def details(self, request, id):
if id != request.context.project_id:
# Check if admin
if not request.context.is_admin:
reason = _("Only admin is authorized to access quotas for"
" another tenant")
raise n_exc.AdminRequired(reason=reason)
return {self._resource_name: self._get_detailed_quotas(request, id)}
def _admin_check(self, context, action):
"""Admin role check helper."""
# TODO(selva): his check should be required if the tenant_id is
# specified in the request, otherwise the policy.json do a trick
# this need further revision.
if not context.is_admin:
reason = _('Cannot %s resource for non admin tenant') % action
raise exceptions.AdminRequired(reason=reason)
def get_tenant_id_for_create(context, resource):
if context.is_admin and 'tenant_id' in resource:
tenant_id = resource['tenant_id']
elif ('tenant_id' in resource
and resource['tenant_id'] != context.tenant_id):
reason = _('Cannot create resource for another tenant')
raise n_exc.AdminRequired(reason=reason)
else:
tenant_id = context.tenant_id
return tenant_id
def _get_tenant_id_for_create(self, context, resource):
if context.is_admin and 'tenant_id' in resource:
tenant_id = resource['tenant_id']
elif ('tenant_id' in resource
and resource['tenant_id'] != context.project_id):
reason = _('Cannot create resource for another tenant')
raise exceptions.AdminRequired(reason=reason)
else:
tenant_id = context.project_id
return tenant_id
def _get_tenant_id_for_create(self, context, resource):
"""Get tenant id for creation of resources."""
if context.is_admin and 'tenant_id' in resource:
tenant_id = resource['tenant_id']
elif ('tenant_id' in resource
and resource['tenant_id'] != context.tenant_id):
reason = 'Cannot create resource for another tenant'
raise exceptions.AdminRequired(reason=reason)
else:
tenant_id = context.tenant_id
return tenant_id
def run(self, context, job_name, readonly=False):
self.results = {}
if context.is_admin:
if self.email_notifier:
self.email_notifier.start('Cloud Housekeeper Execution Report')
with locking.LockManager.get_lock('nsx-housekeeper'):
error_count = 0
fixed_count = 0
error_info = ''
if job_name == ALL_DUMMY_JOB_NAME:
if (not readonly and
not self.readwrite_allowed(ALL_DUMMY_JOB_NAME)):
raise n_exc.ObjectNotFound(id=ALL_DUMMY_JOB_NAME)
for job in self.jobs.values():
if (not readonly and
not self.readwrite_allowed(job.get_name())):
# skip this job as it is readonly
continue
result = job.run(context, readonly=readonly)
if result:
if self.email_notifier and result['error_count']:
self._add_job_text_to_notifier(job, result)
error_count += result['error_count']
fixed_count += result['fixed_count']
error_info += result['error_info'] + "\n"
self.results[job_name] = {
'error_count': error_count,
'fixed_count': fixed_count,
'error_info': error_info
}
else:
job = self.jobs.get(job_name)
if job:
if (not readonly and
not self.readwrite_allowed(job_name)):
raise n_exc.ObjectNotFound(id=job_name)
result = job.run(context, readonly=readonly)
if result:
error_count = result['error_count']
if self.email_notifier:
self._add_job_text_to_notifier(job, result)
self.results[job.get_name()] = result
else:
raise n_exc.ObjectNotFound(id=job_name)
if self.email_notifier and error_count:
self.email_notifier.send()
else:
raise n_exc.AdminRequired()
def run(self, context, job_name):
if context.is_admin:
with locking.LockManager.get_lock('nsx-housekeeper'):
if job_name == ALL_DUMMY_JOB.get('name'):
for job in self.jobs.values():
job.run(context)
else:
job = self.jobs.get(job_name)
if job:
job.run(context)
else:
raise n_exc.ObjectNotFound(id=job_name)
else:
raise n_exc.AdminRequired()
def _check_admin(self,
context,
reason=_("Only admin can view or configure quota")):
if not context.is_admin:
raise n_exc.AdminRequired(reason=reason)
def _admin_check(context, action):
"""Admin role check helper."""
if not context.is_admin:
reason = _('Cannot %s resource for non admin tenant') % action
raise exc.AdminRequired(reason=reason)
def request(self,
method,
url,
token=None,
args=None,
headers=None,
accepted_codes=[200, 201, 202, 204]):
params = {}
if args:
# extract filter and fields
if 'filters' in args:
params = args.pop('filters')
if 'fields' in args:
params['fields'] = args.pop('fields')
args = jsonutils.dumps(args)
if not headers:
headers = {
'Content-type': 'application/json',
'X-Auth-Token': token
}
headers['User-Agent'] = OCTAVIA_PROXY_CLIENT
url = '{}/{}'.format(self.base_url, str(url))
LOG.debug("url = %s", url)
LOG.debug("args = %s", args)
LOG.debug("params = %s", str(params))
r = requests.request(method,
url,
data=args,
params=params,
headers=headers)
LOG.debug("Octavia Response Code: {0}".format(r.status_code))
LOG.debug("Octavia Response Body: {0}".format(r.content))
LOG.debug("Octavia Response Headers: {0}".format(r.headers))
if r.status_code in accepted_codes:
if method != 'DELETE':
return r.json()
elif r.status_code == 413:
e = lib_exc.OverQuota()
e.msg = str(r.content)
raise e
elif r.status_code == 409:
e = lib_exc.Conflict()
e.msg = str(r.content)
raise e
elif r.status_code == 401:
e = lib_exc.NotAuthorized()
e.msg = str(r.content)
raise e
elif r.status_code == 403:
e = lib_exc.AdminRequired()
e.msg = str(r.content)
raise e
elif r.status_code == 404:
e = lib_exc.NotFound()
e.msg = str(r.content)
raise e
elif r.status_code == 400:
e = lib_exc.BadRequest(resource="", msg="")
e.msg = str(r.content)
raise e
else:
raise loadbalancerv2.DriverError(msg=str(r.content))
