def post(self, template):
"""Create a new deploy template.
:param template: a deploy template within the request body.
"""
api_utils.check_policy('baremetal:deploy_template:create')
context = api.request.context
tdict = template.as_dict()
# NOTE(mgoddard): UUID is mandatory for notifications payload
if not tdict.get('uuid'):
tdict['uuid'] = uuidutils.generate_uuid()
new_template = objects.DeployTemplate(context, **tdict)
notify.emit_start_notification(context, new_template, 'create')
with notify.handle_error_notification(context, new_template, 'create'):
new_template.create()
# Set the HTTP Location Header
api.response.location = link.build_url('deploy_templates',
new_template.uuid)
api_template = DeployTemplate.convert_with_links(new_template)
notify.emit_end_notification(context, new_template, 'create')
return api_template
def patch(self, target_uuid, patch):
"""Update an existing volume target.
:param target_uuid: UUID of a volume target.
:param patch: a json PATCH document to apply to this volume target.
:returns: API-serializable volume target object.
:raises: OperationNotPermitted if accessed with specifying a
parent node.
:raises: PatchError if a given patch can not be applied.
:raises: InvalidParameterValue if the volume target's UUID is being
changed
:raises: NodeLocked if the node is already locked
:raises: NodeNotFound if the node associated with the volume target
does not exist
:raises: VolumeTargetNotFound if the volume target cannot be found
:raises: VolumeTargetBootIndexAlreadyExists if a volume target already
exists with the same node ID and boot index values
:raises: InvalidUUID if invalid node UUID is passed in the patch.
:raises: InvalidStateRequested If a node associated with the
volume target is not powered off.
"""
context = api.request.context
api_utils.check_policy('baremetal:volume:update')
if self.parent_node_ident:
raise exception.OperationNotPermitted()
api_utils.patch_validate_allowed_fields(patch, PATCH_ALLOWED_FIELDS)
values = api_utils.get_patch_values(patch, '/node_uuid')
for value in values:
if not uuidutils.is_uuid_like(value):
message = _("Expected a UUID for node_uuid, but received "
"%(uuid)s.") % {
'uuid': str(value)
}
raise exception.InvalidUUID(message=message)
rpc_target = objects.VolumeTarget.get_by_uuid(context, target_uuid)
target_dict = rpc_target.as_dict()
# NOTE(smoriya):
# 1) Remove node_id because it's an internal value and
# not present in the API object
# 2) Add node_uuid
rpc_node = api_utils.replace_node_id_with_uuid(target_dict)
target_dict = api_utils.apply_jsonpatch(target_dict, patch)
try:
if target_dict['node_uuid'] != rpc_node.uuid:
rpc_node = objects.Node.get(api.request.context,
target_dict['node_uuid'])
except exception.NodeNotFound as e:
# Change error code because 404 (NotFound) is inappropriate
# response for a PATCH request to change a volume target
e.code = http_client.BAD_REQUEST # BadRequest
raise
api_utils.patched_validate_with_schema(target_dict, TARGET_SCHEMA,
TARGET_VALIDATOR)
api_utils.patch_update_changed_fields(
target_dict,
rpc_target,
fields=objects.VolumeTarget.fields,
schema=TARGET_SCHEMA,
id_map={'node_id': rpc_node.id})
notify.emit_start_notification(context,
rpc_target,
'update',
node_uuid=rpc_node.uuid)
with notify.handle_error_notification(context,
rpc_target,
'update',
node_uuid=rpc_node.uuid):
topic = api.request.rpcapi.get_topic_for(rpc_node)
new_target = api.request.rpcapi.update_volume_target(
context, rpc_target, topic)
api_target = convert_with_links(new_target)
notify.emit_end_notification(context,
new_target,
'update',
node_uuid=rpc_node.uuid)
return api_target
def post(self, port):
"""Create a new port.
:param port: a port within the request body.
:raises: NotAcceptable, HTTPNotFound, Conflict
"""
if self.parent_node_ident or self.parent_portgroup_ident:
raise exception.OperationNotPermitted()
context = api.request.context
api_utils.check_policy('baremetal:port:create')
# NOTE(lucasagomes): Create the node_id attribute on-the-fly
# to satisfy the api -> rpc object
# conversion.
node = api_utils.replace_node_uuid_with_id(port)
self._check_allowed_port_fields(port)
portgroup = None
if port.get('portgroup_uuid'):
try:
portgroup = objects.Portgroup.get(api.request.context,
port.pop('portgroup_uuid'))
if portgroup.node_id != node.id:
raise exception.BadRequest(_('Port can not be added to a '
'portgroup belonging to a '
'different node.'))
# NOTE(lucasagomes): Create the portgroup_id attribute
# on-the-fly to satisfy the api ->
# rpc object conversion.
port['portgroup_id'] = portgroup.id
except exception.PortgroupNotFound as e:
# Change error code because 404 (NotFound) is inappropriate
# response for a POST request to create a Port
e.code = http_client.BAD_REQUEST # BadRequest
raise e
if port.get('is_smartnic'):
try:
api_utils.LOCAL_LINK_SMART_NIC_VALIDATOR(
'local_link_connection',
port.get('local_link_connection'))
except exception.Invalid:
raise exception.Invalid(
"Smart NIC port must have port_id "
"and hostname in local_link_connection")
physical_network = port.get('physical_network')
if physical_network is not None and not physical_network:
raise exception.Invalid('A non-empty value is required when '
'setting physical_network')
vif = api_utils.handle_post_port_like_extra_vif(port)
if (portgroup and (port.get('pxe_enabled') or vif)):
if not portgroup.standalone_ports_supported:
msg = _("Port group %s doesn't support standalone ports. "
"This port cannot be created as a member of that "
"port group because either 'extra/vif_port_id' "
"was specified or 'pxe_enabled' was set to True.")
raise exception.Conflict(
msg % portgroup.uuid)
# NOTE(yuriyz): UUID is mandatory for notifications payload
if not port.get('uuid'):
port['uuid'] = uuidutils.generate_uuid()
rpc_port = objects.Port(context, **port)
notify_extra = {
'node_uuid': node.uuid,
'portgroup_uuid': portgroup and portgroup.uuid or None
}
notify.emit_start_notification(context, rpc_port, 'create',
**notify_extra)
with notify.handle_error_notification(context, rpc_port, 'create',
**notify_extra):
topic = api.request.rpcapi.get_topic_for(node)
new_port = api.request.rpcapi.create_port(context, rpc_port,
topic)
notify.emit_end_notification(context, new_port, 'create',
**notify_extra)
# Set the HTTP Location Header
api.response.location = link.build_url('ports', new_port.uuid)
return convert_with_links(new_port)
def test_check_policy(self, mock_authorize, mock_pr):
utils.check_policy('fake-policy')
cdict = pecan.request.context.to_policy_values()
mock_authorize.assert_called_once_with('fake-policy', cdict, cdict)
def get_all(self, addresses=None, node_uuid=None):
"""Look up a node by its MAC addresses and optionally UUID.
If the "restrict_lookup" option is set to True (the default), limit
the search to nodes in certain transient states (e.g. deploy wait).
:param addresses: list of MAC addresses for a node.
:param node_uuid: UUID of a node.
:raises: NotFound if requested API version does not allow this
endpoint.
:raises: NotFound if suitable node was not found or node's provision
state is not allowed for the lookup.
:raises: IncompleteLookup if neither node UUID nor any valid MAC
address was provided.
"""
if not api_utils.allow_ramdisk_endpoints():
raise exception.NotFound()
api_utils.check_policy('baremetal:driver:ipa_lookup')
# Validate the list of MAC addresses
if addresses is None:
addresses = []
valid_addresses = []
invalid_addresses = []
for addr in addresses:
try:
mac = utils.validate_and_normalize_mac(addr)
valid_addresses.append(mac)
except exception.InvalidMAC:
invalid_addresses.append(addr)
if invalid_addresses:
node_log = ('' if not node_uuid else '(Node UUID: %s)' % node_uuid)
LOG.warning(
'The following MAC addresses "%(addrs)s" are '
'invalid and will be ignored by the lookup '
'request %(node)s', {
'addrs': ', '.join(invalid_addresses),
'node': node_log
})
if not valid_addresses and not node_uuid:
raise exception.IncompleteLookup()
try:
if node_uuid:
node = objects.Node.get_by_uuid(api.request.context, node_uuid)
else:
node = objects.Node.get_by_port_addresses(
api.request.context, valid_addresses)
except exception.NotFound:
# NOTE(dtantsur): we are reraising the same exception to make sure
# we don't disclose the difference between nodes that are not found
# at all and nodes in a wrong state by different error messages.
raise exception.NotFound()
if (CONF.api.restrict_lookup
and node.provision_state not in self.lookup_allowed_states):
raise exception.NotFound()
if api_utils.allow_agent_token():
try:
topic = api.request.rpcapi.get_topic_for(node)
except exception.NoValidHost as e:
e.code = http_client.BAD_REQUEST
raise
found_node = api.request.rpcapi.get_node_with_token(
api.request.context, node.uuid, topic=topic)
else:
found_node = node
return convert_with_links(found_node)
def post(self,
node_ident,
callback_url,
agent_version=None,
agent_token=None,
agent_verify_ca=None,
agent_status=None,
agent_status_message=None):
"""Process a heartbeat from the deploy ramdisk.
:param node_ident: the UUID or logical name of a node.
:param callback_url: the URL to reach back to the ramdisk.
:param agent_version: The version of the agent that is heartbeating.
``None`` indicates that the agent that is heartbeating is a version
before sending agent_version was introduced so agent v3.0.0 (the
last release before sending agent_version was introduced) will be
assumed.
:param agent_token: randomly generated validation token.
:param agent_verify_ca: TLS certificate to use to connect to the agent.
:param agent_status: Current status of the heartbeating agent. Used by
anaconda ramdisk to send status back to Ironic. The valid states
are 'start', 'end', 'error'
:param agent_status_message: Optional status message describing current
agent_status
:raises: NodeNotFound if node with provided UUID or name was not found.
:raises: InvalidUuidOrName if node_ident is not valid name or UUID.
:raises: NoValidHost if RPC topic for node could not be retrieved.
:raises: NotFound if requested API version does not allow this
endpoint.
"""
if not api_utils.allow_ramdisk_endpoints():
raise exception.NotFound()
if agent_version and not api_utils.allow_agent_version_in_heartbeat():
raise exception.InvalidParameterValue(
_('Field "agent_version" not recognised'))
if ((agent_status or agent_status_message)
and not api_utils.allow_status_in_heartbeat()):
raise exception.InvalidParameterValue(
_('Fields "agent_status" and "agent_status_message" '
'not recognised.'))
api_utils.check_policy('baremetal:node:ipa_heartbeat')
if (agent_verify_ca is not None
and not api_utils.allow_verify_ca_in_heartbeat()):
raise exception.InvalidParameterValue(
_('Field "agent_verify_ca" not recognised in this version'))
rpc_node = api_utils.get_rpc_node_with_suffix(node_ident)
dii = rpc_node['driver_internal_info']
agent_url = dii.get('agent_url')
# If we have an agent_url on file, and we get something different
# we should fail because this is unexpected behavior of the agent.
if agent_url is not None and agent_url != callback_url:
LOG.error(
'Received heartbeat for node %(node)s with '
'callback URL %(url)s. This is not expected, '
'and the heartbeat will not be processed.', {
'node': rpc_node.uuid,
'url': callback_url
})
raise exception.Invalid(
_('Detected change in ramdisk provided '
'"callback_url"'))
# NOTE(TheJulia): If tokens are required, lets go ahead and fail the
# heartbeat very early on.
if agent_token is None:
LOG.error(
'Agent heartbeat received for node %(node)s '
'without an agent token.', {'node': node_ident})
raise exception.InvalidParameterValue(
_('Agent token is required for heartbeat processing.'))
if agent_status is not None and agent_status not in AGENT_VALID_STATES:
valid_states = ','.join(AGENT_VALID_STATES)
LOG.error(
'Agent heartbeat received for node %(node)s '
'has an invalid agent status: %(agent_status)s. '
'Valid states are %(valid_states)s ', {
'node': node_ident,
'agent_status': agent_status,
'valid_states': valid_states
})
msg = (_('Agent status is invalid. Valid states are %s.') %
valid_states)
raise exception.InvalidParameterValue(msg)
try:
topic = api.request.rpcapi.get_topic_for(rpc_node)
except exception.NoValidHost as e:
e.code = http_client.BAD_REQUEST
raise
api.request.rpcapi.heartbeat(api.request.context,
rpc_node.uuid,
callback_url,
agent_version,
agent_token,
agent_verify_ca,
agent_status,
agent_status_message,
topic=topic)
def test_check_policy(self, mock_authorize, mock_pr):
utils.check_policy('fake-policy')
cdict = pecan.request.context.to_policy_values()
mock_authorize.assert_called_once_with('fake-policy', cdict, cdict)
def patch(self, portgroup_ident, patch):
"""Update an existing portgroup.
:param portgroup_ident: UUID or logical name of a portgroup.
:param patch: a json PATCH document to apply to this portgroup.
"""
if not api_utils.allow_portgroups():
raise exception.NotFound()
context = api.request.context
api_utils.check_policy('baremetal:portgroup:update')
if self.parent_node_ident:
raise exception.OperationNotPermitted()
if (not api_utils.allow_portgroup_mode_properties()
and (api_utils.is_path_updated(patch, '/mode')
or api_utils.is_path_updated(patch, '/properties'))):
raise exception.NotAcceptable()
api_utils.patch_validate_allowed_fields(patch, PATCH_ALLOWED_FIELDS)
rpc_portgroup = api_utils.get_rpc_portgroup_with_suffix(
portgroup_ident)
names = api_utils.get_patch_values(patch, '/name')
for name in names:
if (name and not api_utils.is_valid_logical_name(name)):
error_msg = _("Portgroup %(portgroup)s: Cannot change name to"
" invalid name '%(name)s'") % {
'portgroup': portgroup_ident,
'name': name
}
raise exception.ClientSideError(
error_msg, status_code=http_client.BAD_REQUEST)
portgroup_dict = rpc_portgroup.as_dict()
# NOTE:
# 1) Remove node_id because it's an internal value and
# not present in the API object
# 2) Add node_uuid
rpc_node = api_utils.replace_node_id_with_uuid(portgroup_dict)
portgroup_dict = api_utils.apply_jsonpatch(portgroup_dict, patch)
if 'mode' not in portgroup_dict:
msg = _("'mode' is a mandatory attribute and can not be removed")
raise exception.ClientSideError(msg)
try:
if portgroup_dict['node_uuid'] != rpc_node.uuid:
rpc_node = objects.Node.get(api.request.context,
portgroup_dict['node_uuid'])
except exception.NodeNotFound as e:
# Change error code because 404 (NotFound) is inappropriate
# response for a POST request to patch a Portgroup
e.code = http_client.BAD_REQUEST # BadRequest
raise
api_utils.handle_patch_port_like_extra_vif(
rpc_portgroup, portgroup_dict.get('internal_info'), patch)
api_utils.patched_validate_with_schema(portgroup_dict,
PORTGROUP_PATCH_SCHEMA,
PORTGROUP_PATCH_VALIDATOR)
api_utils.patch_update_changed_fields(portgroup_dict,
rpc_portgroup,
fields=objects.Portgroup.fields,
schema=PORTGROUP_PATCH_SCHEMA,
id_map={'node_id': rpc_node.id})
if (rpc_node.provision_state == ir_states.INSPECTING
and api_utils.allow_inspect_wait_state()):
msg = _('Cannot update portgroup "%(portgroup)s" on node '
'"%(node)s" while it is in state "%(state)s".') % {
'portgroup': rpc_portgroup.uuid,
'node': rpc_node.uuid,
'state': ir_states.INSPECTING
}
raise exception.ClientSideError(msg,
status_code=http_client.CONFLICT)
notify.emit_start_notification(context,
rpc_portgroup,
'update',
node_uuid=rpc_node.uuid)
with notify.handle_error_notification(context,
rpc_portgroup,
'update',
node_uuid=rpc_node.uuid):
topic = api.request.rpcapi.get_topic_for(rpc_node)
new_portgroup = api.request.rpcapi.update_portgroup(
context, rpc_portgroup, topic)
api_portgroup = convert_with_links(new_portgroup)
notify.emit_end_notification(context,
new_portgroup,
'update',
node_uuid=rpc_node.uuid)
return api_portgroup
def post(self, evts):
if not api_utils.allow_expose_events():
raise exception.NotFound()
api_utils.check_policy('baremetal:events:post')
for e in evts['events']:
LOG.debug("Received external event: %s", e)
