Ejemplo n.º 1
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import quota


QUOTAS = quota.QUOTAS


XMLNS = "http://docs.openstack.org/compute/ext/used_limits/api/v1.1"
ALIAS = "os-used-limits"
authorize = extensions.soft_extension_authorizer('compute', 'used_limits')
authorize_for_admin = extensions.extension_authorizer('compute',
                                                      'used_limits_for_admin')


class UsedLimitsController(wsgi.Controller):

    def __init__(self, ext_mgr):
        self.ext_mgr = ext_mgr

    @staticmethod
    def _reserved(req):
        try:
            return int(req.GET['reserved'])
        except (ValueError, KeyError):
            return False

    @wsgi.extends
Ejemplo n.º 2
0
    cfg.StrOpt('use_neutron_default_nets',
                     default="False",
                     help='Control for checking for default networks'),
    cfg.StrOpt('neutron_default_tenant_id',
                     default="default",
                     help='Default tenant id when creating neutron '
                          'networks'),
    cfg.IntOpt('quota_networks',
               default=3,
               help='Number of private networks allowed per project'),
]
CONF.register_opts(os_network_opts)

QUOTAS = quota.QUOTAS
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'os-tenant-networks')


def network_dict(network):
    # NOTE(danms): Here, network should be an object, which could have come
    # from neutron and thus be missing most of the attributes. Providing a
    # default to get() avoids trying to lazy-load missing attributes.
    return {"id": network.get("uuid", None) or network.get("id", None),
                        "cidr": str(network.get("cidr", None)),
                        "label": network.get("label", None)}


class NetworkController(object):
    def __init__(self, network_api=None):
        self.network_api = patron.network.API()
        self._default_networks = []
Ejemplo n.º 3
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.


import webob
import webob.exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
from patron import objects

authorize = extensions.extension_authorizer('compute', 'cloudpipe_update')


class CloudpipeUpdateController(wsgi.Controller):
    """Handle updating the vpn ip/port for cloudpipe instances."""

    def __init__(self):
        super(CloudpipeUpdateController, self).__init__()

    @wsgi.action("update")
    def update(self, req, id, body):
        """Configure cloudpipe parameters for the project."""

        context = req.environ['patron.context']
        authorize(context)
Ejemplo n.º 4
0
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from patron.api.openstack import extensions
from patron import network


authorize = extensions.extension_authorizer("compute", "floating_ip_pools")


def _translate_floating_ip_view(pool_name):
    return {"name": pool_name}


def _translate_floating_ip_pools_view(pools):
    return {"floating_ip_pools": [_translate_floating_ip_view(pool_name) for pool_name in pools]}


class FloatingIPPoolsController(object):
    """The Floating IP Pool API controller for the OpenStack API."""

    def __init__(self):
        self.network_api = network.API()
Ejemplo n.º 5
0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob
import webob.exc

from patron.api.openstack import extensions
from patron import exception
from patron.i18n import _
from patron import objects

authorize = extensions.extension_authorizer('compute', 'fixed_ips')


class FixedIPController(object):
    def show(self, req, id):
        """Return data about the given fixed ip."""
        context = req.environ['patron.context']
        authorize(context)

        attrs = ['network', 'instance']
        try:
            fixed_ip = objects.FixedIP.get_by_address(context, id,
                                                      expected_attrs=attrs)
        except exception.FixedIpNotFoundForAddress as ex:
            raise webob.exc.HTTPNotFound(explanation=ex.format_message())
        except exception.FixedIpInvalid as ex:
Ejemplo n.º 6
0
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from patron.api.openstack import extensions
from patron import network

authorize = extensions.extension_authorizer('compute', 'floating_ip_pools')


def _translate_floating_ip_view(pool_name):
    return {
        'name': pool_name,
    }


def _translate_floating_ip_pools_view(pools):
    return {
        'floating_ip_pools':
        [_translate_floating_ip_view(pool_name) for pool_name in pools]
    }

Ejemplo n.º 7
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""The deferred instance delete extension."""

import webob

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception


authorize = extensions.extension_authorizer('compute', 'deferred_delete')


class DeferredDeleteController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(DeferredDeleteController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('restore')
    def _restore(self, req, id, body):
        """Restore a previously deleted instance."""
        context = req.environ["patron.context"]
        authorize(context)
        instance = common.get_instance(self.compute_api, context, id)

        try:
Ejemplo n.º 8
0
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _


authorize = extensions.extension_authorizer('compute', 'consoles')


class ConsolesController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        self.compute_api = compute.API()
        super(ConsolesController, self).__init__(*args, **kwargs)

    @wsgi.action('os-getVNCConsole')
    def get_vnc_console(self, req, id, body):
        """Get vnc connection information to access a server."""
        context = req.environ['patron.context']
        authorize(context)

        # If type is not supplied or unknown, get_vnc_console below will cope
        console_type = body['os-getVNCConsole'].get('type')
Ejemplo n.º 9
0
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute

authorize_actions = extensions.extension_authorizer('compute',
                                                    'instance_actions')
authorize_events = extensions.soft_extension_authorizer('compute',
                                                    'instance_actions:events')

ACTION_KEYS = ['action', 'instance_uuid', 'request_id', 'user_id',
               'project_id', 'start_time', 'message']
EVENT_KEYS = ['event', 'start_time', 'finish_time', 'result', 'traceback']


class InstanceActionsController(wsgi.Controller):

    def __init__(self):
        super(InstanceActionsController, self).__init__()
        self.compute_api = compute.API()
        self.action_api = compute.InstanceActionAPI()
Ejemplo n.º 10
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
"""Keypair management extension."""

import webob
import webob.exc

from patron.api.openstack.compute import servers
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _

authorize = extensions.extension_authorizer('compute', 'keypairs')
soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs')


class KeypairController(object):
    """Keypair API controller for the OpenStack API."""
    def __init__(self):
        self.api = compute_api.KeypairAPI()

    def _filter_keypair(self, keypair, **attrs):
        clean = {
            'name': keypair.name,
            'public_key': keypair.public_key,
            'fingerprint': keypair.fingerprint,
        }
        for attr in attrs:
Ejemplo n.º 11
0
#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#   License for the specific language governing permissions and limitations
#   under the License.

from oslo_utils import strutils
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron import utils

authorize = extensions.extension_authorizer('compute', 'evacuate')


class Controller(wsgi.Controller):
    def __init__(self, ext_mgr, *args, **kwargs):
        super(Controller, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()
        self.host_api = compute.HostAPI()
        self.ext_mgr = ext_mgr

    @wsgi.action('evacuate')
    def _evacuate(self, req, id, body):
        """Permit admins to evacuate a server from a failed host
        to a new one.
        If host is empty, the scheduler will select one.
        """
Ejemplo n.º 12
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob.exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import servicegroup
from patron import utils

authorize = extensions.extension_authorizer('compute', 'services')


class ServiceController(object):
    def __init__(self, ext_mgr=None, *args, **kwargs):
        self.host_api = compute.HostAPI()
        self.servicegroup_api = servicegroup.API()
        self.ext_mgr = ext_mgr

    def _get_services(self, req):
        context = req.environ['patron.context']
        authorize(context)

        # NOTE(alex_xu): back-compatible with db layer hard-code admin
        # permission checks
        patron_context.require_admin_context(context)
Ejemplo n.º 13
0
#    License for the specific language governing permissions and limitations
#    under the License.
"""The flavor access extension."""

import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects

soft_authorize = extensions.soft_extension_authorizer('compute',
                                                      'flavor_access')
authorize = extensions.extension_authorizer('compute', 'flavor_access')


def _marshall_flavor_access(flavor):
    rval = []
    for project_id in flavor.projects:
        rval.append({'flavor_id': flavor.flavorid, 'tenant_id': project_id})

    return {'flavor_access': rval}


class FlavorAccessController(object):
    """The flavor access API controller for the OpenStack API."""
    def __init__(self):
        super(FlavorAccessController, self).__init__()
Ejemplo n.º 14
0
#   License for the specific language governing permissions and limitations
#   under the License.

"""The shelved mode extension."""

import webob
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception


auth_shelve = exts.extension_authorizer('compute', 'shelve')
auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload')
auth_unshelve = exts.extension_authorizer('compute', 'unshelve')


class ShelveController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(ShelveController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('shelve')
    def _shelve(self, req, id, body):
        """Move an instance into shelved mode."""
        context = req.environ["patron.context"]
        auth_shelve(context)
Ejemplo n.º 15
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob.exc

from patron.api.openstack import extensions
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import utils

authorize = extensions.extension_authorizer('compute', 'agents')


class AgentController(object):
    """The agent is talking about guest agent.The host can use this for
    things like accessing files on the disk, configuring networking,
    or running other applications/scripts in the guest while it is
    running. Typically this uses some hypervisor-specific transport
    to avoid being dependent on a working network configuration.
    Xen, VMware, and VirtualBox have guest agents,although the Xen
    driver is the only one with an implementation for managing them
    in openstack. KVM doesn't really have a concept of a guest agent
    (although one could be written).

    You can find the design of agent update in this link:
    http://wiki.openstack.org/AgentUpdate
Ejemplo n.º 16
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
"""The Aggregate admin API extension."""

import datetime

from webob import exc

from patron.api.openstack import extensions
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
from patron import utils

authorize = extensions.extension_authorizer('compute', 'aggregates')


def _get_context(req):
    return req.environ['patron.context']


def get_host_from_body(fn):
    """Makes sure that the host exists."""
    def wrapped(self, req, id, body, *args, **kwargs):
        if len(body) != 1:
            msg = _('Only host parameter can be specified')
            raise exc.HTTPBadRequest(explanation=msg)
        elif 'host' not in body:
            msg = _('Host parameter must be specified')
            raise exc.HTTPBadRequest(explanation=msg)
Ejemplo n.º 17
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _

authorize = extensions.extension_authorizer('compute', 'consoles')


class ConsolesController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        self.compute_api = compute.API()
        super(ConsolesController, self).__init__(*args, **kwargs)

    @wsgi.action('os-getVNCConsole')
    def get_vnc_console(self, req, id, body):
        """Get vnc connection information to access a server."""
        context = req.environ['patron.context']
        authorize(context)

        # If type is not supplied or unknown, get_vnc_console below will cope
        console_type = body['os-getVNCConsole'].get('type')
Ejemplo n.º 18
0
#    under the License.

"""Keypair management extension."""

import webob
import webob.exc

from patron.api.openstack.compute import servers
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _


authorize = extensions.extension_authorizer('compute', 'keypairs')
soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs')


class KeypairController(object):

    """Keypair API controller for the OpenStack API."""
    def __init__(self):
        self.api = compute_api.KeypairAPI()

    def _filter_keypair(self, keypair, **attrs):
        clean = {
            'name': keypair.name,
            'public_key': keypair.public_key,
            'fingerprint': keypair.fingerprint,
            }
Ejemplo n.º 19
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from oslo_config import cfg

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import availability_zones
from patron import context as patron_context
from patron import objects
from patron import servicegroup

CONF = cfg.CONF

authorize_list = extensions.extension_authorizer('compute',
                                                 'availability_zone:list')
authorize_detail = extensions.extension_authorizer('compute',
                                                   'availability_zone:detail')


class AvailabilityZoneController(wsgi.Controller):
    """The Availability Zone API controller for the OpenStack API."""
    def __init__(self):
        super(AvailabilityZoneController, self).__init__()
        self.servicegroup_api = servicegroup.API()

    def _get_filtered_availability_zones(self, zones, is_available):
        result = []
        for zone in zones:
            # Hide internal_service_availability_zone
            if zone == CONF.internal_service_availability_zone:
Ejemplo n.º 20
0
"""The flavor access extension."""

import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects


soft_authorize = extensions.soft_extension_authorizer('compute',
                                                      'flavor_access')
authorize = extensions.extension_authorizer('compute', 'flavor_access')


def _marshall_flavor_access(flavor):
    rval = []
    for project_id in flavor.projects:
        rval.append({'flavor_id': flavor.flavorid,
                     'tenant_id': project_id})

    return {'flavor_access': rval}


class FlavorAccessController(object):
    """The flavor access API controller for the OpenStack API."""

    def __init__(self):
Ejemplo n.º 21
0
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob.exc

from patron.api.openstack import extensions
import patron.cert.rpcapi
from patron import exception
from patron.i18n import _

authorize = extensions.extension_authorizer('compute', 'certificates')


def _translate_certificate_view(certificate, private_key=None):
    return {
        'data': certificate,
        'private_key': private_key,
    }


class CertificatesController(object):
    """The x509 Certificates API controller for the OpenStack API."""
    def __init__(self):
        self.cert_rpcapi = patron.cert.rpcapi.CertAPI()
        super(CertificatesController, self).__init__()
Ejemplo n.º 22
0
"""The bare-metal admin extension with Ironic Proxy."""

from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import importutils
import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _

ironic_client = importutils.try_import('ironicclient.client')
ironic_exc = importutils.try_import('ironicclient.exc')

authorize = extensions.extension_authorizer('compute', 'baremetal_nodes')

node_fields = ['id', 'cpus', 'local_gb', 'memory_mb', 'pm_address',
               'pm_user', 'service_host', 'terminal_port', 'instance_uuid']

node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path']

interface_fields = ['id', 'address', 'datapath_id', 'port_no']

CONF = cfg.CONF

CONF.import_opt('api_version',
                'patron.virt.ironic.driver',
                group='ironic')
CONF.import_opt('api_endpoint',
                'patron.virt.ironic.driver',
Ejemplo n.º 23
0
#    under the License.
"""The bare-metal admin extension with Ironic Proxy."""

from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import importutils
import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _

ironic_client = importutils.try_import('ironicclient.client')
ironic_exc = importutils.try_import('ironicclient.exc')

authorize = extensions.extension_authorizer('compute', 'baremetal_nodes')

node_fields = [
    'id', 'cpus', 'local_gb', 'memory_mb', 'pm_address', 'pm_user',
    'service_host', 'terminal_port', 'instance_uuid'
]

node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path']

interface_fields = ['id', 'address', 'datapath_id', 'port_no']

CONF = cfg.CONF

CONF.import_opt('api_version', 'patron.virt.ironic.driver', group='ironic')
CONF.import_opt('api_endpoint', 'patron.virt.ironic.driver', group='ironic')
CONF.import_opt('admin_username', 'patron.virt.ironic.driver', group='ironic')
Ejemplo n.º 24
0
#    under the License.
"""The hosts admin extension."""

from oslo_log import log as logging
import webob.exc

from patron.api.openstack import extensions
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'hosts')


class HostController(object):
    """The Hosts API controller for the OpenStack API."""
    def __init__(self):
        self.api = compute.HostAPI()
        super(HostController, self).__init__()

    def index(self, req):
        """Returns a dict in the format:

        |  {'hosts': [{'host_name': 'some.host.name',
        |     'service': 'cells',
        |     'zone': 'internal'},
        |    {'host_name': 'some.other.host.name',
Ejemplo n.º 25
0
from oslo_utils import uuidutils
import webob
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
from patron import volume

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'volumes')

authorize_attach = extensions.extension_authorizer('compute',
                                                   'volume_attachments')


def _translate_volume_detail_view(context, vol):
    """Maps keys for volumes details view."""

    d = _translate_volume_summary_view(context, vol)

    # No additional data / lookups at the moment

    return d

Ejemplo n.º 26
0
def authorize(context, action_name):
    action = "migrations:%s" % action_name
    extensions.extension_authorizer("compute", action)(context)
Ejemplo n.º 27
0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""The virtual interfaces extension."""

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron import network


authorize = extensions.extension_authorizer('compute', 'virtual_interfaces')


def _translate_vif_summary_view(_context, vif):
    """Maps keys for VIF summary view."""
    d = {}
    d['id'] = vif['uuid']
    d['mac_address'] = vif['address']
    return d


class ServerVirtualInterfaceController(object):
    """The instance VIF API controller for the OpenStack API.
    """

    def __init__(self):
Ejemplo n.º 28
0
from patron.api.openstack import wsgi
import patron.context
from patron import db
from patron import exception
from patron.i18n import _
from patron import quota
from patron import utils

QUOTAS = quota.QUOTAS
# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {
    'server_groups': 'os-server-group-quotas',
    'server_group_members': 'os-server-group-quotas'
}

authorize = extensions.extension_authorizer('compute', 'quota_classes')


class QuotaClassSetsController(wsgi.Controller):

    supported_quotas = []

    def __init__(self, ext_mgr):
        self.ext_mgr = ext_mgr
        self.supported_quotas = QUOTAS.resources
        for resource, extension in EXTENDED_QUOTAS.items():
            if not self.ext_mgr.is_loaded(extension):
                self.supported_quotas.remove(resource)

    def _format_quota_set(self, quota_class, quota_set):
        """Convert the quota object to a result dict."""
Ejemplo n.º 29
0
#    License for the specific language governing permissions and limitations
#    under the License.

from oslo_log import log as logging
from oslo_serialization import jsonutils
import six
import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _LI

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute',
                                            'os-assisted-volume-snapshots')


class AssistedVolumeSnapshotsController(wsgi.Controller):
    def __init__(self):
        self.compute_api = compute.API()
        super(AssistedVolumeSnapshotsController, self).__init__()

    def create(self, req, body):
        """Creates a new snapshot."""
        context = req.environ['patron.context']
        authorize(context, action='create')

        if not self.is_valid_body(body, 'snapshot'):
            raise webob.exc.HTTPBadRequest()
Ejemplo n.º 30
0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob
import webob.exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
from patron import objects

authorize = extensions.extension_authorizer('compute', 'cloudpipe_update')


class CloudpipeUpdateController(wsgi.Controller):
    """Handle updating the vpn ip/port for cloudpipe instances."""
    def __init__(self):
        super(CloudpipeUpdateController, self).__init__()

    @wsgi.action("update")
    def update(self, req, id, body):
        """Configure cloudpipe parameters for the project."""

        context = req.environ['patron.context']
        authorize(context)

        if id != "configure-project":
Ejemplo n.º 31
0
import patron.context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import quota
from patron import utils


QUOTAS = quota.QUOTAS
NON_QUOTA_KEYS = ['tenant_id', 'id', 'force']

# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
                   'server_group_members': 'os-server-group-quotas'}

authorize_update = extensions.extension_authorizer('compute', 'quotas:update')
authorize_show = extensions.extension_authorizer('compute', 'quotas:show')
authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete')


class QuotaSetsController(wsgi.Controller):

    supported_quotas = []

    def __init__(self, ext_mgr):
        self.ext_mgr = ext_mgr
        self.supported_quotas = QUOTAS.resources
        for resource, extension in EXTENDED_QUOTAS.items():
            if not self.ext_mgr.is_loaded(extension):
                self.supported_quotas.remove(resource)
Ejemplo n.º 32
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from oslo_config import cfg

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import availability_zones
from patron import context as patron_context
from patron import objects
from patron import servicegroup

CONF = cfg.CONF

authorize_list = extensions.extension_authorizer('compute',
                                                 'availability_zone:list')
authorize_detail = extensions.extension_authorizer('compute',
                                                   'availability_zone:detail')


class AvailabilityZoneController(wsgi.Controller):
    """The Availability Zone API controller for the OpenStack API."""

    def __init__(self):
        super(AvailabilityZoneController, self).__init__()
        self.servicegroup_api = servicegroup.API()

    def _get_filtered_availability_zones(self, zones, is_available):
        result = []
        for zone in zones:
            # Hide internal_service_availability_zone
Ejemplo n.º 33
0
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
import patron.exception
from patron.i18n import _
from patron.i18n import _LE
from patron import objects
from patron import utils

LOG = logging.getLogger(__name__)

SUPPORTED_POLICIES = ['anti-affinity', 'affinity']

authorize = extensions.extension_authorizer('compute', 'server_groups')


def _authorize_context(req):
    context = req.environ['patron.context']
    authorize(context)
    return context


class ServerGroupController(wsgi.Controller):
    """The Server group API controller for the OpenStack API."""
    def __init__(self, ext_mgr):
        self.ext_mgr = ext_mgr

    def _format_server_group(self, context, group):
        # the id field has its value as the uuid of the server group
Ejemplo n.º 34
0
def authorize(context, action_name):
    action = 'admin_actions:%s' % action_name
    extensions.extension_authorizer('compute', action)(context)
Ejemplo n.º 35
0
#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#   License for the specific language governing permissions and limitations
#   under the License.
"""The shelved mode extension."""

import webob
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception

auth_shelve = exts.extension_authorizer('compute', 'shelve')
auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload')
auth_unshelve = exts.extension_authorizer('compute', 'unshelve')


class ShelveController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(ShelveController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('shelve')
    def _shelve(self, req, id, body):
        """Move an instance into shelved mode."""
        context = req.environ["patron.context"]
        auth_shelve(context)
Ejemplo n.º 36
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob.exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import servicegroup
from patron import utils

authorize = extensions.extension_authorizer('compute', 'services')


class ServiceController(object):

    def __init__(self, ext_mgr=None, *args, **kwargs):
        self.host_api = compute.HostAPI()
        self.servicegroup_api = servicegroup.API()
        self.ext_mgr = ext_mgr

    def _get_services(self, req):
        context = req.environ['patron.context']
        authorize(context)

        # NOTE(alex_xu): back-compatible with db layer hard-code admin
        # permission checks
Ejemplo n.º 37
0
 def test_extension_authorizer_throws_exception_if_policy_fails(self):
     authorize = base_extensions.extension_authorizer(
         'compute', 'used_limits_for_admin')
     self._test_extension_authorizer_throws_exception_if_policy_fails(
         "compute_extension:used_limits_for_admin", authorize)
Ejemplo n.º 38
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob
from webob import exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import exception
from patron.i18n import _
from patron import network

authorize = extensions.extension_authorizer('compute', 'networks_associate')


class NetworkAssociateActionController(wsgi.Controller):
    """Network Association API Controller."""

    def __init__(self, network_api=None):
        self.network_api = network_api or network.API()

    @wsgi.action("disassociate_host")
    def _disassociate_host_only(self, req, id, body):
        context = req.environ['patron.context']
        authorize(context)

        try:
            self.network_api.associate(context, id, host=None)
Ejemplo n.º 39
0
"""The rescue mode extension."""

from oslo_config import cfg
import webob
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron import utils


CONF = cfg.CONF
authorize = exts.extension_authorizer("compute", "rescue")


class RescueController(wsgi.Controller):
    def __init__(self, ext_mgr, *args, **kwargs):
        super(RescueController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()
        self.ext_mgr = ext_mgr

    @wsgi.action("rescue")
    def _rescue(self, req, id, body):
        """Rescue an instance."""
        context = req.environ["patron.context"]
        authorize(context)

        if body["rescue"] and "adminPass" in body["rescue"]:
Ejemplo n.º 40
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob
from webob import exc

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import exception
from patron.i18n import _
from patron import network

authorize = extensions.extension_authorizer('compute', 'networks_associate')


class NetworkAssociateActionController(wsgi.Controller):
    """Network Association API Controller."""
    def __init__(self, network_api=None):
        self.network_api = network_api or network.API()

    @wsgi.action("disassociate_host")
    def _disassociate_host_only(self, req, id, body):
        context = req.environ['patron.context']
        authorize(context)

        try:
            self.network_api.associate(context, id, host=None)
        except exception.NetworkNotFound:
Ejemplo n.º 41
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob.exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron import exception
from patron.i18n import _


authorize = extensions.extension_authorizer('compute', 'server_diagnostics')


class ServerDiagnosticsController(object):
    def __init__(self):
        self.compute_api = compute.API()

    def index(self, req, server_id):
        context = req.environ["patron.context"]
        authorize(context)

        instance = common.get_instance(self.compute_api, context, server_id)

        try:
            return self.compute_api.get_diagnostics(context, instance)
        except exception.InstanceInvalidState as state_error:
Ejemplo n.º 42
0
def authorize(context, action_name):
    action = 'migrations:%s' % action_name
    extensions.extension_authorizer('compute', action)(context)
Ejemplo n.º 43
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import re

import webob

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _

authorize = extensions.extension_authorizer('compute', 'console_output')


class ConsoleOutputController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(ConsoleOutputController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('os-getConsoleOutput')
    def get_console_output(self, req, id, body):
        """Get text console output."""
        context = req.environ['patron.context']
        authorize(context)

        instance = common.get_instance(self.compute_api, context, id)
        try:
Ejemplo n.º 44
0
import six
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.cells import rpcapi as cells_rpcapi
from patron import exception
from patron.i18n import _
from patron import rpc


CONF = cfg.CONF
CONF.import_opt('name', 'patron.cells.opts', group='cells')
CONF.import_opt('capabilities', 'patron.cells.opts', group='cells')

authorize = extensions.extension_authorizer('compute', 'cells')


def _filter_keys(item, keys):
    """Filters all model attributes except for keys
    item is a dict

    """
    return {k: v for k, v in item.iteritems() if k in keys}


def _fixup_cell_info(cell_info, keys):
    """If the transport_url is present in the cell, derive username,
    rpc_host, and rpc_port from it.
    """
Ejemplo n.º 45
0
from patron.api.openstack import wsgi
import patron.context
from patron import db
from patron import exception
from patron.i18n import _
from patron import quota
from patron import utils


QUOTAS = quota.QUOTAS
# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
                   'server_group_members': 'os-server-group-quotas'}


authorize = extensions.extension_authorizer('compute', 'quota_classes')


class QuotaClassSetsController(wsgi.Controller):

    supported_quotas = []

    def __init__(self, ext_mgr):
        self.ext_mgr = ext_mgr
        self.supported_quotas = QUOTAS.resources
        for resource, extension in EXTENDED_QUOTAS.items():
            if not self.ext_mgr.is_loaded(extension):
                self.supported_quotas.remove(resource)

    def _format_quota_set(self, quota_class, quota_set):
        """Convert the quota object to a result dict."""
Ejemplo n.º 46
0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.consoleauth import rpcapi as consoleauth_rpcapi
from patron.i18n import _


authorize = extensions.extension_authorizer('compute', 'console_auth_tokens')


class ConsoleAuthTokensController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        self._consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
        super(ConsoleAuthTokensController, self).__init__(*args, **kwargs)

    def show(self, req, id):
        """Checks a console auth token and returns the related connect info."""
        context = req.environ['patron.context']
        authorize(context)

        token = id
        connect_info = self._consoleauth_rpcapi.check_token(context, token)
        if not connect_info:
Ejemplo n.º 47
0
#    License for the specific language governing permissions and limitations
#    under the License.

"""The Aggregate admin API extension."""

import datetime

from webob import exc

from patron.api.openstack import extensions
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
from patron import utils

authorize = extensions.extension_authorizer('compute', 'aggregates')


def _get_context(req):
    return req.environ['patron.context']


def get_host_from_body(fn):
    """Makes sure that the host exists."""
    def wrapped(self, req, id, body, *args, **kwargs):
        if len(body) != 1:
            msg = _('Only host parameter can be specified')
            raise exc.HTTPBadRequest(explanation=msg)
        elif 'host' not in body:
            msg = _('Host parameter must be specified')
            raise exc.HTTPBadRequest(explanation=msg)
Ejemplo n.º 48
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.


import webob.exc

from patron.api.openstack import extensions
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import utils


authorize = extensions.extension_authorizer('compute', 'agents')


class AgentController(object):
    """The agent is talking about guest agent.The host can use this for
    things like accessing files on the disk, configuring networking,
    or running other applications/scripts in the guest while it is
    running. Typically this uses some hypervisor-specific transport
    to avoid being dependent on a working network configuration.
    Xen, VMware, and VirtualBox have guest agents,although the Xen
    driver is the only one with an implementation for managing them
    in openstack. KVM doesn't really have a concept of a guest agent
    (although one could be written).

    You can find the design of agent update in this link:
    http://wiki.openstack.org/AgentUpdate
Ejemplo n.º 49
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import six
import webob
from webob import exc

from patron.api.openstack.compute.contrib import security_groups as sg
from patron.api.openstack import extensions
from patron import exception
from patron.i18n import _
from patron.network.security_group import openstack_driver


authorize = extensions.extension_authorizer('compute',
                                            'security_group_default_rules')


class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):

    def __init__(self):
        self.security_group_api = (
            openstack_driver.get_openstack_security_group_driver())

    def create(self, req, body):
        context = sg._authorize_context(req)
        authorize(context)

        sg_rule = self._from_body(body, 'security_group_default_rule')

        try:
Ejemplo n.º 50
0
    cfg.StrOpt('use_neutron_default_nets',
               default="False",
               help='Control for checking for default networks'),
    cfg.StrOpt('neutron_default_tenant_id',
               default="default",
               help='Default tenant id when creating neutron '
               'networks'),
    cfg.IntOpt('quota_networks',
               default=3,
               help='Number of private networks allowed per project'),
]
CONF.register_opts(os_network_opts)

QUOTAS = quota.QUOTAS
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'os-tenant-networks')


def network_dict(network):
    # NOTE(danms): Here, network should be an object, which could have come
    # from neutron and thus be missing most of the attributes. Providing a
    # default to get() avoids trying to lazy-load missing attributes.
    return {
        "id": network.get("uuid", None) or network.get("id", None),
        "cidr": str(network.get("cidr", None)),
        "label": network.get("label", None)
    }


class NetworkController(object):
    def __init__(self, network_api=None):
Ejemplo n.º 51
0
"""The hosts admin extension."""

from oslo_log import log as logging
import webob.exc

from patron.api.openstack import extensions
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'hosts')


class HostController(object):
    """The Hosts API controller for the OpenStack API."""
    def __init__(self):
        self.api = compute.HostAPI()
        super(HostController, self).__init__()

    def index(self, req):
        """Returns a dict in the format:

        |  {'hosts': [{'host_name': 'some.host.name',
        |     'service': 'cells',
        |     'zone': 'internal'},
        |    {'host_name': 'some.other.host.name',
Ejemplo n.º 52
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""The hypervisors admin extension."""

import webob.exc

from patron.api.openstack import extensions
from patron import compute
from patron import exception
from patron.i18n import _
from patron import servicegroup


authorize = extensions.extension_authorizer('compute', 'hypervisors')


class HypervisorsController(object):
    """The Hypervisors API controller for the OpenStack API."""

    def __init__(self, ext_mgr):
        self.host_api = compute.HostAPI()
        self.servicegroup_api = servicegroup.API()
        super(HypervisorsController, self).__init__()
        self.ext_mgr = ext_mgr

    def _view_hypervisor(self, hypervisor, service, detail, servers=None,
                         **kwargs):
        hyp_dict = {
            'id': hypervisor.id,
Ejemplo n.º 53
0
#    License for the specific language governing permissions and limitations
#    under the License.

import itertools
import os

from oslo_config import cfg
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron.i18n import _
from patron import utils

authorize = extensions.extension_authorizer('compute', 'fping')
authorize_all_tenants = extensions.extension_authorizer(
    'compute', 'fping:all_tenants')
fping_opts = [
    cfg.StrOpt("fping_path",
               default="/usr/sbin/fping",
               help="Full path to fping."),
]

CONF = cfg.CONF
CONF.register_opts(fping_opts)


class FpingController(object):
    def __init__(self, network_api=None):
        self.compute_api = compute.API()
Ejemplo n.º 54
0
#    under the License.

from oslo_log import log as logging
import webob

from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
from patron.objects import external_event as external_event_obj

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute',
                                            'os-server-external-events')


class ServerExternalEventsController(wsgi.Controller):
    def __init__(self):
        self.compute_api = compute.API()
        super(ServerExternalEventsController, self).__init__()

    def create(self, req, body):
        """Creates a new instance event."""
        context = req.environ['patron.context']
        authorize(context, action='create')

        response_events = []
        accepted_events = []
        accepted_instances = set()
Ejemplo n.º 55
0
"""The multinic extension."""

from oslo_log import log as logging
import webob
from webob import exc

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LE

LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'multinic')


class MultinicController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(MultinicController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('addFixedIp')
    def _add_fixed_ip(self, req, id, body):
        """Adds an IP on a given network to an instance."""
        context = req.environ['patron.context']
        authorize(context)

        # Validate the input entity
        if 'networkId' not in body['addFixedIp']:
Ejemplo n.º 56
0
#    License for the specific language governing permissions and limitations
#    under the License.

import re

import webob

from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _


authorize = extensions.extension_authorizer('compute', 'console_output')


class ConsoleOutputController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(ConsoleOutputController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API()

    @wsgi.action('os-getConsoleOutput')
    def get_console_output(self, req, id, body):
        """Get text console output."""
        context = req.environ['patron.context']
        authorize(context)

        instance = common.get_instance(self.compute_api, context, id)
        try:
Ejemplo n.º 57
0
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""The server password extension."""

from patron.api.metadata import password
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute


authorize = extensions.extension_authorizer('compute', 'server_password')


class ServerPasswordController(object):
    """The Server Password API controller for the OpenStack API."""
    def __init__(self):
        self.compute_api = compute.API()

    def index(self, req, server_id):
        context = req.environ['patron.context']
        authorize(context)
        instance = common.get_instance(self.compute_api, context, server_id)

        passw = password.extract_password(instance)
        return {'password': passw or ''}