# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import quota
QUOTAS = quota.QUOTAS
XMLNS = "http://docs.openstack.org/compute/ext/used_limits/api/v1.1"
ALIAS = "os-used-limits"
authorize = extensions.soft_extension_authorizer('compute', 'used_limits')
authorize_for_admin = extensions.extension_authorizer('compute',
'used_limits_for_admin')
class UsedLimitsController(wsgi.Controller):
def __init__(self, ext_mgr):
self.ext_mgr = ext_mgr
@staticmethod
def _reserved(req):
try:
return int(req.GET['reserved'])
except (ValueError, KeyError):
return False
@wsgi.extends
cfg.StrOpt('use_neutron_default_nets',
default="False",
help='Control for checking for default networks'),
cfg.StrOpt('neutron_default_tenant_id',
default="default",
help='Default tenant id when creating neutron '
'networks'),
cfg.IntOpt('quota_networks',
default=3,
help='Number of private networks allowed per project'),
]
CONF.register_opts(os_network_opts)
QUOTAS = quota.QUOTAS
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'os-tenant-networks')
def network_dict(network):
# NOTE(danms): Here, network should be an object, which could have come
# from neutron and thus be missing most of the attributes. Providing a
# default to get() avoids trying to lazy-load missing attributes.
return {"id": network.get("uuid", None) or network.get("id", None),
"cidr": str(network.get("cidr", None)),
"label": network.get("label", None)}
class NetworkController(object):
def __init__(self, network_api=None):
self.network_api = patron.network.API()
self._default_networks = []
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
import webob.exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
from patron import objects
authorize = extensions.extension_authorizer('compute', 'cloudpipe_update')
class CloudpipeUpdateController(wsgi.Controller):
"""Handle updating the vpn ip/port for cloudpipe instances."""
def __init__(self):
super(CloudpipeUpdateController, self).__init__()
@wsgi.action("update")
def update(self, req, id, body):
"""Configure cloudpipe parameters for the project."""
context = req.environ['patron.context']
authorize(context)
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from patron.api.openstack import extensions
from patron import network
authorize = extensions.extension_authorizer("compute", "floating_ip_pools")
def _translate_floating_ip_view(pool_name):
return {"name": pool_name}
def _translate_floating_ip_pools_view(pools):
return {"floating_ip_pools": [_translate_floating_ip_view(pool_name) for pool_name in pools]}
class FloatingIPPoolsController(object):
"""The Floating IP Pool API controller for the OpenStack API."""
def __init__(self):
self.network_api = network.API()
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
import webob.exc
from patron.api.openstack import extensions
from patron import exception
from patron.i18n import _
from patron import objects
authorize = extensions.extension_authorizer('compute', 'fixed_ips')
class FixedIPController(object):
def show(self, req, id):
"""Return data about the given fixed ip."""
context = req.environ['patron.context']
authorize(context)
attrs = ['network', 'instance']
try:
fixed_ip = objects.FixedIP.get_by_address(context, id,
expected_attrs=attrs)
except exception.FixedIpNotFoundForAddress as ex:
raise webob.exc.HTTPNotFound(explanation=ex.format_message())
except exception.FixedIpInvalid as ex:
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from patron.api.openstack import extensions
from patron import network
authorize = extensions.extension_authorizer('compute', 'floating_ip_pools')
def _translate_floating_ip_view(pool_name):
return {
'name': pool_name,
}
def _translate_floating_ip_pools_view(pools):
return {
'floating_ip_pools':
[_translate_floating_ip_view(pool_name) for pool_name in pools]
}
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The deferred instance delete extension."""
import webob
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
authorize = extensions.extension_authorizer('compute', 'deferred_delete')
class DeferredDeleteController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(DeferredDeleteController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('restore')
def _restore(self, req, id, body):
"""Restore a previously deleted instance."""
context = req.environ["patron.context"]
authorize(context)
instance = common.get_instance(self.compute_api, context, id)
try:
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'consoles')
class ConsolesController(wsgi.Controller):
def __init__(self, *args, **kwargs):
self.compute_api = compute.API()
super(ConsolesController, self).__init__(*args, **kwargs)
@wsgi.action('os-getVNCConsole')
def get_vnc_console(self, req, id, body):
"""Get vnc connection information to access a server."""
context = req.environ['patron.context']
authorize(context)
# If type is not supplied or unknown, get_vnc_console below will cope
console_type = body['os-getVNCConsole'].get('type')
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
authorize_actions = extensions.extension_authorizer('compute',
'instance_actions')
authorize_events = extensions.soft_extension_authorizer('compute',
'instance_actions:events')
ACTION_KEYS = ['action', 'instance_uuid', 'request_id', 'user_id',
'project_id', 'start_time', 'message']
EVENT_KEYS = ['event', 'start_time', 'finish_time', 'result', 'traceback']
class InstanceActionsController(wsgi.Controller):
def __init__(self):
super(InstanceActionsController, self).__init__()
self.compute_api = compute.API()
self.action_api = compute.InstanceActionAPI()
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Keypair management extension."""
import webob
import webob.exc
from patron.api.openstack.compute import servers
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'keypairs')
soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs')
class KeypairController(object):
"""Keypair API controller for the OpenStack API."""
def __init__(self):
self.api = compute_api.KeypairAPI()
def _filter_keypair(self, keypair, **attrs):
clean = {
'name': keypair.name,
'public_key': keypair.public_key,
'fingerprint': keypair.fingerprint,
}
for attr in attrs:
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_utils import strutils
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron import utils
authorize = extensions.extension_authorizer('compute', 'evacuate')
class Controller(wsgi.Controller):
def __init__(self, ext_mgr, *args, **kwargs):
super(Controller, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
self.host_api = compute.HostAPI()
self.ext_mgr = ext_mgr
@wsgi.action('evacuate')
def _evacuate(self, req, id, body):
"""Permit admins to evacuate a server from a failed host
to a new one.
If host is empty, the scheduler will select one.
"""
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import servicegroup
from patron import utils
authorize = extensions.extension_authorizer('compute', 'services')
class ServiceController(object):
def __init__(self, ext_mgr=None, *args, **kwargs):
self.host_api = compute.HostAPI()
self.servicegroup_api = servicegroup.API()
self.ext_mgr = ext_mgr
def _get_services(self, req):
context = req.environ['patron.context']
authorize(context)
# NOTE(alex_xu): back-compatible with db layer hard-code admin
# permission checks
patron_context.require_admin_context(context)
# License for the specific language governing permissions and limitations
# under the License.
"""The flavor access extension."""
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
soft_authorize = extensions.soft_extension_authorizer('compute',
'flavor_access')
authorize = extensions.extension_authorizer('compute', 'flavor_access')
def _marshall_flavor_access(flavor):
rval = []
for project_id in flavor.projects:
rval.append({'flavor_id': flavor.flavorid, 'tenant_id': project_id})
return {'flavor_access': rval}
class FlavorAccessController(object):
"""The flavor access API controller for the OpenStack API."""
def __init__(self):
super(FlavorAccessController, self).__init__()
# License for the specific language governing permissions and limitations
# under the License.
"""The shelved mode extension."""
import webob
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
auth_shelve = exts.extension_authorizer('compute', 'shelve')
auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload')
auth_unshelve = exts.extension_authorizer('compute', 'unshelve')
class ShelveController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(ShelveController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('shelve')
def _shelve(self, req, id, body):
"""Move an instance into shelved mode."""
context = req.environ["patron.context"]
auth_shelve(context)
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import extensions
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import utils
authorize = extensions.extension_authorizer('compute', 'agents')
class AgentController(object):
"""The agent is talking about guest agent.The host can use this for
things like accessing files on the disk, configuring networking,
or running other applications/scripts in the guest while it is
running. Typically this uses some hypervisor-specific transport
to avoid being dependent on a working network configuration.
Xen, VMware, and VirtualBox have guest agents,although the Xen
driver is the only one with an implementation for managing them
in openstack. KVM doesn't really have a concept of a guest agent
(although one could be written).
You can find the design of agent update in this link:
http://wiki.openstack.org/AgentUpdate
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The Aggregate admin API extension."""
import datetime
from webob import exc
from patron.api.openstack import extensions
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
from patron import utils
authorize = extensions.extension_authorizer('compute', 'aggregates')
def _get_context(req):
return req.environ['patron.context']
def get_host_from_body(fn):
"""Makes sure that the host exists."""
def wrapped(self, req, id, body, *args, **kwargs):
if len(body) != 1:
msg = _('Only host parameter can be specified')
raise exc.HTTPBadRequest(explanation=msg)
elif 'host' not in body:
msg = _('Host parameter must be specified')
raise exc.HTTPBadRequest(explanation=msg)
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'consoles')
class ConsolesController(wsgi.Controller):
def __init__(self, *args, **kwargs):
self.compute_api = compute.API()
super(ConsolesController, self).__init__(*args, **kwargs)
@wsgi.action('os-getVNCConsole')
def get_vnc_console(self, req, id, body):
"""Get vnc connection information to access a server."""
context = req.environ['patron.context']
authorize(context)
# If type is not supplied or unknown, get_vnc_console below will cope
console_type = body['os-getVNCConsole'].get('type')
# under the License.
"""Keypair management extension."""
import webob
import webob.exc
from patron.api.openstack.compute import servers
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'keypairs')
soft_authorize = extensions.soft_extension_authorizer('compute', 'keypairs')
class KeypairController(object):
"""Keypair API controller for the OpenStack API."""
def __init__(self):
self.api = compute_api.KeypairAPI()
def _filter_keypair(self, keypair, **attrs):
clean = {
'name': keypair.name,
'public_key': keypair.public_key,
'fingerprint': keypair.fingerprint,
}
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import availability_zones
from patron import context as patron_context
from patron import objects
from patron import servicegroup
CONF = cfg.CONF
authorize_list = extensions.extension_authorizer('compute',
'availability_zone:list')
authorize_detail = extensions.extension_authorizer('compute',
'availability_zone:detail')
class AvailabilityZoneController(wsgi.Controller):
"""The Availability Zone API controller for the OpenStack API."""
def __init__(self):
super(AvailabilityZoneController, self).__init__()
self.servicegroup_api = servicegroup.API()
def _get_filtered_availability_zones(self, zones, is_available):
result = []
for zone in zones:
# Hide internal_service_availability_zone
if zone == CONF.internal_service_availability_zone:
"""The flavor access extension."""
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
soft_authorize = extensions.soft_extension_authorizer('compute',
'flavor_access')
authorize = extensions.extension_authorizer('compute', 'flavor_access')
def _marshall_flavor_access(flavor):
rval = []
for project_id in flavor.projects:
rval.append({'flavor_id': flavor.flavorid,
'tenant_id': project_id})
return {'flavor_access': rval}
class FlavorAccessController(object):
"""The flavor access API controller for the OpenStack API."""
def __init__(self):
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import extensions
import patron.cert.rpcapi
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'certificates')
def _translate_certificate_view(certificate, private_key=None):
return {
'data': certificate,
'private_key': private_key,
}
class CertificatesController(object):
"""The x509 Certificates API controller for the OpenStack API."""
def __init__(self):
self.cert_rpcapi = patron.cert.rpcapi.CertAPI()
super(CertificatesController, self).__init__()
"""The bare-metal admin extension with Ironic Proxy."""
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import importutils
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
ironic_client = importutils.try_import('ironicclient.client')
ironic_exc = importutils.try_import('ironicclient.exc')
authorize = extensions.extension_authorizer('compute', 'baremetal_nodes')
node_fields = ['id', 'cpus', 'local_gb', 'memory_mb', 'pm_address',
'pm_user', 'service_host', 'terminal_port', 'instance_uuid']
node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path']
interface_fields = ['id', 'address', 'datapath_id', 'port_no']
CONF = cfg.CONF
CONF.import_opt('api_version',
'patron.virt.ironic.driver',
group='ironic')
CONF.import_opt('api_endpoint',
'patron.virt.ironic.driver',
# under the License.
"""The bare-metal admin extension with Ironic Proxy."""
from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import importutils
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
ironic_client = importutils.try_import('ironicclient.client')
ironic_exc = importutils.try_import('ironicclient.exc')
authorize = extensions.extension_authorizer('compute', 'baremetal_nodes')
node_fields = [
'id', 'cpus', 'local_gb', 'memory_mb', 'pm_address', 'pm_user',
'service_host', 'terminal_port', 'instance_uuid'
]
node_ext_fields = ['uuid', 'task_state', 'updated_at', 'pxe_config_path']
interface_fields = ['id', 'address', 'datapath_id', 'port_no']
CONF = cfg.CONF
CONF.import_opt('api_version', 'patron.virt.ironic.driver', group='ironic')
CONF.import_opt('api_endpoint', 'patron.virt.ironic.driver', group='ironic')
CONF.import_opt('admin_username', 'patron.virt.ironic.driver', group='ironic')
# under the License.
"""The hosts admin extension."""
from oslo_log import log as logging
import webob.exc
from patron.api.openstack import extensions
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'hosts')
class HostController(object):
"""The Hosts API controller for the OpenStack API."""
def __init__(self):
self.api = compute.HostAPI()
super(HostController, self).__init__()
def index(self, req):
"""Returns a dict in the format:
| {'hosts': [{'host_name': 'some.host.name',
| 'service': 'cells',
| 'zone': 'internal'},
| {'host_name': 'some.other.host.name',
from oslo_utils import uuidutils
import webob
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
from patron import volume
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'volumes')
authorize_attach = extensions.extension_authorizer('compute',
'volume_attachments')
def _translate_volume_detail_view(context, vol):
"""Maps keys for volumes details view."""
d = _translate_volume_summary_view(context, vol)
# No additional data / lookups at the moment
return d
def authorize(context, action_name):
action = "migrations:%s" % action_name
extensions.extension_authorizer("compute", action)(context)
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The virtual interfaces extension."""
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron import network
authorize = extensions.extension_authorizer('compute', 'virtual_interfaces')
def _translate_vif_summary_view(_context, vif):
"""Maps keys for VIF summary view."""
d = {}
d['id'] = vif['uuid']
d['mac_address'] = vif['address']
return d
class ServerVirtualInterfaceController(object):
"""The instance VIF API controller for the OpenStack API.
"""
def __init__(self):
from patron.api.openstack import wsgi
import patron.context
from patron import db
from patron import exception
from patron.i18n import _
from patron import quota
from patron import utils
QUOTAS = quota.QUOTAS
# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {
'server_groups': 'os-server-group-quotas',
'server_group_members': 'os-server-group-quotas'
}
authorize = extensions.extension_authorizer('compute', 'quota_classes')
class QuotaClassSetsController(wsgi.Controller):
supported_quotas = []
def __init__(self, ext_mgr):
self.ext_mgr = ext_mgr
self.supported_quotas = QUOTAS.resources
for resource, extension in EXTENDED_QUOTAS.items():
if not self.ext_mgr.is_loaded(extension):
self.supported_quotas.remove(resource)
def _format_quota_set(self, quota_class, quota_set):
"""Convert the quota object to a result dict."""
# License for the specific language governing permissions and limitations
# under the License.
from oslo_log import log as logging
from oslo_serialization import jsonutils
import six
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _LI
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute',
'os-assisted-volume-snapshots')
class AssistedVolumeSnapshotsController(wsgi.Controller):
def __init__(self):
self.compute_api = compute.API()
super(AssistedVolumeSnapshotsController, self).__init__()
def create(self, req, body):
"""Creates a new snapshot."""
context = req.environ['patron.context']
authorize(context, action='create')
if not self.is_valid_body(body, 'snapshot'):
raise webob.exc.HTTPBadRequest()
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
import webob.exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.i18n import _
from patron import objects
authorize = extensions.extension_authorizer('compute', 'cloudpipe_update')
class CloudpipeUpdateController(wsgi.Controller):
"""Handle updating the vpn ip/port for cloudpipe instances."""
def __init__(self):
super(CloudpipeUpdateController, self).__init__()
@wsgi.action("update")
def update(self, req, id, body):
"""Configure cloudpipe parameters for the project."""
context = req.environ['patron.context']
authorize(context)
if id != "configure-project":
import patron.context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import quota
from patron import utils
QUOTAS = quota.QUOTAS
NON_QUOTA_KEYS = ['tenant_id', 'id', 'force']
# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
'server_group_members': 'os-server-group-quotas'}
authorize_update = extensions.extension_authorizer('compute', 'quotas:update')
authorize_show = extensions.extension_authorizer('compute', 'quotas:show')
authorize_delete = extensions.extension_authorizer('compute', 'quotas:delete')
class QuotaSetsController(wsgi.Controller):
supported_quotas = []
def __init__(self, ext_mgr):
self.ext_mgr = ext_mgr
self.supported_quotas = QUOTAS.resources
for resource, extension in EXTENDED_QUOTAS.items():
if not self.ext_mgr.is_loaded(extension):
self.supported_quotas.remove(resource)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import availability_zones
from patron import context as patron_context
from patron import objects
from patron import servicegroup
CONF = cfg.CONF
authorize_list = extensions.extension_authorizer('compute',
'availability_zone:list')
authorize_detail = extensions.extension_authorizer('compute',
'availability_zone:detail')
class AvailabilityZoneController(wsgi.Controller):
"""The Availability Zone API controller for the OpenStack API."""
def __init__(self):
super(AvailabilityZoneController, self).__init__()
self.servicegroup_api = servicegroup.API()
def _get_filtered_availability_zones(self, zones, is_available):
result = []
for zone in zones:
# Hide internal_service_availability_zone
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
import patron.exception
from patron.i18n import _
from patron.i18n import _LE
from patron import objects
from patron import utils
LOG = logging.getLogger(__name__)
SUPPORTED_POLICIES = ['anti-affinity', 'affinity']
authorize = extensions.extension_authorizer('compute', 'server_groups')
def _authorize_context(req):
context = req.environ['patron.context']
authorize(context)
return context
class ServerGroupController(wsgi.Controller):
"""The Server group API controller for the OpenStack API."""
def __init__(self, ext_mgr):
self.ext_mgr = ext_mgr
def _format_server_group(self, context, group):
# the id field has its value as the uuid of the server group
def authorize(context, action_name):
action = 'admin_actions:%s' % action_name
extensions.extension_authorizer('compute', action)(context)
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The shelved mode extension."""
import webob
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
auth_shelve = exts.extension_authorizer('compute', 'shelve')
auth_shelve_offload = exts.extension_authorizer('compute', 'shelveOffload')
auth_unshelve = exts.extension_authorizer('compute', 'unshelve')
class ShelveController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(ShelveController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('shelve')
def _shelve(self, req, id, body):
"""Move an instance into shelved mode."""
context = req.environ["patron.context"]
auth_shelve(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import servicegroup
from patron import utils
authorize = extensions.extension_authorizer('compute', 'services')
class ServiceController(object):
def __init__(self, ext_mgr=None, *args, **kwargs):
self.host_api = compute.HostAPI()
self.servicegroup_api = servicegroup.API()
self.ext_mgr = ext_mgr
def _get_services(self, req):
context = req.environ['patron.context']
authorize(context)
# NOTE(alex_xu): back-compatible with db layer hard-code admin
# permission checks
def test_extension_authorizer_throws_exception_if_policy_fails(self):
authorize = base_extensions.extension_authorizer(
'compute', 'used_limits_for_admin')
self._test_extension_authorizer_throws_exception_if_policy_fails(
"compute_extension:used_limits_for_admin", authorize)
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
from webob import exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import exception
from patron.i18n import _
from patron import network
authorize = extensions.extension_authorizer('compute', 'networks_associate')
class NetworkAssociateActionController(wsgi.Controller):
"""Network Association API Controller."""
def __init__(self, network_api=None):
self.network_api = network_api or network.API()
@wsgi.action("disassociate_host")
def _disassociate_host_only(self, req, id, body):
context = req.environ['patron.context']
authorize(context)
try:
self.network_api.associate(context, id, host=None)
"""The rescue mode extension."""
from oslo_config import cfg
import webob
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions as exts
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron import utils
CONF = cfg.CONF
authorize = exts.extension_authorizer("compute", "rescue")
class RescueController(wsgi.Controller):
def __init__(self, ext_mgr, *args, **kwargs):
super(RescueController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
self.ext_mgr = ext_mgr
@wsgi.action("rescue")
def _rescue(self, req, id, body):
"""Rescue an instance."""
context = req.environ["patron.context"]
authorize(context)
if body["rescue"] and "adminPass" in body["rescue"]:
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
from webob import exc
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import exception
from patron.i18n import _
from patron import network
authorize = extensions.extension_authorizer('compute', 'networks_associate')
class NetworkAssociateActionController(wsgi.Controller):
"""Network Association API Controller."""
def __init__(self, network_api=None):
self.network_api = network_api or network.API()
@wsgi.action("disassociate_host")
def _disassociate_host_only(self, req, id, body):
context = req.environ['patron.context']
authorize(context)
try:
self.network_api.associate(context, id, host=None)
except exception.NetworkNotFound:
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'server_diagnostics')
class ServerDiagnosticsController(object):
def __init__(self):
self.compute_api = compute.API()
def index(self, req, server_id):
context = req.environ["patron.context"]
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id)
try:
return self.compute_api.get_diagnostics(context, instance)
except exception.InstanceInvalidState as state_error:
def authorize(context, action_name):
action = 'migrations:%s' % action_name
extensions.extension_authorizer('compute', action)(context)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import re
import webob
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'console_output')
class ConsoleOutputController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(ConsoleOutputController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('os-getConsoleOutput')
def get_console_output(self, req, id, body):
"""Get text console output."""
context = req.environ['patron.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, id)
try:
import six
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.cells import rpcapi as cells_rpcapi
from patron import exception
from patron.i18n import _
from patron import rpc
CONF = cfg.CONF
CONF.import_opt('name', 'patron.cells.opts', group='cells')
CONF.import_opt('capabilities', 'patron.cells.opts', group='cells')
authorize = extensions.extension_authorizer('compute', 'cells')
def _filter_keys(item, keys):
"""Filters all model attributes except for keys
item is a dict
"""
return {k: v for k, v in item.iteritems() if k in keys}
def _fixup_cell_info(cell_info, keys):
"""If the transport_url is present in the cell, derive username,
rpc_host, and rpc_port from it.
"""
from patron.api.openstack import wsgi
import patron.context
from patron import db
from patron import exception
from patron.i18n import _
from patron import quota
from patron import utils
QUOTAS = quota.QUOTAS
# Quotas that are only enabled by specific extensions
EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
'server_group_members': 'os-server-group-quotas'}
authorize = extensions.extension_authorizer('compute', 'quota_classes')
class QuotaClassSetsController(wsgi.Controller):
supported_quotas = []
def __init__(self, ext_mgr):
self.ext_mgr = ext_mgr
self.supported_quotas = QUOTAS.resources
for resource, extension in EXTENDED_QUOTAS.items():
if not self.ext_mgr.is_loaded(extension):
self.supported_quotas.remove(resource)
def _format_quota_set(self, quota_class, quota_set):
"""Convert the quota object to a result dict."""
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron.consoleauth import rpcapi as consoleauth_rpcapi
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'console_auth_tokens')
class ConsoleAuthTokensController(wsgi.Controller):
def __init__(self, *args, **kwargs):
self._consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
super(ConsoleAuthTokensController, self).__init__(*args, **kwargs)
def show(self, req, id):
"""Checks a console auth token and returns the related connect info."""
context = req.environ['patron.context']
authorize(context)
token = id
connect_info = self._consoleauth_rpcapi.check_token(context, token)
if not connect_info:
# License for the specific language governing permissions and limitations
# under the License.
"""The Aggregate admin API extension."""
import datetime
from webob import exc
from patron.api.openstack import extensions
from patron.compute import api as compute_api
from patron import exception
from patron.i18n import _
from patron import utils
authorize = extensions.extension_authorizer('compute', 'aggregates')
def _get_context(req):
return req.environ['patron.context']
def get_host_from_body(fn):
"""Makes sure that the host exists."""
def wrapped(self, req, id, body, *args, **kwargs):
if len(body) != 1:
msg = _('Only host parameter can be specified')
raise exc.HTTPBadRequest(explanation=msg)
elif 'host' not in body:
msg = _('Host parameter must be specified')
raise exc.HTTPBadRequest(explanation=msg)
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import webob.exc
from patron.api.openstack import extensions
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron import objects
from patron import utils
authorize = extensions.extension_authorizer('compute', 'agents')
class AgentController(object):
"""The agent is talking about guest agent.The host can use this for
things like accessing files on the disk, configuring networking,
or running other applications/scripts in the guest while it is
running. Typically this uses some hypervisor-specific transport
to avoid being dependent on a working network configuration.
Xen, VMware, and VirtualBox have guest agents,although the Xen
driver is the only one with an implementation for managing them
in openstack. KVM doesn't really have a concept of a guest agent
(although one could be written).
You can find the design of agent update in this link:
http://wiki.openstack.org/AgentUpdate
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import six
import webob
from webob import exc
from patron.api.openstack.compute.contrib import security_groups as sg
from patron.api.openstack import extensions
from patron import exception
from patron.i18n import _
from patron.network.security_group import openstack_driver
authorize = extensions.extension_authorizer('compute',
'security_group_default_rules')
class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
def __init__(self):
self.security_group_api = (
openstack_driver.get_openstack_security_group_driver())
def create(self, req, body):
context = sg._authorize_context(req)
authorize(context)
sg_rule = self._from_body(body, 'security_group_default_rule')
try:
cfg.StrOpt('use_neutron_default_nets',
default="False",
help='Control for checking for default networks'),
cfg.StrOpt('neutron_default_tenant_id',
default="default",
help='Default tenant id when creating neutron '
'networks'),
cfg.IntOpt('quota_networks',
default=3,
help='Number of private networks allowed per project'),
]
CONF.register_opts(os_network_opts)
QUOTAS = quota.QUOTAS
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'os-tenant-networks')
def network_dict(network):
# NOTE(danms): Here, network should be an object, which could have come
# from neutron and thus be missing most of the attributes. Providing a
# default to get() avoids trying to lazy-load missing attributes.
return {
"id": network.get("uuid", None) or network.get("id", None),
"cidr": str(network.get("cidr", None)),
"label": network.get("label", None)
}
class NetworkController(object):
def __init__(self, network_api=None):
"""The hosts admin extension."""
from oslo_log import log as logging
import webob.exc
from patron.api.openstack import extensions
from patron import compute
from patron import context as patron_context
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'hosts')
class HostController(object):
"""The Hosts API controller for the OpenStack API."""
def __init__(self):
self.api = compute.HostAPI()
super(HostController, self).__init__()
def index(self, req):
"""Returns a dict in the format:
| {'hosts': [{'host_name': 'some.host.name',
| 'service': 'cells',
| 'zone': 'internal'},
| {'host_name': 'some.other.host.name',
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The hypervisors admin extension."""
import webob.exc
from patron.api.openstack import extensions
from patron import compute
from patron import exception
from patron.i18n import _
from patron import servicegroup
authorize = extensions.extension_authorizer('compute', 'hypervisors')
class HypervisorsController(object):
"""The Hypervisors API controller for the OpenStack API."""
def __init__(self, ext_mgr):
self.host_api = compute.HostAPI()
self.servicegroup_api = servicegroup.API()
super(HypervisorsController, self).__init__()
self.ext_mgr = ext_mgr
def _view_hypervisor(self, hypervisor, service, detail, servers=None,
**kwargs):
hyp_dict = {
'id': hypervisor.id,
# License for the specific language governing permissions and limitations
# under the License.
import itertools
import os
from oslo_config import cfg
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron import compute
from patron.i18n import _
from patron import utils
authorize = extensions.extension_authorizer('compute', 'fping')
authorize_all_tenants = extensions.extension_authorizer(
'compute', 'fping:all_tenants')
fping_opts = [
cfg.StrOpt("fping_path",
default="/usr/sbin/fping",
help="Full path to fping."),
]
CONF = cfg.CONF
CONF.register_opts(fping_opts)
class FpingController(object):
def __init__(self, network_api=None):
self.compute_api = compute.API()
# under the License.
from oslo_log import log as logging
import webob
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LI
from patron import objects
from patron.objects import external_event as external_event_obj
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute',
'os-server-external-events')
class ServerExternalEventsController(wsgi.Controller):
def __init__(self):
self.compute_api = compute.API()
super(ServerExternalEventsController, self).__init__()
def create(self, req, body):
"""Creates a new instance event."""
context = req.environ['patron.context']
authorize(context, action='create')
response_events = []
accepted_events = []
accepted_instances = set()
"""The multinic extension."""
from oslo_log import log as logging
import webob
from webob import exc
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
from patron.i18n import _LE
LOG = logging.getLogger(__name__)
authorize = extensions.extension_authorizer('compute', 'multinic')
class MultinicController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(MultinicController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('addFixedIp')
def _add_fixed_ip(self, req, id, body):
"""Adds an IP on a given network to an instance."""
context = req.environ['patron.context']
authorize(context)
# Validate the input entity
if 'networkId' not in body['addFixedIp']:
# License for the specific language governing permissions and limitations
# under the License.
import re
import webob
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
from patron import exception
from patron.i18n import _
authorize = extensions.extension_authorizer('compute', 'console_output')
class ConsoleOutputController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(ConsoleOutputController, self).__init__(*args, **kwargs)
self.compute_api = compute.API()
@wsgi.action('os-getConsoleOutput')
def get_console_output(self, req, id, body):
"""Get text console output."""
context = req.environ['patron.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, id)
try:
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""The server password extension."""
from patron.api.metadata import password
from patron.api.openstack import common
from patron.api.openstack import extensions
from patron.api.openstack import wsgi
from patron import compute
authorize = extensions.extension_authorizer('compute', 'server_password')
class ServerPasswordController(object):
"""The Server Password API controller for the OpenStack API."""
def __init__(self):
self.compute_api = compute.API()
def index(self, req, server_id):
context = req.environ['patron.context']
authorize(context)
instance = common.get_instance(self.compute_api, context, server_id)
passw = password.extract_password(instance)
return {'password': passw or ''}
