Fixing install problem with OSM Common lib
[osm/NBI.git] / osm_nbi / nbi.py
index c4c61ad..fa2f043 100644 (file)
@@ -7,16 +7,19 @@ import json
 import yaml
 import html_out as html
 import logging
+import logging.handlers
+import getopt
+import sys
+
+from authconn import AuthException
+from auth import Authenticator
 from engine import Engine, EngineException
-from dbbase import DbException
-from fsbase import FsException
-from msgbase import MsgException
-from base64 import standard_b64decode
-#from os import getenv
+from osm_common.dbbase import DbException
+from osm_common.fsbase import FsException
+from osm_common.msgbase import MsgException
 from http import HTTPStatus
-#from http.client import responses as http_responses
 from codecs import getreader
-from os import environ
+from os import environ, path
 
 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
 
@@ -24,13 +27,14 @@ __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
 __version__ = "0.1.3"
 version_date = "Apr 2018"
 database_version = '1.0'
+auth_database_version = '1.0'
 
 """
 North Bound Interface  (O: OSM specific; 5,X: SOL005 not implemented yet; O5: SOL005 implemented)
 URL: /osm                                                       GET     POST    PUT     DELETE  PATCH
         /nsd/v1                                                 O       O
-            /ns_descriptors_content                             O       O       
-                /<nsdInfoId>                                    O       O       O       O     
+            /ns_descriptors_content                             O       O
+                /<nsdInfoId>                                    O       O       O       O
             /ns_descriptors                                     O5      O5
                 /<nsdInfoId>                                    O5                      O5      5
                     /nsd_content                                O5              O5
@@ -44,7 +48,7 @@ URL: /osm                                                       GET     POST
 
         /vnfpkgm/v1
             /vnf_packages_content                               O       O
-                /<vnfPkgId>                                     O                       O     
+                /<vnfPkgId>                                     O                       O
             /vnf_packages                                       O5      O5
                 /<vnfPkgId>                                     O5                      O5      5
                     /package_content                            O5               O5
@@ -56,9 +60,9 @@ URL: /osm                                                       GET     POST
 
         /nslcm/v1
             /ns_instances_content                               O       O
-                /<nsInstanceId>                                 O                       O     
+                /<nsInstanceId>                                 O                       O
             /ns_instances                                       5       5
-                /<nsInstanceId>                                 5                       5     
+                /<nsInstanceId>                                 O5                      O5
                     instantiate                                         O5
                     terminate                                           O5
                     action                                              O
@@ -67,55 +71,65 @@ URL: /osm                                                       GET     POST
             /ns_lcm_op_occs                                     5       5
                 /<nsLcmOpOccId>                                 5                       5       5
                     TO BE COMPLETED                             5               5
+            /vnf_instances  (also vnfrs for compatibility)      O
+                /<vnfInstanceId>                                O
             /subscriptions                                      5       5
                 /<subscriptionId>                               5                       X
         /admin/v1
             /tokens                                             O       O
-                /<id>                                           O                       O     
+                /<id>                                           O                       O
             /users                                              O       O
-                /<id>                                           O                       O     
+                /<id>                                           O               O       O       O
             /projects                                           O       O
-                /<id>                                           O                       O     
-            /vims                                               O       O
-                /<id>                                           O                       O       O     
+                /<id>                                           O                       O
+            /vims_accounts  (also vims for compatibility)       O       O
+                /<id>                                           O                       O       O
             /sdns                                               O       O
-                /<id>                                           O                       O       O     
-
-query string.
-    <attrName>[.<attrName>...]*[.<op>]=<value>[,<value>...]&...
-    op: "eq"(or empty to one or the values) | "neq" (to any of the values) | "gt" | "lt" | "gte" | "lte" | "cont" | "ncont"
-    all_fields, fields=x,y,.., exclude_default, exclude_fields=x,y,...
+                /<id>                                           O                       O       O
+
+query string:
+    Follows SOL005 section 4.3.2 It contains extra METHOD to override http method, FORCE to force.
+    For filtering inside array, it must select the element of the array, or add ANYINDEX to apply the filtering over any
+    item of the array, that is, pass if any item of the array pass the filter.
+    It allows both ne and neq for not equal
+    TODO: 4.3.3 Attribute selectors
+        all_fields, fields=x,y,.., exclude_default, exclude_fields=x,y,...
         (none) … same as “exclude_default”
         all_fields     … all attributes.
-        fields=<list>  … all attributes except all complex attributes with minimum cardinality of zero that are not conditionally mandatory, and that are not provided in <list>.
-        exclude_fields=<list>  … all attributes except those complex attributes with a minimum cardinality of zero that are not conditionally mandatory, and that are provided in <list>.
-        exclude_default        … all attributes except those complex attributes with a minimum cardinality of zero that are not conditionally mandatory, and that are part of the "default exclude set" defined in the present specification for the particular resource
-        exclude_default and include=<list>     … all attributes except those complex attributes with a minimum cardinality of zero that are not conditionally mandatory and that are part of the "default exclude set" defined in the present specification for the particular resource, but that are not part of <list>
+        fields=<list>  … all attributes except all complex attributes with minimum cardinality of zero that are not
+        conditionally mandatory, and that are not provided in <list>.
+        exclude_fields=<list>  … all attributes except those complex attributes with a minimum cardinality of zero that
+        are not conditionally mandatory, and that are provided in <list>.
+        exclude_default        … all attributes except those complex attributes with a minimum cardinality of zero that are not
+        conditionally mandatory, and that are part of the "default exclude set" defined in the present specification for
+        the particular resource
+        exclude_default and include=<list>     … all attributes except those complex attributes with a minimum cardinality
+        of zero that are not conditionally mandatory and that are part of the "default exclude set" defined in the
+        present specification for the particular resource, but that are not part of <list>
 Header field name      Reference       Example Descriptions
     Accept     IETF RFC 7231 [19]      application/json        Content-Types that are acceptable for the response.
     This header field shall be present if the response is expected to have a non-empty message body.
     Content-Type       IETF RFC 7231 [19]      application/json        The MIME type of the body of the request.
     This header field shall be present if the request has a non-empty message body.
-    Authorization      IETF RFC 7235 [22]      Bearer mF_9.B5f-4.1JqM  The authorization token for the request. Details are specified in clause 4.5.3.
+    Authorization      IETF RFC 7235 [22]      Bearer mF_9.B5f-4.1JqM  The authorization token for the request.
+    Details are specified in clause 4.5.3.
     Range      IETF RFC 7233 [21]      1000-2000       Requested range of bytes from a file
 Header field name      Reference       Example Descriptions
     Content-Type       IETF RFC 7231 [19]      application/json        The MIME type of the body of the response.
     This header field shall be present if the response has a non-empty message body.
-    Location   IETF RFC 7231 [19]      http://www.example.com/vnflcm/v1/vnf_instances/123      Used in redirection, or when a new resource has been created.
+    Location   IETF RFC 7231 [19]      http://www.example.com/vnflcm/v1/vnf_instances/123      Used in redirection, or when a
+    new resource has been created.
     This header field shall be present if the response status code is 201 or 3xx.
-    In the present document this header field is also used if the response status code is 202 and a new resource was created.
-    WWW-Authenticate   IETF RFC 7235 [22]      Bearer realm="example"  Challenge if the corresponding HTTP request has not provided authorization, or error details if the corresponding HTTP request has provided an invalid authorization token.
-    Accept-Ranges      IETF RFC 7233 [21]      bytes   Used by the Server to signal whether or not it supports ranges for certain resources.
-    Content-Range      IETF RFC 7233 [21]      bytes 21010-47021/ 47022        Signals the byte range that is contained in the response, and the total length of the file.
+    In the present document this header field is also used if the response status code is 202 and a new resource was
+    created.
+    WWW-Authenticate   IETF RFC 7235 [22]      Bearer realm="example"  Challenge if the corresponding HTTP request has not
+    provided authorization, or error details if the corresponding HTTP request has provided an invalid authorization
+    token.
+    Accept-Ranges      IETF RFC 7233 [21]      bytes   Used by the Server to signal whether or not it supports ranges for
+    certain resources.
+    Content-Range      IETF RFC 7233 [21]      bytes 21010-47021/ 47022        Signals the byte range that is contained in the
+    response, and the total length of the file.
     Retry-After        IETF RFC 7231 [19]      Fri, 31 Dec 1999 23:59:59 GMT
-
-    or
-
-    120        Used to indicate how long the user agent ought to wait before making a follow-up request.
-    It can be used with 503 responses.
-    The value of this field can be an HTTP-date or a number of seconds to delay after the response is received.
-
-    #TODO http header for partial uploads: Content-Range: "bytes 0-1199/15000". Id is returned first time and send in following chunks
 """
 
 
@@ -134,131 +148,97 @@ class Server(object):
     def __init__(self):
         self.instance += 1
         self.engine = Engine()
+        self.authenticator = Authenticator()
         self.valid_methods = {   # contains allowed URL and methods
             "admin": {
                 "v1": {
                     "tokens": {"METHODS": ("GET", "POST", "DELETE"),
-                        "<ID>": { "METHODS": ("GET", "DELETE")}
-                    },
+                               "<ID>": {"METHODS": ("GET", "DELETE")}
+                               },
                     "users": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "POST", "DELETE")}
-                    },
+                              "<ID>": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT")}
+                              },
                     "projects": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "DELETE")}
-                    },
+                                 "<ID>": {"METHODS": ("GET", "DELETE")}
+                                 },
                     "vims": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "DELETE")}
-                    },
+                             "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT")}
+                             },
+                    "vim_accounts": {"METHODS": ("GET", "POST"),
+                                     "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT")}
+                                     },
                     "sdns": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "DELETE")}
-                    },
+                             "<ID>": {"METHODS": ("GET", "DELETE", "PATCH", "PUT")}
+                             },
                 }
             },
             "nsd": {
                 "v1": {
-                    "ns_descriptors_content": { "METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "PUT", "DELETE")}
-                    },
-                    "ns_descriptors": { "METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "DELETE"), "TODO": "PATCH",
-                            "nsd_content": { "METHODS": ("GET", "PUT")},
-                            "nsd": {"METHODS": "GET"},  # descriptor inside package
-                            "artifacts": {"*": {"METHODS": "GET"}}
-                        }
-
-                    },
+                    "ns_descriptors_content": {"METHODS": ("GET", "POST"),
+                                               "<ID>": {"METHODS": ("GET", "PUT", "DELETE")}
+                                               },
+                    "ns_descriptors": {"METHODS": ("GET", "POST"),
+                                       "<ID>": {"METHODS": ("GET", "DELETE"), "TODO": "PATCH",
+                                                "nsd_content": {"METHODS": ("GET", "PUT")},
+                                                "nsd": {"METHODS": "GET"},  # descriptor inside package
+                                                "artifacts": {"*": {"METHODS": "GET"}}
+                                                }
+                                       },
                     "pnf_descriptors": {"TODO": ("GET", "POST"),
-                       "<ID>": {"TODO": ("GET", "DELETE", "PATCH"),
-                            "pnfd_content": {"TODO": ("GET", "PUT")}
-                        }
-                    },
+                                        "<ID>": {"TODO": ("GET", "DELETE", "PATCH"),
+                                                 "pnfd_content": {"TODO": ("GET", "PUT")}
+                                                 }
+                                        },
                     "subscriptions": {"TODO": ("GET", "POST"),
-                        "<ID>": {"TODO": ("GET", "DELETE"),}
-                    },
+                                      "<ID>": {"TODO": ("GET", "DELETE")}
+                                      },
                 }
             },
             "vnfpkgm": {
                 "v1": {
-                    "vnf_packages_content": { "METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "PUT", "DELETE")}
-                    },
-                    "vnf_packages": { "METHODS": ("GET", "POST"),
-                        "<ID>": { "METHODS": ("GET", "DELETE"), "TODO": "PATCH",  # GET: vnfPkgInfo
-                            "package_content": { "METHODS": ("GET", "PUT"),         # package
-                                "upload_from_uri": {"TODO": "POST"}
-                            },
-                            "vnfd": {"METHODS": "GET"},                    # descriptor inside package
-                            "artifacts": {"*": {"METHODS": "GET"}}
-                        }
-
-                    },
+                    "vnf_packages_content": {"METHODS": ("GET", "POST"),
+                                             "<ID>": {"METHODS": ("GET", "PUT", "DELETE")}
+                                             },
+                    "vnf_packages": {"METHODS": ("GET", "POST"),
+                                     "<ID>": {"METHODS": ("GET", "DELETE", "PATCH"),  # GET: vnfPkgInfo
+                                              "package_content": {"METHODS": ("GET", "PUT"),         # package
+                                                                  "upload_from_uri": {"TODO": "POST"}
+                                                                  },
+                                              "vnfd": {"METHODS": "GET"},                    # descriptor inside package
+                                              "artifacts": {"*": {"METHODS": "GET"}}
+                                              }
+                                     },
                     "subscriptions": {"TODO": ("GET", "POST"),
-                        "<ID>": {"TODO": ("GET", "DELETE"),}
-                    },
+                                      "<ID>": {"TODO": ("GET", "DELETE")}
+                                      },
                 }
             },
             "nslcm": {
                 "v1": {
                     "ns_instances_content": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"METHODS": ("GET", "DELETE")}
-                    },
+                                             "<ID>": {"METHODS": ("GET", "DELETE")}
+                                             },
                     "ns_instances": {"METHODS": ("GET", "POST"),
-                        "<ID>": {"TODO": ("GET", "DELETE"),
-                             "scale": {"TODO": "POST"},
-                             "terminate": {"METHODS": "POST"},
-                             "instantiate": {"METHODS": "POST"},
-                             "action": {"METHODS": "POST"},
-                        }
-                    },
+                                     "<ID>": {"METHODS": ("GET", "DELETE"),
+                                              "scale": {"METHODS": "POST"},
+                                              "terminate": {"METHODS": "POST"},
+                                              "instantiate": {"METHODS": "POST"},
+                                              "action": {"METHODS": "POST"},
+                                              }
+                                     },
                     "ns_lcm_op_occs": {"METHODS": "GET",
-                        "<ID>": {"METHODS": "GET"},
-                    }
+                                       "<ID>": {"METHODS": "GET"},
+                                       },
+                    "vnfrs": {"METHODS": ("GET"),
+                              "<ID>": {"METHODS": ("GET")}
+                              },
+                    "vnf_instances": {"METHODS": ("GET"),
+                                      "<ID>": {"METHODS": ("GET")}
+                                      },
                 }
             },
         }
 
-    def _authorization(self):
-        token = None
-        user_passwd64 = None
-        try:
-            # 1. Get token Authorization bearer
-            auth = cherrypy.request.headers.get("Authorization")
-            if auth:
-                auth_list = auth.split(" ")
-                if auth_list[0].lower() == "bearer":
-                    token = auth_list[-1]
-                elif auth_list[0].lower() == "basic":
-                    user_passwd64 = auth_list[-1]
-            if not token:
-                if cherrypy.session.get("Authorization"):
-                    # 2. Try using session before request a new token. If not, basic authentication will generate
-                    token = cherrypy.session.get("Authorization")
-                    if token == "logout":
-                        token = None   # force Unauthorized response to insert user pasword again
-                elif user_passwd64 and cherrypy.request.config.get("auth.allow_basic_authentication"):
-                    # 3. Get new token from user password
-                    user = None
-                    passwd = None
-                    try:
-                        user_passwd = standard_b64decode(user_passwd64).decode()
-                        user, _, passwd = user_passwd.partition(":")
-                    except:
-                        pass
-                    outdata = self.engine.new_token(None, {"username": user, "password": passwd})
-                    token = outdata["id"]
-                    cherrypy.session['Authorization'] = token
-            # 4. Get token from cookie
-            # if not token:
-            #     auth_cookie = cherrypy.request.cookie.get("Authorization")
-            #     if auth_cookie:
-            #         token = auth_cookie.value
-            return self.engine.authorize(token)
-        except EngineException as e:
-            if cherrypy.session.get('Authorization'):
-                del cherrypy.session['Authorization']
-            cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
-            raise
-
     def _format_in(self, kwargs):
         try:
             indata = None
@@ -308,15 +288,15 @@ class Server(object):
                     elif format_yaml:
                         try:
                             kwargs[k] = yaml.load(v)
-                        except:
+                        except Exception:
                             pass
                     elif k.endswith(".gt") or k.endswith(".lt") or k.endswith(".gte") or k.endswith(".lte"):
                         try:
                             kwargs[k] = int(v)
-                        except:
+                        except Exception:
                             try:
                                 kwargs[k] = float(v)
-                            except:
+                            except Exception:
                                 pass
                     elif v.find(",") > 0:
                         kwargs[k] = v.split(",")
@@ -327,7 +307,7 @@ class Server(object):
                         elif format_yaml:
                             try:
                                 v[index] = yaml.load(v[index])
-                            except:
+                            except Exception:
                                 pass
 
             return indata
@@ -335,6 +315,8 @@ class Server(object):
             raise NbiException(error_text + str(exc), HTTPStatus.BAD_REQUEST)
         except KeyError as exc:
             raise NbiException("Query string error: " + str(exc), HTTPStatus.BAD_REQUEST)
+        except Exception as exc:
+            raise NbiException(error_text + str(exc), HTTPStatus.BAD_REQUEST)
 
     @staticmethod
     def _format_out(data, session=None, _format=None):
@@ -349,7 +331,7 @@ class Server(object):
         if data is None:
             if accept and "text/html" in accept:
                 return html.format(data, cherrypy.request, cherrypy.response, session)
-            cherrypy.response.status = HTTPStatus.NO_CONTENT.value
+            cherrypy.response.status = HTTPStatus.NO_CONTENT.value
             return
         elif hasattr(data, "read"):  # file object
             if _format:
@@ -383,15 +365,15 @@ class Server(object):
         session = None
         try:
             if cherrypy.request.method == "GET":
-                session = self._authorization()
+                session = self.authenticator.authorize()
                 outdata = "Index page"
             else:
                 raise cherrypy.HTTPError(HTTPStatus.METHOD_NOT_ALLOWED.value,
-                                 "Method {} not allowed for tokens".format(cherrypy.request.method))
+                                         "Method {} not allowed for tokens".format(cherrypy.request.method))
 
             return self._format_out(outdata, session)
 
-        except EngineException as e:
+        except (EngineException, AuthException) as e:
             cherrypy.log("index Exception {}".format(e))
             cherrypy.response.status = e.http_code.value
             return self._format_out("Welcome to OSM!", session)
@@ -424,19 +406,19 @@ class Server(object):
             raise NbiException("Expected application/yaml or application/json Content-Type", HTTPStatus.BAD_REQUEST)
         try:
             if method == "GET":
-                session = self._authorization()
+                session = self.authenticator.authorize()
                 if token_id:
-                    outdata = self.engine.get_token(session, token_id)
+                    outdata = self.authenticator.get_token(session, token_id)
                 else:
-                    outdata = self.engine.get_token_list(session)
+                    outdata = self.authenticator.get_token_list(session)
             elif method == "POST":
                 try:
-                    session = self._authorization()
-                except:
+                    session = self.authenticator.authorize()
+                except Exception:
                     session = None
                 if kwargs:
                     indata.update(kwargs)
-                outdata = self.engine.new_token(session, indata, cherrypy.request.remote)
+                outdata = self.authenticator.new_token(session, indata, cherrypy.request.remote)
                 session = outdata
                 cherrypy.session['Authorization'] = outdata["_id"]
                 self._set_location_header("admin", "v1", "tokens", outdata["_id"])
@@ -446,10 +428,9 @@ class Server(object):
                 if not token_id and "id" in kwargs:
                     token_id = kwargs["id"]
                 elif not token_id:
-                    session = self._authorization()
+                    session = self.authenticator.authorize()
                     token_id = session["_id"]
-                outdata = self.engine.del_token(token_id)
-                oudata = None
+                outdata = self.authenticator.del_token(token_id)
                 session = None
                 cherrypy.session['Authorization'] = "logout"
                 # cherrypy.response.cookie["Authorization"] = token_id
@@ -457,7 +438,7 @@ class Server(object):
             else:
                 raise NbiException("Method {} not allowed for token".format(method), HTTPStatus.METHOD_NOT_ALLOWED)
             return self._format_out(outdata, session)
-        except (NbiException, EngineException, DbException) as e:
+        except (NbiException, EngineException, DbException, AuthException) as e:
             cherrypy.log("tokens Exception {}".format(e))
             cherrypy.response.status = e.http_code.value
             problem_details = {
@@ -472,7 +453,7 @@ class Server(object):
         thread_info = None
         if args and args[0] == "help":
             return "<html><pre>\ninit\nfile/<name>  download file\ndb-clear/table\nprune\nlogin\nlogin2\n"\
-                    "sleep/<time>\nmessage/topic\n</pre></html>"
+                   "sleep/<time>\nmessage/topic\n</pre></html>"
 
         elif args and args[0] == "init":
             try:
@@ -492,7 +473,7 @@ class Server(object):
             return f
 
         elif len(args) == 2 and args[0] == "db-clear":
-            return self.engine.del_item_list({"project_id": "admin"}, args[1], {})
+            return self.engine.del_item_list({"project_id": "admin", "admin": True}, args[1], kwargs)
         elif args and args[0] == "prune":
             return self.engine.prune()
         elif args and args[0] == "login":
@@ -575,7 +556,7 @@ class Server(object):
                 raise NbiException("Unexpected URL item {}".format(arg), HTTPStatus.METHOD_NOT_ALLOWED)
         if "TODO" in reference and method in reference["TODO"]:
             raise NbiException("Method {} not supported yet for this URL".format(method), HTTPStatus.NOT_IMPLEMENTED)
-        elif "METHODS" in reference and not method in reference["METHODS"]:
+        elif "METHODS" in reference and method not in reference["METHODS"]:
             raise NbiException("Method {} not supported for this URL".format(method), HTTPStatus.METHOD_NOT_ALLOWED)
         return
 
@@ -600,6 +581,8 @@ class Server(object):
         _format = None
         method = "DONE"
         engine_item = None
+        rollback = []
+        session = None
         try:
             if not topic or not version or not item:
                 raise NbiException("URL must contain at least 'topic/version/item'", HTTPStatus.METHOD_NOT_ALLOWED)
@@ -612,6 +595,10 @@ class Server(object):
                 method = kwargs.pop("METHOD")
             else:
                 method = cherrypy.request.method
+            if kwargs and "FORCE" in kwargs:
+                force = kwargs.pop("FORCE")
+            else:
+                force = False
 
             self._check_valid_url_method(method, topic, version, item, _id, item2, *args)
 
@@ -619,7 +606,7 @@ class Server(object):
                 return self.token(method, _id, kwargs)
 
             # self.engine.load_dbase(cherrypy.request.app.config)
-            session = self._authorization()
+            session = self.authenticator.authorize()
             indata = self._format_in(kwargs)
             engine_item = item
             if item == "subscriptions":
@@ -635,6 +622,10 @@ class Server(object):
                 engine_item = "nsrs"
                 if item == "ns_lcm_op_occs":
                     engine_item = "nslcmops"
+                if item == "vnfrs" or item == "vnf_instances":
+                    engine_item = "vnfrs"
+            if engine_item == "vims":   # TODO this is for backward compatibility, it will remove in the future
+                engine_item = "vim_accounts"
 
             if method == "GET":
                 if item2 in ("nsd_content", "package_content", "artifacts", "vnfd", "nsd"):
@@ -647,7 +638,7 @@ class Server(object):
                     else:
                         path = None
                     file, _format = self.engine.get_file(session, engine_item, _id, path,
-                                                            cherrypy.request.headers.get("Accept"))
+                                                         cherrypy.request.headers.get("Accept"))
                     outdata = file
                 elif not _id:
                     outdata = self.engine.get_item_list(session, engine_item, kwargs)
@@ -657,59 +648,75 @@ class Server(object):
                 if item in ("ns_descriptors_content", "vnf_packages_content"):
                     _id = cherrypy.request.headers.get("Transaction-Id")
                     if not _id:
-                        _id = self.engine.new_item(session, engine_item, {}, None, cherrypy.request.headers)
-                    completed = self.engine.upload_content(session, engine_item, _id, indata, kwargs, cherrypy.request.headers)
+                        _id = self.engine.new_item(rollback, session, engine_item, {}, None, cherrypy.request.headers,
+                                                   force=force)
+                    completed = self.engine.upload_content(session, engine_item, _id, indata, kwargs,
+                                                           cherrypy.request.headers)
                     if completed:
                         self._set_location_header(topic, version, item, _id)
                     else:
                         cherrypy.response.headers["Transaction-Id"] = _id
                     outdata = {"id": _id}
                 elif item == "ns_instances_content":
-                    _id = self.engine.new_item(session, engine_item, indata, kwargs)
-                    self.engine.ns_action(session, _id, "instantiate", {}, None)
+                    _id = self.engine.new_item(rollback, session, engine_item, indata, kwargs, force=force)
+                    self.engine.ns_operation(rollback, session, _id, "instantiate", indata, None)
                     self._set_location_header(topic, version, item, _id)
                     outdata = {"id": _id}
                 elif item == "ns_instances" and item2:
-                    _id = self.engine.ns_action(session, _id, item2, indata, kwargs)
+                    _id = self.engine.ns_operation(rollback, session, _id, item2, indata, kwargs)
                     self._set_location_header(topic, version, "ns_lcm_op_occs", _id)
                     outdata = {"id": _id}
                     cherrypy.response.status = HTTPStatus.ACCEPTED.value
                 else:
-                    _id = self.engine.new_item(session, engine_item, indata, kwargs, cherrypy.request.headers)
+                    _id = self.engine.new_item(rollback, session, engine_item, indata, kwargs, cherrypy.request.headers,
+                                               force=force)
                     self._set_location_header(topic, version, item, _id)
                     outdata = {"id": _id}
                     # TODO form NsdInfo when item in ("ns_descriptors", "vnf_packages")
                 cherrypy.response.status = HTTPStatus.CREATED.value
+
             elif method == "DELETE":
                 if not _id:
                     outdata = self.engine.del_item_list(session, engine_item, kwargs)
+                    cherrypy.response.status = HTTPStatus.OK.value
                 else:  # len(args) > 1
-                    if item == "ns_instances_content":
-                        self.engine.ns_action(session, _id, "terminate", {"autoremove": True}, None)
+                    if item == "ns_instances_content" and not force:
+                        opp_id = self.engine.ns_operation(rollback, session, _id, "terminate", {"autoremove": True},
+                                                          None)
+                        outdata = {"_id": opp_id}
+                        cherrypy.response.status = HTTPStatus.ACCEPTED.value
                     else:
-                        force = kwargs.get("FORCE")
                         self.engine.del_item(session, engine_item, _id, force)
-                    # TODO return 202 ACCEPTED for nsrs vims
-                    outdata = None
-            elif method == "PUT":
+                        cherrypy.response.status = HTTPStatus.NO_CONTENT.value
+                if engine_item in ("vim_accounts", "sdns"):
+                    cherrypy.response.status = HTTPStatus.ACCEPTED.value
+
+            elif method in ("PUT", "PATCH"):
+                outdata = None
                 if not indata and not kwargs:
                     raise NbiException("Nothing to update. Provide payload and/or query string",
                                        HTTPStatus.BAD_REQUEST)
-                if item2 in ("nsd_content", "package_content"):
-                    completed = self.engine.upload_content(session, engine_item, _id, indata, kwargs, cherrypy.request.headers)
+                if item2 in ("nsd_content", "package_content") and method == "PUT":
+                    completed = self.engine.upload_content(session, engine_item, _id, indata, kwargs,
+                                                           cherrypy.request.headers)
                     if not completed:
                         cherrypy.response.headers["Transaction-Id"] = id
-                    outdata = None
                 else:
-                    outdata = {"id": self.engine.edit_item(session, engine_item, args[1], indata, kwargs)}
+                    self.engine.edit_item(session, engine_item, _id, indata, kwargs, force=force)
+                cherrypy.response.status = HTTPStatus.NO_CONTENT.value
             else:
                 raise NbiException("Method {} not allowed".format(method), HTTPStatus.METHOD_NOT_ALLOWED)
             return self._format_out(outdata, session, _format)
-        except (NbiException, EngineException, DbException, FsException, MsgException) as e:
-            if hasattr(outdata, "close"):  # is an open file
-                outdata.close()
+        except (NbiException, EngineException, DbException, FsException, MsgException, AuthException) as e:
             cherrypy.log("Exception {}".format(e))
             cherrypy.response.status = e.http_code.value
+            if hasattr(outdata, "close"):  # is an open file
+                outdata.close()
+            for rollback_item in rollback:
+                try:
+                    self.engine.del_item(**rollback_item, session=session, force=True)
+                except Exception as e2:
+                    cherrypy.log("Rollback Exception {}: {}".format(rollback_item, e2))
             error_text = str(e)
             if isinstance(e, MsgException):
                 error_text = "{} has been '{}' but other modules cannot be informed because an error on bus".format(
@@ -745,7 +752,7 @@ def _start_service():
     for k, v in environ.items():
         if not k.startswith("OSMNBI_"):
             continue
-        k1, _,  k2 = k[7:].lower().partition("_")
+        k1, _, k2 = k[7:].lower().partition("_")
         if not k2:
             continue
         try:
@@ -757,14 +764,15 @@ def _start_service():
                 update_dict['server.socket_port'] = int(v)
             elif k == 'OSMNBI_SOCKET_HOST' or k == 'OSMNBI_SERVER_HOST':
                 update_dict['server.socket_host'] = v
-            elif k1 == "server":
-                update_dict['server' + k2] = v
-                # TODO add more entries
-            elif k1 in ("message", "database", "storage"):
-                if k2 == "port":
+            elif k1 in ("server", "test", "auth", "log"):
+                update_dict[k1 + '.' + k2] = v
+            elif k1 in ("message", "database", "storage", "authentication"):
+                # k2 = k2.replace('_', '.')
+                if k2 in ("port", "db_port"):
                     engine_config[k1][k2] = int(v)
                 else:
                     engine_config[k1][k2] = v
+
         except ValueError as e:
             cherrypy.log.error("Ignoring environ '{}': " + str(e))
         except Exception as e:
@@ -772,6 +780,7 @@ def _start_service():
 
     if update_dict:
         cherrypy.config.update(update_dict)
+        engine_config["global"].update(update_dict)
 
     # logging cherrypy
     log_format_simple = "%(asctime)s %(levelname)s %(name)s %(filename)s:%(lineno)s %(message)s"
@@ -781,8 +790,8 @@ def _start_service():
     logger_cherry = logging.getLogger("cherrypy")
     logger_nbi = logging.getLogger("nbi")
 
-    if "logfile" in engine_config["global"]:
-        file_handler = logging.handlers.RotatingFileHandler(engine_config["global"]["logfile"],
+    if "log.file" in engine_config["global"]:
+        file_handler = logging.handlers.RotatingFileHandler(engine_config["global"]["log.file"],
                                                             maxBytes=100e6, backupCount=9, delay=0)
         file_handler.setFormatter(log_formatter_simple)
         logger_cherry.addHandler(file_handler)
@@ -798,9 +807,9 @@ def _start_service():
             str_handler.setFormatter(log_formatter_cherry)
             logger.addHandler(str_handler)
 
-    if engine_config["global"].get("loglevel"):
-        logger_cherry.setLevel(engine_config["global"]["loglevel"])
-        logger_nbi.setLevel(engine_config["global"]["loglevel"])
+    if engine_config["global"].get("log.level"):
+        logger_cherry.setLevel(engine_config["global"]["log.level"])
+        logger_nbi.setLevel(engine_config["global"]["log.level"])
 
     # logging other modules
     for k1, logname in {"message": "nbi.msg", "database": "nbi.db", "storage": "nbi.fs"}.items():
@@ -808,16 +817,18 @@ def _start_service():
         logger_module = logging.getLogger(logname)
         if "logfile" in engine_config[k1]:
             file_handler = logging.handlers.RotatingFileHandler(engine_config[k1]["logfile"],
-                                                             maxBytes=100e6, backupCount=9, delay=0)
+                                                                maxBytes=100e6, backupCount=9, delay=0)
             file_handler.setFormatter(log_formatter_simple)
             logger_module.addHandler(file_handler)
         if "loglevel" in engine_config[k1]:
             logger_module.setLevel(engine_config[k1]["loglevel"])
     # TODO add more entries, e.g.: storage
     cherrypy.tree.apps['/osm'].root.engine.start(engine_config)
+    cherrypy.tree.apps['/osm'].root.authenticator.start(engine_config)
     try:
         cherrypy.tree.apps['/osm'].root.engine.init_db(target_version=database_version)
-    except EngineException:
+        cherrypy.tree.apps['/osm'].root.authenticator.init_db(target_version=auth_database_version)
+    except (EngineException, AuthException):
         pass
     # getenv('OSMOPENMANO_TENANT', None)
 
@@ -830,7 +841,8 @@ def _stop_service():
     cherrypy.tree.apps['/osm'].root.engine.stop()
     cherrypy.log.error("Stopping osm_nbi")
 
-def nbi():
+
+def nbi(config_file):
     # conf = {
     #     '/': {
     #         #'request.dispatch': cherrypy.dispatch.MethodDispatcher(),
@@ -850,8 +862,51 @@ def nbi():
     #    'tools.auth_basic.checkpassword': validate_password})
     cherrypy.engine.subscribe('start', _start_service)
     cherrypy.engine.subscribe('stop', _stop_service)
-    cherrypy.quickstart(Server(), '/osm', "nbi.cfg")
+    cherrypy.quickstart(Server(), '/osm', config_file)
+
+
+def usage():
+    print("""Usage: {} [options]
+        -c|--config [configuration_file]: loads the configuration file (default: ./nbi.cfg)
+        -h|--help: shows this help
+        """.format(sys.argv[0]))
+    # --log-socket-host HOST: send logs to this host")
+    # --log-socket-port PORT: send logs using this port (default: 9022)")
 
 
 if __name__ == '__main__':
-    nbi()
+    try:
+        # load parameters and configuration
+        opts, args = getopt.getopt(sys.argv[1:], "hvc:", ["config=", "help"])
+        # TODO add  "log-socket-host=", "log-socket-port=", "log-file="
+        config_file = None
+        for o, a in opts:
+            if o in ("-h", "--help"):
+                usage()
+                sys.exit()
+            elif o in ("-c", "--config"):
+                config_file = a
+            # elif o == "--log-socket-port":
+            #     log_socket_port = a
+            # elif o == "--log-socket-host":
+            #     log_socket_host = a
+            # elif o == "--log-file":
+            #     log_file = a
+            else:
+                assert False, "Unhandled option"
+        if config_file:
+            if not path.isfile(config_file):
+                print("configuration file '{}' that not exist".format(config_file), file=sys.stderr)
+                exit(1)
+        else:
+            for config_file in (__file__[:__file__.rfind(".")] + ".cfg", "./nbi.cfg", "/etc/osm/nbi.cfg"):
+                if path.isfile(config_file):
+                    break
+            else:
+                print("No configuration file 'nbi.cfg' found neither at local folder nor at /etc/osm/", file=sys.stderr)
+                exit(1)
+        nbi(config_file)
+    except getopt.GetoptError as e:
+        print(str(e), file=sys.stderr)
+        # usage()
+        exit(1)