299 lines
13 KiB
Python
299 lines
13 KiB
Python
# Copyright 2016 Blue Box, an IBM Company
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from octavia_lib.api.drivers import data_models as driver_dm
|
|
from oslo_db import exception as odb_exceptions
|
|
from oslo_log import log as logging
|
|
from oslo_utils import excutils
|
|
from pecan import request as pecan_request
|
|
from wsme import types as wtypes
|
|
from wsmeext import pecan as wsme_pecan
|
|
|
|
from octavia.api.drivers import driver_factory
|
|
from octavia.api.drivers import utils as driver_utils
|
|
from octavia.api.v2.controllers import base
|
|
from octavia.api.v2.types import l7rule as l7rule_types
|
|
from octavia.common import constants
|
|
from octavia.common import data_models
|
|
from octavia.common import exceptions
|
|
from octavia.common import validate
|
|
from octavia.db import api as db_api
|
|
from octavia.db import prepare as db_prepare
|
|
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class L7RuleController(base.BaseController):
|
|
RBAC_TYPE = constants.RBAC_L7RULE
|
|
|
|
def __init__(self, l7policy_id):
|
|
super(L7RuleController, self).__init__()
|
|
self.l7policy_id = l7policy_id
|
|
|
|
@wsme_pecan.wsexpose(l7rule_types.L7RuleRootResponse, wtypes.text,
|
|
[wtypes.text], ignore_extra_args=True)
|
|
def get(self, id, fields=None):
|
|
"""Gets a single l7rule's details."""
|
|
context = pecan_request.context.get('octavia_context')
|
|
db_l7rule = self._get_db_l7rule(context.session, id,
|
|
show_deleted=False)
|
|
|
|
self._auth_validate_action(context, db_l7rule.project_id,
|
|
constants.RBAC_GET_ONE)
|
|
|
|
result = self._convert_db_to_type(
|
|
db_l7rule, l7rule_types.L7RuleResponse)
|
|
if fields is not None:
|
|
result = self._filter_fields([result], fields)[0]
|
|
return l7rule_types.L7RuleRootResponse(rule=result)
|
|
|
|
@wsme_pecan.wsexpose(l7rule_types.L7RulesRootResponse, [wtypes.text],
|
|
ignore_extra_args=True)
|
|
def get_all(self, fields=None):
|
|
"""Lists all l7rules of a l7policy."""
|
|
pcontext = pecan_request.context
|
|
context = pcontext.get('octavia_context')
|
|
|
|
l7policy = self._get_db_l7policy(context.session, self.l7policy_id,
|
|
show_deleted=False)
|
|
|
|
self._auth_validate_action(context, l7policy.project_id,
|
|
constants.RBAC_GET_ALL)
|
|
|
|
db_l7rules, links = self.repositories.l7rule.get_all_API_list(
|
|
context.session, show_deleted=False, l7policy_id=self.l7policy_id,
|
|
pagination_helper=pcontext.get(constants.PAGINATION_HELPER))
|
|
result = self._convert_db_to_type(
|
|
db_l7rules, [l7rule_types.L7RuleResponse])
|
|
if fields is not None:
|
|
result = self._filter_fields(result, fields)
|
|
return l7rule_types.L7RulesRootResponse(
|
|
rules=result, rules_links=links)
|
|
|
|
def _test_lb_listener_policy_statuses(self, session):
|
|
"""Verify load balancer is in a mutable state."""
|
|
l7policy = self._get_db_l7policy(session, self.l7policy_id)
|
|
listener_id = l7policy.listener_id
|
|
load_balancer_id = l7policy.listener.load_balancer_id
|
|
# Check the parent is not locked for some reason (ERROR, etc.)
|
|
if l7policy.provisioning_status not in constants.MUTABLE_STATUSES:
|
|
raise exceptions.ImmutableObject(resource='L7Policy',
|
|
id=self.l7policy_id)
|
|
if not self.repositories.test_and_set_lb_and_listeners_prov_status(
|
|
session, load_balancer_id,
|
|
constants.PENDING_UPDATE, constants.PENDING_UPDATE,
|
|
listener_ids=[listener_id], l7policy_id=self.l7policy_id):
|
|
LOG.info("L7Rule cannot be created or modified because the "
|
|
"Load Balancer is in an immutable state")
|
|
raise exceptions.ImmutableObject(resource='Load Balancer',
|
|
id=load_balancer_id)
|
|
|
|
def _check_l7policy_max_rules(self, session):
|
|
"""Checks to make sure the L7Policy doesn't have too many rules."""
|
|
count = self.repositories.l7rule.count(
|
|
session, l7policy_id=self.l7policy_id)
|
|
if count >= constants.MAX_L7RULES_PER_L7POLICY:
|
|
raise exceptions.TooManyL7RulesOnL7Policy(id=self.l7policy_id)
|
|
|
|
def _validate_create_l7rule(self, lock_session, l7rule_dict):
|
|
try:
|
|
return self.repositories.l7rule.create(lock_session, **l7rule_dict)
|
|
except odb_exceptions.DBDuplicateEntry:
|
|
raise exceptions.IDAlreadyExists()
|
|
except odb_exceptions.DBError:
|
|
# TODO(blogan): will have to do separate validation protocol
|
|
# before creation or update since the exception messages
|
|
# do not give any information as to what constraint failed
|
|
raise exceptions.InvalidOption(value='', option='')
|
|
|
|
@wsme_pecan.wsexpose(l7rule_types.L7RuleRootResponse,
|
|
body=l7rule_types.L7RuleRootPOST, status_code=201)
|
|
def post(self, rule_):
|
|
"""Creates a l7rule on an l7policy."""
|
|
l7rule = rule_.rule
|
|
context = pecan_request.context.get('octavia_context')
|
|
|
|
db_l7policy = self._get_db_l7policy(context.session, self.l7policy_id,
|
|
show_deleted=False)
|
|
load_balancer_id, listener_id = self._get_listener_and_loadbalancer_id(
|
|
db_l7policy)
|
|
l7rule.project_id, provider = self._get_lb_project_id_provider(
|
|
context.session, load_balancer_id)
|
|
self._auth_validate_action(context, l7rule.project_id,
|
|
constants.RBAC_POST)
|
|
|
|
try:
|
|
validate.l7rule_data(l7rule)
|
|
except Exception as e:
|
|
raise exceptions.L7RuleValidation(error=e)
|
|
|
|
self._check_l7policy_max_rules(context.session)
|
|
|
|
# Load the driver early as it also provides validation
|
|
driver = driver_factory.get_driver(provider)
|
|
|
|
lock_session = db_api.get_session(autocommit=False)
|
|
try:
|
|
if self.repositories.check_quota_met(
|
|
context.session,
|
|
lock_session,
|
|
data_models.L7Rule,
|
|
l7rule.project_id):
|
|
raise exceptions.QuotaException(
|
|
resource=data_models.L7Rule._name())
|
|
|
|
l7rule_dict = db_prepare.create_l7rule(
|
|
l7rule.to_dict(render_unsets=True), self.l7policy_id)
|
|
|
|
self._test_lb_listener_policy_statuses(context.session)
|
|
|
|
db_l7rule = self._validate_create_l7rule(lock_session, l7rule_dict)
|
|
|
|
# Prepare the data for the driver data model
|
|
provider_l7rule = (
|
|
driver_utils.db_l7rule_to_provider_l7rule(db_l7rule))
|
|
|
|
# Dispatch to the driver
|
|
LOG.info("Sending create L7 Rule %s to provider %s",
|
|
db_l7rule.id, driver.name)
|
|
driver_utils.call_provider(
|
|
driver.name, driver.l7rule_create, provider_l7rule)
|
|
|
|
lock_session.commit()
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
lock_session.rollback()
|
|
|
|
db_l7rule = self._get_db_l7rule(context.session, db_l7rule.id)
|
|
result = self._convert_db_to_type(db_l7rule,
|
|
l7rule_types.L7RuleResponse)
|
|
return l7rule_types.L7RuleRootResponse(rule=result)
|
|
|
|
def _graph_create(self, lock_session, rule_dict):
|
|
try:
|
|
validate.l7rule_data(l7rule_types.L7RulePOST(**rule_dict))
|
|
except Exception as e:
|
|
raise exceptions.L7RuleValidation(error=e)
|
|
rule_dict = db_prepare.create_l7rule(rule_dict, self.l7policy_id)
|
|
db_rule = self._validate_create_l7rule(lock_session, rule_dict)
|
|
|
|
return db_rule
|
|
|
|
@wsme_pecan.wsexpose(l7rule_types.L7RuleRootResponse,
|
|
wtypes.text, body=l7rule_types.L7RuleRootPUT,
|
|
status_code=200)
|
|
def put(self, id, l7rule_):
|
|
"""Updates a l7rule."""
|
|
l7rule = l7rule_.rule
|
|
context = pecan_request.context.get('octavia_context')
|
|
db_l7rule = self._get_db_l7rule(context.session, id,
|
|
show_deleted=False)
|
|
db_l7policy = self._get_db_l7policy(context.session, self.l7policy_id,
|
|
show_deleted=False)
|
|
load_balancer_id, listener_id = self._get_listener_and_loadbalancer_id(
|
|
db_l7policy)
|
|
project_id, provider = self._get_lb_project_id_provider(
|
|
context.session, load_balancer_id)
|
|
|
|
self._auth_validate_action(context, project_id, constants.RBAC_PUT)
|
|
|
|
# Handle the invert unset
|
|
if l7rule.invert is None:
|
|
l7rule.invert = False
|
|
|
|
new_l7rule = db_l7rule.to_dict()
|
|
new_l7rule.update(l7rule.to_dict())
|
|
new_l7rule = data_models.L7Rule.from_dict(new_l7rule)
|
|
|
|
try:
|
|
validate.l7rule_data(new_l7rule)
|
|
except Exception as e:
|
|
raise exceptions.L7RuleValidation(error=e)
|
|
|
|
# Load the driver early as it also provides validation
|
|
driver = driver_factory.get_driver(provider)
|
|
|
|
with db_api.get_lock_session() as lock_session:
|
|
|
|
self._test_lb_listener_policy_statuses(lock_session)
|
|
|
|
# Prepare the data for the driver data model
|
|
l7rule_dict = l7rule.to_dict(render_unsets=False)
|
|
l7rule_dict['id'] = id
|
|
provider_l7rule_dict = (
|
|
driver_utils.l7rule_dict_to_provider_dict(l7rule_dict))
|
|
|
|
# Also prepare the baseline object data
|
|
old_provider_l7rule = driver_utils.db_l7rule_to_provider_l7rule(
|
|
db_l7rule)
|
|
|
|
# Dispatch to the driver
|
|
LOG.info("Sending update L7 Rule %s to provider %s", id,
|
|
driver.name)
|
|
driver_utils.call_provider(
|
|
driver.name, driver.l7rule_update,
|
|
old_provider_l7rule,
|
|
driver_dm.L7Rule.from_dict(provider_l7rule_dict))
|
|
|
|
# Update the database to reflect what the driver just accepted
|
|
l7rule.provisioning_status = constants.PENDING_UPDATE
|
|
db_l7rule_dict = l7rule.to_dict(render_unsets=False)
|
|
self.repositories.l7rule.update(lock_session, id, **db_l7rule_dict)
|
|
|
|
# Force SQL alchemy to query the DB, otherwise we get inconsistent
|
|
# results
|
|
context.session.expire_all()
|
|
db_l7rule = self._get_db_l7rule(context.session, id)
|
|
result = self._convert_db_to_type(db_l7rule,
|
|
l7rule_types.L7RuleResponse)
|
|
return l7rule_types.L7RuleRootResponse(rule=result)
|
|
|
|
@wsme_pecan.wsexpose(None, wtypes.text, status_code=204)
|
|
def delete(self, id):
|
|
"""Deletes a l7rule."""
|
|
context = pecan_request.context.get('octavia_context')
|
|
db_l7rule = self._get_db_l7rule(context.session, id,
|
|
show_deleted=False)
|
|
|
|
db_l7policy = self._get_db_l7policy(context.session, self.l7policy_id,
|
|
show_deleted=False)
|
|
load_balancer_id, listener_id = self._get_listener_and_loadbalancer_id(
|
|
db_l7policy)
|
|
project_id, provider = self._get_lb_project_id_provider(
|
|
context.session, load_balancer_id)
|
|
|
|
self._auth_validate_action(context, project_id, constants.RBAC_DELETE)
|
|
|
|
if db_l7rule.provisioning_status == constants.DELETED:
|
|
return
|
|
|
|
# Load the driver early as it also provides validation
|
|
driver = driver_factory.get_driver(provider)
|
|
|
|
with db_api.get_lock_session() as lock_session:
|
|
|
|
self._test_lb_listener_policy_statuses(lock_session)
|
|
|
|
self.repositories.l7rule.update(
|
|
lock_session, db_l7rule.id,
|
|
provisioning_status=constants.PENDING_DELETE)
|
|
|
|
LOG.info("Sending delete L7 Rule %s to provider %s", id,
|
|
driver.name)
|
|
provider_l7rule = (
|
|
driver_utils.db_l7rule_to_provider_l7rule(db_l7rule))
|
|
driver_utils.call_provider(driver.name, driver.l7rule_delete,
|
|
provider_l7rule)
|