def validate_set(self, dict_key_value): grub2pass_attr = 'grub2_password' lockout_time_attr = 'lockout_time' failed_login_attempts_attr = 'failed_login_attempts' logging.debug('validate_set called with %s' % str(dict_key_value)) value_str = dict_key_value.get(self.domain, None) logging.debug('{0} domain value: {1}'.format(self.domain, value_str)) if value_str is not None: value_dict = json.loads(value_str) if not isinstance(value_dict, dict): raise validation.ValidationError('%s value is not a dict' % self.domain) passwd = value_dict.get(grub2pass_attr) if passwd: self.validate_passwd_hash(passwd) lockout_t = value_dict.get(lockout_time_attr) if lockout_t: self.validate_lockout_time(lockout_t) failed_login_a = value_dict.get(failed_login_attempts_attr) if failed_login_a: self.validate_failed_login_attempts(failed_login_a) else: raise validation.ValidationError('Missing domain: %s' % self.domain)
def validate_infra_network_range(self, infra, network_domain, networking_config, host_count): infra_conf = networking_config.get(infra) if not isinstance(infra_conf, dict): return domains_conf = infra_conf.get('network_domains') if not isinstance(domains_conf, dict) or network_domain not in domains_conf: reason = '%s does not contain %s network domain configuration' % \ (infra, network_domain) raise validation.ValidationError(reason) cidr = domains_conf[network_domain].get('cidr') start = domains_conf[network_domain].get('ip_range_start') end = domains_conf[network_domain].get('ip_range_end') if not start and cidr: start = str(IPNetwork(cidr)[1]) if not end and cidr: end = str(IPNetwork(cidr)[-2]) required = host_count if infra != 'infra_external' else host_count + 1 if len(IPRange(start, end)) < required: reason = 'IP range %s - %s does not contain %d addresses' % ( start, end, required) raise validation.ValidationError(reason)
def validate_delete(self, props): logging.debug('validate_delete called with %s', props) if self.domain in props: raise validation.ValidationError('%s cannot be deleted' % self.domain) else: raise validation.ValidationError( 'References in %s, cannot be deleted' % self.domain)
def validate_ntp(self, ntp_list): if not ntp_list: raise validation.ValidationError('Missing NTP configuration') if not isinstance(ntp_list, list): raise validation.ValidationError( 'NTP servers value must be a list') utils = validation.ValidationUtils() for ntp in ntp_list: utils.validate_ip_address(ntp)
def validate_mac_list(self, mac_list): if not mac_list: return if not isinstance(mac_list, list): raise validation.ValidationError('mgmt_mac value must be a list') for mac in mac_list: pattern = '[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$' if not mac or not re.match(pattern, mac.lower()): raise validation.ValidationError( 'Invalid mac address syntax %s' % mac)
def validate_profile_list(self, profile_list, profile_defs, host, attribute): if not profile_list: raise validation.ValidationError('Missing %s for %s' % (attribute, host)) if not isinstance(profile_list, list): raise validation.ValidationError('%s %s value must be a list' % (host, attribute)) for profile in profile_list: if profile not in profile_defs: raise validation.ValidationError('Unknown %s %s for %s' % (attribute, profile, host))
def validate_filepath(self, filepath): try: val = URLValidator() val(filepath) except ValidationError: raise validation.ValidationError( 'The url: "%s" is not a valid url!' % filepath)
def validate_nonempty_performance_profile(self, config, profile_name, host_name): profile = config.get(profile_name) if not isinstance(profile, dict) or not profile: reason = 'Empty performance profile %s defined for %s' % ( profile_name, host_name) raise validation.ValidationError(reason)
def validate_set(self, dict_key_value): logging.debug('validate_set called with %s' % str(dict_key_value)) client = self.get_plugin_client() for key, value in dict_key_value.iteritems(): value_str = value value_dict = json.loads(value_str) if key == self.domain: openstack_config = value_dict if not isinstance(value_dict, dict): raise validation.ValidationError('%s value is not a dict' % self.domain) else: raise validation.ValidationError('Unexpected configuration %s' % key) self.validate_openstack(openstack_config)
def validate_set(self, dict_key_value): logging.debug('validate_set called with %s' % str(dict_key_value)) for key, value in dict_key_value.iteritems(): version = json.loads(value) if key == self.domain: self.validate_version(version) else: raise validation.ValidationError( 'Unexpected configuration %s' % key)
def validate_performance_profile(self, config, profile_name): attributes = [ 'default_hugepagesz', 'hugepagesz', 'hugepages', 'ovs_dpdk_cpus' ] profile = config.get(profile_name) if not profile: profile = {} for attr in attributes: if not profile.get(attr): raise validation.ValidationError( 'Missing %s value for performance profile %s' % (attr, profile_name))
def validate_set(self, dict_key_value): user_attr = 'admin_user_name' passwd_attr = 'admin_user_password' init_user_attr = 'initial_user_name' init_passwd_attr = 'initial_user_password' logging.debug('validate_set called with %s' % str(dict_key_value)) value_str = dict_key_value.get(self.domain) value_dict = {} if not value_str else json.loads(value_str) if not value_dict: raise validation.ValidationError('No value for %s' % self.domain) if not isinstance(value_dict, dict): raise validation.ValidationError('%s value is not a dict' % self.domain) utils = validation.ValidationUtils() user = value_dict.get(user_attr) if user: utils.validate_username(user) else: raise validation.ValidationError('Missing %s' % user_attr) um_user = value_dict.get(init_user_attr) if um_user: utils.validate_username(um_user) else: raise validation.ValidationError('Missing %s' % init_user_attr) if not value_dict.get(passwd_attr): raise validation.ValidationError('Missing %s' % passwd_attr) if not value_dict.get(init_passwd_attr): raise validation.ValidationError('Missing %s' % init_passwd_attr)
def validate_version(self, version_str): if not version_str: raise validation.ValidationError( 'Missing configuration template version') if not isinstance(version_str, basestring): raise validation.ValidationError( 'Version configuration should be a string') data = version_str.split('.') if len(data) != 3: raise validation.ValidationError( 'Invalid version data syntax in configuration') version = [] for i in data: if not i.isdigit(): raise validation.ValidationError( 'Version data does not consist of numbers') version.append(int(i)) if self.version != self.devel_version and version == self.devel_version: msg = 'Accepting development version %s' % version_str logging.warning(msg) elif version[0] != self.version[0]: reason = 'Major configuration template version mismatch (%s does not match with %s)' \ % (version_str, str(self.version)) raise validation.ValidationError(reason) elif version[1] != self.version[1]: reason = 'Configuration template version mismatch (%s does not match with %s)' \ % (version_str, str(self.version)) self.log_changes(version[1]) raise validation.ValidationError(reason) elif version[2] != self.version[2]: msg = 'Minor configuration template version mismatch, check the latest template changes' logging.warning(msg)
def validate_hwmgmt(self, hwmgmt, host): # this list may not be comprehensive, but it matches ironic's idea # of valid privileges. In practice, we'll likely only see OPERATOR # and ADMINISTRATOR. Case seems to matter here. valid_ipmi_priv = ['USER', 'CALLBACK', 'OPERATOR', 'ADMINISTRATOR'] if not hwmgmt: raise validation.ValidationError( 'Missing hwmgmt configuration for %s' % host) if not hwmgmt.get('user'): raise validation.ValidationError('Missing hwmgmt username for %s' % host) if not hwmgmt.get('password'): raise validation.ValidationError('Missing hwmgmt password for %s' % host) priv_level = hwmgmt.get('priv_level') if priv_level and priv_level not in valid_ipmi_priv: # priv_level is optional, but should be in the valid range. raise validation.ValidationError( 'Invalid IPMI privilege level %s for %s' % (priv_level, host)) validationutils = validation.ValidationUtils() validationutils.validate_ip_address(hwmgmt.get('address'))
def validate_sections(self, sections): names = [] missing = '' client = self.get_plugin_client() for name in self.Required: if name not in sections: names.append(name) properties = client.get_properties(self.filterstr) keys = properties.keys() for name in names: if name not in keys: missing += ', ' + name if missing else name if missing: raise validation.ValidationError( 'Mandatory sections missing from configuration: %s' % missing)
def validate_preallocated_ips(self, host, nw_profile_config, networking_config): if not self.host_has_preallocated_ip(host): return validationutils = validation.ValidationUtils() for network_name, ip in host["pre_allocated_ips"].iteritems(): for net_profile_name in host["network_profiles"]: if not self.is_network_in_net_profile( network_name, nw_profile_config.get(net_profile_name)): raise validation.ValidationError( "Network %s is missing from network profile %s" % (network_name, net_profile_name)) network_domains = networking_config.get(network_name).get( "network_domains") host_network_domain = host["network_domain"] subnet = network_domains.get(host_network_domain)["cidr"] validationutils.validate_ip_address(ip) utils.validate_ip_in_network(ip, subnet)
def validate_set(self, dict_key_value): ntp_attr = 'ntp_servers' logging.debug('validate_set called with %s' % str(dict_key_value)) for key, value in dict_key_value.iteritems(): value_dict = json.loads(value) if not value_dict: raise validation.ValidationError('No value for %s' % key) if not isinstance(value_dict, dict): raise validation.ValidationError('%s value is not a dict' % self.domain) if key == self.domain: ntp_list = value_dict.get(ntp_attr) self.validate_ntp(ntp_list) attr = 'zone' zone = value_dict.get(attr) if zone: self.validate_timezone(zone) else: raise validation.ValidationError('Missing timezone %s' % attr) auth_type = value_dict.get('auth_type') if auth_type: self.validate_authtype(auth_type) else: raise validation.ValidationError( 'Missing authentication type for NTP') filepath = value_dict.get('serverkeys_path') if auth_type != 'none' and filepath == '': raise validation.ValidationError( 'The serverkeys_path is missing') elif auth_type == 'none': pass else: self.validate_filepath(filepath) self.validate_yaml_format(filepath, auth_type) else: raise validation.ValidationError( 'Unexpected configuration %s' % key)
def search_for_duplicate_ips(self, hosts): ips_field = "pre_allocated_ips" hosts_with_preallocated_ip = { name: attributes for name, attributes in hosts.iteritems() if self.host_has_preallocated_ip(attributes) } for host_name, host in hosts_with_preallocated_ip.iteritems(): other_hosts = { name: attributes for name, attributes in hosts_with_preallocated_ip.iteritems() if name != host_name } for other_host_name, other_host in other_hosts.iteritems(): if self.host_has_preallocated_ip(other_host): logging.debug( "Checking %s and %s for duplicated preallocated IPs", host_name, other_host_name) duplicated_ip = self.is_ip_duplicated( host[ips_field], other_host[ips_field]) if duplicated_ip: raise validation.ValidationError( "%s and %s has duplicated IP address: %s" % (host_name, other_host_name, duplicated_ip))
def validate_yaml_format(self, url, auth_type): if url.startswith("file://"): path = url.lstrip("file://") try: with open(path) as f: f_content = f.read() except IOError: raise validation.ValidationError( 'The file: "%s" is not present on the system!' % url) else: try: r = requests.get(url) if r['status_code'] != 200: raise requests.exceptions.ConnectionError() f_content = r['content'] except requests.exceptions.ConnectionError: raise validation.ValidationError( 'The url: "%s" is not reachable!' % url) try: yaml_content = yaml.load(f_content) except yaml.YAMLError: raise validation.ValidationError( 'The validation of the yamlfile failed!') for item in yaml_content: srv = item.keys()[0] if auth_type == 'symmetric' and not isinstance(item[srv], str): raise validation.ValidationError( 'The yamlfile contains invalid data! ' '(The authentication method looks like it\'s symmetric.)') elif auth_type == 'crypto' and isinstance(item[srv], dict): if (item[srv]['type'] != 'iff' or item[srv]['type'] != 'gq' or item[srv]['type'] != 'mv')\ and (not isinstance(item[srv]['keys'], list)): raise validation.ValidationError( 'The yamlfile contains invalid data! ' '(The authentication method looks like it\'s crypto.)') else: raise validation.ValidationError( 'The yamlfile contains invalid data!')
def validate_delete(self, dict_key_value): logging.debug('validate_delete called with %s' % str(dict_key_value)) raise validation.ValidationError('%s cannot be deleted' % self.domain)
def validate_authtype(self, auth_type): if auth_type not in TimeValidation.supported_authentication_types: raise validation.ValidationError( 'The provided authentication method for NTP is not supported')
def err_provider_vlan_conflict(iface): err = NetworkProfilesValidation.ERR_PROVIDER_VLAN_CONFLICT.format(iface) raise validation.ValidationError(err)
def err_vf_count(network): err = NetworkProfilesValidation.ERR_VF_COUNT.format(network) raise validation.ValidationError(err)
def err_sriov_iface_conflict(): err = NetworkProfilesValidation.ERR_SRIOV_IFACE_CONFLICT raise validation.ValidationError(err)
def err_sriov_lacp_conflict(): err = NetworkProfilesValidation.ERR_SRIOV_LACP_CONFLICT raise validation.ValidationError(err)
def err_infra_provider_untagged_conflict(network): err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_UNTAGGED_CONFLICT.format(network) raise validation.ValidationError(err)
def err_infra_provider_vlan_conflict(network): err = NetworkProfilesValidation.ERR_INFRA_PROVIDER_VLAN_CONFLICT.format(network) raise validation.ValidationError(err)
def err_single_nic_provider_type(profile, provider_type): err = NetworkProfilesValidation.ERR_SINGLE_NIC_PROVIDER_TYPE.format(profile, provider_type) raise validation.ValidationError(err)
def validate_timezone(self, value): try: pytz.timezone(value) except pytz.UnknownTimeZoneError as exc: raise validation.ValidationError( "Invalid time zone: {0}".format(exc))
def err_single_nic_violation(profile): err = NetworkProfilesValidation.ERR_SINGLE_NIC_VIOLATION.format(profile) raise validation.ValidationError(err)