def check(rule, ctxt, target=None, do_raise=True, exc=exceptions.Forbidden):
creds = ctxt.to_dict()
target = target or {}
try:
result = _ENFORCER.enforce(rule, target, creds, do_raise, exc)
except Exception:
result = False
raise
else:
return result
finally:
extra = {'policy': {'rule': rule, 'target': target}}
if result:
LOG.info(_("Policy check succeeded for rule '%(rule)s' "
"on target %(target)s"), {
'rule': rule,
'target': repr(target)
},
extra=extra)
else:
LOG.info(_("Policy check failed for rule '%(rule)s' "
"on target %(target)s"), {
'rule': rule,
'target': repr(target)
},
extra=extra)
def coerce(self, obj, attr, value):
super(StateMachineEnforce, self).coerce(obj, attr, value)
msg = _("%(object)s's are not allowed transition out of %(value)s "
"state")
# olso.versionedobjects do not create the field until it is first used
try:
current_value = getattr(obj, attr)
except NotImplementedError:
return value
if current_value in self.ALLOWED_TRANSITIONS:
if value in self.ALLOWED_TRANSITIONS[current_value]:
return value
else:
msg = _(
"%(object)s's are not allowed transition out of "
"'%(current_value)s' state to '%(value)s' state, choose "
"from %(options)r")
msg = msg % {
'object': obj.obj_name(),
'current_value': current_value,
'value': value,
'options': [x for x in self.ALLOWED_TRANSITIONS[current_value]]
}
raise ValueError(msg)
def coerce(self, obj, attr, value):
super(StateMachineEnforce, self).coerce(obj, attr, value)
msg = _("%(object)s's are not allowed transition out of %(value)s "
"state")
# olso.versionedobjects do not create the field until it is first used
try:
current_value = getattr(obj, attr)
except NotImplementedError:
return value
if current_value in self.ALLOWED_TRANSITIONS:
if value in self.ALLOWED_TRANSITIONS[current_value]:
return value
else:
msg = _(
"%(object)s's are not allowed transition out of "
"'%(current_value)s' state to '%(value)s' state, choose "
"from %(options)r")
msg = msg % {
'object': obj.obj_name(),
'current_value': current_value,
'value': value,
'options': [x for x in self.ALLOWED_TRANSITIONS[current_value]]
}
raise ValueError(msg)
def coerce(self, obj, attr, value):
if not re.match(RE_ZONENAME, value):
msg = _("'%s' is not a valid DNS Zone name") % value
raise ValueError(msg)
return super(DNSZoneName, self).coerce(obj, attr, value)
def coerce(self, obj, attr, value):
if not re.match(RE_ZONENAME, value):
msg = _("'%s' is not a valid DNS Zone name") % value
raise ValueError(msg)
return super(DNSZoneName, self).coerce(obj, attr, value)
def start(self):
super(Service, self).start()
LOG.info(
_('Starting %(name)s service (version: %(version)s)'), {
'name': self.service_name,
'version': version.version_info.version_string()
})
def check(rule, ctxt, target=None, do_raise=True, exc=exceptions.Forbidden):
creds = ctxt.to_dict()
target = target or {}
try:
result = _ENFORCER.enforce(rule, target, creds, do_raise, exc)
except Exception:
result = False
raise
else:
return result
finally:
extra = {'policy': {'rule': rule, 'target': target}}
if result:
LOG.info(_("Policy check succeeded for rule '%(rule)s' "
"on target %(target)s"),
{'rule': rule, 'target': repr(target)}, extra=extra)
else:
LOG.info(_("Policy check failed for rule '%(rule)s' "
"on target %(target)s"),
{'rule': rule, 'target': repr(target)}, extra=extra)
def coerce(self, obj, attr, value):
msg = _("%(value)s is not a valid UUID for %(attr)s") % {
'attr': attr,
'value': value
}
try:
uuid_tools.UUID(value)
except ValueError:
raise ValueError(msg)
return str(value)
def coerce(self, obj, attr, value):
msg = _("%(value)s is not a valid UUID for %(attr)s") % {
'attr': attr,
'value': value
}
try:
uuid_tools.UUID(value)
except ValueError:
raise ValueError(msg)
return str(value)
class MonitorType(PreDefinedEnumType):
TCP = 'TCP'
UDP = 'UDP'
ICMP = 'ICMP'
HTTP = 'HTTP'
HTTPS = 'HTTPS'
SSH = 'SSH'
# TODO(graham): Dynamically Load this list of types from config + plugins
_TYPES = (TCP, UDP, ICMP, HTTP, HTTPS, SSH)
_msg = _("%(value)s is not a valid Monitor Type, choose from %(options)r")
class PreDefinedEnumType(EnumField):
_TYPES = ()
_msg = _("%(value)s is not a valid choice, choose from %(options)r")
def __init__(self, **kwargs):
super(PreDefinedEnumType, self).__init__(self._TYPES, **kwargs)
def coerce(self, obj, attr, value):
try:
return super(PreDefinedEnumType, self).coerce(obj, attr, value)
except ValueError:
msg = self._msg % {"value": value, "options": self._TYPES}
raise ValueError(msg)
class MonitorStatus(fields.StateMachineEnforce, fields.PreDefinedEnumType):
ACTIVE = 'ACTIVE'
PENDING = 'PENDING'
ERROR = 'ERROR'
DELETED = 'DELETED'
ALLOWED_TRANSITIONS = {
ACTIVE: {ERROR, PENDING, DELETED},
PENDING: {ACTIVE, ERROR, DELETED},
ERROR: {PENDING, ACTIVE, DELETED},
DELETED: {}
}
_TYPES = (ACTIVE, PENDING, ERROR, DELETED)
_msg = _("'%(value)s' is not a valid status, choose from %(options)r")
class KosmosActions(StateMachineEnforce, PreDefinedEnumType):
CREATE = 'CREATE'
UPDATE = 'UPDATE'
DELETE = 'DELETE'
NONE = 'NONE'
ALLOWED_TRANSITIONS = {
CREATE: {NONE, UPDATE},
UPDATE: {NONE},
NONE: {UPDATE, DELETE},
DELETE: {NONE}
}
_TYPES = (CREATE, UPDATE, DELETE, NONE)
_msg = _("%(value)s is not a valid Action, choose from %(options)r")
import os
from oslo_config import cfg
from oslo_db import options as db_options
from oslo_log import log as logging
import oslo_messaging as messaging
from kosmos._i18n import _, _LI
from kosmos.common import utils
from kosmos import version
LOG = logging.getLogger(__name__)
core_opts = [
cfg.IPOpt('bind_host', default='0.0.0.0',
help=_("The host IP to bind to")),
cfg.PortOpt('bind_port', default=9876,
help=_("The port to bind to")),
cfg.StrOpt('host', default=utils.get_hostname(),
help=_("The hostname Kosmos is running on")),
]
core_cli_opts = []
# Register the configuration options
cfg.CONF.register_opts(core_opts)
cfg.CONF.register_cli_opts(core_cli_opts)
cfg.CONF.register_opts([
cfg.StrOpt(
def stop(self):
LOG.info(_('Stopping %(name)s service'), {'name': self.service_name})
super(Service, self).stop()
def coerce(self, obj, attr, value):
if not re.match(RE_HOSTNAME, value):
msg = _("'%s' is not valid a valid DNS FQDN") % value
raise ValueError(msg)
return super(DNSFQDN, self).coerce(obj, attr, value)
def stop(self):
LOG.info(_('Stopping %(name)s service'), {'name': self.service_name})
super(Service, self).stop()
def coerce(self, obj, attr, value):
if not re.match(RE_HOSTNAME, value):
msg = _("'%s' is not valid a valid DNS FQDN") % value
raise ValueError(msg)
return super(DNSFQDN, self).coerce(obj, attr, value)
def start(self):
super(Service, self).start()
LOG.info(_('Starting %(name)s service (version: %(version)s)'),
{'name': self.service_name,
'version': version.version_info.version_string()})
