from hashlib import sha256
from http import HTTPStatus
from time import time
-from validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema
-from validation import vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema
-from validation import wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema
-from validation import validate_input
-from validation import ValidationError
-from validation import is_valid_uuid # To check that User/Project Names don't look like UUIDs
-from base_topic import BaseTopic, EngineException
+from osm_nbi.validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema, \
+ vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema, \
+ wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema, \
+ validate_input, ValidationError, is_valid_uuid # To check that User/Project Names don't look like UUIDs
+from osm_nbi.base_topic import BaseTopic, EngineException
+from osm_nbi.authconn import AuthconnNotFoundException, AuthconnConflictException
from osm_common.dbbase import deep_update_rfc7396
-from authconn import AuthconnNotFoundException, AuthconnConflictException
-# from authconn_keystone import AuthconnKeystone
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
class CommonVimWimSdn(BaseTopic):
"""Common class for VIM, WIM SDN just to unify methods that are equal to all of them"""
- config_to_encrypt = () # what keys at config must be encrypted because contains passwords
+ config_to_encrypt = {} # what keys at config must be encrypted because contains passwords
password_to_encrypt = "" # key that contains a password
@staticmethod
final_content[self.password_to_encrypt] = self.db.encrypt(edit_content[self.password_to_encrypt],
schema_version=schema_version,
salt=final_content["_id"])
- if edit_content.get("config") and self.config_to_encrypt:
- for p in self.config_to_encrypt:
+ config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+ if edit_content.get("config") and config_to_encrypt_keys:
+
+ for p in config_to_encrypt_keys:
if edit_content["config"].get(p):
final_content["config"][p] = self.db.encrypt(edit_content["config"][p],
schema_version=schema_version,
:return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified
"""
super().format_on_new(content, project_id=project_id, make_public=make_public)
- content["schema_version"] = schema_version = "1.1"
+ content["schema_version"] = schema_version = "1.11"
# encrypt passwords
if content.get(self.password_to_encrypt):
content[self.password_to_encrypt] = self.db.encrypt(content[self.password_to_encrypt],
schema_version=schema_version,
salt=content["_id"])
- if content.get("config") and self.config_to_encrypt:
- for p in self.config_to_encrypt:
+ config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+ if content.get("config") and config_to_encrypt_keys:
+ for p in config_to_encrypt_keys:
if content["config"].get(p):
content["config"][p] = self.db.encrypt(content["config"][p],
schema_version=schema_version,
schema_edit = vim_account_edit_schema
multiproject = True
password_to_encrypt = "vim_password"
- config_to_encrypt = ("admin_password", "nsx_password", "vcenter_password")
+ config_to_encrypt = {"1.1": ("admin_password", "nsx_password", "vcenter_password"),
+ "default": ("admin_password", "nsx_password", "vcenter_password", "vrops_password")}
class WimAccountTopic(CommonVimWimSdn):
schema_edit = wim_account_edit_schema
multiproject = True
password_to_encrypt = "wim_password"
- config_to_encrypt = ()
+ config_to_encrypt = {}
class SdnTopic(CommonVimWimSdn):
schema_edit = sdn_edit_schema
multiproject = True
password_to_encrypt = "password"
- config_to_encrypt = ()
+ config_to_encrypt = {}
class UserTopicAuth(UserTopic):
users = self.auth.get_user_list(filter_q)
if len(users) == 1:
- return self.format_on_show(users[0])
+ return users[0]
elif len(users) > 1:
raise EngineException("Too many users found", HTTPStatus.CONFLICT)
else:
rid = role[0]["_id"]
if "add_project_role_mappings" not in indata:
indata["add_project_role_mappings"] = []
+ if "remove_project_role_mappings" not in indata:
+ indata["remove_project_role_mappings"] = []
+ if isinstance(indata.get("projects"), dict):
+ # backward compatible
+ for k, v in indata["projects"].items():
+ if k.startswith("$") and v is None:
+ indata["remove_project_role_mappings"].append({"project": k[1:]})
+ elif k.startswith("$+"):
+ indata["add_project_role_mappings"].append({"project": v, "role": rid})
+ del indata["projects"]
for proj in indata.get("projects", []) + indata.get("add_projects", []):
indata["add_project_role_mappings"].append({"project": proj, "role": rid})
:param filter_q: filter of data to be applied
:return: The list, it can be empty if no one match the filter.
"""
- users = [self.format_on_show(user) for user in self.auth.get_user_list(filter_q)]
+ users = self.auth.get_user_list(filter_q)
return users
# If any user is using this project, raise CONFLICT exception
if not session["force"]:
for user in self.auth.get_user_list():
- if _id in [proj["_id"] for proj in user.get("projects", [])]:
- raise EngineException("Project '{}' ({}) is being used by user '{}'"
- .format(db_content["name"], _id, user["username"]), HTTPStatus.CONFLICT)
+ for prm in user.get("project_role_mappings"):
+ if prm["project"] == _id:
+ raise EngineException("Project '{}' ({}) is being used by user '{}'"
+ .format(db_content["name"], _id, user["username"]), HTTPStatus.CONFLICT)
# If any VNFD, NSD, NST, PDU, etc. is using this project, raise CONFLICT exception
if not session["force"]:
# If any user is using this role, raise CONFLICT exception
for user in self.auth.get_user_list():
- if _id in [prl["_id"] for proj in user.get("projects", []) for prl in proj.get("roles", [])]:
- raise EngineException("Role '{}' ({}) is being used by user '{}'"
- .format(role["name"], _id, user["username"]), HTTPStatus.CONFLICT)
+ for prm in user.get("project_role_mappings"):
+ if prm["role"] == _id:
+ raise EngineException("Role '{}' ({}) is being used by user '{}'"
+ .format(role["name"], _id, user["username"]), HTTPStatus.CONFLICT)
@staticmethod
def format_on_new(content, project_id=None, make_public=False): # TO BE REMOVED ?