From 01b21e52237dce4a5a548ef1c28abb4b27cf89c1 Mon Sep 17 00:00:00 2001 From: Philip Joseph Date: Fri, 21 Apr 2017 12:23:36 +0530 Subject: [PATCH] Validate mano-roles for user added as part of project create Change-Id: I99585f3ac7e3cfe9afae014b36af31b3ce7b4778 Signed-off-by: Philip Joseph --- common/python/rift/mano/utils/project.py | 19 ++------ .../tasklets/rwprojectmano/projectmano.py | 46 ++++++++++++------- .../rift/tasklets/rwprojectmano/rolesmano.py | 2 +- 3 files changed, 34 insertions(+), 33 deletions(-) diff --git a/common/python/rift/mano/utils/project.py b/common/python/rift/mano/utils/project.py index 9d607ffe..dced2ab1 100644 --- a/common/python/rift/mano/utils/project.py +++ b/common/python/rift/mano/utils/project.py @@ -636,7 +636,6 @@ class ProjectHandler(object): def on_project_added(self, name): if name not in self._tasklet.projects: - # Restart case, directly calling apply try: self._tasklet.projects[name] = \ self._class(name, self._tasklet, **(self._kw)) @@ -655,21 +654,9 @@ class ProjectHandler(object): def on_add_prepare(self, name): self._log.debug("Project {} to be added to {}". format(name, self._get_tasklet_name())) - - try: - self._tasklet.projects[name] = \ - self._class(name, self._tasklet, **(self._kw)) - except Exception as e: - self._log.exception("Project {} create for {} failed: {}". - format(name, self._get_tasklet_name(), e)) - raise e - - try: - yield from self._get_project(name).register() - except Exception as e: - self._log.exception("Project {} register for tasklet {} failed: {}". - format(name, self._get_tasklet_name(), e)) - raise e + if name in self._tasklet.projects: + self._log.error("Project {} already exists for {}". + format(name, self._get_tasklet_name())) @asyncio.coroutine def on_delete_prepare(self, name): diff --git a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py index 66f28496..47ad9da3 100644 --- a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py +++ b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/projectmano.py @@ -189,8 +189,13 @@ class ProjectDtsHandler(object): else: self._log.debug("Project {}: Invoking on_prepare add request". format(name)) - yield from self._callbacks.on_add_prepare(name, msg) - + rc, err_msg = yield from self._callbacks.on_add_prepare(name, msg) + if rc is False: + xact_info.send_error_xpath(RwTypes.RwStatus.FAILURE, + ProjectDtsHandler.XPATH, + err_msg) + xact_info.respond_xpath(rwdts.XactRspCode.NACK) + return elif action == rwdts.QueryAction.DELETE: # Check if the entire project got deleted @@ -239,6 +244,8 @@ class ProjectHandler(object): self._loop = tasklet.loop self._class = project_class + self.mano_roles = [role['mano-role'] for role in MANO_PROJECT_ROLES] + self._log.debug("Creating project config handler") self.project_cfg_handler = ProjectDtsHandler( self._dts, self._log, @@ -281,7 +288,6 @@ class ProjectHandler(object): def on_project_added(self, name, cfg): if name not in self._tasklet.projects: - # Restart case, directly calling apply try: self._tasklet.projects[name] = \ self._class(name, self._tasklet) @@ -301,21 +307,29 @@ class ProjectHandler(object): self._log.debug("Project {} to be added to {}". format(name, self._get_tasklet_name())) - try: - self._tasklet.projects[name] = \ - self._class(name, self._tasklet) - except Exception as e: - self._log.exception("Project {} create for {} failed: {}". - format(name, self._get_tasklet_name(), e)) + if name in self._tasklet.projects: + err_msg = ("Project already exists: {}". + format(name)) + self._log.error(err_msg) + return False, err_msg + # Validate mano-roles, if present try: - yield from self._get_project(name).register() - except Exception as e: - self._log.exception("Project {} register for tasklet {} failed: {}". - format(name, self._get_tasklet_name(), e)) - - self._log.debug("Project {} added to {}". - format(name, self._get_tasklet_name())) + cfg = msg.project_config + users = cfg.user + for user in users: + for role in user.mano_role: + if role.role not in self.mano_roles: + err_msg = ("Invalid role {} for user {} in project {}". + format(role.role, user.user_name, name)) + self._log.error(err_msg) + return False, err_msg + + except AttributeError as e: + # If the user or mano role is not present, ignore + self._log.debug("Project {}: {}".format(name, e)) + + return True, "" @asyncio.coroutine def on_delete_prepare(self, name): diff --git a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py index 5550bfda..e5c5db11 100644 --- a/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py +++ b/rwprojectmano/plugins/rwprojectmano/rift/tasklets/rwprojectmano/rolesmano.py @@ -148,7 +148,7 @@ class ProjectConfigSubscriber(object): if action == rwdts.AppconfAction.INSTALL: curr_cfg = self._reg.elements for cfg in curr_cfg: - self._log.info("Project {} user being re-added after restart: {}.". + self._log.info("Project {} user being restored: {}.". format(self.project_name, cfg.as_dict())) self.update_user(cfg) else: -- 2.25.1