# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import quota QUOTAS = quota.QUOTAS XMLNS = "http://docs.openstack.org/compute/ext/used_limits/api/v1.1" ALIAS = "os-used-limits" authorize = extensions.soft_extension_authorizer('compute', 'used_limits') authorize_for_admin = extensions.extension_authorizer('compute', 'used_limits_for_admin') class UsedLimitsController(wsgi.Controller): def __init__(self, ext_mgr): self.ext_mgr = ext_mgr @staticmethod def _reserved(req): try: return int(req.GET['reserved']) except (ValueError, KeyError): return False @wsgi.extends
cfg.StrOpt('use_neutron_default_nets', default="False", help='Control for checking for default networks'), cfg.StrOpt('neutron_default_tenant_id', default="default", help='Default tenant id when creating neutron ' 'networks'), cfg.IntOpt('quota_networks', default=3, help='Number of private networks allowed per project'), ] CONF.register_opts(os_network_opts) QUOTAS = quota.QUOTAS LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'os-tenant-networks') def network_dict(network): # NOTE(danms): Here, network should be an object, which could have come # from neutron and thus be missing most of the attributes. Providing a # default to get() avoids trying to lazy-load missing attributes. return {"id": network.get("uuid", None) or network.get("id", None), "cidr": str(network.get("cidr", None)), "label": network.get("label", None)} class NetworkController(object): def __init__(self, network_api=None): self.network_api = patron.network.API() self._default_networks = []
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob import webob.exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.i18n import _ from patron import objects authorize = extensions.extension_authorizer('compute', 'cloudpipe_update') class CloudpipeUpdateController(wsgi.Controller): """Handle updating the vpn ip/port for cloudpipe instances.""" def __init__(self): super(CloudpipeUpdateController, self).__init__() @wsgi.action("update") def update(self, req, id, body): """Configure cloudpipe parameters for the project.""" context = req.environ['patron.context'] authorize(context)
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from patron.api.openstack import extensions from patron import network authorize = extensions.extension_authorizer("compute", "floating_ip_pools") def _translate_floating_ip_view(pool_name): return {"name": pool_name} def _translate_floating_ip_pools_view(pools): return {"floating_ip_pools": [_translate_floating_ip_view(pool_name) for pool_name in pools]} class FloatingIPPoolsController(object): """The Floating IP Pool API controller for the OpenStack API.""" def __init__(self): self.network_api = network.API()
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob import webob.exc from patron.api.openstack import extensions from patron import exception from patron.i18n import _ from patron import objects authorize = extensions.extension_authorizer('compute', 'fixed_ips') class FixedIPController(object): def show(self, req, id): """Return data about the given fixed ip.""" context = req.environ['patron.context'] authorize(context) attrs = ['network', 'instance'] try: fixed_ip = objects.FixedIP.get_by_address(context, id, expected_attrs=attrs) except exception.FixedIpNotFoundForAddress as ex: raise webob.exc.HTTPNotFound(explanation=ex.format_message()) except exception.FixedIpInvalid as ex:
# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from patron.api.openstack import extensions from patron import network authorize = extensions.extension_authorizer('compute', 'floating_ip_pools') def _translate_floating_ip_view(pool_name): return { 'name': pool_name, } def _translate_floating_ip_pools_view(pools): return { 'floating_ip_pools': [_translate_floating_ip_view(pool_name) for pool_name in pools] }
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The deferred instance delete extension.""" import webob from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception authorize = extensions.extension_authorizer('compute', 'deferred_delete') class DeferredDeleteController(wsgi.Controller): def __init__(self, *args, **kwargs): super(DeferredDeleteController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('restore') def _restore(self, req, id, body): """Restore a previously deleted instance.""" context = req.environ["patron.context"] authorize(context) instance = common.get_instance(self.compute_api, context, id) try:
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'consoles') class ConsolesController(wsgi.Controller): def __init__(self, *args, **kwargs): self.compute_api = compute.API() super(ConsolesController, self).__init__(*args, **kwargs) @wsgi.action('os-getVNCConsole') def get_vnc_console(self, req, id, body): """Get vnc connection information to access a server.""" context = req.environ['patron.context'] authorize(context) # If type is not supplied or unknown, get_vnc_console below will cope console_type = body['os-getVNCConsole'].get('type')
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute authorize_actions = extensions.extension_authorizer('compute', 'instance_actions') authorize_events = extensions.soft_extension_authorizer('compute', 'instance_actions:events') ACTION_KEYS = ['action', 'instance_uuid', 'request_id', 'user_id', 'project_id', 'start_time', 'message'] EVENT_KEYS = ['event', 'start_time', 'finish_time', 'result', 'traceback'] class InstanceActionsController(wsgi.Controller): def __init__(self): super(InstanceActionsController, self).__init__() self.compute_api = compute.API() self.action_api = compute.InstanceActionAPI()
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """Keypair management extension.""" import webob import webob.exc from patron.api.openstack.compute import servers from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.compute import api as compute_api from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'keypairs') soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs') class KeypairController(object): """Keypair API controller for the OpenStack API.""" def __init__(self): self.api = compute_api.KeypairAPI() def _filter_keypair(self, keypair, **attrs): clean = { 'name': keypair.name, 'public_key': keypair.public_key, 'fingerprint': keypair.fingerprint, } for attr in attrs:
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_utils import strutils from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ from patron import utils authorize = extensions.extension_authorizer('compute', 'evacuate') class Controller(wsgi.Controller): def __init__(self, ext_mgr, *args, **kwargs): super(Controller, self).__init__(*args, **kwargs) self.compute_api = compute.API() self.host_api = compute.HostAPI() self.ext_mgr = ext_mgr @wsgi.action('evacuate') def _evacuate(self, req, id, body): """Permit admins to evacuate a server from a failed host to a new one. If host is empty, the scheduler will select one. """
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import servicegroup from patron import utils authorize = extensions.extension_authorizer('compute', 'services') class ServiceController(object): def __init__(self, ext_mgr=None, *args, **kwargs): self.host_api = compute.HostAPI() self.servicegroup_api = servicegroup.API() self.ext_mgr = ext_mgr def _get_services(self, req): context = req.environ['patron.context'] authorize(context) # NOTE(alex_xu): back-compatible with db layer hard-code admin # permission checks patron_context.require_admin_context(context)
# License for the specific language governing permissions and limitations # under the License. """The flavor access extension.""" import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import objects soft_authorize = extensions.soft_extension_authorizer('compute', 'flavor_access') authorize = extensions.extension_authorizer('compute', 'flavor_access') def _marshall_flavor_access(flavor): rval = [] for project_id in flavor.projects: rval.append({'flavor_id': flavor.flavorid, 'tenant_id': project_id}) return {'flavor_access': rval} class FlavorAccessController(object): """The flavor access API controller for the OpenStack API.""" def __init__(self): super(FlavorAccessController, self).__init__()
# License for the specific language governing permissions and limitations # under the License. """The shelved mode extension.""" import webob from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions as exts from patron.api.openstack import wsgi from patron import compute from patron import exception auth_shelve = exts.extension_authorizer('compute', 'shelve') auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload') auth_unshelve = exts.extension_authorizer('compute', 'unshelve') class ShelveController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ShelveController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('shelve') def _shelve(self, req, id, body): """Move an instance into shelved mode.""" context = req.environ["patron.context"] auth_shelve(context)
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import extensions from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import objects from patron import utils authorize = extensions.extension_authorizer('compute', 'agents') class AgentController(object): """The agent is talking about guest agent.The host can use this for things like accessing files on the disk, configuring networking, or running other applications/scripts in the guest while it is running. Typically this uses some hypervisor-specific transport to avoid being dependent on a working network configuration. Xen, VMware, and VirtualBox have guest agents,although the Xen driver is the only one with an implementation for managing them in openstack. KVM doesn't really have a concept of a guest agent (although one could be written). You can find the design of agent update in this link: http://wiki.openstack.org/AgentUpdate
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The Aggregate admin API extension.""" import datetime from webob import exc from patron.api.openstack import extensions from patron.compute import api as compute_api from patron import exception from patron.i18n import _ from patron import utils authorize = extensions.extension_authorizer('compute', 'aggregates') def _get_context(req): return req.environ['patron.context'] def get_host_from_body(fn): """Makes sure that the host exists.""" def wrapped(self, req, id, body, *args, **kwargs): if len(body) != 1: msg = _('Only host parameter can be specified') raise exc.HTTPBadRequest(explanation=msg) elif 'host' not in body: msg = _('Host parameter must be specified') raise exc.HTTPBadRequest(explanation=msg)
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'consoles') class ConsolesController(wsgi.Controller): def __init__(self, *args, **kwargs): self.compute_api = compute.API() super(ConsolesController, self).__init__(*args, **kwargs) @wsgi.action('os-getVNCConsole') def get_vnc_console(self, req, id, body): """Get vnc connection information to access a server.""" context = req.environ['patron.context'] authorize(context) # If type is not supplied or unknown, get_vnc_console below will cope console_type = body['os-getVNCConsole'].get('type')
# under the License. """Keypair management extension.""" import webob import webob.exc from patron.api.openstack.compute import servers from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.compute import api as compute_api from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'keypairs') soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs') class KeypairController(object): """Keypair API controller for the OpenStack API.""" def __init__(self): self.api = compute_api.KeypairAPI() def _filter_keypair(self, keypair, **attrs): clean = { 'name': keypair.name, 'public_key': keypair.public_key, 'fingerprint': keypair.fingerprint, }
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_config import cfg from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import availability_zones from patron import context as patron_context from patron import objects from patron import servicegroup CONF = cfg.CONF authorize_list = extensions.extension_authorizer('compute', 'availability_zone:list') authorize_detail = extensions.extension_authorizer('compute', 'availability_zone:detail') class AvailabilityZoneController(wsgi.Controller): """The Availability Zone API controller for the OpenStack API.""" def __init__(self): super(AvailabilityZoneController, self).__init__() self.servicegroup_api = servicegroup.API() def _get_filtered_availability_zones(self, zones, is_available): result = [] for zone in zones: # Hide internal_service_availability_zone if zone == CONF.internal_service_availability_zone:
"""The flavor access extension.""" import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import objects soft_authorize = extensions.soft_extension_authorizer('compute', 'flavor_access') authorize = extensions.extension_authorizer('compute', 'flavor_access') def _marshall_flavor_access(flavor): rval = [] for project_id in flavor.projects: rval.append({'flavor_id': flavor.flavorid, 'tenant_id': project_id}) return {'flavor_access': rval} class FlavorAccessController(object): """The flavor access API controller for the OpenStack API.""" def __init__(self):
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import extensions import patron.cert.rpcapi from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'certificates') def _translate_certificate_view(certificate, private_key=None): return { 'data': certificate, 'private_key': private_key, } class CertificatesController(object): """The x509 Certificates API controller for the OpenStack API.""" def __init__(self): self.cert_rpcapi = patron.cert.rpcapi.CertAPI() super(CertificatesController, self).__init__()
"""The bare-metal admin extension with Ironic Proxy.""" from oslo_config import cfg from oslo_log import log as logging from oslo_utils import importutils import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.i18n import _ ironic_client = importutils.try_import('ironicclient.client') ironic_exc = importutils.try_import('ironicclient.exc') authorize = extensions.extension_authorizer('compute', 'baremetal_nodes') node_fields = ['id', 'cpus', 'local_gb', 'memory_mb', 'pm_address', 'pm_user', 'service_host', 'terminal_port', 'instance_uuid'] node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path'] interface_fields = ['id', 'address', 'datapath_id', 'port_no'] CONF = cfg.CONF CONF.import_opt('api_version', 'patron.virt.ironic.driver', group='ironic') CONF.import_opt('api_endpoint', 'patron.virt.ironic.driver',
# under the License. """The bare-metal admin extension with Ironic Proxy.""" from oslo_config import cfg from oslo_log import log as logging from oslo_utils import importutils import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.i18n import _ ironic_client = importutils.try_import('ironicclient.client') ironic_exc = importutils.try_import('ironicclient.exc') authorize = extensions.extension_authorizer('compute', 'baremetal_nodes') node_fields = [ 'id', 'cpus', 'local_gb', 'memory_mb', 'pm_address', 'pm_user', 'service_host', 'terminal_port', 'instance_uuid' ] node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path'] interface_fields = ['id', 'address', 'datapath_id', 'port_no'] CONF = cfg.CONF CONF.import_opt('api_version', 'patron.virt.ironic.driver', group='ironic') CONF.import_opt('api_endpoint', 'patron.virt.ironic.driver', group='ironic') CONF.import_opt('admin_username', 'patron.virt.ironic.driver', group='ironic')
# under the License. """The hosts admin extension.""" from oslo_log import log as logging import webob.exc from patron.api.openstack import extensions from patron import compute from patron import context as patron_context from patron import exception from patron.i18n import _ from patron.i18n import _LI from patron import objects LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'hosts') class HostController(object): """The Hosts API controller for the OpenStack API.""" def __init__(self): self.api = compute.HostAPI() super(HostController, self).__init__() def index(self, req): """Returns a dict in the format: | {'hosts': [{'host_name': 'some.host.name', | 'service': 'cells', | 'zone': 'internal'}, | {'host_name': 'some.other.host.name',
from oslo_utils import uuidutils import webob from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ from patron.i18n import _LI from patron import objects from patron import volume LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'volumes') authorize_attach = extensions.extension_authorizer('compute', 'volume_attachments') def _translate_volume_detail_view(context, vol): """Maps keys for volumes details view.""" d = _translate_volume_summary_view(context, vol) # No additional data / lookups at the moment return d
def authorize(context, action_name): action = "migrations:%s" % action_name extensions.extension_authorizer("compute", action)(context)
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The virtual interfaces extension.""" from patron.api.openstack import common from patron.api.openstack import extensions from patron import compute from patron import network authorize = extensions.extension_authorizer('compute', 'virtual_interfaces') def _translate_vif_summary_view(_context, vif): """Maps keys for VIF summary view.""" d = {} d['id'] = vif['uuid'] d['mac_address'] = vif['address'] return d class ServerVirtualInterfaceController(object): """The instance VIF API controller for the OpenStack API. """ def __init__(self):
from patron.api.openstack import wsgi import patron.context from patron import db from patron import exception from patron.i18n import _ from patron import quota from patron import utils QUOTAS = quota.QUOTAS # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = { 'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas' } authorize = extensions.extension_authorizer('compute', 'quota_classes') class QuotaClassSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource) def _format_quota_set(self, quota_class, quota_set): """Convert the quota object to a result dict."""
# License for the specific language governing permissions and limitations # under the License. from oslo_log import log as logging from oslo_serialization import jsonutils import six import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _LI LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'os-assisted-volume-snapshots') class AssistedVolumeSnapshotsController(wsgi.Controller): def __init__(self): self.compute_api = compute.API() super(AssistedVolumeSnapshotsController, self).__init__() def create(self, req, body): """Creates a new snapshot.""" context = req.environ['patron.context'] authorize(context, action='create') if not self.is_valid_body(body, 'snapshot'): raise webob.exc.HTTPBadRequest()
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob import webob.exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.i18n import _ from patron import objects authorize = extensions.extension_authorizer('compute', 'cloudpipe_update') class CloudpipeUpdateController(wsgi.Controller): """Handle updating the vpn ip/port for cloudpipe instances.""" def __init__(self): super(CloudpipeUpdateController, self).__init__() @wsgi.action("update") def update(self, req, id, body): """Configure cloudpipe parameters for the project.""" context = req.environ['patron.context'] authorize(context) if id != "configure-project":
import patron.context from patron import exception from patron.i18n import _ from patron import objects from patron import quota from patron import utils QUOTAS = quota.QUOTAS NON_QUOTA_KEYS = ['tenant_id', 'id', 'force'] # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas'} authorize_update = extensions.extension_authorizer('compute', 'quotas:update') authorize_show = extensions.extension_authorizer('compute', 'quotas:show') authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete') class QuotaSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from oslo_config import cfg from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import availability_zones from patron import context as patron_context from patron import objects from patron import servicegroup CONF = cfg.CONF authorize_list = extensions.extension_authorizer('compute', 'availability_zone:list') authorize_detail = extensions.extension_authorizer('compute', 'availability_zone:detail') class AvailabilityZoneController(wsgi.Controller): """The Availability Zone API controller for the OpenStack API.""" def __init__(self): super(AvailabilityZoneController, self).__init__() self.servicegroup_api = servicegroup.API() def _get_filtered_availability_zones(self, zones, is_available): result = [] for zone in zones: # Hide internal_service_availability_zone
from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi import patron.exception from patron.i18n import _ from patron.i18n import _LE from patron import objects from patron import utils LOG = logging.getLogger(__name__) SUPPORTED_POLICIES = ['anti-affinity', 'affinity'] authorize = extensions.extension_authorizer('compute', 'server_groups') def _authorize_context(req): context = req.environ['patron.context'] authorize(context) return context class ServerGroupController(wsgi.Controller): """The Server group API controller for the OpenStack API.""" def __init__(self, ext_mgr): self.ext_mgr = ext_mgr def _format_server_group(self, context, group): # the id field has its value as the uuid of the server group
def authorize(context, action_name): action = 'admin_actions:%s' % action_name extensions.extension_authorizer('compute', action)(context)
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The shelved mode extension.""" import webob from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions as exts from patron.api.openstack import wsgi from patron import compute from patron import exception auth_shelve = exts.extension_authorizer('compute', 'shelve') auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload') auth_unshelve = exts.extension_authorizer('compute', 'unshelve') class ShelveController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ShelveController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('shelve') def _shelve(self, req, id, body): """Move an instance into shelved mode.""" context = req.environ["patron.context"] auth_shelve(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import servicegroup from patron import utils authorize = extensions.extension_authorizer('compute', 'services') class ServiceController(object): def __init__(self, ext_mgr=None, *args, **kwargs): self.host_api = compute.HostAPI() self.servicegroup_api = servicegroup.API() self.ext_mgr = ext_mgr def _get_services(self, req): context = req.environ['patron.context'] authorize(context) # NOTE(alex_xu): back-compatible with db layer hard-code admin # permission checks
def test_extension_authorizer_throws_exception_if_policy_fails(self): authorize = base_extensions.extension_authorizer( 'compute', 'used_limits_for_admin') self._test_extension_authorizer_throws_exception_if_policy_fails( "compute_extension:used_limits_for_admin", authorize)
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from webob import exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import exception from patron.i18n import _ from patron import network authorize = extensions.extension_authorizer('compute', 'networks_associate') class NetworkAssociateActionController(wsgi.Controller): """Network Association API Controller.""" def __init__(self, network_api=None): self.network_api = network_api or network.API() @wsgi.action("disassociate_host") def _disassociate_host_only(self, req, id, body): context = req.environ['patron.context'] authorize(context) try: self.network_api.associate(context, id, host=None)
"""The rescue mode extension.""" from oslo_config import cfg import webob from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions as exts from patron.api.openstack import wsgi from patron import compute from patron import exception from patron import utils CONF = cfg.CONF authorize = exts.extension_authorizer("compute", "rescue") class RescueController(wsgi.Controller): def __init__(self, ext_mgr, *args, **kwargs): super(RescueController, self).__init__(*args, **kwargs) self.compute_api = compute.API() self.ext_mgr = ext_mgr @wsgi.action("rescue") def _rescue(self, req, id, body): """Rescue an instance.""" context = req.environ["patron.context"] authorize(context) if body["rescue"] and "adminPass" in body["rescue"]:
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from webob import exc from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import exception from patron.i18n import _ from patron import network authorize = extensions.extension_authorizer('compute', 'networks_associate') class NetworkAssociateActionController(wsgi.Controller): """Network Association API Controller.""" def __init__(self, network_api=None): self.network_api = network_api or network.API() @wsgi.action("disassociate_host") def _disassociate_host_only(self, req, id, body): context = req.environ['patron.context'] authorize(context) try: self.network_api.associate(context, id, host=None) except exception.NetworkNotFound:
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import common from patron.api.openstack import extensions from patron import compute from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'server_diagnostics') class ServerDiagnosticsController(object): def __init__(self): self.compute_api = compute.API() def index(self, req, server_id): context = req.environ["patron.context"] authorize(context) instance = common.get_instance(self.compute_api, context, server_id) try: return self.compute_api.get_diagnostics(context, instance) except exception.InstanceInvalidState as state_error:
def authorize(context, action_name): action = 'migrations:%s' % action_name extensions.extension_authorizer('compute', action)(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import re import webob from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'console_output') class ConsoleOutputController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ConsoleOutputController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('os-getConsoleOutput') def get_console_output(self, req, id, body): """Get text console output.""" context = req.environ['patron.context'] authorize(context) instance = common.get_instance(self.compute_api, context, id) try:
import six from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.cells import rpcapi as cells_rpcapi from patron import exception from patron.i18n import _ from patron import rpc CONF = cfg.CONF CONF.import_opt('name', 'patron.cells.opts', group='cells') CONF.import_opt('capabilities', 'patron.cells.opts', group='cells') authorize = extensions.extension_authorizer('compute', 'cells') def _filter_keys(item, keys): """Filters all model attributes except for keys item is a dict """ return {k: v for k, v in item.iteritems() if k in keys} def _fixup_cell_info(cell_info, keys): """If the transport_url is present in the cell, derive username, rpc_host, and rpc_port from it. """
from patron.api.openstack import wsgi import patron.context from patron import db from patron import exception from patron.i18n import _ from patron import quota from patron import utils QUOTAS = quota.QUOTAS # Quotas that are only enabled by specific extensions EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas', 'server_group_members': 'os-server-group-quotas'} authorize = extensions.extension_authorizer('compute', 'quota_classes') class QuotaClassSetsController(wsgi.Controller): supported_quotas = [] def __init__(self, ext_mgr): self.ext_mgr = ext_mgr self.supported_quotas = QUOTAS.resources for resource, extension in EXTENDED_QUOTAS.items(): if not self.ext_mgr.is_loaded(extension): self.supported_quotas.remove(resource) def _format_quota_set(self, quota_class, quota_set): """Convert the quota object to a result dict."""
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron.consoleauth import rpcapi as consoleauth_rpcapi from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'console_auth_tokens') class ConsoleAuthTokensController(wsgi.Controller): def __init__(self, *args, **kwargs): self._consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI() super(ConsoleAuthTokensController, self).__init__(*args, **kwargs) def show(self, req, id): """Checks a console auth token and returns the related connect info.""" context = req.environ['patron.context'] authorize(context) token = id connect_info = self._consoleauth_rpcapi.check_token(context, token) if not connect_info:
# License for the specific language governing permissions and limitations # under the License. """The Aggregate admin API extension.""" import datetime from webob import exc from patron.api.openstack import extensions from patron.compute import api as compute_api from patron import exception from patron.i18n import _ from patron import utils authorize = extensions.extension_authorizer('compute', 'aggregates') def _get_context(req): return req.environ['patron.context'] def get_host_from_body(fn): """Makes sure that the host exists.""" def wrapped(self, req, id, body, *args, **kwargs): if len(body) != 1: msg = _('Only host parameter can be specified') raise exc.HTTPBadRequest(explanation=msg) elif 'host' not in body: msg = _('Host parameter must be specified') raise exc.HTTPBadRequest(explanation=msg)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import webob.exc from patron.api.openstack import extensions from patron import context as patron_context from patron import exception from patron.i18n import _ from patron import objects from patron import utils authorize = extensions.extension_authorizer('compute', 'agents') class AgentController(object): """The agent is talking about guest agent.The host can use this for things like accessing files on the disk, configuring networking, or running other applications/scripts in the guest while it is running. Typically this uses some hypervisor-specific transport to avoid being dependent on a working network configuration. Xen, VMware, and VirtualBox have guest agents,although the Xen driver is the only one with an implementation for managing them in openstack. KVM doesn't really have a concept of a guest agent (although one could be written). You can find the design of agent update in this link: http://wiki.openstack.org/AgentUpdate
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import six import webob from webob import exc from patron.api.openstack.compute.contrib import security_groups as sg from patron.api.openstack import extensions from patron import exception from patron.i18n import _ from patron.network.security_group import openstack_driver authorize = extensions.extension_authorizer('compute', 'security_group_default_rules') class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase): def __init__(self): self.security_group_api = ( openstack_driver.get_openstack_security_group_driver()) def create(self, req, body): context = sg._authorize_context(req) authorize(context) sg_rule = self._from_body(body, 'security_group_default_rule') try:
cfg.StrOpt('use_neutron_default_nets', default="False", help='Control for checking for default networks'), cfg.StrOpt('neutron_default_tenant_id', default="default", help='Default tenant id when creating neutron ' 'networks'), cfg.IntOpt('quota_networks', default=3, help='Number of private networks allowed per project'), ] CONF.register_opts(os_network_opts) QUOTAS = quota.QUOTAS LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'os-tenant-networks') def network_dict(network): # NOTE(danms): Here, network should be an object, which could have come # from neutron and thus be missing most of the attributes. Providing a # default to get() avoids trying to lazy-load missing attributes. return { "id": network.get("uuid", None) or network.get("id", None), "cidr": str(network.get("cidr", None)), "label": network.get("label", None) } class NetworkController(object): def __init__(self, network_api=None):
"""The hosts admin extension.""" from oslo_log import log as logging import webob.exc from patron.api.openstack import extensions from patron import compute from patron import context as patron_context from patron import exception from patron.i18n import _ from patron.i18n import _LI from patron import objects LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'hosts') class HostController(object): """The Hosts API controller for the OpenStack API.""" def __init__(self): self.api = compute.HostAPI() super(HostController, self).__init__() def index(self, req): """Returns a dict in the format: | {'hosts': [{'host_name': 'some.host.name', | 'service': 'cells', | 'zone': 'internal'}, | {'host_name': 'some.other.host.name',
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The hypervisors admin extension.""" import webob.exc from patron.api.openstack import extensions from patron import compute from patron import exception from patron.i18n import _ from patron import servicegroup authorize = extensions.extension_authorizer('compute', 'hypervisors') class HypervisorsController(object): """The Hypervisors API controller for the OpenStack API.""" def __init__(self, ext_mgr): self.host_api = compute.HostAPI() self.servicegroup_api = servicegroup.API() super(HypervisorsController, self).__init__() self.ext_mgr = ext_mgr def _view_hypervisor(self, hypervisor, service, detail, servers=None, **kwargs): hyp_dict = { 'id': hypervisor.id,
# License for the specific language governing permissions and limitations # under the License. import itertools import os from oslo_config import cfg from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron import compute from patron.i18n import _ from patron import utils authorize = extensions.extension_authorizer('compute', 'fping') authorize_all_tenants = extensions.extension_authorizer( 'compute', 'fping:all_tenants') fping_opts = [ cfg.StrOpt("fping_path", default="/usr/sbin/fping", help="Full path to fping."), ] CONF = cfg.CONF CONF.register_opts(fping_opts) class FpingController(object): def __init__(self, network_api=None): self.compute_api = compute.API()
# under the License. from oslo_log import log as logging import webob from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ from patron.i18n import _LI from patron import objects from patron.objects import external_event as external_event_obj LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'os-server-external-events') class ServerExternalEventsController(wsgi.Controller): def __init__(self): self.compute_api = compute.API() super(ServerExternalEventsController, self).__init__() def create(self, req, body): """Creates a new instance event.""" context = req.environ['patron.context'] authorize(context, action='create') response_events = [] accepted_events = [] accepted_instances = set()
"""The multinic extension.""" from oslo_log import log as logging import webob from webob import exc from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ from patron.i18n import _LE LOG = logging.getLogger(__name__) authorize = extensions.extension_authorizer('compute', 'multinic') class MultinicController(wsgi.Controller): def __init__(self, *args, **kwargs): super(MultinicController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('addFixedIp') def _add_fixed_ip(self, req, id, body): """Adds an IP on a given network to an instance.""" context = req.environ['patron.context'] authorize(context) # Validate the input entity if 'networkId' not in body['addFixedIp']:
# License for the specific language governing permissions and limitations # under the License. import re import webob from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute from patron import exception from patron.i18n import _ authorize = extensions.extension_authorizer('compute', 'console_output') class ConsoleOutputController(wsgi.Controller): def __init__(self, *args, **kwargs): super(ConsoleOutputController, self).__init__(*args, **kwargs) self.compute_api = compute.API() @wsgi.action('os-getConsoleOutput') def get_console_output(self, req, id, body): """Get text console output.""" context = req.environ['patron.context'] authorize(context) instance = common.get_instance(self.compute_api, context, id) try:
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. """The server password extension.""" from patron.api.metadata import password from patron.api.openstack import common from patron.api.openstack import extensions from patron.api.openstack import wsgi from patron import compute authorize = extensions.extension_authorizer('compute', 'server_password') class ServerPasswordController(object): """The Server Password API controller for the OpenStack API.""" def __init__(self): self.compute_api = compute.API() def index(self, req, server_id): context = req.environ['patron.context'] authorize(context) instance = common.get_instance(self.compute_api, context, server_id) passw = password.extract_password(instance) return {'password': passw or ''}