def _promote(self, req, id, body):
"""Promote a replica to active state."""
context = req.environ['manila.context']
try:
replica = db.share_replica_get(context, id)
except exception.ShareReplicaNotFound:
msg = _("No replica exists with ID %s.")
raise exc.HTTPNotFound(explanation=msg % id)
share_network_id = replica.get('share_network_id')
if share_network_id:
share_network = db.share_network_get(context, share_network_id)
common.check_share_network_is_active(share_network)
replica_state = replica.get('replica_state')
if replica_state == constants.REPLICA_STATE_ACTIVE:
return webob.Response(status_int=http_client.OK)
try:
replica = self.share_api.promote_share_replica(context, replica)
except exception.ReplicationException as e:
raise exc.HTTPBadRequest(explanation=six.text_type(e))
except exception.AdminRequired as e:
raise exc.HTTPForbidden(explanation=six.text_type(e))
return self._view_builder.detail(req, replica)
def _cifs_deny_access(self, context, share, access, share_server):
"""Deny access to cifs share."""
self._ensure_access_type_for_cifs(access)
network_id = share['share_network_id']
share_network = manila_db.share_network_get(context, network_id)
security_services = share_network['security_services']
self._ensure_security_service_for_cifs(security_services)
share_name = share['name']
mover_name = self._get_vdm_name(share_server)
user_name = access['access_to']
access_level = access['access_level']
if access_level == const.ACCESS_LEVEL_RW:
cifs_access = constants.CIFS_ACL_FULLCONTROL
else:
cifs_access = constants.CIFS_ACL_READ
status, out = self._NASCmd_helper.deny_cifs_access(
mover_name,
share_name,
user_name,
security_services[0]['domain'],
access=cifs_access)
if constants.STATUS_OK != status:
message = (_("Could not deny access to CIFS share. Reason: %s.")
% out)
LOG.error(message)
raise exception.EMCVnxXMLAPIError(err=message)
def _cifs_deny_access(self, context, share, access, share_server):
"""Deny access to cifs share."""
self._ensure_access_type_for_cifs(access)
network_id = share['share_network_id']
share_network = manila_db.share_network_get(context, network_id)
security_services = share_network['security_services']
self._ensure_security_service_for_cifs(security_services)
share_name = share['name']
mover_name = self._get_vdm_name(share_server)
user_name = access['access_to']
access_level = access['access_level']
if access_level == const.ACCESS_LEVEL_RW:
cifs_access = constants.CIFS_ACL_FULLCONTROL
else:
cifs_access = constants.CIFS_ACL_READ
status, out = self._NASCmd_helper.deny_cifs_access(
mover_name,
share_name,
user_name,
security_services[0]['domain'],
access=cifs_access)
if constants.STATUS_OK != status:
message = (_("Could not deny access to CIFS share. Reason: %s.") %
out)
LOG.error(message)
raise exception.EMCVnxXMLAPIError(err=message)
def migration_start(self, req, id, body):
"""Migrate a share to the specified host."""
context = req.environ['manila.context']
try:
share = self.share_api.get(context, id)
except exception.NotFound:
msg = _("Share %s not found.") % id
raise exc.HTTPNotFound(explanation=msg)
params = body.get('migration_start')
if not params:
raise exc.HTTPBadRequest(explanation=_("Request is missing body."))
driver_assisted_params = ['preserve_metadata', 'writable',
'nondisruptive', 'preserve_snapshots']
bool_params = (driver_assisted_params +
['force_host_assisted_migration'])
mandatory_params = driver_assisted_params + ['host']
utils.check_params_exist(mandatory_params, params)
bool_param_values = utils.check_params_are_boolean(bool_params, params)
new_share_network = None
new_share_type = None
new_share_network_id = params.get('new_share_network_id', None)
if new_share_network_id:
try:
new_share_network = db.share_network_get(
context, new_share_network_id)
except exception.NotFound:
msg = _("Share network %s not "
"found.") % new_share_network_id
raise exc.HTTPBadRequest(explanation=msg)
new_share_type_id = params.get('new_share_type_id', None)
if new_share_type_id:
try:
new_share_type = db.share_type_get(
context, new_share_type_id)
except exception.NotFound:
msg = _("Share type %s not found.") % new_share_type_id
raise exc.HTTPBadRequest(explanation=msg)
try:
return_code = self.share_api.migration_start(
context, share, params['host'],
bool_param_values['force_host_assisted_migration'],
bool_param_values['preserve_metadata'],
bool_param_values['writable'],
bool_param_values['nondisruptive'],
bool_param_values['preserve_snapshots'],
new_share_network=new_share_network,
new_share_type=new_share_type)
except exception.Conflict as e:
raise exc.HTTPConflict(explanation=six.text_type(e))
return webob.Response(status_int=return_code)
def _get_security_services(self, req, is_detail):
"""Returns a transformed list of security services.
The list gets transformed through view builder.
"""
context = req.environ['manila.context']
search_opts = {}
search_opts.update(req.GET)
# NOTE(vponomaryov): remove 'status' from search opts
# since it was removed from security service model.
search_opts.pop('status', None)
if 'share_network_id' in search_opts:
share_nw = db.share_network_get(context,
search_opts['share_network_id'])
security_services = share_nw['security_services']
del search_opts['share_network_id']
else:
if 'all_tenants' in search_opts and context.is_admin:
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
security_services = db.security_service_get_all(context)
else:
security_services = db.security_service_get_all_by_project(
context, context.project_id)
search_opts.pop('all_tenants', None)
common.remove_invalid_options(
context,
search_opts,
self._get_security_services_search_options())
if search_opts:
results = []
not_found = object()
for ss in security_services:
if all(ss.get(opt, not_found) == value for opt, value in
search_opts.items()):
results.append(ss)
security_services = results
limited_list = common.limited(security_services, req)
if is_detail:
security_services = self._view_builder.detail_list(
req, limited_list)
for ss in security_services['security_services']:
share_networks = db.share_network_get_all_by_security_service(
context,
ss['id'])
ss['share_networks'] = [sn['id'] for sn in share_networks]
else:
security_services = self._view_builder.summary_list(
req, limited_list)
return security_services
def _allow_access(self,
req,
id,
body,
enable_ceph=False,
allow_on_error_status=False,
enable_ipv6=False,
enable_metadata=False):
"""Add share access rule."""
context = req.environ['manila.context']
access_data = body.get('allow_access', body.get('os-allow_access'))
if not enable_metadata:
access_data.pop('metadata', None)
share = self.share_api.get(context, id)
share_network_id = share.get('share_network_id')
if share_network_id:
share_network = db.share_network_get(context, share_network_id)
common.check_share_network_is_active(share_network)
if (not allow_on_error_status
and self._any_instance_has_errored_rules(share)):
msg = _("Access rules cannot be added while the share or any of "
"its replicas or migration copies has its "
"access_rules_status set to %(instance_rules_status)s. "
"Deny any rules in %(rule_state)s state and try "
"again.") % {
'instance_rules_status':
constants.SHARE_INSTANCE_RULES_ERROR,
'rule_state': constants.ACCESS_STATE_ERROR,
}
raise webob.exc.HTTPBadRequest(explanation=msg)
access_type = access_data['access_type']
access_to = access_data['access_to']
common.validate_access(access_type=access_type,
access_to=access_to,
enable_ceph=enable_ceph,
enable_ipv6=enable_ipv6)
try:
access = self.share_api.allow_access(
context, share, access_type, access_to,
access_data.get('access_level'), access_data.get('metadata'))
except exception.ShareAccessExists as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
except exception.InvalidMetadata as error:
raise exc.HTTPBadRequest(explanation=error.msg)
except exception.InvalidMetadataSize as error:
raise exc.HTTPBadRequest(explanation=error.msg)
return self._access_view_builder.view(req, access)
def _get_security_services(self, req, is_detail):
"""Returns a transformed list of security services.
The list gets transformed through view builder.
"""
context = req.environ['manila.context']
search_opts = {}
search_opts.update(req.GET)
# NOTE(vponomaryov): remove 'status' from search opts
# since it was removed from security service model.
search_opts.pop('status', None)
if 'share_network_id' in search_opts:
share_nw = db.share_network_get(context,
search_opts['share_network_id'])
security_services = share_nw['security_services']
del search_opts['share_network_id']
else:
if context.is_admin and utils.is_all_tenants(search_opts):
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
security_services = db.security_service_get_all(context)
else:
security_services = db.security_service_get_all_by_project(
context, context.project_id)
search_opts.pop('all_tenants', None)
common.remove_invalid_options(
context, search_opts, self._get_security_services_search_options())
if search_opts:
results = []
not_found = object()
for ss in security_services:
if all(
ss.get(opt, not_found) == value
for opt, value in search_opts.items()):
results.append(ss)
security_services = results
limited_list = common.limited(security_services, req)
if is_detail:
security_services = self._view_builder.detail_list(
req, limited_list)
for ss in security_services['security_services']:
share_networks = db.share_network_get_all_by_security_service(
context, ss['id'])
ss['share_networks'] = [sn['id'] for sn in share_networks]
else:
security_services = self._view_builder.summary_list(
req, limited_list)
return security_services
def _get_security_services(self, req, is_detail):
"""Returns a transformed list of security services.
The list gets transformed through view builder.
"""
context = req.environ['manila.context']
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
search_opts = {}
search_opts.update(req.GET)
if 'share_network_id' in search_opts:
share_nw = db.share_network_get(context,
search_opts['share_network_id'])
security_services = share_nw['security_services']
else:
common.remove_invalid_options(
context,
search_opts,
self._get_security_services_search_options())
if 'all_tenants' in search_opts:
security_services = db.security_service_get_all(context)
del search_opts['all_tenants']
else:
security_services = db.security_service_get_all_by_project(
context, context.project_id)
if search_opts:
results = []
not_found = object()
for service in security_services:
for opt, value in six.iteritems(search_opts):
if service.get(opt, not_found) != value:
break
else:
results.append(service)
security_services = results
limited_list = common.limited(security_services, req)
if is_detail:
security_services = self._view_builder.detail_list(
req, limited_list)
else:
security_services = self._view_builder.summary_list(
req, limited_list)
return security_services
def _get_security_services(self, req, is_detail):
"""Returns a transformed list of security services.
The list gets transformed through view builder.
"""
context = req.environ['manila.context']
policy.check_policy(context, RESOURCE_NAME,
'get_all_security_services')
search_opts = {}
search_opts.update(req.GET)
if 'share_network_id' in search_opts:
share_nw = db.share_network_get(context,
search_opts['share_network_id'])
security_services = share_nw['security_services']
else:
common.remove_invalid_options(
context, search_opts,
self._get_security_services_search_options())
if 'all_tenants' in search_opts:
security_services = db.security_service_get_all(context)
del search_opts['all_tenants']
else:
security_services = db.security_service_get_all_by_project(
context, context.project_id)
if search_opts:
results = []
not_found = object()
for service in security_services:
for opt, value in six.iteritems(search_opts):
if service.get(opt, not_found) != value:
break
else:
results.append(service)
security_services = results
limited_list = common.limited(security_services, req)
if is_detail:
security_services = self._view_builder.detail_list(
req, limited_list)
else:
security_services = self._view_builder.summary_list(
req, limited_list)
return security_services
def _cifs_allow_access(self, context, share, access, share_server):
"""Allow access to cifs share."""
self._ensure_access_type_for_cifs(access)
network_id = share['share_network_id']
share_network = manila_db.share_network_get(context, network_id)
security_services = share_network['security_services']
self._ensure_security_service_for_cifs(security_services)
share_name = share['name']
mover_name = self._get_vdm_name(share_server)
user_name = access['access_to']
status, out = self._NASCmd_helper.allow_cifs_access(
mover_name, share_name, user_name, security_services[0]['domain'])
if constants.STATUS_OK != status:
message = _("Could not allow CIFS access. Reason: %s.") % out
LOG.error(message)
raise exception.EMCVnxXMLAPIError(err=message)
def _create(self, req, body):
"""Add a replica to an existing share."""
context = req.environ['manila.context']
if not self.is_valid_body(body, 'share_replica'):
msg = _("Body does not contain 'share_replica' information.")
raise exc.HTTPUnprocessableEntity(explanation=msg)
share_id = body.get('share_replica').get('share_id')
availability_zone = body.get('share_replica').get('availability_zone')
if not share_id:
msg = _("Must provide Share ID to add replica.")
raise exc.HTTPBadRequest(explanation=msg)
try:
share_ref = db.share_get(context, share_id)
except exception.NotFound:
msg = _("No share exists with ID %s.")
raise exc.HTTPNotFound(explanation=msg % share_id)
share_network_id = share_ref.get('share_network_id', None)
if share_network_id:
share_network = db.share_network_get(context, share_network_id)
common.check_share_network_is_active(share_network)
try:
new_replica = self.share_api.create_share_replica(
context,
share_ref,
availability_zone=availability_zone,
share_network_id=share_network_id)
except exception.AvailabilityZoneNotFound as e:
raise exc.HTTPBadRequest(explanation=six.text_type(e))
except exception.ReplicationException as e:
raise exc.HTTPBadRequest(explanation=six.text_type(e))
except exception.ShareBusyException as e:
raise exc.HTTPBadRequest(explanation=six.text_type(e))
return self._view_builder.detail(req, new_replica)
def _cifs_allow_access(self, context, share, access, share_server):
"""Allow access to cifs share."""
self._ensure_access_type_for_cifs(access)
network_id = share['share_network_id']
share_network = manila_db.share_network_get(context, network_id)
security_services = share_network['security_services']
self._ensure_security_service_for_cifs(security_services)
share_name = share['name']
mover_name = self._get_vdm_name(share_server)
user_name = access['access_to']
status, out = self._NASCmd_helper.allow_cifs_access(
mover_name,
share_name,
user_name,
security_services[0]['domain'])
if constants.STATUS_OK != status:
message = _("Could not allow CIFS access. Reason: %s.") % out
LOG.error(message)
raise exception.EMCVnxXMLAPIError(err=message)
def _deny_access(self, req, id, body):
"""Remove share access rule."""
context = req.environ['manila.context']
access_id = body.get('deny_access',
body.get('os-deny_access'))['access_id']
share = self.share_api.get(context, id)
share_network_id = share.get('share_network_id', None)
if share_network_id:
share_network = db.share_network_get(context, share_network_id)
common.check_share_network_is_active(share_network)
try:
access = self.share_api.access_get(context, access_id)
if access.share_id != id:
raise exception.NotFound()
share = self.share_api.get(context, id)
except exception.NotFound as error:
raise webob.exc.HTTPNotFound(explanation=six.text_type(error))
self.share_api.deny_access(context, share, access)
return webob.Response(status_int=http_client.ACCEPTED)
def migration_start(self, req, id, body):
"""Migrate a share to the specified host."""
context = req.environ['manila.context']
try:
share = self.share_api.get(context, id)
except exception.NotFound:
msg = _("Share %s not found.") % id
raise exc.HTTPNotFound(explanation=msg)
params = body.get('migration_start')
if not params:
raise exc.HTTPBadRequest(explanation=_("Request is missing body."))
try:
host = params['host']
except KeyError:
raise exc.HTTPBadRequest(explanation=_("Must specify 'host'."))
force_host_assisted_migration = params.get(
'force_host_assisted_migration', False)
try:
force_host_assisted_migration = strutils.bool_from_string(
force_host_assisted_migration, strict=True)
except ValueError:
msg = _("Invalid value %s for 'force_host_assisted_migration'. "
"Expecting a boolean.") % force_host_assisted_migration
raise exc.HTTPBadRequest(explanation=msg)
new_share_network = None
new_share_type = None
preserve_metadata = params.get('preserve_metadata', True)
try:
preserve_metadata = strutils.bool_from_string(preserve_metadata,
strict=True)
except ValueError:
msg = _("Invalid value %s for 'preserve_metadata'. "
"Expecting a boolean.") % preserve_metadata
raise exc.HTTPBadRequest(explanation=msg)
writable = params.get('writable', True)
try:
writable = strutils.bool_from_string(writable, strict=True)
except ValueError:
msg = _("Invalid value %s for 'writable'. "
"Expecting a boolean.") % writable
raise exc.HTTPBadRequest(explanation=msg)
nondisruptive = params.get('nondisruptive', False)
try:
nondisruptive = strutils.bool_from_string(nondisruptive,
strict=True)
except ValueError:
msg = _("Invalid value %s for 'nondisruptive'. "
"Expecting a boolean.") % nondisruptive
raise exc.HTTPBadRequest(explanation=msg)
new_share_network_id = params.get('new_share_network_id', None)
if new_share_network_id:
try:
new_share_network = db.share_network_get(
context, new_share_network_id)
except exception.NotFound:
msg = _("Share network %s not "
"found.") % new_share_network_id
raise exc.HTTPBadRequest(explanation=msg)
new_share_type_id = params.get('new_share_type_id', None)
if new_share_type_id:
try:
new_share_type = db.share_type_get(context, new_share_type_id)
except exception.NotFound:
msg = _("Share type %s not found.") % new_share_type_id
raise exc.HTTPBadRequest(explanation=msg)
try:
self.share_api.migration_start(context,
share,
host,
force_host_assisted_migration,
preserve_metadata,
writable,
nondisruptive,
new_share_network=new_share_network,
new_share_type=new_share_type)
except exception.Conflict as e:
raise exc.HTTPConflict(explanation=six.text_type(e))
return webob.Response(status_int=202)
def migration_start(self, req, id, body):
"""Migrate a share to the specified host."""
context = req.environ['manila.context']
try:
share = self.share_api.get(context, id)
except exception.NotFound:
msg = _("Share %s not found.") % id
raise exc.HTTPNotFound(explanation=msg)
params = body.get('migration_start')
if not params:
raise exc.HTTPBadRequest(explanation=_("Request is missing body."))
driver_assisted_params = [
'preserve_metadata', 'writable', 'nondisruptive',
'preserve_snapshots'
]
bool_params = (driver_assisted_params +
['force_host_assisted_migration'])
mandatory_params = driver_assisted_params + ['host']
utils.check_params_exist(mandatory_params, params)
bool_param_values = utils.check_params_are_boolean(bool_params, params)
new_share_network = None
new_share_type = None
new_share_network_id = params.get('new_share_network_id', None)
if new_share_network_id:
try:
new_share_network = db.share_network_get(
context, new_share_network_id)
except exception.NotFound:
msg = _("Share network %s not "
"found.") % new_share_network_id
raise exc.HTTPBadRequest(explanation=msg)
new_share_type_id = params.get('new_share_type_id', None)
if new_share_type_id:
try:
new_share_type = db.share_type_get(context, new_share_type_id)
except exception.NotFound:
msg = _("Share type %s not found.") % new_share_type_id
raise exc.HTTPBadRequest(explanation=msg)
try:
return_code = self.share_api.migration_start(
context,
share,
params['host'],
bool_param_values['force_host_assisted_migration'],
bool_param_values['preserve_metadata'],
bool_param_values['writable'],
bool_param_values['nondisruptive'],
bool_param_values['preserve_snapshots'],
new_share_network=new_share_network,
new_share_type=new_share_type)
except exception.Conflict as e:
raise exc.HTTPConflict(explanation=six.text_type(e))
return webob.Response(status_int=return_code)
def migration_start(self, req, id, body):
"""Migrate a share to the specified host."""
context = req.environ['manila.context']
try:
share = self.share_api.get(context, id)
except exception.NotFound:
msg = _("Share %s not found.") % id
raise exc.HTTPNotFound(explanation=msg)
params = body.get('migration_start')
if not params:
raise exc.HTTPBadRequest(explanation=_("Request is missing body."))
try:
host = params['host']
except KeyError:
raise exc.HTTPBadRequest(explanation=_("Must specify 'host'."))
force_host_assisted_migration = params.get(
'force_host_assisted_migration', False)
try:
force_host_assisted_migration = strutils.bool_from_string(
force_host_assisted_migration, strict=True)
except ValueError:
msg = _("Invalid value %s for 'force_host_assisted_migration'. "
"Expecting a boolean.") % force_host_assisted_migration
raise exc.HTTPBadRequest(explanation=msg)
new_share_network = None
new_share_type = None
preserve_metadata = params.get('preserve_metadata', True)
try:
preserve_metadata = strutils.bool_from_string(
preserve_metadata, strict=True)
except ValueError:
msg = _("Invalid value %s for 'preserve_metadata'. "
"Expecting a boolean.") % preserve_metadata
raise exc.HTTPBadRequest(explanation=msg)
writable = params.get('writable', True)
try:
writable = strutils.bool_from_string(writable, strict=True)
except ValueError:
msg = _("Invalid value %s for 'writable'. "
"Expecting a boolean.") % writable
raise exc.HTTPBadRequest(explanation=msg)
nondisruptive = params.get('nondisruptive', False)
try:
nondisruptive = strutils.bool_from_string(
nondisruptive, strict=True)
except ValueError:
msg = _("Invalid value %s for 'nondisruptive'. "
"Expecting a boolean.") % nondisruptive
raise exc.HTTPBadRequest(explanation=msg)
new_share_network_id = params.get('new_share_network_id', None)
if new_share_network_id:
try:
new_share_network = db.share_network_get(
context, new_share_network_id)
except exception.NotFound:
msg = _("Share network %s not "
"found.") % new_share_network_id
raise exc.HTTPBadRequest(explanation=msg)
new_share_type_id = params.get('new_share_type_id', None)
if new_share_type_id:
try:
new_share_type = db.share_type_get(
context, new_share_type_id)
except exception.NotFound:
msg = _("Share type %s not found.") % new_share_type_id
raise exc.HTTPBadRequest(explanation=msg)
try:
self.share_api.migration_start(
context, share, host, force_host_assisted_migration,
preserve_metadata, writable, nondisruptive,
new_share_network=new_share_network,
new_share_type=new_share_type)
except exception.Conflict as e:
raise exc.HTTPConflict(explanation=six.text_type(e))
return webob.Response(status_int=202)
