diff options
Diffstat (limited to 'osdf/adapters')
-rw-r--r-- | osdf/adapters/aaf/aaf_authentication.py | 34 | ||||
-rw-r--r-- | osdf/adapters/policy/interface.py | 30 |
2 files changed, 52 insertions, 12 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py index 26eac29..2a72c30 100644 --- a/osdf/adapters/aaf/aaf_authentication.py +++ b/osdf/adapters/aaf/aaf_authentication.py @@ -43,7 +43,6 @@ def authenticate(uid, passwd): return has_valid_role(perms) except Exception as exp: error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp)) - pass return False @@ -57,27 +56,38 @@ else return false def has_valid_role(perms): aaf_user_roles = deploy_config['aaf_user_roles'] + aaf_roles = get_role_list(perms) + for roles in aaf_user_roles: path_perm = roles.split(':') uri = path_perm[0] - role = path_perm[1].split('|')[0] - if re.search(uri, request.path) and perms: - roles = perms.get('roles') - if roles: - perm_list = roles.get('perm') - for p in perm_list: - if role == p['type']: - return True + perm = path_perm[1].split('|') + p = (perm[0], perm[1], perm[2].split()[0]) + if re.search(uri, request.path) and p in aaf_roles: + return True return False + """ -Make the remote aaf api call if user is not in the cache. +Build a list of roles tuples from the AAF response. -Return the perms """ + + +def get_role_list(perms): + role_list = [] + if perms: + roles = perms.get('roles') + if roles: + perm = roles.get('perm', []) + for p in perm: + role_list.append((p['type'], p['instance'], p['action'])) + return role_list + + def get_aaf_permissions(uid, passwd): key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii")) - time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3)) + time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5)) perms = perm_cache.get(key) diff --git a/osdf/adapters/policy/interface.py b/osdf/adapters/policy/interface.py index a7839c6..0f20667 100644 --- a/osdf/adapters/policy/interface.py +++ b/osdf/adapters/policy/interface.py @@ -19,6 +19,9 @@ import base64 import itertools import json +import yaml +import os +import uuid from requests import RequestException @@ -190,3 +193,30 @@ def get_policies(request_json, service_type): policies = remote_api(request_json, osdf_config, service_type) return policies + +def upload_policy_models(): + """Upload all the policy models reside in the folder""" + model_path = "../../models/policy/placement/tosca" + requestId = uuid.uuid4() + config = osdf_config.deployment + uid, passwd = config['policyPlatformUsername'], config['policyPlatformPassword'] + pcuid, pcpasswd = config['policyClientUsername'], config['policyClientPassword'] + headers = {"ClientAuth": base64.b64encode(bytes("{}:{}".format(pcuid, pcpasswd), "ascii"))} + headers.update({'Environment': config['policyPlatformEnv']}) + headers.update({'X-ONAP-RequestID': requestId}) + url = config['policyPlatformUrlForModelUploading'] + rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug) + + for file in os.listdir(model_path): + if not file.endswith(".yml"): + continue + with open(file) as f: + file_converted = json.dumps(yaml.load(f)) + response = rc.request(json=file_converted, ok_codes=(200)) + if not response: + success = False + audit_log.warn("Policy model %s uploading failed!" % file) + if not success: + return "Policy model uploading success!" + else: + return "Policy model uploading not success!" |