X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fadmin_topics.py;h=9f591fcfc1ff380b5bbb17549ced33c61454c49b;hp=670629eb68f844ed507240b82a65271fe5fd9e93;hb=1c38f2f3d8d54bd49fcfa8154d8a614da90293b1;hpb=bee3bad8d15fe0893855d0dff92cef4351629edb diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 670629e..9f591fc 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -404,6 +404,25 @@ class SdnTopic(CommonVimWimSdn): password_to_encrypt = "password" config_to_encrypt = {} + def _obtain_url(self, input, create): + if input.get("ip") or input.get("port"): + if not input.get("ip") or not input.get("port") or input.get('url'): + raise ValidationError("You must provide both 'ip' and 'port' (deprecated); or just 'url' (prefered)") + input['url'] = "http://{}:{}/".format(input["ip"], input["port"]) + del input["ip"] + del input["port"] + elif create and not input.get('url'): + raise ValidationError("You must provide 'url'") + return input + + def _validate_input_new(self, input, force=False): + input = super()._validate_input_new(input, force) + return self._obtain_url(input, True) + + def _validate_input_edit(self, input, force=False): + input = super()._validate_input_edit(input, force) + return self._obtain_url(input, False) + class K8sClusterTopic(CommonVimWimSdn): topic = "k8sclusters" @@ -418,6 +437,15 @@ class K8sClusterTopic(CommonVimWimSdn): oid = super().format_on_new(content, project_id, make_public) self.db.encrypt_decrypt_fields(content["credentials"], 'encrypt', ['password', 'secret'], schema_version=content["schema_version"], salt=content["_id"]) + # Add Helm/Juju Repo lists + repos = {"helm-chart": [], "juju-bundle": []} + for proj in content["_admin"]["projects_read"]: + if proj != 'ANY': + for repo in self.db.get_list("k8srepos", {"_admin.projects_read": proj}): + if repo["_id"] not in repos[repo["type"]]: + repos[repo["type"]].append(repo["_id"]) + for k in repos: + content["_admin"][k.replace('-', '_')+"_repos"] = repos[k] return oid def format_on_edit(self, final_content, edit_content): @@ -428,6 +456,22 @@ class K8sClusterTopic(CommonVimWimSdn): oid = super().format_on_edit(final_content, edit_content) return oid + def check_conflict_on_edit(self, session, final_content, edit_content, _id): + super(CommonVimWimSdn, self).check_conflict_on_edit(session, final_content, edit_content, _id) + super().check_conflict_on_edit(session, final_content, edit_content, _id) + # Update Helm/Juju Repo lists + repos = {"helm-chart": [], "juju-bundle": []} + for proj in session.get("set_project", []): + if proj != 'ANY': + for repo in self.db.get_list("k8srepos", {"_admin.projects_read": proj}): + if repo["_id"] not in repos[repo["type"]]: + repos[repo["type"]].append(repo["_id"]) + for k in repos: + rlist = k.replace('-', '_') + "_repos" + if rlist not in final_content["_admin"]: + final_content["_admin"][rlist] = [] + final_content["_admin"][rlist] += repos[k] + class K8sRepoTopic(CommonVimWimSdn): topic = "k8srepos" @@ -438,6 +482,26 @@ class K8sRepoTopic(CommonVimWimSdn): password_to_encrypt = None config_to_encrypt = {} + def format_on_new(self, content, project_id=None, make_public=False): + oid = super().format_on_new(content, project_id, make_public) + # Update Helm/Juju Repo lists + repo_list = content["type"].replace('-', '_')+"_repos" + for proj in content["_admin"]["projects_read"]: + if proj != 'ANY': + self.db.set_list("k8sclusters", + {"_admin.projects_read": proj, "_admin."+repo_list+".ne": content["_id"]}, {}, + push={"_admin."+repo_list: content["_id"]}) + return oid + + def delete(self, session, _id, dry_run=False, not_send_msg=None): + type = self.db.get_one("k8srepos", {"_id": _id})["type"] + oid = super().delete(session, _id, dry_run, not_send_msg) + if oid: + # Remove from Helm/Juju Repo lists + repo_list = type.replace('-', '_') + "_repos" + self.db.set_list("k8sclusters", {"_admin."+repo_list: _id}, {}, pull={"_admin."+repo_list: _id}) + return oid + class UserTopicAuth(UserTopic): # topic = "users" @@ -596,7 +660,7 @@ class UserTopicAuth(UserTopic): :return: dictionary, raise exception if not found. """ # Allow _id to be a name or uuid - filter_q = {self.id_field(self.topic, _id): _id} + filter_q = {"username": _id} # users = self.auth.get_user_list(filter_q) users = self.list(session, filter_q) # To allow default filtering (Bug 853) if len(users) == 1: @@ -963,10 +1027,10 @@ class RoleTopicAuth(BaseTopic): schema_edit = roles_edit_schema multiproject = False - def __init__(self, db, fs, msg, auth, ops): + def __init__(self, db, fs, msg, auth): BaseTopic.__init__(self, db, fs, msg, auth) # self.auth = auth - self.operations = ops + self.operations = auth.role_permissions # self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles" @staticmethod @@ -1088,11 +1152,12 @@ class RoleTopicAuth(BaseTopic): raise EngineException("You cannot delete role '{}'".format(role["name"]), http_code=HTTPStatus.FORBIDDEN) # If any user is using this role, raise CONFLICT exception - for user in self.auth.get_user_list(): - for prm in user.get("project_role_mappings"): - if prm["role"] == _id: - raise EngineException("Role '{}' ({}) is being used by user '{}'" - .format(role["name"], _id, user["username"]), HTTPStatus.CONFLICT) + if not session["force"]: + for user in self.auth.get_user_list(): + for prm in user.get("project_role_mappings"): + if prm["role"] == _id: + raise EngineException("Role '{}' ({}) is being used by user '{}'" + .format(role["name"], _id, user["username"]), HTTPStatus.CONFLICT) @staticmethod def format_on_new(content, project_id=None, make_public=False): # TO BE REMOVED ?