def delete_record(self, context, domain_id, record_id, increment_serial=True): domain = self.storage.get_domain(context, domain_id) record = self.storage.get_record(context, record_id) # Ensure the domain_id matches the record's domain_id if domain['id'] != record['domain_id']: raise exceptions.RecordNotFound() target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'record_id': record['id'], 'tenant_id': domain['tenant_id'] } policy.check('delete_record', context, target) try: self.backend.delete_record(context, domain, record) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def ping(self, context): policy.check('diagnostics_ping', context) try: backend_status = self.backend.ping(context) except Exception, e: backend_status = {'status': False, 'message': str(e)}
def get_records(self, context, domain_id, criterion=None): domain = self.storage_conn.get_domain(context, domain_id) target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']} policy.check('get_records', context, target) return self.storage_conn.get_records(context, domain_id, criterion)
def get_record(self, context, domain_id, record_id): domain = self.storage_conn.get_domain(context, domain_id) target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']} policy.check('get_record', context, target) return self.storage_conn.get_record(context, record_id)
def create_record(self, context, domain_id, values, increment_serial=True): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'record_name': values['name'], 'tenant_id': domain['tenant_id'] } policy.check('create_record', context, target) # Ensure the tenant has enough quota to continue quota_criterion = {'domain_id': domain_id} record_count = self.storage.count_records(context, criterion=quota_criterion) self.quota.limit_check(context, domain['tenant_id'], domain_records=record_count) # Ensure the record name is valid self._is_valid_record_name(context, domain, values['name'], values['type']) record = self.storage.create_record(context, domain_id, values) try: self.backend.create_record(context, domain, record) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def update_record(self, context, domain_id, record_id, values, increment_serial=True): domain = self.storage.get_domain(context, domain_id) record = self.storage.get_record(context, record_id) # Ensure the domain_id matches the record's domain_id if domain['id'] != record['domain_id']: raise exceptions.RecordNotFound() target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'record_id': record['id'], 'tenant_id': domain['tenant_id'] } policy.check('update_record', context, target) # Ensure the record name is valid record_name = values['name'] if 'name' in values else record['name'] record_type = values['type'] if 'type' in values else record['type'] self._is_valid_record_name(context, domain, record_name, record_type) # Update the record record = self.storage.update_record(context, record_id, values) try: self.backend.update_record(context, domain, record) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def find_record(self, context, criterion): target = {'tenant_id': context.tenant_id} policy.check('find_record', context, target) if not context.is_admin: criterion['tenant_id'] = context.tenant_id return self.storage.find_record(context, criterion)
def delete_server(self, context, server_id): policy.check('delete_server', context, {'server_id': server_id}) server = self.storage.get_server(context, server_id) utils.notify(context, 'central', 'server.delete', server) return self.storage.delete_server(context, server_id)
def get_tenant(self, context, tenant_id): target = { 'tenant_id': tenant_id } policy.check('get_tenant', context, target) return self.storage.get_tenant(context, tenant_id)
def create_server(self, context, values): policy.check('create_server', context) server = self.storage.create_server(context, values) utils.notify(context, 'central', 'server.create', server) return server
def update_server(self, context, server_id, values): policy.check('update_server', context, {'server_id': server_id}) server = self.storage.update_server(context, server_id, values) utils.notify(context, 'central', 'server.update', server) return server
def count_records(self, context, criterion=None): if criterion is None: criterion = {} target = { 'tenant_id': criterion.get('tenant_id', None) } policy.check('count_records', context, target) return self.storage.count_records(context, criterion)
def delete_domain(self, context, domain_id): domain = self.storage_conn.get_domain(context, domain_id) target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']} policy.check('delete_domain', context, target) self.backend.delete_domain(context, domain) utils.notify(context, 'api', 'domain.delete', domain) return self.storage_conn.delete_domain(context, domain_id)
def get_domains(self, context, criterion=None): target = {'tenant_id': context.effective_tenant_id} policy.check('get_domains', context, target) if criterion is None: criterion = {} criterion['tenant_id'] = context.effective_tenant_id return self.storage_conn.get_domains(context, criterion)
def create_domain(self, context, values): values['tenant_id'] = context.tenant_id target = { 'tenant_id': values['tenant_id'], 'domain_name': values['name'] } policy.check('create_domain', context, target) # Ensure the tenant has enough quota to continue quota_criterion = {'tenant_id': values['tenant_id']} domain_count = self.storage.count_domains(context, criterion=quota_criterion) self.quota.limit_check(context, values['tenant_id'], domains=domain_count) # Ensure the domain name is valid self._is_valid_domain_name(context, values['name']) # Handle sub-domains appropriately parent_domain = self._is_subdomain(context, values['name']) if parent_domain: if parent_domain['tenant_id'] == values['tenant_id']: # Record the Parent Domain ID values['parent_domain_id'] = parent_domain['id'] else: raise exceptions.Forbidden('Unable to create subdomain in ' 'another tenants domain') # TODO(kiall): Handle super-domains properly # NOTE(kiall): Fetch the servers before creating the domain, this way # we can prevent domain creation if no servers are # configured. servers = self.storage.get_servers(context) if len(servers) == 0: LOG.critical('No servers configured. Please create at least one ' 'server') raise exceptions.NoServersConfigured() # Set the serial number values['serial'] = utils.increment_serial() domain = self.storage.create_domain(context, values) try: self.backend.create_domain(context, domain) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def get_domain(self, context, domain_id): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('get_domain', context, target) return domain
def get_domains(self, context, criterion=None): target = {'tenant_id': context.tenant_id} policy.check('get_domains', context, target) if criterion is None: criterion = {} if not context.is_admin: criterion['tenant_id'] = context.tenant_id return self.storage.get_domains(context, criterion)
def create_record(self, context, domain_id, values): domain = self.storage_conn.get_domain(context, domain_id) target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']} policy.check('create_record', context, target) record = self.storage_conn.create_record(context, domain_id, values) self.backend.create_record(context, domain, record) utils.notify(context, 'api', 'record.create', record) return record
def create_tsigkey(self, context, values): policy.check('create_tsigkey', context) tsigkey = self.storage.create_tsigkey(context, values) try: self.backend.create_tsigkey(context, tsigkey) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def delete_tsigkey(self, context, tsigkey_id): policy.check('delete_tsigkey', context, {'tsigkey_id': tsigkey_id}) tsigkey = self.storage.get_tsigkey(context, tsigkey_id) try: self.backend.delete_tsigkey(context, tsigkey) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def _check_reserved_domain_suffixes(self, context, domain_name): """ Ensures the provided domain_name does not end with any of the configured reserved suffixes. """ suffixes = cfg.CONF['service:central'].reserved_domain_suffixes for suffix in suffixes: if domain_name.endswith(suffix): policy.check('use_reserved_domain_suffix', context, {'suffix': suffix})
def get_records(self, context, domain_id, criterion=None): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('get_records', context, target) return self.storage.get_records(context, domain_id, criterion)
def sync_domain(self, context, domain_id): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('diagnostics_sync_domain', context, target) records = self.storage.get_records(context, domain_id) return self.backend.sync_domain(context, domain, records)
def create_domain(self, context, values): values['tenant_id'] = context.effective_tenant_id target = {'tenant_id': values['tenant_id']} policy.check('create_domain', context, target) # Ensure the domain does not end with a reserved suffix. self._check_reserved_domain_suffixes(context, values['name']) domain = self.storage_conn.create_domain(context, values) self.backend.create_domain(context, domain) utils.notify(context, 'api', 'domain.create', domain) return domain
def _is_valid_domain_name(self, context, domain_name): # Validate domain name length if len(domain_name) > cfg.CONF['service:central'].max_domain_name_len: raise exceptions.InvalidDomainName('Name too long') # Break the domain name up into its component labels domain_labels = domain_name.strip('.').split('.') # We need more than 1 label. if len(domain_labels) <= 1: raise exceptions.InvalidDomainName('More than one label is ' 'required') # Check the TLD for validity if self.accepted_tld_list: domain_tld = domain_labels[-1].lower() if domain_tld not in self.accepted_tld_list: raise exceptions.InvalidDomainName('Unknown or invalid TLD') # Check domain name blacklist if self._is_blacklisted_domain_name(context, domain_name): # Some users are allowed bypass the blacklist.. Is this one? if not policy.check('use_blacklisted_domain', context, exc=None): raise exceptions.InvalidDomainName('Blacklisted domain name') return True
def touch_domain(self, context, domain_id): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('touch_domain', context, target) domain = self._increment_domain_serial(context, domain_id) utils.notify(context, 'central', 'domain.touch', domain) return domain
def delete_record(self, context, domain_id, record_id): domain = self.storage_conn.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'record_id': record_id, 'tenant_id': domain['tenant_id'] } policy.check('delete_record', context, target) record = self.storage_conn.get_record(context, record_id) self.backend.delete_record(context, domain, record) utils.notify(context, 'api', 'record.delete', record) return self.storage_conn.delete_record(context, record_id)
def sync_domains(self, context): policy.check('diagnostics_sync_domains', context) domains = self.storage.get_domains(context) results = {} for domain in domains: servers = self.storage.get_servers(context) records = self.storage.get_records(context, domain['id']) results[domain['id']] = self.backend.sync_domain(context, domain, records, servers) return results
def get_domain_servers(self, context, domain_id, criterion=None): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('get_domain_servers', context, target) if criterion is None: criterion = {} # TODO: Once we allow domains to be allocated on 1 of N server # pools, return the filtered list here. return self.storage.get_servers(context, criterion)
def get_record(self, context, domain_id, record_id): domain = self.storage.get_domain(context, domain_id) record = self.storage.get_record(context, record_id) # Ensure the domain_id matches the record's domain_id if domain['id'] != record['domain_id']: raise exceptions.RecordNotFound() target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'record_id': record['id'], 'tenant_id': domain['tenant_id'] } policy.check('get_record', context, target) return record
def delete_domain(self, context, domain_id): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('delete_domain', context, target) try: self.backend.delete_domain(context, domain) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def sudo(self, tenant_id, force=False): if force: allowed_sudo = True else: # We use exc=None here since the context is built early in the # request lifecycle, outside of our ordinary error handling. # For now, we silently ignore failed sudo requests. target = {'tenant_id': tenant_id} allowed_sudo = policy.check('use_sudo', self, target, exc=None) if allowed_sudo: LOG.warn('Accepted sudo from user_id %s for tenant_id %s' % (self.user_id, tenant_id)) self.original_tenant_id = self.tenant_id self.tenant_id = tenant_id else: LOG.warn('Rejected sudo from user_id %s for tenant_id %s' % (self.user_id, tenant_id))
def update_domain(self, context, domain_id, values, increment_serial=True): domain = self.storage.get_domain(context, domain_id) target = { 'domain_id': domain_id, 'domain_name': domain['name'], 'tenant_id': domain['tenant_id'] } policy.check('update_domain', context, target) if 'tenant_id' in values: # NOTE(kiall): Ensure the user is allowed to delete a domain from # the original tenant. policy.check('delete_domain', context, target) # NOTE(kiall): Ensure the user is allowed to create a domain in # the new tenant. target = {'domain_id': domain_id, 'tenant_id': values['tenant_id']} policy.check('create_domain', context, target) if 'name' in values and values['name'] != domain['name']: raise exceptions.BadRequest('Renaming a domain is not allowed') if increment_serial: # Increment the serial number values['serial'] = utils.increment_serial(domain['serial']) domain = self.storage.update_domain(context, domain_id, values) try: self.backend.update_domain(context, domain) except exceptions.Backend: # Re-raise Backend exceptions as is.. raise except Exception, e: raise exceptions.Backend('Unknown backend failure: %s' % e)
def get_tenants(self, context): policy.check('get_tenants', context) return self.storage.get_tenants(context)
def count_tenants(self, context): policy.check('count_tenants', context) return self.storage.count_tenants(context)
def get_tsigkey(self, context, tsigkey_id): policy.check('get_tsigkey', context, {'tsigkey_id': tsigkey_id}) return self.storage.get_tsigkey(context, tsigkey_id)
def get_tsigkeys(self, context, criterion=None): policy.check('get_tsigkeys', context) return self.storage.get_tsigkeys(context, criterion)
def get_server(self, context, server_id): policy.check('get_server', context, {'server_id': server_id}) return self.storage.get_server(context, server_id)