# License for the specific language governing permissions and limitations # under the License. """The instance type extra specs extension.""" import six from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute.cloud import flavors from jacket.compute import exception from jacket.i18n import _ from jacket.compute import utils authorize = extensions.extension_authorizer('compute', 'flavorextraspecs') class FlavorExtraSpecsController(object): """The flavor extra specs API controller for the OpenStack API.""" def _get_extra_specs(self, context, flavor_id): flavor = common.get_flavor(context, flavor_id) return dict(extra_specs=flavor.extra_specs) def _check_body(self, body): if body is None or body == "": expl = _('No Request Body') raise exc.HTTPBadRequest(explanation=expl) def _check_extra_specs(self, specs):
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute import servicegroup from jacket.compute import utils authorize = extensions.extension_authorizer('cloud', 'services') class ServiceController(object): def __init__(self, ext_mgr=None, *args, **kwargs): self.host_api = cloud.HostAPI() self.servicegroup_api = servicegroup.API() self.ext_mgr = ext_mgr def _get_services(self, req): api_services = ('cloud-osapi_compute', 'cloud-ec2', 'cloud-metadata') context = req.environ['compute.context'] authorize(context)
# under the License. from oslo_utils import strutils from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute import utils authorize = extensions.extension_authorizer('cloud', 'evacuate') class Controller(wsgi.Controller): def __init__(self, ext_mgr, *args, **kwargs): super(Controller, self).__init__(*args, **kwargs) self.compute_api = cloud.API() self.host_api = cloud.HostAPI() self.ext_mgr = ext_mgr @wsgi.action('evacuate') def _evacuate(self, req, id, body): """Permit admins to evacuate a server from a failed host to a new one. If host is empty, the scheduler will select one. """
from oslo_log import log as logging import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LE LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'multinic') class MultinicController(wsgi.Controller): def __init__(self, *args, **kwargs): super(MultinicController, self).__init__(*args, **kwargs) self.compute_api = cloud.API() @wsgi.action('addFixedIp') def _add_fixed_ip(self, req, id, body): """Adds an IP on a given network to an instance.""" context = req.environ['compute.context'] authorize(context) # Validate the input entity if 'networkId' not in body['addFixedIp']:
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from webob import exc from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute import network authorize = extensions.extension_authorizer('compute', 'networks_associate') class NetworkAssociateActionController(wsgi.Controller): """Network Association API Controller.""" def __init__(self, network_api=None): self.network_api = network_api or network.API() @wsgi.action("disassociate_host") def _disassociate_host_only(self, req, id, body): context = req.environ['compute.context'] authorize(context) # NOTE(shaohe-feng): back-compatible with db layer hard-code # admin permission checks. call db API objects.Network.associate nova_context.require_admin_context(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_config import cfg from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import availability_zones from jacket import context as nova_context from jacket.objects import compute as objects from jacket.compute import servicegroup CONF = cfg.CONF authorize_list = extensions.extension_authorizer('compute', 'availability_zone:list') authorize_detail = extensions.extension_authorizer('compute', 'availability_zone:detail') class AvailabilityZoneController(wsgi.Controller): """The Availability Zone API controller for the OpenStack API.""" def __init__(self): super(AvailabilityZoneController, self).__init__() self.servicegroup_api = servicegroup.API() def _get_filtered_availability_zones(self, zones, is_available): result = [] for zone in zones: # Hide internal_service_availability_zone if zone == CONF.internal_service_availability_zone:
# under the License. from oslo_log import log as logging import webob from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LI from jacket.objects import compute as objects from jacket.objects.compute import external_event as external_event_obj LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'os-server-external-events') class ServerExternalEventsController(wsgi.Controller): def __init__(self): self.compute_api = cloud.API() super(ServerExternalEventsController, self).__init__() def create(self, req, body): """Creates a new instance event.""" context = req.environ['compute.context'] authorize(context, action='create') response_events = [] accepted_events = [] accepted_instances = set()
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from jacket.api.compute.openstack import extensions from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects from jacket.compute import utils authorize = extensions.extension_authorizer('compute', 'agents') class AgentController(object): """The agent is talking about guest agent.The host can use this for things like accessing files on the disk, configuring networking, or running other applications/scripts in the guest while it is running. Typically this uses some hypervisor-specific transport to avoid being dependent on a working network configuration. Xen, VMware, and VirtualBox have guest agents,although the Xen driver is the only one with an implementation for managing them in openstack. KVM doesn't really have a concept of a guest agent (although one could be written). You can find the design of agent update in this link: http://wiki.openstack.org/AgentUpdate
from oslo_log import log as logging import six import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LI from jacket.compute import network LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'attach_interfaces') def _translate_interface_attachment_view(port_info): """Maps keys for interface attachment details view.""" return { 'net_id': port_info['network_id'], 'port_id': port_info['id'], 'mac_addr': port_info['mac_address'], 'port_state': port_info['status'], 'fixed_ips': port_info.get('fixed_ips', None), } class InterfaceAttachmentController(object): """The interface attachment API controller for the OpenStack API."""
# under the License. import datetime import iso8601 from oslo_utils import timeutils import six import six.moves.urllib.parse as urlparse from webob import exc from jacket.api.compute.openstack import extensions from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects authorize_show = extensions.extension_authorizer('compute', 'simple_tenant_usage:show') authorize_list = extensions.extension_authorizer('compute', 'simple_tenant_usage:list') def parse_strtime(dstr, fmt): try: return timeutils.parse_strtime(dstr, fmt) except (TypeError, ValueError) as e: raise exception.InvalidStrTime(reason=six.text_type(e)) class SimpleTenantUsageController(object): def _hours_for(self, instance, period_start, period_stop): launched_at = instance.launched_at terminated_at = instance.terminated_at
"""The hosts admin extension.""" from oslo_log import log as logging import six import webob.exc from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LI from jacket.objects import compute as objects LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'hosts') class HostController(object): """The Hosts API controller for the OpenStack API.""" def __init__(self): self.api = cloud.HostAPI() super(HostController, self).__init__() def index(self, req): """Returns a dict in the format: | {'hosts': [{'host_name': 'some.host.name', | 'service': 'cells', | 'zone': 'internal'}, | {'host_name': 'some.other.host.name',
import datetime from oslo_config import cfg import webob.exc from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket import context as nova_context from jacket.i18n import _ from jacket.compute import utils CONF = cfg.CONF CONF.import_opt('compute_topic', 'jacket.compute.cloud.rpcapi') authorize = extensions.extension_authorizer('cloud', 'instance_usage_audit_log') class InstanceUsageAuditLogController(object): def __init__(self): self.host_api = cloud.HostAPI() def index(self, req): context = req.environ['compute.context'] authorize(context) task_log = self._get_audit_task_logs(context) return {'instance_usage_audit_logs': task_log} def show(self, req, id): context = req.environ['compute.context'] authorize(context)
# License for the specific language governing permissions and limitations # under the License. from oslo_log import log as logging from oslo_serialization import jsonutils import six import webob from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _LI LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'os-assisted-volume-snapshots') class AssistedVolumeSnapshotsController(wsgi.Controller): def __init__(self): self.compute_api = cloud.API() super(AssistedVolumeSnapshotsController, self).__init__() def create(self, req, body): """Creates a new snapshot.""" context = req.environ['compute.context'] authorize(context, action='create') if not self.is_valid_body(body, 'snapshot'): raise webob.exc.HTTPBadRequest()
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_config import cfg from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import availability_zones from jacket import context as nova_context from jacket.objects import compute as objects from jacket.compute import servicegroup CONF = cfg.CONF authorize_list = extensions.extension_authorizer('compute', 'availability_zone:list') authorize_detail = extensions.extension_authorizer('compute', 'availability_zone:detail') class AvailabilityZoneController(wsgi.Controller): """The Availability Zone API controller for the OpenStack API.""" def __init__(self): super(AvailabilityZoneController, self).__init__() self.servicegroup_api = servicegroup.API() def _get_filtered_availability_zones(self, zones, is_available): result = [] for zone in zones: # Hide internal_service_availability_zone
# License for the specific language governing permissions and limitations # under the License. """The shelved mode extension.""" import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions as exts from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception auth_shelve = exts.extension_authorizer('cloud', 'shelve') auth_shelve_offload = exts.extension_authorizer('cloud', 'shelveOffload') auth_unshelve = exts.extension_authorizer('cloud', 'unshelve') class ShelveController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ShelveController, self).__init__(*args, **kwargs) self.compute_api = cloud.API() @wsgi.action('shelve') def _shelve(self, req, id, body): """Move an instance into shelved mode.""" context = req.environ["compute.context"] auth_shelve(context)
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The server password extension.""" from jacket.api.compute.metadata import password from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud authorize = extensions.extension_authorizer('cloud', 'server_password') class ServerPasswordController(object): """The Server Password API controller for the OpenStack API.""" def __init__(self): self.compute_api = cloud.API() def index(self, req, server_id): context = req.environ['compute.context'] authorize(context) instance = common.get_instance(self.compute_api, context, server_id) passw = password.extract_password(instance) return {'password': passw or ''}
# under the License. """The rescue mode extension.""" from oslo_utils import uuidutils import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions as exts from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.compute import utils authorize = exts.extension_authorizer('cloud', 'rescue') class RescueController(wsgi.Controller): def __init__(self, ext_mgr, *args, **kwargs): super(RescueController, self).__init__(*args, **kwargs) self.compute_api = cloud.API() self.ext_mgr = ext_mgr def _rescue_image_validation(self, image_ref): image_uuid = image_ref.split('/').pop() if not uuidutils.is_uuid_like(image_uuid): msg = _("Invalid rescue_image_ref provided.") raise exc.HTTPBadRequest(explanation=msg)
cfg.StrOpt('use_neutron_default_nets', default="False", help='Control for checking for default networks'), cfg.StrOpt('neutron_default_tenant_id', default="default", help='Default tenant id when creating neutron ' 'networks'), cfg.IntOpt('quota_networks', default=3, help='Number of private networks allowed per project'), ] CONF.register_opts(os_network_opts) QUOTAS = quota.QUOTAS LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'os-tenant-networks') def network_dict(network): # NOTE(danms): Here, network should be an object, which could have come # from neutron and thus be missing most of the attributes. Providing a # default to get() avoids trying to lazy-load missing attributes. return { "id": network.get("uuid", None) or network.get("id", None), "cidr": str(network.get("cidr", None)), "label": network.get("label", None) } class NetworkController(object): def __init__(self, network_api=None):
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The virtual interfaces extension.""" import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket.i18n import _ from jacket.compute import network authorize = extensions.extension_authorizer('cloud', 'virtual_interfaces') def _translate_vif_summary_view(vif): """Maps keys for VIF summary view.""" d = {} d['id'] = vif.uuid d['mac_address'] = vif.address return d class ServerVirtualInterfaceController(object): """The instance VIF API controller for the OpenStack API. """ def __init__(self):
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('cloud', 'consoles') class ConsolesController(wsgi.Controller): def __init__(self, *args, **kwargs): self.compute_api = cloud.API() super(ConsolesController, self).__init__(*args, **kwargs) @wsgi.action('os-getVNCConsole') def get_vnc_console(self, req, id, body): """Get vnc connection information to access a server.""" context = req.environ['compute.context'] authorize(context) # If type is not supplied or unknown, get_vnc_console below will cope console_type = body['os-getVNCConsole'].get('type')
from jacket.db import compute as db from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects from jacket.compute import quota from jacket.compute import utils QUOTAS = quota.QUOTAS NON_QUOTA_KEYS = ['tenant_id', 'id', 'force'] # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas'} authorize_update = extensions.extension_authorizer('compute', 'quotas:update') authorize_show = extensions.extension_authorizer('compute', 'quotas:show') authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete') class QuotaSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource)
from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects from jacket.compute import quota from jacket.compute import utils QUOTAS = quota.QUOTAS NON_QUOTA_KEYS = ['tenant_id', 'id', 'force'] # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = { 'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas' } authorize_update = extensions.extension_authorizer('compute', 'quotas:update') authorize_show = extensions.extension_authorizer('compute', 'quotas:show') authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete') class QuotaSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource)
from oslo_utils import uuidutils import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute.cloud import utils as compute_utils from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LW from jacket.compute import network LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'floating_ips') def _translate_floating_ip_view(floating_ip): result = { 'id': floating_ip['id'], 'ip': floating_ip['address'], 'pool': floating_ip['pool'], } try: result['fixed_ip'] = floating_ip['fixed_ip']['address'] except (TypeError, KeyError, AttributeError): result['fixed_ip'] = None try: result['instance_id'] = floating_ip['fixed_ip']['instance_uuid'] except (TypeError, KeyError, AttributeError):
# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from jacket.api.compute.openstack import extensions from jacket.compute import network authorize = extensions.extension_authorizer('compute', 'floating_ip_pools') def _translate_floating_ip_view(pool_name): return { 'name': pool_name, } def _translate_floating_ip_pools_view(pools): return { 'floating_ip_pools': [_translate_floating_ip_view(pool_name) for pool_name in pools] }
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from jacket.api.compute.openstack import extensions from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects from jacket.compute import utils authorize = extensions.extension_authorizer('compute', 'agents') class AgentController(object): """The agent is talking about guest agent.The host can use this for things like accessing files on the disk, configuring networking, or running other applications/scripts in the guest while it is running. Typically this uses some hypervisor-specific transport to avoid being dependent on a working network configuration. Xen, VMware, and VirtualBox have guest agents,although the Xen driver is the only one with an implementation for managing them in openstack. KVM doesn't really have a concept of a guest agent (although one could be written). You can find the design of agent update in this link: http://wiki.openstack.org/AgentUpdate
from oslo_utils import uuidutils import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LI from jacket.objects import compute as objects from jacket.compute import volume LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'volumes') authorize_attach = extensions.extension_authorizer('cloud', 'volume_attachments') def _translate_volume_detail_view(context, vol): """Maps keys for volumes details view.""" d = _translate_volume_summary_view(context, vol) # No additional data / lookups at the moment return d
"""The rescue mode extension.""" from oslo_utils import uuidutils import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions as exts from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.compute import utils authorize = exts.extension_authorizer('cloud', 'rescue') class RescueController(wsgi.Controller): def __init__(self, ext_mgr, *args, **kwargs): super(RescueController, self).__init__(*args, **kwargs) self.compute_api = cloud.API() self.ext_mgr = ext_mgr def _rescue_image_validation(self, image_ref): image_uuid = image_ref.split('/').pop() if not uuidutils.is_uuid_like(image_uuid): msg = _("Invalid rescue_image_ref provided.") raise exc.HTTPBadRequest(explanation=msg)
"""The Aggregate admin API extension.""" import datetime import six from webob import exc from jacket.api.compute.openstack import extensions from jacket.compute.cloud import api as compute_api from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute import utils authorize = extensions.extension_authorizer('compute', 'aggregates') def _get_context(req): return req.environ['compute.context'] def get_host_from_body(fn): """Makes sure that the host exists.""" def wrapped(self, req, id, body, *args, **kwargs): if len(body) != 1: msg = _('Only host parameter can be specified') raise exc.HTTPBadRequest(explanation=msg) elif 'host' not in body: msg = _('Host parameter must be specified') raise exc.HTTPBadRequest(explanation=msg)
from webob import exc from jacket.api.compute.openstack import extensions from jacket.compute.cloudpipe import pipelib from jacket.compute import cloud from jacket.compute.cloud import utils as compute_utils from jacket.compute.cloud import vm_states from jacket.compute import exception from jacket.i18n import _ from jacket.compute import network from jacket.compute import utils CONF = cfg.CONF CONF.import_opt('keys_path', 'cloud.crypto') authorize = extensions.extension_authorizer('cloud', 'cloudpipe') class CloudpipeController(object): """Handle creating and listing cloudpipe instances.""" def __init__(self): self.compute_api = cloud.API() self.network_api = network.API() self.cloudpipe = pipelib.CloudPipe() self.setup() def setup(self): """Ensure the keychains and folders exist.""" # NOTE(vish): One of the drawbacks of doing this in the api is # the keys will only be on the api node that launched
# under the License. import six from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import quota QUOTAS = quota.QUOTAS XMLNS = "http://docs.openstack.org/compute/ext/used_limits/api/v1.1" ALIAS = "os-used-limits" authorize = extensions.soft_extension_authorizer('compute', 'used_limits') authorize_for_admin = extensions.extension_authorizer('compute', 'used_limits_for_admin') class UsedLimitsController(wsgi.Controller): def __init__(self, ext_mgr): self.ext_mgr = ext_mgr @staticmethod def _reserved(req): try: return int(req.GET['reserved']) except (ValueError, KeyError): return False @wsgi.extends
import six import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.compute.network.security_group import openstack_driver from jacket.compute.virt import netutils LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'security_groups') softauth = extensions.soft_extension_authorizer('cloud', 'security_groups') def _authorize_context(req): context = req.environ['compute.context'] authorize(context) return context @contextlib.contextmanager def translate_exceptions(): """Translate cloud exceptions to http exceptions.""" try: yield except exception.Invalid as exp:
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import six import webob from webob import exc from jacket.api.compute.openstack.compute.legacy_v2.contrib import security_groups as sg from jacket.api.compute.openstack import extensions from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute.network.security_group import openstack_driver authorize = extensions.extension_authorizer('compute', 'security_group_default_rules') class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): def __init__(self): self.security_group_api = ( openstack_driver.get_openstack_security_group_driver()) def create(self, req, body): context = sg._authorize_context(req) authorize(context) # NOTE(shaohe-feng): back-compatible with db layer hard-code # admin permission checks. nova_context.require_admin_context(context) sg_rule = self._from_body(body, 'security_group_default_rule')
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('cloud', 'server_diagnostics') class ServerDiagnosticsController(object): def __init__(self): self.compute_api = cloud.API() def index(self, req, server_id): context = req.environ["compute.context"] authorize(context) instance = common.get_instance(self.compute_api, context, server_id) try: return self.compute_api.get_diagnostics(context, instance) except exception.InstanceInvalidState as state_error:
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from jacket.api.compute.openstack import extensions import jacket.compute.cert.rpcapi from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('compute', 'certificates') def _translate_certificate_view(certificate, private_key=None): return { 'data': certificate, 'private_key': private_key, } class CertificatesController(object): """The x509 Certificates API controller for the OpenStack API.""" def __init__(self): self.cert_rpcapi = jacket.compute.cert.rpcapi.CertAPI() super(CertificatesController, self).__init__()
def test_extension_authorizer_throws_exception_if_policy_fails(self): authorize = base_extensions.extension_authorizer( 'compute', 'used_limits_for_admin') self._test_extension_authorizer_throws_exception_if_policy_fails( "compute_extension:used_limits_for_admin", authorize)
from oslo_utils import timeutils import six from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute.cells import rpcapi as cells_rpcapi import jacket.compute.conf from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket import rpc CONF = jacket.compute.conf.CONF authorize = extensions.extension_authorizer('compute', 'cells') def _filter_keys(item, keys): """Filters all model attributes except for keys item is a dict """ return {k: v for k, v in six.iteritems(item) if k in keys} def _fixup_cell_info(cell_info, keys): """If the transport_url is present in the cell, derive username, rpc_host, and rpc_port from it. """
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The virtual interfaces extension.""" import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute import cloud from jacket.i18n import _ from jacket.compute import network authorize = extensions.extension_authorizer('cloud', 'virtual_interfaces') def _translate_vif_summary_view(vif): """Maps keys for VIF summary view.""" d = {} d['id'] = vif.uuid d['mac_address'] = vif.address return d class ServerVirtualInterfaceController(object): """The instance VIF API controller for the OpenStack API. """ def __init__(self): self.compute_api = cloud.API()
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The server password extension.""" from jacket.api.compute.metadata import password from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud authorize = extensions.extension_authorizer('cloud', 'server_password') class ServerPasswordController(object): """The Server Password API controller for the OpenStack API.""" def __init__(self): self.compute_api = cloud.API() def index(self, req, server_id): context = req.environ['compute.context'] authorize(context) instance = common.get_instance(self.compute_api, context, server_id) passw = password.extract_password(instance) return {'password': passw or ''}
import six from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.compute.cells import rpcapi as cells_rpcapi import jacket.compute.conf from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket import rpc CONF = jacket.compute.conf.CONF authorize = extensions.extension_authorizer('compute', 'cells') def _filter_keys(item, keys): """Filters all model attributes except for keys item is a dict """ return {k: v for k, v in six.iteritems(item) if k in keys} def _fixup_cell_info(cell_info, keys): """If the transport_url is present in the cell, derive username, rpc_host, and rpc_port from it. """
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob import webob.exc from jacket.api.compute.openstack import extensions from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects authorize = extensions.extension_authorizer('compute', 'fixed_ips') class FixedIPController(object): def show(self, req, id): """Return data about the given fixed IP.""" context = req.environ['compute.context'] authorize(context) attrs = ['network', 'instance'] try: fixed_ip = objects.FixedIP.get_by_address(context, id, expected_attrs=attrs) except exception.FixedIpNotFoundForAddress as ex: raise webob.exc.HTTPNotFound(explanation=ex.format_message()) except exception.FixedIpInvalid as ex:
# under the License. """The flavor access extension.""" import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects soft_authorize = extensions.soft_extension_authorizer('compute', 'flavor_access') authorize = extensions.extension_authorizer('compute', 'flavor_access') def _marshall_flavor_access(flavor): rval = [] for project_id in flavor.projects: rval.append({'flavor_id': flavor.flavorid, 'tenant_id': project_id}) return {'flavor_access': rval} class FlavorAccessController(object): """The flavor access API controller for the OpenStack API.""" def __init__(self): super(FlavorAccessController, self).__init__()
from oslo_log import log as logging from oslo_utils import uuidutils import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute.cloud import utils as compute_utils from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LW from jacket.compute import network LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'floating_ips') def _translate_floating_ip_view(floating_ip): result = { 'id': floating_ip['id'], 'ip': floating_ip['address'], 'pool': floating_ip['pool'], } try: result['fixed_ip'] = floating_ip['fixed_ip']['address'] except (TypeError, KeyError, AttributeError): result['fixed_ip'] = None try: result['instance_id'] = floating_ip['fixed_ip']['instance_uuid'] except (TypeError, KeyError, AttributeError):
# under the License. import datetime import iso8601 from oslo_utils import timeutils import six import six.moves.urllib.parse as urlparse from webob import exc from jacket.api.compute.openstack import extensions from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects authorize_show = extensions.extension_authorizer('compute', 'simple_tenant_usage:show') authorize_list = extensions.extension_authorizer('compute', 'simple_tenant_usage:list') def parse_strtime(dstr, fmt): try: return timeutils.parse_strtime(dstr, fmt) except (TypeError, ValueError) as e: raise exception.InvalidStrTime(reason=six.text_type(e)) class SimpleTenantUsageController(object): def _hours_for(self, instance, period_start, period_stop): launched_at = instance.launched_at terminated_at = instance.terminated_at
from oslo_config import cfg import six import webob.exc from jacket.api.compute.openstack import extensions from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.objects import compute as objects CONF = cfg.CONF CONF.import_opt('default_floating_pool', 'jacket.compute.network.floating_ips') CONF.import_opt('public_interface', 'jacket.compute.network.linux_net') authorize = extensions.extension_authorizer('compute', 'floating_ips_bulk') class FloatingIPBulkController(object): def index(self, req): """Return a list of all floating IPs.""" context = req.environ['compute.context'] authorize(context) return self._get_floating_ip_info(context) def show(self, req, id): """Return a list of all floating IPs for a given host.""" context = req.environ['compute.context'] authorize(context)
"""The multinic extension.""" from oslo_log import log as logging import webob from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ from jacket.i18n import _LE LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('cloud', 'multinic') class MultinicController(wsgi.Controller): def __init__(self, *args, **kwargs): super(MultinicController, self).__init__(*args, **kwargs) self.compute_api = cloud.API() @wsgi.action('addFixedIp') def _add_fixed_ip(self, req, id, body): """Adds an IP on a given network to an instance.""" context = req.environ['compute.context'] authorize(context) # Validate the input entity if 'networkId' not in body['addFixedIp']:
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from jacket.api.compute.openstack.compute.views import flavors as flavors_view from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute.cloud import flavors from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('compute', 'flavormanage') class FlavorManageController(wsgi.Controller): """The Flavor Lifecycle API controller for the OpenStack API.""" _view_builder_class = flavors_view.ViewBuilder def __init__(self): super(FlavorManageController, self).__init__() @wsgi.action("delete") def _delete(self, req, id): context = req.environ['compute.context'] authorize(context) try: flavor = flavors.get_flavor_by_flavor_id(
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('cloud', 'consoles') class ConsolesController(wsgi.Controller): def __init__(self, *args, **kwargs): self.compute_api = cloud.API() super(ConsolesController, self).__init__(*args, **kwargs) @wsgi.action('os-getVNCConsole') def get_vnc_console(self, req, id, body): """Get vnc connection information to access a server.""" context = req.environ['compute.context'] authorize(context) # If type is not supplied or unknown, get_vnc_console below will cope console_type = body['os-getVNCConsole'].get('type')
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from webob import exc from jacket.api.compute.openstack import common from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute import cloud authorize_actions = extensions.extension_authorizer('cloud', 'instance_actions') authorize_events = extensions.soft_extension_authorizer( 'cloud', 'instance_actions:events') ACTION_KEYS = [ 'action', 'instance_uuid', 'request_id', 'user_id', 'project_id', 'start_time', 'message' ] EVENT_KEYS = ['event', 'start_time', 'finish_time', 'result', 'traceback'] class InstanceActionsController(wsgi.Controller): def __init__(self): super(InstanceActionsController, self).__init__() self.compute_api = cloud.API() self.action_api = cloud.InstanceActionAPI()
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """Keypair management extension.""" import webob import webob.exc from jacket.api.compute.openstack.compute.legacy_v2 import servers from jacket.api.compute.openstack import extensions from jacket.api.compute.openstack import wsgi from jacket.compute.cloud import api as compute_api from jacket.compute import exception from jacket.i18n import _ authorize = extensions.extension_authorizer('compute', 'keypairs') soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs') class KeypairController(object): """Keypair API controller for the OpenStack API.""" def __init__(self): self.api = compute_api.KeypairAPI() def _filter_keypair(self, keypair, **attrs): clean = { 'name': keypair.name, 'public_key': keypair.public_key, 'fingerprint': keypair.fingerprint, } for attr in attrs:
from jacket.api.compute.openstack import wsgi import jacket.context from jacket.db import compute as db from jacket.compute import exception from jacket.i18n import _ from jacket.compute import quota from jacket.compute import utils QUOTAS = quota.QUOTAS # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas'} authorize = extensions.extension_authorizer('compute', 'quota_classes') class QuotaClassSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource) def _format_quota_set(self, quota_class, quota_set): """Convert the quota object to a result dict."""
# License for the specific language governing permissions and limitations # under the License. import six import webob from webob import exc from jacket.api.compute.openstack.compute.legacy_v2.contrib import security_groups as sg from jacket.api.compute.openstack import extensions from jacket import context as nova_context from jacket.compute import exception from jacket.i18n import _ from jacket.compute.network.security_group import openstack_driver authorize = extensions.extension_authorizer('compute', 'security_group_default_rules') class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): def __init__(self): self.security_group_api = ( openstack_driver.get_openstack_security_group_driver()) def create(self, req, body): context = sg._authorize_context(req) authorize(context) # NOTE(shaohe-feng): back-compatible with db layer hard-code # admin permission checks. nova_context.require_admin_context(context)
def authorize(context, action_name): action = 'admin_actions:%s' % action_name extensions.extension_authorizer('cloud', action)(context)