def __call__(self, target, creds, enforcer):
if self.target_field not in target:
# policy needs a plugin check
# target field is in the form resource:field
# however if they're not separated by a colon, use an underscore
# as a separator for backward compatibility
def do_split(separator):
parent_res, parent_field = self.target_field.split(
separator, 1)
return parent_res, parent_field
for separator in (':', '_'):
try:
parent_res, parent_field = do_split(separator)
break
except ValueError:
LOG.debug("Unable to find ':' as separator in %s.",
self.target_field)
else:
# If we are here split failed with both separators
err_reason = (_("Unable to find resource name in %s") %
self.target_field)
LOG.error(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" %
(self.kind, self.match),
reason=err_reason)
parent_foreign_key = attributes.RESOURCE_FOREIGN_KEYS.get(
"%ss" % parent_res, None)
if not parent_foreign_key:
err_reason = (_("Unable to verify match:%(match)s as the "
"parent resource: %(res)s was not found") % {
'match': self.match,
'res': parent_res
})
LOG.error(err_reason)
raise exceptions.PolicyCheckError(policy="%s:%s" %
(self.kind, self.match),
reason=err_reason)
target[self.target_field] = self._extract(
parent_res, target[parent_foreign_key], parent_field)
match = self.match % target
if self.kind in creds:
return match == six.text_type(creds[self.kind])
return False
class NetworkVlanRangeError(e.NeutronException):
message = _("Invalid network VLAN range: '%(vlan_range)s' - '%(error)s'.")
def __init__(self, **kwargs):
# Convert vlan_range tuple to 'start:end' format for display
if isinstance(kwargs['vlan_range'], tuple):
kwargs['vlan_range'] = "%d:%d" % kwargs['vlan_range']
super(NetworkVlanRangeError, self).__init__(**kwargs)
def __init__(self, kind, match):
# Process the match
try:
self.target_field = re.findall(r'^\%\((.*)\)s$', match)[0]
except IndexError:
err_reason = (_("Unable to identify a target field from:%s. "
"Match should be in the form %%(<field_name>)s") %
match)
LOG.exception(err_reason)
raise exceptions.PolicyInitError(policy="%s:%s" % (kind, match),
reason=err_reason)
self._cache = cache._get_memory_cache_region(expiration_time=5)
super(OwnerCheck, self).__init__(kind, match)
def init(args, **kwargs):
cfg.CONF(args=args,
project='neutron',
version='%%(prog)s %s' % version.version_info.release_string(),
**kwargs)
# FIXME(ihrachys): if import is put in global, circular import
# failure occurs
from dragonflow.neutron.common import rpc as n_rpc
n_rpc.init(cfg.CONF)
# Validate that the base_mac is of the correct format
msg = validators.validate_regex(cfg.CONF.base_mac, validators.MAC_PATTERN)
if msg:
msg = _("Base MAC: %s") % msg
raise Exception(msg)
def _get_cache_region_for_legacy(url):
parsed = parse.urlparse(url)
backend = parsed.scheme
if backend == 'memory':
query = parsed.query
# NOTE(flaper87): We need the following hack
# for python versions < 2.7.5. Previous versions
# of python parsed query params just for 'known'
# schemes. This was changed in this patch:
# http://hg.python.org/cpython/rev/79e6ff3d9afd
if not query and '?' in parsed.path:
query = parsed.path.split('?', 1)[-1]
parameters = parse.parse_qs(query)
return _get_memory_cache_region(
expiration_time=int(parameters.get('default_ttl', [0])[0]))
else:
raise RuntimeError(
_('Old style configuration can use only memory '
'(dict) backend'))
def __call__(self, target_self, *args, **kwargs):
target_self_cls_name = reflection.get_class_name(target_self,
fully_qualified=False)
if not hasattr(target_self, '_cache'):
raise NotImplementedError(
_("Instance of class %(module)s.%(class)s must contain _cache "
"attribute") % {
'module': target_self.__module__,
'class': target_self_cls_name
})
if not target_self._cache:
if self._first_call:
LOG.debug(
"Instance of class %(module)s.%(class)s doesn't "
"contain attribute _cache therefore results "
"cannot be cached for %(func_name)s.", {
'module': target_self.__module__,
'class': target_self_cls_name,
'func_name': self.func.__name__
})
self._first_call = False
return self.func(target_self, *args, **kwargs)
return self._get_from_cache(target_self, *args, **kwargs)
class DNSNameServersExhausted(e.BadRequest):
# NOTE(xchenum): probably make sense to use quota exceeded exception?
message = _("Unable to complete operation for %(subnet_id)s. "
"The number of DNS nameservers exceeds the limit %(quota)s.")
class QosPolicyInUse(e.InUse):
message = _("QoS Policy %(policy_id)s is used by "
"%(object_type)s %(object_id)s.")
class PolicyRemoveAuthorizationError(e.NotAuthorized):
message = _("Failed to remove provided policy %(policy_id)s "
"because you are not authorized.")
class PlacementInventoryNotFound(e.NotFound):
message = _("Placement inventory not found for resource provider "
"%(resource_provider)s, resource class %(resource_class)s.")
class PlacementEndpointNotFound(e.NotFound):
message = _("Placement API endpoint not found")
class NetworkQosBindingNotFound(e.NotFound):
message = _("QoS binding for network %(net_id)s and policy %(policy_id)s "
"could not be found.")
class SubnetPoolDeleteError(e.BadRequest):
message = _("Unable to delete subnet pool: %(reason)s.")
class MaxPrefixSubnetAllocationError(e.BadRequest):
message = _("Unable to allocate subnet with prefix length %(prefixlen)s, "
"maximum allowed prefix is %(max_prefixlen)s.")
class IllegalSubnetPoolUpdate(e.BadRequest):
message = _("Illegal subnetpool update : %(reason)s.")
class PortQosBindingNotFound(e.NotFound):
message = _("QoS binding for port %(port_id)s and policy %(policy_id)s "
"could not be found.")
class PortQosBindingError(e.NeutronException):
message = _("QoS binding for port %(port_id)s and policy %(policy_id)s "
"could not be created: %(db_error)s.")
class QoSPolicyDefaultAlreadyExists(e.Conflict):
message = _("A default QoS policy exists for project %(project_id)s.")
class NetworkQosBindingError(e.NeutronException):
message = _("QoS binding for network %(net_id)s and policy %(policy_id)s "
"could not be created: %(db_error)s.")
class SubnetPoolQuotaExceeded(e.OverQuota):
message = _("Per-tenant subnet pool prefix quota exceeded.")
class PlacementResourceProviderNotFound(e.NotFound):
message = _("Placement resource provider not found %(resource_provider)s.")
class NetworkSubnetPoolAffinityError(e.BadRequest):
message = _("Subnets hosted on the same network must be allocated from "
"the same subnet pool.")
class PlacementAggregateNotFound(e.NotFound):
message = _("Aggregate not found for resource provider "
"%(resource_provider)s.")
class ObjectActionError(e.NeutronException):
message = _('Object action %(action)s failed because: %(reason)s.')
class StateInvalid(e.BadRequest):
message = _("Unsupported port state: %(port_state)s.")
class CTZoneExhaustedError(e.NeutronException):
message = _("IPtables conntrack zones exhausted, iptables rules cannot "
"be applied.")
class DhcpPortInUse(e.InUse):
message = _("Port %(port_id)s is already acquired by another DHCP agent")
class TenantQuotaNotFound(e.NotFound):
message = _("Quota for tenant %(tenant_id)s could not be found.")
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.utils import net
from oslo_config import cfg
from oslo_service import wsgi
from dragonflow.neutron._i18n import _
from dragonflow.neutron.common import constants
core_opts = [
cfg.HostAddressOpt('bind_host', default='0.0.0.0',
help=_("The host IP to bind to.")),
cfg.PortOpt('bind_port', default=9696,
help=_("The port to bind to")),
cfg.StrOpt('api_extensions_path', default="",
help=_("The path for API extensions. "
"Note that this can be a colon-separated list of paths. "
"For example: api_extensions_path = "
"extensions:/path/to/more/exts:/even/more/exts. "
"The __path__ of neutron.extensions is appended to "
"this, so if your extensions are in there you don't "
"need to specify them here.")),
cfg.StrOpt('auth_strategy', default='keystone',
help=_("The type of authentication to use")),
cfg.StrOpt('core_plugin',
help=_("The core plugin Neutron will use")),
cfg.ListOpt('service_plugins', default=[],
class TenantIdProjectIdFilterConflict(e.BadRequest):
message = _("Both tenant_id and project_id passed as filters.")