192 lines
6.6 KiB
Python
192 lines
6.6 KiB
Python
# Copyright 2015 LIP - INDIGO-DataCloud
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from ooi.api import base
|
|
from ooi.api import helpers
|
|
from ooi.api import helpers_neutron
|
|
from ooi import exception
|
|
from ooi.occi.core import collection
|
|
from ooi.occi.infrastructure import securitygroup
|
|
from ooi.occi import validator as occi_validator
|
|
|
|
|
|
def parse_validate_schema(req, scheme=None,
|
|
required_attr=None):
|
|
"""Parse attributes and validate scheme
|
|
|
|
|
|
Returns attributes from request
|
|
If scheme is specified, it validates the OCCI scheme:
|
|
-Raises exception in case of being invalid
|
|
|
|
:param req: request
|
|
:param: scheme: scheme to validate
|
|
:param: required_attr: attributes required
|
|
"""
|
|
parser = req.get_parser()(req.headers, req.body.decode("utf8"))
|
|
if scheme:
|
|
attributes = parser.parse()
|
|
validator = occi_validator.Validator(attributes)
|
|
validator.validate(scheme)
|
|
validator.validate_attributes(required_attr)
|
|
else:
|
|
attributes = parser.parse_attributes(req.headers)
|
|
return attributes
|
|
|
|
|
|
def process_parameters(req, scheme=None,
|
|
required_attr=None):
|
|
"""Get attributes from request parameters
|
|
|
|
:param req: request
|
|
:param scheme: scheme to validate
|
|
:param required_attr: attributes required
|
|
"""
|
|
parameters = parse_validate_schema(req, scheme, required_attr)
|
|
try:
|
|
attributes = {}
|
|
if 'X_PROJECT_ID' in req.headers:
|
|
attributes["X_PROJECT_ID"] = req.headers["X_PROJECT_ID"]
|
|
if "attributes" in parameters:
|
|
for k, v in parameters.get("attributes", None).items():
|
|
attributes[k.strip()] = v
|
|
if not attributes:
|
|
attributes = None
|
|
except Exception:
|
|
raise exception.Invalid
|
|
return attributes
|
|
|
|
|
|
class Controller(base.Controller):
|
|
def __init__(self, app=None, openstack_version=None,
|
|
neutron_ooi_endpoint=None):
|
|
"""Security group controller initialization
|
|
|
|
:param app: application
|
|
:param: openstack_version: nova version
|
|
:param: neutron_ooi_endpoint: This parameter
|
|
indicates the Neutron endpoint to load the Neutron Helper.
|
|
If it is None, Nova api is used.
|
|
"""
|
|
|
|
super(Controller, self).__init__(
|
|
app=app,
|
|
openstack_version=openstack_version)
|
|
if neutron_ooi_endpoint:
|
|
self.os_helper = helpers_neutron.OpenStackNeutron(
|
|
neutron_ooi_endpoint
|
|
)
|
|
else:
|
|
self.os_helper = helpers.OpenStackHelper(
|
|
self.app,
|
|
self.openstack_version
|
|
)
|
|
|
|
@staticmethod
|
|
def _get_security_group_resources(securitygroup_list):
|
|
"""Create OCCI security group instances from list
|
|
|
|
:param securitygroup_list: security group objects
|
|
provides by the cloud infrastructure
|
|
:return occi security group list
|
|
"""
|
|
occi_securitygroup_resources = []
|
|
if securitygroup_list:
|
|
for s in securitygroup_list:
|
|
s_rules = s['rules']
|
|
s_id = s["id"]
|
|
s_name = s["title"]
|
|
s_summary = s["summary"]
|
|
s = securitygroup.SecurityGroupResource(title=s_name,
|
|
id=s_id,
|
|
rules=s_rules,
|
|
summary=s_summary)
|
|
occi_securitygroup_resources.append(s)
|
|
return occi_securitygroup_resources
|
|
|
|
def index(self, req):
|
|
"""List security groups
|
|
|
|
:param req: request object
|
|
"""
|
|
occi_sc = self.os_helper.list_security_groups(req)
|
|
occi_sc_resources = self._get_security_group_resources(
|
|
occi_sc)
|
|
|
|
return collection.Collection(
|
|
resources=occi_sc_resources)
|
|
|
|
def show(self, req, id):
|
|
"""Get security group details
|
|
|
|
:param req: request object
|
|
:param id: security group identification
|
|
"""
|
|
resp = self.os_helper.get_security_group_details(req, id)
|
|
occi_sc_resources = self._get_security_group_resources(
|
|
[resp])
|
|
return occi_sc_resources[0]
|
|
|
|
def create(self, req, body=None):
|
|
"""Create a network instance in the cloud
|
|
|
|
:param req: request object
|
|
:param body: body request (not used)
|
|
"""
|
|
scheme = {
|
|
"category": securitygroup.SecurityGroupResource.kind,
|
|
}
|
|
required = ["occi.core.title",
|
|
"occi.securitygroup.rules"
|
|
]
|
|
attributes = process_parameters(req, scheme, required)
|
|
name = attributes.get('occi.core.title')
|
|
description = attributes.get("occi.core.summary", "")
|
|
try:
|
|
rules = attributes.get('occi.securitygroup.rules')
|
|
except Exception:
|
|
raise exception.Invalid(
|
|
"Bad JSON format for occi.securitygroup.rules: %s"
|
|
% attributes.get(
|
|
'occi.securitygroup.rules'))
|
|
sec = self.os_helper.create_security_group(
|
|
req, name, description, rules
|
|
)
|
|
occi_sec_resources = self._get_security_group_resources([sec])
|
|
return collection.Collection(
|
|
resources=occi_sec_resources)
|
|
|
|
def delete(self, req, id):
|
|
"""delete security groups which satisfy the parameters
|
|
|
|
:param req: current request
|
|
:param id: identification
|
|
"""
|
|
response = self.os_helper.delete_security_group(req, id)
|
|
return response
|
|
|
|
def run_action(self, req, id, body):
|
|
"""Run action over the security group
|
|
|
|
:param req: current request
|
|
:param id: security group
|
|
:param body: body
|
|
"""
|
|
action = req.GET.get("action", None)
|
|
occi_actions = [a.term for a in
|
|
securitygroup.SecurityGroupResource.actions]
|
|
|
|
if action is None or action not in occi_actions:
|
|
raise exception.InvalidAction(action=action)
|
|
raise exception.NotImplemented("Security group actions are not implemented") |