def post(self, listener):
"""Creates a listener on a load balancer."""
context = pecan.request.context.get('octavia_context')
listener.project_id = self._get_lb_project_id(context.session,
self.load_balancer_id)
lock_session = db_api.get_session(autocommit=False)
if self.repositories.check_quota_met(context.session, lock_session,
data_models.Listener,
listener.project_id):
lock_session.rollback()
raise exceptions.QuotaException
try:
self._secure_data(listener)
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), self.load_balancer_id)
if listener_dict['default_pool_id']:
self._validate_pool(lock_session,
listener_dict['default_pool_id'])
self._test_lb_and_listener_statuses(lock_session)
# NOTE(blogan): Throwing away because we should not store
# secure data in the database nor should we send it to a handler.
if 'tls_termination' in listener_dict:
del listener_dict['tls_termination']
# This is the extra validation layer for wrong protocol or
# duplicate listeners on the same load balancer.
db_listener = self._validate_listener(lock_session, listener_dict)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
return self._send_listener_to_handler(context.session, db_listener)
def _graph_create(self, lock_session, listener_dict,
l7policies=None, pool_name_ids=None):
load_balancer_id = listener_dict['load_balancer_id']
listener_dict = db_prepare.create_listener(
listener_dict, load_balancer_id)
l7policies = listener_dict.pop('l7policies', l7policies)
if listener_dict.get('default_pool_id'):
self._validate_pool(lock_session, load_balancer_id,
listener_dict['default_pool_id'],
listener_dict['protocol'])
db_listener = self._validate_create_listener(
lock_session, listener_dict)
# Now create l7policies
new_l7ps = []
for l7p in l7policies:
l7p['project_id'] = db_listener.project_id
l7p['load_balancer_id'] = load_balancer_id
l7p['listener_id'] = db_listener.id
redirect_pool = l7p.pop('redirect_pool', None)
if redirect_pool:
pool_name = redirect_pool['name']
pool_id = pool_name_ids.get(pool_name)
if not pool_id:
raise exceptions.SingleCreateDetailsMissing(
type='Pool', name=pool_name)
l7p['redirect_pool_id'] = pool_id
new_l7ps.append(l7policy.L7PolicyController()._graph_create(
lock_session, l7p))
db_listener.l7policies = new_l7ps
return db_listener
def post(self, listener_):
"""Creates a listener on a load balancer."""
listener = listener_.listener
context = pecan.request.context.get('octavia_context')
load_balancer_id = listener.loadbalancer_id
listener.project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, listener.project_id,
constants.RBAC_POST)
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_quota_met(context.session, lock_session,
data_models.Listener,
listener.project_id):
raise exceptions.QuotaException(
resource=data_models.Listener._name())
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), None)
if listener_dict['default_pool_id']:
self._validate_pool(context.session, load_balancer_id,
listener_dict['default_pool_id'],
listener.protocol)
self._test_lb_and_listener_statuses(lock_session,
lb_id=load_balancer_id)
db_listener = self._validate_create_listener(
lock_session, listener_dict)
# Prepare the data for the driver data model
provider_listener = (
driver_utils.db_listener_to_provider_listener(db_listener))
# re-inject the sni container references lost due to SNI
# being a separate table in the DB
provider_listener.sni_container_refs = listener.sni_container_refs
# Dispatch to the driver
LOG.info("Sending create Listener %s to provider %s",
db_listener.id, driver.name)
driver_utils.call_provider(driver.name, driver.listener_create,
provider_listener)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
db_listener = self._get_db_listener(context.session, db_listener.id)
result = self._convert_db_to_type(db_listener,
listener_types.ListenerResponse)
return listener_types.ListenerRootResponse(listener=result)
def _graph_create(self, lock_session, listener_dict,
l7policies=None, pool_name_ids=None):
load_balancer_id = listener_dict['load_balancer_id']
listener_dict = db_prepare.create_listener(
listener_dict, load_balancer_id)
l7policies = listener_dict.pop('l7policies', l7policies)
if listener_dict.get('default_pool_id'):
self._validate_pool(lock_session, load_balancer_id,
listener_dict['default_pool_id'],
listener_dict['protocol'])
db_listener = self._validate_create_listener(
lock_session, listener_dict)
# Now create l7policies
new_l7ps = []
for l7p in l7policies:
l7p['project_id'] = db_listener.project_id
l7p['load_balancer_id'] = load_balancer_id
l7p['listener_id'] = db_listener.id
redirect_pool = l7p.pop('redirect_pool', None)
if redirect_pool:
pool_name = redirect_pool['name']
pool_id = pool_name_ids.get(pool_name)
if not pool_id:
raise exceptions.SingleCreateDetailsMissing(
type='Pool', name=pool_name)
l7p['redirect_pool_id'] = pool_id
new_l7ps.append(l7policy.L7PolicyController()._graph_create(
lock_session, l7p))
db_listener.l7policies = new_l7ps
return db_listener
def _graph_create(self,
session,
lock_session,
listener_dict,
l7policies=None,
pool_name_ids=None):
load_balancer_id = listener_dict['load_balancer_id']
listener_dict = db_prepare.create_listener(listener_dict,
load_balancer_id)
l7policies = listener_dict.pop('l7policies', l7policies)
if listener_dict.get('default_pool_id'):
self._validate_pool(lock_session, load_balancer_id,
listener_dict['default_pool_id'],
listener_dict['protocol'])
db_listener = self._validate_create_listener(lock_session,
listener_dict)
# Check cluster quotas for l7policies.
if l7policies and self.repositories.check_clusterquota_met(
lock_session,
data_models.L7Policy,
base_res_id=db_listener.id,
count=len(l7policies)):
raise exceptions.ClusterQuotaException(
resource=data_models.L7Policy._name())
# Check quotas for l7policies.
if l7policies and self.repositories.check_quota_met(
session,
lock_session,
data_models.L7Policy,
db_listener.project_id,
count=len(l7policies)):
raise exceptions.ClusterQuotaException(
resource=data_models.L7Policy._name())
# Now create l7policies
new_l7ps = []
for l7p in l7policies:
l7p['project_id'] = db_listener.project_id
l7p['load_balancer_id'] = load_balancer_id
l7p['listener_id'] = db_listener.id
redirect_pool = l7p.pop('redirect_pool', None)
if redirect_pool:
pool_name = redirect_pool['name']
pool_id = pool_name_ids.get(pool_name)
if not pool_id:
raise exceptions.SingleCreateDetailsMissing(type='Pool',
name=pool_name)
l7p['redirect_pool_id'] = pool_id
new_l7ps.append(l7policy.L7PolicyController()._graph_create(
session, lock_session, l7p))
db_listener.l7policies = new_l7ps
return db_listener
def post(self, listener):
"""Creates a listener on a load balancer."""
self._secure_data(listener)
context = pecan.request.context.get('octavia_context')
listener_dict = db_prepare.create_listener(
listener.to_dict(), self.load_balancer_id)
if listener_dict['default_pool_id']:
self._validate_pool(context.session,
listener_dict['default_pool_id'])
self._test_lb_and_listener_statuses(context.session)
# NOTE(blogan): Throwing away because we should not store secure data
# in the database nor should we send it to a handler.
if 'tls_termination' in listener_dict:
del listener_dict['tls_termination']
# This is the extra validation layer for wrong protocol or duplicate
# listeners on the same load balancer.
return self._validate_listener(context.session, listener_dict)
def post(self, listener):
"""Creates a listener on a load balancer."""
self._secure_data(listener)
context = pecan.request.context.get('octavia_context')
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), self.load_balancer_id)
if listener_dict['default_pool_id']:
self._validate_pool(context.session,
listener_dict['default_pool_id'])
self._test_lb_and_listener_statuses(context.session)
# NOTE(blogan): Throwing away because we should not store secure data
# in the database nor should we send it to a handler.
if 'tls_termination' in listener_dict:
del listener_dict['tls_termination']
# This is the extra validation layer for wrong protocol or duplicate
# listeners on the same load balancer.
return self._validate_listener(context.session, listener_dict)
def post(self, listener_):
"""Creates a listener on a load balancer."""
listener = listener_.listener
context = pecan.request.context.get('octavia_context')
load_balancer_id = listener.loadbalancer_id
listener.project_id = self._get_lb_project_id(
context.session, load_balancer_id)
self._auth_validate_action(context, listener.project_id,
constants.RBAC_POST)
if (not CONF.api_settings.allow_tls_terminated_listeners and
listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS):
raise exceptions.DisabledOption(
value=constants.PROTOCOL_TERMINATED_HTTPS, option='protocol')
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_quota_met(
context.session,
lock_session,
data_models.Listener,
listener.project_id):
raise exceptions.QuotaException
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), None)
if listener_dict['default_pool_id']:
self._validate_pool(context.session, load_balancer_id,
listener_dict['default_pool_id'])
self._test_lb_and_listener_statuses(
lock_session, lb_id=load_balancer_id)
db_listener = self._validate_create_listener(
lock_session, load_balancer_id, listener_dict)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
return self._send_listener_to_handler(context.session, db_listener)
def post(self, listener_):
"""Creates a listener on a load balancer."""
listener = listener_.listener
context = pecan.request.context.get('octavia_context')
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), None)
load_balancer_id = listener_dict['load_balancer_id']
listener_dict['project_id'] = self._get_lb_project_id(
context.session, load_balancer_id)
if listener_dict['default_pool_id']:
self._validate_pool(context.session, load_balancer_id,
listener_dict['default_pool_id'])
self._test_lb_and_listener_statuses(context.session, load_balancer_id)
# This is the extra validation layer for wrong protocol or duplicate
# listeners on the same load balancer.
db_listener = self._validate_listener(context.session,
load_balancer_id, listener_dict)
return self._send_listener_to_handler(context.session, db_listener)
def post(self, listener_):
"""Creates a listener on a load balancer."""
listener = listener_.listener
context = pecan.request.context.get('octavia_context')
load_balancer_id = listener.loadbalancer_id
listener.project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, listener.project_id,
constants.RBAC_POST)
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_quota_met(
context.session,
lock_session,
data_models.Listener,
listener.project_id):
raise exceptions.QuotaException(
resource=data_models.Listener._name())
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), None)
if listener_dict['default_pool_id']:
self._validate_pool(context.session, load_balancer_id,
listener_dict['default_pool_id'],
listener.protocol)
self._test_lb_and_listener_statuses(
lock_session, lb_id=load_balancer_id)
db_listener = self._validate_create_listener(
lock_session, listener_dict)
# Prepare the data for the driver data model
provider_listener = (
driver_utils.db_listener_to_provider_listener(db_listener))
# re-inject the sni container references lost due to SNI
# being a separate table in the DB
provider_listener.sni_container_refs = listener.sni_container_refs
# Dispatch to the driver
LOG.info("Sending create Listener %s to provider %s",
db_listener.id, driver.name)
driver_utils.call_provider(
driver.name, driver.listener_create, provider_listener)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
db_listener = self._get_db_listener(context.session, db_listener.id)
result = self._convert_db_to_type(db_listener,
listener_types.ListenerResponse)
return listener_types.ListenerRootResponse(listener=result)
def post(self, listener_):
"""Creates a listener on a load balancer."""
listener = listener_.listener
context = pecan.request.context.get('octavia_context')
load_balancer_id = listener.loadbalancer_id
listener.project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, listener.project_id,
constants.RBAC_POST)
if (listener.protocol == constants.PROTOCOL_UDP
and self._is_tls_or_insert_header(listener)):
raise exceptions.ValidationException(
detail=_("%s protocol listener does not support TLS or header "
"insertion.") % constants.PROTOCOL_UDP)
if (not CONF.api_settings.allow_tls_terminated_listeners
and listener.protocol == constants.PROTOCOL_TERMINATED_HTTPS):
raise exceptions.DisabledOption(
value=constants.PROTOCOL_TERMINATED_HTTPS, option='protocol')
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_clusterquota_met(
lock_session,
data_models.Listener,
base_res_id=load_balancer_id):
raise exceptions.ClusterQuotaException(
resource=data_models.Listener._name())
if self.repositories.check_quota_met(context.session, lock_session,
data_models.Listener,
listener.project_id):
raise exceptions.QuotaException(
resource=data_models.Listener._name())
listener_dict = db_prepare.create_listener(
listener.to_dict(render_unsets=True), None)
if listener_dict['default_pool_id']:
self._validate_pool(context.session, load_balancer_id,
listener_dict['default_pool_id'],
listener.protocol)
self._test_lb_and_listener_statuses(lock_session,
lb_id=load_balancer_id)
db_listener = self._validate_create_listener(
lock_session, listener_dict)
# Prepare the data for the driver data model
provider_listener = (
driver_utils.db_listener_to_provider_listener(db_listener))
# re-inject the sni container references lost due to SNI
# being a separate table in the DB
provider_listener.sni_container_refs = listener.sni_container_refs
# Dispatch to the driver
LOG.info("Sending create Listener %s to provider %s",
db_listener.id, driver.name)
driver_utils.call_provider(driver.name, driver.listener_create,
provider_listener)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
db_listener = self._get_db_listener(context.session, db_listener.id)
result = self._convert_db_to_type(db_listener,
listener_types.ListenerResponse)
return listener_types.ListenerRootResponse(listener=result)
