import time
import json
import yaml
-import html_out as html
+import osm_nbi.html_out as html
import logging
import logging.handlers
import getopt
import sys
-from authconn import AuthException
-from auth import Authenticator
-from engine import Engine, EngineException
-from subscriptions import SubscriptionThread
-from validation import ValidationError
+from osm_nbi.authconn import AuthException, AuthconnException
+from osm_nbi.auth import Authenticator
+from osm_nbi.engine import Engine, EngineException
+from osm_nbi.subscriptions import SubscriptionThread
+from osm_nbi.validation import ValidationError
from osm_common.dbbase import DbException
from osm_common.fsbase import FsException
from osm_common.msgbase import MsgException
from http import HTTPStatus
from codecs import getreader
from os import environ, path
+from osm_nbi import version as nbi_version, version_date as nbi_version_date
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
-__version__ = "0.1.3"
-version_date = "Jan 2019"
+__version__ = "0.1.3" # file version, not NBI version
+version_date = "Aug 2019"
+
database_version = '1.2'
auth_database_version = '1.0'
nbi_server = None # instance of Server class
subscription_thread = None # instance of SubscriptionThread class
-
"""
North Bound Interface (O: OSM specific; 5,X: SOL005 not implemented yet; O5: SOL005 implemented)
URL: /osm GET POST PUT DELETE PATCH
/<id> O O O
/sdns O O
/<id> O O O
+ /k8sclusters O O
+ /<id> O O O
+ /k8srepos O O
+ /<id> O O
/nst/v1 O O
/netslice_templates_content O O
},
"users": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "users:",
- "<ID>": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "users:id:"
}
},
"projects": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "projects:",
- "<ID>": {"METHODS": ("GET", "DELETE", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "projects:id:"}
},
"roles": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "roles:",
- "<ID>": {"METHODS": ("GET", "POST", "DELETE", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "roles:id:"
}
},
"vims": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "vims:",
- "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "vims:id:"
}
},
"vim_accounts": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "vim_accounts:",
- "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "vim_accounts:id:"
}
},
"wim_accounts": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "wim_accounts:",
- "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "wim_accounts:id:"
}
},
"sdns": {"METHODS": ("GET", "POST"),
"ROLE_PERMISSION": "sdn_controllers:",
- "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"),
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
"ROLE_PERMISSION": "sdn_controllers:id:"
}
},
+ "k8sclusters": {"METHODS": ("GET", "POST"),
+ "ROLE_PERMISSION": "k8sclusters:",
+ "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),
+ "ROLE_PERMISSION": "k8sclusters:id:"
+ }
+ },
+ "k8srepos": {"METHODS": ("GET", "POST"),
+ "ROLE_PERMISSION": "k8srepos:",
+ "<ID>": {"METHODS": ("GET", "DELETE"),
+ "ROLE_PERMISSION": "k8srepos:id:"
+ }
+ },
+
}
},
"pdu": {
def __init__(self):
self.instance += 1
- self.engine = Engine()
self.authenticator = Authenticator(valid_url_methods, valid_query_string)
+ self.engine = Engine(self.authenticator)
def _format_in(self, kwargs):
try:
cherrypy.request.headers.pop("Content-File-MD5", None)
elif "application/yaml" in cherrypy.request.headers["Content-Type"]:
error_text = "Invalid yaml format "
- indata = yaml.load(cherrypy.request.body)
+ indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
cherrypy.request.headers.pop("Content-File-MD5", None)
elif "application/binary" in cherrypy.request.headers["Content-Type"] or \
"application/gzip" in cherrypy.request.headers["Content-Type"] or \
# "Only 'Content-Type' of type 'application/json' or
# 'application/yaml' for input format are available")
error_text = "Invalid yaml format "
- indata = yaml.load(cherrypy.request.body)
+ indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
cherrypy.request.headers.pop("Content-File-MD5", None)
else:
error_text = "Invalid yaml format "
- indata = yaml.load(cherrypy.request.body)
+ indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
cherrypy.request.headers.pop("Content-File-MD5", None)
if not indata:
indata = {}
kwargs[k] = None
elif format_yaml:
try:
- kwargs[k] = yaml.load(v)
+ kwargs[k] = yaml.load(v, Loader=yaml.SafeLoader)
except Exception:
pass
elif k.endswith(".gt") or k.endswith(".lt") or k.endswith(".gte") or k.endswith(".lte"):
v[index] = None
elif format_yaml:
try:
- v[index] = yaml.load(v[index])
+ v[index] = yaml.load(v[index], Loader=yaml.SafeLoader)
except Exception:
pass
return string of dictionary data according to requested json, yaml, xml. By default json
:param data: response to be sent. Can be a dict, text or file
:param token_info: Contains among other username and project
- :param _format: The format to be set as Content-Type ir data is a file
+ :param _format: The format to be set as Content-Type if data is a file
:return: None
"""
accept = cherrypy.request.headers.get("Accept")
try:
if cherrypy.request.method == "GET":
token_info = self.authenticator.authorize()
- outdata = "Index page"
+ outdata = token_info # Home page
else:
raise cherrypy.HTTPError(HTTPStatus.METHOD_NOT_ALLOWED.value,
"Method {} not allowed for tokens".format(cherrypy.request.method))
@cherrypy.expose
def version(self, *args, **kwargs):
# TODO consider to remove and provide version using the static version file
- global __version__, version_date
try:
if cherrypy.request.method != "GET":
raise NbiException("Only method GET is allowed", HTTPStatus.METHOD_NOT_ALLOWED)
elif args or kwargs:
raise NbiException("Invalid URL or query string for version", HTTPStatus.METHOD_NOT_ALLOWED)
- return __version__ + " " + version_date
+ # TODO include version of other modules, pick up from some kafka admin message
+ osm_nbi_version = {"version": nbi_version, "date": nbi_version_date}
+ return self._format_out(osm_nbi_version)
except NbiException as e:
cherrypy.response.status = e.http_code.value
problem_details = {
}
return self._format_out(problem_details, None)
+ @staticmethod
+ def _format_login(token_info):
+ """
+ Changes cherrypy.request.login to include username/project_name;session so that cherrypy access log will
+ log this information
+ :param token_info: Dictionary with token content
+ :return: None
+ """
+ cherrypy.request.login = token_info.get("username", "-")
+ if token_info.get("project_name"):
+ cherrypy.request.login += "/" + token_info["project_name"]
+ if token_info.get("id"):
+ cherrypy.request.login += ";session=" + token_info["id"][0:12]
+
@cherrypy.expose
def token(self, method, token_id=None, kwargs=None):
token_info = None
indata = self._format_in(kwargs)
if not isinstance(indata, dict):
raise NbiException("Expected application/yaml or application/json Content-Type", HTTPStatus.BAD_REQUEST)
- try:
- if method == "GET":
+
+ if method == "GET":
+ token_info = self.authenticator.authorize()
+ # for logging
+ self._format_login(token_info)
+ if token_id:
+ outdata = self.authenticator.get_token(token_info, token_id)
+ else:
+ outdata = self.authenticator.get_token_list(token_info)
+ elif method == "POST":
+ try:
token_info = self.authenticator.authorize()
- if token_id:
- outdata = self.authenticator.get_token(token_info, token_id)
- else:
- outdata = self.authenticator.get_token_list(token_info)
- elif method == "POST":
- try:
- token_info = self.authenticator.authorize()
- except Exception:
- token_info = None
- if kwargs:
- indata.update(kwargs)
- outdata = self.authenticator.new_token(token_info, indata, cherrypy.request.remote)
- token_info = outdata
- cherrypy.session['Authorization'] = outdata["_id"]
- self._set_location_header("admin", "v1", "tokens", outdata["_id"])
- # cherrypy.response.cookie["Authorization"] = outdata["id"]
- # cherrypy.response.cookie["Authorization"]['expires'] = 3600
- elif method == "DELETE":
- if not token_id and "id" in kwargs:
- token_id = kwargs["id"]
- elif not token_id:
- token_info = self.authenticator.authorize()
- token_id = token_info["_id"]
- outdata = self.authenticator.del_token(token_id)
+ except Exception:
token_info = None
- cherrypy.session['Authorization'] = "logout"
- # cherrypy.response.cookie["Authorization"] = token_id
- # cherrypy.response.cookie["Authorization"]['expires'] = 0
- else:
- raise NbiException("Method {} not allowed for token".format(method), HTTPStatus.METHOD_NOT_ALLOWED)
- return self._format_out(outdata, token_info)
- except (NbiException, EngineException, DbException, AuthException) as e:
- cherrypy.log("tokens Exception {}".format(e))
- cherrypy.response.status = e.http_code.value
- problem_details = {
- "code": e.http_code.name,
- "status": e.http_code.value,
- "detail": str(e),
- }
- return self._format_out(problem_details, token_info)
+ if kwargs:
+ indata.update(kwargs)
+ # This is needed to log the user when authentication fails
+ cherrypy.request.login = "{}".format(indata.get("username", "-"))
+ outdata = token_info = self.authenticator.new_token(token_info, indata, cherrypy.request.remote)
+ cherrypy.session['Authorization'] = outdata["_id"]
+ self._set_location_header("admin", "v1", "tokens", outdata["_id"])
+ # for logging
+ self._format_login(token_info)
+
+ # cherrypy.response.cookie["Authorization"] = outdata["id"]
+ # cherrypy.response.cookie["Authorization"]['expires'] = 3600
+ elif method == "DELETE":
+ if not token_id and "id" in kwargs:
+ token_id = kwargs["id"]
+ elif not token_id:
+ token_info = self.authenticator.authorize()
+ # for logging
+ self._format_login(token_info)
+ token_id = token_info["_id"]
+ outdata = self.authenticator.del_token(token_id)
+ token_info = None
+ cherrypy.session['Authorization'] = "logout"
+ # cherrypy.response.cookie["Authorization"] = token_id
+ # cherrypy.response.cookie["Authorization"]['expires'] = 0
+ else:
+ raise NbiException("Method {} not allowed for token".format(method), HTTPStatus.METHOD_NOT_ALLOWED)
+ return self._format_out(outdata, token_info)
@cherrypy.expose
def test(self, *args, **kwargs):
+ if not cherrypy.config.get("server.enable_test") or (isinstance(cherrypy.config["server.enable_test"], str) and
+ cherrypy.config["server.enable_test"].lower() == "false"):
+ cherrypy.response.status = HTTPStatus.METHOD_NOT_ALLOWED.value
+ return "test URL is disabled"
thread_info = None
if args and args[0] == "help":
return "<html><pre>\ninit\nfile/<name> download file\ndb-clear/table\nfs-clear[/folder]\nlogin\nlogin2\n"\
return_text = "<html><pre>{} ->\n".format(main_topic)
try:
if cherrypy.request.method == 'POST':
- to_send = yaml.load(cherrypy.request.body)
+ to_send = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
for k, v in to_send.items():
self.engine.msg.write(main_topic, k, v)
return_text += " {}: {}\n".format(k, v)
elif cherrypy.request.method == 'GET':
for k, v in kwargs.items():
- self.engine.msg.write(main_topic, k, yaml.load(v))
- return_text += " {}: {}\n".format(k, yaml.load(v))
+ self.engine.msg.write(main_topic, k, yaml.load(v), Loader=yaml.SafeLoader)
+ return_text += " {}: {}\n".format(k, yaml.load(v), Loader=yaml.SafeLoader)
except Exception as e:
return_text += "Error: " + str(e)
return_text += "</pre></html>\n"
method: show, list, delete, write
"""
admin_query = {"force": False, "project_id": (token_info["project_id"], ), "username": token_info["username"],
- "admin": token_info["admin"], "public": None}
+ "admin": token_info["admin"], "public": None,
+ "allow_show_user_project_role": token_info["allow_show_user_project_role"]}
if kwargs:
# FORCE
if "FORCE" in kwargs:
query_string_operations = self._extract_query_string_operations(kwargs, method)
if main_topic == "admin" and topic == "tokens":
return self.token(method, _id, kwargs)
-
- # self.engine.load_dbase(cherrypy.request.app.config)
-
- token_info = self.authenticator.authorize(role_permission, query_string_operations)
+ token_info = self.authenticator.authorize(role_permission, query_string_operations, _id)
engine_session = self._manage_admin_query(token_info, kwargs, method, _id)
indata = self._format_in(kwargs)
engine_topic = topic
if not delete_in_process:
self.engine.del_item(engine_session, engine_topic, _id)
cherrypy.response.status = HTTPStatus.NO_CONTENT.value
- if engine_topic in ("vim_accounts", "wim_accounts", "sdns"):
+ if engine_topic in ("vim_accounts", "wim_accounts", "sdns", "k8sclusters", "k8srepos"):
cherrypy.response.status = HTTPStatus.ACCEPTED.value
elif method in ("PUT", "PATCH"):
# if Role information changes, it is needed to reload the information of roles
if topic == "roles" and method != "GET":
self.authenticator.load_operation_to_allowed_roles()
+
+ if topic == "projects" and method == "DELETE" \
+ or topic in ["users", "roles"] and method in ["PUT", "PATCH", "DELETE"]:
+ self.authenticator.remove_token_from_cache()
+
return self._format_out(outdata, token_info, _format)
except Exception as e:
if isinstance(e, (NbiException, EngineException, DbException, FsException, MsgException, AuthException,
- ValidationError)):
+ ValidationError, AuthconnException)):
http_code_value = cherrypy.response.status = e.http_code.value
http_code_name = e.http_code.name
cherrypy.log("Exception {}".format(e))
}
return self._format_out(problem_details, token_info)
# raise cherrypy.HTTPError(e.http_code.value, str(e))
+ finally:
+ if token_info:
+ self._format_login(token_info)
+ if method in ("PUT", "PATCH", "POST") and isinstance(outdata, dict):
+ for logging_id in ("id", "op_id", "nsilcmop_id", "nslcmop_id"):
+ if outdata.get(logging_id):
+ cherrypy.request.login += ";{}={}".format(logging_id, outdata[logging_id][:36])
def _start_service():
subscription_thread.start()
# Do not capture except SubscriptionException
- # load and print version. Ignore possible errors, e.g. file not found
- try:
- with open("{}/version".format(engine_config["/static"]['tools.staticdir.dir'])) as version_file:
- version_data = version_file.read()
- cherrypy.log.error("Starting OSM NBI Version: {}".format(version_data.replace("\n", " ")))
- except Exception:
- pass
+ backend = engine_config["authentication"]["backend"]
+ cherrypy.log.error("Starting OSM NBI Version '{} {}' with '{}' authentication backend"
+ .format(nbi_version, nbi_version_date, backend))
def _stop_service():