[SEBA-80] Listening for authentication.events
Change-Id: I2757beac9e0e028e6a845cd2c1030edbc961344f
diff --git a/Dockerfile.synchronizer b/Dockerfile.synchronizer
index da84c00..c71235a 100644
--- a/Dockerfile.synchronizer
+++ b/Dockerfile.synchronizer
@@ -20,6 +20,8 @@
COPY xos/synchronizer /opt/xos/synchronizers/hippie-oss
COPY VERSION /opt/xos/synchronizers/hippie-oss/
+COPY samples/auth_event_sample.py /opt/xos/synchronizers/hippie-oss/
+COPY samples/auth_event_sample_fail.py /opt/xos/synchronizers/hippie-oss/
WORKDIR "/opt/xos/synchronizers/hippie-oss"
diff --git a/samples/auth_event_sample.py b/samples/auth_event_sample.py
new file mode 100644
index 0000000..a43090e
--- /dev/null
+++ b/samples/auth_event_sample.py
@@ -0,0 +1,29 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Manually send the event
+
+import json
+from kafka import KafkaProducer
+
+event = json.dumps({
+ 'authentication_state': "APPROVED", #there will be a bunch of possible states here, actual values TBD, e.g. STARTED, REQUESTED, APPROVED, DENIED
+ 'device_id': "of:0000000ce2314000",
+ 'port_number': "101",
+ # possibly other fields that we get from RADIUS/EAPOL relating to the subscriber
+})
+producer = KafkaProducer(bootstrap_servers="cord-kafka")
+producer.send("authentication.events", event)
+producer.flush()
\ No newline at end of file
diff --git a/samples/auth_event_sample_fail.py b/samples/auth_event_sample_fail.py
new file mode 100644
index 0000000..9095101
--- /dev/null
+++ b/samples/auth_event_sample_fail.py
@@ -0,0 +1,29 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Manually send the event
+
+import json
+from kafka import KafkaProducer
+
+event = json.dumps({
+ 'authentication_state': "DENIED", #there will be a bunch of possible states here, actual values TBD, e.g. STARTED, REQUESTED, APPROVED, DENIED
+ 'device_id': "of:0000000ce2314000",
+ 'port_number': "101",
+ # possibly other fields that we get from RADIUS/EAPOL relating to the subscriber
+})
+producer = KafkaProducer(bootstrap_servers="cord-kafka")
+producer.send("authentication.events", event)
+producer.flush()
\ No newline at end of file
diff --git a/samples/oss-service.yaml b/samples/oss-service.yaml
index 62ce3e8..df97c28 100644
--- a/samples/oss-service.yaml
+++ b/samples/oss-service.yaml
@@ -34,6 +34,7 @@
name: hippie-oss
kind: oss
# whitelist: BRCM1234, BRCM4321 # this is an optional list of ONUs that you do want to validate
+ create_on_discovery: false
service_dependency#oss_volt:
type: tosca.nodes.ServiceDependency
diff --git a/xos/synchronizer/config.yaml b/xos/synchronizer/config.yaml
index d85bf30..4079042 100644
--- a/xos/synchronizer/config.yaml
+++ b/xos/synchronizer/config.yaml
@@ -15,9 +15,6 @@
name: hippie-oss
-accessor:
- username: xosadmin@opencord.org
- password: "@/opt/xos/services/hippie-oss/credentials/xosadmin@opencord.org"
required_models:
- HippieOSSService
- HippieOSSServiceInstance
@@ -26,7 +23,7 @@
model_policies_dir: "/opt/xos/synchronizers/hippie-oss/model_policies"
models_dir: "/opt/xos/synchronizers/hippie-oss/models"
steps_dir: "/opt/xos/synchronizers/hippie-oss/steps"
-
+event_steps_dir: "/opt/xos/synchronizers/hippie-oss/event_steps"
logging:
version: 1
handlers:
diff --git a/xos/synchronizer/event_steps/auth_event.py b/xos/synchronizer/event_steps/auth_event.py
new file mode 100644
index 0000000..0ddd30a
--- /dev/null
+++ b/xos/synchronizer/event_steps/auth_event.py
@@ -0,0 +1,66 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import time
+import os
+import sys
+from synchronizers.new_base.eventstep import EventStep
+from synchronizers.new_base.modelaccessor import VOLTService, HippieOSSServiceInstance, model_accessor
+
+class SubscriberAuthEventStep(EventStep):
+ topics = ["authentication.events"]
+ technology = "kafka"
+
+ def __init__(self, *args, **kwargs):
+ super(SubscriberAuthEventStep, self).__init__(*args, **kwargs)
+
+ def get_onu_sn(self, event):
+ olt_service = VOLTService.objects.first()
+ onu_sn = olt_service.get_onu_sn_from_openflow(event["device_id"], event["port_number"])
+ if not onu_sn or onu_sn is None:
+ self.log.exception("authentication.events: Cannot find onu serial number for this event", kafka_event=event)
+ raise Exception("authentication.events: Cannot find onu serial number for this event")
+
+ return onu_sn
+
+ def get_hippie_oss_si_by_sn(self, serial_number):
+ try:
+ return HippieOSSServiceInstance.objects.get(serial_number=serial_number)
+ except IndexError:
+ self.log.exception("authentication.events: Cannot find hippie-oss service instance for this event", kafka_event=value)
+ raise Exception("authentication.events: Cannot find hippie-oss service instance for this event")
+
+
+ def activate_subscriber(self, subscriber):
+ subscriber.status = 'enabled'
+ subscriber.save()
+
+ def disable_subscriber(self, subscriber):
+ subscriber.status = 'auth-failed'
+ subscriber.save()
+
+ def process_event(self, event):
+ value = json.loads(event.value)
+
+ onu_sn = self.get_onu_sn(value)
+ si = self.get_hippie_oss_si_by_sn(onu_sn)
+ if not si:
+ self.log.exception("authentication.events: Cannot find hippie-oss service instance for this event", kafka_event=value)
+ raise Exception("authentication.events: Cannot find hippie-oss service instance for this event")
+
+ si.authentication_state = value["authentication_state"];
+ si.no_sync = True
+ si.save(update_fields=["authentication_state", "no_sync", "updated"], always_update_timestamp=True)
diff --git a/xos/synchronizer/event_steps/test_auth_event.py b/xos/synchronizer/event_steps/test_auth_event.py
new file mode 100644
index 0000000..ad2ed8b
--- /dev/null
+++ b/xos/synchronizer/event_steps/test_auth_event.py
@@ -0,0 +1,111 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import unittest
+from mock import patch, call, Mock, PropertyMock
+import json
+
+import os, sys
+
+# Hack to load synchronizer framework
+test_path=os.path.abspath(os.path.dirname(os.path.realpath(__file__)))
+service_dir=os.path.join(test_path, "../../../..")
+xos_dir=os.path.join(test_path, "../../..")
+if not os.path.exists(os.path.join(test_path, "new_base")):
+ xos_dir=os.path.join(test_path, "../../../../../../orchestration/xos/xos")
+ services_dir=os.path.join(xos_dir, "../../xos_services")
+# END Hack to load synchronizer framework
+
+# generate model from xproto
+def get_models_fn(service_name, xproto_name):
+ name = os.path.join(service_name, "xos", xproto_name)
+ if os.path.exists(os.path.join(services_dir, name)):
+ return name
+ else:
+ name = os.path.join(service_name, "xos", "synchronizer", "models", xproto_name)
+ if os.path.exists(os.path.join(services_dir, name)):
+ return name
+ raise Exception("Unable to find service=%s xproto=%s" % (service_name, xproto_name))
+# END generate model from xproto
+
+class TestSubscriberAuthEvent(unittest.TestCase):
+
+ def setUp(self):
+
+ self.sys_path_save = sys.path
+ sys.path.append(xos_dir)
+ sys.path.append(os.path.join(xos_dir, 'synchronizers', 'new_base'))
+
+ # Setting up the config module
+ from xosconfig import Config
+ config = os.path.join(test_path, "../test_config.yaml")
+ Config.clear()
+ Config.init(config, "synchronizer-config-schema.yaml")
+ from multistructlog import create_logger
+ log = create_logger(Config().get('logging'))
+ # END Setting up the config module
+
+ from synchronizers.new_base.mock_modelaccessor_build import build_mock_modelaccessor
+ # build_mock_modelaccessor(xos_dir, services_dir, [get_models_fn("olt-service", "volt.xproto")])
+
+ build_mock_modelaccessor(xos_dir, services_dir, [
+ get_models_fn("hippie-oss", "hippie-oss.xproto"),
+ get_models_fn("olt-service", "volt.xproto"),
+ get_models_fn("../profiles/rcord", "rcord.xproto")
+ ])
+ import synchronizers.new_base.modelaccessor
+ from auth_event import SubscriberAuthEventStep, model_accessor
+
+ # import all class names to globals
+ for (k, v) in model_accessor.all_model_classes.items():
+ globals()[k] = v
+
+ self.log = log
+
+ self.event_step = SubscriberAuthEventStep(self.log)
+
+ self.event = Mock()
+
+ self.volt = Mock()
+ self.volt.name = "vOLT"
+ self.volt.leaf_model = Mock()
+
+ self.hippie_si = HippieOSSServiceInstance()
+ self.hippie_si.serial_number = "BRCM1234"
+ self.hippie_si.save = Mock()
+
+
+ def tearDown(self):
+ sys.path = self.sys_path_save
+
+ def test_authenticate_subscriber(self):
+
+ self.event.value = json.dumps({
+ 'authentication_state': "APPROVED",
+ 'device_id': "of:0000000ce2314000",
+ 'port_number': "101",
+ })
+
+ with patch.object(VOLTService.objects, "get_items") as volt_service_mock, \
+ patch.object(HippieOSSServiceInstance.objects, "get_items") as hippie_si_mock, \
+ patch.object(self.volt, "get_onu_sn_from_openflow") as get_onu_sn:
+
+ volt_service_mock.return_value = [self.volt]
+ get_onu_sn.return_value = "BRCM1234"
+ hippie_si_mock.return_value = [self.hippie_si]
+
+ self.event_step.process_event(self.event)
+
+ self.hippie_si.save.assert_called_with(always_update_timestamp=True, update_fields=['authentication_state', 'no_sync', 'updated'])
+ self.assertEqual(self.hippie_si.authentication_state, 'APPROVED')
diff --git a/xos/synchronizer/hippie-oss-synchronizer.py b/xos/synchronizer/hippie-oss-synchronizer.py
index 46f6219..f9ea235 100755
--- a/xos/synchronizer/hippie-oss-synchronizer.py
+++ b/xos/synchronizer/hippie-oss-synchronizer.py
@@ -23,8 +23,13 @@
import sys
from xosconfig import Config
-config_file = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + '/config.yaml')
-Config.init(config_file, 'synchronizer-config-schema.yaml')
+base_config_file = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + '/config.yaml')
+mounted_config_file = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + '/mounted_config.yaml')
+
+if os.path.isfile(mounted_config_file):
+ Config.init(base_config_file, 'synchronizer-config-schema.yaml', mounted_config_file)
+else:
+ Config.init(base_config_file, 'synchronizer-config-schema.yaml')
observer_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"../../synchronizers/new_base")
sys.path.append(observer_path)
diff --git a/xos/synchronizer/model_policies/model_policy_hippieossserviceinstance.py b/xos/synchronizer/model_policies/model_policy_hippieossserviceinstance.py
index 5dc7221..255a3d1 100644
--- a/xos/synchronizer/model_policies/model_policy_hippieossserviceinstance.py
+++ b/xos/synchronizer/model_policies/model_policy_hippieossserviceinstance.py
@@ -24,6 +24,29 @@
self.logger.debug("MODEL_POLICY: handle_create for HippieOSSServiceInstance %s " % si.id)
self.handle_update(si)
+ def update_and_save_subscriber(self, subscriber, si):
+ if si.authentication_state == "STARTED":
+ subscriber.status = "awaiting-auth"
+ elif si.authentication_state == "REQUESTED":
+ subscriber.status = "awaiting-auth"
+ elif si.authentication_state == "APPROVED":
+ subscriber.status = "enabled"
+ elif si.authentication_state == "DENIED":
+ subscriber.status = "auth-failed"
+
+ # If the OSS returns a c_tag use that one
+ if si.c_tag:
+ subscriber.c_tag = si.c_tag
+
+ subscriber.save(always_update_timestamp=False)
+
+ def create_subscriber(self, si):
+ subscriber = RCORDSubscriber()
+ subscriber.onu_device = si.serial_number
+ subscriber.status == "awaiting-auth"
+
+ return subscriber
+
def handle_update(self, si):
self.logger.debug("MODEL_POLICY: handle_update for HippieOSSServiceInstance %s, valid=%s " % (si.id, si.valid))
@@ -54,40 +77,45 @@
onu.admin_state = "ENABLED"
onu.save(always_update_timestamp=True)
- # NOTE this assumes that an ONUDevice has only one Subscriber
+ # handling the subscriber status
+
+ subscriber = None
try:
- subscriber_changed = False
subscriber = RCORDSubscriber.objects.get(onu_device=si.serial_number)
- self.logger.debug("MODEL_POLICY: found subscriber for valid ONU", onu=si.serial_number)
-
- # If the OSS returns a c_tag and the subscriber doesn't already have his one
- if si.c_tag and not subscriber.c_tag:
- self.logger.debug("MODEL_POLICY: updating c_tag for RCORDSubscriber %s and HippieOSSServiceInstance %s" % (subscriber.id, si.id))
- subscriber.c_tag = si.c_tag
- subscriber_changed = True
-
- # if the subscriber was in pre-provisioned state, change it's status, otherwise leave it as is
- if subscriber.status == "pre-provisioned":
- subscriber.status = "awaiting-auth"
- self.logger.debug("MODEL_POLICY: setting subscriber status", status=subscriber.status)
- subscriber_changed = True
-
- if not subscriber_changed:
- # do not trigger an update unless it's needed
- return
except IndexError:
- self.logger.debug("MODEL_POLICY: creating RCORDSubscriber for HippieOSSServiceInstance %s" % si.id)
+ # we just want to find out if it exists or not
+ pass
- subscriber = RCORDSubscriber()
- subscriber.onu_device = si.serial_number
- subscriber.status == "awaiting-auth"
-
- # If the OSS returns a c_tag use that one
- if si.c_tag:
- subscriber.c_tag = si.c_tag
-
- subscriber.save(always_update_timestamp=True)
- return
+ # if subscriber does not exist
+ self.logger.debug("MODEL_POLICY: handling subscriber", onu_device=si.serial_number, create_on_discovery=si.owner.leaf_model.create_on_discovery)
+ if not subscriber:
+ # and create_on_discovery is false
+ if not si.owner.leaf_model.create_on_discovery:
+ # do not create the subscriber, unless it has been approved
+ if si.authentication_state == "APPROVED":
+ self.logger.debug("MODEL_POLICY: creating subscriber as authentication_sate=APPROVED")
+ subscriber = self.create_subscriber(si)
+ self.update_and_save_subscriber(subscriber, si)
+ else:
+ self.logger.debug("MODEL_POLICY: creating subscriber")
+ subscriber = self.create_subscriber(si)
+ self.update_and_save_subscriber(subscriber, si)
+ # if the subscriber is there
+ elif subscriber:
+ # and create_on_discovery is false
+ if not si.owner.leaf_model.create_on_discovery:
+ # and in status pre-provisioned, do nothing
+ if subscriber.status == "pre-provisioned":
+ self.logger.debug("MODEL_POLICY: not updating subscriber status as original status is 'pre-provisioned'")
+ return
+ # else update the status
+ else:
+ self.logger.debug("MODEL_POLICY: updating subscriber status as original status is not 'pre-provisioned'")
+ self.update_and_save_subscriber(subscriber, si)
+ # if create_on_discovery is true
+ else:
+ self.logger.debug("MODEL_POLICY: updating subscriber status")
+ self.update_and_save_subscriber(subscriber, si)
def handle_delete(self, si):
pass
diff --git a/xos/synchronizer/model_policies/test_model_policy_hippieossserviceinstance.py b/xos/synchronizer/model_policies/test_model_policy_hippieossserviceinstance.py
index 6140712..a9e9b8e 100644
--- a/xos/synchronizer/model_policies/test_model_policy_hippieossserviceinstance.py
+++ b/xos/synchronizer/model_policies/test_model_policy_hippieossserviceinstance.py
@@ -34,7 +34,6 @@
class TestModelPolicyHippieOssServiceInstance(unittest.TestCase):
def setUp(self):
- global VOLTServiceInstancePolicy, MockObjectList
self.sys_path_save = sys.path
sys.path.append(xos_dir)
@@ -67,6 +66,7 @@
self.policy = OSSServiceInstancePolicy()
self.si = Mock()
+ self.si.owner = Mock()
def tearDown(self):
sys.path = self.sys_path_save
@@ -128,21 +128,44 @@
subscriber = RCORDSubscriber(
onu_device=self.si.serial_number,
+ status='pre-provisioned'
)
with patch.object(ONUDevice.objects, "get_items") as onu_objects, \
patch.object(RCORDSubscriber.objects, "get_items") as subscriber_objects, \
- patch.object(RCORDSubscriber, "save") as subscriber_save, \
patch.object(ONUDevice, "save") as onu_save:
onu_objects.return_value = [onu]
subscriber_objects.return_value = [subscriber]
self.policy.handle_update(self.si)
- subscriber_save.assert_not_called()
self.assertEqual(onu.admin_state, "ENABLED")
onu_save.assert_called()
+ def test_do_not_create_subscriber(self):
+ self.si.valid = "valid"
+ self.si.backend_code = 1
+ self.si.serial_number = "BRCM1234"
+ self.si.authentication_state = "DENIEND"
+ self.si.owner.leaf_model.create_on_discovery = False
+
+ onu = ONUDevice(
+ serial_number=self.si.serial_number,
+ admin_state="DISABLED"
+ )
+
+ with patch.object(ONUDevice.objects, "get_items") as onu_objects, \
+ patch.object(RCORDSubscriber, "save", autospec=True) as subscriber_save, \
+ patch.object(ONUDevice, "save") as onu_save:
+
+ onu_objects.return_value = [onu]
+
+ self.policy.handle_update(self.si)
+
+ self.assertEqual(onu.admin_state, "ENABLED")
+ onu_save.assert_called()
+ self.assertEqual(subscriber_save.call_count, 0)
+
def test_create_subscriber(self):
self.si.valid = "valid"
self.si.serial_number = "BRCM1234"
@@ -166,6 +189,37 @@
self.assertEqual(subscriber.onu_device, self.si.serial_number)
onu_save.assert_not_called()
+
+ def test_create_subscriber_no_create_on_discovery(self):
+ """
+ test_create_subscriber_no_create_on_discovery
+ When si.owner.create_on_discovery = False we still need to create the subscriber after authentication
+ """
+
+ self.si.valid = "valid"
+ self.si.serial_number = "BRCM1234"
+ self.si.backend_code = 1
+ self.si.owner.leaf_model.create_on_discovery = False
+ self.si.authentication_state = "APPROVED"
+
+ onu = ONUDevice(
+ serial_number=self.si.serial_number,
+ admin_state="ENABLED"
+ )
+
+ with patch.object(ONUDevice.objects, "get_items") as onu_objects, \
+ patch.object(RCORDSubscriber, "save", autospec=True) as subscriber_save, \
+ patch.object(ONUDevice, "save") as onu_save:
+
+ onu_objects.return_value = [onu]
+
+ self.policy.handle_update(self.si)
+ self.assertEqual(subscriber_save.call_count, 1)
+
+ subscriber = subscriber_save.call_args[0][0]
+ self.assertEqual(subscriber.onu_device, self.si.serial_number)
+
+ onu_save.assert_not_called()
def test_create_subscriber_with_ctag(self):
self.si.valid = "valid"
diff --git a/xos/synchronizer/models/hippie-oss.xproto b/xos/synchronizer/models/hippie-oss.xproto
index 4cf5c37..6298523 100644
--- a/xos/synchronizer/models/hippie-oss.xproto
+++ b/xos/synchronizer/models/hippie-oss.xproto
@@ -6,6 +6,7 @@
option kind = "OSS";
optional string whitelist = 1 [help_text = "A comma separated list of ONUs that are deemed to be valid ONUs", null = True, db_index = False, blank = False];
+ required bool create_on_discovery = 2 [help_text = "Wether to create the subscriber when an ONU is discovered", null = False, db_index = False, blank = False, default = True];
}
message HippieOSSServiceInstance (ServiceInstance){
@@ -14,6 +15,7 @@
required string valid = 1 [default = "awaiting", choices = "(('awaiting', 'Awaiting Validation'), ('valid', 'Valid'), ('invalid', 'Invalid'))", help_text = "Wether this ONU has been validated by the external OSS", null = False, blank = False];
required string serial_number = 2 [max_length = 254, null = False, db_index = False, blank = False, tosca_key=True, unique = True];
+ required string authentication_state = 3 [default = "STARTED", choices = "(('STARTED', 'Started'), ('REQUESTED', 'Requested'), ('APPROVED', 'Approved'), ('DENIED', 'Denied'), )", max_length = 50, null = False, db_index = False, blank = False, unique = True];
required string of_dpid = 4 [max_length = 254, null = False, db_index = False, blank = False];
optional int32 c_tag = 5 [null = True, db_index = False, blank = False, unique = True, feedback_state = True];
}
\ No newline at end of file
diff --git a/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py b/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
index 6d0c6ff..51bc04e 100644
--- a/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
+++ b/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
@@ -80,10 +80,9 @@
self.oss.name = "oss"
self.oss.whitelist = "BRCM5678, BRCM1234"
- # create a mock VRouterStaticRoute instance
+ # create a mock HippieOssServiceInstance instance
self.o = Mock()
self.o.serial_number = "BRCM1234"
- self.o.uni_port_id = 16
self.o.of_dpid = "of:109299321"
self.o.owner.leaf_model = self.oss
self.o.tologdict.return_value = {}