From 2caafdc8aac6b88e38d1ae70d1b06a64e314f583 Mon Sep 17 00:00:00 2001 From: stewie925 Date: Wed, 5 Dec 2018 12:00:21 -0800 Subject: [PATCH] Build Ranger CLI image and fix bandit error Create Dockerfile and Makefile for Ranger CLI. Changes made to CLI code to account for separate URLs for each ranger service. Minor update to flavor code to fix error detected during bandit scan. Change-Id: If787e3dda4039d8755abd5dad05cacf685113565 --- Dockerfile-Ranger-Client | 70 +++++++++++++++++++ Makefile-Ranger-Client | 50 +++++++++++++ orm/orm_client/ormcli/cmscli.py | 19 ++--- orm/orm_client/ormcli/config.py | 5 +- orm/orm_client/ormcli/fmscli.py | 20 +++--- orm/orm_client/ormcli/imscli.py | 17 +++-- orm/orm_client/ormcli/rmscli.py | 14 ++-- .../fms_rest/data/wsme/models.py | 3 +- orm/tests/unit/ormcli/test_rmscli.py | 2 +- 9 files changed, 165 insertions(+), 35 deletions(-) create mode 100644 Dockerfile-Ranger-Client create mode 100644 Makefile-Ranger-Client diff --git a/Dockerfile-Ranger-Client b/Dockerfile-Ranger-Client new file mode 100644 index 00000000..48d92385 --- /dev/null +++ b/Dockerfile-Ranger-Client @@ -0,0 +1,70 @@ +FROM ubuntu:16.04 + +#ubuntu environment variables +ENV DEBIAN_FRONTEND noninteractive +ENV container docker +ENV LC_ALL C.UTF-8 +ENV LANG C.UTF-8 + +# define and pass application environment variables +ARG ranger_user +ARG ranger_pass +ARG ranger_tenant +ARG ranger_url +ARG ranger_region + +ENV RANGER_USERNAME ${ranger_user:-ranger} +ENV RANGER_PASSWORD ${ranger_pass:-password} +ENV RANGER_TENANT_NAME ${ranger_tenant:-admin} +ENV RANGER_ORM_BASE_URL ${ranger_url:-http://127.0.0.1} +ENV RANGER_AUTH_REGION ${ranger_region:-RegionOne} + +# install needed components +RUN apt -qq update && \ +apt -y install git \ +netcat \ +netbase \ +openssh-server \ +python-minimal \ +python-setuptools \ +python-pip \ +python-dev \ +python-dateutil \ +ca-certificates \ +openstack-pkg-tools \ +gcc \ +g++ \ +libffi-dev \ +libssl-dev --no-install-recommends \ +libmysqlclient-dev \ +&& apt-get clean \ +&& rm -rf \ + /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* \ + /usr/share/man \ + /usr/share/doc \ + /usr/share/doc-base + +RUN pip install wheel + +COPY . /tmp/ranger + +WORKDIR /tmp/ranger + +RUN pip install --default-timeout=100 -r requirements.txt + +RUN python setup.py install + +WORKDIR /tmp +# Create user +RUN useradd -u 1000 -ms /bin/bash ${RANGER_USERNAME} + +# Change permissions +RUN mv /tmp/ranger/orm/orm_client /home/${RANGER_USERNAME}/ \ + && rm -rf /tmp/* \ + && chown -R ${RANGER_USERNAME}: /home/${RANGER_USERNAME}/orm_client + +# Set work directory +USER ${RANGER_USERNAME} +WORKDIR /home/${RANGER_USERNAME}/orm_client/ormcli diff --git a/Makefile-Ranger-Client b/Makefile-Ranger-Client new file mode 100644 index 00000000..64227438 --- /dev/null +++ b/Makefile-Ranger-Client @@ -0,0 +1,50 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCKER_REGISTRY ?= quay.io +IMAGE_NAME ?= ranger-client +IMAGE_PREFIX ?= attcomdev +IMAGE_TAG ?= ocata +LABEL ?= commit-id +PROXY ?= http://proxy.foo.com:8000 +NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local +USE_PROXY ?= false + +IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG} + +# Build ranger Docker image for this project +.PHONY: images +images: build_$(IMAGE_NAME) + + + +# Make targets intended for use by the primary targets above. +.PHONY: build_$(IMAGE_NAME) +build_$(IMAGE_NAME): + +ifeq ($(USE_PROXY), true) + docker build --network host -t $(IMAGE) --label $(LABEL) -f Dockerfile \ + --build-arg http_proxy=$(PROXY) \ + --build-arg https_proxy=$(PROXY) \ + --build-arg HTTP_PROXY=$(PROXY) \ + --build-arg HTTPS_PROXY=$(PROXY) \ + --build-arg no_proxy=$(NO_PROXY) \ + --build-arg NO_PROXY=$(NO_PROXY) . +else + docker build --network host -t $(IMAGE) --label $(LABEL) -f Dockerfile . +endif + +.PHONY: pep8 +pep8: + tox -e pep8 diff --git a/orm/orm_client/ormcli/cmscli.py b/orm/orm_client/ormcli/cmscli.py index b96d2235..bb687ec9 100644 --- a/orm/orm_client/ormcli/cmscli.py +++ b/orm/orm_client/ormcli/cmscli.py @@ -34,8 +34,10 @@ def add_to_parser(service_sub): default=get_environment_variable('username')) parser.add_argument('--password', type=str, help='Keystone user password', default=get_environment_variable('password')) - parser.add_argument('--orm-base-url', type=str, help='ORM base URL', - default=get_environment_variable('orm-base-url')) + parser.add_argument('--rms-base-url', type=str, help='RMS base URL', + default=get_environment_variable('rms-base-url')) + parser.add_argument('--cms-base-url', type=str, help='CMS base URL', + default=get_environment_variable('cms-base-url')) parser.add_argument('--tracking_id', type=str, help='"X-RANGER-Tracking-Id" header') parser.add_argument('--port', type=int, help='port number of CMS server') @@ -376,8 +378,7 @@ def get_token(timeout, args, host): print message raise cli_common.MissingArgumentError(message) - keystone_ep = cli_common.get_keystone_ep( - '{}:{}'.format(host, base_config.rms['port']), auth_region) + keystone_ep = cli_common.get_keystone_ep('{}'.format(host), auth_region) if keystone_ep is None: raise ConnectionError( 'Failed in get_token, host: {}, region: {}'.format(host, @@ -404,6 +405,7 @@ def get_token(timeout, args, host): def get_environment_variable(argument): # The rules are: all caps, underscores instead of dashes and prefixed + environment_variable = 'RANGER_{}'.format( argument.replace('-', '_').upper()) @@ -411,18 +413,19 @@ def get_environment_variable(argument): def run(args): - host = args.orm_base_url if args.orm_base_url else config.orm_base_url - port = args.port if args.port else 7080 + rms_url = args.rms_base_url if args.rms_base_url else base_config.rms['base_url'] + host = args.cms_base_url if args.cms_base_url else base_config.cms['base_url'] + port = args.port if args.port else base_config.cms['port'] data = args.datafile.read() if 'datafile' in args else '{}' timeout = args.timeout if args.timeout else 10 rest_cmd, cmd_url = cmd_details(args) - url = '%s:%d/v1/orm/customers' % (host, port,) + cmd_url + url = '%s/v1/orm/customers' % (host) + cmd_url if args.faceless: auth_token = auth_region = requester = client = '' else: try: - auth_token = get_token(timeout, args, host) + auth_token = get_token(timeout, args, rms_url) except Exception: exit(1) auth_region = globals()['auth_region'] diff --git a/orm/orm_client/ormcli/config.py b/orm/orm_client/ormcli/config.py index c3c03966..3aa2b243 100755 --- a/orm/orm_client/ormcli/config.py +++ b/orm/orm_client/ormcli/config.py @@ -6,5 +6,8 @@ tenant_name = config.CONF.keystone_authtoken.project_name username = config.CONF.keystone_authtoken.username password = config.CONF.keystone_authtoken.password auth_region = config.CONF.cli.base_region -orm_base_url = config.CONF.ranger_url +rms_base_url = config.rms['base_url'] +cms_base_url = config.cms['base_url'] +fms_base_url = config.fms['base_url'] +ims_base_url = config.ims['base_url'] verify = config.CONF.ssl_verify diff --git a/orm/orm_client/ormcli/fmscli.py b/orm/orm_client/ormcli/fmscli.py index 3fd55253..f9155522 100644 --- a/orm/orm_client/ormcli/fmscli.py +++ b/orm/orm_client/ormcli/fmscli.py @@ -26,9 +26,6 @@ def add_to_parser(service_sub): parser.add_argument('--auth-region', type=str, help='Region used for authentication', default=get_environment_variable('auth-region')) - parser.add_argument('--orm-base-url', type=str, help='ORM base URL', - default=get_environment_variable('orm-base-url')) - parser.add_argument('--tracking_id', type=str, help='tracking id') parser.add_argument('--tenant-name', type=str, help='Keystone user tenant name', default=get_environment_variable('tenant-name')) @@ -36,6 +33,11 @@ def add_to_parser(service_sub): default=get_environment_variable('username')) parser.add_argument('--password', type=str, help='Keystone user password', default=get_environment_variable('password')) + parser.add_argument('--rms-base-url', type=str, help='RMS base URL', + default=get_environment_variable('rms-base-url')) + parser.add_argument('--fms-base-url', type=str, help='FMS base URL', + default=get_environment_variable('fms-base-url')) + parser.add_argument('--tracking_id', type=str, help='tracking id') parser.add_argument('--port', type=int, help='port number of FMS server') parser.add_argument('--timeout', type=int, help='request timeout in seconds (default: 10)') @@ -334,8 +336,7 @@ def get_token(timeout, args, host): print message raise cli_common.MissingArgumentError(message) - keystone_ep = cli_common.get_keystone_ep( - '{}:{}'.format(host, base_config.rms['port']), auth_region) + keystone_ep = cli_common.get_keystone_ep('{}'.format(host), auth_region) if keystone_ep is None: raise ConnectionError( 'Failed in get_token, host: {}, region: {}'.format(host, @@ -369,18 +370,19 @@ def get_environment_variable(argument): def run(args): - host = args.orm_base_url if args.orm_base_url else config.orm_base_url - port = args.port if args.port else 8082 + rms_url = args.rms_base_url if args.rms_base_url else base_config.rms['base_url'] + host = args.fms_base_url if args.fms_base_url else base_config.fms['base_url'] + port = args.port if args.port else base_config.fms['port'] data = args.datafile.read() if 'datafile' in args else '{}' timeout = args.timeout if args.timeout else 10 rest_cmd, cmd_url = cmd_details(args) - url = '%s:%d/v1/orm/flavors' % (host, port,) + cmd_url + url = '%s/v1/orm/flavors' % (host) + cmd_url if args.faceless: auth_token = auth_region = requester = client = '' else: try: - auth_token = get_token(timeout, args, host) + auth_token = get_token(timeout, args, rms_url) except Exception: exit(1) auth_region = globals()['auth_region'] diff --git a/orm/orm_client/ormcli/imscli.py b/orm/orm_client/ormcli/imscli.py index 8ade0046..543feeba 100644 --- a/orm/orm_client/ormcli/imscli.py +++ b/orm/orm_client/ormcli/imscli.py @@ -34,8 +34,10 @@ def add_to_parser(service_sub): default=get_environment_variable('username')) parser.add_argument('--password', type=str, help='Keystone user password', default=get_environment_variable('password')) - parser.add_argument('--orm-base-url', type=str, help='ORM base URL', - default=get_environment_variable('orm-base-url')) + parser.add_argument('--rms-base-url', type=str, help='RMS base URL', + default=get_environment_variable('rms-base-url')) + parser.add_argument('--ims-base-url', type=str, help='IMS base URL', + default=get_environment_variable('ims-base-url')) parser.add_argument('--tracking_id', type=str, help='tracking id') parser.add_argument('--port', type=int, help='port number of IMS server') parser.add_argument('--timeout', type=int, @@ -226,7 +228,7 @@ def get_token(timeout, args, host): raise cli_common.MissingArgumentError(message) keystone_ep = cli_common.get_keystone_ep( - '{}:{}'.format(host, base_config.rms['port']), auth_region) + '{}'.format(host), auth_region) if keystone_ep is None: raise ConnectionError( 'Failed in get_token, host: {}, region: {}'.format(host, @@ -323,18 +325,19 @@ def get_environment_variable(argument): def run(args): - host = args.orm_base_url if args.orm_base_url else config.orm_base_url - port = args.port if args.port else 8084 + rms_url = args.rms_base_url if args.rms_base_url else base_config.rms['base_url'] + host = args.ims_base_url if args.ims_base_url else base_config.ims['base_url'] + port = args.port if args.port else base_config.ims['port'] data = args.datafile.read() if 'datafile' in args else '{}' timeout = args.timeout if args.timeout else 10 rest_cmd, cmd_url = cmd_details(args) - url = '%s:%d/v1/orm/images' % (host, port,) + cmd_url + url = '%s/v1/orm/images' % (host) + cmd_url if args.faceless: auth_token = auth_region = requester = client = '' else: try: - auth_token = get_token(timeout, args, host) + auth_token = get_token(timeout, args, rms_url) except Exception: exit(1) auth_region = globals()['auth_region'] diff --git a/orm/orm_client/ormcli/rmscli.py b/orm/orm_client/ormcli/rmscli.py index e561886e..4c02e7cc 100644 --- a/orm/orm_client/ormcli/rmscli.py +++ b/orm/orm_client/ormcli/rmscli.py @@ -32,8 +32,8 @@ def add_to_parser(service_sub): default=get_environment_variable('username')) parser.add_argument('--password', type=str, help='Keystone user password', default=get_environment_variable('password')) - parser.add_argument('--orm-base-url', type=str, help='ORM base URL', - default=get_environment_variable('orm-base-url')) + parser.add_argument('--rms-base-url', type=str, help='RMS base URL', + default=get_environment_variable('rms-base-url')) parser.add_argument('--tracking_id', type=str, help='tracking id') parser.add_argument('--port', type=int, help='port number of RMS server') parser.add_argument('--timeout', type=int, @@ -250,8 +250,7 @@ def get_token(timeout, args, host): print message raise cli_common.MissingArgumentError(message) - keystone_ep = cli_common.get_keystone_ep( - '{}:{}'.format(host, base_config.rms['port']), auth_region) + keystone_ep = cli_common.get_keystone_ep('{}'.format(host), auth_region) if keystone_ep is None: raise ConnectionError( 'Failed in get_token, host: {}, region: {}'.format(host, @@ -362,12 +361,11 @@ def get_environment_variable(argument): def run(args): url_path = get_path(args) - host = args.orm_base_url if args.orm_base_url else config.orm_base_url - port = args.port if args.port else base_config.rms['port'] + rms_base_url = args.rms_base_url if args.rms_base_url else base_config.rms['base_url'] data = args.datafile.read() if 'datafile' in args else '{}' timeout = args.timeout if args.timeout else 10 rest_cmd, cmd_url = cmd_details(args) - url = '%s:%d/%s' % (host, port, url_path) + cmd_url + url = '%s/%s' % (rms_base_url, url_path) + cmd_url if args.faceless or \ args.subcmd == 'get_region' or \ args.subcmd == 'list_regions' or \ @@ -376,7 +374,7 @@ def run(args): auth_token = auth_region = requester = client = '' else: try: - auth_token = get_token(timeout, args, host) + auth_token = get_token(timeout, args, rms_base_url) except Exception: exit(1) auth_region = globals()['auth_region'] diff --git a/orm/services/flavor_manager/fms_rest/data/wsme/models.py b/orm/services/flavor_manager/fms_rest/data/wsme/models.py index 4254f921..07d4efa3 100755 --- a/orm/services/flavor_manager/fms_rest/data/wsme/models.py +++ b/orm/services/flavor_manager/fms_rest/data/wsme/models.py @@ -1,3 +1,4 @@ +import ast import wsme from orm.common.orm_common.utils.cross_api_utils import (set_utils_conf, @@ -254,7 +255,7 @@ class Flavor(Model): if self.series == 'p1': if {'n0'}.issubset(self.options.keys()) and \ - eval(self.options.get('n0').lower().capitalize()): + ast.literal_eval(self.options.get('n0').lower().capitalize()): vcpu_limit = int(conf.flavor_limits.p1_n0_vcpu_limit) vram_limit = int(conf.flavor_limits.p1_n0_vram_limit) else: diff --git a/orm/tests/unit/ormcli/test_rmscli.py b/orm/tests/unit/ormcli/test_rmscli.py index c5231a27..2d9ca9ab 100755 --- a/orm/tests/unit/ormcli/test_rmscli.py +++ b/orm/tests/unit/ormcli/test_rmscli.py @@ -223,7 +223,7 @@ class RmsTests(TestCase): cli = ormcli.Cli() cli.create_parser() cli.parse( - 'orm rms --faceless --orm-base-url 12.11.10.9 --port 8832' + 'orm rms --faceless --rms-base-url 12.11.10.9 --port 8832' ' --timeout 150 get_region zoneone'.split()) resp = self.respond( {