def _http_post_common(self, request, obj_type, obj_dict):
if not obj_dict:
# TODO check api + resource perms etc.
return (True, None)
# Fail if object exists already
try:
obj_uuid = self._db_conn.fq_name_to_uuid(obj_type, obj_dict['fq_name'])
bottle.abort(409, '' + pformat(obj_dict['fq_name']) + ' already exists with uuid: ' + obj_uuid)
except NoIdError:
pass
# Ensure object has atleast default permissions set
self._ensure_id_perms_present(obj_type, obj_dict)
# TODO check api + resource perms etc.
uuid_in_req = obj_dict.get('uuid', None)
fq_name_str = ":".join(obj_dict['fq_name'])
apiConfig = VncApiCommon(identifier_name = fq_name_str)
apiConfig.operation = 'post'
apiConfig.url = request.url
if uuid_in_req:
apiConfig.identifier_uuid = uuid_in_req
## TODO should be from x-auth-token
apiConfig.user = ''
uveLog = None
if obj_type == "virtual_machine" or obj_type == "virtual-machine":
log = VMLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_network" or obj_type == "virtual-network":
vn_log = UveVirtualNetworkConfig(name = fq_name_str,
attached_policies=[])
self.add_virtual_network_refs(vn_log, obj_dict)
uveLog = UveVirtualNetworkConfigTrace(data = vn_log,
sandesh=self._sandesh)
log = VNLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_router" or obj_type == "virtual-router":
log = VRLog(api_log = apiConfig, sandesh=self._sandesh)
else:
log = VncApiConfigLog(api_log = apiConfig, sandesh=self._sandesh)
if uveLog:
uveLog.send(sandesh=self._sandesh)
log.send(sandesh=self._sandesh)
return (True, uuid_in_req)
def _http_delete_common(self, request, obj_type, uuid, parent_type):
fq_name_str = ":".join(self._db_conn.uuid_to_fq_name(uuid))
apiConfig = VncApiCommon(identifier_name=fq_name_str)
apiConfig.operation = 'delete'
apiConfig.url = request.url
uuid_str = str(uuid)
apiConfig.identifier_uuid = uuid_str
apiConfig.identifier_name = fq_name_str
uveLog = None
if obj_type == "virtual_machine" or obj_type == "virtual-machine":
log = VMLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_network" or obj_type == "virtual-network":
vn_log = UveVirtualNetworkConfig(name = fq_name_str)
vn_log.deleted = True
uveLog = UveVirtualNetworkConfigTrace(data = vn_log,
sandesh=self._sandesh)
log = VNLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_router" or obj_type == "virtual-router":
log = VRLog(api_log = apiConfig, sandesh=self._sandesh)
else:
log = VncApiConfigLog(api_log = apiConfig, sandesh=self._sandesh)
if uveLog:
uveLog.send(sandesh=self._sandesh)
log.send(sandesh=self._sandesh)
# TODO check api + resource perms etc.
if not self._args.multi_tenancy or not parent_type:
return (True, '')
"""
Validate parent allows write access. Implicitly trust
parent info in the object since coming from our DB.
"""
obj_dict = self._db_conn.uuid_to_obj_dict(uuid)
parent_fq_name = json.loads(obj_dict['fq_name'])[:-1]
try:
parent_uuid = self._db_conn.fq_name_to_uuid(parent_type, parent_fq_name)
except NoIdError:
# parent uuid could be null for derived resources such as routing-instance
return (True, '')
return self._permissions.check_perms_write(request, parent_uuid)
def config_object_error(self, id, fq_name_str, obj_type, operation, err_str):
apiConfig = VncApiCommon(identifier_uuid=str(id))
apiConfig.operation = operation
apiConfig.identifier_name = fq_name_str
if err_str:
apiConfig.error = "%s:%s" % (obj_type, err_str)
uveLog = None
if obj_type == "virtual_machine" or obj_type == "virtual-machine":
log = VMLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_network" or obj_type == "virtual-network":
vn_log = UveVirtualNetworkConfig(name = str(id))
uveLog = UveVirtualNetworkConfigTrace(data = vn_log, sandesh=self._sandesh)
log = VNLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_router" or obj_type == "virtual-router":
log = VRLog(api_log = apiConfig, sandesh=self._sandesh)
else:
log = VncApiConfigLog(api_log = apiConfig, sandesh=self._sandesh)
if uveLog:
uveLog.send(sandesh=self._sandesh)
log.send(sandesh=self._sandesh)
def _http_put_common(self, request, obj_type, obj_dict, obj_uuid):
if obj_dict:
fq_name_str = ":".join(obj_dict['fq_name'])
# TODO keep _id_perms.uuid_xxlong immutable in future
# dsetia - check with ajay regarding comment above
#if 'id_perms' in obj_dict:
# del obj_dict['id_perms']
if 'id_perms' in obj_dict and obj_dict['id_perms']['uuid']:
if not self._db_conn.match_uuid(obj_dict, obj_uuid):
log_msg = 'UUID mismatch from %s:%s' \
%(request.environ['REMOTE_ADDR'], request.environ['HTTP_USER_AGENT'])
self.config_object_error(obj_uuid, fq_name_str, obj_type, 'put', log_msg)
self._db_conn.set_uuid(obj_dict, uuid.UUID(obj_uuid))
apiConfig = VncApiCommon()
apiConfig.operation = 'put'
apiConfig.url = request.url
apiConfig.identifier_uuid = obj_uuid
# TODO should be from x-auth-token
apiConfig.user = ''
apiConfig.identifier_name = fq_name_str
uveLog = None
if obj_type == "virtual_machine" or obj_type == "virtual-machine":
log = VMLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_network" or obj_type == "virtual-network":
vn_log = UveVirtualNetworkConfig(name = fq_name_str,
attached_policies=[])
self.add_virtual_network_refs(vn_log, obj_dict)
uveLog = UveVirtualNetworkConfigTrace(data = vn_log,
sandesh=self._sandesh)
log = VNLog(api_log = apiConfig, sandesh=self._sandesh)
elif obj_type == "virtual_router" or obj_type == "virtual-router":
log = VRLog(api_log = apiConfig, sandesh=self._sandesh)
else:
log = VncApiConfigLog(api_log = apiConfig,
sandesh=self._sandesh)
if uveLog:
uveLog.send(sandesh=self._sandesh)
log.send(sandesh=self._sandesh)
# TODO check api + resource perms etc.
if self._args.multi_tenancy:
return self._permissions.check_perms_write(request, obj_uuid)
return (True, '')