688dcd0f88
This patch removes cfg import unused in murano/api/middleware/version_negotiation.py murano/api/versions.py murano/db/catalog/api.py murano/engine/system/test_fixture.py murano/policy/model_policy_enforcer.py murano/tests/unit/cmd/test_api_workers.py murano/tests/unit/cmd/test_engine_workers.py Change-Id: I0f12f15e4def84550ef5bde0840006211cac7809
555 lines
20 KiB
Python
555 lines
20 KiB
Python
# Copyright (c) 2014 Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_db import api as oslo_db_api
|
|
from oslo_db import exception as db_exceptions
|
|
from oslo_db.sqlalchemy import utils
|
|
from oslo_log import log as logging
|
|
import six
|
|
import sqlalchemy as sa
|
|
from sqlalchemy import or_
|
|
from sqlalchemy.orm import attributes
|
|
# TODO(ruhe) use exception declared in openstack/common/db
|
|
from webob import exc
|
|
|
|
from murano.db import models
|
|
from murano.db import session as db_session
|
|
from murano.common.i18n import _, _LW
|
|
|
|
|
|
SEARCH_MAPPING = {'fqn': 'fully_qualified_name',
|
|
'name': 'name',
|
|
'created': 'created'
|
|
}
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def _package_get(package_id, session):
|
|
# TODO(sjmc7): update openstack/common and pull in
|
|
# uuidutils, check that package_id_or_name resembles a
|
|
# UUID before trying to treat it as one
|
|
package = session.query(models.Package).get(package_id)
|
|
if not package:
|
|
msg = _("Package id '{pkg_id}' not found").format(pkg_id=package_id)
|
|
LOG.error(msg)
|
|
raise exc.HTTPNotFound(explanation=msg)
|
|
|
|
return package
|
|
|
|
|
|
def _authorize_package(package, context, allow_public=False):
|
|
|
|
if package.owner_id != context.tenant:
|
|
if not allow_public:
|
|
msg = _("Package '{pkg_id}' is not owned by tenant "
|
|
"'{tenant}'").format(pkg_id=package.id,
|
|
tenant=context.tenant)
|
|
LOG.error(msg)
|
|
raise exc.HTTPForbidden(explanation=msg)
|
|
if not package.is_public:
|
|
msg = _("Package '{pkg_id}' is not public and not owned by "
|
|
"tenant '{tenant}' ").format(pkg_id=package.id,
|
|
tenant=context.tenant)
|
|
LOG.error(msg)
|
|
raise exc.HTTPForbidden(explanation=msg)
|
|
|
|
|
|
def package_get(package_id, context):
|
|
"""Return package details
|
|
|
|
:param package_id: ID or name of a package, string
|
|
:returns: detailed information about package, dict
|
|
"""
|
|
session = db_session.get_session()
|
|
package = _package_get(package_id, session)
|
|
if not context.is_admin:
|
|
_authorize_package(package, context, allow_public=True)
|
|
return package
|
|
|
|
|
|
def _get_categories(category_names, session=None):
|
|
"""Return existing category objects or raise an exception.
|
|
|
|
:param category_names: name of categories
|
|
to associate with package, list
|
|
:returns: list of Category objects to associate with package, list
|
|
"""
|
|
if session is None:
|
|
session = db_session.get_session()
|
|
categories = []
|
|
for ctg_name in category_names:
|
|
ctg_obj = session.query(models.Category).filter_by(
|
|
name=ctg_name).first()
|
|
if not ctg_obj:
|
|
msg = _("Category '{name}' doesn't exist").format(name=ctg_name)
|
|
LOG.error(msg)
|
|
# it's not allowed to specify non-existent categories
|
|
raise exc.HTTPBadRequest(explanation=msg)
|
|
|
|
categories.append(ctg_obj)
|
|
return categories
|
|
|
|
|
|
def _existing_tag(tag_name, session=None):
|
|
if session is None:
|
|
session = db_session.get_session()
|
|
return session.query(models.Tag).filter_by(name=tag_name).first()
|
|
|
|
|
|
def _get_tags(tag_names, session=None):
|
|
"""Return existing tags object or create new ones
|
|
|
|
:param tag_names: name of tags to associate with package, list
|
|
:returns: list of Tag objects to associate with package, list
|
|
"""
|
|
if session is None:
|
|
session = db_session.get_session()
|
|
tags = []
|
|
# This function can be called inside a transaction and outside it.
|
|
# In the former case this line is no-op, in the latter
|
|
# starts a transaction we need to be inside a transaction, to correctly
|
|
# handle DBDuplicateEntry errors without failing the whole transaction.
|
|
# For more take a look at SQLAlchemy docs.
|
|
with session.begin(subtransactions=True):
|
|
for tag_name in tag_names:
|
|
tag_obj = _existing_tag(tag_name, session)
|
|
if not tag_obj:
|
|
try:
|
|
# Start a new SAVEPOINT transaction. If it fails only
|
|
# only the savepoint will be roll backed, not the
|
|
# whole transaction.
|
|
with session.begin(nested=True):
|
|
tag_obj = models.Tag(name=tag_name)
|
|
session.add(tag_obj)
|
|
session.flush(objects=[tag_obj])
|
|
except db_exceptions.DBDuplicateEntry:
|
|
# new session is needed here to get access to the tag
|
|
tag_obj = _existing_tag(tag_name)
|
|
tags.append(tag_obj)
|
|
|
|
return tags
|
|
|
|
|
|
def _get_class_definitions(class_names, session=None):
|
|
classes = []
|
|
for name in class_names:
|
|
class_record = models.Class(name=name)
|
|
classes.append(class_record)
|
|
return classes
|
|
|
|
|
|
def _do_replace(package, change):
|
|
path = change['path'][0]
|
|
value = change['value']
|
|
calculate = {'categories': _get_categories,
|
|
'tags': _get_tags}
|
|
if path in ('categories', 'tags'):
|
|
existing_items = getattr(package, path)
|
|
|
|
duplicates = list(set(i.name for i in existing_items) & set(value))
|
|
unique_values = [x for x in value if x not in duplicates]
|
|
items_to_replace = calculate[path](unique_values)
|
|
|
|
# NOTE(efedorova): Replacing duplicate entities is not allowed,
|
|
# so need to remove anything, but duplicates
|
|
# and append everything but duplicates
|
|
for item in list(existing_items):
|
|
if item.name not in duplicates:
|
|
existing_items.remove(item)
|
|
|
|
existing_items.extend(items_to_replace)
|
|
else:
|
|
setattr(package, path, value)
|
|
|
|
return package
|
|
|
|
|
|
def _do_add(package, change):
|
|
# Only categories and tags support addition
|
|
path = change['path'][0]
|
|
value = change['value']
|
|
|
|
calculate = {'categories': _get_categories,
|
|
'tags': _get_tags}
|
|
items_to_add = calculate[path](value)
|
|
for item in items_to_add:
|
|
try:
|
|
getattr(package, path).append(item)
|
|
except AssertionError:
|
|
LOG.warning(_LW('One of the specified {path} is already associated'
|
|
' with a package. Doing nothing.').format(
|
|
path=path))
|
|
return package
|
|
|
|
|
|
def _do_remove(package, change):
|
|
# Only categories and tags support removal
|
|
def find(seq, predicate):
|
|
for elt in seq:
|
|
if predicate(elt):
|
|
return elt
|
|
|
|
path = change['path'][0]
|
|
values = change['value']
|
|
|
|
current_values = getattr(package, path)
|
|
for value in values:
|
|
if value not in [i.name for i in current_values]:
|
|
msg = _("Value '{value}' of property '{path}' "
|
|
"does not exist.").format(value=value, path=path)
|
|
LOG.error(msg)
|
|
raise exc.HTTPNotFound(explanation=msg)
|
|
item_to_remove = find(current_values, lambda i: i.name == value)
|
|
current_values.remove(item_to_remove)
|
|
return package
|
|
|
|
|
|
def _get_packages_for_category(session, category_id):
|
|
"""Return detailed list of packages, belonging to the provided category
|
|
|
|
:param session:
|
|
:param category_id:
|
|
:return: list of dictionaries, containing id, name and package fqn
|
|
"""
|
|
pkg = models.Package
|
|
packages = (session.query(pkg.id, pkg.name, pkg.fully_qualified_name)
|
|
.filter(pkg.categories
|
|
.any(models.Category.id == category_id))
|
|
.all())
|
|
|
|
result_packages = []
|
|
for package in packages:
|
|
id, name, fqn = package
|
|
result_packages.append({'id': id,
|
|
'name': name,
|
|
'fully_qualified_name': fqn})
|
|
return result_packages
|
|
|
|
|
|
@oslo_db_api.wrap_db_retry(max_retries=5, retry_on_deadlock=True)
|
|
def package_update(pkg_id_or_name, changes, context):
|
|
"""Update package information
|
|
|
|
:param changes: parameters to update
|
|
:returns: detailed information about new package, dict
|
|
"""
|
|
|
|
operation_methods = {'add': _do_add,
|
|
'replace': _do_replace,
|
|
'remove': _do_remove}
|
|
session = db_session.get_session()
|
|
with session.begin():
|
|
pkg = _package_get(pkg_id_or_name, session)
|
|
was_private = not pkg.is_public
|
|
if not context.is_admin:
|
|
_authorize_package(pkg, context)
|
|
|
|
for change in changes:
|
|
pkg = operation_methods[change['op']](pkg, change)
|
|
became_public = pkg.is_public
|
|
class_names = [clazz.name for clazz in pkg.class_definitions]
|
|
if was_private and became_public:
|
|
with db_session.get_lock("public_packages", session):
|
|
_check_for_public_packages_with_fqn(session,
|
|
pkg.fully_qualified_name,
|
|
pkg.id)
|
|
_check_for_existing_classes(session, class_names, None,
|
|
check_public=True,
|
|
ignore_package_with_id=pkg.id)
|
|
|
|
session.add(pkg)
|
|
return pkg
|
|
|
|
|
|
def package_search(filters, context, manage_public=False,
|
|
limit=None, catalog=False):
|
|
"""Search packages with different filters
|
|
|
|
Catalog param controls the base query creation. Catalog queries
|
|
only search packages a user can deploy. Non-catalog queries searches
|
|
packages a user can edit.
|
|
* Admin is allowed to browse all the packages
|
|
* Regular user is allowed to browse all packages belongs to user tenant
|
|
and all other packages marked is_public in catalog mode.
|
|
In edit-mode non-admins are able to get own packages and public
|
|
packages if corresponding policy is passed.
|
|
* Use marker (inside filters param) and limit for pagination:
|
|
The typical pattern of limit and marker is to make an initial limited
|
|
request and then to use the ID of the last package from the response
|
|
as the marker parameter in a subsequent limited request.
|
|
"""
|
|
# pylint: disable=too-many-branches
|
|
|
|
session = db_session.get_session()
|
|
pkg = models.Package
|
|
|
|
query = session.query(pkg)
|
|
|
|
if catalog:
|
|
# Only show packages one can deploy, i.e. own + public
|
|
query = query.filter(or_(pkg.owner_id == context.tenant,
|
|
pkg.is_public))
|
|
else:
|
|
# Show packages one can edit.
|
|
if not context.is_admin:
|
|
if manage_public:
|
|
query = query.filter(or_(pkg.owner_id == context.tenant,
|
|
pkg.is_public))
|
|
else:
|
|
query = query.filter(pkg.owner_id == context.tenant)
|
|
# No else here admin can edit everything.
|
|
|
|
if not filters.get('include_disabled', '').lower() == 'true':
|
|
query = query.filter(pkg.enabled)
|
|
|
|
if filters.get('owned', '').lower() == 'true':
|
|
query = query.filter(pkg.owner_id == context.tenant)
|
|
|
|
if 'type' in filters.keys():
|
|
query = query.filter(pkg.type == filters['type'].title())
|
|
|
|
if 'id' in filters:
|
|
query = query.filter(models.Package.id.in_(filters['id']))
|
|
if 'category' in filters.keys():
|
|
query = query.filter(pkg.categories.any(
|
|
models.Category.name.in_(filters['category'])))
|
|
if 'tag' in filters.keys():
|
|
query = query.filter(pkg.tags.any(
|
|
models.Tag.name.in_(filters['tag'])))
|
|
if 'class_name' in filters.keys():
|
|
query = query.filter(pkg.class_definitions.any(
|
|
models.Class.name == filters['class_name']))
|
|
if 'fqn' in filters.keys():
|
|
query = query.filter(pkg.fully_qualified_name == filters['fqn'])
|
|
if 'name' in filters.keys():
|
|
query = query.filter(pkg.name == filters['name'])
|
|
|
|
if 'search' in filters.keys():
|
|
fk_fields = {'categories': 'Category',
|
|
'tags': 'Tag',
|
|
'class_definitions': 'Class'}
|
|
conditions = []
|
|
|
|
for attr in dir(pkg):
|
|
if attr.startswith('_'):
|
|
continue
|
|
if isinstance(getattr(pkg, attr),
|
|
attributes.InstrumentedAttribute):
|
|
search_str = filters['search']
|
|
for delim in ',;':
|
|
search_str = search_str.replace(delim, ' ')
|
|
for key_word in search_str.split():
|
|
_word = u'%{value}%'.format(value=key_word)
|
|
if attr in fk_fields.keys():
|
|
condition = getattr(pkg, attr).any(
|
|
getattr(models, fk_fields[attr]).name.like(_word))
|
|
conditions.append(condition)
|
|
elif isinstance(getattr(pkg, attr)
|
|
.property.columns[0].type, sa.String):
|
|
conditions.append(getattr(pkg, attr).like(_word))
|
|
query = query.filter(or_(*conditions))
|
|
|
|
sort_keys = [SEARCH_MAPPING[sort_key] for sort_key in
|
|
filters.get('order_by', ['name'])]
|
|
sort_keys.append('id')
|
|
marker = filters.get('marker')
|
|
sort_dir = filters.get('sort_dir')
|
|
|
|
if marker is not None: # set marker to real object instead of its id
|
|
marker = _package_get(marker, session)
|
|
|
|
query = utils.paginate_query(
|
|
query, pkg, limit, sort_keys, marker, sort_dir)
|
|
|
|
return query.all()
|
|
|
|
|
|
@oslo_db_api.wrap_db_retry(max_retries=5, retry_on_deadlock=True)
|
|
def package_upload(values, tenant_id):
|
|
"""Upload a package with new application
|
|
|
|
:param values: parameters describing the new package
|
|
:returns: detailed information about new package, dict
|
|
"""
|
|
session = db_session.get_session()
|
|
package = models.Package()
|
|
|
|
composite_attr_to_func = {'categories': _get_categories,
|
|
'tags': _get_tags,
|
|
'class_definitions': _get_class_definitions}
|
|
is_public = values.get('is_public', False)
|
|
|
|
if is_public:
|
|
public_lock = db_session.get_lock("public_packages", session)
|
|
else:
|
|
public_lock = None
|
|
tenant_lock = db_session.get_lock("classes_of_" + tenant_id, session)
|
|
try:
|
|
_check_for_existing_classes(session, values.get('class_definitions'),
|
|
tenant_id, check_public=is_public)
|
|
if is_public:
|
|
_check_for_public_packages_with_fqn(
|
|
session,
|
|
values.get('fully_qualified_name'))
|
|
for attr, func in six.iteritems(composite_attr_to_func):
|
|
if values.get(attr):
|
|
result = func(values[attr], session)
|
|
setattr(package, attr, result)
|
|
del values[attr]
|
|
package.update(values)
|
|
package.owner_id = tenant_id
|
|
package.save(session)
|
|
tenant_lock.commit()
|
|
if public_lock is not None:
|
|
public_lock.commit()
|
|
except Exception:
|
|
tenant_lock.rollback()
|
|
if public_lock is not None:
|
|
public_lock.rollback()
|
|
raise
|
|
|
|
return package
|
|
|
|
|
|
@oslo_db_api.wrap_db_retry(max_retries=5, retry_on_deadlock=True)
|
|
def package_delete(package_id, context):
|
|
"""Delete a package by ID."""
|
|
session = db_session.get_session()
|
|
|
|
with session.begin():
|
|
package = _package_get(package_id, session)
|
|
if not context.is_admin and package.owner_id != context.tenant:
|
|
raise exc.HTTPForbidden(
|
|
explanation="Package is not owned by the"
|
|
" tenant '{0}'".format(context.tenant))
|
|
session.delete(package)
|
|
|
|
|
|
def category_get(category_id, session=None, packages=False):
|
|
"""Return category details
|
|
|
|
:param category_id: ID of a category, string
|
|
:returns: detailed information about category, dict
|
|
"""
|
|
if not session:
|
|
session = db_session.get_session()
|
|
|
|
category = session.query(models.Category).get(category_id)
|
|
if not category:
|
|
msg = _("Category id '{id}' not found").format(id=category_id)
|
|
LOG.error(msg)
|
|
raise exc.HTTPNotFound(msg)
|
|
if packages:
|
|
category.packages = _get_packages_for_category(session, category_id)
|
|
return category
|
|
|
|
|
|
def categories_list(filters=None, limit=None, marker=None):
|
|
if filters is None:
|
|
filters = {}
|
|
sort_keys = filters.get('sort_keys', ['name'])
|
|
sort_dir = filters.get('sort_dir', 'asc')
|
|
|
|
session = db_session.get_session()
|
|
query = session.query(models.Category)
|
|
if marker is not None:
|
|
marker = category_get(marker, session)
|
|
|
|
query = utils.paginate_query(
|
|
query, models.Category, limit, sort_keys, marker, sort_dir)
|
|
return query.all()
|
|
|
|
|
|
def category_get_names():
|
|
session = db_session.get_session()
|
|
categories = []
|
|
for row in session.query(models.Category.name).all():
|
|
for name in row:
|
|
categories.append(name)
|
|
return categories
|
|
|
|
|
|
def category_add(category_name):
|
|
session = db_session.get_session()
|
|
category = models.Category()
|
|
|
|
with session.begin():
|
|
category.update({'name': category_name})
|
|
# NOTE(kzaitsev) update package_count, so we can safely access from
|
|
# outside the session
|
|
category.package_count = 0
|
|
category.save(session)
|
|
|
|
return category
|
|
|
|
|
|
def category_delete(category_id):
|
|
"""Delete a category by ID."""
|
|
session = db_session.get_session()
|
|
|
|
with session.begin():
|
|
category = session.query(models.Category).get(category_id)
|
|
if not category:
|
|
msg = _("Category id '{id}' not found").format(id=category_id)
|
|
LOG.error(msg)
|
|
raise exc.HTTPNotFound(msg)
|
|
session.delete(category)
|
|
|
|
|
|
def _check_for_existing_classes(session, class_names, tenant_id,
|
|
check_public=False,
|
|
ignore_package_with_id=None):
|
|
if not class_names:
|
|
return
|
|
q = session.query(models.Class.name).filter(
|
|
models.Class.name.in_(class_names))
|
|
private_filter = None
|
|
public_filter = None
|
|
predicate = None
|
|
if tenant_id is not None:
|
|
private_filter = models.Class.package.has(
|
|
models.Package.owner_id == tenant_id)
|
|
if check_public:
|
|
public_filter = models.Class.package.has(
|
|
models.Package.is_public)
|
|
if private_filter is not None and public_filter is not None:
|
|
predicate = sa.or_(private_filter, public_filter)
|
|
elif private_filter is not None:
|
|
predicate = private_filter
|
|
elif public_filter is not None:
|
|
predicate = public_filter
|
|
if predicate is not None:
|
|
q = q.filter(predicate)
|
|
if ignore_package_with_id is not None:
|
|
q = q.filter(models.Class.package_id != ignore_package_with_id)
|
|
if q.first() is not None:
|
|
msg = _('Class with the same full name is already '
|
|
'registered in the visibility scope')
|
|
LOG.error(msg)
|
|
raise exc.HTTPConflict(msg)
|
|
|
|
|
|
def _check_for_public_packages_with_fqn(session, fqn,
|
|
ignore_package_with_id=None):
|
|
q = session.query(models.Package.id).\
|
|
filter(models.Package.is_public).\
|
|
filter(models.Package.fully_qualified_name == fqn)
|
|
if ignore_package_with_id is not None:
|
|
q = q.filter(models.Package.id != ignore_package_with_id)
|
|
if q.first() is not None:
|
|
msg = _('Package with the same Name is already made public')
|
|
LOG.error(msg)
|
|
raise exc.HTTPConflict(msg)
|