def add_rule(add_rule_request=None): # noqa: E501
"""Add rule
Add a new rule, READ permission required on target resource, ADD permission required on Rule # noqa: E501
:param add_rule_request:
:type add_rule_request: dict | bytes
:rtype: Rule
"""
if connexion.request.is_json:
add_rule_request = AddRuleRequest.from_dict(
connexion.request.get_json()) # noqa: E501
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
try:
auth_context.check_perm('rule', 'add', None)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
kwargs = add_rule_request.to_dict()
arbitrary = kwargs['selectors'] is None
delete_none(kwargs)
data_type = kwargs.pop('data_type')
# Get the proper Rule subclass.
rule_key = f'{"arbitrary" if arbitrary else "resource"}-{data_type}'
rule_cls = RULES[rule_key]
# Add new rule.
try:
rule = rule_cls.add(auth_context, **kwargs)
except BadRequestError as e:
return str(e), 400
# Advance rule counter.
auth_context.owner.rule_counter += 1
auth_context.owner.save()
return rule.as_dict()
def create_network(create_network_request=None): # noqa: E501
"""Create network
Creates one or more networks on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. CREATE permission required on network. # noqa: E501
:param create_network_request:
:type create_network_request: dict | bytes
:rtype: CreateNetworkResponse
"""
from mist.api.methods import list_resources
if connexion.request.is_json:
create_network_request = CreateNetworkRequest.from_dict(connexion.request.get_json()) # noqa: E501
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
params = delete_none(create_network_request.to_dict())
try:
tags, _ = auth_context.check_perm("network", "add", None)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
try:
[cloud], total = list_resources(
auth_context, 'cloud', search=params.pop('cloud'), limit=1)
except ValueError:
return 'Cloud does not exist', 404
try:
auth_context.check_perm('cloud', 'read', cloud.id)
auth_context.check_perm('cloud', 'create_resources', cloud.id)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
if not hasattr(cloud.ctl, 'network'):
return 'Network support is not available', 501
# Create the new network
network_params = {'name': params['name']}
if 'extra' in params:
network_params.update(params['extra'])
try:
network = NETWORKS[cloud.ctl.provider].add(
cloud=cloud, **network_params)
except BadRequestError as e:
return str(e), 400
except NetworkListingError as e:
return str(e), 503
network.assign_to(auth_context.user)
if tags:
add_tags_to_resource(auth_context.owner, network, tags)
return network.as_dict()
def create_zone(create_zone_request=None): # noqa: E501
"""Create zone
Creates one or more zones on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. CREATE permission required on zone. # noqa: E501
:param create_zone_request:
:type create_zone_request: dict | bytes
:rtype: CreateZoneResponse
"""
from mist.api.methods import list_resources
if connexion.request.is_json:
create_zone_request = CreateZoneRequest.from_dict(connexion.request.get_json()) # noqa: E501
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
params = delete_none(create_zone_request.to_dict())
try:
[cloud], total = list_resources(
auth_context, 'cloud', search=params.pop('cloud'), limit=1)
except ValueError:
return 'Cloud does not exist', 404
try:
auth_context.check_perm("cloud", "read", cloud.id)
auth_context.check_perm("cloud", "create_resources", cloud.id)
tags, _ = auth_context.check_perm("zone", "add", None)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
params['domain'] = params.pop('name')
try:
new_zone = Zone.add(owner=cloud.owner, cloud=cloud, **params)
except BadRequestError as e:
return str(e), 400
except CloudUnauthorizedError:
return 'You are not authorized to perform this action', 403
except ZoneCreationError as e:
return str(e), 503
except ZoneListingError as e:
return str(e), 503
except CloudUnavailableError as e:
return str(e), 503
new_zone.assign_to(auth_context.user)
if tags:
resolve_id_and_set_tags(auth_context.owner, 'zone', new_zone.id,
tags, cloud_id=cloud.id)
return new_zone.as_dict()
def edit_machine(machine, edit_machine_request=None): # noqa: E501
"""Edit machine
Edit target machine # noqa: E501
:param machine:
:type machine: str
:param edit_machine_request:
:type edit_machine_request: dict | bytes
:rtype: None
"""
from mist.api.methods import list_resources
if connexion.request.is_json:
edit_machine_request = EditMachineRequest.from_dict(connexion.request.get_json()) # noqa: E501
params = delete_none(edit_machine_request.to_dict())
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
from mist.api.logs.methods import log_event
try:
[machine], total = list_resources(auth_context, 'machine',
search=machine, limit=1)
except ValueError:
return 'Machine does not exist', 404
if machine.cloud.owner != auth_context.owner:
return 'Machine does not exist', 404
# VMs in libvirt can be started no matter if they are terminated
if machine.state == 'terminated' and not isinstance(machine.cloud,
LibvirtCloud):
return 'Machine does not exist', 404
log_event(
auth_context.owner.id, 'request', 'edit_machine',
machine_id=machine.id, user_id=auth_context.user.id,
)
try:
auth_context.check_perm('machine', 'edit', machine.id)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
machine.ctl.update(auth_context, params)
return 'Machine successfully updated'
def edit_rule(rule, edit_rule_request=None): # noqa: E501
"""Update rule
Edit a rule given its UUID, EDIT permission required on rule # noqa: E501
:param rule:
:type rule: str
:param edit_rule_request:
:type edit_rule_request: dict | bytes
:rtype: Rule
"""
from mist.api.methods import list_resources
from mist.api.notifications.models import Notification
if connexion.request.is_json:
edit_rule_request = EditRuleRequest.from_dict(
connexion.request.get_json()) # noqa: E501
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
try:
[rule], total = list_resources(auth_context,
'rule',
search=rule,
limit=1)
except ValueError:
return 'Rule does not exist', 404
try:
auth_context.check_perm('rule', 'edit', rule.id)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
rule.ctl.set_auth_context(auth_context)
kwargs = delete_none(edit_rule_request.to_dict())
try:
rule.ctl.update(**kwargs)
except (BadRequestError, ValidationError) as e:
return str(e), 400
Notification.objects(owner=auth_context.owner, rtype='rule',
rid=rule.id).delete()
return rule.as_dict()
def create_volume(create_volume_request=None): # noqa: E501
"""Create volume
Creates one or more volumes on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. READ permission required on location. CREATE_RESOURCES permission required on location. CREATE permission required on volume. # noqa: E501
:param create_volume_request:
:type create_volume_request: dict | bytes
:rtype: CreateVolumeResponse
"""
from mist.api.methods import list_resources
if connexion.request.is_json:
create_volume_request = CreateVolumeRequest.from_dict(
connexion.request.get_json()) # noqa: E501
params = delete_none(create_volume_request.to_dict())
try:
auth_context = connexion.context['token_info']['auth_context']
except KeyError:
return 'Authentication failed', 401
try:
tags, _ = auth_context.check_perm("network", "add", None)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
try:
[cloud], total = list_resources(auth_context,
'cloud',
search=params.pop('cloud'),
limit=1)
except ValueError:
return 'Cloud does not exist', 404
if not hasattr(cloud.ctl, 'storage'):
return 'Volume support is not available', 501
try:
[location], total = list_resources(auth_context,
'location',
search=params.pop('location'),
limit=1)
except ValueError:
return 'Location does not exist', 404
params['location'] = location.id
try:
auth_context.check_perm("cloud", "read", cloud.id)
auth_context.check_perm("cloud", "create_resources", cloud.id)
auth_context.check_perm("location", "read", location.id)
auth_context.check_perm("location", "create_resources", location.id)
tags, _ = auth_context.check_perm("volume", "create", None)
except PolicyUnauthorizedError:
return 'You are not authorized to perform this action', 403
try:
volume = cloud.ctl.storage.create_volume(**params)
except (VolumeCreationError, VolumeListingError) as e:
return str(e), 503
owner = auth_context.owner
if tags:
add_tags_to_resource(owner, volume, tags)
volume.assign_to(auth_context.user)
trigger_session_update(owner.id, ['volumes'])
if config.HAS_RBAC:
owner.mapper.update(volume,
callback=async_session_update,
args=(
owner.id,
['volumes'],
))
return volume.as_dict()