def delete(self, project_id): context = pecan.request.context policy.enforce(context, 'quota:delete', target={'project_id': project_id}, action='quota:delete') QUOTAS.destroy_all_by_project(context, project_id)
def _do_get_all(self, legacy_api_version=False, **kwargs): context = pecan.request.context policy.enforce(context, "capsule:get_all", action="capsule:get_all") if utils.is_all_projects(kwargs): context.all_projects = True limit = api_utils.validate_limit(kwargs.get('limit')) sort_dir = api_utils.validate_sort_dir(kwargs.get('sort_dir', 'asc')) sort_key = kwargs.get('sort_key', 'id') resource_url = kwargs.get('resource_url') expand = kwargs.get('expand') filters = None marker_obj = None marker = kwargs.get('marker') if marker: marker_obj = objects.Capsule.get_by_uuid(context, marker) capsules = objects.Capsule.list(context, limit, marker_obj, sort_key, sort_dir, filters=filters) return CapsuleCollection.convert_with_links( capsules, limit, url=resource_url, expand=expand, sort_key=sort_key, sort_dir=sort_dir, legacy_api_version=legacy_api_version)
def delete(self, image_id, **kwargs): context = pecan.request.context policy.enforce(context, "image:delete", action="image:delete") host = _get_host(kwargs.pop('host')) image = utils.get_image(image_id) return pecan.request.compute_api.image_delete(context, image, host.hostname)
def post(self, run=False, **container_dict): """Create a new container. :param run: if true, starts the container :param container_dict: a container within the request body. """ LOG.debug('carrier post xxx run=%s, container_dict=%s', run, container_dict) context = pecan.request.context compute_api = pecan.request.compute_api #LOG.debug('container py post xxx context=%s,compute_api=%s' % (context.to_dict(),dir(compute_api))) policy.enforce(context, "carrier:create", action="carrier:create") requested_networks = {} extra_spec = container_dict.get('hints', None) new_carrier = objects.Carrier(context, **container_dict) new_carrier.create(context) compute_api.carrier_create(context, new_carrier, extra_spec, requested_networks) # Set the HTTP Location Header pecan.response.location = link.build_url('carriers', new_carrier.uuid) pecan.response.status = 202 LOG.debug('carrier post xxx pecan.response.status=%s', pecan.response.status) return view.format_container(pecan.request.host_url, new_carrier)
def _get_containers_collection(self, **kwargs): context = pecan.request.context LOG.debug('xxx _get_containers_collection started') if is_all_tenants(kwargs): LOG.debug('xxx _get_containers_collection true kwargs=%s', kwargs) policy.enforce(context, "carrier:get_all_all_tenants", action="carrier:get_all_all_tenants") context.all_tenants = True compute_api = pecan.request.compute_api limit = api_utils.validate_limit(kwargs.get('limit')) sort_dir = api_utils.validate_sort_dir(kwargs.get('sort_dir', 'asc')) sort_key = kwargs.get('sort_key', 'id') resource_url = kwargs.get('resource_url') expand = kwargs.get('expand') filters = None marker_obj = None marker = kwargs.get('marker') if marker: marker_obj = objects.Container.get_by_uuid(context, marker) containers = objects.Carrier.list(context, limit, marker_obj, sort_key, sort_dir, filters=filters) xx=ContainerCollection.convert_with_links(containers, limit, url=resource_url, expand=expand, sort_key=sort_key, sort_dir=sort_dir) #LOG.debug('container post xxx containers=%s, xx=%s', containers, xx.__dict__) return xx
def _do_get_all(self, legacy_api_version=False, **kwargs): context = pecan.request.context policy.enforce(context, "capsule:get_all", action="capsule:get_all") if utils.is_all_projects(kwargs): context.all_projects = True limit = api_utils.validate_limit(kwargs.get('limit')) sort_dir = api_utils.validate_sort_dir(kwargs.get('sort_dir', 'asc')) sort_key = kwargs.get('sort_key', 'id') resource_url = kwargs.get('resource_url') expand = kwargs.get('expand') filters = None marker_obj = None marker = kwargs.get('marker') if marker: marker_obj = objects.Capsule.get_by_uuid(context, marker) capsules = objects.Capsule.list(context, limit, marker_obj, sort_key, sort_dir, filters=filters) return CapsuleCollection.convert_with_links( capsules, limit, url=resource_url, expand=expand, sort_key=sort_key, sort_dir=sort_dir, legacy_api_version=legacy_api_version)
def delete(self, container_id, force=False, **kwargs): """Delete a container. :param container_ident: UUID or Name of a container. """ LOG.debug('v 1.7 Carrier delete xxx container_id=%s, kwargs=%s', container_id, kwargs) context = pecan.request.context if is_all_tenants(kwargs): policy.enforce(context, "carrier:delete_all_tenants", action="carrier:delete_all_tenants") context.all_tenants = True container = _get_container(container_id) check_policy_on_container(container.as_dict(), "carrier:delete") try: force = strutils.bool_from_string(force, strict=True) except ValueError: msg = _('Valid force values are true, false, 0, 1, yes and no') raise exception.InvalidValue(msg) if not force: utils.validate_container_state(container, 'delete') else: utils.validate_container_state(container, 'delete_force') policy.enforce(context, "carrier:delete_force", action="carrier:delete_force") compute_api = pecan.request.compute_api compute_api.carrier_delete(context, container, force) pecan.response.status = 204
def defaults(self): context = pecan.request.context policy.enforce(context, 'quota:get_default', action='quota:get_default') values = QUOTAS.get_defaults(context) return values
def _get_containers_collection(self, **kwargs): context = pecan.request.context if utils.is_all_projects(kwargs): policy.enforce(context, "container:get_all_all_projects", action="container:get_all_all_projects") context.all_projects = True limit = api_utils.validate_limit(kwargs.get('limit')) sort_dir = api_utils.validate_sort_dir(kwargs.get('sort_dir', 'asc')) sort_key = kwargs.get('sort_key', 'id') resource_url = kwargs.get('resource_url') expand = kwargs.get('expand') filters = None marker_obj = None marker = kwargs.get('marker') if marker: marker_obj = objects.Container.get_by_uuid(context, marker) containers = objects.Container.list(context, limit, marker_obj, sort_key, sort_dir, filters=filters) if not context.is_admin: for container in containers: del container.host return ContainerCollection.convert_with_links(containers, limit, url=resource_url, expand=expand, sort_key=sort_key, sort_dir=sort_dir)
def get_one(self, container_ident, request_ident, **kwargs): """Retrieve information about the action.""" context = pecan.request.context policy.enforce(context, "container:actions", action="container:actions") container = utils.get_container(container_ident) action = objects.ContainerAction.get_by_request_id( context, container.uuid, request_ident) if action is None: raise exception.ResourceNotFound(name="Action", id=request_ident) action_id = action.id if CONF.database.backend == 'etcd': # etcd using action.uuid get the unique action instead of action.id action_id = action.uuid action = self._format_action(action) show_traceback = False if policy.enforce(context, "container:action:events", do_raise=False, action="container:action:events"): show_traceback = True events_raw = objects.ContainerActionEvent.get_by_action(context, action_id) action['events'] = [self._format_event(evt, show_traceback) for evt in events_raw] return action
def search(self, image, image_driver=None, exact_match=False): """Search a specific image :param image: Name of the image. :param image_driver: Name of the image driver (glance, docker). :param exact_match: if True, exact match the image name. """ context = pecan.request.context policy.enforce(context, "image:search", action="image:search") LOG.debug('Calling compute.image_search with %s', image) try: exact_match = strutils.bool_from_string(exact_match, strict=True) except ValueError: bools = ', '.join(strutils.TRUE_STRINGS + strutils.FALSE_STRINGS) raise exception.InvalidValue(_('Valid exact_match values are: %s') % bools) # Valiadtion accepts 'None' so need to convert it to None image_driver = api_utils.string_or_none(image_driver) if not image_driver: image_driver = CONF.default_image_driver return pecan.request.compute_api.image_search(context, image, image_driver, exact_match)
def delete(self, container_ident, force=False, **kwargs): """Delete a container. :param container_ident: UUID or Name of a container. :param force: If True, allow to force delete the container. """ context = pecan.request.context if utils.is_all_tenants(kwargs): policy.enforce(context, "container:delete_all_tenants", action="container:delete_all_tenants") context.all_tenants = True container = utils.get_container(container_ident) check_policy_on_container(container.as_dict(), "container:delete") try: force = strutils.bool_from_string(force, strict=True) except ValueError: msg = _('Valid force values are true, false, 0, 1, yes and no') raise exception.InvalidValue(msg) stop = kwargs.pop('stop', False) try: stop = strutils.bool_from_string(stop, strict=True) except ValueError: msg = _('Valid stop values are true, false, 0, 1, yes and no') raise exception.InvalidValue(msg) compute_api = pecan.request.compute_api if not force and not stop: utils.validate_container_state(container, 'delete') elif force and not stop: req_version = pecan.request.version min_version = versions.Version('', '', '', '1.7') if req_version >= min_version: policy.enforce(context, "container:delete_force", action="container:delete_force") utils.validate_container_state(container, 'delete_force') else: raise exception.InvalidParamInVersion(param='force', req_version=req_version, min_version=min_version) elif stop: req_version = pecan.request.version min_version = versions.Version('', '', '', '1.12') if req_version >= min_version: check_policy_on_container(container.as_dict(), "container:stop") utils.validate_container_state(container, 'delete_after_stop') if container.status == consts.RUNNING: LOG.debug( 'Calling compute.container_stop with %s ' 'before delete', container.uuid) compute_api.container_stop(context, container, 10) else: raise exception.InvalidParamInVersion(param='stop', req_version=req_version, min_version=min_version) container.status = consts.DELETING compute_api.container_delete(context, container, force) pecan.response.status = 204
def get_all(self, **kwargs): """Retrieve a list of registries. """ context = pecan.request.context policy_action = policies.REGISTRY % 'get_all' policy.enforce(context, policy_action, action=policy_action) return self._get_registries_collection(**kwargs)
def get_all(self, **kwargs): """Retrieve a list of containers. """ LOG.debug('user get_all xxx kwargs=%s', kwargs) context = pecan.request.context policy.enforce(context, "user:get_all", action="user:get_all") return self._get_containers_collection(**kwargs)
def defaults(self, project_id): context = pecan.request.context policy.enforce(context, 'quota:get_default', target={'project_id': project_id}, action='quota:get_default') values = QUOTAS.get_defaults(context) return values
def get_all(self, **kwargs): """Retrieve a list of containers. """ context = pecan.request.context policy.enforce(context, "container:get_all", action="container:get_all") return self._get_containers_collection(**kwargs)
def get_all(self, **kwargs): """Retrieve a list of registries. """ context = pecan.request.context policy_action = policies.REGISTRY % 'get_all' policy.enforce(context, policy_action, action=policy_action) return self._get_registries_collection(**kwargs)
def get(self, project_id, **kwargs): context = pecan.request.context usages = kwargs.get('usages', False) policy.enforce(context, 'quota:get', target={'project_id': project_id}, action='quota:get') return self._get_quotas(context, project_id, usages=usages)
def get_one(self, host_id): """Retrieve information about the given host. :param host_ident: UUID or name of a host. """ context = pecan.request.context policy.enforce(context, "host:get", action="host:get") host = _get_host(host_id) return view.format_host(pecan.request.host_url, host)
def get_one(self, host_ident): """Retrieve information about the given host. :param host_ident: UUID or name of a host. """ context = pecan.request.context policy.enforce(context, "host:get", action="host:get") host = api_utils.get_resource('ComputeNode', host_ident) return view.format_host(pecan.request.host_url, host)
def get_all(self, **kwargs): """Retrieve a list of availability zones""" context = pecan.request.context context.all_projects = True policy.enforce(context, "availability_zones:get_all", action="availability_zones:get_all") return self._get_host_collection(**kwargs)
def get_one(self, host_ident): """Retrieve information about the given host. :param host_ident: UUID or name of a host. """ context = pecan.request.context policy.enforce(context, "host:get", action="host:get") host = _get_host(host_ident) return view.format_host(pecan.request.host_url, host)
def disable(self, **kwargs): context = pecan.request.context policy.enforce(context, "zun-service:disable", action="zun-service:disable") if 'disabled_reason' in kwargs: reason = kwargs['disabled_reason'] else: reason = None return self._disable(context, kwargs, reason)
def disable(self, **kwargs): context = pecan.request.context policy.enforce(context, "zun-service:disable", action="zun-service:disable") if 'disabled_reason' in kwargs: reason = kwargs['disabled_reason'] else: reason = None return self._disable(context, kwargs, reason)
def post(self, **network_dict): """Create a new network. :param network_dict: a network within the request body. """ context = pecan.request.context policy.enforce(context, "network:create", action="network:create") new_network = pecan.request.compute_api.network_create( context, network_dict['neutron_net_id']) return view.format_network(pecan.request.host_url, new_network)
def post(self, **network_dict): """Create a new network. :param network_dict: a network within the request body. """ context = pecan.request.context policy.enforce(context, "network:create", action="network:create") new_network = pecan.request.compute_api.network_create( context, network_dict['neutron_net_id']) return view.format_network(pecan.request.host_url, new_network)
def get_all(self, container_ident, **kwargs): """Retrieve a list of container actions.""" context = pecan.request.context policy.enforce(context, "container:actions", action="container:actions") container = utils.get_container(container_ident) actions_raw = objects.ContainerAction.get_by_container_uuid( context, container.uuid) actions = [self._format_action(action) for action in actions_raw] return {"containerActions": actions}
def search(self, image, exact_match=False): context = pecan.request.context policy.enforce(context, "image:search", action="image:search") LOG.debug('Calling compute.image_search with %s' % image) try: exact_match = strutils.bool_from_string(exact_match, strict=True) except ValueError: msg = _("Valid exact_match values are true," " false, 0, 1, yes and no") raise exception.InvalidValue(msg) return pecan.request.compute_api.image_search(context, image, exact_match)
def delete(self, network_ident, **kwargs): """Delete a network. :param network_ident: UUID of the network. """ context = pecan.request.context policy.enforce(context, "network:delete", action="network:delete") context.all_projects = True network = _get_network(context, network_ident) compute_api = pecan.request.compute_api compute_api.network_delete(context, network) pecan.response.status = 204
def delete(self, network_ident, **kwargs): """Delete a network. :param network_ident: UUID of the network. """ context = pecan.request.context policy.enforce(context, "network:delete", action="network:delete") context.all_projects = True network = _get_network(context, network_ident) compute_api = pecan.request.compute_api compute_api.network_delete(context, network) pecan.response.status = 204
def post(self, **network_dict): """Create a new network. :param network_dict: a network within the request body. """ context = pecan.request.context policy.enforce(context, "network:create", action="network:create") network_dict['project_id'] = context.project_id network_dict['user_id'] = context.user_id new_network = objects.Network(context, **network_dict) new_network.create(context) pecan.request.compute_api.network_create(context, new_network) return view.format_network(pecan.request.host_url, new_network)
def delete(self, container_ident, force=False, **kwargs): """Delete a container. :param container_ident: UUID or Name of a container. :param force: If True, allow to force delete the container. """ context = pecan.request.context if utils.is_all_projects(kwargs): policy.enforce(context, "container:delete_all_projects", action="container:delete_all_projects") context.all_projects = True container = utils.get_container(container_ident) check_policy_on_container(container.as_dict(), "container:delete") try: force = strutils.bool_from_string(force, strict=True) except ValueError: bools = ', '.join(strutils.TRUE_STRINGS + strutils.FALSE_STRINGS) raise exception.InvalidValue(_('Valid force values are: %s') % bools) stop = kwargs.pop('stop', False) try: stop = strutils.bool_from_string(stop, strict=True) except ValueError: bools = ', '.join(strutils.TRUE_STRINGS + strutils.FALSE_STRINGS) raise exception.InvalidValue(_('Valid stop values are: %s') % bools) compute_api = pecan.request.compute_api if not force and not stop: utils.validate_container_state(container, 'delete') elif force and not stop: api_utils.version_check('force', '1.7') policy.enforce(context, "container:delete_force", action="container:delete_force") utils.validate_container_state(container, 'delete_force') elif stop: api_utils.version_check('stop', '1.12') check_policy_on_container(container.as_dict(), "container:stop") utils.validate_container_state(container, 'delete_after_stop') if container.status == consts.RUNNING: LOG.debug('Calling compute.container_stop with %s ' 'before delete', container.uuid) compute_api.container_stop(context, container, 10) container.status = consts.DELETING if container.host: compute_api.container_delete(context, container, force) else: container.destroy(context) pecan.response.status = 204
def get_all(self, **kwargs): """Retrieve a list of zun-services. """ context = pecan.request.context policy.enforce(context, "zun-service:get_all", action="zun-service:get_all") hsvcs = objects.ZunService.list(context, limit=None, marker=None, sort_key='id', sort_dir='asc') return ZunServiceCollection.convert_db_rec_list_to_collection( self.servicegroup_api, hsvcs)
def get_all(self, **kwargs): """Retrieve a list of zun-services. """ context = pecan.request.context policy.enforce(context, "zun-service:get_all", action="zun-service:get_all") hsvcs = objects.ZunService.list(context, limit=None, marker=None, sort_key='id', sort_dir='asc') return ZunServiceCollection.convert_db_rec_list_to_collection( self.servicegroup_api, hsvcs)
def post(self, run=False, **registry_dict): context = pecan.request.context policy_action = policies.REGISTRY % 'create' policy.enforce(context, policy_action, action=policy_action) registry_dict = registry_dict.get(RESOURCE_NAME) registry_dict['project_id'] = context.project_id registry_dict['user_id'] = context.user_id new_registry = objects.Registry(context, **registry_dict) new_registry.create(context) # Set the HTTP Location Header pecan.response.location = link.build_url(COLLECTION_NAME, new_registry.uuid) pecan.response.status = 201 return RegistryItem.render_response(new_registry)
def post(self, run=False, **registry_dict): context = pecan.request.context policy_action = policies.REGISTRY % 'create' policy.enforce(context, policy_action, action=policy_action) registry_dict = registry_dict.get(RESOURCE_NAME) registry_dict['project_id'] = context.project_id registry_dict['user_id'] = context.user_id new_registry = objects.Registry(context, **registry_dict) new_registry.create(context) # Set the HTTP Location Header pecan.response.location = link.build_url(COLLECTION_NAME, new_registry.uuid) pecan.response.status = 201 return RegistryItem.render_response(new_registry)
def put(self, quota_class_name, **quota_classes_dict): context = pecan.request.context policy.enforce(context, 'quota_class:update', action='quota_class:update') for key, value in quota_classes_dict.items(): value = int(value) quota_class = objects.QuotaClass( context, class_name=quota_class_name, resource=key, hard_limit=value) try: quota_class.update(context) except exception.QuotaClassNotFound: quota_class.create(context) return self._get_quotas(context, quota_class_name)
def get_one(self, container_id, **kwargs): """Retrieve information about the given container. :param container_ident: UUID or name of a container. """ context = pecan.request.context if is_all_tenants(kwargs): policy.enforce(context, "container:get_one_all_tenants", action="container:get_one_all_tenants") context.all_tenants = True container = _get_container(container_id) check_policy_on_container(container.as_dict(), "container:get_one") compute_api = pecan.request.compute_api container = compute_api.container_show(context, container) return view.format_container(pecan.request.host_url, container)
def delete(self, host, binary): """Delete the specified service. :param host: The host on which the binary is running. :param binary: The name of the binary. """ context = pecan.request.context policy.enforce(context, "zun-service:delete", action="zun-service:delete") svc = objects.ZunService.get_by_host_and_binary(context, host, binary) if svc is None: raise exception.ZunServiceNotFound(binary=binary, host=host) else: svc.destroy(context)
def put(self, **quotas_dict): context = pecan.request.context policy.enforce(context, 'quota:update', action='quota:update') project_id = context.project_id for key, value in quotas_dict.items(): value = int(value) quota = objects.Quota(context, project_id=project_id, resource=key, hard_limit=value) try: quota.create(context) except exception.QuotaAlreadyExists: quota.update(context) return self._get_quotas(context)
def put(self, quota_class_name, **quota_classes_dict): context = pecan.request.context policy.enforce(context, 'quota_class:update', action='quota_class:update') for key, value in quota_classes_dict.items(): value = int(value) quota_class = objects.QuotaClass(context, class_name=quota_class_name, resource=key, hard_limit=value) try: quota_class.update(context) except exception.QuotaClassNotFound: quota_class.create(context) return self._get_quotas(context, quota_class_name)
def delete(self, host, binary): """Delete the specified service. :param host: The host on which the binary is running. :param binary: The name of the binary. """ context = pecan.request.context policy.enforce(context, "zun-service:delete", action="zun-service:delete") svc = objects.ZunService.get_by_host_and_binary( context, host, binary) if svc is None: raise exception.ZunServiceNotFound( binary=binary, host=host) else: svc.destroy(context)
def delete(self, capsule_ident, **kwargs): """Delete a capsule. :param capsule_ident: UUID or Name of a capsule. """ context = pecan.request.context if utils.is_all_projects(kwargs): policy.enforce(context, "capsule:delete_all_projects", action="capsule:delete_all_projects") context.all_projects = True capsule = _get_capsule(capsule_ident) check_policy_on_capsule(capsule.as_dict(), "capsule:delete") compute_api = pecan.request.compute_api capsule.task_state = consts.CONTAINER_DELETING capsule.save(context) compute_api.container_stop(context, capsule, 10) compute_api.container_delete(context, capsule) pecan.response.status = 204
def _get_registries_collection(self, **kwargs): context = pecan.request.context if utils.is_all_projects(kwargs): policy_action = policies.REGISTRY % 'get_all_all_projects' policy.enforce(context, policy_action, action=policy_action) context.all_projects = True kwargs.pop('all_projects', None) limit = api_utils.validate_limit(kwargs.pop('limit', None)) sort_dir = api_utils.validate_sort_dir(kwargs.pop('sort_dir', 'asc')) sort_key = kwargs.pop('sort_key', 'id') resource_url = kwargs.pop('resource_url', None) registry_allowed_filters = ['name', 'domain', 'username', 'project_id', 'user_id'] filters = {} for filter_key in registry_allowed_filters: if filter_key in kwargs: policy_action = policies.REGISTRY % ('get_one:' + filter_key) context.can(policy_action, might_not_exist=True) filter_value = kwargs.pop(filter_key) filters[filter_key] = filter_value marker_obj = None marker = kwargs.pop('marker', None) if marker: marker_obj = objects.Registry.get_by_uuid(context, marker) if kwargs: unknown_params = [str(k) for k in kwargs] msg = _("Unknown parameters: %s") % ", ".join(unknown_params) raise exception.InvalidValue(msg) registries = objects.Registry.list(context, limit, marker_obj, sort_key, sort_dir, filters=filters) return RegistryCollection.convert_with_links(registries, limit, url=resource_url, sort_key=sort_key, sort_dir=sort_dir)
def post(self, **image_dict): """Create a new image. :param image_dict: an image within the request body. """ context = pecan.request.context policy.enforce(context, "image:pull", action="image:pull") host = _get_host(image_dict.pop('host')) image_dict['project_id'] = context.project_id image_dict['user_id'] = context.user_id repo_tag = image_dict.get('repo') image_dict['host'] = host.hostname image_dict['repo'], image_dict['tag'] = utils.parse_image_name( repo_tag) new_image = objects.Image(context, **image_dict) new_image.pull(context) pecan.request.compute_api.image_pull(context, new_image) # Set the HTTP Location Header pecan.response.location = link.build_url('images', new_image.uuid) pecan.response.status = 202 return view.format_image(pecan.request.host_url, new_image)
def get(self, quota_class_name): context = pecan.request.context policy.enforce(context, 'quota_class:get', action='quota_class:get') return self._get_quotas(context, quota_class_name)
def check_policy_on_host(host, action): context = pecan.request.context policy.enforce(context, action, host, action=action)
def check_policy_on_availability_zones(availability_zone, action): context = pecan.request.context policy.enforce(context, action, availability_zone, action=action)
def get_all(self, **kwargs): """Retrieve a list of hosts""" context = pecan.request.context policy.enforce(context, "host:get_all", action="host:get_all") return self._get_host_collection(**kwargs)
def _do_post(self, legacy_api_version=False, **capsule_dict): context = pecan.request.context compute_api = pecan.request.compute_api policy.enforce(context, "capsule:create", action="capsule:create") # Abstract the capsule specification capsules_template = capsule_dict.get('template') spec_content, template_json = \ check_capsule_template(capsules_template) containers_spec, init_containers_spec = \ utils.capsule_get_container_spec(spec_content) volumes_spec = utils.capsule_get_volume_spec(spec_content) # Create the capsule Object new_capsule = objects.Capsule(context, **capsule_dict) new_capsule.project_id = context.project_id new_capsule.user_id = context.user_id new_capsule.status = consts.CREATING new_capsule.create(context) new_capsule.volumes = [] capsule_need_cpu = 0 capsule_need_memory = 0 container_volume_requests = [] if spec_content.get('restart_policy'): capsule_restart_policy = spec_content.get('restart_policy') else: # NOTE(hongbin): this is deprecated but we need to maintain # backward-compatibility. Will remove this branch in the future. capsule_restart_policy = template_json.get('restart_policy', 'always') container_restart_policy = {"MaximumRetryCount": "0", "Name": capsule_restart_policy} new_capsule.restart_policy = container_restart_policy metadata_info = template_json.get('metadata', None) requested_networks_info = template_json.get('nets', []) requested_networks = \ utils.build_requested_networks(context, requested_networks_info) if metadata_info: new_capsule.name = metadata_info.get('name', None) new_capsule.labels = metadata_info.get('labels', None) # create the capsule in DB so that it generates a 'id' new_capsule.save() extra_spec = {} az_info = template_json.get('availabilityZone') if az_info: extra_spec['availability_zone'] = az_info new_capsule.image = CONF.sandbox_image new_capsule.image_driver = CONF.sandbox_image_driver merged_containers_spec = init_containers_spec + containers_spec for container_spec in merged_containers_spec: if container_spec.get('image_pull_policy'): policy.enforce(context, "container:create:image_pull_policy", action="container:create:image_pull_policy") container_dict = container_spec container_dict['project_id'] = context.project_id container_dict['user_id'] = context.user_id name = self._generate_name_for_capsule_container(new_capsule) container_dict['name'] = name if container_dict.get('args') and container_dict.get('command'): container_dict['command'] = \ container_dict['command'] + container_dict['args'] container_dict.pop('args') elif container_dict.get('args'): container_dict['command'] = container_dict['args'] container_dict.pop('args') # NOTE(kevinz): Don't support port remapping, will find a # easy way to implement it. # if container need to open some port, just open it in container, # user can change the security group and getting access to port. if container_dict.get('ports'): container_dict.pop('ports') if container_dict.get('resources'): resources_list = container_dict.get('resources') allocation = resources_list.get('requests') if allocation.get('cpu'): capsule_need_cpu += allocation.get('cpu') container_dict['cpu'] = allocation.get('cpu') if allocation.get('memory'): capsule_need_memory += allocation.get('memory') container_dict['memory'] = str(allocation['memory']) container_dict.pop('resources') container_dict['image_pull_policy'] = ( container_dict.get('image_pull_policy', 'always').lower()) container_dict['status'] = consts.CREATING container_dict['interactive'] = True container_dict['capsule_id'] = new_capsule.id container_dict['restart_policy'] = container_restart_policy if container_spec in init_containers_spec: if capsule_restart_policy == "always": container_restart_policy = {"MaximumRetryCount": "10", "Name": "on-failure"} container_dict['restart_policy'] = container_restart_policy utils.check_for_restart_policy(container_dict) new_container = objects.CapsuleInitContainer(context, **container_dict) else: utils.check_for_restart_policy(container_dict) new_container = objects.CapsuleContainer(context, **container_dict) new_container.create(context) if container_dict.get('volumeMounts'): for volume in container_dict['volumeMounts']: volume['container_uuid'] = new_container.uuid container_volume_requests.append(volume) # Deal with the volume support requested_volumes = \ self._build_requested_volumes(context, volumes_spec, container_volume_requests, new_capsule) new_capsule.cpu = capsule_need_cpu new_capsule.memory = str(capsule_need_memory) new_capsule.save(context) kwargs = {} kwargs['extra_spec'] = extra_spec kwargs['requested_networks'] = requested_networks kwargs['requested_volumes'] = requested_volumes kwargs['run'] = True compute_api.container_create(context, new_capsule, **kwargs) # Set the HTTP Location Header pecan.response.location = link.build_url('capsules', new_capsule.uuid) pecan.response.status = 202 return view.format_capsule(pecan.request.host_url, new_capsule, context, legacy_api_version=legacy_api_version)
def check_policy_on_capsule(capsule, action): context = pecan.request.context policy.enforce(context, action, capsule, action=action)
def check_policy_on_image(image, action): context = pecan.request.context policy.enforce(context, action, image, action=action)
def delete(self, image_id): context = pecan.request.context policy.enforce(context, "image:delete", action="image:delete") image = utils.get_image(image_id) return pecan.request.compute_api.image_delete(context, image)
def get_all(self, **kwargs): """Retrieve a list of images.""" context = pecan.request.context policy.enforce(context, "image:get_all", action="image:get_all") return self._get_images_collection(**kwargs)
def enable(self, **kwargs): context = pecan.request.context policy.enforce(context, "zun-service:enable", action="zun-service:enable") return self._enable(context, kwargs)
def check_policy_on_registry(registry, action): context = pecan.request.context policy.enforce(context, action, registry, action=action)
def force_down(self, **kwargs): context = pecan.request.context policy.enforce(context, "zun-service:force_down", action="zun-service:force_down") return self._update_forced_down(context, kwargs)