+ def __init__(self, db, fs, msg, auth):
+ ProjectTopic.__init__(self, db, fs, msg)
+ self.auth = auth
+
+ def check_conflict_on_new(self, session, indata):
+ """
+ Check that the data to be inserted is valid
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param indata: data to be inserted
+ :return: None or raises EngineException
+ """
+ project_name = indata.get("name")
+ if is_valid_uuid(project_name):
+ raise EngineException("project name '{}' cannot have an uuid format".format(project_name),
+ HTTPStatus.UNPROCESSABLE_ENTITY)
+
+ project_list = self.auth.get_project_list(filter_q={"name": project_name})
+
+ if project_list:
+ raise EngineException("project '{}' exists".format(project_name), HTTPStatus.CONFLICT)
+
+ def check_conflict_on_edit(self, session, final_content, edit_content, _id):
+ """
+ Check that the data to be edited/uploaded is valid
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param final_content: data once modified
+ :param edit_content: incremental data that contains the modifications to apply
+ :param _id: internal _id
+ :return: None or raises EngineException
+ """
+
+ project_name = edit_content.get("name")
+ if project_name != final_content["name"]: # It is a true renaming
+ if is_valid_uuid(project_name):
+ raise EngineException("project name '{}' cannot have an uuid format".format(project_name),
+ HTTPStatus.UNPROCESSABLE_ENTITY)
+
+ if final_content["name"] == "admin":
+ raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT)
+
+ # Check that project name is not used, regardless keystone already checks this
+ if self.auth.get_project_list(filter_q={"name": project_name}):
+ raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT)
+
+ def check_conflict_on_del(self, session, _id, db_content):
+ """
+ Check if deletion can be done because of dependencies if it is not force. To override
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param _id: internal _id
+ :param db_content: The database content of this item _id
+ :return: None if ok or raises EngineException with the conflict
+ """
+
+ def check_rw_projects(topic, title, id_field):
+ for desc in self.db.get_list(topic):
+ if _id in desc["_admin"]["projects_read"] + desc["_admin"]["projects_write"]:
+ raise EngineException("Project '{}' ({}) is being used by {} '{}'"
+ .format(db_content["name"], _id, title, desc[id_field]), HTTPStatus.CONFLICT)
+
+ if _id in session["project_id"]:
+ raise EngineException("You cannot delete your own project", http_code=HTTPStatus.CONFLICT)
+
+ if db_content["name"] == "admin":
+ raise EngineException("You cannot delete project 'admin'", http_code=HTTPStatus.CONFLICT)
+
+ # If any user is using this project, raise CONFLICT exception
+ if not session["force"]:
+ for user in self.auth.get_user_list():
+ for prm in user.get("project_role_mappings"):
+ if prm["project"] == _id:
+ raise EngineException("Project '{}' ({}) is being used by user '{}'"
+ .format(db_content["name"], _id, user["username"]), HTTPStatus.CONFLICT)
+
+ # If any VNFD, NSD, NST, PDU, etc. is using this project, raise CONFLICT exception
+ if not session["force"]:
+ check_rw_projects("vnfds", "VNF Descriptor", "id")
+ check_rw_projects("nsds", "NS Descriptor", "id")
+ check_rw_projects("nsts", "NS Template", "id")
+ check_rw_projects("pdus", "PDU Descriptor", "name")
+
+ def new(self, rollback, session, indata=None, kwargs=None, headers=None):
+ """
+ Creates a new entry into the authentication backend.
+
+ NOTE: Overrides BaseTopic functionality because it doesn't require access to database.
+
+ :param rollback: list to append created items at database in case a rollback may to be done
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param indata: data to be inserted
+ :param kwargs: used to override the indata descriptor
+ :param headers: http request headers
+ :return: _id: identity of the inserted data, operation _id (None)
+ """
+ try:
+ content = BaseTopic._remove_envelop(indata)
+
+ # Override descriptor with query string kwargs
+ BaseTopic._update_input_with_kwargs(content, kwargs)
+ content = self._validate_input_new(content, session["force"])
+ self.check_conflict_on_new(session, content)
+ self.format_on_new(content, project_id=session["project_id"], make_public=session["public"])
+ _id = self.auth.create_project(content)
+ rollback.append({"topic": self.topic, "_id": _id})
+ # self._send_msg("create", content)
+ return _id, None
+ except ValidationError as e:
+ raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
+
+ def show(self, session, _id):
+ """
+ Get complete information on an topic
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param _id: server internal id
+ :return: dictionary, raise exception if not found.
+ """
+ # Allow _id to be a name or uuid
+ filter_q = {self.id_field(self.topic, _id): _id}
+ projects = self.auth.get_project_list(filter_q=filter_q)
+
+ if len(projects) == 1:
+ return projects[0]
+ elif len(projects) > 1:
+ raise EngineException("Too many projects found", HTTPStatus.CONFLICT)
+ else:
+ raise EngineException("Project not found", HTTPStatus.NOT_FOUND)
+
+ def list(self, session, filter_q=None):
+ """
+ Get a list of the topic that matches a filter
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param filter_q: filter of data to be applied
+ :return: The list, it can be empty if no one match the filter.
+ """
+ return self.auth.get_project_list(filter_q)
+
+ def delete(self, session, _id, dry_run=False):
+ """
+ Delete item by its internal _id
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param _id: server internal id
+ :param dry_run: make checking but do not delete
+ :return: dictionary with deleted item _id. It raises EngineException on error: not found, conflict, ...
+ """
+ # Allow _id to be a name or uuid
+ proj = self.auth.get_project(_id)
+ pid = proj["_id"]
+ self.check_conflict_on_del(session, pid, proj)
+ if not dry_run:
+ v = self.auth.delete_project(pid)
+ return v
+ return None
+
+ def edit(self, session, _id, indata=None, kwargs=None, content=None):
+ """
+ Updates a project entry.
+
+ :param session: contains "username", "admin", "force", "public", "project_id", "set_project"
+ :param _id:
+ :param indata: data to be inserted
+ :param kwargs: used to override the indata descriptor
+ :param content:
+ :return: _id: identity of the inserted data.
+ """
+ indata = self._remove_envelop(indata)
+
+ # Override descriptor with query string kwargs
+ if kwargs:
+ BaseTopic._update_input_with_kwargs(indata, kwargs)
+ try:
+ indata = self._validate_input_edit(indata, force=session["force"])
+
+ if not content:
+ content = self.show(session, _id)
+ self.check_conflict_on_edit(session, content, indata, _id=_id)
+ self.format_on_edit(content, indata)
+
+ if "name" in indata:
+ content["name"] = indata["name"]
+ self.auth.update_project(content["_id"], content)
+ except ValidationError as e:
+ raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
+
+
+class RoleTopicAuth(BaseTopic):
+ topic = "roles"
+ topic_msg = None # "roles"
+ schema_new = roles_new_schema
+ schema_edit = roles_edit_schema
+ multiproject = False
+
+ def __init__(self, db, fs, msg, auth, ops):