aboutsummaryrefslogtreecommitdiffstats
path: root/osdf/adapters
diff options
context:
space:
mode:
Diffstat (limited to 'osdf/adapters')
-rw-r--r--osdf/adapters/aaf/aaf_authentication.py34
-rw-r--r--osdf/adapters/policy/interface.py30
2 files changed, 52 insertions, 12 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py
index 26eac29..2a72c30 100644
--- a/osdf/adapters/aaf/aaf_authentication.py
+++ b/osdf/adapters/aaf/aaf_authentication.py
@@ -43,7 +43,6 @@ def authenticate(uid, passwd):
return has_valid_role(perms)
except Exception as exp:
error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp))
- pass
return False
@@ -57,27 +56,38 @@ else return false
def has_valid_role(perms):
aaf_user_roles = deploy_config['aaf_user_roles']
+ aaf_roles = get_role_list(perms)
+
for roles in aaf_user_roles:
path_perm = roles.split(':')
uri = path_perm[0]
- role = path_perm[1].split('|')[0]
- if re.search(uri, request.path) and perms:
- roles = perms.get('roles')
- if roles:
- perm_list = roles.get('perm')
- for p in perm_list:
- if role == p['type']:
- return True
+ perm = path_perm[1].split('|')
+ p = (perm[0], perm[1], perm[2].split()[0])
+ if re.search(uri, request.path) and p in aaf_roles:
+ return True
return False
+
"""
-Make the remote aaf api call if user is not in the cache.
+Build a list of roles tuples from the AAF response.
-Return the perms
"""
+
+
+def get_role_list(perms):
+ role_list = []
+ if perms:
+ roles = perms.get('roles')
+ if roles:
+ perm = roles.get('perm', [])
+ for p in perm:
+ role_list.append((p['type'], p['instance'], p['action']))
+ return role_list
+
+
def get_aaf_permissions(uid, passwd):
key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii"))
- time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3))
+ time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5))
perms = perm_cache.get(key)
diff --git a/osdf/adapters/policy/interface.py b/osdf/adapters/policy/interface.py
index a7839c6..0f20667 100644
--- a/osdf/adapters/policy/interface.py
+++ b/osdf/adapters/policy/interface.py
@@ -19,6 +19,9 @@
import base64
import itertools
import json
+import yaml
+import os
+import uuid
from requests import RequestException
@@ -190,3 +193,30 @@ def get_policies(request_json, service_type):
policies = remote_api(request_json, osdf_config, service_type)
return policies
+
+def upload_policy_models():
+ """Upload all the policy models reside in the folder"""
+ model_path = "../../models/policy/placement/tosca"
+ requestId = uuid.uuid4()
+ config = osdf_config.deployment
+ uid, passwd = config['policyPlatformUsername'], config['policyPlatformPassword']
+ pcuid, pcpasswd = config['policyClientUsername'], config['policyClientPassword']
+ headers = {"ClientAuth": base64.b64encode(bytes("{}:{}".format(pcuid, pcpasswd), "ascii"))}
+ headers.update({'Environment': config['policyPlatformEnv']})
+ headers.update({'X-ONAP-RequestID': requestId})
+ url = config['policyPlatformUrlForModelUploading']
+ rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug)
+
+ for file in os.listdir(model_path):
+ if not file.endswith(".yml"):
+ continue
+ with open(file) as f:
+ file_converted = json.dumps(yaml.load(f))
+ response = rc.request(json=file_converted, ok_codes=(200))
+ if not response:
+ success = False
+ audit_log.warn("Policy model %s uploading failed!" % file)
+ if not success:
+ return "Policy model uploading success!"
+ else:
+ return "Policy model uploading not success!"