projects
/
osm
/
NBI.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bug when migrating from old user format containing project instead project_role_mappings
[osm/NBI.git]
/
osm_nbi
/
admin_topics.py
diff --git
a/osm_nbi/admin_topics.py
b/osm_nbi/admin_topics.py
index
e21120e
..
c198733
100644
(file)
--- a/
osm_nbi/admin_topics.py
+++ b/
osm_nbi/admin_topics.py
@@
-36,8
+36,8
@@
class UserTopic(BaseTopic):
schema_edit = user_edit_schema
multiproject = False
schema_edit = user_edit_schema
multiproject = False
- def __init__(self, db, fs, msg):
- BaseTopic.__init__(self, db, fs, msg)
+ def __init__(self, db, fs, msg
, auth
):
+ BaseTopic.__init__(self, db, fs, msg
, auth
)
@staticmethod
def _get_project_filter(session):
@staticmethod
def _get_project_filter(session):
@@
-130,8
+130,8
@@
class ProjectTopic(BaseTopic):
schema_edit = project_edit_schema
multiproject = False
schema_edit = project_edit_schema
multiproject = False
- def __init__(self, db, fs, msg):
- BaseTopic.__init__(self, db, fs, msg)
+ def __init__(self, db, fs, msg
, auth
):
+ BaseTopic.__init__(self, db, fs, msg
, auth
)
@staticmethod
def _get_project_filter(session):
@staticmethod
def _get_project_filter(session):
@@
-198,7
+198,7
@@
class ProjectTopic(BaseTopic):
class CommonVimWimSdn(BaseTopic):
"""Common class for VIM, WIM SDN just to unify methods that are equal to all of them"""
class CommonVimWimSdn(BaseTopic):
"""Common class for VIM, WIM SDN just to unify methods that are equal to all of them"""
- config_to_encrypt =
()
# what keys at config must be encrypted because contains passwords
+ config_to_encrypt =
{}
# what keys at config must be encrypted because contains passwords
password_to_encrypt = "" # key that contains a password
@staticmethod
password_to_encrypt = "" # key that contains a password
@staticmethod
@@
-255,8
+255,10
@@
class CommonVimWimSdn(BaseTopic):
final_content[self.password_to_encrypt] = self.db.encrypt(edit_content[self.password_to_encrypt],
schema_version=schema_version,
salt=final_content["_id"])
final_content[self.password_to_encrypt] = self.db.encrypt(edit_content[self.password_to_encrypt],
schema_version=schema_version,
salt=final_content["_id"])
- if edit_content.get("config") and self.config_to_encrypt:
- for p in self.config_to_encrypt:
+ config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+ if edit_content.get("config") and config_to_encrypt_keys:
+
+ for p in config_to_encrypt_keys:
if edit_content["config"].get(p):
final_content["config"][p] = self.db.encrypt(edit_content["config"][p],
schema_version=schema_version,
if edit_content["config"].get(p):
final_content["config"][p] = self.db.encrypt(edit_content["config"][p],
schema_version=schema_version,
@@
-275,15
+277,16
@@
class CommonVimWimSdn(BaseTopic):
:return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified
"""
super().format_on_new(content, project_id=project_id, make_public=make_public)
:return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified
"""
super().format_on_new(content, project_id=project_id, make_public=make_public)
- content["schema_version"] = schema_version = "1.1"
+ content["schema_version"] = schema_version = "1.1
1
"
# encrypt passwords
if content.get(self.password_to_encrypt):
content[self.password_to_encrypt] = self.db.encrypt(content[self.password_to_encrypt],
schema_version=schema_version,
salt=content["_id"])
# encrypt passwords
if content.get(self.password_to_encrypt):
content[self.password_to_encrypt] = self.db.encrypt(content[self.password_to_encrypt],
schema_version=schema_version,
salt=content["_id"])
- if content.get("config") and self.config_to_encrypt:
- for p in self.config_to_encrypt:
+ config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+ if content.get("config") and config_to_encrypt_keys:
+ for p in config_to_encrypt_keys:
if content["config"].get(p):
content["config"][p] = self.db.encrypt(content["config"][p],
schema_version=schema_version,
if content["config"].get(p):
content["config"][p] = self.db.encrypt(content["config"][p],
schema_version=schema_version,
@@
-360,7
+363,8
@@
class VimAccountTopic(CommonVimWimSdn):
schema_edit = vim_account_edit_schema
multiproject = True
password_to_encrypt = "vim_password"
schema_edit = vim_account_edit_schema
multiproject = True
password_to_encrypt = "vim_password"
- config_to_encrypt = ("admin_password", "nsx_password", "vcenter_password")
+ config_to_encrypt = {"1.1": ("admin_password", "nsx_password", "vcenter_password"),
+ "default": ("admin_password", "nsx_password", "vcenter_password", "vrops_password")}
class WimAccountTopic(CommonVimWimSdn):
class WimAccountTopic(CommonVimWimSdn):
@@
-370,7
+374,7
@@
class WimAccountTopic(CommonVimWimSdn):
schema_edit = wim_account_edit_schema
multiproject = True
password_to_encrypt = "wim_password"
schema_edit = wim_account_edit_schema
multiproject = True
password_to_encrypt = "wim_password"
- config_to_encrypt =
()
+ config_to_encrypt =
{}
class SdnTopic(CommonVimWimSdn):
class SdnTopic(CommonVimWimSdn):
@@
-380,7
+384,7
@@
class SdnTopic(CommonVimWimSdn):
schema_edit = sdn_edit_schema
multiproject = True
password_to_encrypt = "password"
schema_edit = sdn_edit_schema
multiproject = True
password_to_encrypt = "password"
- config_to_encrypt =
()
+ config_to_encrypt =
{}
class UserTopicAuth(UserTopic):
class UserTopicAuth(UserTopic):
@@
-390,8
+394,8
@@
class UserTopicAuth(UserTopic):
schema_edit = user_edit_schema
def __init__(self, db, fs, msg, auth):
schema_edit = user_edit_schema
def __init__(self, db, fs, msg, auth):
- UserTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ UserTopic.__init__(self, db, fs, msg
, auth
)
+
#
self.auth = auth
def check_conflict_on_new(self, session, indata):
"""
def check_conflict_on_new(self, session, indata):
"""
@@
-703,8
+707,8
@@
class ProjectTopicAuth(ProjectTopic):
schema_edit = project_edit_schema
def __init__(self, db, fs, msg, auth):
schema_edit = project_edit_schema
def __init__(self, db, fs, msg, auth):
- ProjectTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ ProjectTopic.__init__(self, db, fs, msg
, auth
)
+
#
self.auth = auth
def check_conflict_on_new(self, session, indata):
"""
def check_conflict_on_new(self, session, indata):
"""
@@
-745,7
+749,7
@@
class ProjectTopicAuth(ProjectTopic):
raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT)
# Check that project name is not used, regardless keystone already checks this
raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT)
# Check that project name is not used, regardless keystone already checks this
- if self.auth.get_project_list(filter_q={"name": project_name}):
+ if
project_name and
self.auth.get_project_list(filter_q={"name": project_name}):
raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT)
def check_conflict_on_del(self, session, _id, db_content):
raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT)
def check_conflict_on_del(self, session, _id, db_content):
@@
-884,8
+888,7
@@
class ProjectTopicAuth(ProjectTopic):
self.check_conflict_on_edit(session, content, indata, _id=_id)
self.format_on_edit(content, indata)
self.check_conflict_on_edit(session, content, indata, _id=_id)
self.format_on_edit(content, indata)
- if "name" in indata:
- content["name"] = indata["name"]
+ deep_update_rfc7396(content, indata)
self.auth.update_project(content["_id"], content)
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
self.auth.update_project(content["_id"], content)
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
@@
-899,8
+902,8
@@
class RoleTopicAuth(BaseTopic):
multiproject = False
def __init__(self, db, fs, msg, auth, ops):
multiproject = False
def __init__(self, db, fs, msg, auth, ops):
- BaseTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ BaseTopic.__init__(self, db, fs, msg
, auth
)
+
#
self.auth = auth
self.operations = ops
# self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles"
self.operations = ops
# self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles"