def _promote(self, req, id, body): """Promote a replica to active state.""" context = req.environ['manila.context'] try: replica = db.share_replica_get(context, id) except exception.ShareReplicaNotFound: msg = _("No replica exists with ID %s.") raise exc.HTTPNotFound(explanation=msg % id) share_network_id = replica.get('share_network_id') if share_network_id: share_network = db.share_network_get(context, share_network_id) common.check_share_network_is_active(share_network) replica_state = replica.get('replica_state') if replica_state == constants.REPLICA_STATE_ACTIVE: return webob.Response(status_int=http_client.OK) try: replica = self.share_api.promote_share_replica(context, replica) except exception.ReplicationException as e: raise exc.HTTPBadRequest(explanation=six.text_type(e)) except exception.AdminRequired as e: raise exc.HTTPForbidden(explanation=six.text_type(e)) return self._view_builder.detail(req, replica)
def _cifs_deny_access(self, context, share, access, share_server): """Deny access to cifs share.""" self._ensure_access_type_for_cifs(access) network_id = share['share_network_id'] share_network = manila_db.share_network_get(context, network_id) security_services = share_network['security_services'] self._ensure_security_service_for_cifs(security_services) share_name = share['name'] mover_name = self._get_vdm_name(share_server) user_name = access['access_to'] access_level = access['access_level'] if access_level == const.ACCESS_LEVEL_RW: cifs_access = constants.CIFS_ACL_FULLCONTROL else: cifs_access = constants.CIFS_ACL_READ status, out = self._NASCmd_helper.deny_cifs_access( mover_name, share_name, user_name, security_services[0]['domain'], access=cifs_access) if constants.STATUS_OK != status: message = (_("Could not deny access to CIFS share. Reason: %s.") % out) LOG.error(message) raise exception.EMCVnxXMLAPIError(err=message)
def migration_start(self, req, id, body): """Migrate a share to the specified host.""" context = req.environ['manila.context'] try: share = self.share_api.get(context, id) except exception.NotFound: msg = _("Share %s not found.") % id raise exc.HTTPNotFound(explanation=msg) params = body.get('migration_start') if not params: raise exc.HTTPBadRequest(explanation=_("Request is missing body.")) driver_assisted_params = ['preserve_metadata', 'writable', 'nondisruptive', 'preserve_snapshots'] bool_params = (driver_assisted_params + ['force_host_assisted_migration']) mandatory_params = driver_assisted_params + ['host'] utils.check_params_exist(mandatory_params, params) bool_param_values = utils.check_params_are_boolean(bool_params, params) new_share_network = None new_share_type = None new_share_network_id = params.get('new_share_network_id', None) if new_share_network_id: try: new_share_network = db.share_network_get( context, new_share_network_id) except exception.NotFound: msg = _("Share network %s not " "found.") % new_share_network_id raise exc.HTTPBadRequest(explanation=msg) new_share_type_id = params.get('new_share_type_id', None) if new_share_type_id: try: new_share_type = db.share_type_get( context, new_share_type_id) except exception.NotFound: msg = _("Share type %s not found.") % new_share_type_id raise exc.HTTPBadRequest(explanation=msg) try: return_code = self.share_api.migration_start( context, share, params['host'], bool_param_values['force_host_assisted_migration'], bool_param_values['preserve_metadata'], bool_param_values['writable'], bool_param_values['nondisruptive'], bool_param_values['preserve_snapshots'], new_share_network=new_share_network, new_share_type=new_share_type) except exception.Conflict as e: raise exc.HTTPConflict(explanation=six.text_type(e)) return webob.Response(status_int=return_code)
def _get_security_services(self, req, is_detail): """Returns a transformed list of security services. The list gets transformed through view builder. """ context = req.environ['manila.context'] search_opts = {} search_opts.update(req.GET) # NOTE(vponomaryov): remove 'status' from search opts # since it was removed from security service model. search_opts.pop('status', None) if 'share_network_id' in search_opts: share_nw = db.share_network_get(context, search_opts['share_network_id']) security_services = share_nw['security_services'] del search_opts['share_network_id'] else: if 'all_tenants' in search_opts and context.is_admin: policy.check_policy(context, RESOURCE_NAME, 'get_all_security_services') security_services = db.security_service_get_all(context) else: security_services = db.security_service_get_all_by_project( context, context.project_id) search_opts.pop('all_tenants', None) common.remove_invalid_options( context, search_opts, self._get_security_services_search_options()) if search_opts: results = [] not_found = object() for ss in security_services: if all(ss.get(opt, not_found) == value for opt, value in search_opts.items()): results.append(ss) security_services = results limited_list = common.limited(security_services, req) if is_detail: security_services = self._view_builder.detail_list( req, limited_list) for ss in security_services['security_services']: share_networks = db.share_network_get_all_by_security_service( context, ss['id']) ss['share_networks'] = [sn['id'] for sn in share_networks] else: security_services = self._view_builder.summary_list( req, limited_list) return security_services
def _allow_access(self, req, id, body, enable_ceph=False, allow_on_error_status=False, enable_ipv6=False, enable_metadata=False): """Add share access rule.""" context = req.environ['manila.context'] access_data = body.get('allow_access', body.get('os-allow_access')) if not enable_metadata: access_data.pop('metadata', None) share = self.share_api.get(context, id) share_network_id = share.get('share_network_id') if share_network_id: share_network = db.share_network_get(context, share_network_id) common.check_share_network_is_active(share_network) if (not allow_on_error_status and self._any_instance_has_errored_rules(share)): msg = _("Access rules cannot be added while the share or any of " "its replicas or migration copies has its " "access_rules_status set to %(instance_rules_status)s. " "Deny any rules in %(rule_state)s state and try " "again.") % { 'instance_rules_status': constants.SHARE_INSTANCE_RULES_ERROR, 'rule_state': constants.ACCESS_STATE_ERROR, } raise webob.exc.HTTPBadRequest(explanation=msg) access_type = access_data['access_type'] access_to = access_data['access_to'] common.validate_access(access_type=access_type, access_to=access_to, enable_ceph=enable_ceph, enable_ipv6=enable_ipv6) try: access = self.share_api.allow_access( context, share, access_type, access_to, access_data.get('access_level'), access_data.get('metadata')) except exception.ShareAccessExists as e: raise webob.exc.HTTPBadRequest(explanation=e.msg) except exception.InvalidMetadata as error: raise exc.HTTPBadRequest(explanation=error.msg) except exception.InvalidMetadataSize as error: raise exc.HTTPBadRequest(explanation=error.msg) return self._access_view_builder.view(req, access)
def _get_security_services(self, req, is_detail): """Returns a transformed list of security services. The list gets transformed through view builder. """ context = req.environ['manila.context'] search_opts = {} search_opts.update(req.GET) # NOTE(vponomaryov): remove 'status' from search opts # since it was removed from security service model. search_opts.pop('status', None) if 'share_network_id' in search_opts: share_nw = db.share_network_get(context, search_opts['share_network_id']) security_services = share_nw['security_services'] del search_opts['share_network_id'] else: if context.is_admin and utils.is_all_tenants(search_opts): policy.check_policy(context, RESOURCE_NAME, 'get_all_security_services') security_services = db.security_service_get_all(context) else: security_services = db.security_service_get_all_by_project( context, context.project_id) search_opts.pop('all_tenants', None) common.remove_invalid_options( context, search_opts, self._get_security_services_search_options()) if search_opts: results = [] not_found = object() for ss in security_services: if all( ss.get(opt, not_found) == value for opt, value in search_opts.items()): results.append(ss) security_services = results limited_list = common.limited(security_services, req) if is_detail: security_services = self._view_builder.detail_list( req, limited_list) for ss in security_services['security_services']: share_networks = db.share_network_get_all_by_security_service( context, ss['id']) ss['share_networks'] = [sn['id'] for sn in share_networks] else: security_services = self._view_builder.summary_list( req, limited_list) return security_services
def _get_security_services(self, req, is_detail): """Returns a transformed list of security services. The list gets transformed through view builder. """ context = req.environ['manila.context'] policy.check_policy(context, RESOURCE_NAME, 'get_all_security_services') search_opts = {} search_opts.update(req.GET) if 'share_network_id' in search_opts: share_nw = db.share_network_get(context, search_opts['share_network_id']) security_services = share_nw['security_services'] else: common.remove_invalid_options( context, search_opts, self._get_security_services_search_options()) if 'all_tenants' in search_opts: security_services = db.security_service_get_all(context) del search_opts['all_tenants'] else: security_services = db.security_service_get_all_by_project( context, context.project_id) if search_opts: results = [] not_found = object() for service in security_services: for opt, value in six.iteritems(search_opts): if service.get(opt, not_found) != value: break else: results.append(service) security_services = results limited_list = common.limited(security_services, req) if is_detail: security_services = self._view_builder.detail_list( req, limited_list) else: security_services = self._view_builder.summary_list( req, limited_list) return security_services
def _cifs_allow_access(self, context, share, access, share_server): """Allow access to cifs share.""" self._ensure_access_type_for_cifs(access) network_id = share['share_network_id'] share_network = manila_db.share_network_get(context, network_id) security_services = share_network['security_services'] self._ensure_security_service_for_cifs(security_services) share_name = share['name'] mover_name = self._get_vdm_name(share_server) user_name = access['access_to'] status, out = self._NASCmd_helper.allow_cifs_access( mover_name, share_name, user_name, security_services[0]['domain']) if constants.STATUS_OK != status: message = _("Could not allow CIFS access. Reason: %s.") % out LOG.error(message) raise exception.EMCVnxXMLAPIError(err=message)
def _create(self, req, body): """Add a replica to an existing share.""" context = req.environ['manila.context'] if not self.is_valid_body(body, 'share_replica'): msg = _("Body does not contain 'share_replica' information.") raise exc.HTTPUnprocessableEntity(explanation=msg) share_id = body.get('share_replica').get('share_id') availability_zone = body.get('share_replica').get('availability_zone') if not share_id: msg = _("Must provide Share ID to add replica.") raise exc.HTTPBadRequest(explanation=msg) try: share_ref = db.share_get(context, share_id) except exception.NotFound: msg = _("No share exists with ID %s.") raise exc.HTTPNotFound(explanation=msg % share_id) share_network_id = share_ref.get('share_network_id', None) if share_network_id: share_network = db.share_network_get(context, share_network_id) common.check_share_network_is_active(share_network) try: new_replica = self.share_api.create_share_replica( context, share_ref, availability_zone=availability_zone, share_network_id=share_network_id) except exception.AvailabilityZoneNotFound as e: raise exc.HTTPBadRequest(explanation=six.text_type(e)) except exception.ReplicationException as e: raise exc.HTTPBadRequest(explanation=six.text_type(e)) except exception.ShareBusyException as e: raise exc.HTTPBadRequest(explanation=six.text_type(e)) return self._view_builder.detail(req, new_replica)
def _deny_access(self, req, id, body): """Remove share access rule.""" context = req.environ['manila.context'] access_id = body.get('deny_access', body.get('os-deny_access'))['access_id'] share = self.share_api.get(context, id) share_network_id = share.get('share_network_id', None) if share_network_id: share_network = db.share_network_get(context, share_network_id) common.check_share_network_is_active(share_network) try: access = self.share_api.access_get(context, access_id) if access.share_id != id: raise exception.NotFound() share = self.share_api.get(context, id) except exception.NotFound as error: raise webob.exc.HTTPNotFound(explanation=six.text_type(error)) self.share_api.deny_access(context, share, access) return webob.Response(status_int=http_client.ACCEPTED)
def migration_start(self, req, id, body): """Migrate a share to the specified host.""" context = req.environ['manila.context'] try: share = self.share_api.get(context, id) except exception.NotFound: msg = _("Share %s not found.") % id raise exc.HTTPNotFound(explanation=msg) params = body.get('migration_start') if not params: raise exc.HTTPBadRequest(explanation=_("Request is missing body.")) try: host = params['host'] except KeyError: raise exc.HTTPBadRequest(explanation=_("Must specify 'host'.")) force_host_assisted_migration = params.get( 'force_host_assisted_migration', False) try: force_host_assisted_migration = strutils.bool_from_string( force_host_assisted_migration, strict=True) except ValueError: msg = _("Invalid value %s for 'force_host_assisted_migration'. " "Expecting a boolean.") % force_host_assisted_migration raise exc.HTTPBadRequest(explanation=msg) new_share_network = None new_share_type = None preserve_metadata = params.get('preserve_metadata', True) try: preserve_metadata = strutils.bool_from_string(preserve_metadata, strict=True) except ValueError: msg = _("Invalid value %s for 'preserve_metadata'. " "Expecting a boolean.") % preserve_metadata raise exc.HTTPBadRequest(explanation=msg) writable = params.get('writable', True) try: writable = strutils.bool_from_string(writable, strict=True) except ValueError: msg = _("Invalid value %s for 'writable'. " "Expecting a boolean.") % writable raise exc.HTTPBadRequest(explanation=msg) nondisruptive = params.get('nondisruptive', False) try: nondisruptive = strutils.bool_from_string(nondisruptive, strict=True) except ValueError: msg = _("Invalid value %s for 'nondisruptive'. " "Expecting a boolean.") % nondisruptive raise exc.HTTPBadRequest(explanation=msg) new_share_network_id = params.get('new_share_network_id', None) if new_share_network_id: try: new_share_network = db.share_network_get( context, new_share_network_id) except exception.NotFound: msg = _("Share network %s not " "found.") % new_share_network_id raise exc.HTTPBadRequest(explanation=msg) new_share_type_id = params.get('new_share_type_id', None) if new_share_type_id: try: new_share_type = db.share_type_get(context, new_share_type_id) except exception.NotFound: msg = _("Share type %s not found.") % new_share_type_id raise exc.HTTPBadRequest(explanation=msg) try: self.share_api.migration_start(context, share, host, force_host_assisted_migration, preserve_metadata, writable, nondisruptive, new_share_network=new_share_network, new_share_type=new_share_type) except exception.Conflict as e: raise exc.HTTPConflict(explanation=six.text_type(e)) return webob.Response(status_int=202)
def migration_start(self, req, id, body): """Migrate a share to the specified host.""" context = req.environ['manila.context'] try: share = self.share_api.get(context, id) except exception.NotFound: msg = _("Share %s not found.") % id raise exc.HTTPNotFound(explanation=msg) params = body.get('migration_start') if not params: raise exc.HTTPBadRequest(explanation=_("Request is missing body.")) driver_assisted_params = [ 'preserve_metadata', 'writable', 'nondisruptive', 'preserve_snapshots' ] bool_params = (driver_assisted_params + ['force_host_assisted_migration']) mandatory_params = driver_assisted_params + ['host'] utils.check_params_exist(mandatory_params, params) bool_param_values = utils.check_params_are_boolean(bool_params, params) new_share_network = None new_share_type = None new_share_network_id = params.get('new_share_network_id', None) if new_share_network_id: try: new_share_network = db.share_network_get( context, new_share_network_id) except exception.NotFound: msg = _("Share network %s not " "found.") % new_share_network_id raise exc.HTTPBadRequest(explanation=msg) new_share_type_id = params.get('new_share_type_id', None) if new_share_type_id: try: new_share_type = db.share_type_get(context, new_share_type_id) except exception.NotFound: msg = _("Share type %s not found.") % new_share_type_id raise exc.HTTPBadRequest(explanation=msg) try: return_code = self.share_api.migration_start( context, share, params['host'], bool_param_values['force_host_assisted_migration'], bool_param_values['preserve_metadata'], bool_param_values['writable'], bool_param_values['nondisruptive'], bool_param_values['preserve_snapshots'], new_share_network=new_share_network, new_share_type=new_share_type) except exception.Conflict as e: raise exc.HTTPConflict(explanation=six.text_type(e)) return webob.Response(status_int=return_code)
def migration_start(self, req, id, body): """Migrate a share to the specified host.""" context = req.environ['manila.context'] try: share = self.share_api.get(context, id) except exception.NotFound: msg = _("Share %s not found.") % id raise exc.HTTPNotFound(explanation=msg) params = body.get('migration_start') if not params: raise exc.HTTPBadRequest(explanation=_("Request is missing body.")) try: host = params['host'] except KeyError: raise exc.HTTPBadRequest(explanation=_("Must specify 'host'.")) force_host_assisted_migration = params.get( 'force_host_assisted_migration', False) try: force_host_assisted_migration = strutils.bool_from_string( force_host_assisted_migration, strict=True) except ValueError: msg = _("Invalid value %s for 'force_host_assisted_migration'. " "Expecting a boolean.") % force_host_assisted_migration raise exc.HTTPBadRequest(explanation=msg) new_share_network = None new_share_type = None preserve_metadata = params.get('preserve_metadata', True) try: preserve_metadata = strutils.bool_from_string( preserve_metadata, strict=True) except ValueError: msg = _("Invalid value %s for 'preserve_metadata'. " "Expecting a boolean.") % preserve_metadata raise exc.HTTPBadRequest(explanation=msg) writable = params.get('writable', True) try: writable = strutils.bool_from_string(writable, strict=True) except ValueError: msg = _("Invalid value %s for 'writable'. " "Expecting a boolean.") % writable raise exc.HTTPBadRequest(explanation=msg) nondisruptive = params.get('nondisruptive', False) try: nondisruptive = strutils.bool_from_string( nondisruptive, strict=True) except ValueError: msg = _("Invalid value %s for 'nondisruptive'. " "Expecting a boolean.") % nondisruptive raise exc.HTTPBadRequest(explanation=msg) new_share_network_id = params.get('new_share_network_id', None) if new_share_network_id: try: new_share_network = db.share_network_get( context, new_share_network_id) except exception.NotFound: msg = _("Share network %s not " "found.") % new_share_network_id raise exc.HTTPBadRequest(explanation=msg) new_share_type_id = params.get('new_share_type_id', None) if new_share_type_id: try: new_share_type = db.share_type_get( context, new_share_type_id) except exception.NotFound: msg = _("Share type %s not found.") % new_share_type_id raise exc.HTTPBadRequest(explanation=msg) try: self.share_api.migration_start( context, share, host, force_host_assisted_migration, preserve_metadata, writable, nondisruptive, new_share_network=new_share_network, new_share_type=new_share_type) except exception.Conflict as e: raise exc.HTTPConflict(explanation=six.text_type(e)) return webob.Response(status_int=202)