def _get_access_param(self, context, protocol, creds):
if const.PROTOCOL_SNMP in protocol:
if not uuidutils.is_uuid_like(creds):
access_parameters = db.get_snmp_cred_by_name_and_protocol(
context, creds, protocol)
else:
access_parameters = db.get_snmp_cred_by_id(context, creds)
else:
if not uuidutils.is_uuid_like(creds):
access_parameters = db.get_netconf_cred_by_name_and_protocol(
context, creds, protocol)
else:
access_parameters = db.get_netconf_cred_by_id(context, creds)
if not access_parameters:
raise webob.exc.HTTPBadRequest(
_("Credentials not found for Id or name: %s") % creds)
if isinstance(access_parameters, list) and len(access_parameters) > 1:
raise webob.exc.HTTPBadRequest(
_("Multiple credentials matches found "
"for name: %s, use an ID to be more specific.") % creds)
if isinstance(access_parameters, list):
access_parameters = access_parameters[0]
if access_parameters['protocol_type'] != protocol:
raise webob.exc.HTTPBadRequest(
_("Credentials not found for Id or name: %s") % creds)
return access_parameters
def _get_access_param(self, context, protocol, creds):
if const.PROTOCOL_SNMP in protocol:
if not uuidutils.is_uuid_like(creds):
access_parameters = db.get_snmp_cred_by_name_and_protocol(
context, creds, protocol)
else:
access_parameters = db.get_snmp_cred_by_id(context, creds)
else:
if not uuidutils.is_uuid_like(creds):
access_parameters = db.get_netconf_cred_by_name_and_protocol(
context, creds, protocol)
else:
access_parameters = db.get_netconf_cred_by_id(context, creds)
if not access_parameters:
raise webob.exc.HTTPBadRequest(
_("Credentials not found for Id or name: %s") % creds)
if isinstance(access_parameters, list) and len(access_parameters) > 1:
raise webob.exc.HTTPBadRequest(
_("Multiple credentials matches found "
"for name: %s, use an ID to be more specific.") % creds)
if isinstance(access_parameters, list):
access_parameters = access_parameters[0]
if access_parameters['protocol_type'] != protocol:
raise webob.exc.HTTPBadRequest(
_("Credentials not found for Id or name: %s") % creds)
return access_parameters
def show(self, request, id, **kwargs):
context = request.context
snmp_cred = db.get_snmp_cred_by_id(context, id)
netconf_cred = db.get_netconf_cred_by_id(context, id)
if snmp_cred:
cred = self._creds_to_show(snmp_cred)
elif netconf_cred:
cred = self._creds_to_show(netconf_cred)
else:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
return {const.BNP_CREDENTIAL_RESOURCE_NAME: cred}
def show(self, request, id, **kwargs):
context = request.context
snmp_cred = db.get_snmp_cred_by_id(context, id)
netconf_cred = db.get_netconf_cred_by_id(context, id)
if snmp_cred:
cred = self._creds_to_show(snmp_cred)
elif netconf_cred:
cred = self._creds_to_show(netconf_cred)
else:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
return {const.BNP_CREDENTIAL_RESOURCE_NAME: cred}
def delete(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
snmp_cred = db.get_snmp_cred_by_id(context, id)
netconf_cred = db.get_netconf_cred_by_id(context, id)
if snmp_cred:
db.delete_snmp_cred_by_id(context, id)
elif netconf_cred:
db.delete_netconf_cred_by_id(context, id)
else:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
def delete(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
filters = {"credentials": id}
switch_exists = db.get_if_bnp_phy_switch_exists(context, **filters)
if switch_exists:
raise webob.exc.HTTPConflict(
_("credential with id=%s is associated with a switch." "Hence can't be deleted.") % id
)
snmp_cred = db.get_snmp_cred_by_id(context, id)
netconf_cred = db.get_netconf_cred_by_id(context, id)
if snmp_cred:
db.delete_snmp_cred_by_id(context, id)
elif netconf_cred:
db.delete_netconf_cred_by_id(context, id)
else:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
def delete(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
filters = {'credentials': id}
switch_exists = db.get_if_bnp_phy_switch_exists(context, **filters)
if switch_exists:
raise webob.exc.HTTPConflict(
_("credential with id=%s is associated with a switch."
"Hence can't be deleted.") % id)
snmp_cred = db.get_snmp_cred_by_id(context, id)
netconf_cred = db.get_netconf_cred_by_id(context, id)
if snmp_cred:
db.delete_snmp_cred_by_id(context, id)
elif netconf_cred:
db.delete_netconf_cred_by_id(context, id)
else:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
def _get_credentials_dict(self, bnp_switch, func_name):
if not bnp_switch:
self._raise_ml2_error(wexc.HTTPNotFound, func_name)
db_context = neutron_context.get_admin_context()
creds_dict = {}
creds_dict["ip_address"] = bnp_switch.ip_address
prov_creds = bnp_switch.credentials
prov_protocol = bnp_switch.management_protocol
if hp_const.PROTOCOL_SNMP in prov_protocol:
if not uuidutils.is_uuid_like(prov_creds):
snmp_cred = db.get_snmp_cred_by_name(db_context, prov_creds)
snmp_cred = snmp_cred[0]
else:
snmp_cred = db.get_snmp_cred_by_id(db_context, prov_creds)
if not snmp_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, "")
creds_dict["write_community"] = snmp_cred.write_community
creds_dict["security_name"] = snmp_cred.security_name
creds_dict["security_level"] = snmp_cred.security_level
creds_dict["auth_protocol"] = snmp_cred.auth_protocol
creds_dict["management_protocol"] = prov_protocol
creds_dict["auth_key"] = snmp_cred.auth_key
creds_dict["priv_protocol"] = snmp_cred.priv_protocol
creds_dict["priv_key"] = snmp_cred.priv_key
else:
if not uuidutils.is_uuid_like(prov_creds):
netconf_cred = db.get_netconf_cred_by_name(db_context, prov_creds)
if netconf_cred.get("password"):
password = credential_manager.retrieve_secret(netconf_cred["password"])
netconf_cred["password"] = password
else:
netconf_cred = db.get_netconf_cred_by_id(db_context, prov_creds)
if netconf_cred.get("password"):
password = credential_manager.retrieve_secret(netconf_cred["password"])
netconf_cred["password"] = password
if not netconf_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, "")
creds_dict["user_name"] = netconf_cred.write_community
creds_dict["password"] = netconf_cred.security_name
creds_dict["key_path"] = netconf_cred.security_level
return creds_dict
def _get_credentials_dict(self, bnp_switch, func_name):
if not bnp_switch:
self._raise_ml2_error(wexc.HTTPNotFound, func_name)
db_context = neutron_context.get_admin_context()
creds_dict = {}
creds_dict['ip_address'] = bnp_switch.ip_address
prov_creds = bnp_switch.credentials
prov_protocol = bnp_switch.management_protocol
if hp_const.PROTOCOL_SNMP in prov_protocol:
if not uuidutils.is_uuid_like(prov_creds):
snmp_cred = db.get_snmp_cred_by_name(db_context, prov_creds)
snmp_cred = snmp_cred[0]
else:
snmp_cred = db.get_snmp_cred_by_id(db_context, prov_creds)
if not snmp_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, '')
creds_dict['write_community'] = snmp_cred.write_community
creds_dict['security_name'] = snmp_cred.security_name
creds_dict['security_level'] = snmp_cred.security_level
creds_dict['auth_protocol'] = snmp_cred.auth_protocol
creds_dict['management_protocol'] = prov_protocol
creds_dict['auth_key'] = snmp_cred.auth_key
creds_dict['priv_protocol'] = snmp_cred.priv_protocol
creds_dict['priv_key'] = snmp_cred.priv_key
else:
if not uuidutils.is_uuid_like(prov_creds):
netconf_cred = db.get_netconf_cred_by_name(db_context,
prov_creds)
else:
netconf_cred = db.get_netconf_cred_by_id(db_context,
prov_creds)
if not netconf_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, '')
creds_dict['user_name'] = netconf_cred.write_community
creds_dict['password'] = netconf_cred.security_name
creds_dict['key_path'] = netconf_cred.security_level
return creds_dict
def _get_credentials_dict(self, bnp_switch, func_name):
if not bnp_switch:
self._raise_ml2_error(wexc.HTTPNotFound, func_name)
db_context = neutron_context.get_admin_context()
creds_dict = {}
creds_dict['ip_address'] = bnp_switch.ip_address
prov_creds = bnp_switch.credentials
prov_protocol = bnp_switch.management_protocol
if hp_const.PROTOCOL_SNMP in prov_protocol:
if not uuidutils.is_uuid_like(prov_creds):
snmp_cred = db.get_snmp_cred_by_name(db_context, prov_creds)
snmp_cred = snmp_cred[0]
else:
snmp_cred = db.get_snmp_cred_by_id(db_context, prov_creds)
if not snmp_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, '')
creds_dict['write_community'] = snmp_cred.write_community
creds_dict['security_name'] = snmp_cred.security_name
creds_dict['security_level'] = snmp_cred.security_level
creds_dict['auth_protocol'] = snmp_cred.auth_protocol
creds_dict['management_protocol'] = prov_protocol
creds_dict['auth_key'] = snmp_cred.auth_key
creds_dict['priv_protocol'] = snmp_cred.priv_protocol
creds_dict['priv_key'] = snmp_cred.priv_key
else:
if not uuidutils.is_uuid_like(prov_creds):
netconf_cred = db.get_netconf_cred_by_name(db_context,
prov_creds)
else:
netconf_cred = db.get_netconf_cred_by_id(db_context,
prov_creds)
if not netconf_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, '')
creds_dict['user_name'] = netconf_cred.write_community
creds_dict['password'] = netconf_cred.security_name
creds_dict['key_path'] = netconf_cred.security_level
return creds_dict
def update(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
body = validators.validate_request(request)
protocol = validators.validate_access_parameters_for_update(body)
key_list = [
'name', 'snmpv1', 'snmpv2c', 'snmpv3', 'netconf_ssh',
'netconf_soap'
]
keys = body.keys()
validators.validate_attributes(keys, key_list)
if not uuidutils.is_uuid_like(id):
raise webob.exc.HTTPBadRequest(_("Invalid Id"))
if not protocol:
switch_creds = db.get_snmp_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, switch_creds_dict)
return switch_creds_dict
switch_creds = db.get_netconf_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id,
switch_creds_dict)
return switch_creds_dict
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
elif protocol in [const.SNMP_V1, const.SNMP_V2C]:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.SNMP_V3:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('auth_protocol' in params.keys()) ^ ('auth_key'
in params.keys()):
if (not switch_creds['auth_protocol']) and (
not switch_creds['auth_key']):
raise webob.exc.HTTPBadRequest(
_("auth_protocol and auth_key values does not exist,"
" so both has to be provided"))
if ('priv_protocol' in params.keys()) ^ ('priv_key'
in params.keys()):
if (not switch_creds['priv_protocol']) and (
not switch_creds['priv_key']):
raise webob.exc.HTTPBadRequest(
_("priv_protocol and priv_key values does not exist,"
" so both has to be provided"))
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SOAP:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SSH:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('user_name' in params.keys()) ^ ('password' in params.keys()):
if (not switch_creds['user_name']) and (
not switch_creds['password']):
raise webob.exc.HTTPBadRequest(
_("user_name and password values does not exist, so"
" both has to be provided"))
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
def update(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
body = validators.validate_request(request)
protocol = validators.validate_access_parameters_for_update(body)
key_list = ['name', 'snmpv1', 'snmpv2c',
'snmpv3', 'netconf_ssh', 'netconf_soap']
keys = body.keys()
validators.validate_attributes(keys, key_list)
if not uuidutils.is_uuid_like(id):
raise webob.exc.HTTPBadRequest(
_("Invalid Id"))
if not protocol:
switch_creds = db.get_snmp_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, switch_creds_dict)
return switch_creds_dict
switch_creds = db.get_netconf_cred_by_id(context, id)
if switch_creds:
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
switch_creds_dict = self._update_dict(body, dict(switch_creds))
if switch_creds_dict.get('password'):
password = credential_manager.create_secret(
switch_creds_dict['password'])
switch_creds_dict['password'] = password
db.update_bnp_netconf_cred_by_id(
context, id, switch_creds_dict)
return switch_creds_dict
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
elif protocol in [const.SNMP_V1, const.SNMP_V2C]:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.SNMP_V3:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('auth_protocol' in params.keys()) ^ (
'auth_key' in params.keys()):
if (not switch_creds['auth_protocol']) and (
not switch_creds['auth_key']):
raise webob.exc.HTTPBadRequest(
_("auth_protocol and auth_key values does not exist,"
" so both has to be provided"))
if ('priv_protocol' in params.keys()) ^ ('priv_key'
in params.keys()):
if (not switch_creds['priv_protocol']) and (
not switch_creds['priv_key']):
raise webob.exc.HTTPBadRequest(
_("priv_protocol and priv_key values does not exist,"
" so both has to be provided"))
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SOAP:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
creds_dict = self._update_dict(body, dict(switch_creds))
if creds_dict.get('password'):
creds_dict['password'] = credential_manager.create_secret(
creds_dict['password'])
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SSH:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('user_name' in params.keys()) ^ ('password' in params.keys()):
if (not switch_creds['user_name']) and (
not switch_creds['password']):
raise webob.exc.HTTPBadRequest(
_("user_name and password values does not exist, so"
" both has to be provided"))
for key, value in params.iteritems():
body[key] = value
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
creds_dict = self._update_dict(body, dict(switch_creds))
if creds_dict.get('password'):
creds_dict['password'] = credential_manager.create_secret(
creds_dict['password'])
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
def test_get_netconf_cred_by_id(self):
"""Test get_netconf_cred_by_id method."""
netconf_cred_dict = self._get_netconf_cred_dict()
retval = [db.add_bnp_netconf_cred(self.ctx, netconf_cred_dict)]
cred_val = db.get_netconf_cred_by_id(self.ctx, retval[0]['id'])
self.assertEqual(retval[0], cred_val)
def update(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
body = validators.validate_request(request)
protocol = validators.validate_access_parameters_for_update(body)
key_list = ["name", "snmpv1", "snmpv2c", "snmpv3", "netconf_ssh", "netconf_soap"]
keys = body.keys()
validators.validate_attributes(keys, key_list)
if not uuidutils.is_uuid_like(id):
raise webob.exc.HTTPBadRequest(_("Invalid Id"))
if not protocol:
switch_creds = db.get_snmp_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, switch_creds_dict)
return switch_creds_dict
switch_creds = db.get_netconf_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id, switch_creds_dict)
return switch_creds_dict
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
elif protocol in [const.SNMP_V1, const.SNMP_V2C]:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.SNMP_V3:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ("auth_protocol" in params.keys()) ^ ("auth_key" in params.keys()):
if (not switch_creds["auth_protocol"]) and (not switch_creds["auth_key"]):
raise webob.exc.HTTPBadRequest(
_("auth_protocol and auth_key values does not exist," " so both has to be provided")
)
if ("priv_protocol" in params.keys()) ^ ("priv_key" in params.keys()):
if (not switch_creds["priv_protocol"]) and (not switch_creds["priv_key"]):
raise webob.exc.HTTPBadRequest(
_("priv_protocol and priv_key values does not exist," " so both has to be provided")
)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SOAP:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SSH:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ("user_name" in params.keys()) ^ ("password" in params.keys()):
if (not switch_creds["user_name"]) and (not switch_creds["password"]):
raise webob.exc.HTTPBadRequest(
_("user_name and password values does not exist, so" " both has to be provided")
)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
