# -*- coding: utf-8 -*-
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
import logging
+import yaml
from osm_common import dbmongo, dbmemory, fslocal, msglocal, msgkafka, version as common_version
from osm_common.dbbase import DbException
from osm_common.fsbase import FsException
from osm_common.msgbase import MsgException
from http import HTTPStatus
+
+from authconn_keystone import AuthconnKeystone
from base_topic import EngineException, versiontuple
-from admin_topics import UserTopic, ProjectTopic, VimAccountTopic, SdnTopic
+from admin_topics import UserTopic, ProjectTopic, VimAccountTopic, WimAccountTopic, SdnTopic
+from admin_topics import UserTopicAuth, ProjectTopicAuth, RoleTopicAuth
from descriptor_topics import VnfdTopic, NsdTopic, PduTopic, NstTopic
-from instance_topics import NsrTopic, VnfrTopic, NsLcmOpTopic, NsiTopic
+from instance_topics import NsrTopic, VnfrTopic, NsLcmOpTopic, NsiTopic, NsiLcmOpTopic
from base64 import b64encode
-from os import urandom
+from os import urandom, path
+from threading import Lock
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
-min_common_version = "0.1.8"
+min_common_version = "0.1.16"
class Engine(object):
"vnfrs": VnfrTopic,
"nslcmops": NsLcmOpTopic,
"vim_accounts": VimAccountTopic,
+ "wim_accounts": WimAccountTopic,
"sdns": SdnTopic,
"users": UserTopic,
"projects": ProjectTopic,
"nsis": NsiTopic,
+ "nsilcmops": NsiLcmOpTopic
# [NEW_TOPIC]: add an entry here
}
self.db = None
self.fs = None
self.msg = None
+ self.auth = None
self.config = None
+ self.operations = None
self.logger = logging.getLogger("nbi.engine")
self.map_topic = {}
+ self.write_lock = None
def start(self, config):
"""
self.msg.connect(config["message"])
else:
raise EngineException("Invalid configuration param '{}' at '[message]':'driver'".format(
- config["storage"]["driver"]))
+ config["message"]["driver"]))
+ if not self.auth:
+ if config["authentication"]["backend"] == "keystone":
+ self.auth = AuthconnKeystone(config["authentication"])
+ if not self.operations:
+ if "resources_to_operations" in config["rbac"]:
+ resources_to_operations_file = config["rbac"]["resources_to_operations"]
+ else:
+ possible_paths = (
+ __file__[:__file__.rfind("engine.py")] + "resources_to_operations.yml",
+ "./resources_to_operations.yml"
+ )
+ for config_file in possible_paths:
+ if path.isfile(config_file):
+ resources_to_operations_file = config_file
+ break
+ if not resources_to_operations_file:
+ raise EngineException("Invalid permission configuration: resources_to_operations file missing")
+
+ with open(resources_to_operations_file, 'r') as f:
+ resources_to_operations = yaml.load(f)
+
+ self.operations = []
+ for _, value in resources_to_operations["resources_to_operations"].items():
+ if value not in self.operations:
+ self.operations += value
+
+ if config["authentication"]["backend"] == "keystone":
+ self.map_from_topic_to_class["users"] = UserTopicAuth
+ self.map_from_topic_to_class["projects"] = ProjectTopicAuth
+ self.map_from_topic_to_class["roles"] = RoleTopicAuth
+
+ self.write_lock = Lock()
# create one class per topic
for topic, topic_class in self.map_from_topic_to_class.items():
- self.map_topic[topic] = topic_class(self.db, self.fs, self.msg)
+ if self.auth and topic_class in (UserTopicAuth, ProjectTopicAuth):
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg, self.auth)
+ elif self.auth and topic_class == RoleTopicAuth:
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg, self.auth,
+ self.operations)
+ else:
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg)
except (DbException, FsException, MsgException) as e:
raise EngineException(str(e), http_code=e.http_code)
self.db.db_disconnect()
if self.fs:
self.fs.fs_disconnect()
- if self.fs:
- self.fs.fs_disconnect()
+ if self.msg:
+ self.msg.disconnect()
+ self.write_lock = None
except (DbException, FsException, MsgException) as e:
raise EngineException(str(e), http_code=e.http_code)
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].new(rollback, session, indata, kwargs, headers, force)
+ with self.write_lock:
+ return self.map_topic[topic].new(rollback, session, indata, kwargs, headers, force)
def upload_content(self, session, topic, _id, indata, kwargs, headers, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].upload_content(session, _id, indata, kwargs, headers, force)
+ with self.write_lock:
+ return self.map_topic[topic].upload_content(session, _id, indata, kwargs, headers, force)
def get_item_list(self, session, topic, filter_q=None):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].delete_list(session, _filter)
+ with self.write_lock:
+ return self.map_topic[topic].delete_list(session, _filter)
def del_item(self, session, topic, _id, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].delete(session, _id, force)
+ with self.write_lock:
+ return self.map_topic[topic].delete(session, _id, force)
def edit_item(self, session, topic, _id, indata=None, kwargs=None, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].edit(session, _id, indata, kwargs, force)
-
- def prune(self):
- """
- Prune database not needed content
- :return: None
- """
- return self.db.del_list("nsrs", {"_admin.to_delete": True})
+ with self.write_lock:
+ return self.map_topic[topic].edit(session, _id, indata, kwargs, force)
def create_admin(self):
"""
}
self.db.create("admin", version_data)
self.db.set_secret_key(serial)
+ return
# TODO add future migrations here
raise EngineException("Wrong database version '{}'. Expected '{}'"