def decorator_wrapper(*args, **kwargs):
server_config = server_utils.get_server_runtime_config()
if (server_config.get_value_at('service.enforce_authorization')
and required_rights is not None
and len(required_rights) > 0):
class_instance: abstract_broker.AbstractBroker = args[0]
user_rights = class_instance.context.user.rights
missing_rights = []
for right_name in required_rights:
right_name_with_namespace = \
f"{{{CSE_SERVICE_NAMESPACE}}}:{right_name}"
if right_name_with_namespace not in user_rights:
missing_rights.append(right_name_with_namespace)
if len(missing_rights) > 0:
LOGGER.debug(f"Authorization failed for user "
f"'{class_instance.context.user.name}'. "
f"Missing required rights: "
f"{missing_rights}")
raise Exception(f'Access forbidden. Missing required '
f'rights: {missing_rights}')
return func(*args, **kwargs)
def get_compute_profile(self, cp_name):
"""Get the details of compute profile.
:param str cp_name: Name of the compute profile
:return: Details of the compute profile as body of the result
:rtype: dict
"""
result = {
'body': [],
'status_code': requests.codes.ok,
}
profile_api = ProfileApi(api_client=self.pks_client)
self.pks_wire_logger.debug(f"Sending request to"
f" PKS:{self.pks_host_uri} to get the"
f" compute profile: {cp_name}")
try:
compute_profile = \
profile_api.get_compute_profile(profile_name=cp_name)
except ApiException as err:
SERVER_LOGGER.debug(f"Creating compute-profile {cp_name}"
f" in PKS failed with error:\n {err}")
raise PksServerError(err.status, err.body)
self.pks_wire_logger.debug(f"Received response from"
f" PKS: {self.pks_host_uri} on"
f" compute-profile: {cp_name} with"
f" details: {compute_profile.to_dict()}")
result['body'] = compute_profile.to_dict()
return result
def create_compute_profile(self, cp_name, az_name, description, cpi,
datacenter_name, cluster_name, ovdc_rp_name):
"""Create a PKS compute profile that maps to a given oVdc in vCD.
:param str cp_name: Name of the compute profile
:param str az_name: Name of the PKS availability zone to be defined
:param str description: Description of the compute profile
:param str cpi: Unique identifier provided by BOSH
:param str datacenter_name: Name of the datacenter
:param str cluster_name: Name of the cluster
:param str ovdc_rp_name: Name of the oVdc resource pool
:return: result
:rtype: dict
"""
result = {
'body': [],
'status_code': requests.codes.ok,
}
profile_api = ProfileApi(api_client=self.pks_client)
resource_pool = {
'resource_pool': ovdc_rp_name
}
cloud_properties = {
'datacenters': [
{
'name': datacenter_name,
'clusters': [
{
cluster_name: resource_pool
}
]
}
]
}
az = AZ(name=az_name, cpi=cpi, cloud_properties=cloud_properties)
cp_params = ComputeProfileParameters(azs=[az])
cp_request = ComputeProfileRequest(name=cp_name,
description=description,
parameters=cp_params)
self.pks_wire_logger.debug(f"Sending request to"
f" PKS:{self.pks_host_uri} to create the"
f" compute profile: {cp_name}"
f" for ovdc {ovdc_rp_name}")
try:
profile_api.add_compute_profile(body=cp_request)
except ApiException as err:
SERVER_LOGGER.debug(f"Creating compute-profile {cp_name} in PKS"
f" failed with error:\n {err}")
raise PksServerError(err.status, err.body)
self.pks_wire_logger.debug(f"PKS: {self.pks_host_uri} created the"
f" compute profile: {cp_name}"
f" for ovdc {ovdc_rp_name}")
return result
def list_compute_profiles(self):
"""Get the list of compute profiles.
:return: List of compute profile details as body of the result
:rtype: dict
"""
result = {
'body': [],
'status_code': requests.codes.ok,
}
profile_api = ProfileApi(api_client=self.pks_client)
self.pks_wire_logger.debug(f"Sending request to PKS:"
f" {self.pks_host_uri} to get the"
f" list of compute profiles")
try:
cp_list = profile_api.list_compute_profiles()
except ApiException as err:
SERVER_LOGGER.debug(f"Listing compute-profiles in PKS failed "
f"with error:\n {err}")
raise PksServerError(err.status, err.body)
list_of_cp_dicts = [cp.to_dict() for cp in cp_list]
self.pks_wire_logger.debug(f"Received response from PKS:"
f" {self.pks_host_uri} on list of"
f" compute profiles: {list_of_cp_dicts}")
result['body'] = list_of_cp_dicts
return result
def record_user_action(cse_operation,
status=OperationStatus.SUCCESS,
message=None,
telemetry_settings=None):
"""Record CSE user action information in telemetry server.
No exceptions should be leaked. Catch all exceptions and log them.
:param CseOperation cse_operation:
:param OperationStatus status: SUCCESS/FAILURE of the user action
:param str message: any information about failure or custom message
:param dict telemetry_settings: telemetry section CSE config->service
"""
try:
if not telemetry_settings:
server_config = get_server_runtime_config()
telemetry_settings = None if not server_config else \
server_config.get_value_at('service.telemetry')
if telemetry_settings:
if telemetry_settings.get('enable'):
payload = get_payload_for_user_action(cse_operation, status,
message) # noqa: E501
_send_data_to_telemetry_server(payload, telemetry_settings)
else:
LOGGER.debug('No telemetry settings found.')
except Exception as err:
LOGGER.warning(
f"Error in recording user action information:{str(err)}",
exc_info=True) # noqa: E501
def delete_compute_profile(self, cp_name):
"""Delete the compute profile with a given name.
:param str cp_name: Name of the compute profile
:return: result
:rtype: dict
"""
result = {
'body': [],
'status_code': requests.codes.ok,
}
profile_api = ProfileApi(api_client=self.pks_client)
self.pks_wire_logger.debug(f"Sending request to PKS:"
f"{self.pks_host_uri} to delete"
f" the compute profile: {cp_name}")
try:
profile_api.delete_compute_profile(profile_name=cp_name)
except ApiException as err:
SERVER_LOGGER.debug(f"Deleting compute-profile {cp_name}"
f" in PKS failed with error:\n {err}")
raise PksServerError(err.status, err.body)
self.pks_wire_logger.debug(f"Received response from PKS:"
f" {self.pks_host_uri} that it deleted"
f" the compute profile: {cp_name}")
return result
def on_queue_declareok(self, method_frame):
LOGGER.debug(f"Binding ({self.exchange}) to ({self.queue}) with "
f"({self.routing_key})")
self._channel.queue_bind(self.queue,
self.exchange,
routing_key=self.routing_key,
callback=self.on_bindok)
def resolve_entity(self,
entity_id: str,
entity_type_id: str = None) -> DefEntity: # noqa: E501
"""Resolve the entity.
Validates the entity against the schema. Based on the result, entity
state will be either changed to "RESOLVED" (or) "RESOLUTION ERROR".
:param str entity_id: Id of the entity
:return: Defined entity with its state updated.
:rtype: DefEntity
"""
if not entity_type_id:
rde: DefEntity = self.get_entity(entity_id)
entity_type_id = rde.entityType
response_body = self._cloudapi_client.do_request(
method=RequestMethod.POST,
cloudapi_version=CloudApiVersion.VERSION_1_0_0,
resource_url_relative_path=f"{CloudApiResource.ENTITIES}/"
f"{entity_id}/{CloudApiResource.ENTITY_RESOLVE}") # noqa: E501
msg = response_body[def_constants.DEF_ERROR_MESSAGE_KEY]
del response_body[def_constants.DEF_ERROR_MESSAGE_KEY]
entity = DefEntity(entityType=entity_type_id, **response_body)
# TODO: Just record the error message; revisit after HTTP response code
# is good enough to decide if exception should be thrown or not
if entity.state != def_constants.DEF_RESOLVED_STATE:
LOGGER.error(msg)
return entity
def create_pks_compute_profile(request_data, op_ctx: ctx.OperationContext,
pks_context):
ovdc_id = request_data.get(RequestKey.OVDC_ID)
org_name = request_data.get(RequestKey.ORG_NAME)
ovdc_name = request_data.get(RequestKey.OVDC_NAME)
# Compute profile creation
pks_compute_profile_name = _construct_pks_compute_profile_name(
op_ctx.sysadmin_client, ovdc_id)
pks_compute_profile_description = f"{org_name}--{ovdc_name}--{ovdc_id}"
pks_az_name = f"az-{ovdc_name}"
ovdc_rp_name = f"{ovdc_name} ({ovdc_id})"
compute_profile_params = PksComputeProfileParams(
pks_compute_profile_name, pks_az_name, pks_compute_profile_description,
pks_context.get('cpi'), pks_context.get('datacenter'),
pks_context.get('cluster'), ovdc_rp_name).to_dict()
LOGGER.debug(f"Creating PKS Compute Profile with name:"
f"{pks_compute_profile_name}")
pksbroker = PksBroker(pks_context, op_ctx)
try:
pksbroker.create_compute_profile(**compute_profile_params)
except e.PksServerError as err:
if err.status == requests.codes.conflict:
LOGGER.debug(f"Compute profile name {pks_compute_profile_name}"
f" already exists\n{str(err)}")
else:
raise
def _list_clusters(self, data):
"""."""
result = []
try:
cluster_api = ClusterApi(api_client=self.pks_client)
self.pks_wire_logger.debug(
f"Sending request to PKS: {self.pks_host_uri} "
"to list all clusters")
pks_clusters = cluster_api.list_clusters()
self.pks_wire_logger.debug(
f"Received response from PKS: {self.pks_host_uri} "
f"on the list of clusters: {pks_clusters}")
for pks_cluster in pks_clusters:
cluster_info = pks_cluster.to_dict()
cluster_info[K8S_PROVIDER_KEY] = K8sProvider.PKS
self._restore_original_name(cluster_info)
# Flatten the nested 'parameters' dict
cluster_params_dict = cluster_info.pop('parameters')
cluster_info.update(cluster_params_dict)
self.update_cluster_with_vcd_info(cluster_info)
result.append(cluster_info)
except ApiException as err:
SERVER_LOGGER.debug(
f"Listing PKS clusters failed with error:\n {err}"
) # noqa: E501
raise PksServerError(err.status, err.body)
return self._filter_clusters(result, **data)
def stop(self):
LOGGER.info("Stopping")
self._closing = True
self._ctpe.shutdown(wait=True)
self.stop_consuming()
if self._connection:
self._connection.ioloop.stop()
LOGGER.info("Stopped")
def on_connection_closed(self, unused_connection, amqp_exception):
self._channel = None
if self._closing:
self._connection.ioloop.stop()
else:
LOGGER.warning(f"Connection closed, reopening in 5 seconds: "
f"({str(amqp_exception)})")
self._connection.ioloop.call_later(5, self.reconnect)
def setup_exchange(self, exchange_name):
LOGGER.debug(f"Declaring exchange {exchange_name}")
self._channel.exchange_declare(exchange_name,
exchange_type=EXCHANGE_TYPE,
passive=True,
durable=True,
auto_delete=False,
callback=self.on_exchange_declareok)
def process_behavior_request(msg_json, mqtt_publisher: MQTTPublisher):
# Extracting contents from headers
task_id: str = msg_json['headers']['taskId']
entity_id: str = msg_json['headers']['entityId']
behavior_id: str = msg_json['headers']['behaviorId']
usr_ctx: BehaviorUserContext = BehaviorUserContext(**msg_json['headers']['context']) # noqa: E501
# Extracting contents from the input payload
payload: dict = json.loads(msg_json['payload'])
entity: dict = payload['entity']
entity_type_id: str = payload['typeId']
api_version: str = payload['_metadata']['apiVersion']
# This is needed to enable unified API endpoint workflows. Unified API
# endpoint is currently exposed at 37.0.0-alpha (VCD 10.3 Andromeda).
if api_version == API_VERSION_37_ALPHA:
api_version = ApiVersion.VERSION_36.value
auth_token: str = payload['_metadata']['actAsToken']
request_id: str = payload['_metadata']['requestId']
arguments: dict = payload['arguments']
# Initializing Behavior operation context
op_ctx = OperationContext(auth_token=auth_token, request_id=request_id) # noqa: E501
behavior_ctx = RequestContext(
behavior_id=behavior_id,
task_id=task_id,
entity_id=entity_id,
payload=payload,
api_version=float(api_version),
entity=entity,
user_context=usr_ctx,
entity_type_id=entity_type_id,
request_id=request_id,
op_ctx=op_ctx,
mqtt_publisher=mqtt_publisher,
arguments=arguments
)
# Invoke the handler method and return the response in the string format.
try:
return MAP_BEHAVIOR_ID_TO_HANDLER_METHOD[behavior_id](behavior_ctx)
except CseRequestError as e:
error_details = asdict(BehaviorError(majorErrorCode=e.status_code,
minorErrorCode=e.minor_error_code,
message=e.error_message))
payload = mqtt_publisher. \
construct_behavior_payload(status=BehaviorTaskStatus.ERROR.value,
error_details=error_details)
LOGGER.error(f"Error while executing handler: {error_details}", exc_info=True) # noqa: E501
return payload
except Exception as e:
error_details = asdict(BehaviorError(majorErrorCode='500',
message=str(e)))
payload = mqtt_publisher. \
construct_behavior_payload(status=BehaviorTaskStatus.ERROR.value,
error_details=error_details)
LOGGER.error(f"Error while executing handler: {error_details}", exc_info=True) # noqa: E501
return payload
def get_request_id(request_msg, fsencoding):
"""."""
request_id = None
try:
msg_json = json.loads(request_msg.decode(fsencoding))[0]
request_id = msg_json['id']
except Exception:
LOGGER.error(traceback.format_exc())
return request_id
def _does_cluster_belong_to_vdc(self, cluster_info, vdc_name):
# Returns True if the cluster backed by given vdc
# Else False (this also includes missing compute profile name)
compute_profile_name = cluster_info.get('compute_profile_name')
if compute_profile_name is None:
SERVER_LOGGER.debug("compute-profile-name of"
f" {cluster_info.get('name')} is not found")
return False
return vdc_name == self._extract_vdc_name_from_pks_compute_profile_name(compute_profile_name) # noqa: E501
def stop_consuming(self):
if self._channel:
if self._channel.is_closed or self._channel.is_closing:
LOGGER.info("Channel is already closed or is closing.")
return
LOGGER.info(
f"Sending a Basic.Cancel RPC command to RabbitMQ for consumer "
f"({self._consumer_tag})")
self._channel.basic_cancel(self.on_cancelok, self._consumer_tag)
def send_too_many_requests_response(self, properties, body):
if properties.reply_to is not None:
body_json = utils.str_to_json(body, self.fsencoding)[0]
reply_msg = self.form_response_json(
request_id=body_json['id'],
status_code=requests.codes.too_many_requests,
reply_body_str=constants.TOO_MANY_REQUESTS_BODY)
LOGGER.debug(f"reply: ({ constants.TOO_MANY_REQUESTS_BODY})")
self.send_response(reply_msg, properties)
def exception_handler_wrapper(*args, **kwargs):
try:
result = func(*args, **kwargs)
except (KeyError, TypeError, ValueError) as error:
LOGGER.error(error)
raise cse_exception.BadRequestError(error_message=str(error))
except Exception as error:
LOGGER.error(error)
raise error
return result
def send_too_many_requests_response(self, msg):
payload_json = utils.str_to_json(msg.payload, self.fsencoding)
request_id = payload_json["headers"]["requestId"]
LOGGER.debug(f"Replying with 'too many requests response' for "
f"request_id: {request_id} and msg id: {msg.mid}")
response_json = self._mqtt_publisher.construct_response_json(
request_id=request_id,
status_code=requests.codes.too_many_requests,
reply_body_str=constants.TOO_MANY_REQUESTS_BODY)
self._mqtt_publisher.send_response(response_json)
def process_behavior_message(self, msg_json):
status, payload = behavior_dispatcher.process_behavior_request(
msg_json) # noqa: E501
task_id: str = msg_json['headers']['taskId']
entity_id: str = msg_json['headers']['entityId']
response_json = self.form_behavior_response_json(task_id=task_id,
entity_id=entity_id,
payload=payload,
status=status)
self.send_response(response_json)
LOGGER.debug(f'MQTT response: {response_json}')
def connect(self) -> pika.connection.Connection:
LOGGER.info(f"Connecting to {self.host}:{self.port}")
credentials = pika.PlainCredentials(self.username, self.password)
parameters = pika.ConnectionParameters(self.host,
self.port,
self.vhost,
credentials,
connection_attempts=3,
retry_delay=2,
socket_timeout=5)
return pika.SelectConnection(parameters, self.on_connection_open)
def send_response(self, response_json):
self._publish_lock.acquire()
try:
pub_ret = self.mqtt_client.publish(topic=self.respond_topic,
payload=json.dumps(
response_json),
qos=constants.QOS_LEVEL,
retain=False)
finally:
self._publish_lock.release()
LOGGER.debug(f"publish return (rc, msg_id): {pub_ret}")
def exception_handler_wrapper(*args, **kwargs):
try:
result = func(*args, **kwargs)
except (KeyError, TypeError, ValueError) as error:
LOGGER.error(error)
raise cse_exception.BadRequestError(error_message=str(error))
except Exception as error:
LOGGER.error(error)
if not isinstance(error, cse_exception.CseRequestError):
raise cse_exception.InternalServerRequestError(
error_message=str(error)) # noqa: E501
raise error
return result
def _does_cluster_belong_to_org(self, cluster_info, org_name):
# Returns True if the cluster belongs to the given org
# Else False (this also includes missing compute profile name)
compute_profile_name = cluster_info.get('compute_profile_name')
if compute_profile_name is None:
SERVER_LOGGER.debug("compute-profile-name of"
f" {cluster_info.get('name')} is not found")
return False
vdc_id = self._extract_vdc_id_from_pks_compute_profile_name(
compute_profile_name)
return org_name == get_org_name_from_ovdc_id(
self.context.sysadmin_client, vdc_id)
def resize_cluster(self, **kwargs):
"""Resize the cluster of a given name to given number of worker nodes.
System administrator can resize the given cluster regardless of
who is the owner of the cluster. Other users can only resize
the cluster they own.
:return: response status
:rtype: dict
"""
data = kwargs[KwargKey.DATA]
cluster_name = data[RequestKey.CLUSTER_NAME]
num_workers = data[RequestKey.NUM_WORKERS]
qualified_cluster_name = self._append_user_id(cluster_name)
if (self.context.client.is_sysadmin()
or self.context.user.has_org_admin_rights):
cluster_info = self._get_cluster_info(data)
qualified_cluster_name = cluster_info['pks_cluster_name']
self._check_cluster_isolation(cluster_name, qualified_cluster_name)
result = {}
cluster_api = ClusterApi(api_client=self.pks_client)
self.pks_wire_logger.debug(f"Sending request to"
f" PKS:{self.pks_host_uri} to resize"
f" the cluster with name:"
f"{qualified_cluster_name} to"
f" {num_workers} worker nodes")
resize_params = \
UpdateClusterParameters(kubernetes_worker_instances=num_workers)
try:
cluster_api.update_cluster(qualified_cluster_name,
body=resize_params)
except ApiException as err:
SERVER_LOGGER.debug(f"Resizing cluster {qualified_cluster_name}"
f" failed with error:\n {err}")
raise PksServerError(err.status, err.body)
self.pks_wire_logger.debug(f"PKS: {self.pks_host_uri} accepted the"
f" request to resize the cluster: "
f" {qualified_cluster_name}")
result['name'] = qualified_cluster_name
result['task_status'] = 'in progress'
self._restore_original_name(result)
if not self.context.client.is_sysadmin():
self._filter_sensitive_pks_properties(result)
return result
def connect(self):
def on_connect(mqtt_client, userdata, flags, rc):
LOGGER.info(f'MQTT client connected with result code {rc} and '
f'flags {flags}')
mqtt_client.subscribe(self.listen_topic, qos=constants.QOS_LEVEL)
def on_message(mqtt_client, userdata, msg):
# No longer processing messages if server is closing
if self._is_closing:
return
msg_json = json.loads(msg.payload.decode(self.fsencoding))
if msg_json['type'] == 'BEHAVIOR_INVOCATION':
if self._behavior_tpe.max_threads_busy():
# TODO Find out from Extensibility on what is recommended.
self.send_too_many_requests_response(msg)
else:
self._behavior_tpe.submit(
lambda: self.process_behavior_message(msg_json=msg_json
)) # noqa: E501
elif self._ctpe.max_threads_busy():
self.send_too_many_requests_response(msg)
else:
self._ctpe.submit(lambda: self.process_mqtt_message(msg))
def on_subscribe(mqtt_client, userdata, msg_id, given_qos):
LOGGER.info(f'MQTT client subscribed with given_qos: {given_qos}')
def on_disconnect(mqtt_client, userdata, rc):
LOGGER.info(f'MQTT disconnect with reason: {rc}')
self._mqtt_client = mqtt.Client(client_id=constants.MQTT_CLIENT_ID,
transport=constants.TRANSPORT_WSS)
self._mqtt_client.username_pw_set(username=self.client_username,
password=self.token)
cert_req = ssl.CERT_REQUIRED if self.verify_ssl else ssl.CERT_NONE
self._mqtt_client.tls_set(cert_reqs=cert_req)
self._mqtt_client.ws_set_options(path=constants.MQTT_BROKER_PATH)
# Setup callbacks
self._mqtt_client.on_connect = on_connect
self._mqtt_client.on_message = on_message
self._mqtt_client.on_disconnect = on_disconnect
self._mqtt_client.on_subscribe = on_subscribe
try:
self._mqtt_client.connect(self.url,
port=constants.MQTT_CONNECT_PORT)
except Exception as e:
LOGGER.error(f'MQTT client connection error: {e}')
raise
self._mqtt_client.loop_forever()
def exception_handler_wrapper(*args, **kwargs):
try:
result = func(*args, **kwargs)
except HTTPError as error:
response_dict = json.loads(error.response.text)
error_message = response_dict.get('message')
LOGGER.error(error_message)
raise cse_exception.DefEntityServiceError(
error_message=error_message,
minor_error_code=MinorErrorCode.DEFAULT_ERROR_CODE)
except Exception as error:
LOGGER.error(error)
raise error
return result
def _isolate_cluster(self, cluster_name, qualified_cluster_name,
cluster_id):
if not cluster_id:
raise ValueError(f"Invalid cluster_id for cluster "
f"'{cluster_name}'")
SERVER_LOGGER.debug(f"Isolating network of cluster {qualified_cluster_name}.") # noqa: E501
try:
cluster_network_isolater = ClusterNetworkIsolater(self.nsxt_client)
cluster_network_isolater.isolate_cluster(qualified_cluster_name,
cluster_id)
except Exception as err:
raise ClusterNetworkIsolationError(
f"Cluster : '{cluster_name}' is in an unusable state. Failed "
"to isolate cluster network") from err
def delete_dnat_rule(self, rule_name):
nat_rule_id = self._get_dnat_rule_id(rule_name)
if not nat_rule_id:
raise Exception(f'No dnat rule found with name: {rule_name}')
try:
self._cloudapi_client.do_request(
method=shared_constants.RequestMethod.DELETE,
cloudapi_version=cloudapi_constants.CloudApiVersion.
VERSION_1_0_0, # noqa: E501
resource_url_relative_path=
f"{self._nat_rules_relative_path}/{nat_rule_id}") # noqa: E501
self._wait_for_last_cloudapi_task()
except Exception as err:
SERVER_LOGGER.info(f'Failed to delete dnat rule: {str(err)}')
