStatus/ResourceManagement")

    res = rsS.getPolicyRes(name, policyName, True)
    if not res['OK']:
      raise RSSException, where(self, self.__useOldPolicyRes) + ' Could not get a policy result'

    res = res['Value']

    if res == []:
      return {'Status':'Unknown'}

    oldStatus = res[0]
    oldReason = res[1]
    lastCheckTime = res[2]

    if ( lastCheckTime + datetime.timedelta(hours = 2) ) < datetime.datetime.utcnow():
      return {'Status':'Unknown'}

    result = {}

    result['Status'] = oldStatus
    result['Reason'] = oldReason
    result['OLD'] = True
    result['PolicyName'] = policyName

    return result
示例#13
0
    def __init__(self,
                 VOExtension,
                 granularity=None,
                 name=None,
                 status=None,
                 formerStatus=None,
                 reason=None,
                 siteType=None,
                 serviceType=None,
                 resourceType=None,
                 useNewRes=False):
        """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`VOExtension`: string - VO extension (e.g. 'LHCb')

      :attr:`granularity`: string - a ValidRes

      :attr:`name`: string - name (e.g. of a site)

      :attr:`status`: string - status

      :attr:`formerStatus`: string - former status

      :attr:`reason`: string - optional reason for last status change

      :attr:`siteType`: string - optional site type

      :attr:`serviceType`: string - optional service type

      :attr:`resourceType`: string - optional resource type
    """

        self.VOExtension = VOExtension

        self.__granularity = assignOrRaise(granularity, ValidRes, InvalidRes,
                                           self, self.__init__)
        self.__name = name
        self.__status = assignOrRaise(status, ValidStatus, InvalidStatus, self,
                                      self.__init__)
        self.__formerStatus = assignOrRaise(formerStatus, ValidStatus,
                                            InvalidStatus, self, self.__init__)
        self.__reason = reason
        self.__siteType = assignOrRaise(siteType, ValidSiteType,
                                        InvalidSiteType, self, self.__init__)
        self.__serviceType = assignOrRaise(serviceType, ValidServiceType,
                                           InvalidServiceType, self,
                                           self.__init__)
        self.__resourceType = assignOrRaise(resourceType, ValidResourceType,
                                            InvalidResourceType, self,
                                            self.__init__)

        cc = CommandCaller()
        self.pc = PolicyCaller(cc)

        self.useNewRes = useNewRes

        self.args = None
        self.policy = None
        self.knownInfo = None
        self.ig = None
示例#14
0
class PDP:
    """
  PDP = Policy Decision Point.

  Used to invoke policies and to take decision based on the polict results combination.
  """

    #############################################################################

    def __init__(self,
                 VOExtension,
                 granularity=None,
                 name=None,
                 status=None,
                 formerStatus=None,
                 reason=None,
                 siteType=None,
                 serviceType=None,
                 resourceType=None,
                 useNewRes=False):
        """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`VOExtension`: string - VO extension (e.g. 'LHCb')

      :attr:`granularity`: string - a ValidRes

      :attr:`name`: string - name (e.g. of a site)

      :attr:`status`: string - status

      :attr:`formerStatus`: string - former status

      :attr:`reason`: string - optional reason for last status change

      :attr:`siteType`: string - optional site type

      :attr:`serviceType`: string - optional service type

      :attr:`resourceType`: string - optional resource type
    """

        self.VOExtension = VOExtension

        self.__granularity = assignOrRaise(granularity, ValidRes, InvalidRes,
                                           self, self.__init__)
        self.__name = name
        self.__status = assignOrRaise(status, ValidStatus, InvalidStatus, self,
                                      self.__init__)
        self.__formerStatus = assignOrRaise(formerStatus, ValidStatus,
                                            InvalidStatus, self, self.__init__)
        self.__reason = reason
        self.__siteType = assignOrRaise(siteType, ValidSiteType,
                                        InvalidSiteType, self, self.__init__)
        self.__serviceType = assignOrRaise(serviceType, ValidServiceType,
                                           InvalidServiceType, self,
                                           self.__init__)
        self.__resourceType = assignOrRaise(resourceType, ValidResourceType,
                                            InvalidResourceType, self,
                                            self.__init__)

        cc = CommandCaller()
        self.pc = PolicyCaller(cc)

        self.useNewRes = useNewRes

        self.args = None
        self.policy = None
        self.knownInfo = None
        self.ig = None

#############################################################################

    def takeDecision(self, policyIn=None, argsIn=None, knownInfo=None):
        """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            'EndDate: datetime.datetime (in a string)}
    """

        self.args = argsIn
        self.policy = policyIn
        self.knownInfo = knownInfo

        self.ig = InfoGetter(self.VOExtension)

        EVAL = self.ig.getInfoToApply(('policy', 'policyType'),
                                      granularity=self.__granularity,
                                      status=self.__status,
                                      formerStatus=self.__formerStatus,
                                      siteType=self.__siteType,
                                      serviceType=self.__serviceType,
                                      resourceType=self.__resourceType,
                                      useNewRes=self.useNewRes)

        for policyGroup in EVAL:

            policyType = policyGroup['PolicyType']

            if self.policy is not None:
                # Only the policy provided will be evaluated
                # FIXME: Check that the policies are valid.
                singlePolicyResults = self.policy.evaluate()
            else:
                if policyGroup['Policies'] is None:
                    return {
                        'SinglePolicyResults': [],
                        'PolicyCombinedResult': {
                            'PolicyType': policyType,
                            'Action': False,
                            'Reason': 'No policy results'
                        }
                    }
                else:
                    singlePolicyResults = self._invocation(
                        self.VOExtension, self.__granularity, self.__name,
                        self.__status, self.policy, self.args,
                        policyGroup['Policies'])

            policyCombinedResults = self._policyCombination(
                singlePolicyResults)
            assert (type(policyCombinedResults) == dict)

            if not policyCombinedResults:
                return {
                    'SinglePolicyResults': singlePolicyResults,
                    'PolicyCombinedResult': {}
                }

            #
            # policy results communication
            #

            newstatus = policyCombinedResults['Status']

            if newstatus != self.__status:  # Policies satisfy
                reason = policyCombinedResults['Reason']
                newPolicyType = self.ig.getNewPolicyType(
                    self.__granularity, newstatus)
                for npt in newPolicyType:
                    if npt not in policyType:
                        policyType.append(npt)
                decision = {
                    'PolicyType': policyType,
                    'Action': True,
                    'Status': newstatus,
                    'Reason': reason
                }
                if policyCombinedResults.has_key('EndDate'):
                    decision['EndDate'] = policyCombinedResults['EndDate']

            else:  # Policies does not satisfy
                reason = policyCombinedResults['Reason']
                decision = {
                    'PolicyType': policyType,
                    'Action': False,
                    'Reason': reason
                }
                if policyCombinedResults.has_key('EndDate'):
                    decision['EndDate'] = policyCombinedResults['EndDate']

        res = {
            'SinglePolicyResults': singlePolicyResults,
            'PolicyCombinedResult': decision
        }

        assert (type(res) == dict)
        return res

#############################################################################

    def _invocation(self, VOExtension, granularity, name, status, policy, args,
                    policies):
        """ One by one, use the PolicyCaller to invoke the policies, and putting
        their results in `policyResults`. When the status is `Unknown`, invokes
        `self.__useOldPolicyRes`.
    """

        policyResults = []

        for p in policies:
            pName = p['Name']
            pModule = p['Module']
            extraArgs = p['args']
            commandIn = p['commandIn']
            res = self.pc.policyInvocation(VOExtension,
                                           granularity=granularity,
                                           name=name,
                                           status=status,
                                           policy=policy,
                                           args=args,
                                           pName=pName,
                                           pModule=pModule,
                                           extraArgs=extraArgs,
                                           commandIn=commandIn)

            # If res is empty, return immediately
            if not res: return policyResults

            if not res.has_key('Status'):
                print("\n\n Policy result " + str(res) +
                      " does not return 'Status'\n\n")
                raise TypeError

            # Else
            if res['Status'] == 'Unknown':
                res = self.__useOldPolicyRes(name=name, policyName=pName)

            if res['Status'] == 'NeedConfirmation':
                pName = p['ConfirmationPolicy']
                triggeredPolicy = self.ig.C_Policies[pName]
                pModule = triggeredPolicy['module']
                extraArgs = triggeredPolicy['args']
                commandIn = triggeredPolicy['commandIn']
                res = self.pc.policyInvocation(VOExtension,
                                               granularity=granularity,
                                               name=name,
                                               status=status,
                                               policy=policy,
                                               args=args,
                                               pName=pName,
                                               pModule=pModule,
                                               extraArgs=extraArgs,
                                               commandIn=commandIn)

            if res['Status'] not in ('Error', 'Unknown', 'NeedConfirmation'):
                policyResults.append(res)

        return policyResults

#############################################################################

    def _policyCombination(self, pol_results):
        """
    INPUT: list type
    OUTPUT: dict type
    * Compute a new status, and store it in variable newStatus, of type integer.
    * Make a list of policies that have the worst result.
    * Concatenate the Reason fields
    * Take the first EndDate field that exists (FIXME: Do something more clever)
    * Finally, return the result
    """
        if pol_results == []: return {}

        pol_results.sort(key=Status.value_of_policy)
        newStatus = -1  # First, set an always invalid status

        try:
            # We are in a special status, maybe forbidden transitions
            _prio, access_list, gofun = Status.statesInfo[self.__status]
            if access_list != set():
                # Restrictions on transitions, checking if one is suitable:
                for p in pol_results:
                    if Status.value_of_policy(p) in access_list:
                        newStatus = Status.value_of_policy(p)
                        break

                # No status from policies suitable, applying stategy and
                # returning result.
                if newStatus == -1:
                    newStatus = gofun(access_list)
                    return {
                        'Status': Status.status_of_value(newStatus),
                        'Reason': 'Status forced by PDP'
                    }

            else:
                # Special Status, but no restriction on transitions
                newStatus = Status.value_of_policy(pol_results[0])

        except KeyError:
            # We are in a "normal" status: All transitions are possible.
            newStatus = Status.value_of_policy(pol_results[0])

        # At this point, a new status has been chosen. newStatus is an
        # integer.

        worstResults = [
            p for p in pol_results if Status.value_of_policy(p) == newStatus
        ]

        # Concatenate reasons
        def getReason(p):
            try:
                res = p['Reason']
            except KeyError:
                res = ''
            return res

        worstResultsReasons = [getReason(p) for p in worstResults]

        def catRes(x, y):
            if x and y: return x + ' |###| ' + y
            elif x or y:
                if x: return x
                else: return y
            else: return ''

        concatenatedRes = reduce(catRes, worstResultsReasons, '')

        # Handle EndDate
        endDatePolicies = [p for p in worstResults if p.has_key('EndDate')]

        # Building and returning result
        res = {}
        res['Status'] = Status.status_of_value(newStatus)
        if concatenatedRes != '': res['Reason'] = concatenatedRes
        if endDatePolicies != []:
            res['EndDate'] = endDatePolicies[0]['EndDate']
        return res

#############################################################################

    def __useOldPolicyRes(self, name, policyName):
        """ Use the RSS Service to get an old policy result.
        If such result is older than 2 hours, it returns {'Status':'Unknown'}
    """

        from DIRAC.Core.DISET.RPCClient import RPCClient
        rsS = RPCClient("ResourceStatus/ResourceManagement")

        res = rsS.getPolicyRes(name, policyName, True)
        if not res['OK']:
            raise RSSException, where(
                self,
                self.__useOldPolicyRes) + ' Could not get a policy result'

        res = res['Value']

        if res == []:
            return {'Status': 'Unknown'}

        oldStatus = res[0]
        oldReason = res[1]
        lastCheckTime = res[2]

        if (lastCheckTime +
                datetime.timedelta(hours=2)) < datetime.datetime.utcnow():
            return {'Status': 'Unknown'}

        result = {}

        result['Status'] = oldStatus
        result['Reason'] = oldReason
        result['OLD'] = True
        result['PolicyName'] = policyName

        return result
示例#15
0
文件: PDP.py 项目: DIRACGrid/DIRAC
class PDP( object ):
  """ PDP ( Policy Decision Point )
  """

  def __init__( self, clients = None ):
    """ Constructor.

    examples:
      >>> pdp  = PDP( None )
      >>> pdp1 = PDP( {} )
      >>> pdp2 = PDP( { 'Client1' : Client1Object } )

    :Parameters:
      **clients** - [ None, `dict` ]
        dictionary with Clients to be used in the Commands. If None, the Commands
        will create their own clients.

    """

    # decision parameters used to match policies and actions
    self.decisionParams = None

    # Helpers to discover policies and RSS metadata in CS
    self.pCaller = PolicyCaller( clients )

    # RSS State Machine, used to calculate most penalizing state while merging them
    self.rssMachine = RSSMachine( 'Unknown' )

    self.log = gLogger.getSubLogger( 'PDP' )


  def setup( self, decisionParams = None ):
    """ method that sanitizes the decisionParams and ensures that at least it has
    the keys in `standardParamsDict`. This will be relevant while doing the matching
    with the RSS Policies configuration in the CS.
    There is one key-value pair, `active` which is added on this method. This allows
    policies to be de-activated from the CS, changing their active matchParam to
    something else than `Active`.

    examples:
      >>> pdp.setup( None )
      >>> self.decisionParams
          { 'element' : None, 'name' : None, ... }
      >>> pdp.setup( { 'element' : 'AnElement' } )
      >>> self.decisionParams
          { 'element' : 'AnElement', 'name' : None, ... }
      >>> pdp.setup( { 'NonStandardKey' : 'Something' } )
      >>> self.decisionParams
          { 'NonStandardKey' : 'Something', 'element' : None,... }

    :Parameters:
      **decisionParams** - [ None, `dict` ]
        dictionary with the parameters to be matched with the RSS Policies configuration
        in the CS.

    """

    standardParamsDict = {'element'     : None,
                          'name'        : None,
                          'elementType' : None,
                          'statusType'  : None,
                          'status'      : None,
                          'reason'      : None,
                          'tokenOwner'  : None,
                          # Last parameter allows policies to be de-activated
                          'active'      : 'Active'}

    if decisionParams is not None:
      standardParamsDict.update( decisionParams )
      if standardParamsDict['element'] is not None:
        self.log = gLogger.getSubLogger( 'PDP/%s' % standardParamsDict['element'] )
        if standardParamsDict['name'] is not None:
          self.log = gLogger.getSubLogger( 'PDP/%s/%s' % ( standardParamsDict['element'], standardParamsDict['name'] ) )
          self.log.verbose( "Setup - statusType: %s, status: %s" % ( standardParamsDict['statusType'],
                                                                     standardParamsDict['status'] ) )
      self.decisionParams = standardParamsDict

  def takeDecision( self ):
    """ main PDP method which does all the work. If firstly finds all the policies
    defined in the CS that match <self.decisionParams> and runs them. Once it has
    all the singlePolicyResults, it combines them. Next step is action discovery:
    using a similar approach to the one used to discover the policies, but also
    taking into account the single policy results and their combined result, finds
    the actions to be triggered and returns.

    examples:
      >>> pdp.takeDecision()['Value'].keys()
          ['singlePolicyResults', 'policyCombinedResult', 'decisionParams']
      >>> pdp.takeDecision()['Value']['singlePolicyResults']
          [ { 'Status' : 'Active',
              'Reason' : 'blah',
              'Policy' : { 'name'        : 'AlwaysActiveForResource',
                           'type'        : 'AlwaysActive',
                           'module'      : 'AlwaysActivePolicy',
                           'description' : 'This is the AlwaysActive policy'
                           'command'     : None,
                           'args'        : {}
                         }
            }, ... ]
      >>> pdp.takeDecision()['Value']['policyCombinedResult']
          { 'Status'       : 'Active',
            'Reason'       : 'blah ###',
            'PolicyAction' : [ ( 'policyActionName1', 'policyActionType1' ), ... ]
          }

    :return: S_OK( { 'singlePolicyResults'  : `list`,
                     'policyCombinedResult' : `dict`,
                     'decisionParams'      : `dict` } ) / S_ERROR

    """
    if self.decisionParams is None:
      return S_OK( {'singlePolicyResults'  : [],
                    'policyCombinedResult' : {},
                    'decisionParams'      : self.decisionParams} )

    self.log.verbose( "Taking decision" )

    # Policies..................................................................

    # Get policies that match self.decisionParams
    policiesThatApply = getPoliciesThatApply( self.decisionParams )
    if not policiesThatApply['OK']:
      return policiesThatApply
    policiesThatApply = policiesThatApply['Value']
    self.log.verbose( "Policies that apply: %s" % ', '.join( [po['name'] for po in policiesThatApply] ) )

    # Evaluate policies
    singlePolicyResults = self._runPolicies( policiesThatApply )
    if not singlePolicyResults['OK']:
      return singlePolicyResults
    singlePolicyResults = singlePolicyResults['Value']
    self.log.verbose( "Single policy results: %s" % singlePolicyResults )

    # Combine policies and get most penalizing status ( see RSSMachine )
    policyCombinedResults = self._combineSinglePolicyResults( singlePolicyResults )
    if not policyCombinedResults['OK']:
      return policyCombinedResults
    policyCombinedResults = policyCombinedResults['Value']
    self.log.verbose( "Combined policy result: %s" % policyCombinedResults )


    # Actions...................................................................

    policyActionsThatApply = getPolicyActionsThatApply( self.decisionParams,
                                                        singlePolicyResults,
                                                        policyCombinedResults )
    if not policyActionsThatApply['OK']:
      return policyActionsThatApply
    policyActionsThatApply = policyActionsThatApply['Value']
    self.log.verbose( "Policy actions that apply: %s" % ','.join( pata[0] for pata in policyActionsThatApply ) )

    policyCombinedResults['PolicyAction'] = policyActionsThatApply

    return S_OK( {'singlePolicyResults'  : singlePolicyResults,
                  'policyCombinedResult' : policyCombinedResults,
                  'decisionParams'       : self.decisionParams} )


  def _runPolicies( self, policies ):
    """ Given a list of policy dictionaries, loads them making use of the PolicyCaller
    and evaluates them. This method requires to have run setup previously.

    examples:
      >>> pdp._runPolicies([])['Value']
          []
      >>> policyDict = { 'name'        : 'AlwaysActiveResource',
                         'type'        : 'AlwaysActive',
                         'args'        : None,
                         'description' : 'This is the AlwaysActive policy',
                         'module'      : 'AlwaysActivePolicy',
                         'command'     : None }
      >>> pdp._runPolicies([ policyDict, ... ] )['Value']
          [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict }, ... ]

    :Parameters:
      **policies** - `list( dict )`
        list of dictionaries containing the policies selected to be run. Check the
        examples to get an idea of how the policy dictionaries look like.

    :return: S_OK() / S_ERROR

    """

    policyInvocationResults = []

    # Gets all valid status for RSS to avoid misconfigured policies returning statuses
    # that RSS does not understand.
    validStatus = self.rssMachine.getStates()

    for policyDict in policies:

      # Load and evaluate policy described in <policyDict> for element described
      # in <self.decisionParams>
      policyInvocationResult = self.pCaller.policyInvocation( self.decisionParams,
                                                              policyDict )
      if not policyInvocationResult['OK']:
        # We should never enter this line ! Just in case there are policies
        # missconfigured !
        _msg = 'runPolicies no OK: %s' % policyInvocationResult
        self.log.error( _msg )
        return S_ERROR( _msg )

      policyInvocationResult = policyInvocationResult['Value']

      # Sanity Checks ( they should never happen ! )
      if not 'Status' in policyInvocationResult:
        _msg = 'runPolicies (no Status): %s' % policyInvocationResult
        self.log.error( _msg )
        return S_ERROR( _msg )

      if not policyInvocationResult['Status'] in validStatus:
        _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult['Status']
        self.log.error( _msg )
        return S_ERROR( _msg )

      if not 'Reason' in policyInvocationResult:
        _msg = 'runPolicies (no Reason): %s' % policyInvocationResult
        self.log.error( _msg )
        return S_ERROR( _msg )

      policyInvocationResults.append( policyInvocationResult )

    return S_OK( policyInvocationResults )


  def _combineSinglePolicyResults( self, singlePolicyRes ):
    """ method that merges all the policies results into a combined one, which
    will be the most penalizing status and the reasons of the single policy
    results that returned the same penalizing status. All the rest, are ignored.
    If there are no single policy results, it is returned `Unknown` state. While
    combining policies, the ones containing the option `doNotCombine` are ignored.

    examples:
      >>> pdp._combineSingePolicyResults( [] )['Value']
          { 'Status' : 'Unknown', 'Reason' : 'No policy ..' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict } ] )
          { 'Status' : 'Active', 'Reason' : 'blah' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict },
                                            { 'Status' : 'Banned', 'Reason' : 'blah 2', 'Policy' : policyDict2 } ] )
          { 'Status' : 'Banned', 'Reason' : 'blah 2' }
      >>> pdp._combineSingePolicyResults( [ { 'Status' : 'Active', 'Reason' : 'blah', 'Policy' : policyDict },
                                            { 'Status' : 'Active', 'Reason' : 'blah 2', 'Policy' : policyDict2 } ] )
          { 'Status' : 'Banned', 'Reason' : 'blah ### blah 2' }

    :Parameters:
      **singlePolicyRes** - `list( dict )`
        list with every single policy result to be combined ( see _runPolicy for more details )

    :return: S_OK( dict( Status, Reason ) | S_ERROR

    """

    # Dictionary to be returned
    policyCombined = { 'Status' : 'Unknown', # default, it should be overridden by the policies, if they exist
                       'Reason' : '' }

    # If there are no policyResults, we return Unknown
    if not singlePolicyRes:
      policyCombined['Reason'] = 'No policy applies to %(element)s, %(name)s, %(elementType)s' % self.decisionParams
      self.log.warn(policyCombined['Reason'])
      return S_OK( policyCombined )

    # We set the rssMachine on the current state ( ensures it is a valid one )
    # FIXME: probably this check can be done at takeDecision
    machineStatus = self.rssMachine.setState( self.decisionParams['status'] )
    if not machineStatus['OK']:
      return machineStatus

    # Discard all single policy results which belongs to policies that have set
    # the option `doNotCombine` in the CS
    policiesToCombine = self._findPoliciesToCombine( singlePolicyRes )

    # Sort policy results using ther statuses by most restrictive ( lower level first )
    self.rssMachine.orderPolicyResults( policiesToCombine )

    # As they have been sorted by most restrictive status, the first one is going
    # to be our candidate new state. Let's ask the RSSMachine if it allows us to
    # make such transition.
    candidateState = policiesToCombine[ 0 ]['Status']
    nextState = self.rssMachine.getNextState( candidateState )

    if not nextState['OK']:
      return nextState
    nextState = nextState['Value']

    # If the RssMachine does not accept the candidate, return forcing message
    if candidateState != nextState:

      policyCombined['Status'] = nextState
      policyCombined['Reason'] = 'RssMachine forced status %s to %s' % ( candidateState, nextState )
      return S_OK( policyCombined )

    # If the RssMachine accepts the candidate, just concatenate the reasons
    for policyRes in policiesToCombine:

      if policyRes['Status'] == nextState:
        policyCombined['Reason'] += '%s ###' % policyRes['Reason']

    policyCombined['Status'] = nextState

    return S_OK( policyCombined )


  def _findPoliciesToCombine( self, singlePolicyRes ):
    """ method that iterates over the single policy results and checks the CS
    configuration of the policies looking for the option 'doNotCombine'. If it is
    present, that single policy result is discarded.

    :Parameters:
      **singlePolicyRes** - `list( dict )`
        list with every single policy result to be combined ( see _runPolicy for more details )

    :return: `list( dict )`

    """

    # Get policies configuration from the CS. We want to exclude the policies that
    # have set the option `doNotCombine` from this process.
    policiesConfiguration = RssConfiguration.getPolicies()
    if not policiesConfiguration['OK']:
      return policiesConfiguration
    policiesConfiguration = policiesConfiguration['Value']

    # Function that let's us know if we should combine the result of a single policy
    # or not.
    def combinePolicy( policyResult ):
      # Extract policy name from the dictionary returned by PolicyCaller
      policyName = policyResult['Policy']['name']
      try:
        # If doNotCombineResult is defined, the policy is not taken into account
        # to create the combined result. However, the single policy result remains
        _ = policiesConfiguration[ policyName ]['doNotCombineResult']
        return False
      except KeyError:
        return True

    # Make a list of policies of which we want to merge their results
    return [ policyResult for policyResult in singlePolicyRes if combinePolicy( policyResult ) ]
示例#16
0
文件: PDP.py 项目: bmb/DIRAC
class PDP:
  """
    The PDP (Policy Decision Point) module is used to:
    1. Decides which policies have to be applied.
    2. Invokes an evaluation of the policies, and returns the result (to a PEP)
  """

  def __init__( self, **clients ):
    '''
      Constructor. Defines members that will be used later on.
    '''
    
    cc                  = CommandCaller()
    self.clients        = clients
    self.pCaller        = PolicyCaller( cc, **clients )
    self.iGetter        = InfoGetter()

    self.__granularity  = None
    self.__name         = None
    self.__statusType   = None
    self.__status       = None
    self.__formerStatus = None
    self.__reason       = None
    self.__siteType     = None
    self.__serviceType  = None
    self.__resourceType = None
    self.__useNewRes    = None
        

  def setup( self, granularity = None, name = None, statusType = None,
             status = None, formerStatus = None, reason = None, siteType = None,
             serviceType = None, resourceType = None, useNewRes = False ):
    """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`granularity`: string - a ValidElement
      :attr:`name`: string - name (e.g. of a site)
      :attr:`status`: string - status
      :attr:`formerStatus`: string - former status
      :attr:`reason`: string - optional reason for last status change
      :attr:`siteType`: string - optional site type
      :attr:`serviceType`: string - optional service type
      :attr:`resourceType`: string - optional resource type
    """

    self.__granularity  = granularity
    self.__name         = name
    self.__statusType   = statusType
    self.__status       = status
    self.__formerStatus = formerStatus
    self.__reason       = reason
    self.__siteType     = siteType
    self.__serviceType  = serviceType
    self.__resourceType = resourceType
    self.__useNewRes    = useNewRes



################################################################################

  def takeDecision( self, policyIn = None, argsIn = None, knownInfo = None ):
    """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            'EndDate: datetime.datetime (in a string)}
    """

    polToEval = self.iGetter.getInfoToApply( ( 'policy', 'policyType' ),
                                        granularity  = self.__granularity,
                                        statusType   = self.__statusType,
                                        status       = self.__status,
                                        formerStatus = self.__formerStatus,
                                        siteType     = self.__siteType,
                                        serviceType  = self.__serviceType,
                                        resourceType = self.__resourceType,
                                        useNewRes    = self.__useNewRes )

    policyType = polToEval[ 'PolicyType' ] # type: generator

    if policyIn:
      # Only the policy provided will be evaluated
      # FIXME: Check that the policies are valid.
      singlePolicyResults = policyIn.evaluate()

    else:
      singlePolicyResults = self._invocation( self.__granularity,
                                              self.__name, self.__status, policyIn,
                                              argsIn, polToEval['Policies'] )

    policyCombinedResults = self._policyCombination( singlePolicyResults )

    if policyCombinedResults == {}:
      policyCombinedResults[ 'Action' ]     = False
      policyCombinedResults[ 'Reason' ]     = 'No policy results'
      policyCombinedResults[ 'PolicyType' ] = policyType

    if policyCombinedResults.has_key( 'Status' ):
      newstatus = policyCombinedResults[ 'Status' ]

      if newstatus != self.__status: # Policies satisfy
        newPolicyType = self.iGetter.getNewPolicyType( self.__granularity, newstatus )
        policyType    = set( policyType ) & set( newPolicyType )
        
        policyCombinedResults[ 'Action' ] = True

      else:                          # Policies does not satisfy
        policyCombinedResults[ 'Action' ] = False

      policyCombinedResults[ 'PolicyType' ] = policyType

    return { 'SinglePolicyResults'  : singlePolicyResults,
             'PolicyCombinedResult' : policyCombinedResults }

################################################################################

  def _invocation( self, granularity, name, status, policy, args, policies ):
    '''
      One by one, use the PolicyCaller to invoke the policies, and putting
      their results in `policyResults`. When the status is `Unknown`, invokes
      `self.__useOldPolicyRes`. Always returns a list, possibly empty.
    '''

    policyResults = []

    for pol in policies:
      
      pName     = pol[ 'Name' ]
      pModule   = pol[ 'Module' ]
      extraArgs = pol[ 'args' ]
      commandIn = pol[ 'commandIn' ]
      
      res = self.pCaller.policyInvocation( granularity = granularity, name = name,
                                           status = status, policy = policy, 
                                           args = args, pName = pName,
                                           pModule = pModule, extraArgs = extraArgs, 
                                           commandIn = commandIn )

      # If res is empty, return immediately
      if not res: 
        return policyResults

      if not res.has_key( 'Status' ):
        print('\n\n Policy result ' + str(res) + ' does not return "Status"\n\n')
        raise TypeError

      # Else
      if res[ 'Status' ] == 'Unknown':
        res = self.__useOldPolicyRes( name = name, policyName = pName )

      if res[ 'Status' ] not in ( 'Error', 'Unknown' ):
        policyResults.append( res )
      else:
        gLogger.warn( res )      
      
    return policyResults

################################################################################

  def _policyCombination( self, pol_results ):
    '''
    INPUT: list type
    OUTPUT: dict type
    * Compute a new status, and store it in variable newStatus, of type integer.
    * Make a list of policies that have the worst result.
    * Concatenate the Reason fields
    * Take the first EndDate field that exists (FIXME: Do something more clever)
    * Finally, return the result
    '''
    if pol_results == []: 
      return {}

    pol_results.sort( key=Status.value_of_policy )
    newStatus = -1 # First, set an always invalid status

    try:
      # We are in a special status, maybe forbidden transitions
      _prio, access_list, gofun = Status.statesInfo[ self.__status ]
      if access_list != set():
        # Restrictions on transitions, checking if one is suitable:
        for polRes in pol_results:
          if Status.value_of_policy( polRes ) in access_list:
            newStatus = Status.value_of_policy( polRes )
            break

        # No status from policies suitable, applying stategy and
        # returning result.
        if newStatus == -1:
          newStatus = gofun( access_list )
          return { 'Status': Status.status_of_value( newStatus ),
                   'Reason': 'Status forced by PDP' }

      else:
        # Special Status, but no restriction on transitions
        newStatus = Status.value_of_policy( pol_results[ 0 ] )

    except KeyError:
      # We are in a "normal" status: All transitions are possible.
      newStatus = Status.value_of_policy( pol_results[ 0 ] )

    # At this point, a new status has been chosen. newStatus is an
    # integer.

    worstResults = [ p for p in pol_results
                     if Status.value_of_policy( p ) == newStatus ]

    # Concatenate reasons
    def getReason( pol ):
      try:
        res = pol[ 'Reason' ]
      except KeyError:
        res = ''
      return res

    worstResultsReasons = [ getReason( p ) for p in worstResults ]

    def catRes( xVal, yVal ):
      '''
        Concatenate xVal and yVal.
      '''
      if xVal and yVal : 
        return xVal + ' |###| ' + yVal
      elif xVal or yVal:
        if xVal: 
          return xVal
        else: 
          return yVal
      else: 
        return ''

    concatenatedRes = reduce( catRes, worstResultsReasons, '' )

    # Handle EndDate
    endDatePolicies = [ p for p in worstResults if p.has_key( 'EndDate' ) ]

    # Building and returning result
    res = {}
    res[ 'Status' ] = Status.status_of_value( newStatus )
    if concatenatedRes != '': 
      res[ 'Reason' ]  = concatenatedRes
    if endDatePolicies != []: 
      res[ 'EndDate' ] = endDatePolicies[ 0 ][ 'EndDate' ]
    return res

################################################################################

  def __useOldPolicyRes( self, name, policyName ):
    '''
     Use the RSS Service to get an old policy result.
     If such result is older than 2 hours, it returns {'Status':'Unknown'}
    '''
    res = self.clients[ 'ResourceManagementClient' ].getPolicyResult( name = name, policyName = policyName )
    
    if not res[ 'OK' ]:
      return { 'Status' : 'Unknown' }
    
    res = res[ 'Value' ]

    if res == []:
      return { 'Status' : 'Unknown' }

    res = res[ 0 ]

    oldStatus     = res[ 5 ]
    oldReason     = res[ 6 ]
    lastCheckTime = res[ 8 ]

    if ( lastCheckTime + datetime.timedelta(hours = 2) ) < datetime.datetime.utcnow():
      return { 'Status' : 'Unknown' }

    result = {}

    result[ 'Status' ]     = oldStatus
    result[ 'Reason' ]     = oldReason
    result[ 'OLD' ]        = True
    result[ 'PolicyName' ] = policyName

    return result

################################################################################
#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF
示例#17
0
文件: PDP.py 项目: quang-ifi/DIRAC
class PDP:
    """
    The PDP (Policy Decision Point) module is used to:
    1. Decides which policies have to be applied.
    2. Invokes an evaluation of the policies, and returns the result (to a PEP)
  """

    def __init__(self, clients):
        """
      Constructor. Defines members that will be used later on.
    """

        self.pCaller = PolicyCaller(clients=clients)
        self.iGetter = InfoGetter()

        self.decissionParams = {}
        self.rssMachine = RSSMachine("Unknown")

    def setup(self, decissionParams=None):

        standardParamsDict = {
            "element": None,
            "name": None,
            "elementType": None,
            "statusType": None,
            "status": None,
            "reason": None,
            "tokenOwner": None,
            # Last parameter allows policies to be deactivated
            "active": "Active",
        }

        if decissionParams is not None:
            standardParamsDict.update(decissionParams)

        self.decissionParams = standardParamsDict

    ################################################################################

    def takeDecision(self):  # , policyIn = None, argsIn = None, knownInfo = None ):
        """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            #'EndDate: datetime.datetime (in a string)}
    """

        policiesThatApply = self.iGetter.getPoliciesThatApply(self.decissionParams)
        if not policiesThatApply["OK"]:
            return policiesThatApply
        policiesThatApply = policiesThatApply["Value"]

        singlePolicyResults = self._runPolicies(policiesThatApply)
        if not singlePolicyResults["OK"]:
            return singlePolicyResults
        singlePolicyResults = singlePolicyResults["Value"]

        policyCombinedResults = self._combineSinglePolicyResults(singlePolicyResults)
        if not policyCombinedResults["OK"]:
            return policyCombinedResults
        policyCombinedResults = policyCombinedResults["Value"]

        policyActionsThatApply = self.iGetter.getPolicyActionsThatApply(
            self.decissionParams, singlePolicyResults, policyCombinedResults
        )
        if not policyActionsThatApply["OK"]:
            return policyActionsThatApply
        policyActionsThatApply = policyActionsThatApply["Value"]

        policyCombinedResults["PolicyAction"] = policyActionsThatApply

        return S_OK(
            {
                "singlePolicyResults": singlePolicyResults,
                "policyCombinedResult": policyCombinedResults,
                "decissionParams": self.decissionParams,
            }
        )

    ################################################################################

    def _runPolicies(self, policies, decissionParams=None):

        if decissionParams is None:
            decissionParams = self.decissionParams

        validStatus = RssConfiguration.getValidStatus()
        if not validStatus["OK"]:
            return validStatus
        validStatus = validStatus["Value"]

        policyInvocationResults = []

        for policyDict in policies:

            policyInvocationResult = self.pCaller.policyInvocation(decissionParams, policyDict)
            if not policyInvocationResult["OK"]:
                # We should never enter this line ! Just in case there are policies
                # missconfigured !
                _msg = "runPolicies no OK: %s" % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResult = policyInvocationResult["Value"]

            if not "Status" in policyInvocationResult:
                _msg = "runPolicies (no Status): %s" % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            if not policyInvocationResult["Status"] in validStatus:
                _msg = "runPolicies ( not valid status ) %s" % policyInvocationResult["Status"]
                gLogger.error(_msg)
                return S_ERROR(_msg)

            if not "Reason" in policyInvocationResult:
                _msg = "runPolicies (no Reason): %s" % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResults.append(policyInvocationResult)

        return S_OK(policyInvocationResults)

    ################################################################################

    def _combineSinglePolicyResults(self, singlePolicyRes):
        """
      singlePolicyRes = [ { 'State' : X, 'Reason' : Y, ... }, ... ]
      
      If there are no policyResults, returns Unknown as there are no policies to
      apply.
      
      Order elements in list by state, being the lowest the most restrictive
      one in the hierarchy.
   
    """

        # Dictionary to be returned
        policyCombined = {"Status": None, "Reason": ""}

        # If there are no policyResults, we return Unknown
        if not singlePolicyRes:

            _msgTuple = (
                self.decissionParams["element"],
                self.decissionParams["name"],
                self.decissionParams["elementType"],
            )

            policyCombined["Status"] = "Unknown"
            policyCombined["Reason"] = "No policy applies to %s, %s, %s" % _msgTuple

            return S_OK(policyCombined)

        # We set the rssMachine on the current state
        machineStatus = self.rssMachine.setState(self.decissionParams["status"])
        if not machineStatus["OK"]:
            return machineStatus

        # Order statuses by most restrictive ( lower level first )
        self.rssMachine.orderPolicyResults(singlePolicyRes)
        # policyResults = self.rssMachine.orderPolicyResults( singlePolicyRes )

        # Get according to the RssMachine the next state, given a candidate
        candidateState = singlePolicyRes[0]["Status"]
        nextState = self.rssMachine.getNextState(candidateState)

        if not nextState["OK"]:
            return nextState
        nextState = nextState["Value"]

        # If the RssMachine does not accept the candidate, return forcing message
        if candidateState != nextState:

            policyCombined["Status"] = nextState
            policyCombined["Reason"] = "RssMachine forced status %s to %s" % (candidateState, nextState)
            return S_OK(policyCombined)

        # If the RssMachine accepts the candidate, just concatenate the reasons
        for policyRes in singlePolicyRes:

            if policyRes["Status"] == nextState:
                policyCombined["Reason"] += "%s ###" % policyRes["Reason"]

        policyCombined["Status"] = nextState

        return S_OK(policyCombined)
示例#18
0
class PDP:
    """
    The PDP (Policy Decision Point) module is used to:
    1. Decides which policies have to be applied.
    2. Invokes an evaluation of the policies, and returns the result (to a PEP)
  """
    def __init__(self, **clients):
        '''
      Constructor. Defines members that will be used later on.
    '''

        cc = CommandCaller()
        self.clients = clients
        self.pCaller = PolicyCaller(cc, **clients)
        self.iGetter = InfoGetter()

        self.__granularity = None
        self.__name = None
        self.__statusType = None
        self.__status = None
        self.__formerStatus = None
        self.__reason = None
        self.__siteType = None
        self.__serviceType = None
        self.__resourceType = None
        self.__useNewRes = None

    def setup(self,
              granularity=None,
              name=None,
              statusType=None,
              status=None,
              formerStatus=None,
              reason=None,
              siteType=None,
              serviceType=None,
              resourceType=None,
              useNewRes=False):
        """
    PDP (Policy Decision Point) initialization

    :params:
      :attr:`granularity`: string - a ValidElement
      :attr:`name`: string - name (e.g. of a site)
      :attr:`status`: string - status
      :attr:`formerStatus`: string - former status
      :attr:`reason`: string - optional reason for last status change
      :attr:`siteType`: string - optional site type
      :attr:`serviceType`: string - optional service type
      :attr:`resourceType`: string - optional resource type
    """

        self.__granularity = granularity
        self.__name = name
        self.__statusType = statusType
        self.__status = status
        self.__formerStatus = formerStatus
        self.__reason = reason
        self.__siteType = siteType
        self.__serviceType = serviceType
        self.__resourceType = resourceType
        self.__useNewRes = useNewRes

################################################################################

    def takeDecision(self, policyIn=None, argsIn=None, knownInfo=None):
        """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            'EndDate: datetime.datetime (in a string)}
    """

        polToEval = self.iGetter.getInfoToApply(
            ('policy', 'policyType'),
            granularity=self.__granularity,
            statusType=self.__statusType,
            status=self.__status,
            formerStatus=self.__formerStatus,
            siteType=self.__siteType,
            serviceType=self.__serviceType,
            resourceType=self.__resourceType,
            useNewRes=self.__useNewRes)

        policyType = polToEval['PolicyType']  # type: generator

        if policyIn:
            # Only the policy provided will be evaluated
            # FIXME: Check that the policies are valid.
            singlePolicyResults = policyIn.evaluate()

        else:
            singlePolicyResults = self._invocation(self.__granularity,
                                                   self.__name, self.__status,
                                                   policyIn, argsIn,
                                                   polToEval['Policies'])

        policyCombinedResults = self._policyCombination(singlePolicyResults)

        if policyCombinedResults == {}:
            policyCombinedResults['Action'] = False
            policyCombinedResults['Reason'] = 'No policy results'
            policyCombinedResults['PolicyType'] = policyType

        if policyCombinedResults.has_key('Status'):
            newstatus = policyCombinedResults['Status']

            if newstatus != self.__status:  # Policies satisfy
                newPolicyType = self.iGetter.getNewPolicyType(
                    self.__granularity, newstatus)
                policyType = set(policyType) & set(newPolicyType)

                policyCombinedResults['Action'] = True

            else:  # Policies does not satisfy
                policyCombinedResults['Action'] = False

            policyCombinedResults['PolicyType'] = policyType

        return {
            'SinglePolicyResults': singlePolicyResults,
            'PolicyCombinedResult': policyCombinedResults
        }

################################################################################

    def _invocation(self, granularity, name, status, policy, args, policies):
        '''
      One by one, use the PolicyCaller to invoke the policies, and putting
      their results in `policyResults`. When the status is `Unknown`, invokes
      `self.__useOldPolicyRes`. Always returns a list, possibly empty.
    '''

        policyResults = []

        for pol in policies:

            pName = pol['Name']
            pModule = pol['Module']
            extraArgs = pol['args']
            commandIn = pol['commandIn']

            res = self.pCaller.policyInvocation(granularity=granularity,
                                                name=name,
                                                status=status,
                                                policy=policy,
                                                args=args,
                                                pName=pName,
                                                pModule=pModule,
                                                extraArgs=extraArgs,
                                                commandIn=commandIn)

            # If res is empty, return immediately
            if not res:
                return policyResults

            if not res.has_key('Status'):
                print('\n\n Policy result ' + str(res) +
                      ' does not return "Status"\n\n')
                raise TypeError

            # Else
            if res['Status'] == 'Unknown':
                res = self.__useOldPolicyRes(name=name, policyName=pName)

            if res['Status'] not in ('Error', 'Unknown'):
                policyResults.append(res)
            else:
                gLogger.warn(res)

        return policyResults

################################################################################

    def _policyCombination(self, pol_results):
        '''
    INPUT: list type
    OUTPUT: dict type
    * Compute a new status, and store it in variable newStatus, of type integer.
    * Make a list of policies that have the worst result.
    * Concatenate the Reason fields
    * Take the first EndDate field that exists (FIXME: Do something more clever)
    * Finally, return the result
    '''
        if pol_results == []:
            return {}

        pol_results.sort(key=Status.value_of_policy)
        newStatus = -1  # First, set an always invalid status

        try:
            # We are in a special status, maybe forbidden transitions
            _prio, access_list, gofun = Status.statesInfo[self.__status]
            if access_list != set():
                # Restrictions on transitions, checking if one is suitable:
                for polRes in pol_results:
                    if Status.value_of_policy(polRes) in access_list:
                        newStatus = Status.value_of_policy(polRes)
                        break

                # No status from policies suitable, applying stategy and
                # returning result.
                if newStatus == -1:
                    newStatus = gofun(access_list)
                    return {
                        'Status': Status.status_of_value(newStatus),
                        'Reason': 'Status forced by PDP'
                    }

            else:
                # Special Status, but no restriction on transitions
                newStatus = Status.value_of_policy(pol_results[0])

        except KeyError:
            # We are in a "normal" status: All transitions are possible.
            newStatus = Status.value_of_policy(pol_results[0])

        # At this point, a new status has been chosen. newStatus is an
        # integer.

        worstResults = [
            p for p in pol_results if Status.value_of_policy(p) == newStatus
        ]

        # Concatenate reasons
        def getReason(pol):
            try:
                res = pol['Reason']
            except KeyError:
                res = ''
            return res

        worstResultsReasons = [getReason(p) for p in worstResults]

        def catRes(xVal, yVal):
            '''
        Concatenate xVal and yVal.
      '''
            if xVal and yVal:
                return xVal + ' |###| ' + yVal
            elif xVal or yVal:
                if xVal:
                    return xVal
                else:
                    return yVal
            else:
                return ''

        concatenatedRes = reduce(catRes, worstResultsReasons, '')

        # Handle EndDate
        endDatePolicies = [p for p in worstResults if p.has_key('EndDate')]

        # Building and returning result
        res = {}
        res['Status'] = Status.status_of_value(newStatus)
        if concatenatedRes != '':
            res['Reason'] = concatenatedRes
        if endDatePolicies != []:
            res['EndDate'] = endDatePolicies[0]['EndDate']
        return res

################################################################################

    def __useOldPolicyRes(self, name, policyName):
        '''
     Use the RSS Service to get an old policy result.
     If such result is older than 2 hours, it returns {'Status':'Unknown'}
    '''
        res = self.clients['ResourceManagementClient'].getPolicyResult(
            name=name, policyName=policyName)

        if not res['OK']:
            return {'Status': 'Unknown'}

        res = res['Value']

        if res == []:
            return {'Status': 'Unknown'}

        res = res[0]

        oldStatus = res[5]
        oldReason = res[6]
        lastCheckTime = res[8]

        if (lastCheckTime +
                datetime.timedelta(hours=2)) < datetime.datetime.utcnow():
            return {'Status': 'Unknown'}

        result = {}

        result['Status'] = oldStatus
        result['Reason'] = oldReason
        result['OLD'] = True
        result['PolicyName'] = policyName

        return result


################################################################################
#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF
示例#19
0
文件: PDP.py 项目: acasajus/DIRAC
class PDP:
    """
    The PDP (Policy Decision Point) module is used to:
    1. Decides which policies have to be applied.
    2. Invokes an evaluation of the policies, and returns the result (to a PEP)
  """
    def __init__(self, clients):
        '''
      Constructor. Defines members that will be used later on.
    '''

        self.pCaller = PolicyCaller(clients=clients)
        self.iGetter = InfoGetter()

        self.decissionParams = {}
        self.rssMachine = RSSMachine('Unknown')

    def setup(self, decissionParams=None):

        standardParamsDict = {
            'element': None,
            'name': None,
            'elementType': None,
            'statusType': None,
            'status': None,
            'reason': None,
            'tokenOwner': None,
            # Last parameter allows policies to be deactivated
            'active': 'Active'
        }

        if decissionParams is not None:
            standardParamsDict.update(decissionParams)

        self.decissionParams = standardParamsDict

################################################################################

    def takeDecision(
            self):  #, policyIn = None, argsIn = None, knownInfo = None ):
        """ PDP MAIN FUNCTION

        decides policies that have to be applied, based on

        __granularity,

        __name,

        __status,

        __formerStatus

        __reason

        If more than one policy is evaluated, results are combined.

        Logic for combination: a conservative approach is followed
        (i.e. if a site should be banned for at least one policy, that's what is returned)

        returns:

          { 'PolicyType': a policyType (in a string),
            'Action': True|False,
            'Status': 'Active'|'Probing'|'Banned',
            'Reason': a reason
            #'EndDate: datetime.datetime (in a string)}
    """

        policiesThatApply = self.iGetter.getPoliciesThatApply(
            self.decissionParams)
        if not policiesThatApply['OK']:
            return policiesThatApply
        policiesThatApply = policiesThatApply['Value']

        singlePolicyResults = self._runPolicies(policiesThatApply)
        if not singlePolicyResults['OK']:
            return singlePolicyResults
        singlePolicyResults = singlePolicyResults['Value']

        policyCombinedResults = self._combineSinglePolicyResults(
            singlePolicyResults)
        if not policyCombinedResults['OK']:
            return policyCombinedResults
        policyCombinedResults = policyCombinedResults['Value']

        policyActionsThatApply = self.iGetter.getPolicyActionsThatApply(
            self.decissionParams, singlePolicyResults, policyCombinedResults)
        if not policyActionsThatApply['OK']:
            return policyActionsThatApply
        policyActionsThatApply = policyActionsThatApply['Value']

        policyCombinedResults['PolicyAction'] = policyActionsThatApply

        return S_OK({
            'singlePolicyResults': singlePolicyResults,
            'policyCombinedResult': policyCombinedResults,
            'decissionParams': self.decissionParams
        })

################################################################################

    def _runPolicies(self, policies, decissionParams=None):

        if decissionParams is None:
            decissionParams = self.decissionParams

        validStatus = RssConfiguration.getValidStatus()
        if not validStatus['OK']:
            return validStatus
        validStatus = validStatus['Value']

        policyInvocationResults = []

        for policyDict in policies:

            policyInvocationResult = self.pCaller.policyInvocation(
                decissionParams, policyDict)
            if not policyInvocationResult['OK']:
                # We should never enter this line ! Just in case there are policies
                # missconfigured !
                _msg = 'runPolicies no OK: %s' % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResult = policyInvocationResult['Value']

            if not 'Status' in policyInvocationResult:
                _msg = 'runPolicies (no Status): %s' % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            if not policyInvocationResult['Status'] in validStatus:
                _msg = 'runPolicies ( not valid status ) %s' % policyInvocationResult[
                    'Status']
                gLogger.error(_msg)
                return S_ERROR(_msg)

            if not 'Reason' in policyInvocationResult:
                _msg = 'runPolicies (no Reason): %s' % policyInvocationResult
                gLogger.error(_msg)
                return S_ERROR(_msg)

            policyInvocationResults.append(policyInvocationResult)

        return S_OK(policyInvocationResults)

################################################################################

    def _combineSinglePolicyResults(self, singlePolicyRes):
        '''
      singlePolicyRes = [ { 'State' : X, 'Reason' : Y, ... }, ... ]
      
      If there are no policyResults, returns Unknown as there are no policies to
      apply.
      
      Order elements in list by state, being the lowest the most restrictive
      one in the hierarchy.
   
    '''

        # Dictionary to be returned
        policyCombined = {'Status': None, 'Reason': ''}

        # If there are no policyResults, we return Unknown
        if not singlePolicyRes:

            _msgTuple = (self.decissionParams['element'],
                         self.decissionParams['name'],
                         self.decissionParams['elementType'])

            policyCombined['Status'] = 'Unknown'
            policyCombined[
                'Reason'] = 'No policy applies to %s, %s, %s' % _msgTuple

            return S_OK(policyCombined)

        # We set the rssMachine on the current state
        machineStatus = self.rssMachine.setState(
            self.decissionParams['status'])
        if not machineStatus['OK']:
            return machineStatus

        # Order statuses by most restrictive ( lower level first )
        self.rssMachine.orderPolicyResults(singlePolicyRes)
        #policyResults = self.rssMachine.orderPolicyResults( singlePolicyRes )

        # Get according to the RssMachine the next state, given a candidate
        candidateState = singlePolicyRes[0]['Status']
        nextState = self.rssMachine.getNextState(candidateState)

        if not nextState['OK']:
            return nextState
        nextState = nextState['Value']

        # If the RssMachine does not accept the candidate, return forcing message
        if candidateState != nextState:

            policyCombined['Status'] = nextState
            policyCombined['Reason'] = 'RssMachine forced status %s to %s' % (
                candidateState, nextState)
            return S_OK(policyCombined)

        # If the RssMachine accepts the candidate, just concatenate the reasons
        for policyRes in singlePolicyRes:

            if policyRes['Status'] == nextState:
                policyCombined['Reason'] += '%s ###' % policyRes['Reason']

        policyCombined['Status'] = nextState

        return S_OK(policyCombined)


################################################################################

#  def __useOldPolicyRes( self, name, policyName ):
#    '''
#     Use the RSS Service to get an old policy result.
#     If such result is older than 2 hours, it returns {'Status':'Unknown'}
#    '''
#    res = self.clients[ 'ResourceManagementClient' ].getPolicyResult( name = name, policyName = policyName )
#
#    if not res[ 'OK' ]:
#      return { 'Status' : 'Unknown' }
#
#    res = res[ 'Value' ]
#
#    if res == []:
#      return { 'Status' : 'Unknown' }
#
#    res = res[ 0 ]
#
#    oldStatus     = res[ 5 ]
#    oldReason     = res[ 6 ]
#    lastCheckTime = res[ 8 ]
#
#    if ( lastCheckTime + datetime.timedelta(hours = 2) ) < datetime.datetime.utcnow():
#      return { 'Status' : 'Unknown' }
#
#    result = {}
#
#    result[ 'Status' ]     = oldStatus
#    result[ 'Reason' ]     = oldReason
#    result[ 'OLD' ]        = True
#    result[ 'PolicyName' ] = policyName
#
#    return result

################################################################################
#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF#EOF