def initiate_account_merge(self, merge_user_email=''):
'''
Initiate merging two accounts
@throws BadRequest: A parameter is missing
@throws NotFound: Merge user email address is not found
@retval token_string: Token string that will be email to the user for verification
'''
if not merge_user_email:
raise BadRequest(
"initiate_account_merge: merge_user_email must be set")
# Find UserInfo of the account that needs to be merged into
merge_user_info = self.find_user_info_by_email(merge_user_email)
if not merge_user_info:
raise NotFound("initiate_account_merge: email address not found")
# Validate current user and the merger user are two different accounts
if self.find_user_info_by_id(
self._get_current_user_id())._id == merge_user_info._id:
raise BadRequest(
"initiate_account_merge: current and merge accounts are the same"
)
token_str = self._generate_token()
expire_time = calendar.timegm(
(datetime.utcnow() +
timedelta(days=2)).timetuple()) # Set token expire time
token = SecurityToken(token_string=token_str,
expires=expire_time,
status="OPEN",
merge_email=merge_user_email)
self._update_user_info_token(token)
return token_str
def add_org_role(self, org_id="", user_role=None):
"""Adds a UserRole to an Org, if the role by the specified
name does not exist.
"""
org_obj = self._validate_resource_id("org_id", org_id, RT.Org)
self._validate_resource_obj("user_role",
user_role,
RT.UserRole,
checks="noid,name")
if not is_basic_identifier(user_role.governance_name):
raise BadRequest("Invalid role governance_name")
user_role.org_governance_name = org_obj.org_governance_name
try:
self._find_org_role(org_id, user_role.governance_name)
raise BadRequest("Role '%s' is already associated with this Org" %
user_role.governance_name)
except NotFound:
pass
user_role_id, _ = self.rr.create(user_role)
self.rr.create_association(org_obj, PRED.hasRole, user_role_id)
return user_role_id
def check_password_policy(cls, password, id_provider=None):
"""Checks if given password passes the establshed password policy for identity provider"""
# TODO: Make configurable
if not password or type(password) is not str:
raise BadRequest("Invalid type")
if len(password) < 3:
raise BadRequest("Password too short")
def _create_association(self, subject=None, predicate=None, obj=None, support_bulk=False):
"""
Create an association between two IonObjects with a given predicate.
Supports bulk mode
"""
if self.bulk and support_bulk:
if not subject or not predicate or not obj:
raise BadRequest("Association must have all elements set: %s/%s/%s" % (subject, predicate, obj))
if isinstance(subject, basestring):
subject = self._get_resource_obj(subject)
if "_id" not in subject:
raise BadRequest("Subject id not available")
subject_id = subject._id
st = subject.type_
if isinstance(obj, basestring):
obj = self._get_resource_obj(obj)
if "_id" not in obj:
raise BadRequest("Object id not available")
object_id = obj._id
ot = obj.type_
assoc_id = create_unique_association_id()
assoc_obj = IonObject("Association",
s=subject_id, st=st,
p=predicate,
o=object_id, ot=ot,
ts=get_ion_ts())
assoc_obj._id = assoc_id
self.bulk_associations[assoc_id] = assoc_obj
return assoc_id, '1-norev'
else:
return self.rr.create_association(subject, predicate, obj)
def create_resource_access_policy(self,
resource_id='',
policy_name='',
description='',
policy_rule='',
ordinal=0):
"""Boilerplate operation for creating an access policy for a specific resource.
"""
if not resource_id:
raise BadRequest("The resource_id argument is missing")
if not policy_name:
raise BadRequest("The policy_name argument is missing")
if not description:
raise BadRequest("The description argument is missing")
if not policy_rule:
raise BadRequest("The policy_rule argument is missing")
policy_obj = IonObject(RT.Policy,
name=policy_name,
description=description,
policy_type=PolicyTypeEnum.RESOURCE_ACCESS,
definition=policy_rule,
ordinal=ordinal,
details=IonObject(
OT.ResourceAccessPolicyDetails,
resource_id=resource_id))
policy_id = self.create_policy(policy_obj)
self._add_resource_policy(resource_id, policy_id, publish_event=False)
return policy_id
def create_service_access_policy(self,
service_name='',
policy_name='',
description='',
policy_rule='',
ordinal=0):
"""Boilerplate operation for creating an access policy for a specific service.
"""
if not service_name:
raise BadRequest("The service_name argument is missing")
if not policy_name:
raise BadRequest("The policy_name argument is missing")
if not description:
raise BadRequest("The description argument is missing")
if not policy_rule:
raise BadRequest("The policy_rule argument is missing")
policy_obj = IonObject(RT.Policy,
name=policy_name,
description=description,
policy_type=PolicyTypeEnum.SERVICE_ACCESS,
definition=policy_rule,
ordinal=ordinal,
details=IonObject(OT.ServiceAccessPolicyDetails,
service_name=service_name))
return self.create_policy(policy_obj)
def on_start(self):
op = self.CFG.get("op", None)
log.info("LoadSystemPolicy: {op=%s}" % op)
if op:
if op == "load":
self.op_load_system_policies(self)
else:
raise BadRequest("Operation unknown")
else:
raise BadRequest("No operation specified")
def define_identity_details(self, actor_id='', identity_details=None):
actor_obj = self._validate_resource_id("actor_id", actor_id,
RT.ActorIdentity)
if not identity_details:
raise BadRequest("Invalid argument identity_details")
if actor_obj.details:
if actor_obj.details.type_ != identity_details.type_:
raise BadRequest("Type for identity_details does not match")
actor_obj.details = identity_details
self.update_actor_identity(actor_obj)
def query_view(self, view_id='', view_name='', ext_query=None, id_only=True, search_args=None):
"""Execute an existing query as defined within a View resource, providing additional arguments for
parameterized values.
If ext_query is provided, it will be combined with the query defined by the View.
Search_args may contain parameterized values.
Returns a list of resource or event objects or their IDs only.
"""
if not view_id and not view_name:
raise BadRequest("Must provide argument view_id or view_name")
if view_id and view_name:
raise BadRequest("Cannot provide both arguments view_id and view_name")
if view_id:
view_obj = self.clients.resource_registry.read(view_id)
else:
view_obj = self.ds_discovery.get_builtin_view(view_name)
if not view_obj:
view_objs, _ = self.clients.resource_registry.find_resources(restype=RT.View, name=view_name)
if not view_objs:
raise NotFound("View with name '%s' not found" % view_name)
view_obj = view_objs[0]
if view_obj.type_ != RT.View:
raise BadRequest("Argument view_id is not a View resource")
view_query = view_obj.view_definition
if not QUERY_EXP_KEY in view_query:
raise BadRequest("Unknown View query format")
# Get default query params and override them with provided args
param_defaults = {param.name: param.default for param in view_obj.view_parameters}
query_params = param_defaults
if view_obj.param_values:
query_params.update(view_obj.param_values)
if search_args:
query_params.update(search_args)
# Merge ext_query into query
if ext_query:
if ext_query["where"] and view_query["where"]:
view_query["where"] = [DQ.EXP_AND, [view_query["where"], ext_query["where"]]]
else:
view_query["where"] = view_query["where"] or ext_query["where"]
if ext_query["order_by"]:
# Override ordering if present
view_query["where"] = ext_query["order_by"]
# Other query settings
view_qargs = view_query["query_args"]
ext_qargs = ext_query["query_args"]
view_qargs["id_only"] = ext_qargs.get("id_only", view_qargs["id_only"])
view_qargs["limit"] = ext_qargs.get("limit", view_qargs["limit"])
view_qargs["skip"] = ext_qargs.get("skip", view_qargs["skip"])
return self._discovery_request(view_query, id_only=id_only,
search_args=search_args, query_params=query_params)
def _prune_dataset(self, data_file):
if not self.prune_mode:
return
if self.prune_mode == "max_age_rel":
# Prunes if first timestamp older than trigger compared to most recent timestamp
trigger_age = float(self.pruning_attrs.get("trigger_age", 0))
retain_age = float(self.pruning_attrs.get("retain_age", 0))
if trigger_age <= 0.0 or retain_age <= 0.0 or trigger_age < retain_age:
raise BadRequest("Bad pruning trigger_age or retain_age")
var_ds = data_file["vars/%s" % self.time_var]
cur_idx = var_ds.attrs["cur_row"]
if not len(var_ds) or not cur_idx:
return
min_ts = NTP4Time.from_ntp64(var_ds[0].tostring()).to_unix()
max_ts = NTP4Time.from_ntp64(var_ds[cur_idx -
1].tostring()).to_unix()
if min_ts + trigger_age >= max_ts:
return
# Find the first index that is lower or equal to retain_age and delete gap
start_time = (max_ts - retain_age) * 1000
log.info("PRUNING dataset now: mode=%s, start_time=%s",
self.prune_mode, int(start_time))
copy_filename = self._get_data_copy(
data_file, data_filter=dict(start_time=start_time))
elif self.prune_mode == "max_age_abs":
# Prunes if first timestamp older than trigger compared to current timestamp
raise NotImplementedError()
elif self.prune_mode == "max_rows":
raise NotImplementedError()
elif self.prune_mode == "max_size":
raise NotImplementedError()
else:
raise BadRequest("Invalid prune_mode: %s" % self.prune_mode)
if not copy_filename:
return
# Do the replace of data file with the copy.
# Make sure to heed race conditions so that waiting processes won't lock the file first
ds_filename = self._get_ds_filename()
ds_filename_bak = ds_filename + ".bak"
if os.path.exists(ds_filename_bak):
os.remove(ds_filename_bak)
data_file.close(
) # Note: Inter-process race condition possible because close removes the lock
shutil.move(ds_filename, ds_filename_bak)
shutil.move(
copy_filename,
ds_filename) # Note: There may be a cross-device-link error here
# os.remove(ds_filename_bak)
log.info("Pruning successful. Replaced dataset with pruned file.")
return True
def _update_user_info_token(self, token=""):
if not token:
raise BadRequest("_update_user_info_token: token must be set")
ion_actor_id = self._get_current_user_id()
if ion_actor_id:
current_user_info = self.find_user_info_by_id(ion_actor_id)
current_user_info.tokens.append(token)
self.update_user_info(current_user_info)
else:
raise BadRequest(
"_update_user_info_token: Current UserInfo not found")
def read_negotiation(self, sap=None):
if sap is None or (sap.type_ != OT.ServiceAgreementProposal and not issubtype(sap.type_, OT.ServiceAgreementProposal)):
raise BadRequest('The sap parameter must be a valid Service Agreement Proposal object')
if not sap.negotiation_id:
raise BadRequest('The Service Agreement Proposal object (sap) is missing a negotiation_id value')
neg_obj = self.service_provider.clients.resource_registry.read(sap.negotiation_id)
return neg_obj
def _validate_user_role(self, arg_name, role_name, org_id):
"""
Check that the given argument is a resource id, by retrieving the resource from the
resource registry. Additionally checks type and returns the result object
"""
if not role_name:
raise BadRequest("The argument '%s' is missing" % arg_name)
if not org_id:
raise BadRequest("The argument 'org_id' is missing")
user_role = self._find_org_role(org_id, role_name)
return user_role
def terminate_agent(self):
if self.process_id:
Container.instance.terminate_process(self.process_id)
elif self.resource_id:
ac = StreamingAgentClient(self.resource_id)
proc_id = ac.get_agent_process_id()
if proc_id in Container.instance.proc_manager.procs:
Container.instance.terminate_process(proc_id)
else:
raise BadRequest("Cannot terminate agent locally")
else:
raise BadRequest("Cannot terminate agent")
def _find_org_role(self, org_id="", role_name=""):
if not org_id:
raise BadRequest("The org_id argument is missing")
if not role_name:
raise BadRequest("The role_name argument is missing")
# Iterating (vs. query) is just fine, because the number of org roles is sufficiently small
org_roles = self._list_org_roles(org_id)
for role in org_roles:
if role.governance_name == role_name:
return role
raise NotFound("Role %s not found in Org id=%s" % (role_name, org_id))
def update_authentication_token(self, token=None):
"""Updates the given token.
"""
if not isinstance(token, SecurityToken):
raise BadRequest("Illegal argument type: token")
if token.token_type != TokenTypeEnum.ACTOR_AUTH:
raise BadRequest("Argument token: Illegal type")
cur_time = get_ion_ts_millis()
token_exp = int(token.expires)
if token_exp > cur_time + 1000 * MAX_TOKEN_VALIDITY:
raise BadRequest("Argument token: Maximum expiry extended")
self.container.object_store.update(token)
def create_catalog_view(self, view_name='', description='', fields=None, order=None, filters=''):
"""Creates a view which has the specified search fields, the order in which the search fields are presented
to a query and a term filter.
@param view_name Name of the view
@param description Simple descriptive sentence
@param fields Search fields
@param order List of fields to determine order of precendence in which the results are presented
@param filters Simple term filter
"""
res, _ = self.clients.resource_registry.find_resources(name=view_name, id_only=True)
if len(res) > 0:
raise BadRequest('The view resource with name: %s, already exists.' % view_name)
#======================
# Arg Validations
#======================
validate_is_instance(fields,list, 'Specified fields must be a list.')
validate_true(len(fields)>0, 'Specfied fields must be a list.')
if order is not None:
validate_is_instance(order,list, 'Specified order must be a list of fields')
for field in order:
if not field in fields:
raise BadRequest('The specified ordering field was not part of the search fields.')
fields = set(fields) # Convert fields to a set for aggregation across the catalogs
#======================================================================================================
# Priorty Queue Index Matching
#======================================================================================================
pq = [] # Priority queue for matching
catalog_id = None
catalogs, _ = self.clients.resource_registry.find_resources(restype=RT.Catalog, id_only=False)
for catalog in catalogs:
if set(catalog.catalog_fields).issubset(fields):
index_num = len(self.clients.catalog_management.list_indexes(catalog._id))
heapq.heappush(pq, (index_num,catalog))
if pq:
weight, catalog = heapq.heappop(pq)
if weight < 4:
catalog_id = catalog._id
if catalog_id is None:
catalog_id = self.clients.catalog_management.create_catalog('%s_catalog'% view_name, keywords=list(fields))
view_res = View(name=view_name, description=description)
view_res.order = order
view_res.filters = filters
view_id, _ = self.clients.resource_registry.create(view_res)
self.clients.resource_registry.create_association(subject=view_id, predicate=PRED.hasCatalog,object=catalog_id)
return view_id
def _make_service_request(self,
service_name=None,
operation=None,
id_param=None):
"""
Executes a secure call to a SciON service operation via messaging.
"""
if not service_name:
if self.develop_mode:
# Return a list of available services
result = dict(
available_services=get_service_registry().services.keys())
return result
else:
raise BadRequest("Service name missing")
service_name = str(service_name)
if not operation:
if self.develop_mode:
# Return a list of available operations
result = dict(available_operations=[])
return result
else:
raise BadRequest("Service operation missing")
operation = str(operation)
# Apply service white list and black list for initial protection and get service client
service_def = self.get_secure_service_def(service_name)
target_client = service_def.client
# Get service request arguments and operation parameter values request
req_args = self._get_request_args()
param_list = self.create_parameter_list(service_def, operation,
req_args, id_param)
# Validate requesting user and expiry and add governance headers
ion_actor_id, expiry = self.get_governance_info_from_request(req_args)
in_login_whitelist = self.in_login_whitelist("request", service_name,
operation)
ion_actor_id, expiry = self.validate_request(
ion_actor_id, expiry, in_whitelist=in_login_whitelist)
param_list["headers"] = self.build_message_headers(
ion_actor_id, expiry)
# Make service operation call
client = target_client(process=self.process)
method_call = getattr(client, operation)
result = method_call(**param_list)
return result
def delete_resource_type(self, resource_type_id='', object_type_id=''):
"""method docstring
"""
# Return Value
# ------------
# {success: true}
#
if not resource_type_id:
raise BadRequest("The resource_type_id parameter is missing")
if not object_type_id:
raise BadRequest("The object_type_id parameter is missing")
association_id = self.clients.resource_registry.get_association(resource_type_id, PRED.hasObjectType, object_type_id)
self.clients.resource_registry.delete_association(association_id)
return self.clients.resource_registry.delete(resource_type_id)
def _process_cmd_createassoc(resource_id, res_obj=None):
pred = get_arg("pred", None)
direction = get_arg("dir", None)
if not all([pred, direction]):
raise BadRequest("Must provide all arguments")
rid2 = get_arg("rid2", None)
if not rid2:
raise BadRequest("Must provide target resource id")
rid2_obj = Container.instance.resource_registry.read(rid2)
if direction == "from":
Container.instance.resource_registry.create_association(rid2, pred, resource_id)
elif direction == "to":
Container.instance.resource_registry.create_association(resource_id, pred, rid2)
return "OK"
def update_resource(self, resource=None):
"""Updates an existing resource via the configured service operation.
"""
if not isinstance(resource, Resource):
raise BadRequest("Can only update resources, not type %s" %
type(resource))
res_type = resource._get_type()
res_interface = self._get_type_interface(res_type)
if not 'update' in res_interface:
raise BadRequest("Resource type %s does not support: UPDATE" %
res_type)
self._call_crud(res_interface['update'], resource, None, res_type)
def create_policy(self, policy=None):
"""Persists the provided Policy object. Returns the policy id.
"""
self._validate_resource_obj("policy",
policy,
RT.Policy,
checks="noid,name")
if not is_basic_identifier(policy.name):
raise BadRequest(
"The policy name '%s' can only contain alphanumeric and underscore characters"
% policy.name)
try:
# If there is a policy_rule field then try to add the policy name and description to the rule text
if policy.definition:
rule_tokens = dict(rule_id=policy.name,
description=policy.description)
policy.definition = policy.definition.format(**rule_tokens)
except Exception as e:
raise Inconsistent(
"Missing the elements in the policy rule to set the description: "
+ e.message)
policy_id, _ = self.clients.resource_registry.create(policy)
policy._id = policy_id
log.debug('Policy created: ' + policy.name)
self._publish_policy_event(policy)
return policy_id
def find_commitments(self,
org_id='',
resource_id='',
actor_id='',
exclusive=False,
include_expired=False):
"""Returns all commitments in specified org and optionally a given actor and/or optionally a given resource.
If exclusive == True, only return exclusive commitments.
"""
self._validate_resource_id("org_id", org_id, RT.Org, optional=True)
self._validate_resource_id("actor_id",
actor_id,
RT.ActorIdentity,
optional=True)
if not org_id and not resource_id and not actor_id:
raise BadRequest("Must restrict search for commitments")
if resource_id:
com_objs, _ = self.rr.find_subjects(RT.Commitment,
PRED.hasTarget,
resource_id,
id_only=False)
if actor_id:
com_objs = [c for c in com_objs if c.consumer == actor_id]
if org_id:
com_objs = [c for c in com_objs if c.provider == org_id]
elif actor_id:
com_objs, _ = self.rr.find_objects(actor_id,
PRED.hasCommitment,
RT.Commitment,
id_only=False)
if org_id:
com_objs = [c for c in com_objs if c.provider == org_id]
else:
com_objs, _ = self.rr.find_objects(org_id,
PRED.hasCommitment,
RT.Commitment,
id_only=False)
if exclusive:
com_objs = [
c for c in com_objs
if c.commitment.type_ == OT.ResourceCommitment
and c.commitment.exclusive
]
else:
com_objs = [
c for c in com_objs
if c.commitment.type_ != OT.ResourceCommitment or (
c.commitment.type_ == OT.ResourceCommitment
and not c.commitment.exclusive)
]
if not include_expired:
cur_time = get_ion_ts_millis()
com_objs = [
c for c in com_objs
if int(c.expiration) == 0 or cur_time < int(c.expiration)
]
return com_objs
def get_secure_service_def(self, service_name):
"""Checks whether the service indicated by given service_name exists and/or
is exposed after white and black listing. Returns service registry entry.
"""
if self.service_whitelist:
if service_name not in self.service_whitelist:
raise Unauthorized("Service access not permitted")
if self.service_blacklist:
if service_name in self.service_blacklist:
raise Unauthorized("Service access not permitted")
# Retrieve service definition
target_service = get_service_registry().get_service_by_name(
service_name)
if not target_service:
raise BadRequest("The requested service (%s) is not available" %
service_name)
if not target_service.client:
raise Inconsistent(
"Cannot find a client class for the specified service: %s" %
service_name)
if not target_service.schema:
raise Inconsistent(
"Cannot find a schema for the specified service: %s" %
service_name)
return target_service
def enroll_member(self, org_id="", actor_id=""):
"""Enrolls an actor into an Org so that they may find and negotiate to use
resources of the Org. Membership in the ION Org is implied by registration
with the system, so a membership association to the ION Org is not maintained.
"""
org_obj = self._validate_resource_id("org_id", org_id, RT.Org)
actor_obj = self._validate_resource_id("actor_id", actor_id,
RT.ActorIdentity)
if org_obj.name == self._get_root_org_name():
raise BadRequest(
"A request to enroll in the root ION Org is not allowed")
self.rr.create_association(org_obj, PRED.hasMember, actor_obj)
member_role = self.find_org_role_by_name(org_id, MEMBER_ROLE)
self._add_role_association(org_obj, actor_obj, member_role)
self.event_pub.publish_event(
event_type=OT.OrgMembershipGrantedEvent,
origin=org_id,
origin_type="Org",
description="The member has enrolled in the Org",
actor_id=actor_id,
org_name=org_obj.name)
def auth_external(self, username, ext_user_id, ext_id_provider="ext"):
"""
Given username and user identifier from an external identity provider (IdP),
retrieve actor_id and establish user session. Return user info from session.
Convention is that system local username is ext_id_provider + ":" + username,
e.g. "ext_johnbean"
Return NotFound if user not registered in system. Caller can react and create
a user account through the normal system means
@param username the user name the user recognizes.
@param ext_user_id a unique identifier coming from the external IdP
@param ext_id_provider identifies the external IdP service
"""
try:
if ext_user_id and ext_id_provider and username:
local_username = "******" % (ext_id_provider, username)
actor_id = self.idm_client.find_actor_identity_by_username(local_username)
user_info = self._set_server_session(actor_id, local_username)
return build_json_response(user_info)
else:
raise BadRequest("External user info missing")
except Exception:
return build_json_error()
def on_init(self):
self.ingestion_profile = self.CFG.get_safe(CONFIG_KEY + ".ingestion_profile", "default")
log.info("Ingestion starting using profile '%s'", self.ingestion_profile)
self.exchange_name = "ingestion_process"
self.ingestion_config = self.CFG.get_safe(CONFIG_KEY + ".profile_" + self.ingestion_profile) or {}
if not self.ingestion_config:
raise BadRequest("No config found for profile '%s'" % self.ingestion_profile)
plugin_cls = get_safe(self.ingestion_config, "plugin")
self.plugin = named_any(plugin_cls)(self)
log.info("Started ingestion plugin '%s'", plugin_cls)
self.persistence_formats = {}
self.persistence_objects = {}
self.default_persistence_format = get_safe(self.ingestion_config, "persist.persistence_format")
self._require_persistence_layer(self.default_persistence_format)
self.stream_sub = StreamSubscriber(process=self, exchange_name=self.exchange_name,
callback=self.process_package)
streams = get_safe(self.ingestion_config, "stream_subscriptions") or []
for stream in streams:
if isinstance(stream, list):
stream = StreamRoute(exchange_point=stream[0], routing_key=stream[1])
log.info("Ingestion subscribed to stream '%s'", stream)
self.stream_sub.add_stream_subscription(stream)
self.plugin.on_init()
self.stream_sub.start()
def cancel_member_enrollment(self, org_id="", actor_id=""):
"""Cancels the membership of a specific actor actor within the specified Org.
Once canceled, the actor will no longer have access to the resource of that Org.
"""
org_obj = self._validate_resource_id("org_id", org_id, RT.Org)
actor_obj = self._validate_resource_id("actor_id", actor_id,
RT.ActorIdentity)
if org_obj.name == self._get_root_org_name():
raise BadRequest(
"A request to cancel enrollment in the root ION Org is not allowed"
)
# First remove all associations to any roles
role_list = self.list_actor_roles(actor_id, org_id)
for user_role in role_list:
self._delete_role_association(org_obj, actor_obj, user_role)
# Finally remove the association to the Org
aid = self.rr.get_association(org_obj, PRED.hasMember, actor_obj)
if not aid:
raise NotFound(
"The membership association between the specified actor and Org is not found"
)
self.rr.delete_association(aid)
self.event_pub.publish_event(
event_type=OT.OrgMembershipCancelledEvent,
origin=org_id,
origin_type="Org",
description="The member has cancelled enrollment in the Org",
actor_id=actor_id,
org_name=org_obj.name)
def create_org(self, org=None):
"""Creates an Org based on the provided object. The id string returned
is the internal id by which Org will be identified in the data store.
"""
# Only allow one root ION Org in the system
self._validate_resource_obj("org",
org,
RT.Org,
checks="noid,name,unique")
# If this governance identifier is not set, then set to a safe version of the org name.
if not org.org_governance_name:
org.org_governance_name = create_basic_identifier(org.name)
if not is_basic_identifier(org.org_governance_name):
raise BadRequest(
"The Org org_governance_name '%s' contains invalid characters"
% org.org_governance_name)
org_id, _ = self.rr.create(org)
# Instantiate a Directory for this Org
directory = Directory(orgname=org.name)
# Instantiate initial set of User Roles for this Org
self._create_org_roles(org_id)
return org_id
def _get_typed_arg_value(self, given_value, param_def, strict):
"""Returns a service operation argument value, based on a given value and param schema definition.
"""
param_type = param_def["type"]
if isinstance(given_value, unicode):
# Convert all unicode to str in UTF-8
given_value = given_value.encode(
"utf8") # Make all unicode into str
if isinstance(given_value, IonObjectBase) and (
given_value._get_type() == param_type
or param_type in given_value._get_extends()):
return given_value
elif is_ion_object_dict(given_value) and (
param_type == "NoneType" or hasattr(objects, param_type)):
return self.create_ion_object(given_value)
elif param_type in ("str", "bool", "int", "float", "list", "dict",
"NoneType"):
arg_val = get_typed_value(given_value,
targettype=param_type,
strict=strict)
return arg_val
else:
raise BadRequest("Cannot convert param value to type %s" %
param_type)
