# limitations under the License.
import logging
+import yaml
from osm_common import dbmongo, dbmemory, fslocal, msglocal, msgkafka, version as common_version
from osm_common.dbbase import DbException
from osm_common.fsbase import FsException
from osm_common.msgbase import MsgException
from http import HTTPStatus
+
+from authconn_keystone import AuthconnKeystone
from base_topic import EngineException, versiontuple
from admin_topics import UserTopic, ProjectTopic, VimAccountTopic, WimAccountTopic, SdnTopic
+from admin_topics import UserTopicAuth, ProjectTopicAuth, RoleTopicAuth
from descriptor_topics import VnfdTopic, NsdTopic, PduTopic, NstTopic
from instance_topics import NsrTopic, VnfrTopic, NsLcmOpTopic, NsiTopic, NsiLcmOpTopic
from base64 import b64encode
-from os import urandom
+from os import urandom, path
+from threading import Lock
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
-min_common_version = "0.1.8"
+min_common_version = "0.1.16"
class Engine(object):
self.db = None
self.fs = None
self.msg = None
+ self.auth = None
self.config = None
+ self.operations = None
self.logger = logging.getLogger("nbi.engine")
self.map_topic = {}
+ self.write_lock = None
def start(self, config):
"""
self.msg.connect(config["message"])
else:
raise EngineException("Invalid configuration param '{}' at '[message]':'driver'".format(
- config["storage"]["driver"]))
+ config["message"]["driver"]))
+ if not self.auth:
+ if config["authentication"]["backend"] == "keystone":
+ self.auth = AuthconnKeystone(config["authentication"])
+ if not self.operations:
+ if "resources_to_operations" in config["rbac"]:
+ resources_to_operations_file = config["rbac"]["resources_to_operations"]
+ else:
+ possible_paths = (
+ __file__[:__file__.rfind("engine.py")] + "resources_to_operations.yml",
+ "./resources_to_operations.yml"
+ )
+ for config_file in possible_paths:
+ if path.isfile(config_file):
+ resources_to_operations_file = config_file
+ break
+ if not resources_to_operations_file:
+ raise EngineException("Invalid permission configuration: resources_to_operations file missing")
+
+ with open(resources_to_operations_file, 'r') as f:
+ resources_to_operations = yaml.load(f)
+
+ self.operations = []
+
+ for _, value in resources_to_operations["resources_to_operations"].items():
+ if value not in self.operations:
+ self.operations += value
+ if config["authentication"]["backend"] == "keystone":
+ self.map_from_topic_to_class["users"] = UserTopicAuth
+ self.map_from_topic_to_class["projects"] = ProjectTopicAuth
+ self.map_from_topic_to_class["roles"] = RoleTopicAuth
+
+ self.write_lock = Lock()
# create one class per topic
for topic, topic_class in self.map_from_topic_to_class.items():
- self.map_topic[topic] = topic_class(self.db, self.fs, self.msg)
+ if self.auth and topic_class in (UserTopicAuth, ProjectTopicAuth):
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg, self.auth)
+ elif self.auth and topic_class == RoleTopicAuth:
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg, self.auth,
+ self.operations)
+ else:
+ self.map_topic[topic] = topic_class(self.db, self.fs, self.msg)
except (DbException, FsException, MsgException) as e:
raise EngineException(str(e), http_code=e.http_code)
self.db.db_disconnect()
if self.fs:
self.fs.fs_disconnect()
- if self.fs:
- self.fs.fs_disconnect()
+ if self.msg:
+ self.msg.disconnect()
+ self.write_lock = None
except (DbException, FsException, MsgException) as e:
raise EngineException(str(e), http_code=e.http_code)
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].new(rollback, session, indata, kwargs, headers, force)
+ with self.write_lock:
+ return self.map_topic[topic].new(rollback, session, indata, kwargs, headers, force)
def upload_content(self, session, topic, _id, indata, kwargs, headers, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].upload_content(session, _id, indata, kwargs, headers, force)
+ with self.write_lock:
+ return self.map_topic[topic].upload_content(session, _id, indata, kwargs, headers, force)
def get_item_list(self, session, topic, filter_q=None):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].delete_list(session, _filter)
+ with self.write_lock:
+ return self.map_topic[topic].delete_list(session, _filter)
def del_item(self, session, topic, _id, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].delete(session, _id, force)
+ with self.write_lock:
+ return self.map_topic[topic].delete(session, _id, force)
def edit_item(self, session, topic, _id, indata=None, kwargs=None, force=False):
"""
"""
if topic not in self.map_topic:
raise EngineException("Unknown topic {}!!!".format(topic), HTTPStatus.INTERNAL_SERVER_ERROR)
- return self.map_topic[topic].edit(session, _id, indata, kwargs, force)
+ with self.write_lock:
+ return self.map_topic[topic].edit(session, _id, indata, kwargs, force)
def create_admin(self):
"""
}
self.db.create("admin", version_data)
self.db.set_secret_key(serial)
+ return
# TODO add future migrations here
raise EngineException("Wrong database version '{}'. Expected '{}'"