X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fbase_topic.py;h=722ff594c253aaf90c4fcaa2835a30f4a75b92f1;hp=c22833b87ae31a3270fc78f271b025a1a3d9d621;hb=4568a372eb5a204e04d917213de03ec51f9110c1;hpb=32bab47c7fde8ae22795306723f3441ec544fa2b;ds=sidebyside diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py index c22833b..722ff59 100644 --- a/osm_nbi/base_topic.py +++ b/osm_nbi/base_topic.py @@ -19,17 +19,32 @@ from http import HTTPStatus from time import time from osm_common.dbbase import deep_update_rfc7396 from osm_nbi.validation import validate_input, ValidationError, is_valid_uuid +from yaml import safe_load, YAMLError __author__ = "Alfonso Tierno " class EngineException(Exception): - def __init__(self, message, http_code=HTTPStatus.BAD_REQUEST): self.http_code = http_code super(Exception, self).__init__(message) +def deep_get(target_dict, key_list): + """ + Get a value from target_dict entering in the nested keys. If keys does not exist, it returns None + Example target_dict={a: {b: 5}}; key_list=[a,b] returns 5; both key_list=[a,b,c] and key_list=[f,h] return None + :param target_dict: dictionary to be read + :param key_list: list of keys to read from target_dict + :return: The wanted value if exist, None otherwise + """ + for key in key_list: + if not isinstance(target_dict, dict) or key not in target_dict: + return None + target_dict = target_dict[key] + return target_dict + + def get_iterable(input_var): """ Returns an iterable, in case input_var is None it just returns an empty tuple @@ -49,22 +64,41 @@ def versiontuple(v): return tuple(filled) +def increment_ip_mac(ip_mac, vm_index=1): + if not isinstance(ip_mac, str): + return ip_mac + try: + # try with ipv4 look for last dot + i = ip_mac.rfind(".") + if i > 0: + i += 1 + return "{}{}".format(ip_mac[:i], int(ip_mac[i:]) + vm_index) + # try with ipv6 or mac look for last colon. Operate in hex + i = ip_mac.rfind(":") + if i > 0: + i += 1 + # format in hex, len can be 2 for mac or 4 for ipv6 + return ("{}{:0" + str(len(ip_mac) - i) + "x}").format( + ip_mac[:i], int(ip_mac[i:], 16) + vm_index + ) + except Exception: + pass + return None + + class BaseTopic: # static variables for all instance classes - topic = None # to_override - topic_msg = None # to_override - schema_new = None # to_override + topic = None # to_override + topic_msg = None # to_override + quota_name = None # to_override. If not provided topic will be used for quota_name + schema_new = None # to_override schema_edit = None # to_override multiproject = True # True if this Topic can be shared by several projects. Then it contains _admin.projects_read default_quota = 500 # Alternative ID Fields for some Topics - alt_id_field = { - "projects": "name", - "users": "username", - "roles": "name" - } + alt_id_field = {"projects": "name", "users": "username", "roles": "name"} def __init__(self, db, fs, msg, auth): self.db = db @@ -91,24 +125,30 @@ class BaseTopic: """ Check whether topic quota is exceeded by the given project Used by relevant topics' 'new' function to decide whether or not creation of the new item should be allowed - :param projects: projects (tuple) for which quota should be checked - :param override: boolean. If true, don't raise ValidationError even though quota be exceeded + :param session[project_id]: projects (tuple) for which quota should be checked + :param session[force]: boolean. If true, skip quota checking :return: None :raise: DbException if project not found - ValidationError if quota exceeded and not overridden + ValidationError if quota exceeded in one of the projects """ - if session["force"] or session["admin"]: + if session["force"]: return projects = session["project_id"] for project in projects: proj = self.auth.get_project(project) pid = proj["_id"] - quota = proj.get("quotas", {}).get(self.topic, self.default_quota) + quota_name = self.quota_name or self.topic + quota = proj.get("quotas", {}).get(quota_name, self.default_quota) count = self.db.count(self.topic, {"_admin.projects_read": pid}) if count >= quota: name = proj["name"] - raise ValidationError("{} quota ({}) exceeded for project {} ({})".format(self.topic, quota, name, pid)) + raise ValidationError( + "quota ({}={}) exceeded for project {} ({})".format( + quota_name, quota, name, pid + ), + http_code=HTTPStatus.UNPROCESSABLE_ENTITY, + ) def _validate_input_new(self, input, force=False): """ @@ -121,7 +161,7 @@ class BaseTopic: validate_input(input, self.schema_new) return input - def _validate_input_edit(self, input, force=False): + def _validate_input_edit(self, input, content, force=False): """ Validates input user content for an edition. It uses jsonschema. Some overrides will use pyangbind :param input: user input content for the new topic @@ -136,11 +176,11 @@ class BaseTopic: def _get_project_filter(session): """ Generates a filter dictionary for querying database, so that only allowed items for this project can be - addressed. Only propietary or public can be used. Allowed projects are at _admin.project_read/write. If it is + addressed. Only proprietary or public can be used. Allowed projects are at _admin.project_read/write. If it is not present or contains ANY mean public. :param session: contains: project_id: project list this session has rights to access. Can be empty, one or several - set_project: items created will contain this project list + set_project: items created will contain this project list force: True or False public: True, False or None method: "list", "show", "write", "delete" @@ -164,12 +204,16 @@ class BaseTopic: project_filter_n.append(session["PROJECT.ne"]) if project_filter: - if session["method"] in ("list", "show", "delete") or session.get("set_project"): + if session["method"] in ("list", "show", "delete") or session.get( + "set_project" + ): p_filter["_admin.projects_read.cont"] = project_filter else: p_filter["_admin.projects_write.cont"] = project_filter if project_filter_n: - if session["method"] in ("list", "show", "delete") or session.get("set_project"): + if session["method"] in ("list", "show", "delete") or session.get( + "set_project" + ): p_filter["_admin.projects_read.ncont"] = project_filter_n else: p_filter["_admin.projects_write.ncont"] = project_filter_n @@ -192,16 +236,22 @@ class BaseTopic: :param final_content: data once modified. This method may change it. :param edit_content: incremental data that contains the modifications to apply :param _id: internal _id - :return: None or raises EngineException + :return: final_content or raises EngineException """ if not self.multiproject: - return + return final_content # Change public status if session["public"] is not None: - if session["public"] and "ANY" not in final_content["_admin"]["projects_read"]: + if ( + session["public"] + and "ANY" not in final_content["_admin"]["projects_read"] + ): final_content["_admin"]["projects_read"].append("ANY") final_content["_admin"]["projects_write"].clear() - if not session["public"] and "ANY" in final_content["_admin"]["projects_read"]: + if ( + not session["public"] + and "ANY" in final_content["_admin"]["projects_read"] + ): final_content["_admin"]["projects_read"].remove("ANY") # Change project status @@ -210,6 +260,8 @@ class BaseTopic: if p not in final_content["_admin"]["projects_read"]: final_content["_admin"]["projects_read"].append(p) + return final_content + def check_unique_name(self, session, name, _id=None): """ Check that the name is unique for this project @@ -225,8 +277,13 @@ class BaseTopic: _filter["name"] = name if _id: _filter["_id.neq"] = _id - if self.db.get_one(self.topic, _filter, fail_on_empty=False, fail_on_more=False): - raise EngineException("name '{}' already exists for {}".format(name, self.topic), HTTPStatus.CONFLICT) + if self.db.get_one( + self.topic, _filter, fail_on_empty=False, fail_on_more=False + ): + raise EngineException( + "name '{}' already exists for {}".format(name, self.topic), + HTTPStatus.CONFLICT, + ) @staticmethod def format_on_new(content, project_id=None, make_public=False): @@ -267,10 +324,14 @@ class BaseTopic: final_content["_admin"]["modified"] = now return None - def _send_msg(self, action, content): - if self.topic_msg: + def _send_msg(self, action, content, not_send_msg=None): + if self.topic_msg and not_send_msg is not False: + content = content.copy() content.pop("_admin", None) - self.msg.write(self.topic_msg, action, content) + if isinstance(not_send_msg, list): + not_send_msg.append((self.topic_msg, action, content)) + else: + self.msg.write(self.topic_msg, action, content) def check_conflict_on_del(self, session, _id, db_content): """ @@ -283,11 +344,12 @@ class BaseTopic: pass @staticmethod - def _update_input_with_kwargs(desc, kwargs): + def _update_input_with_kwargs(desc, kwargs, yaml_format=False): """ Update descriptor with the kwargs. It contains dot separated keys :param desc: dictionary to be updated :param kwargs: plain dictionary to be used for updating. + :param yaml_format: get kwargs values as yaml format. :return: None, 'desc' is modified. It raises EngineException. """ if not kwargs: @@ -302,27 +364,59 @@ class BaseTopic: update_content = update_content[kitem_old] if isinstance(update_content, dict): kitem_old = kitem + if not isinstance(update_content.get(kitem_old), (dict, list)): + update_content[kitem_old] = {} elif isinstance(update_content, list): + # key must be an index of the list, must be integer kitem_old = int(kitem) + # if index greater than list, extend the list + if kitem_old >= len(update_content): + update_content += [None] * ( + kitem_old - len(update_content) + 1 + ) + if not isinstance(update_content[kitem_old], (dict, list)): + update_content[kitem_old] = {} else: raise EngineException( - "Invalid query string '{}'. Descriptor is not a list nor dict at '{}'".format(k, kitem)) - update_content[kitem_old] = v + "Invalid query string '{}'. Descriptor is not a list nor dict at '{}'".format( + k, kitem + ) + ) + if v is None: + del update_content[kitem_old] + else: + update_content[kitem_old] = v if not yaml_format else safe_load(v) except KeyError: raise EngineException( - "Invalid query string '{}'. Descriptor does not contain '{}'".format(k, kitem_old)) + "Invalid query string '{}'. Descriptor does not contain '{}'".format( + k, kitem_old + ) + ) except ValueError: - raise EngineException("Invalid query string '{}'. Expected integer index list instead of '{}'".format( - k, kitem)) + raise EngineException( + "Invalid query string '{}'. Expected integer index list instead of '{}'".format( + k, kitem + ) + ) except IndexError: raise EngineException( - "Invalid query string '{}'. Index '{}' out of range".format(k, kitem_old)) + "Invalid query string '{}'. Index '{}' out of range".format( + k, kitem_old + ) + ) + except YAMLError: + raise EngineException("Invalid query string '{}' yaml format".format(k)) + + def sol005_projection(self, data): + # Projection was moved to child classes + return data - def show(self, session, _id): + def show(self, session, _id, api_req=False): """ Get complete information on an topic :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id + :param api_req: True if this call is serving an external API request. False if serving internal request. :return: dictionary, raise exception if not found. """ if not self.multiproject: @@ -331,7 +425,14 @@ class BaseTopic: filter_db = self._get_project_filter(session) # To allow project&user addressing by name AS WELL AS _id filter_db[BaseTopic.id_field(self.topic, _id)] = _id - return self.db.get_one(self.topic, filter_db) + data = self.db.get_one(self.topic, filter_db) + + # Only perform SOL005 projection if we are serving an external request + if api_req: + self.sol005_projection(data) + + return data + # TODO transform data for SOL005 URL requests # TODO remove _admin if not admin @@ -344,13 +445,16 @@ class BaseTopic: :param accept_header: Content of Accept header. Must contain applition/zip or/and text/plain :return: opened file or raises an exception """ - raise EngineException("Method get_file not valid for this topic", HTTPStatus.INTERNAL_SERVER_ERROR) + raise EngineException( + "Method get_file not valid for this topic", HTTPStatus.INTERNAL_SERVER_ERROR + ) - def list(self, session, filter_q=None): + def list(self, session, filter_q=None, api_req=False): """ Get a list of the topic that matches a filter :param session: contains the used login username and working project :param filter_q: filter of data to be applied + :param api_req: True if this call is serving an external API request. False if serving internal request. :return: The list, it can be empty if no one match the filter. """ if not filter_q: @@ -360,7 +464,13 @@ class BaseTopic: # TODO transform data for SOL005 URL requests. Transform filtering # TODO implement "field-type" query string SOL005 - return self.db.get_list(self.topic, filter_q) + data = self.db.get_list(self.topic, filter_q) + + # Only perform SOL005 projection if we are serving an external request + if api_req: + data = [self.sol005_projection(inst) for inst in data] + + return data def new(self, rollback, session, indata=None, kwargs=None, headers=None): """ @@ -384,12 +494,14 @@ class BaseTopic: self._update_input_with_kwargs(content, kwargs) content = self._validate_input_new(content, force=session["force"]) self.check_conflict_on_new(session, content) - op_id = self.format_on_new(content, project_id=session["project_id"], make_public=session["public"]) + op_id = self.format_on_new( + content, project_id=session["project_id"], make_public=session["public"] + ) _id = self.db.create(self.topic, content) rollback.append({"topic": self.topic, "_id": _id}) if op_id: content["op_id"] = op_id - self._send_msg("create", content) + self._send_msg("created", content) return _id, op_id except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -406,7 +518,10 @@ class BaseTopic: :return: True package has is completely uploaded or False if partial content has been uplodaed. Raise exception on error """ - raise EngineException("Method upload_content not valid for this topic", HTTPStatus.INTERNAL_SERVER_ERROR) + raise EngineException( + "Method upload_content not valid for this topic", + HTTPStatus.INTERNAL_SERVER_ERROR, + ) def delete_list(self, session, filter_q=None): """ @@ -422,7 +537,7 @@ class BaseTopic: filter_q.update(self._get_project_filter(session)) return self.db.del_list(self.topic, filter_q) - def delete_extra(self, session, _id, db_content): + def delete_extra(self, session, _id, db_content, not_send_msg=None): """ Delete other things apart from database entry of a item _id. e.g.: other associated elements at database and other file system storage @@ -430,46 +545,75 @@ class BaseTopic: :param _id: server internal id :param db_content: The database content of the _id. It is already deleted when reached this method, but the content is needed in same cases + :param not_send_msg: To not send message (False) or store content (list) instead :return: None if ok or raises EngineException with the problem """ pass - def delete(self, session, _id, dry_run=False): + def delete(self, session, _id, dry_run=False, not_send_msg=None): """ Delete item by its internal _id :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id :param dry_run: make checking but do not delete + :param not_send_msg: To not send message (False) or store content (list) instead :return: operation id (None if there is not operation), raise exception if error or not found, conflict, ... """ # To allow addressing projects and users by name AS WELL AS by _id - filter_q = {BaseTopic.id_field(self.topic, _id): _id} + if not self.multiproject: + filter_q = {} + else: + filter_q = self._get_project_filter(session) + filter_q[self.id_field(self.topic, _id)] = _id item_content = self.db.get_one(self.topic, filter_q) - # TODO add admin to filter, validate rights - # data = self.get_item(topic, _id) self.check_conflict_on_del(session, _id, item_content) if dry_run: return None - - if self.multiproject: - filter_q.update(self._get_project_filter(session)) + if self.multiproject and session["project_id"]: - # remove reference from project_read. If not last delete - # if this topic is not part of session["project_id"] no midification at database is done and an exception - # is raised - self.db.set_one(self.topic, filter_q, update_dict=None, - pull={"_admin.projects_read": {"$in": session["project_id"]}}) - # try to delete if there is not any more reference from projects. Ignore if it is not deleted - filter_q = {'_id': _id, '_admin.projects_read': [[], ["ANY"]]} - v = self.db.del_one(self.topic, filter_q, fail_on_empty=False) - if not v or not v["deleted"]: + # remove reference from project_read if there are more projects referencing it. If it last one, + # do not remove reference, but delete + other_projects_referencing = next( + ( + p + for p in item_content["_admin"]["projects_read"] + if p not in session["project_id"] and p != "ANY" + ), + None, + ) + + # check if there are projects referencing it (apart from ANY, that means, public).... + if other_projects_referencing: + # remove references but not delete + update_dict_pull = { + "_admin.projects_read": session["project_id"], + "_admin.projects_write": session["project_id"], + } + self.db.set_one( + self.topic, filter_q, update_dict=None, pull_list=update_dict_pull + ) return None - else: - self.db.del_one(self.topic, filter_q) - self.delete_extra(session, _id, item_content) - self._send_msg("deleted", {"_id": _id}) + else: + can_write = next( + ( + p + for p in item_content["_admin"]["projects_write"] + if p == "ANY" or p in session["project_id"] + ), + None, + ) + if not can_write: + raise EngineException( + "You have not write permission to delete it", + http_code=HTTPStatus.UNAUTHORIZED, + ) + + # delete + self.db.del_one(self.topic, filter_q) + self.delete_extra(session, _id, item_content, not_send_msg=not_send_msg) + self._send_msg("deleted", {"_id": _id}, not_send_msg=not_send_msg) return None def edit(self, session, _id, indata=None, kwargs=None, content=None): @@ -489,19 +633,20 @@ class BaseTopic: self._update_input_with_kwargs(indata, kwargs) try: if indata and session.get("set_project"): - raise EngineException("Cannot edit content and set to project (query string SET_PROJECT) at same time", - HTTPStatus.UNPROCESSABLE_ENTITY) - indata = self._validate_input_edit(indata, force=session["force"]) - + raise EngineException( + "Cannot edit content and set to project (query string SET_PROJECT) at same time", + HTTPStatus.UNPROCESSABLE_ENTITY, + ) # TODO self._check_edition(session, indata, _id, force) if not content: content = self.show(session, _id) + indata = self._validate_input_edit(indata, content, force=session["force"]) deep_update_rfc7396(content, indata) # To allow project addressing by name AS WELL AS _id. Get the _id, just in case the provided one is a name _id = content.get("_id") or _id - self.check_conflict_on_edit(session, content, indata, _id=_id) + content = self.check_conflict_on_edit(session, content, indata, _id=_id) op_id = self.format_on_edit(content, indata) self.db.replace(self.topic, _id, content) @@ -510,7 +655,7 @@ class BaseTopic: if op_id: indata["op_id"] = op_id indata["_id"] = _id - self._send_msg("edit", indata) + self._send_msg("edited", indata) return op_id except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)