Merge pull request #88 from dojot/release/63.2-20190820

Merge baseline 63.2-20190820

auth/alarms.py

@@ -1,9 +1,12 @@
 import auth.conf as conf
 from alarmlibrary.connection import RabbitMqClientConnection
 from alarmlibrary.alarm import Alarm, AlarmSeverity
-from database.flaskAlchemyInit import log
 from database.flaskAlchemyInit import HTTPRequestError
 
+from dojot.module import Log
+
+LOGGER = Log().color_log()
+
 class RabbitManager(object):
     def __init__(self, target=conf.rabbitmq_host):
         self.target = target
@@ -52,6 +55,6 @@ def __init__(self, error_code, message, username, userid=0):
                 try:
                     rabbit_client.send(alarm)
                 except Exception as ex:
-                    log().error("There was a problem with RabbitMQ connection. Error is: {}".format(ex))
-                    log().error("No alarm was sent.")
+                    LOGGER.error("There was a problem with RabbitMQ connection. Error is: {}".format(ex))
+                    LOGGER.error("No alarm was sent.")
 

auth/controller/AuthenticationController.py

@@ -13,9 +13,12 @@
 
 from database.flaskAlchemyInit import HTTPRequestError
 from database.Models import User
-from database.flaskAlchemyInit import log
 from auth.alarms import AlarmError
 
+from dojot.module import Log
+
+LOGGER = Log().color_log()
+
 def authenticate(db_session, auth_data):
     if 'username' not in auth_data.keys():
         raise HTTPRequestError(400, 'missing username')
@@ -52,7 +55,7 @@ def authenticate(db_session, auth_data):
             'username': user.username
         }
         encoded = jwt.encode(claims, user.secret, algorithm='HS256')
-        log().info('user ' + user.username + ' loged in')
+        LOGGER.info('user ' + user.username + ' loged in')
         return str(encoded, 'ascii')
 
     raise AlarmError(403, 'AuthorizationError', username, user.id)

auth/controller/CRUDController.py

@@ -15,7 +15,6 @@
 import database.historicModels as inactiveTables
 import conf
 import kongUtils
-from database.flaskAlchemyInit import log
 from controller.KafkaPublisher import Publisher
 import controller.PasswordController as pwdc
 from database.Models import MVUserPermission, MVGroupPermission
@@ -159,7 +158,7 @@ def create_user(db_session, user: User, requester):
             pwdc.create_password_set_request(db_session, new_user)
             db_session.commit()
         except Exception as e:
-            log().warning(e)
+            LOGGER.warning(e)
     LOGGER.debug("... user password was configured.")
 
     LOGGER.debug("Sending tenant creation message to other components...")
@@ -239,8 +238,8 @@ def update_user(db_session, user: str, updated_info, requester) -> (dict, str):
         if db_session.query(User).filter_by(email=updated_info['email']).one_or_none():
             raise HTTPRequestError(400, "email already in use")
 
-    log().info(f"user {user.username} updated by {requester['username']}");
-    log().info({'oldUser': user.safe_dict(), 'newUser': updated_info})
+    LOGGER.info(f"user {user.username} updated by {requester['username']}")
+    LOGGER.info({'oldUser': user.safe_dict(), 'newUser': updated_info})
 
     # the admin cant update service
     if 'service' in updated_info.keys() \
@@ -260,11 +259,11 @@ def update_user(db_session, user: str, updated_info, requester) -> (dict, str):
 
     # Publish messages related to service creation/deletion
     if count_tenant_users(db_session, old_service) == 0:
-        log().info(f"will emit tenant lifecycle event {old_service} - DELETE")
+        LOGGER.info(f"will emit tenant lifecycle event {old_service} - DELETE")
         Publisher.send_notification({"type": 'DELETE', 'tenant': old_service})
 
     if count_tenant_users(db_session, user.service) == 1:
-        log().info(f"will emit tenant lifecycle event {user.service} - CREATE")
+        LOGGER.info(f"will emit tenant lifecycle event {user.service} - CREATE")
         Publisher.send_notification({"type": 'CREATE', 'tenant': user.service})
 
     return old_user, old_service
@@ -306,16 +305,16 @@ def delete_user(db_session, username: str, requester):
                                                            requester['userid'])
         password.expire_password_reset_requests(db_session, user.id)
         db_session.delete(user)
-        log().info(f"user {user.username} deleted by {requester['username']}")
-        log().info(user.safe_dict())
+        LOGGER.info(f"user {user.username} deleted by {requester['username']}")
+        LOGGER.info(user.safe_dict())
 
         kongUtils.remove_from_kong(user.username)
         MVUserPermission.refresh()
         MVGroupPermission.refresh()
         db_session.commit()
 
         if count_tenant_users(db_session, user.service) == 0:
-            log().info(f"will emit tenant lifecycle event {user.service} - DELETE")
+            LOGGER.info(f"will emit tenant lifecycle event {user.service} - DELETE")
             Publisher.send_notification({"type": 'DELETE', 'tenant': user.service})
 
         return user
@@ -382,8 +381,8 @@ def create_perm(db_session, permission, requester):
     check_perm(permission)
     permission['created_by'] = requester['userid']
     perm = Permission(**permission)
-    log().info(f"permission {perm.name} create by {requester['username']}")
-    log().info(perm.safe_dict())
+    LOGGER.info(f"permission {perm.name} create by {requester['username']}")
+    LOGGER.info(perm.safe_dict())
 
     db_session.add(perm)
     db_session.commit()
@@ -454,8 +453,8 @@ def update_perm(db_session, permission: str, perm_data, requester):
             for key, value in perm_data.items():
                 setattr(perm, key, value)
             db_session.add(perm)
-            log().info(f"permission {perm.name} updated by {requester['username']}")
-            log().info(perm_data)
+            LOGGER.info(f"permission {perm.name} updated by {requester['username']}")
+            LOGGER.info(perm_data)
 
             db_session.commit()
         else:
@@ -484,8 +483,8 @@ def delete_perm(db_session, permission: str, requester):
                 GroupPermission.__table__.delete(GroupPermission.permission_id == perm.id)
             )
             cache.delete_key(action=perm.method, resource=perm.path)
-            log().info(f"permission {perm.name} deleted by {requester['username']}")
-            log().info(perm.safe_dict())
+            LOGGER.info(f"permission {perm.name} deleted by {requester['username']}")
+            LOGGER.info(perm.safe_dict())
             db_session.delete(perm)
             db_session.commit()
             MVUserPermission.refresh()
@@ -528,8 +527,8 @@ def create_group(db_session, group_data, requester):
 
     group_data['created_by'] = requester['userid']
     group = Group(**group_data)
-    log().info(f"group {group.name} created by {requester['username']}")
-    log().info(group.safe_dict())
+    LOGGER.info(f"group {group.name} created by {requester['username']}")
+    LOGGER.info(group.safe_dict())
     db_session.add(group)
     db_session.commit()
     return group
@@ -574,7 +573,7 @@ def update_group(db_session, group, group_data, requester):
         for key, value in group_data.items():
             setattr(group, key, value)
         db_session.add(group)
-        log().info('group ' + group.name + ' updated by '
+        LOGGER.info('group ' + group.name + ' updated by '
                    + requester['username'],
                    group_data)
         db_session.commit()
@@ -596,7 +595,7 @@ def delete_group(db_session, group, requester):
             UserGroup.__table__.delete(UserGroup.group_id == group.id)
         )
         cache.delete_key()
-        log().info('group ' + group.name + ' deleted by '
+        LOGGER.info('group ' + group.name + ' deleted by '
                    + requester['username'],
                    group.safe_dict())
         db_session.delete(group)

auth/controller/PDPController.py

@@ -5,7 +5,10 @@
 from database.flaskAlchemyInit import HTTPRequestError
 from controller.AuthenticationController import get_jwt_payload
 import database.Cache as cache
-from database.flaskAlchemyInit import log
+
+from dojot.module import Log
+
+LOGGER = Log().color_log()
 
 
 # Helper function to check request fields
@@ -30,7 +33,7 @@ def pdp_main(db_session, pdp_request):
                                     pdp_request['resource'])
     # Return the cached answer if it exist
     if cached_veredict:
-        log().info('user ' + str(user_id) + ' '
+        LOGGER.info('user ' + str(user_id) + ' '
                    + cached_veredict + ' to ' + pdp_request['action']
                    + ' on ' + pdp_request['resource'] + ' from cache')
         return cached_veredict
@@ -48,7 +51,7 @@ def pdp_main(db_session, pdp_request):
                   pdp_request['resource'],
                   veredict)
 
-    log().info('user ' + str(user_id) + ' '
+    LOGGER.info('user ' + str(user_id) + ' '
                + veredict + ' to ' + pdp_request['action']
                + ' on ' + pdp_request['resource'] + ' registered on cache')
     return veredict
@@ -59,7 +62,7 @@ def iterate_permissions(user_id, groups_list, action, resource):
 
     # check user direct permissions
     for p in MVUserPermission.query.filter_by(user_id=user_id):
-        log().info('checking for user permissions')
+        LOGGER.info('checking for user permissions')
         granted = make_decision(p, action, resource)
         # user permissions have precedence over group permissions
         if granted != PermissionEnum.notApplicable:
@@ -68,7 +71,7 @@ def iterate_permissions(user_id, groups_list, action, resource):
     # check user group permissions
     for g in groups_list:
         for p in MVGroupPermission.query.filter_by(group_id=g):
-            log().info('checking for group permissions')
+            LOGGER.info('checking for group permissions')
             granted = make_decision(p, action, resource)
             # deny have precedence over permits
             if granted == PermissionEnum.deny:

auth/controller/RelationshipController.py

@@ -4,9 +4,11 @@
 from database.Models import UserPermission, GroupPermission, UserGroup
 from database.flaskAlchemyInit import HTTPRequestError
 import database.Cache as cache
-from database.flaskAlchemyInit import log
 from database.Models import MVUserPermission, MVGroupPermission
 
+from dojot.module import Log
+
+LOGGER = Log().color_log()
 
 def add_user_group(db_session, user, group, requester):
     try:
@@ -31,7 +33,7 @@ def add_user_group(db_session, user, group, requester):
     user.reset_token()
     db_session.add(user)
 
-    log().info(f"user {user.username} added to group {group.name} by {requester['username']}")
+    LOGGER.info(f"user {user.username} added to group {group.name} by {requester['username']}")
 
     db_session.commit()
 
@@ -54,7 +56,7 @@ def remove_user_group(db_session, user, group, requester):
         user.reset_token()
         db_session.add(user)
 
-        log().info(f"user {user.username} removed from {group.name} by {requester['username']}")
+        LOGGER.info(f"user {user.username} removed from {group.name} by {requester['username']}")
         db_session.commit()
     except orm_exceptions.NoResultFound:
         raise HTTPRequestError(404, "User is not a member of the group")
@@ -96,7 +98,7 @@ def add_group_permission(db_session, group, permission, requester):
     db_session.add(r)
     cache.delete_key(action=perm.method,
                      resource=perm.path)
-    log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
+    LOGGER.info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
     MVGroupPermission.refresh()
     db_session.commit()
 
@@ -116,7 +118,7 @@ def remove_group_permission(db_session, group, permission, requester):
         db_session.delete(relation)
         cache.delete_key(action=perm.method,
                          resource=perm.path)
-        log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
+        LOGGER.info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
         MVGroupPermission.refresh()
         db_session.commit()
     except orm_exceptions.NoResultFound:
@@ -144,7 +146,7 @@ def add_user_permission(db_session, user, permission, requester):
                      resource=perm.path)
     MVUserPermission.refresh()
     db_session.commit()
-    log().info(f"user {user.username} received permission {perm.name} by {requester['username']}")
+    LOGGER.info(f"user {user.username} received permission {perm.name} by {requester['username']}")
 
 
 def remove_user_permission(db_session, user, permission, requester):
@@ -163,7 +165,7 @@ def remove_user_permission(db_session, user, permission, requester):
         cache.delete_key(userid=user.id,
                          action=perm.method,
                          resource=perm.path)
-        log().info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}")
+        LOGGER.info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}")
         MVUserPermission.refresh()
         db_session.commit()
     except orm_exceptions.NoResultFound:

auth/initialConf.py

@@ -108,21 +108,16 @@ def create_permissions():
         permission_dict_helper('ro_device', "/device/(.*)", "GET"),
         permission_dict_helper('all_flows', "/flows/(.*)", "(.*)"),
         permission_dict_helper('ro_flows', "/flows/(.*)", "GET"),
-        permission_dict_helper('all_history', "/history/(.*)", "(.*)"),
         permission_dict_helper('ro_history', "/history/(.*)", "GET"),
-        permission_dict_helper('all_metric', "/metric/(.*)", "(.*)"),
-        permission_dict_helper('ro_metric', "/metric/(.*)", "GET"),
         permission_dict_helper('all_user', "/auth/user/(.*)", "(.*)"),
         permission_dict_helper('ro_user', "/auth/user/(.*)", "GET"),
-        permission_dict_helper('all_pap', "/pap/(.*)", "(.*)"),
-        permission_dict_helper('ro_pap', "/pap/(.*)", "GET"),
+        permission_dict_helper('all_pap', "/auth/pap/(.*)", "(.*)"),
+        permission_dict_helper('ro_pap', "/auth/pap/(.*)", "GET"),
         permission_dict_helper('ro_ca', "/ca/(.*)", "GET"),
         permission_dict_helper('wo_sign', "/sign/(.*)", "POST"),
         permission_dict_helper('ro_socketio', "/stream/socketio/", "GET"),
-        permission_dict_helper('ro_import', "/import/(.*)", "GET"),
         permission_dict_helper('all_import', "/import/(.*)", "(.*)"),
         permission_dict_helper('ro_export', "/export/(.*)", "GET"),
-        permission_dict_helper('all_export', "/export/(.*)", "(.*)"),
         permission_dict_helper('ro_image', "/fw-image/(.*)", "GET"),
         permission_dict_helper('all_image', "/fw-image/(.*)", "(.*)")
     ]
@@ -164,13 +159,12 @@ def add_permissions_group():
                 'all_template',
                 'all_device',
                 'all_flows',
-                'all_history',
-                'all_metric',
+                'ro_history',
                 'ro_ca',
                 'wo_sign',
                 "ro_socketio",
                 "all_import",
-                "all_export",
+                "ro_export",
                 "all_image"
             ]
         }

auth/webRoutes.py

@@ -65,7 +65,7 @@ def list_users():
         users = crud.search_user(
             db.session,
             # Optional search filters
-            request.args['username'] if 'username' in request.args else None
+            request.args.get('username')
         )
         users_safe = list(map(lambda u: u.safe_dict(), users))
         return make_response(json.dumps({"users": users_safe}, default=json_serial), 200)
@@ -125,10 +125,10 @@ def list_permissions():
         perms = crud.search_perm(
             db.session,
             # search filters
-            request.args['path'] if 'path' in request.args else None,
-            request.args['method'] if 'method' in request.args else None,
-            request.args['permission'] if 'permission' in request.args else None,
-            request.args['type'] if 'type' in request.args else None
+            request.args.get('path'),
+            request.args.get('method'),
+            request.args.get('permission'),
+            request.args.get('type')
         )
         permissions_safe = list(map(lambda p: p.safe_dict(), perms))
         return make_response(json.dumps({"permissions": permissions_safe}, default=json_serial), 200)
@@ -188,7 +188,7 @@ def list_group():
         groups = crud.search_group(
             db.session,
             # search filters
-            request.args['name'] if 'name' in request.args else None
+            request.args.get('name')
         )
         groups_safe = list(map(lambda p: p.safe_dict(), groups))
         for g in groups_safe:
@@ -421,4 +421,3 @@ def list_tenants():
 
 if __name__ == '__main__':
     app.run(host='0.0.0.0', port=5000, threaded=True)
-

tests/dredd-hooks/relation_hook.py

@@ -4,7 +4,10 @@
 import crud_api_hook as crud
 import auth_hook as auth
 from database.flaskAlchemyInit import db, HTTPRequestError
-from database.flaskAlchemyInit import log
+
+from dojot.module import Log
+
+LOGGER = Log().color_log()
 
 USER_GROUP = []
 USER_PERMS = []

tests/dredd-hooks/report_hook.py

@@ -4,7 +4,10 @@
 import crud_api_hook as crud
 import auth_hook as auth
 from database.flaskAlchemyInit import db, HTTPRequestError
-from database.flaskAlchemyInit import log
+
+from dojot.module import Log
+
+LOGGER = Log().color_log()
 
 USER_GROUP = []
 USER_PERMS = []