Load Balancing as a Service (LBaaS) for OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

325 lines
14 KiB

# Copyright 2016 Blue Box, an IBM Company
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from octavia_lib.api.drivers import data_models as driver_dm
from oslo_config import cfg
from oslo_db import exception as odb_exceptions
from oslo_log import log as logging
from oslo_utils import excutils
from pecan import expose as pecan_expose
from pecan import request as pecan_request
from wsme import types as wtypes
from wsmeext import pecan as wsme_pecan
from octavia.api.drivers import driver_factory
from octavia.api.drivers import utils as driver_utils
from octavia.api.v2.controllers import base
from octavia.api.v2.controllers import l7rule
from octavia.api.v2.types import l7policy as l7policy_types
from octavia.common import constants
from octavia.common import data_models
from octavia.common import exceptions
from octavia.common import validate
from octavia.db import api as db_api
from octavia.db import prepare as db_prepare
CONF = cfg.CONF
LOG = logging.getLogger(__name__)
class L7PolicyController(base.BaseController):
RBAC_TYPE = constants.RBAC_L7POLICY
def __init__(self):
super(L7PolicyController, self).__init__()
@wsme_pecan.wsexpose(l7policy_types.L7PolicyRootResponse, wtypes.text,
[wtypes.text], ignore_extra_args=True)
def get(self, id, fields=None):
"""Gets a single l7policy's details."""
context = pecan_request.context.get('octavia_context')
db_l7policy = self._get_db_l7policy(context.session, id,
show_deleted=False)
self._auth_validate_action(context, db_l7policy.project_id,
constants.RBAC_GET_ONE)
result = self._convert_db_to_type(
db_l7policy, l7policy_types.L7PolicyResponse)
if fields is not None:
result = self._filter_fields([result], fields)[0]
return l7policy_types.L7PolicyRootResponse(l7policy=result)
@wsme_pecan.wsexpose(l7policy_types.L7PoliciesRootResponse, wtypes.text,
[wtypes.text], ignore_extra_args=True)
def get_all(self, project_id=None, fields=None):
"""Lists all l7policies of a listener."""
pcontext = pecan_request.context
context = pcontext.get('octavia_context')
query_filter = self._auth_get_all(context, project_id)
db_l7policies, links = self.repositories.l7policy.get_all_API_list(
context.session, show_deleted=False,
pagination_helper=pcontext.get(constants.PAGINATION_HELPER),
**query_filter)
result = self._convert_db_to_type(
db_l7policies, [l7policy_types.L7PolicyResponse])
if fields is not None:
result = self._filter_fields(result, fields)
return l7policy_types.L7PoliciesRootResponse(
l7policies=result, l7policies_links=links)
def _test_lb_and_listener_statuses(self, session, lb_id, listener_ids):
"""Verify load balancer is in a mutable state."""
if not self.repositories.test_and_set_lb_and_listeners_prov_status(
session, lb_id,
constants.PENDING_UPDATE, constants.PENDING_UPDATE,
listener_ids=listener_ids):
LOG.info("L7Policy cannot be created or modified because the "
"Load Balancer is in an immutable state")
raise exceptions.ImmutableObject(resource='Load Balancer',
id=lb_id)
def _validate_create_l7policy(self, lock_session, l7policy_dict):
try:
# Set the default HTTP redirect code here so it's explicit
if ((l7policy_dict.get('redirect_url') or
l7policy_dict.get('redirect_prefix')) and
not l7policy_dict.get('redirect_http_code')):
l7policy_dict['redirect_http_code'] = 302
return self.repositories.l7policy.create(lock_session,
**l7policy_dict)
except odb_exceptions.DBDuplicateEntry:
raise exceptions.IDAlreadyExists()
except odb_exceptions.DBError:
# TODO(blogan): will have to do separate validation protocol
# before creation or update since the exception messages
# do not give any information as to what constraint failed
raise exceptions.InvalidOption(value='', option='')
@wsme_pecan.wsexpose(l7policy_types.L7PolicyRootResponse,
body=l7policy_types.L7PolicyRootPOST, status_code=201)
def post(self, l7policy_):
"""Creates a l7policy on a listener."""
l7policy = l7policy_.l7policy
context = pecan_request.context.get('octavia_context')
# Verify the parent listener exists
listener_id = l7policy.listener_id
listener = self._get_db_listener(
context.session, listener_id)
load_balancer_id = listener.load_balancer_id
l7policy.project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, l7policy.project_id,
constants.RBAC_POST)
# Make sure any pool specified by redirect_pool_id exists
if l7policy.redirect_pool_id:
db_pool = self._get_db_pool(
context.session, l7policy.redirect_pool_id)
self._validate_protocol(listener.protocol, db_pool.protocol)
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_quota_met(
context.session,
lock_session,
data_models.L7Policy,
l7policy.project_id):
raise exceptions.QuotaException(
resource=data_models.L7Policy._name())
l7policy_dict = db_prepare.create_l7policy(
l7policy.to_dict(render_unsets=True),
load_balancer_id, listener_id)
self._test_lb_and_listener_statuses(
lock_session, lb_id=load_balancer_id,
listener_ids=[listener_id])
db_l7policy = self._validate_create_l7policy(
lock_session, l7policy_dict)
# Prepare the data for the driver data model
provider_l7policy = (
driver_utils.db_l7policy_to_provider_l7policy(db_l7policy))
# Dispatch to the driver
LOG.info("Sending create L7 Policy %s to provider %s",
db_l7policy.id, driver.name)
driver_utils.call_provider(
driver.name, driver.l7policy_create, provider_l7policy)
lock_session.commit()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
db_l7policy = self._get_db_l7policy(context.session, db_l7policy.id)
result = self._convert_db_to_type(db_l7policy,
l7policy_types.L7PolicyResponse)
return l7policy_types.L7PolicyRootResponse(l7policy=result)
def _graph_create(self, lock_session, policy_dict):
load_balancer_id = policy_dict.pop('load_balancer_id', None)
listener_id = policy_dict['listener_id']
policy_dict = db_prepare.create_l7policy(
policy_dict, load_balancer_id, listener_id)
rules = policy_dict.pop('l7rules', []) or []
db_policy = self._validate_create_l7policy(lock_session, policy_dict)
new_rules = []
for r in rules:
r['project_id'] = db_policy.project_id
new_rules.append(
l7rule.L7RuleController(db_policy.id)._graph_create(
lock_session, r))
db_policy.l7rules = new_rules
return db_policy
@wsme_pecan.wsexpose(l7policy_types.L7PolicyRootResponse,
wtypes.text, body=l7policy_types.L7PolicyRootPUT,
status_code=200)
def put(self, id, l7policy_):
"""Updates a l7policy."""
l7policy = l7policy_.l7policy
context = pecan_request.context.get('octavia_context')
db_l7policy = self._get_db_l7policy(context.session, id,
show_deleted=False)
load_balancer_id, listener_id = self._get_listener_and_loadbalancer_id(
db_l7policy)
project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, project_id, constants.RBAC_PUT)
l7policy_dict = validate.sanitize_l7policy_api_args(
l7policy.to_dict(render_unsets=False))
# Reset renamed attributes
for attr, val in l7policy_types.L7PolicyPUT._type_to_model_map.items():
if val in l7policy_dict:
l7policy_dict[attr] = l7policy_dict.pop(val)
sanitized_l7policy = l7policy_types.L7PolicyPUT(**l7policy_dict)
listener = self._get_db_listener(
context.session, db_l7policy.listener_id)
# Make sure any specified redirect_pool_id exists
if l7policy_dict.get('redirect_pool_id'):
db_pool = self._get_db_pool(
context.session, l7policy_dict['redirect_pool_id'])
self._validate_protocol(listener.protocol, db_pool.protocol)
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
with db_api.get_lock_session() as lock_session:
self._test_lb_and_listener_statuses(lock_session,
lb_id=load_balancer_id,
listener_ids=[listener_id])
# Prepare the data for the driver data model
l7policy_dict = sanitized_l7policy.to_dict(render_unsets=False)
l7policy_dict['id'] = id
provider_l7policy_dict = (
driver_utils.l7policy_dict_to_provider_dict(l7policy_dict))
# Also prepare the baseline object data
old_provider_l7policy = (
driver_utils.db_l7policy_to_provider_l7policy(db_l7policy))
# Dispatch to the driver
LOG.info("Sending update L7 Policy %s to provider %s",
id, driver.name)
driver_utils.call_provider(
driver.name, driver.l7policy_update,
old_provider_l7policy,
driver_dm.L7Policy.from_dict(provider_l7policy_dict))
# Update the database to reflect what the driver just accepted
sanitized_l7policy.provisioning_status = constants.PENDING_UPDATE
db_l7policy_dict = sanitized_l7policy.to_dict(render_unsets=False)
self.repositories.l7policy.update(lock_session, id,
**db_l7policy_dict)
# Force SQL alchemy to query the DB, otherwise we get inconsistent
# results
context.session.expire_all()
db_l7policy = self._get_db_l7policy(context.session, id)
result = self._convert_db_to_type(db_l7policy,
l7policy_types.L7PolicyResponse)
return l7policy_types.L7PolicyRootResponse(l7policy=result)
@wsme_pecan.wsexpose(None, wtypes.text, status_code=204)
def delete(self, id):
"""Deletes a l7policy."""
context = pecan_request.context.get('octavia_context')
db_l7policy = self._get_db_l7policy(context.session, id,
show_deleted=False)
load_balancer_id, listener_id = self._get_listener_and_loadbalancer_id(
db_l7policy)
project_id, provider = self._get_lb_project_id_provider(
context.session, load_balancer_id)
self._auth_validate_action(context, project_id, constants.RBAC_DELETE)
if db_l7policy.provisioning_status == constants.DELETED:
return
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
with db_api.get_lock_session() as lock_session:
self._test_lb_and_listener_statuses(lock_session,
lb_id=load_balancer_id,
listener_ids=[listener_id])
self.repositories.l7policy.update(
lock_session, db_l7policy.id,
provisioning_status=constants.PENDING_DELETE)
LOG.info("Sending delete L7 Policy %s to provider %s",
id, driver.name)
provider_l7policy = driver_utils.db_l7policy_to_provider_l7policy(
db_l7policy)
driver_utils.call_provider(driver.name, driver.l7policy_delete,
provider_l7policy)
@pecan_expose()
def _lookup(self, l7policy_id, *remainder):
"""Overridden pecan _lookup method for custom routing.
Verifies that the l7policy passed in the url exists, and if so decides
which controller, if any, should control be passed.
"""
context = pecan_request.context.get('octavia_context')
if l7policy_id and remainder and remainder[0] == 'rules':
remainder = remainder[1:]
db_l7policy = self.repositories.l7policy.get(
context.session, id=l7policy_id)
if not db_l7policy:
LOG.info("L7Policy %s not found.", l7policy_id)
raise exceptions.NotFound(
resource='L7Policy', id=l7policy_id)
return l7rule.L7RuleController(
l7policy_id=db_l7policy.id), remainder
return None