def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = _authorize_context(req) if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) groups = instance.get(key) if groups: server[key] = [{"name": group["name"]} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': if len(servers) == 1: group = ( self.security_group_api.get_instance_security_groups( context, servers[0]['id'])) if group: servers[0][key] = group else: sg_instance_bindings = ( self.security_group_api. get_instances_security_groups_bindings(context)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server[key] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: try: # try converting to json req_obj = json.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][key] = req_obj['server'].get( ATTRIBUTE_NAME, [{ 'name': 'default' }]) except ValueError: root = xmlutils.safe_minidom_parse_string(req.body) sg_root = root.getElementsByTagNameNS( SecurityGroups.namespace, key) groups = [] if sg_root: security_groups = sg_root[0].getElementsByTagName( 'security_group') for security_group in security_groups: groups.append( {'name': security_group.getAttribute('name')}) if not groups: groups = [{'name': 'default'}] servers[0][key] = groups
def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = _authorize_context(req) if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server["id"]) groups = instance.get(key) if groups: server[ATTRIBUTE_NAME] = [{"name": group["name"]} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != "POST": sg_instance_bindings = self.security_group_api.get_instances_security_groups_bindings(context, servers) for server in servers: groups = sg_instance_bindings.get(server["id"]) if groups: server[ATTRIBUTE_NAME] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][ATTRIBUTE_NAME] = req_obj["server"].get(ATTRIBUTE_NAME, [{"name": "default"}])
def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = _authorize_context(req) if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) groups = instance.get(key) if groups: server[key] = [{"name": group["name"]} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': if len(servers) == 1: group = (self.security_group_api .get_instance_security_groups(context, servers[0]['id'])) if group: servers[0][key] = group else: sg_instance_bindings = ( self.security_group_api .get_instances_security_groups_bindings(context)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server[key] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: try: # try converting to json req_obj = json.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][key] = req_obj['server'].get( ATTRIBUTE_NAME, [{'name': 'default'}]) except ValueError: root = xmlutils.safe_minidom_parse_string(req.body) sg_root = root.getElementsByTagNameNS( SecurityGroups.namespace, key) groups = [] if sg_root: security_groups = sg_root[0].getElementsByTagName( 'security_group') for security_group in security_groups: groups.append( {'name': security_group.getAttribute('name')}) if not groups: groups = [{'name': 'default'}] servers[0][key] = groups
def _add_security_grps(self, req, servers, instances, create_request=False): if not len(servers): return if not openstack_driver.is_neutron_security_groups(): instances = {inst['uuid']: inst for inst in instances} for server in servers: instance = instances[server['id']] groups = instance.get('security_groups') if groups: server['security_groups'] = [{ "name": group.name } for group in groups] else: # If request is a POST create server we get the security groups # intended for an instance from the request. The reason for this # is if using neutron security groups the requested security # groups for the instance are not in the db and have not been # sent to neutron yet. # Starting from microversion 2.75, security groups is returned in # PUT and POST Rebuild response also. if not create_request: context = req.environ['nova.context'] sg_instance_bindings = (self.security_group_api. get_instances_security_groups_bindings( context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server['security_groups'] = groups # This section is for POST create server request. There can be # only one security group for POST create server request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0]['security_groups'] = req_obj['server'].get( 'security_groups', [{ 'name': 'default' }])
def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = req.environ['nova.context'] if not softauth(context): return if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) groups = instance.get(key) if groups: server[ATTRIBUTE_NAME] = [{ "name": group["name"] } for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': sg_instance_bindings = (self.security_group_api. get_instances_security_groups_bindings( context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server[ATTRIBUTE_NAME] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][ATTRIBUTE_NAME] = req_obj['server'].get( ATTRIBUTE_NAME, [{ 'name': 'default' }])
def _extend_servers(self, req, servers): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return key = "security_groups" context = req.environ['nova.context'] if not context.can(sg_policies.BASE_POLICY_NAME, fatal=False): return if not openstack_driver.is_neutron_security_groups(): for server in servers: instance = req.get_db_instance(server['id']) groups = instance.get(key) if groups: server[ATTRIBUTE_NAME] = [{"name": group.name} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': sg_instance_bindings = ( self.security_group_api .get_instances_security_groups_bindings(context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server[ATTRIBUTE_NAME] = groups # In this section of code len(servers) == 1 as you can only POST # one server in an API request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0][ATTRIBUTE_NAME] = req_obj['server'].get( ATTRIBUTE_NAME, [{'name': 'default'}])
def _add_security_grps(self, req, servers, instances): # TODO(arosen) this function should be refactored to reduce duplicate # code and use get_instance_security_groups instead of get_db_instance. if not len(servers): return if not openstack_driver.is_neutron_security_groups(): instances = {inst['uuid']: inst for inst in instances} for server in servers: instance = instances[server['id']] groups = instance.get('security_groups') if groups: server['security_groups'] = [{ "name": group.name } for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': context = req.environ['nova.context'] sg_instance_bindings = (self.security_group_api. get_instances_security_groups_bindings( context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server['security_groups'] = groups # This section is for POST request. There can be only one security # group for POST request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0]['security_groups'] = req_obj['server'].get( 'security_groups', [{ 'name': 'default' }])
def _add_security_grps(self, req, servers, instances): if not len(servers): return if not openstack_driver.is_neutron_security_groups(): instances = {inst['uuid']: inst for inst in instances} for server in servers: instance = instances[server['id']] groups = instance.get('security_groups') if groups: server['security_groups'] = [{"name": group.name} for group in groups] else: # If method is a POST we get the security groups intended for an # instance from the request. The reason for this is if using # neutron security groups the requested security groups for the # instance are not in the db and have not been sent to neutron yet. if req.method != 'POST': context = req.environ['nova.context'] sg_instance_bindings = ( self.security_group_api .get_instances_security_groups_bindings(context, servers)) for server in servers: groups = sg_instance_bindings.get(server['id']) if groups: server['security_groups'] = groups # This section is for POST request. There can be only one security # group for POST request. else: # try converting to json req_obj = jsonutils.loads(req.body) # Add security group to server, if no security group was in # request add default since that is the group it is part of servers[0]['security_groups'] = req_obj['server'].get( 'security_groups', [{'name': 'default'}])