def configure_registry_client(): """ Sets up a registry client for use in registry lookups """ global _CLIENT_KWARGS, _CLIENT_HOST, _CLIENT_PORT try: host, port = CONF.registry_host, CONF.registry_port except cfg.ConfigFileValueError: msg = _("Configuration option was not valid") LOG.error(msg) raise exception.BadRegistryConnectionConfiguration(msg) except IndexError: msg = _("Could not find required configuration option") LOG.error(msg) raise exception.BadRegistryConnectionConfiguration(msg) _CLIENT_HOST = host _CLIENT_PORT = port _CLIENT_KWARGS = { 'use_ssl': CONF.registry_client_protocol.lower() == 'https', 'key_file': CONF.registry_client_key_file, 'cert_file': CONF.registry_client_cert_file, 'ca_file': CONF.registry_client_ca_file, 'insecure': CONF.registry_client_insecure, 'timeout': CONF.registry_client_timeout, } if not CONF.use_user_token: configure_registry_admin_creds()
def launch(pid_file, conf_file=None, capture_output=False, await_time=0): args = [server] if conf_file: args += ['--config-file', conf_file] msg = (_('%(verb)sing %(serv)s with %(conf)s') % {'verb': verb, 'serv': server, 'conf': conf_file}) else: msg = (_('%(verb)sing %(serv)s') % {'verb': verb, 'serv': server}) print(msg) close_stdio_on_exec() pid = os.fork() if pid == 0: os.setsid() redirect_stdio(server, capture_output) try: os.execlp('%s' % server, *args) except OSError as e: msg = (_('unable to launch %(serv)s. Got error: %(e)s') % {'serv': server, 'e': e}) sys.exit(msg) sys.exit(0) else: write_pid_file(pid_file, pid) await_child(pid, await_time) return pid
def validate_location_uri(location): """Validate location uri into acceptable format. :param location: Location uri to be validated """ if not location: raise exception.BadStoreUri(_('Invalid location: %s') % location) elif location.startswith(('http://', 'https://')): return location # NOTE: file type uri is being avoided for security reasons, # see LP bug #942118 #1400966. elif location.startswith(("file:///", "filesystem:///")): msg = _("File based imports are not allowed. Please use a non-local " "source of image data.") # NOTE: raise BadStoreUri and let the encompassing block save the error # msg in the task.message. raise exception.BadStoreUri(msg) else: # TODO(nikhil): add other supported uris supported = ['http', ] msg = _("The given uri is not valid. Please specify a " "valid uri from the following list of supported uri " "%(supported)s") % {'supported': supported} raise urllib.error.URLError(msg)
def _get_base_properties(): return { "name": { "type": "string" }, "description": { "type": "string" }, "required": { "$ref": "#/definitions/stringArray" }, "properties": { "$ref": "#/definitions/property" }, "schema": { 'readOnly': True, "type": "string" }, "self": { 'readOnly': True, "type": "string" }, "created_at": { "type": "string", "readOnly": True, "description": _("Date and time of object creation"), "format": "date-time" }, "updated_at": { "type": "string", "readOnly": True, "description": _("Date and time of the last object modification"), "format": "date-time" } }
def __init__(self, type_name=None, type_version=None, **kwargs): """Defines an artifact reference :param type_name: type name of the target artifact :param type_version: type version of the target artifact """ super(ArtifactReference, self).__init__(**kwargs) if type_name is not None: if isinstance(type_name, list): type_names = list(type_name) if type_version is not None: raise exc.InvalidArtifactTypePropertyDefinition( _('Unable to specify version ' 'if multiple types are possible')) else: type_names = [type_name] def validate_reference(artifact): if artifact.type_name not in type_names: return False if (type_version is not None and artifact.type_version != type_version): return False return True self._add_validator('referenced_type', validate_reference, _("Invalid referenced type")) elif type_version is not None: raise exc.InvalidArtifactTypePropertyDefinition( _('Unable to specify version ' 'if type is not specified')) self._check_definition()
def index(self, req, image_id): """ Return a list of dictionaries indicating the members of the image, i.e., those tenants the image is shared with. :param req: the Request object coming from the wsgi layer :param image_id: The opaque image identifier :returns: The response body is a mapping of the following form .. code-block:: json {'members': [ {'member_id': <MEMBER>, 'can_share': <SHARE_PERMISSION>, ...}, ... ]} """ self._enforce(req, 'get_members') self._raise_404_if_image_deleted(req, image_id) try: members = registry.get_image_members(req.context, image_id) except exception.NotFound: msg = _("Image with identifier %s not found") % image_id LOG.warn(msg) raise webob.exc.HTTPNotFound(msg) except exception.Forbidden: msg = _("Unauthorized image access") LOG.warn(msg) raise webob.exc.HTTPForbidden(msg) return dict(members=members)
def replication_size(options, args): """%(prog)s size <server:port> Determine the size of a xmonitor instance if dumped to disk. server:port: the location of the xmonitor instance. """ # Make sure server info is provided if len(args) < 1: raise TypeError(_("Too few arguments.")) server, port = utils.parse_valid_host_port(args.pop()) total_size = 0 count = 0 imageservice = get_image_service() client = imageservice(http_client.HTTPConnection(server, port), options.slavetoken) for image in client.get_images(): LOG.debug('Considering image: %(image)s', {'image': image}) if image['status'] == 'active': total_size += int(image['size']) count += 1 print(_('Total size is %(size)d bytes across %(img_count)d images') % {'size': total_size, 'img_count': count})
def set_attr(self, value): if not isinstance(value, (list, StoreLocations)): reason = _('Invalid locations') raise exception.BadStoreUri(message=reason) ori_value = getattr(getattr(self, target), attr) if ori_value != value: # NOTE(flwang): If all the URL of passed-in locations are same as # current image locations, that means user would like to only # update the metadata, not the URL. ordered_value = sorted([loc['url'] for loc in value]) ordered_ori = sorted([loc['url'] for loc in ori_value]) if len(ori_value) > 0 and ordered_value != ordered_ori: raise exception.Invalid(_('Original locations is not empty: ' '%s') % ori_value) # NOTE(zhiyan): Check locations are all valid # NOTE(flwang): If all the URL of passed-in locations are same as # current image locations, then it's not necessary to verify those # locations again. Otherwise, if there is any restricted scheme in # existing locations. _check_image_location will fail. if ordered_value != ordered_ori: for loc in value: _check_image_location(self.context, self.store_api, self.store_utils, loc) loc['status'] = 'active' if _count_duplicated_locations(value, loc) > 1: raise exception.DuplicateLocation(location=loc['url']) _set_image_size(self.context, getattr(self, target), value) else: for loc in value: loc['status'] = 'active' return setattr(getattr(self, target), attr, list(value))
def status(self, status): has_status = hasattr(self, '_status') if has_status: if status not in self.valid_state_targets[self._status]: kw = {'cur_status': self._status, 'new_status': status} e = exception.InvalidImageStatusTransition(**kw) LOG.debug(e) raise e if self._status == 'queued' and status in ('saving', 'active'): missing = [k for k in ['disk_format', 'container_format'] if not getattr(self, k)] if len(missing) > 0: if len(missing) == 1: msg = _('Property %s must be set prior to ' 'saving data.') else: msg = _('Properties %s must be set prior to ' 'saving data.') raise ValueError(msg % ', '.join(missing)) # NOTE(flwang): Image size should be cleared as long as the image # status is updated to 'queued' if status == 'queued': self.size = None self.virtual_size = None self._status = status
def _check_item_type(self, item): if not isinstance(item, self.ALLOWED_ITEM_TYPES): raise exc.InvalidArtifactTypePropertyDefinition( _('Invalid item type specification')) if item.default is not None: raise exc.InvalidArtifactTypePropertyDefinition( _('List definitions may hot have defaults'))
def download(self, req, id, type_name, type_version, attr, index, **kwargs): artifact_repo = self.gateway.get_artifact_repo(req.context) try: artifact = artifact_repo.get(id, type_name, type_version) if attr in artifact.metadata.attributes.blobs: if isinstance(artifact.metadata.attributes.blobs[attr], list): if index is None: raise webob.exc.HTTPBadRequest( explanation=_("Index is required")) blob_list = getattr(artifact, attr) try: return blob_list[index] except IndexError as e: raise webob.exc.HTTPBadRequest(explanation=e.message) else: if index is not None: raise webob.exc.HTTPBadRequest(_("Not a list " "property")) return getattr(artifact, attr) else: message = _("Not a downloadable entity") raise webob.exc.HTTPBadRequest(explanation=message) except exception.Forbidden as e: raise webob.exc.HTTPForbidden(explanation=e.msg) except (glance_store.NotFound, exception.NotFound) as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Invalid as e: raise webob.exc.HTTPBadRequest(explanation=e.msg)
def update(self, req, image_id, member_id, status): """ Adds a membership to the image. :param req: the Request object coming from the wsgi layer :param image_id: the image identifier :param member_id: the member identifier :returns: The response body is a mapping of the following form .. code-block:: json {'member_id': <MEMBER>, 'image_id': <IMAGE>, 'status': <MEMBER_STATUS>, 'created_at': .., 'updated_at': ..} """ image = self._lookup_image(req, image_id) member_repo = self._get_member_repo(req, image) member = self._lookup_member(req, image, member_id) try: member.status = status member_repo.save(member) return member except exception.Forbidden: msg = _("Not allowed to update members for image %s.") % image_id LOG.warning(msg) raise webob.exc.HTTPForbidden(explanation=msg) except ValueError as e: msg = (_("Incorrect request: %s") % encodeutils.exception_to_unicode(e)) LOG.warning(msg) raise webob.exc.HTTPBadRequest(explanation=msg)
def update(self, req, image_id, tag_value): image_repo = self.gateway.get_repo(req.context) try: image = image_repo.get(image_id) image.tags.add(tag_value) image_repo.save(image) except exception.NotFound: msg = _("Image %s not found.") % image_id LOG.warning(msg) raise webob.exc.HTTPNotFound(explanation=msg) except exception.Forbidden: msg = _("Not allowed to update tags for image %s.") % image_id LOG.warning(msg) raise webob.exc.HTTPForbidden(explanation=msg) except exception.Invalid as e: msg = (_("Could not update image: %s") % encodeutils.exception_to_unicode(e)) LOG.warning(msg) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.ImageTagLimitExceeded as e: msg = (_("Image tag limit exceeded for image %(id)s: %(e)s:") % {"id": image_id, "e": encodeutils.exception_to_unicode(e)}) LOG.warning(msg) raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg)
def update(self, req, id, type_name, type_version, changes, **kwargs): """Performs an update via json patch request""" artifact_repo = self.gateway.get_artifact_repo(req.context) try: artifact = self._get_artifact_with_dependencies(artifact_repo, id, type_name, type_version) self._ensure_write_access(artifact, req.context) updated = artifact for change in changes: if artifact.metadata.attributes.blobs.get(change['path']): msg = _('Invalid request PATCH for work with blob') raise webob.exc.HTTPBadRequest(explanation=msg) else: updated = self._do_update_op(updated, change) artifact_repo.save(updated) return self._get_artifact_with_dependencies(artifact_repo, id) except (exception.InvalidJsonPatchPath, exception.Invalid) as e: raise webob.exc.HTTPBadRequest(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Forbidden as e: raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.StorageQuotaFull as e: msg = (_("Denying attempt to upload artifact because it exceeds " "the quota: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPRequestEntityTooLarge( explanation=msg, request=req, content_type='text/plain') except exception.LimitExceeded as e: raise webob.exc.HTTPRequestEntityTooLarge( explanation=e.msg, request=req, content_type='text/plain') except exception.NotAuthenticated as e: raise webob.exc.HTTPUnauthorized(explanation=e.msg)
def do_stop(server, args, graceful=False): if graceful and server in GRACEFUL_SHUTDOWN_SERVERS: sig = signal.SIGHUP else: sig = signal.SIGTERM did_anything = False pfiles = pid_files(server, CONF.pid_file) for pid_file, pid in pfiles: did_anything = True try: os.unlink(pid_file) except OSError: pass try: print(_('Stopping %(serv)s (pid %(pid)s) with signal(%(sig)s)') % {'serv': server, 'pid': pid, 'sig': sig}) os.kill(pid, sig) except OSError: print(_("Process %d not running") % pid) for pid_file, pid in pfiles: for _junk in range(150): # 15 seconds if not os.path.exists('/proc/%s' % pid): break time.sleep(0.1) else: print(_('Waited 15 seconds for pid %(pid)s (%(file)s) to die;' ' giving up') % {'pid': pid, 'file': pid_file}) if not did_anything: print(_('%s is already stopped') % server)
def get_connect_kwargs(self): # Both secure and insecure connections have a timeout option connect_kwargs = {'timeout': self.timeout} if self.use_ssl: if self.key_file is None: self.key_file = os.environ.get('GLANCE_CLIENT_KEY_FILE') if self.cert_file is None: self.cert_file = os.environ.get('GLANCE_CLIENT_CERT_FILE') if self.ca_file is None: self.ca_file = os.environ.get('GLANCE_CLIENT_CA_FILE') # Check that key_file/cert_file are either both set or both unset if self.cert_file is not None and self.key_file is None: msg = _("You have selected to use SSL in connecting, " "and you have supplied a cert, " "however you have failed to supply either a " "key_file parameter or set the " "GLANCE_CLIENT_KEY_FILE environ variable") raise exception.ClientConnectionError(msg) if self.key_file is not None and self.cert_file is None: msg = _("You have selected to use SSL in connecting, " "and you have supplied a key, " "however you have failed to supply either a " "cert_file parameter or set the " "GLANCE_CLIENT_CERT_FILE environ variable") raise exception.ClientConnectionError(msg) if (self.key_file is not None and not os.path.exists(self.key_file)): msg = _("The key file you specified %s does not " "exist") % self.key_file raise exception.ClientConnectionError(msg) connect_kwargs['key_file'] = self.key_file if (self.cert_file is not None and not os.path.exists(self.cert_file)): msg = _("The cert file you specified %s does not " "exist") % self.cert_file raise exception.ClientConnectionError(msg) connect_kwargs['cert_file'] = self.cert_file if (self.ca_file is not None and not os.path.exists(self.ca_file)): msg = _("The CA file you specified %s does not " "exist") % self.ca_file raise exception.ClientConnectionError(msg) if self.ca_file is None: for ca in self.DEFAULT_CA_FILE_PATH.split(":"): if os.path.exists(ca): self.ca_file = ca break connect_kwargs['ca_file'] = self.ca_file connect_kwargs['insecure'] = self.insecure return connect_kwargs
def do_check_status(pid_file, server): if os.path.exists(pid_file): with open(pid_file, 'r') as pidfile: pid = pidfile.read().strip() print(_("%(serv)s (pid %(pid)s) is running...") % {'serv': server, 'pid': pid}) else: print(_("%s is stopped") % server)
def _check_for_path_errors(self, pointer): if not re.match(self.PATH_REGEX_COMPILED, pointer): msg = _("Json path should start with a '/', " "end with no '/', no 2 subsequent '/' are allowed.") raise exc.InvalidJsonPatchPath(path=pointer, explanation=msg) if re.search('~[^01]', pointer) or pointer.endswith('~'): msg = _("Pointer contains '~' which is not part of" " a recognized escape sequence [~0, ~1].") raise exc.InvalidJsonPatchPath(path=pointer, explanation=msg)
def __init__(self, **kwargs): if "type_name" in kwargs: raise exc.InvalidArtifactPropertyValue( _("Unable to specify artifact type explicitly")) if "type_version" in kwargs: raise exc.InvalidArtifactPropertyValue( _("Unable to specify artifact type version explicitly")) super(ArtifactType, self).__init__(type_name=self.metadata.type_name, type_version=self.metadata.type_version, **kwargs)
def _get_limit(self, req): """Parse a limit query param into something usable.""" try: limit = int(req.params.get('limit', CONF.limit_param_default)) except ValueError: raise exc.HTTPBadRequest(_("limit param must be an integer")) if limit < 0: raise exc.HTTPBadRequest(_("limit param must be positive")) return min(CONF.api_limit_max, limit)
def get_image_meta_from_headers(response): """ Processes HTTP headers from a supplied response that match the x-image-meta and x-image-meta-property and returns a mapping of image metadata and properties :param response: Response to process """ result = {} properties = {} if hasattr(response, 'getheaders'): # httplib.HTTPResponse headers = response.getheaders() else: # webob.Response headers = response.headers.items() for key, value in headers: key = str(key.lower()) if key.startswith('x-image-meta-property-'): field_name = key[len('x-image-meta-property-'):].replace('-', '_') properties[field_name] = value or None elif key.startswith('x-image-meta-'): field_name = key[len('x-image-meta-'):].replace('-', '_') if 'x-image-meta-' + field_name not in IMAGE_META_HEADERS: msg = _("Bad header: %(header_name)s") % {'header_name': key} raise exc.HTTPBadRequest(msg, content_type="text/plain") result[field_name] = value or None result['properties'] = properties for key, nullable in [('size', False), ('min_disk', False), ('min_ram', False), ('virtual_size', True)]: if key in result: try: result[key] = int(result[key]) except ValueError: if nullable and result[key] == str(None): result[key] = None else: extra = (_("Cannot convert image %(key)s '%(value)s' " "to an integer.") % {'key': key, 'value': result[key]}) raise exception.InvalidParameterValue(value=result[key], param=key, extra_msg=extra) if result[key] is not None and result[key] < 0: extra = _('Cannot be a negative value.') raise exception.InvalidParameterValue(value=result[key], param=key, extra_msg=extra) for key in ('is_public', 'deleted', 'protected'): if key in result: result[key] = strutils.bool_from_string(result[key]) return result
def _lookup_image(self, req, image_id): image_repo = self.gateway.get_repo(req.context) try: return image_repo.get(image_id) except (exception.NotFound): msg = _("Image %s not found.") % image_id LOG.warning(msg) raise webob.exc.HTTPNotFound(explanation=msg) except exception.Forbidden: msg = _("You are not authorized to lookup image %s.") % image_id LOG.warning(msg) raise webob.exc.HTTPForbidden(explanation=msg)
def _validate_limit(self, limit): try: limit = int(limit) except ValueError: msg = _("limit param must be an integer") raise webob.exc.HTTPBadRequest(explanation=msg) if limit < 0: msg = _("limit param must be positive") raise webob.exc.HTTPBadRequest(explanation=msg) return limit
def validate_key_cert(key_file, cert_file): try: error_key_name = "private key" error_filename = key_file with open(key_file, 'r') as keyfile: key_str = keyfile.read() key = crypto.load_privatekey(crypto.FILETYPE_PEM, key_str) error_key_name = "certificate" error_filename = cert_file with open(cert_file, 'r') as certfile: cert_str = certfile.read() cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str) except IOError as ioe: raise RuntimeError(_("There is a problem with your %(error_key_name)s " "%(error_filename)s. Please verify it." " Error: %(ioe)s") % {'error_key_name': error_key_name, 'error_filename': error_filename, 'ioe': ioe}) except crypto.Error as ce: raise RuntimeError(_("There is a problem with your %(error_key_name)s " "%(error_filename)s. Please verify it. OpenSSL" " error: %(ce)s") % {'error_key_name': error_key_name, 'error_filename': error_filename, 'ce': ce}) try: data = str(uuid.uuid4()) # On Python 3, explicitly encode to UTF-8 to call crypto.sign() which # requires bytes. Otherwise, it raises a deprecation warning (and # will raise an error later). data = encodeutils.to_utf8(data) digest = CONF.digest_algorithm if digest == 'sha1': LOG.warn( _LW('The FIPS (FEDERAL INFORMATION PROCESSING STANDARDS)' ' state that the SHA-1 is not suitable for' ' general-purpose digital signature applications (as' ' specified in FIPS 186-3) that require 112 bits of' ' security. The default value is sha1 in Kilo for a' ' smooth upgrade process, and it will be updated' ' with sha256 in next release(L).')) out = crypto.sign(key, data, digest) crypto.verify(cert, out, data, digest) except crypto.Error as ce: raise RuntimeError(_("There is a problem with your key pair. " "Please verify that cert %(cert_file)s and " "key %(key_file)s belong together. OpenSSL " "error %(ce)s") % {'cert_file': cert_file, 'key_file': key_file, 'ce': ce})
def update(self, request): body = self._get_request_body(request) try: status = body['status'] except KeyError: msg = _("Status not specified") raise webob.exc.HTTPBadRequest(explanation=msg) except TypeError: msg = _('Expected a status in the form: ' '{"status": "status"}') raise webob.exc.HTTPBadRequest(explanation=msg) return dict(status=status)
def new_tag(self, **kwargs): owner = kwargs.pop('owner', self.context.owner) if not self.context.is_admin: if owner is None: message = _("Owner must be specified to create a tag.") raise exception.Forbidden(message) elif owner != self.context.owner: message = _("You are not permitted to create a tag" " in the namespace owned by '%s'") raise exception.Forbidden(message % (owner)) return super(MetadefTagFactoryProxy, self).new_tag(**kwargs)
def max_length(self, value): """Sets the maximum value length""" self._max_length = value if value is not None: if value > 255: raise exc.InvalidArtifactTypePropertyDefinition( _('Max string length may not exceed 255 characters')) self._add_validator('max_length', lambda v: len(v) <= self._max_length, _('Length is greater than maximum')) else: self._remove_validator('max_length') self._check_definition()
def _check_dict(data_dict): # a dict of dicts has to be checked recursively for key, value in six.iteritems(data_dict): if isinstance(value, dict): _check_dict(value) else: if _is_match(key): msg = _("Property names can't contain 4 byte unicode.") raise exception.Invalid(msg) if _is_match(value): msg = (_("%s can't contain 4 byte unicode characters.") % key.title()) raise exception.Invalid(msg)
def min_length(self, value): """Sets the minimum value length""" self._min_length = value if value is not None: if value < 0: raise exc.InvalidArtifactTypePropertyDefinition( _('Min string length may not be negative')) self._add_validator('min_length', lambda v: len(v) >= self._min_length, _('Length is less than minimum')) else: self._remove_validator('min_length') self._check_definition()
def _get_filters(self, filters): status = filters.get('status') if status: if status not in ['pending', 'processing', 'success', 'failure']: msg = _('Invalid status value: %s') % status raise webob.exc.HTTPBadRequest(explanation=msg) type = filters.get('type') if type: if type not in ['import']: msg = _('Invalid type value: %s') % type raise webob.exc.HTTPBadRequest(explanation=msg) return filters
def delete(self, req, image_id, id): """ Removes a membership from the image. """ self._check_can_access_image_members(req.context) # Make sure the image exists try: image = self.db_api.image_get(req.context, image_id) except exception.NotFound: msg = _("Image %(id)s not found") % {'id': image_id} LOG.warn(msg) raise webob.exc.HTTPNotFound(msg) except exception.Forbidden: # If it's private and doesn't belong to them, don't let on # that it exists msg = _LW("Access denied to image %(id)s but returning" " 'not found'") % {'id': image_id} LOG.warn(msg) raise webob.exc.HTTPNotFound() # Can they manipulate the membership? if not self.is_image_sharable(req.context, image): msg = (_LW("User lacks permission to share image %(id)s") % {'id': image_id}) LOG.warn(msg) msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Look up an existing membership members = self.db_api.image_member_find(req.context, image_id=image_id, member=id) if members: self.db_api.image_member_delete(req.context, members[0]['id']) else: LOG.debug("%(id)s is not a member of image %(image_id)s", {'id': id, 'image_id': image_id}) msg = _("Membership could not be found.") raise webob.exc.HTTPNotFound(explanation=msg) # Make an appropriate result LOG.info(_LI("Successfully deleted a membership from image %(id)s"), {'id': image_id}) return webob.exc.HTTPNoContent()
def get_verifier(context, image_properties): """Retrieve the image properties and use them to create a verifier. :param context: the user context for authentication :param image_properties: the key-value properties about the image :return: instance of cryptography AsymmetricVerificationContext :raises xmonitor.common.exception.SignatureVerificationError: if building the verifier fails """ if not should_create_verifier(image_properties): raise exception.SignatureVerificationError( _('Required image properties for signature verification do not' ' exist. Cannot verify signature.') ) signature = get_signature(image_properties[SIGNATURE]) hash_method = get_hash_method(image_properties[HASH_METHOD]) signature_key_type = SignatureKeyType.lookup( image_properties[KEY_TYPE]) public_key = get_public_key(context, image_properties[CERT_UUID], signature_key_type) # create the verifier based on the signature key type try: verifier = signature_key_type.create_verifier(signature, hash_method, public_key) except crypto_exception.UnsupportedAlgorithm as e: msg = (_LE("Unable to create verifier since algorithm is " "unsupported: %(e)s") % {'e': encodeutils.exception_to_unicode(e)}) LOG.error(msg) raise exception.SignatureVerificationError( _('Unable to verify signature since the algorithm is unsupported ' 'on this system') ) if verifier: return verifier else: # Error creating the verifier raise exception.SignatureVerificationError( _('Error occurred while creating the verifier') )
class ServiceUnavailable(GlanceException): message = _("The request returned 503 Service Unavailable. This " "generally occurs on service overload or other transient " "outage.") def __init__(self, *args, **kwargs): self.retry_after = (int(kwargs['retry']) if kwargs.get('retry') else None) super(ServiceUnavailable, self).__init__(*args, **kwargs)
def _validate_allowed_values(self): if self._allowed_values: try: for allowed_value in self._allowed_values: self.validate(allowed_value, 'allowed_value') except exc.InvalidArtifactPropertyValue: raise exc.InvalidArtifactTypePropertyDefinition( _("Allowed values %s are invalid under given validators") % self._allowed_values)
def get_content_range(self): """Return the `Range` in a request.""" range_str = self.headers.get('Content-Range') if range_str is not None: range_ = webob.byterange.ContentRange.parse(range_str) if range_ is None: msg = _('Malformed Content-Range header: %s') % range_str raise webob.exc.HTTPBadRequest(explanation=msg) return range_
def _get_marker(self, req): """Parse a marker query param into something usable.""" marker = req.params.get('marker', None) if marker and not uuidutils.is_uuid_like(marker): msg = _('Invalid marker format') raise exc.HTTPBadRequest(explanation=msg) return marker
def max_properties(self, value): self._max_properties = value if value is not None: self._add_validator( 'max_properties', lambda v: len(v) <= self._max_properties, _('Dictionary size is ' 'greater than maximum')) else: self._remove_validator('max_properties')
def list(self, *args, **kwargs): members = self.member_repo.list(*args, **kwargs) if (self.context.is_admin or self.context.owner == self.image.owner): return [proxy_member(self.context, m) for m in members] for member in members: if member.member_id == self.context.owner: return [proxy_member(self.context, member)] message = _("You cannot get image member for %s") raise exception.Forbidden(message % self.image.image_id)
class LimitExceeded(GlanceException): message = _("The request returned a 413 Request Entity Too Large. This " "generally means that rate limiting or a quota threshold was " "breached.\n\nThe response body:\n%(body)s") def __init__(self, *args, **kwargs): self.retry_after = (int(kwargs['retry']) if kwargs.get('retry') else None) super(LimitExceeded, self).__init__(*args, **kwargs)
def remove(self, resource_type): try: self.db_api.metadef_resource_type_association_delete( self.context, resource_type.namespace.namespace, resource_type.name) except (exception.NotFound, exception.Forbidden): msg = _("The specified resource type %s could not be found ") raise exception.NotFound(msg % resource_type.name)
def get_plugin_from_strategy(strategy, creds=None, insecure=False, configure_via_auth=True): if strategy == 'noauth': return NoAuthStrategy() elif strategy == 'keystone': return KeystoneStrategy(creds, insecure, configure_via_auth=configure_via_auth) else: raise Exception(_("Unknown auth strategy '%s'") % strategy)
def min_properties(self, value): self._min_properties = value if value is not None: self._add_validator('min_properties', lambda v: len(v) >= self._min_properties, _('Dictionary size is less than ' 'minimum')) else: self._remove_validator('min_properties')
def max_value(self, value): """Sets the maximum allowed value""" self._max_value = value if value is not None: self._add_validator('max_value', lambda v: v <= self._max_value, _('Value is greater than maximum')) else: self._remove_validator('max_value') self._check_definition()
def save(self, task): task_values = self._format_task_to_db(task) try: updated_values = self.db_api.task_update(self.context, task.task_id, task_values) except (exception.NotFound, exception.Forbidden): msg = _('Could not find task %s') % task.task_id raise exception.NotFound(msg) task.updated_at = updated_values['updated_at']
def __set__(self, instance, value, ignore_mutability=False): if instance: if self.prop.readonly: if hasattr(instance, '_' + self.prop.name): raise exc.InvalidArtifactPropertyValue( _('Attempt to set readonly property')) if not self.prop.mutable: if (hasattr(instance, '__is_mutable__') and not hasattr( instance, '__suspend_mutability_checks__')): mutable = instance.__is_mutable__() or ignore_mutability if not mutable: raise exc.InvalidArtifactPropertyValue( _('Attempt to set value of immutable property')) if value is not None and self.collection_wrapper_class: value = self.collection_wrapper_class(value) value.property = self.prop self.prop.validate(value) setattr(instance, '_' + self.prop.name, value)
def min_value(self, value): """Sets the minimum allowed value""" self._min_value = value if value is not None: self._add_validator('min_value', lambda v: v >= self._min_value, _('Value is less than minimum')) else: self._remove_validator('min_value') self._check_definition()
def _get_base_properties(): return { 'name': { 'type': 'string', 'description': _('Resource type names should be aligned with Heat ' 'resource types whenever possible: ' 'http://docs.openstack.org/developer/heat/' 'template_guide/openstack.html'), 'maxLength': 80, }, 'prefix': { 'type': 'string', 'description': _('Specifies the prefix to use for the given ' 'resource type. Any properties in the namespace ' 'should be prefixed with this prefix when being ' 'applied to the specified resource type. Must ' 'include prefix separator (e.g. a colon :).'), 'maxLength': 80, }, 'properties_target': { 'type': 'string', 'description': _('Some resource types allow more than one key / ' 'value pair per instance. For example, Cinder ' 'allows user and image metadata on volumes. Only ' 'the image properties metadata is evaluated by ' 'Nova (scheduling or drivers). This property ' 'allows a namespace target to remove the ' 'ambiguity.'), 'maxLength': 80, }, "created_at": { "type": "string", "readOnly": True, "description": _("Date and time of resource type association"), "format": "date-time" }, "updated_at": { "type": "string", "readOnly": True, "description": _("Date and time of the last resource type " "association modification"), "format": "date-time" } }
def locations(self, value): if not isinstance(value, (list, ImageLocationsProxy)): raise exception.Invalid(_('Invalid locations: %s') % value) self.policy.enforce(self.context, 'set_image_location', self.target) new_locations = list(value) if (set([loc['url'] for loc in self.image.locations]) - set([loc['url'] for loc in new_locations])): self.policy.enforce(self.context, 'delete_image_location', self.target) self.image.locations = new_locations
def set_eventlet_hub(): try: eventlet.hubs.use_hub('poll') except Exception: try: eventlet.hubs.use_hub('selects') except Exception: msg = _("eventlet 'poll' nor 'selects' hubs are available " "on this platform") raise exception.WorkerCreationFailure(reason=msg)
def main(): CONF.register_cli_opt(command_opt) if len(sys.argv) < 2: script_name = sys.argv[0] print("%s category action [<args>]" % script_name) print(_("Available categories:")) for category in CATEGORIES: print(_("\t%s") % category) sys.exit(2) try: logging.register_options(CONF) cfg_files = cfg.find_config_files(project='xmonitor', prog='xmonitor-registry') cfg_files.extend( cfg.find_config_files(project='xmonitor', prog='xmonitor-api')) cfg_files.extend( cfg.find_config_files(project='xmonitor', prog='xmonitor-manage')) config.parse_args(default_config_files=cfg_files) config.set_config_defaults() logging.setup(CONF, 'xmonitor') except RuntimeError as e: sys.exit("ERROR: %s" % e) try: if CONF.command.action.startswith('db'): return CONF.command.action_fn() else: func_kwargs = {} for k in CONF.command.action_kwargs: v = getattr(CONF.command, 'action_kwarg_' + k) if v is None: continue if isinstance(v, six.string_types): v = encodeutils.safe_decode(v) func_kwargs[k] = v func_args = [ encodeutils.safe_decode(arg) for arg in CONF.command.action_args ] return CONF.command.action_fn(*func_args, **func_kwargs) except exception.GlanceException as e: sys.exit("ERROR: %s" % encodeutils.exception_to_unicode(e))
def new_image(self, **kwargs): owner = kwargs.pop('owner', self.context.owner) if not self.context.is_admin: if owner is None or owner != self.context.owner: message = _("You are not permitted to create images " "owned by '%s'.") raise exception.Forbidden(message % owner) return super(ImageFactoryProxy, self).new_image(owner=owner, **kwargs)
def new_object(self, **kwargs): owner = kwargs.pop('owner', self.context.owner) if not self.context.is_admin: if owner is None or owner != self.context.owner: message = _("You are not permitted to create object " "owned by '%s'") raise exception.Forbidden(message % (owner)) return super(MetadefObjectFactoryProxy, self).new_object(**kwargs)
def _validate_limit(self, limit): if limit is None: return self._max_limit_number try: limit = int(limit) except ValueError: msg = _("Limit param must be an integer") raise webob.exc.HTTPBadRequest(explanation=msg) if limit < 0: msg = _("Limit param must be positive") raise webob.exc.HTTPBadRequest(explanation=msg) if limit > self._max_limit_number: msg = _("Limit param" " must not be higher than %d") % self._max_limit_number raise webob.exc.HTTPBadRequest(explanation=msg) return limit
def update(self, request): changes = [] content_types = { 'application/openstack-images-v2.0-json-patch': 4, 'application/openstack-images-v2.1-json-patch': 10, } if request.content_type not in content_types: headers = {'Accept-Patch': ', '.join(sorted(content_types.keys()))} raise webob.exc.HTTPUnsupportedMediaType(headers=headers) json_schema_version = content_types[request.content_type] body = self._get_request_body(request) if not isinstance(body, list): msg = _('Request body must be a JSON array of operation objects.') raise webob.exc.HTTPBadRequest(explanation=msg) for raw_change in body: if not isinstance(raw_change, dict): msg = _('Operations must be JSON objects.') raise webob.exc.HTTPBadRequest(explanation=msg) (op, path) = self._parse_json_schema_change(raw_change, json_schema_version) # NOTE(zhiyan): the 'path' is a list. self._validate_path(op, path) change = { 'op': op, 'path': path, 'json_schema_version': json_schema_version } if not op == 'remove': change['value'] = self._get_change_value(raw_change, op) self._validate_change(change) changes.append(change) return {'changes': changes}
def _do_add_locations(self, image, path_pos, value): if CONF.show_multiple_locations == False: msg = _("It's not allowed to add locations if locations are " "invisible.") raise webob.exc.HTTPForbidden(explanation=msg) pos = self._get_locations_op_pos(path_pos, len(image.locations), True) if pos is None: msg = _("Invalid position for adding a location.") raise webob.exc.HTTPBadRequest(explanation=msg) try: image.locations.insert(pos, value) if image.status == 'queued': image.status = 'active' except (exception.BadStoreUri, exception.DuplicateLocation) as e: raise webob.exc.HTTPBadRequest(explanation=e.msg) except ValueError as e: # update image status failed. raise webob.exc.HTTPBadRequest( explanation=encodeutils.exception_to_unicode(e))
def get_active_image_meta_or_error(self, request, image_id): """ Same as get_image_meta_or_404 except that it will raise a 403 if the image is deactivated or 404 if the image is otherwise not 'active'. """ image = self.get_image_meta_or_404(request, image_id) if image['status'] == 'deactivated': LOG.debug("Image %s is deactivated", image_id) msg = _("Image %s is deactivated") % image_id raise webob.exc.HTTPForbidden(msg, request=request, content_type='text/plain') if image['status'] != 'active': LOG.debug("Image %s is not active", image_id) msg = _("Image %s is not active") % image_id raise webob.exc.HTTPNotFound(msg, request=request, content_type='text/plain') return image
def save(self, artifact): artifact_values = serialization.serialize_for_db(artifact) try: db_api_artifact = self.db_api.artifact_update( self.context, artifact_values, artifact.id, artifact.type_name, artifact.type_version) except (exception.ArtifactNotFound, exception.ArtifactForbidden): msg = _("No artifact found with ID %s") % artifact.id raise exception.ArtifactNotFound(msg) return serialization.deserialize_from_db(db_api_artifact, self.plugins)
def publish(self, artifact): try: artifact_changed = (self.db_api.artifact_publish( self.context, artifact.id, artifact.type_name, artifact.type_version)) return serialization.deserialize_from_db(artifact_changed, self.plugins) except (exception.NotFound, exception.Forbidden): msg = _("No artifact found with ID %s") % artifact.id raise exception.ArtifactNotFound(msg)
def get(self, namespace, name): try: namespace_entity = self.meta_namespace_repo.get(namespace) db_metadata_tag = self.db_api.metadef_tag_get( self.context, namespace, name) except (exception.NotFound, exception.Forbidden): msg = _('Could not find metadata tag %s') % name raise exception.NotFound(msg) return self._format_metadef_tag_from_db(db_metadata_tag, namespace_entity)
def get(self, namespace, property_name): try: namespace_entity = self.meta_namespace_repo.get(namespace) db_property_type = self.db_api.metadef_property_get( self.context, namespace, property_name) except (exception.NotFound, exception.Forbidden): msg = _('Could not find property %s') % property_name raise exception.NotFound(msg) return self._format_metadef_property_from_db(db_property_type, namespace_entity)