def delete_record(self, context, domain_id, record_id,
increment_serial=True):
domain = self.storage.get_domain(context, domain_id)
record = self.storage.get_record(context, record_id)
# Ensure the domain_id matches the record's domain_id
if domain['id'] != record['domain_id']:
raise exceptions.RecordNotFound()
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'record_id': record['id'],
'tenant_id': domain['tenant_id']
}
policy.check('delete_record', context, target)
try:
self.backend.delete_record(context, domain, record)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def ping(self, context):
policy.check('diagnostics_ping', context)
try:
backend_status = self.backend.ping(context)
except Exception, e:
backend_status = {'status': False, 'message': str(e)}
def get_records(self, context, domain_id, criterion=None):
domain = self.storage_conn.get_domain(context, domain_id)
target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']}
policy.check('get_records', context, target)
return self.storage_conn.get_records(context, domain_id, criterion)
def get_record(self, context, domain_id, record_id):
domain = self.storage_conn.get_domain(context, domain_id)
target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']}
policy.check('get_record', context, target)
return self.storage_conn.get_record(context, record_id)
def create_record(self, context, domain_id, values, increment_serial=True):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'record_name': values['name'],
'tenant_id': domain['tenant_id']
}
policy.check('create_record', context, target)
# Ensure the tenant has enough quota to continue
quota_criterion = {'domain_id': domain_id}
record_count = self.storage.count_records(context,
criterion=quota_criterion)
self.quota.limit_check(context, domain['tenant_id'],
domain_records=record_count)
# Ensure the record name is valid
self._is_valid_record_name(context, domain, values['name'],
values['type'])
record = self.storage.create_record(context, domain_id, values)
try:
self.backend.create_record(context, domain, record)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def update_record(self, context, domain_id, record_id, values,
increment_serial=True):
domain = self.storage.get_domain(context, domain_id)
record = self.storage.get_record(context, record_id)
# Ensure the domain_id matches the record's domain_id
if domain['id'] != record['domain_id']:
raise exceptions.RecordNotFound()
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'record_id': record['id'],
'tenant_id': domain['tenant_id']
}
policy.check('update_record', context, target)
# Ensure the record name is valid
record_name = values['name'] if 'name' in values else record['name']
record_type = values['type'] if 'type' in values else record['type']
self._is_valid_record_name(context, domain, record_name, record_type)
# Update the record
record = self.storage.update_record(context, record_id, values)
try:
self.backend.update_record(context, domain, record)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def find_record(self, context, criterion):
target = {'tenant_id': context.tenant_id}
policy.check('find_record', context, target)
if not context.is_admin:
criterion['tenant_id'] = context.tenant_id
return self.storage.find_record(context, criterion)
def delete_server(self, context, server_id):
policy.check('delete_server', context, {'server_id': server_id})
server = self.storage.get_server(context, server_id)
utils.notify(context, 'central', 'server.delete', server)
return self.storage.delete_server(context, server_id)
def get_tenant(self, context, tenant_id):
target = {
'tenant_id': tenant_id
}
policy.check('get_tenant', context, target)
return self.storage.get_tenant(context, tenant_id)
def create_server(self, context, values):
policy.check('create_server', context)
server = self.storage.create_server(context, values)
utils.notify(context, 'central', 'server.create', server)
return server
def update_server(self, context, server_id, values):
policy.check('update_server', context, {'server_id': server_id})
server = self.storage.update_server(context, server_id, values)
utils.notify(context, 'central', 'server.update', server)
return server
def count_records(self, context, criterion=None):
if criterion is None:
criterion = {}
target = {
'tenant_id': criterion.get('tenant_id', None)
}
policy.check('count_records', context, target)
return self.storage.count_records(context, criterion)
def delete_domain(self, context, domain_id):
domain = self.storage_conn.get_domain(context, domain_id)
target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']}
policy.check('delete_domain', context, target)
self.backend.delete_domain(context, domain)
utils.notify(context, 'api', 'domain.delete', domain)
return self.storage_conn.delete_domain(context, domain_id)
def get_domains(self, context, criterion=None):
target = {'tenant_id': context.effective_tenant_id}
policy.check('get_domains', context, target)
if criterion is None:
criterion = {}
criterion['tenant_id'] = context.effective_tenant_id
return self.storage_conn.get_domains(context, criterion)
def create_domain(self, context, values):
values['tenant_id'] = context.tenant_id
target = {
'tenant_id': values['tenant_id'],
'domain_name': values['name']
}
policy.check('create_domain', context, target)
# Ensure the tenant has enough quota to continue
quota_criterion = {'tenant_id': values['tenant_id']}
domain_count = self.storage.count_domains(context,
criterion=quota_criterion)
self.quota.limit_check(context, values['tenant_id'],
domains=domain_count)
# Ensure the domain name is valid
self._is_valid_domain_name(context, values['name'])
# Handle sub-domains appropriately
parent_domain = self._is_subdomain(context, values['name'])
if parent_domain:
if parent_domain['tenant_id'] == values['tenant_id']:
# Record the Parent Domain ID
values['parent_domain_id'] = parent_domain['id']
else:
raise exceptions.Forbidden('Unable to create subdomain in '
'another tenants domain')
# TODO(kiall): Handle super-domains properly
# NOTE(kiall): Fetch the servers before creating the domain, this way
# we can prevent domain creation if no servers are
# configured.
servers = self.storage.get_servers(context)
if len(servers) == 0:
LOG.critical('No servers configured. Please create at least one '
'server')
raise exceptions.NoServersConfigured()
# Set the serial number
values['serial'] = utils.increment_serial()
domain = self.storage.create_domain(context, values)
try:
self.backend.create_domain(context, domain)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def get_domain(self, context, domain_id):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('get_domain', context, target)
return domain
def get_domains(self, context, criterion=None):
target = {'tenant_id': context.tenant_id}
policy.check('get_domains', context, target)
if criterion is None:
criterion = {}
if not context.is_admin:
criterion['tenant_id'] = context.tenant_id
return self.storage.get_domains(context, criterion)
def create_record(self, context, domain_id, values):
domain = self.storage_conn.get_domain(context, domain_id)
target = {'domain_id': domain_id, 'tenant_id': domain['tenant_id']}
policy.check('create_record', context, target)
record = self.storage_conn.create_record(context, domain_id, values)
self.backend.create_record(context, domain, record)
utils.notify(context, 'api', 'record.create', record)
return record
def create_tsigkey(self, context, values):
policy.check('create_tsigkey', context)
tsigkey = self.storage.create_tsigkey(context, values)
try:
self.backend.create_tsigkey(context, tsigkey)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def delete_tsigkey(self, context, tsigkey_id):
policy.check('delete_tsigkey', context, {'tsigkey_id': tsigkey_id})
tsigkey = self.storage.get_tsigkey(context, tsigkey_id)
try:
self.backend.delete_tsigkey(context, tsigkey)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def _check_reserved_domain_suffixes(self, context, domain_name):
"""
Ensures the provided domain_name does not end with any of the
configured reserved suffixes.
"""
suffixes = cfg.CONF['service:central'].reserved_domain_suffixes
for suffix in suffixes:
if domain_name.endswith(suffix):
policy.check('use_reserved_domain_suffix', context,
{'suffix': suffix})
def get_records(self, context, domain_id, criterion=None):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('get_records', context, target)
return self.storage.get_records(context, domain_id, criterion)
def sync_domain(self, context, domain_id):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('diagnostics_sync_domain', context, target)
records = self.storage.get_records(context, domain_id)
return self.backend.sync_domain(context, domain, records)
def create_domain(self, context, values):
values['tenant_id'] = context.effective_tenant_id
target = {'tenant_id': values['tenant_id']}
policy.check('create_domain', context, target)
# Ensure the domain does not end with a reserved suffix.
self._check_reserved_domain_suffixes(context, values['name'])
domain = self.storage_conn.create_domain(context, values)
self.backend.create_domain(context, domain)
utils.notify(context, 'api', 'domain.create', domain)
return domain
def _is_valid_domain_name(self, context, domain_name):
# Validate domain name length
if len(domain_name) > cfg.CONF['service:central'].max_domain_name_len:
raise exceptions.InvalidDomainName('Name too long')
# Break the domain name up into its component labels
domain_labels = domain_name.strip('.').split('.')
# We need more than 1 label.
if len(domain_labels) <= 1:
raise exceptions.InvalidDomainName('More than one label is '
'required')
# Check the TLD for validity
if self.accepted_tld_list:
domain_tld = domain_labels[-1].lower()
if domain_tld not in self.accepted_tld_list:
raise exceptions.InvalidDomainName('Unknown or invalid TLD')
# Check domain name blacklist
if self._is_blacklisted_domain_name(context, domain_name):
# Some users are allowed bypass the blacklist.. Is this one?
if not policy.check('use_blacklisted_domain', context, exc=None):
raise exceptions.InvalidDomainName('Blacklisted domain name')
return True
def touch_domain(self, context, domain_id):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('touch_domain', context, target)
domain = self._increment_domain_serial(context, domain_id)
utils.notify(context, 'central', 'domain.touch', domain)
return domain
def delete_record(self, context, domain_id, record_id):
domain = self.storage_conn.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'record_id': record_id,
'tenant_id': domain['tenant_id']
}
policy.check('delete_record', context, target)
record = self.storage_conn.get_record(context, record_id)
self.backend.delete_record(context, domain, record)
utils.notify(context, 'api', 'record.delete', record)
return self.storage_conn.delete_record(context, record_id)
def sync_domains(self, context):
policy.check('diagnostics_sync_domains', context)
domains = self.storage.get_domains(context)
results = {}
for domain in domains:
servers = self.storage.get_servers(context)
records = self.storage.get_records(context, domain['id'])
results[domain['id']] = self.backend.sync_domain(context,
domain,
records,
servers)
return results
def get_domain_servers(self, context, domain_id, criterion=None):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('get_domain_servers', context, target)
if criterion is None:
criterion = {}
# TODO: Once we allow domains to be allocated on 1 of N server
# pools, return the filtered list here.
return self.storage.get_servers(context, criterion)
def get_record(self, context, domain_id, record_id):
domain = self.storage.get_domain(context, domain_id)
record = self.storage.get_record(context, record_id)
# Ensure the domain_id matches the record's domain_id
if domain['id'] != record['domain_id']:
raise exceptions.RecordNotFound()
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'record_id': record['id'],
'tenant_id': domain['tenant_id']
}
policy.check('get_record', context, target)
return record
def delete_domain(self, context, domain_id):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('delete_domain', context, target)
try:
self.backend.delete_domain(context, domain)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def sudo(self, tenant_id, force=False):
if force:
allowed_sudo = True
else:
# We use exc=None here since the context is built early in the
# request lifecycle, outside of our ordinary error handling.
# For now, we silently ignore failed sudo requests.
target = {'tenant_id': tenant_id}
allowed_sudo = policy.check('use_sudo', self, target, exc=None)
if allowed_sudo:
LOG.warn('Accepted sudo from user_id %s for tenant_id %s' %
(self.user_id, tenant_id))
self.original_tenant_id = self.tenant_id
self.tenant_id = tenant_id
else:
LOG.warn('Rejected sudo from user_id %s for tenant_id %s' %
(self.user_id, tenant_id))
def update_domain(self, context, domain_id, values, increment_serial=True):
domain = self.storage.get_domain(context, domain_id)
target = {
'domain_id': domain_id,
'domain_name': domain['name'],
'tenant_id': domain['tenant_id']
}
policy.check('update_domain', context, target)
if 'tenant_id' in values:
# NOTE(kiall): Ensure the user is allowed to delete a domain from
# the original tenant.
policy.check('delete_domain', context, target)
# NOTE(kiall): Ensure the user is allowed to create a domain in
# the new tenant.
target = {'domain_id': domain_id, 'tenant_id': values['tenant_id']}
policy.check('create_domain', context, target)
if 'name' in values and values['name'] != domain['name']:
raise exceptions.BadRequest('Renaming a domain is not allowed')
if increment_serial:
# Increment the serial number
values['serial'] = utils.increment_serial(domain['serial'])
domain = self.storage.update_domain(context, domain_id, values)
try:
self.backend.update_domain(context, domain)
except exceptions.Backend:
# Re-raise Backend exceptions as is..
raise
except Exception, e:
raise exceptions.Backend('Unknown backend failure: %s' % e)
def get_tenants(self, context):
policy.check('get_tenants', context)
return self.storage.get_tenants(context)
def count_tenants(self, context):
policy.check('count_tenants', context)
return self.storage.count_tenants(context)
def get_tsigkey(self, context, tsigkey_id):
policy.check('get_tsigkey', context, {'tsigkey_id': tsigkey_id})
return self.storage.get_tsigkey(context, tsigkey_id)
def get_tsigkeys(self, context, criterion=None):
policy.check('get_tsigkeys', context)
return self.storage.get_tsigkeys(context, criterion)
def get_server(self, context, server_id):
policy.check('get_server', context, {'server_id': server_id})
return self.storage.get_server(context, server_id)
