def index(self,
req,
namespace,
marker=None,
limit=None,
sort_key='created_at',
sort_dir='desc',
filters=None):
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except exception.Forbidden:
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise exception.NotFound(msg)
# NOTE(abhishekk): This is just a "do you have permission to
# list objects" check. Each object is checked against
# get_metadef_object below.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).get_metadef_objects()
filters = filters or dict()
filters['namespace'] = namespace
object_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
db_metaobject_list = object_repo.list(marker=marker,
limit=limit,
sort_key=sort_key,
sort_dir=sort_dir,
filters=filters)
object_list = [
MetadefObject.to_wsme_model(obj,
get_object_href(namespace, obj),
self.obj_schema_link)
for obj in db_metaobject_list if api_policy.MetadefAPIPolicy(
req.context,
md_resource=obj.namespace,
enforcer=self.policy).check('get_metadef_object')
]
metadef_objects = MetadefObjects()
metadef_objects.objects = object_list
except exception.Forbidden as e:
LOG.debug(
"User not permitted to retrieve metadata objects within "
"'%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return metadef_objects
def show(self, req, namespace, object_name):
meta_object_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except exception.Forbidden:
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise exception.NotFound(msg)
# NOTE(abhishekk): Metadef objects are associated with
# namespace, so made provision to pass namespace here
# for visibility check
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).get_metadef_object()
metadef_object = meta_object_repo.get(namespace, object_name)
return MetadefObject.to_wsme_model(
metadef_object, get_object_href(namespace, metadef_object),
self.obj_schema_link)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to show metadata object '%s' "
"within '%s' namespace", namespace, object_name)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete(self, req, namespace, object_name):
meta_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
# NOTE(abhishekk): Verifying that namespace is visible
# to user
namespace_obj = ns_repo.get(namespace)
except exception.Forbidden:
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise exception.NotFound(msg)
# NOTE(abhishekk): Metadef object is created for Metadef namespaces
# Here we are just checking if user is authorized to delete metadef
# object or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).delete_metadef_object()
metadef_object = meta_repo.get(namespace, object_name)
metadef_object.delete()
meta_repo.remove(metadef_object)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to delete metadata object '%s' "
"within '%s' namespace", object_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete_properties(self, req, namespace):
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): This call currently checks whether user
# has permission to delete the namespace or not before deleting
# the objects associated with it.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).delete_metadef_namespace()
namespace_obj.delete()
ns_repo.remove_properties(namespace_obj)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to delete metadata properties "
"within '%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete(self, req, namespace):
namespace_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = namespace_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Here we are just checking user is authorized to
# delete the namespace or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).delete_metadef_namespace()
namespace_obj.delete()
namespace_repo.remove(namespace_obj)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to delete metadata namespace "
"'%s'", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
def index(self, req):
try:
filters = {'namespace': None}
rs_type_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
# NOTE(abhishekk): Here we are just checking if user is
# authorized to view/list metadef resource types or not.
# Also there is no relation between list_metadef_resource_types
# and get_metadef_resource_type policies so can not enforce
# get_metadef_resource_type policy on individual resource
# type here.
api_policy.MetadefAPIPolicy(
req.context,
enforcer=self.policy).list_metadef_resource_types()
db_resource_type_list = rs_type_repo.list(filters=filters)
resource_type_list = [
ResourceType.to_wsme_model(resource_type)
for resource_type in db_resource_type_list
]
resource_types = ResourceTypes()
resource_types.resource_types = resource_type_list
except exception.Forbidden as e:
LOG.debug("User not permitted to retrieve metadata resource types "
"index")
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return resource_types
def index(self, req, namespace):
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): This is just a "do you have permission to
# list properties" check. Each property is checked against
# get_metadef_property below.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).get_metadef_properties()
filters = dict()
filters['namespace'] = namespace
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
db_properties = prop_repo.list(filters=filters)
property_list = Namespace.to_model_properties(db_properties)
namespace_properties = PropertyTypes()
namespace_properties.properties = property_list
except exception.Forbidden as e:
LOG.debug(
"User not permitted to retrieve metadata properties "
"within '%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return namespace_properties
def delete(self, req, namespace, property_name):
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef property is created for Metadef
# namespaces. Here we are just checking if user is authorized
# to delete metadef property or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).remove_metadef_property()
property_type = prop_repo.get(namespace, property_name)
property_type.delete()
prop_repo.remove(property_type)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to delete metadata property '%s' "
"within '%s' namespace", property_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
def setUp(self):
super(TestMetadefAPIPolicy, self).setUp()
self.enforcer = mock.MagicMock()
self.md_resource = mock.MagicMock()
self.context = mock.MagicMock()
self.policy = policy.MetadefAPIPolicy(self.context,
self.md_resource,
enforcer=self.enforcer)
def index(self,
req,
namespace,
marker=None,
limit=None,
sort_key='created_at',
sort_dir='desc',
filters=None):
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): This is just a "do you have permission to
# list tags" check. Each object is checked against
# get_metadef_tag below.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).get_metadef_tags()
filters = filters or dict()
filters['namespace'] = namespace
tag_repo = self.gateway.get_metadef_tag_repo(
req.context, authorization_layer=False)
if marker:
metadef_tag = tag_repo.get(namespace, marker)
marker = metadef_tag.tag_id
db_metatag_list = tag_repo.list(marker=marker,
limit=limit,
sort_key=sort_key,
sort_dir=sort_dir,
filters=filters)
tag_list = [
MetadefTag(**{'name': db_metatag.name})
for db_metatag in db_metatag_list
]
metadef_tags = MetadefTags()
metadef_tags.tags = tag_list
except exception.Forbidden as e:
LOG.debug(
"User not permitted to retrieve metadata tags "
"within '%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return metadef_tags
def show(self, req, namespace):
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Here we are just checking if user is
# authorized to view/list metadef resource types or not.
# Each resource_type is checked against
# get_metadef_resource_type below.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).list_metadef_resource_types()
filters = {'namespace': namespace}
rs_type_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
db_type_list = rs_type_repo.list(filters=filters)
rs_type_list = [
ResourceTypeAssociation.to_wsme_model(rs_type)
for rs_type in db_type_list if api_policy.MetadefAPIPolicy(
req.context,
md_resource=rs_type.namespace,
enforcer=self.policy).check('get_metadef_resource_type')
]
resource_types = ResourceTypeAssociations()
resource_types.resource_type_associations = rs_type_list
except exception.Forbidden as e:
LOG.debug(
"User not permitted to retrieve metadata resource types "
"within '%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return resource_types
def show(self, req, namespace, property_name, filters=None):
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef properties are associated with
# namespace, so made provision to pass namespace here
# for visibility check
api_pol = api_policy.MetadefAPIPolicy(req.context,
md_resource=namespace_obj,
enforcer=self.policy)
api_pol.get_metadef_property()
if filters and filters['resource_type']:
# Verify that you can fetch resource type details
api_pol.get_metadef_resource_type()
rs_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
db_resource_type = rs_repo.get(filters['resource_type'],
namespace)
prefix = db_resource_type.prefix
if prefix and property_name.startswith(prefix):
property_name = property_name[len(prefix):]
else:
msg = (_("Property %(property_name)s does not start "
"with the expected resource type association "
"prefix of '%(prefix)s'.") % {
'property_name': property_name,
'prefix': prefix
})
raise exception.NotFound(msg)
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
db_property = prop_repo.get(namespace, property_name)
property = self._to_model(db_property)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to show metadata property '%s' "
"within '%s' namespace", property_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return property
def update(self, req, metadata_object, namespace, object_name):
meta_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
# NOTE(abhishekk): Verifying that namespace is visible
# to user
namespace_obj = ns_repo.get(namespace)
except exception.Forbidden:
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise exception.NotFound(msg)
# NOTE(abhishekk): Metadef object is created for Metadef namespaces
# Here we are just checking if user is authorized to modify metadef
# object or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).modify_metadef_object()
metadef_object = meta_repo.get(namespace, object_name)
metadef_object._old_name = metadef_object.name
metadef_object.name = wsme_utils._get_value(metadata_object.name)
metadef_object.description = wsme_utils._get_value(
metadata_object.description)
metadef_object.required = wsme_utils._get_value(
metadata_object.required)
metadef_object.properties = wsme_utils._get_value(
metadata_object.properties)
updated_metadata_obj = meta_repo.save(metadef_object)
except exception.Invalid as e:
msg = (_("Couldn't update metadata object: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to update metadata object '%s' "
"within '%s' namespace ", object_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return MetadefObject.to_wsme_model(
updated_metadata_obj,
get_object_href(namespace, updated_metadata_obj),
self.obj_schema_link)
def update(self, req, user_ns, namespace):
namespace_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
ns_obj = namespace_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Here we are just checking if use is authorized
# to modify the namespace or not
api_policy.MetadefAPIPolicy(
req.context, md_resource=ns_obj,
enforcer=self.policy).modify_metadef_namespace()
ns_obj._old_namespace = ns_obj.namespace
ns_obj.namespace = wsme_utils._get_value(user_ns.namespace)
ns_obj.display_name = wsme_utils._get_value(user_ns.display_name)
ns_obj.description = wsme_utils._get_value(user_ns.description)
# Following optional fields will default to same values as in
# create namespace if not specified
ns_obj.visibility = (wsme_utils._get_value(user_ns.visibility)
or 'private')
ns_obj.protected = (wsme_utils._get_value(user_ns.protected)
or False)
ns_obj.owner = (wsme_utils._get_value(user_ns.owner)
or req.context.owner)
updated_namespace = namespace_repo.save(ns_obj)
except exception.Invalid as e:
msg = (_("Couldn't update metadata namespace: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to update metadata namespace "
"'%s'", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return Namespace.to_wsme_model(updated_namespace,
get_namespace_href(updated_namespace),
self.ns_schema_link)
def create_tags(self, req, metadata_tags, namespace):
tag_factory = self.gateway.get_metadef_tag_factory(
req.context, authorization_layer=False)
tag_repo = self.gateway.get_metadef_tag_repo(req.context,
authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef tags is created for Metadef namespaces
# Here we are just checking if user is authorized to create metadef
# tag or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).add_metadef_tags()
tag_list = []
for metadata_tag in metadata_tags.tags:
tag_list.append(
tag_factory.new_tag(namespace=namespace,
**metadata_tag.to_dict()))
tag_repo.add_tags(tag_list)
tag_list_out = [
MetadefTag(**{'name': db_metatag.name})
for db_metatag in tag_list
]
metadef_tags = MetadefTags()
metadef_tags.tags = tag_list_out
except exception.Forbidden as e:
LOG.debug(
"User not permitted to create metadata tags within "
"'%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return metadef_tags
def create(self, req, namespace, tag_name):
tag_factory = self.gateway.get_metadef_tag_factory(
req.context, authorization_layer=False)
tag_repo = self.gateway.get_metadef_tag_repo(req.context,
authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
tag_name_as_dict = {'name': tag_name}
try:
self.schema.validate(tag_name_as_dict)
except exception.InvalidObject as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
try:
# NOTE(abhishekk): Metadef tags is created for Metadef namespaces
# Here we are just checking if user is authorized to create metadef
# tag or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).add_metadef_tag()
new_meta_tag = tag_factory.new_tag(namespace=namespace,
**tag_name_as_dict)
tag_repo.add(new_meta_tag)
except exception.Invalid as e:
msg = (_("Couldn't create metadata tag: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to create metadata tag within "
"'%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return MetadefTag.to_wsme_model(new_meta_tag)
def delete(self, req, namespace, resource_type):
rs_type_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef resource type is created for Metadef
# namespaces. Here we are just checking if user is authorized
# to delete metadef resource types or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).remove_metadef_resource_type_association(
)
filters = {}
found = False
filters['namespace'] = namespace
db_resource_type_list = rs_type_repo.list(filters=filters)
for db_resource_type in db_resource_type_list:
if db_resource_type.name == resource_type:
db_resource_type.delete()
rs_type_repo.remove(db_resource_type)
found = True
if not found:
raise exception.NotFound()
except exception.Forbidden as e:
LOG.debug(
"User not permitted to delete metadata resource type "
"'%s' within '%s' namespace", resource_type, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound:
msg = (_("Failed to find resource type %(resourcetype)s to "
"delete") % {
'resourcetype': resource_type
})
LOG.error(msg)
raise webob.exc.HTTPNotFound(explanation=msg)
def create(self, req, metadata_object, namespace):
object_factory = self.gateway.get_metadef_object_factory(
req.context, authorization_layer=False)
object_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
# NOTE(abhishekk): Verifying that namespace is visible
# to user
namespace_obj = ns_repo.get(namespace)
except exception.Forbidden:
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise exception.NotFound(msg)
# NOTE(abhishekk): Metadef object is created for Metadef namespaces
# Here we are just checking if user is authorized to create metadef
# object or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).add_metadef_object()
new_meta_object = object_factory.new_object(
namespace=namespace, **metadata_object.to_dict())
object_repo.add(new_meta_object)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to create metadata object within "
"'%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.Invalid as e:
msg = (_("Couldn't create metadata object: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return MetadefObject.to_wsme_model(
new_meta_object, get_object_href(namespace, new_meta_object),
self.obj_schema_link)
def update(self, req, namespace, property_name, property_type):
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef property is created for Metadef
# namespaces. Here we are just checking if user is authorized
# to update metadef property or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).modify_metadef_property()
db_property_type = prop_repo.get(namespace, property_name)
db_property_type._old_name = db_property_type.name
db_property_type.name = property_type.name
db_property_type.schema = (self._to_dict(property_type))['schema']
updated_property_type = prop_repo.save(db_property_type)
except exception.Invalid as e:
msg = (_("Couldn't update metadata property: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to update metadata property '%s' "
"within '%s' namespace", property_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return self._to_model(updated_property_type)
def update(self, req, metadata_tag, namespace, tag_name):
meta_repo = self.gateway.get_metadef_tag_repo(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef tags is created for Metadef namespaces
# Here we are just checking if user is authorized to update metadef
# tag or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).modify_metadef_tag()
metadef_tag = meta_repo.get(namespace, tag_name)
metadef_tag._old_name = metadef_tag.name
metadef_tag.name = wsme_utils._get_value(metadata_tag.name)
updated_metadata_tag = meta_repo.save(metadef_tag)
except exception.Invalid as e:
msg = (_("Couldn't update metadata tag: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to update metadata tag '%s' "
"within '%s' namespace", tag_name, namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return MetadefTag.to_wsme_model(updated_metadata_tag)
def create(self, req, resource_type, namespace):
rs_type_factory = self.gateway.get_metadef_resource_type_factory(
req.context, authorization_layer=False)
rs_type_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
except (exception.Forbidden, exception.NotFound):
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
msg = _("Namespace %s not found") % namespace
raise webob.exc.HTTPNotFound(explanation=msg)
try:
# NOTE(abhishekk): Metadef resource type is created for Metadef
# namespaces. Here we are just checking if user is authorized
# to create metadef resource types or not.
api_policy.MetadefAPIPolicy(
req.context, md_resource=namespace_obj,
enforcer=self.policy).add_metadef_resource_type_association()
new_resource_type = rs_type_factory.new_resource_type(
namespace=namespace, **resource_type.to_dict())
rs_type_repo.add(new_resource_type)
except exception.Forbidden as e:
LOG.debug(
"User not permitted to create metadata resource type "
"within '%s' namespace", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
raise webob.exc.HTTPConflict(explanation=e.msg)
return ResourceTypeAssociation.to_wsme_model(new_resource_type)
def show(self, req, namespace, filters=None):
try:
# Get namespace
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
try:
namespace_obj = ns_repo.get(namespace)
policy_check = api_policy.MetadefAPIPolicy(
req.context,
md_resource=namespace_obj,
enforcer=self.policy)
policy_check.get_metadef_namespace()
except (exception.Forbidden, webob.exc.HTTPForbidden):
LOG.debug("User not permitted to show namespace '%s'",
namespace)
# NOTE (abhishekk): Returning 404 Not Found as the
# namespace is outside of this user's project
raise webob.exc.HTTPNotFound()
# NOTE(abhishekk): We also need to fetch resource_types, objects,
# properties, tags associated with namespace, so better to check
# whether user has permissions for the same.
policy_check.list_metadef_resource_types()
policy_check.get_metadef_objects()
policy_check.get_metadef_properties()
policy_check.get_metadef_tags()
namespace_detail = Namespace.to_wsme_model(
namespace_obj, get_namespace_href(namespace_obj),
self.ns_schema_link)
ns_filters = dict()
ns_filters['namespace'] = namespace
# Get objects
object_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
db_metaobject_list = object_repo.list(filters=ns_filters)
object_list = [
MetadefObject.to_wsme_model(
db_metaobject, get_object_href(namespace, db_metaobject),
self.obj_schema_link)
for db_metaobject in db_metaobject_list
]
if object_list:
namespace_detail.objects = object_list
# Get resource type associations
rs_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
db_resource_type_list = rs_repo.list(filters=ns_filters)
resource_type_list = [
ResourceTypeAssociation.to_wsme_model(resource_type)
for resource_type in db_resource_type_list
]
if resource_type_list:
namespace_detail.resource_type_associations = (
resource_type_list)
# Get properties
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
db_properties = prop_repo.list(filters=ns_filters)
property_list = Namespace.to_model_properties(db_properties)
if property_list:
namespace_detail.properties = property_list
if filters and filters['resource_type']:
namespace_detail = self._prefix_property_name(
namespace_detail, filters['resource_type'])
# Get tags
tag_repo = self.gateway.get_metadef_tag_repo(
req.context, authorization_layer=False)
db_metatag_list = tag_repo.list(filters=ns_filters)
tag_list = [
MetadefTag(**{'name': db_metatag.name})
for db_metatag in db_metatag_list
]
if tag_list:
namespace_detail.tags = tag_list
except exception.Forbidden as e:
LOG.debug("User not permitted to show metadata namespace "
"'%s'", namespace)
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return namespace_detail
def index(self,
req,
marker=None,
limit=None,
sort_key='created_at',
sort_dir='desc',
filters=None):
try:
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
policy_check = api_policy.MetadefAPIPolicy(req.context,
enforcer=self.policy)
# NOTE(abhishekk): This is just a "do you have permission to
# list namespace" check. Each namespace is checked against
# get_metadef_namespace below.
policy_check.get_metadef_namespaces()
# NOTE(abhishekk): We also need to fetch resource_types associated
# with namespaces, so better to check we have permission for the
# same in advance.
policy_check.list_metadef_resource_types()
# Get namespace id
if marker:
namespace_obj = ns_repo.get(marker)
marker = namespace_obj.namespace_id
database_ns_list = ns_repo.list(marker=marker,
limit=limit,
sort_key=sort_key,
sort_dir=sort_dir,
filters=filters)
ns_list = [
ns for ns in database_ns_list if api_policy.MetadefAPIPolicy(
req.context, md_resource=ns, enforcer=self.policy).check(
'get_metadef_namespace')
]
rs_repo = (self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False))
for db_namespace in ns_list:
# Get resource type associations
filters = dict()
filters['namespace'] = db_namespace.namespace
repo_rs_type_list = rs_repo.list(filters=filters)
resource_type_list = [
ResourceTypeAssociation.to_wsme_model(resource_type)
for resource_type in repo_rs_type_list
]
if resource_type_list:
db_namespace.resource_type_associations = (
resource_type_list)
namespace_list = [
Namespace.to_wsme_model(db_namespace,
get_namespace_href(db_namespace),
self.ns_schema_link)
for db_namespace in ns_list
]
namespaces = Namespaces()
namespaces.namespaces = namespace_list
if len(namespace_list) != 0 and len(namespace_list) == limit:
namespaces.next = ns_list[-1].namespace
except exception.Forbidden as e:
LOG.debug("User not permitted to retrieve metadata namespaces "
"index")
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
raise webob.exc.HTTPNotFound(explanation=e.msg)
return namespaces
def create(self, req, namespace):
try:
namespace_created = False
# Create Namespace
ns_factory = self.gateway.get_metadef_namespace_factory(
req.context, authorization_layer=False)
ns_repo = self.gateway.get_metadef_namespace_repo(
req.context, authorization_layer=False)
# NOTE(abhishekk): Here we are going to check if user is authorized
# to create namespace, resource_types, objects, properties etc.
policy_check = api_policy.MetadefAPIPolicy(req.context,
enforcer=self.policy)
policy_check.add_metadef_namespace()
if namespace.resource_type_associations:
policy_check.add_metadef_resource_type_association()
if namespace.objects:
policy_check.add_metadef_object()
if namespace.properties:
policy_check.add_metadef_property()
if namespace.tags:
policy_check.add_metadef_tag()
# NOTE(abhishekk): As we are getting rid of auth layer, this
# is the place where we should add owner if it is not specified
# in request.
kwargs = namespace.to_dict()
if 'owner' not in kwargs:
kwargs.update({'owner': req.context.owner})
new_namespace = ns_factory.new_namespace(**kwargs)
ns_repo.add(new_namespace)
namespace_created = True
# Create Resource Types
if namespace.resource_type_associations:
rs_factory = (self.gateway.get_metadef_resource_type_factory(
req.context, authorization_layer=False))
rs_repo = self.gateway.get_metadef_resource_type_repo(
req.context, authorization_layer=False)
for resource_type in namespace.resource_type_associations:
new_resource = rs_factory.new_resource_type(
namespace=namespace.namespace,
**resource_type.to_dict())
rs_repo.add(new_resource)
# Create Objects
if namespace.objects:
object_factory = self.gateway.get_metadef_object_factory(
req.context, authorization_layer=False)
object_repo = self.gateway.get_metadef_object_repo(
req.context, authorization_layer=False)
for metadata_object in namespace.objects:
new_meta_object = object_factory.new_object(
namespace=namespace.namespace,
**metadata_object.to_dict())
object_repo.add(new_meta_object)
# Create Tags
if namespace.tags:
tag_factory = self.gateway.get_metadef_tag_factory(
req.context, authorization_layer=False)
tag_repo = self.gateway.get_metadef_tag_repo(
req.context, authorization_layer=False)
for metadata_tag in namespace.tags:
new_meta_tag = tag_factory.new_tag(
namespace=namespace.namespace,
**metadata_tag.to_dict())
tag_repo.add(new_meta_tag)
# Create Namespace Properties
if namespace.properties:
prop_factory = (self.gateway.get_metadef_property_factory(
req.context, authorization_layer=False))
prop_repo = self.gateway.get_metadef_property_repo(
req.context, authorization_layer=False)
for (name, value) in namespace.properties.items():
new_property_type = (prop_factory.new_namespace_property(
namespace=namespace.namespace,
**self._to_property_dict(name, value)))
prop_repo.add(new_property_type)
except exception.Invalid as e:
msg = (_("Couldn't create metadata namespace: %s") %
encodeutils.exception_to_unicode(e))
raise webob.exc.HTTPBadRequest(explanation=msg)
except exception.Forbidden as e:
self._cleanup_namespace(ns_repo, namespace, namespace_created)
LOG.debug("User not permitted to create metadata namespace")
raise webob.exc.HTTPForbidden(explanation=e.msg)
except exception.NotFound as e:
self._cleanup_namespace(ns_repo, namespace, namespace_created)
raise webob.exc.HTTPNotFound(explanation=e.msg)
except exception.Duplicate as e:
self._cleanup_namespace(ns_repo, namespace, namespace_created)
raise webob.exc.HTTPConflict(explanation=e.msg)
# Return the user namespace as we don't expose the id to user
new_namespace.properties = namespace.properties
new_namespace.objects = namespace.objects
new_namespace.resource_type_associations = (
namespace.resource_type_associations)
new_namespace.tags = namespace.tags
return Namespace.to_wsme_model(new_namespace,
get_namespace_href(new_namespace),
self.ns_schema_link)
