commit 01b21e52237dce4a5a548ef1c28abb4b27cf89c1
author Philip Joseph <philip.joseph@riftio.com> Fri Apr 21 12:23:36 2017 +0530
committer Philip Joseph <philip.joseph@riftio.com> Fri Apr 21 12:47:22 2017 +0530
tree be33fd919d93e1a467699e8e5767e2f4d25ea631
parent e3957068df7581ab132fd0b5ab597f61a3bd1844

Validate mano-roles for user added as part of project create

Change-Id: I99585f3ac7e3cfe9afae014b36af31b3ce7b4778
Signed-off-by: Philip Joseph <philip.joseph@riftio.com>

common/python/rift/mano/utils/project.py

diff --git a/common/python/rift/mano/utils/project.py b/common/python/rift/mano/utils/project.py
index 9d607ff..dced2ab 100644
--- a/common/python/rift/mano/utils/project.py
+++ b/common/python/rift/mano/utils/project.py
@@ -636,7 +636,6 @@
 
     def on_project_added(self, name):
         if name not in self._tasklet.projects:
-            # Restart case, directly calling apply
             try:
                 self._tasklet.projects[name] = \
                                 self._class(name, self._tasklet, **(self._kw))
@@ -655,21 +654,9 @@
     def on_add_prepare(self, name):
         self._log.debug("Project {} to be added to {}".
                         format(name, self._get_tasklet_name()))
-
-        try:
-            self._tasklet.projects[name] = \
-                    self._class(name, self._tasklet, **(self._kw))
-        except Exception as e:
-            self._log.exception("Project {} create for {} failed: {}".
-                                format(name, self._get_tasklet_name(), e))
-            raise e
-
-        try:
-            yield from self._get_project(name).register()
-        except Exception as e:
-            self._log.exception("Project {} register for tasklet {} failed: {}".
-                                format(name, self._get_tasklet_name(), e))
-            raise e
+        if name in self._tasklet.projects:
+            self._log.error("Project {} already exists for {}".
+                            format(name, self._get_tasklet_name()))
 
     @asyncio.coroutine
     def on_delete_prepare(self, name):

rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py

diff --git a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py
index 66f2849..47ad9da 100644
--- a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py
+++ b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py
@@ -189,8 +189,13 @@
                 else:
                     self._log.debug("Project {}: Invoking on_prepare add request".
                                     format(name))
-                    yield from self._callbacks.on_add_prepare(name, msg)
-
+                    rc, err_msg = yield from self._callbacks.on_add_prepare(name, msg)
+                    if rc is False:
+                        xact_info.send_error_xpath(RwTypes.RwStatus.FAILURE,
+                                                   ProjectDtsHandler.XPATH,
+                                                   err_msg)
+                        xact_info.respond_xpath(rwdts.XactRspCode.NACK)
+                        return
 
             elif action == rwdts.QueryAction.DELETE:
                 # Check if the entire project got deleted
@@ -239,6 +244,8 @@
         self._loop = tasklet.loop
         self._class = project_class
 
+        self.mano_roles = [role['mano-role'] for role in MANO_PROJECT_ROLES]
+
         self._log.debug("Creating project config handler")
         self.project_cfg_handler = ProjectDtsHandler(
             self._dts, self._log,
@@ -281,7 +288,6 @@
 
     def on_project_added(self, name, cfg):
         if name not in self._tasklet.projects:
-            # Restart case, directly calling apply
             try:
                 self._tasklet.projects[name] = \
                                 self._class(name, self._tasklet)
@@ -301,21 +307,29 @@
         self._log.debug("Project {} to be added to {}".
                         format(name, self._get_tasklet_name()))
 
-        try:
-            self._tasklet.projects[name] = \
-                    self._class(name, self._tasklet)
-        except Exception as e:
-            self._log.exception("Project {} create for {} failed: {}".
-                                format(name, self._get_tasklet_name(), e))
+        if name in self._tasklet.projects:
+            err_msg = ("Project already exists: {}".
+                       format(name))
+            self._log.error(err_msg)
+            return False, err_msg
 
+        # Validate mano-roles, if present
         try:
-            yield from self._get_project(name).register()
-        except Exception as e:
-            self._log.exception("Project {} register for tasklet {} failed: {}".
-                                format(name, self._get_tasklet_name(), e))
+            cfg = msg.project_config
+            users = cfg.user
+            for user in users:
+                for role in user.mano_role:
+                    if role.role not in self.mano_roles:
+                        err_msg = ("Invalid role {} for user {} in project {}".
+                               format(role.role, user.user_name, name))
+                        self._log.error(err_msg)
+                        return False, err_msg
 
-        self._log.debug("Project {} added to {}".
-                        format(name, self._get_tasklet_name()))
+        except AttributeError as e:
+            # If the user or mano role is not present, ignore
+            self._log.debug("Project {}: {}".format(name, e))
+
+        return True, ""
 
     @asyncio.coroutine
     def on_delete_prepare(self, name):

rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py

diff --git a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py
index 5550bfd..e5c5db1 100644
--- a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py
+++ b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py
@@ -148,7 +148,7 @@
                 if action == rwdts.AppconfAction.INSTALL:
                     curr_cfg = self._reg.elements
                     for cfg in curr_cfg:
-                        self._log.info("Project {} user being re-added after restart: {}.".
+                        self._log.info("Project {} user being restored: {}.".
                                        format(self.project_name, cfg.as_dict()))
                         self.update_user(cfg)
                 else: