def decorator_wrapper(*args, **kwargs): server_config = server_utils.get_server_runtime_config() if (server_config.get_value_at('service.enforce_authorization') and required_rights is not None and len(required_rights) > 0): class_instance: abstract_broker.AbstractBroker = args[0] user_rights = class_instance.context.user.rights missing_rights = [] for right_name in required_rights: right_name_with_namespace = \ f"{{{CSE_SERVICE_NAMESPACE}}}:{right_name}" if right_name_with_namespace not in user_rights: missing_rights.append(right_name_with_namespace) if len(missing_rights) > 0: LOGGER.debug(f"Authorization failed for user " f"'{class_instance.context.user.name}'. " f"Missing required rights: " f"{missing_rights}") raise Exception(f'Access forbidden. Missing required ' f'rights: {missing_rights}') return func(*args, **kwargs)
def get_compute_profile(self, cp_name): """Get the details of compute profile. :param str cp_name: Name of the compute profile :return: Details of the compute profile as body of the result :rtype: dict """ result = { 'body': [], 'status_code': requests.codes.ok, } profile_api = ProfileApi(api_client=self.pks_client) self.pks_wire_logger.debug(f"Sending request to" f" PKS:{self.pks_host_uri} to get the" f" compute profile: {cp_name}") try: compute_profile = \ profile_api.get_compute_profile(profile_name=cp_name) except ApiException as err: SERVER_LOGGER.debug(f"Creating compute-profile {cp_name}" f" in PKS failed with error:\n {err}") raise PksServerError(err.status, err.body) self.pks_wire_logger.debug(f"Received response from" f" PKS: {self.pks_host_uri} on" f" compute-profile: {cp_name} with" f" details: {compute_profile.to_dict()}") result['body'] = compute_profile.to_dict() return result
def create_compute_profile(self, cp_name, az_name, description, cpi, datacenter_name, cluster_name, ovdc_rp_name): """Create a PKS compute profile that maps to a given oVdc in vCD. :param str cp_name: Name of the compute profile :param str az_name: Name of the PKS availability zone to be defined :param str description: Description of the compute profile :param str cpi: Unique identifier provided by BOSH :param str datacenter_name: Name of the datacenter :param str cluster_name: Name of the cluster :param str ovdc_rp_name: Name of the oVdc resource pool :return: result :rtype: dict """ result = { 'body': [], 'status_code': requests.codes.ok, } profile_api = ProfileApi(api_client=self.pks_client) resource_pool = { 'resource_pool': ovdc_rp_name } cloud_properties = { 'datacenters': [ { 'name': datacenter_name, 'clusters': [ { cluster_name: resource_pool } ] } ] } az = AZ(name=az_name, cpi=cpi, cloud_properties=cloud_properties) cp_params = ComputeProfileParameters(azs=[az]) cp_request = ComputeProfileRequest(name=cp_name, description=description, parameters=cp_params) self.pks_wire_logger.debug(f"Sending request to" f" PKS:{self.pks_host_uri} to create the" f" compute profile: {cp_name}" f" for ovdc {ovdc_rp_name}") try: profile_api.add_compute_profile(body=cp_request) except ApiException as err: SERVER_LOGGER.debug(f"Creating compute-profile {cp_name} in PKS" f" failed with error:\n {err}") raise PksServerError(err.status, err.body) self.pks_wire_logger.debug(f"PKS: {self.pks_host_uri} created the" f" compute profile: {cp_name}" f" for ovdc {ovdc_rp_name}") return result
def list_compute_profiles(self): """Get the list of compute profiles. :return: List of compute profile details as body of the result :rtype: dict """ result = { 'body': [], 'status_code': requests.codes.ok, } profile_api = ProfileApi(api_client=self.pks_client) self.pks_wire_logger.debug(f"Sending request to PKS:" f" {self.pks_host_uri} to get the" f" list of compute profiles") try: cp_list = profile_api.list_compute_profiles() except ApiException as err: SERVER_LOGGER.debug(f"Listing compute-profiles in PKS failed " f"with error:\n {err}") raise PksServerError(err.status, err.body) list_of_cp_dicts = [cp.to_dict() for cp in cp_list] self.pks_wire_logger.debug(f"Received response from PKS:" f" {self.pks_host_uri} on list of" f" compute profiles: {list_of_cp_dicts}") result['body'] = list_of_cp_dicts return result
def record_user_action(cse_operation, status=OperationStatus.SUCCESS, message=None, telemetry_settings=None): """Record CSE user action information in telemetry server. No exceptions should be leaked. Catch all exceptions and log them. :param CseOperation cse_operation: :param OperationStatus status: SUCCESS/FAILURE of the user action :param str message: any information about failure or custom message :param dict telemetry_settings: telemetry section CSE config->service """ try: if not telemetry_settings: server_config = get_server_runtime_config() telemetry_settings = None if not server_config else \ server_config.get_value_at('service.telemetry') if telemetry_settings: if telemetry_settings.get('enable'): payload = get_payload_for_user_action(cse_operation, status, message) # noqa: E501 _send_data_to_telemetry_server(payload, telemetry_settings) else: LOGGER.debug('No telemetry settings found.') except Exception as err: LOGGER.warning( f"Error in recording user action information:{str(err)}", exc_info=True) # noqa: E501
def delete_compute_profile(self, cp_name): """Delete the compute profile with a given name. :param str cp_name: Name of the compute profile :return: result :rtype: dict """ result = { 'body': [], 'status_code': requests.codes.ok, } profile_api = ProfileApi(api_client=self.pks_client) self.pks_wire_logger.debug(f"Sending request to PKS:" f"{self.pks_host_uri} to delete" f" the compute profile: {cp_name}") try: profile_api.delete_compute_profile(profile_name=cp_name) except ApiException as err: SERVER_LOGGER.debug(f"Deleting compute-profile {cp_name}" f" in PKS failed with error:\n {err}") raise PksServerError(err.status, err.body) self.pks_wire_logger.debug(f"Received response from PKS:" f" {self.pks_host_uri} that it deleted" f" the compute profile: {cp_name}") return result
def on_queue_declareok(self, method_frame): LOGGER.debug(f"Binding ({self.exchange}) to ({self.queue}) with " f"({self.routing_key})") self._channel.queue_bind(self.queue, self.exchange, routing_key=self.routing_key, callback=self.on_bindok)
def resolve_entity(self, entity_id: str, entity_type_id: str = None) -> DefEntity: # noqa: E501 """Resolve the entity. Validates the entity against the schema. Based on the result, entity state will be either changed to "RESOLVED" (or) "RESOLUTION ERROR". :param str entity_id: Id of the entity :return: Defined entity with its state updated. :rtype: DefEntity """ if not entity_type_id: rde: DefEntity = self.get_entity(entity_id) entity_type_id = rde.entityType response_body = self._cloudapi_client.do_request( method=RequestMethod.POST, cloudapi_version=CloudApiVersion.VERSION_1_0_0, resource_url_relative_path=f"{CloudApiResource.ENTITIES}/" f"{entity_id}/{CloudApiResource.ENTITY_RESOLVE}") # noqa: E501 msg = response_body[def_constants.DEF_ERROR_MESSAGE_KEY] del response_body[def_constants.DEF_ERROR_MESSAGE_KEY] entity = DefEntity(entityType=entity_type_id, **response_body) # TODO: Just record the error message; revisit after HTTP response code # is good enough to decide if exception should be thrown or not if entity.state != def_constants.DEF_RESOLVED_STATE: LOGGER.error(msg) return entity
def create_pks_compute_profile(request_data, op_ctx: ctx.OperationContext, pks_context): ovdc_id = request_data.get(RequestKey.OVDC_ID) org_name = request_data.get(RequestKey.ORG_NAME) ovdc_name = request_data.get(RequestKey.OVDC_NAME) # Compute profile creation pks_compute_profile_name = _construct_pks_compute_profile_name( op_ctx.sysadmin_client, ovdc_id) pks_compute_profile_description = f"{org_name}--{ovdc_name}--{ovdc_id}" pks_az_name = f"az-{ovdc_name}" ovdc_rp_name = f"{ovdc_name} ({ovdc_id})" compute_profile_params = PksComputeProfileParams( pks_compute_profile_name, pks_az_name, pks_compute_profile_description, pks_context.get('cpi'), pks_context.get('datacenter'), pks_context.get('cluster'), ovdc_rp_name).to_dict() LOGGER.debug(f"Creating PKS Compute Profile with name:" f"{pks_compute_profile_name}") pksbroker = PksBroker(pks_context, op_ctx) try: pksbroker.create_compute_profile(**compute_profile_params) except e.PksServerError as err: if err.status == requests.codes.conflict: LOGGER.debug(f"Compute profile name {pks_compute_profile_name}" f" already exists\n{str(err)}") else: raise
def _list_clusters(self, data): """.""" result = [] try: cluster_api = ClusterApi(api_client=self.pks_client) self.pks_wire_logger.debug( f"Sending request to PKS: {self.pks_host_uri} " "to list all clusters") pks_clusters = cluster_api.list_clusters() self.pks_wire_logger.debug( f"Received response from PKS: {self.pks_host_uri} " f"on the list of clusters: {pks_clusters}") for pks_cluster in pks_clusters: cluster_info = pks_cluster.to_dict() cluster_info[K8S_PROVIDER_KEY] = K8sProvider.PKS self._restore_original_name(cluster_info) # Flatten the nested 'parameters' dict cluster_params_dict = cluster_info.pop('parameters') cluster_info.update(cluster_params_dict) self.update_cluster_with_vcd_info(cluster_info) result.append(cluster_info) except ApiException as err: SERVER_LOGGER.debug( f"Listing PKS clusters failed with error:\n {err}" ) # noqa: E501 raise PksServerError(err.status, err.body) return self._filter_clusters(result, **data)
def stop(self): LOGGER.info("Stopping") self._closing = True self._ctpe.shutdown(wait=True) self.stop_consuming() if self._connection: self._connection.ioloop.stop() LOGGER.info("Stopped")
def on_connection_closed(self, unused_connection, amqp_exception): self._channel = None if self._closing: self._connection.ioloop.stop() else: LOGGER.warning(f"Connection closed, reopening in 5 seconds: " f"({str(amqp_exception)})") self._connection.ioloop.call_later(5, self.reconnect)
def setup_exchange(self, exchange_name): LOGGER.debug(f"Declaring exchange {exchange_name}") self._channel.exchange_declare(exchange_name, exchange_type=EXCHANGE_TYPE, passive=True, durable=True, auto_delete=False, callback=self.on_exchange_declareok)
def process_behavior_request(msg_json, mqtt_publisher: MQTTPublisher): # Extracting contents from headers task_id: str = msg_json['headers']['taskId'] entity_id: str = msg_json['headers']['entityId'] behavior_id: str = msg_json['headers']['behaviorId'] usr_ctx: BehaviorUserContext = BehaviorUserContext(**msg_json['headers']['context']) # noqa: E501 # Extracting contents from the input payload payload: dict = json.loads(msg_json['payload']) entity: dict = payload['entity'] entity_type_id: str = payload['typeId'] api_version: str = payload['_metadata']['apiVersion'] # This is needed to enable unified API endpoint workflows. Unified API # endpoint is currently exposed at 37.0.0-alpha (VCD 10.3 Andromeda). if api_version == API_VERSION_37_ALPHA: api_version = ApiVersion.VERSION_36.value auth_token: str = payload['_metadata']['actAsToken'] request_id: str = payload['_metadata']['requestId'] arguments: dict = payload['arguments'] # Initializing Behavior operation context op_ctx = OperationContext(auth_token=auth_token, request_id=request_id) # noqa: E501 behavior_ctx = RequestContext( behavior_id=behavior_id, task_id=task_id, entity_id=entity_id, payload=payload, api_version=float(api_version), entity=entity, user_context=usr_ctx, entity_type_id=entity_type_id, request_id=request_id, op_ctx=op_ctx, mqtt_publisher=mqtt_publisher, arguments=arguments ) # Invoke the handler method and return the response in the string format. try: return MAP_BEHAVIOR_ID_TO_HANDLER_METHOD[behavior_id](behavior_ctx) except CseRequestError as e: error_details = asdict(BehaviorError(majorErrorCode=e.status_code, minorErrorCode=e.minor_error_code, message=e.error_message)) payload = mqtt_publisher. \ construct_behavior_payload(status=BehaviorTaskStatus.ERROR.value, error_details=error_details) LOGGER.error(f"Error while executing handler: {error_details}", exc_info=True) # noqa: E501 return payload except Exception as e: error_details = asdict(BehaviorError(majorErrorCode='500', message=str(e))) payload = mqtt_publisher. \ construct_behavior_payload(status=BehaviorTaskStatus.ERROR.value, error_details=error_details) LOGGER.error(f"Error while executing handler: {error_details}", exc_info=True) # noqa: E501 return payload
def get_request_id(request_msg, fsencoding): """.""" request_id = None try: msg_json = json.loads(request_msg.decode(fsencoding))[0] request_id = msg_json['id'] except Exception: LOGGER.error(traceback.format_exc()) return request_id
def _does_cluster_belong_to_vdc(self, cluster_info, vdc_name): # Returns True if the cluster backed by given vdc # Else False (this also includes missing compute profile name) compute_profile_name = cluster_info.get('compute_profile_name') if compute_profile_name is None: SERVER_LOGGER.debug("compute-profile-name of" f" {cluster_info.get('name')} is not found") return False return vdc_name == self._extract_vdc_name_from_pks_compute_profile_name(compute_profile_name) # noqa: E501
def stop_consuming(self): if self._channel: if self._channel.is_closed or self._channel.is_closing: LOGGER.info("Channel is already closed or is closing.") return LOGGER.info( f"Sending a Basic.Cancel RPC command to RabbitMQ for consumer " f"({self._consumer_tag})") self._channel.basic_cancel(self.on_cancelok, self._consumer_tag)
def send_too_many_requests_response(self, properties, body): if properties.reply_to is not None: body_json = utils.str_to_json(body, self.fsencoding)[0] reply_msg = self.form_response_json( request_id=body_json['id'], status_code=requests.codes.too_many_requests, reply_body_str=constants.TOO_MANY_REQUESTS_BODY) LOGGER.debug(f"reply: ({ constants.TOO_MANY_REQUESTS_BODY})") self.send_response(reply_msg, properties)
def exception_handler_wrapper(*args, **kwargs): try: result = func(*args, **kwargs) except (KeyError, TypeError, ValueError) as error: LOGGER.error(error) raise cse_exception.BadRequestError(error_message=str(error)) except Exception as error: LOGGER.error(error) raise error return result
def send_too_many_requests_response(self, msg): payload_json = utils.str_to_json(msg.payload, self.fsencoding) request_id = payload_json["headers"]["requestId"] LOGGER.debug(f"Replying with 'too many requests response' for " f"request_id: {request_id} and msg id: {msg.mid}") response_json = self._mqtt_publisher.construct_response_json( request_id=request_id, status_code=requests.codes.too_many_requests, reply_body_str=constants.TOO_MANY_REQUESTS_BODY) self._mqtt_publisher.send_response(response_json)
def process_behavior_message(self, msg_json): status, payload = behavior_dispatcher.process_behavior_request( msg_json) # noqa: E501 task_id: str = msg_json['headers']['taskId'] entity_id: str = msg_json['headers']['entityId'] response_json = self.form_behavior_response_json(task_id=task_id, entity_id=entity_id, payload=payload, status=status) self.send_response(response_json) LOGGER.debug(f'MQTT response: {response_json}')
def connect(self) -> pika.connection.Connection: LOGGER.info(f"Connecting to {self.host}:{self.port}") credentials = pika.PlainCredentials(self.username, self.password) parameters = pika.ConnectionParameters(self.host, self.port, self.vhost, credentials, connection_attempts=3, retry_delay=2, socket_timeout=5) return pika.SelectConnection(parameters, self.on_connection_open)
def send_response(self, response_json): self._publish_lock.acquire() try: pub_ret = self.mqtt_client.publish(topic=self.respond_topic, payload=json.dumps( response_json), qos=constants.QOS_LEVEL, retain=False) finally: self._publish_lock.release() LOGGER.debug(f"publish return (rc, msg_id): {pub_ret}")
def exception_handler_wrapper(*args, **kwargs): try: result = func(*args, **kwargs) except (KeyError, TypeError, ValueError) as error: LOGGER.error(error) raise cse_exception.BadRequestError(error_message=str(error)) except Exception as error: LOGGER.error(error) if not isinstance(error, cse_exception.CseRequestError): raise cse_exception.InternalServerRequestError( error_message=str(error)) # noqa: E501 raise error return result
def _does_cluster_belong_to_org(self, cluster_info, org_name): # Returns True if the cluster belongs to the given org # Else False (this also includes missing compute profile name) compute_profile_name = cluster_info.get('compute_profile_name') if compute_profile_name is None: SERVER_LOGGER.debug("compute-profile-name of" f" {cluster_info.get('name')} is not found") return False vdc_id = self._extract_vdc_id_from_pks_compute_profile_name( compute_profile_name) return org_name == get_org_name_from_ovdc_id( self.context.sysadmin_client, vdc_id)
def resize_cluster(self, **kwargs): """Resize the cluster of a given name to given number of worker nodes. System administrator can resize the given cluster regardless of who is the owner of the cluster. Other users can only resize the cluster they own. :return: response status :rtype: dict """ data = kwargs[KwargKey.DATA] cluster_name = data[RequestKey.CLUSTER_NAME] num_workers = data[RequestKey.NUM_WORKERS] qualified_cluster_name = self._append_user_id(cluster_name) if (self.context.client.is_sysadmin() or self.context.user.has_org_admin_rights): cluster_info = self._get_cluster_info(data) qualified_cluster_name = cluster_info['pks_cluster_name'] self._check_cluster_isolation(cluster_name, qualified_cluster_name) result = {} cluster_api = ClusterApi(api_client=self.pks_client) self.pks_wire_logger.debug(f"Sending request to" f" PKS:{self.pks_host_uri} to resize" f" the cluster with name:" f"{qualified_cluster_name} to" f" {num_workers} worker nodes") resize_params = \ UpdateClusterParameters(kubernetes_worker_instances=num_workers) try: cluster_api.update_cluster(qualified_cluster_name, body=resize_params) except ApiException as err: SERVER_LOGGER.debug(f"Resizing cluster {qualified_cluster_name}" f" failed with error:\n {err}") raise PksServerError(err.status, err.body) self.pks_wire_logger.debug(f"PKS: {self.pks_host_uri} accepted the" f" request to resize the cluster: " f" {qualified_cluster_name}") result['name'] = qualified_cluster_name result['task_status'] = 'in progress' self._restore_original_name(result) if not self.context.client.is_sysadmin(): self._filter_sensitive_pks_properties(result) return result
def connect(self): def on_connect(mqtt_client, userdata, flags, rc): LOGGER.info(f'MQTT client connected with result code {rc} and ' f'flags {flags}') mqtt_client.subscribe(self.listen_topic, qos=constants.QOS_LEVEL) def on_message(mqtt_client, userdata, msg): # No longer processing messages if server is closing if self._is_closing: return msg_json = json.loads(msg.payload.decode(self.fsencoding)) if msg_json['type'] == 'BEHAVIOR_INVOCATION': if self._behavior_tpe.max_threads_busy(): # TODO Find out from Extensibility on what is recommended. self.send_too_many_requests_response(msg) else: self._behavior_tpe.submit( lambda: self.process_behavior_message(msg_json=msg_json )) # noqa: E501 elif self._ctpe.max_threads_busy(): self.send_too_many_requests_response(msg) else: self._ctpe.submit(lambda: self.process_mqtt_message(msg)) def on_subscribe(mqtt_client, userdata, msg_id, given_qos): LOGGER.info(f'MQTT client subscribed with given_qos: {given_qos}') def on_disconnect(mqtt_client, userdata, rc): LOGGER.info(f'MQTT disconnect with reason: {rc}') self._mqtt_client = mqtt.Client(client_id=constants.MQTT_CLIENT_ID, transport=constants.TRANSPORT_WSS) self._mqtt_client.username_pw_set(username=self.client_username, password=self.token) cert_req = ssl.CERT_REQUIRED if self.verify_ssl else ssl.CERT_NONE self._mqtt_client.tls_set(cert_reqs=cert_req) self._mqtt_client.ws_set_options(path=constants.MQTT_BROKER_PATH) # Setup callbacks self._mqtt_client.on_connect = on_connect self._mqtt_client.on_message = on_message self._mqtt_client.on_disconnect = on_disconnect self._mqtt_client.on_subscribe = on_subscribe try: self._mqtt_client.connect(self.url, port=constants.MQTT_CONNECT_PORT) except Exception as e: LOGGER.error(f'MQTT client connection error: {e}') raise self._mqtt_client.loop_forever()
def exception_handler_wrapper(*args, **kwargs): try: result = func(*args, **kwargs) except HTTPError as error: response_dict = json.loads(error.response.text) error_message = response_dict.get('message') LOGGER.error(error_message) raise cse_exception.DefEntityServiceError( error_message=error_message, minor_error_code=MinorErrorCode.DEFAULT_ERROR_CODE) except Exception as error: LOGGER.error(error) raise error return result
def _isolate_cluster(self, cluster_name, qualified_cluster_name, cluster_id): if not cluster_id: raise ValueError(f"Invalid cluster_id for cluster " f"'{cluster_name}'") SERVER_LOGGER.debug(f"Isolating network of cluster {qualified_cluster_name}.") # noqa: E501 try: cluster_network_isolater = ClusterNetworkIsolater(self.nsxt_client) cluster_network_isolater.isolate_cluster(qualified_cluster_name, cluster_id) except Exception as err: raise ClusterNetworkIsolationError( f"Cluster : '{cluster_name}' is in an unusable state. Failed " "to isolate cluster network") from err
def delete_dnat_rule(self, rule_name): nat_rule_id = self._get_dnat_rule_id(rule_name) if not nat_rule_id: raise Exception(f'No dnat rule found with name: {rule_name}') try: self._cloudapi_client.do_request( method=shared_constants.RequestMethod.DELETE, cloudapi_version=cloudapi_constants.CloudApiVersion. VERSION_1_0_0, # noqa: E501 resource_url_relative_path= f"{self._nat_rules_relative_path}/{nat_rule_id}") # noqa: E501 self._wait_for_last_cloudapi_task() except Exception as err: SERVER_LOGGER.info(f'Failed to delete dnat rule: {str(err)}')