X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fadmin_topics.py;h=c198733d98b2554dfb50ab151179048b9c16ae7d;hp=7d1e85dd03079c06ba65eeac464ae0c00f19de66;hb=9ebbf855f902fb7a9864427a364fb102ce792fc0;hpb=1546f2a46d99a4741b23857e6ceb4b813223e297 diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 7d1e85d..c198733 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -18,16 +18,13 @@ from uuid import uuid4 from hashlib import sha256 from http import HTTPStatus from time import time -from validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema -from validation import vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema -from validation import wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema -from validation import validate_input -from validation import ValidationError -from validation import is_valid_uuid # To check that User/Project Names don't look like UUIDs -from base_topic import BaseTopic, EngineException +from osm_nbi.validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema, \ + vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema, \ + wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema, \ + validate_input, ValidationError, is_valid_uuid # To check that User/Project Names don't look like UUIDs +from osm_nbi.base_topic import BaseTopic, EngineException +from osm_nbi.authconn import AuthconnNotFoundException, AuthconnConflictException from osm_common.dbbase import deep_update_rfc7396 -from authconn import AuthconnNotFoundException, AuthconnConflictException -# from authconn_keystone import AuthconnKeystone __author__ = "Alfonso Tierno " @@ -39,8 +36,8 @@ class UserTopic(BaseTopic): schema_edit = user_edit_schema multiproject = False - def __init__(self, db, fs, msg): - BaseTopic.__init__(self, db, fs, msg) + def __init__(self, db, fs, msg, auth): + BaseTopic.__init__(self, db, fs, msg, auth) @staticmethod def _get_project_filter(session): @@ -133,8 +130,8 @@ class ProjectTopic(BaseTopic): schema_edit = project_edit_schema multiproject = False - def __init__(self, db, fs, msg): - BaseTopic.__init__(self, db, fs, msg) + def __init__(self, db, fs, msg, auth): + BaseTopic.__init__(self, db, fs, msg, auth) @staticmethod def _get_project_filter(session): @@ -201,7 +198,7 @@ class ProjectTopic(BaseTopic): class CommonVimWimSdn(BaseTopic): """Common class for VIM, WIM SDN just to unify methods that are equal to all of them""" - config_to_encrypt = () # what keys at config must be encrypted because contains passwords + config_to_encrypt = {} # what keys at config must be encrypted because contains passwords password_to_encrypt = "" # key that contains a password @staticmethod @@ -258,8 +255,10 @@ class CommonVimWimSdn(BaseTopic): final_content[self.password_to_encrypt] = self.db.encrypt(edit_content[self.password_to_encrypt], schema_version=schema_version, salt=final_content["_id"]) - if edit_content.get("config") and self.config_to_encrypt: - for p in self.config_to_encrypt: + config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default") + if edit_content.get("config") and config_to_encrypt_keys: + + for p in config_to_encrypt_keys: if edit_content["config"].get(p): final_content["config"][p] = self.db.encrypt(edit_content["config"][p], schema_version=schema_version, @@ -278,15 +277,16 @@ class CommonVimWimSdn(BaseTopic): :return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified """ super().format_on_new(content, project_id=project_id, make_public=make_public) - content["schema_version"] = schema_version = "1.1" + content["schema_version"] = schema_version = "1.11" # encrypt passwords if content.get(self.password_to_encrypt): content[self.password_to_encrypt] = self.db.encrypt(content[self.password_to_encrypt], schema_version=schema_version, salt=content["_id"]) - if content.get("config") and self.config_to_encrypt: - for p in self.config_to_encrypt: + config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default") + if content.get("config") and config_to_encrypt_keys: + for p in config_to_encrypt_keys: if content["config"].get(p): content["config"][p] = self.db.encrypt(content["config"][p], schema_version=schema_version, @@ -363,7 +363,8 @@ class VimAccountTopic(CommonVimWimSdn): schema_edit = vim_account_edit_schema multiproject = True password_to_encrypt = "vim_password" - config_to_encrypt = ("admin_password", "nsx_password", "vcenter_password") + config_to_encrypt = {"1.1": ("admin_password", "nsx_password", "vcenter_password"), + "default": ("admin_password", "nsx_password", "vcenter_password", "vrops_password")} class WimAccountTopic(CommonVimWimSdn): @@ -373,7 +374,7 @@ class WimAccountTopic(CommonVimWimSdn): schema_edit = wim_account_edit_schema multiproject = True password_to_encrypt = "wim_password" - config_to_encrypt = () + config_to_encrypt = {} class SdnTopic(CommonVimWimSdn): @@ -383,7 +384,7 @@ class SdnTopic(CommonVimWimSdn): schema_edit = sdn_edit_schema multiproject = True password_to_encrypt = "password" - config_to_encrypt = () + config_to_encrypt = {} class UserTopicAuth(UserTopic): @@ -393,8 +394,8 @@ class UserTopicAuth(UserTopic): schema_edit = user_edit_schema def __init__(self, db, fs, msg, auth): - UserTopic.__init__(self, db, fs, msg) - self.auth = auth + UserTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth def check_conflict_on_new(self, session, indata): """ @@ -706,8 +707,8 @@ class ProjectTopicAuth(ProjectTopic): schema_edit = project_edit_schema def __init__(self, db, fs, msg, auth): - ProjectTopic.__init__(self, db, fs, msg) - self.auth = auth + ProjectTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth def check_conflict_on_new(self, session, indata): """ @@ -748,7 +749,7 @@ class ProjectTopicAuth(ProjectTopic): raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT) # Check that project name is not used, regardless keystone already checks this - if self.auth.get_project_list(filter_q={"name": project_name}): + if project_name and self.auth.get_project_list(filter_q={"name": project_name}): raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT) def check_conflict_on_del(self, session, _id, db_content): @@ -887,8 +888,7 @@ class ProjectTopicAuth(ProjectTopic): self.check_conflict_on_edit(session, content, indata, _id=_id) self.format_on_edit(content, indata) - if "name" in indata: - content["name"] = indata["name"] + deep_update_rfc7396(content, indata) self.auth.update_project(content["_id"], content) except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -902,8 +902,8 @@ class RoleTopicAuth(BaseTopic): multiproject = False def __init__(self, db, fs, msg, auth, ops): - BaseTopic.__init__(self, db, fs, msg) - self.auth = auth + BaseTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth self.operations = ops # self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles"