def __call__(self, force=False, parent_type=None, cassandra_servers=None):
valid_acl = []
parents = Collection(parent_type, fetch=True, recursive=2)
for parent in parents:
if 'access_control_lists' in parent.keys():
valid_acl += [
acl['uuid'] for acl in parent['access_control_lists']
]
valid_acl = list(set(valid_acl))
orphaned_acls = set([])
# Due to a bug in contrail API, we cannot list more than 10000 elements
# on a resource and there is no way to list ACL by tenant.
# So that ugly hack directly fetch all ACL UUIDs from the cassandra database :(
pool = ConnectionPool('config_db_uuid', server_list=cassandra_servers)
fqname_cf = ColumnFamily(pool, 'obj_fq_name_table')
for key, value in fqname_cf.xget('access_control_list'):
acl_uuid = decode_string(key).split(':')[-1]
if acl_uuid in valid_acl:
continue
acl = Resource('access-control-list', uuid=acl_uuid, fetch=True)
if ('parent_uuid' in acl.keys() and 'parent_type' in acl.keys()
and acl['parent_type'] == parent_type
and acl.uuid not in valid_acl):
try:
parent_acl = acl.parent
except ResourceNotFound:
msg = ("The %s parent ACL %s was not found." %
(parent_type.replace('-', ' '), acl['parent_uuid']))
if force:
msg = msg + " Delete orphan ACL %s." % acl.uuid
acl.delete()
logger.debug(msg)
orphaned_acls.add(acl['uuid'])
else:
logger.debug(
"The ACL %(acl)s have a %(parent_type)s %(parent_acl)s which exists but \
was not found in the precedent %(parent_type)s list. Not delete it."
% {
'acl': acl,
'parent_type': parent_type.replace('-', ' '),
'parent_acl': parent_acl
})
if force:
logger.debug("%d orphaned ACL were deleted" % len(orphaned_acls))
else:
logger.debug("Found %d orphaned ACL to delete" %
len(orphaned_acls))
