X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fnbi.py;h=66105d6fa3a618d6b51c859e700bd1ff7a917896;hp=03e8727a18760cd60910711f0d771b2bdbfb689c;hb=refs%2Fchanges%2F82%2F8482%2F1;hpb=5792d7d7e1ff32ef0edfc432bd86a8fb348622c3 diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index 03e8727..66105d6 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -35,7 +35,7 @@ from osm_common.msgbase import MsgException from http import HTTPStatus from codecs import getreader from os import environ, path -from osm_nbi import version as nbi_version, version_date as nbi_version_date +from osm_nbi import version as _nbi_version, version_date as nbi_version_date __author__ = "Alfonso Tierno " @@ -46,6 +46,7 @@ database_version = '1.2' auth_database_version = '1.0' nbi_server = None # instance of Server class subscription_thread = None # instance of SubscriptionThread class +nbi_version = _nbi_version # by default this is fixed in the code """ @@ -112,6 +113,10 @@ URL: /osm GET POST / O O O /sdns O O / O O O + /k8sclusters O O + / O O O + /k8srepos O O + / O O /nst/v1 O O /netslice_templates_content O O @@ -212,45 +217,58 @@ valid_url_methods = { }, "users": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "users:", - "": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "users:id:" } }, "projects": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "projects:", - "": {"METHODS": ("GET", "DELETE", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "projects:id:"} }, "roles": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "roles:", - "": {"METHODS": ("GET", "POST", "DELETE", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "roles:id:" } }, "vims": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "vims:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "vims:id:" } }, "vim_accounts": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "vim_accounts:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "vim_accounts:id:" } }, "wim_accounts": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "wim_accounts:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "wim_accounts:id:" } }, "sdns": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "sdn_controllers:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "sdn_controllers:id:" } }, + "k8sclusters": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "k8sclusters:", + "": {"METHODS": ("GET", "DELETE", "PATCH"), + "ROLE_PERMISSION": "k8sclusters:id:" + } + }, + "k8srepos": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "k8srepos:", + "": {"METHODS": ("GET", "DELETE"), + "ROLE_PERMISSION": "k8srepos:id:" + } + }, + } }, "pdu": { @@ -465,8 +483,8 @@ class Server(object): def __init__(self): self.instance += 1 - self.engine = Engine() self.authenticator = Authenticator(valid_url_methods, valid_query_string) + self.engine = Engine(self.authenticator.tokens_cache) def _format_in(self, kwargs): try: @@ -481,7 +499,7 @@ class Server(object): cherrypy.request.headers.pop("Content-File-MD5", None) elif "application/yaml" in cherrypy.request.headers["Content-Type"]: error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) elif "application/binary" in cherrypy.request.headers["Content-Type"] or \ "application/gzip" in cherrypy.request.headers["Content-Type"] or \ @@ -501,11 +519,11 @@ class Server(object): # "Only 'Content-Type' of type 'application/json' or # 'application/yaml' for input format are available") error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) else: error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) if not indata: indata = {} @@ -520,7 +538,7 @@ class Server(object): kwargs[k] = None elif format_yaml: try: - kwargs[k] = yaml.load(v) + kwargs[k] = yaml.load(v, Loader=yaml.SafeLoader) except Exception: pass elif k.endswith(".gt") or k.endswith(".lt") or k.endswith(".gte") or k.endswith(".lte"): @@ -539,7 +557,7 @@ class Server(object): v[index] = None elif format_yaml: try: - v[index] = yaml.load(v[index]) + v[index] = yaml.load(v[index], Loader=yaml.SafeLoader) except Exception: pass @@ -698,6 +716,10 @@ class Server(object): @cherrypy.expose def test(self, *args, **kwargs): + if not cherrypy.config.get("server.enable_test") or (isinstance(cherrypy.config["server.enable_test"], str) and + cherrypy.config["server.enable_test"].lower() == "false"): + cherrypy.response.status = HTTPStatus.METHOD_NOT_ALLOWED.value + return "test URL is disabled" thread_info = None if args and args[0] == "help": return "
\ninit\nfile/  download file\ndb-clear/table\nfs-clear[/folder]\nlogin\nlogin2\n"\
@@ -755,14 +777,14 @@ class Server(object):
             return_text = "
{} ->\n".format(main_topic)
             try:
                 if cherrypy.request.method == 'POST':
-                    to_send = yaml.load(cherrypy.request.body)
+                    to_send = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
                     for k, v in to_send.items():
                         self.engine.msg.write(main_topic, k, v)
                         return_text += "  {}: {}\n".format(k, v)
                 elif cherrypy.request.method == 'GET':
                     for k, v in kwargs.items():
-                        self.engine.msg.write(main_topic, k, yaml.load(v))
-                        return_text += "  {}: {}\n".format(k, yaml.load(v))
+                        self.engine.msg.write(main_topic, k, yaml.load(v), Loader=yaml.SafeLoader)
+                        return_text += "  {}: {}\n".format(k, yaml.load(v), Loader=yaml.SafeLoader)
             except Exception as e:
                 return_text += "Error: " + str(e)
             return_text += "
\n"
@@ -861,7 +883,8 @@ class Server(object):
             method: show, list, delete, write
         """
         admin_query = {"force": False, "project_id": (token_info["project_id"], ), "username": token_info["username"],
-                       "admin": token_info["admin"], "public": None}
+                       "admin": token_info["admin"], "public": None,
+                       "allow_show_user_project_role": token_info["allow_show_user_project_role"]}
         if kwargs:
             # FORCE
             if "FORCE" in kwargs:
@@ -944,8 +967,7 @@ class Server(object):
             query_string_operations = self._extract_query_string_operations(kwargs, method)
             if main_topic == "admin" and topic == "tokens":
                 return self.token(method, _id, kwargs)
-
-            token_info = self.authenticator.authorize(role_permission, query_string_operations)
+            token_info = self.authenticator.authorize(role_permission, query_string_operations, _id)
             engine_session = self._manage_admin_query(token_info, kwargs, method, _id)
             indata = self._format_in(kwargs)
             engine_topic = topic
@@ -1082,7 +1104,7 @@ class Server(object):
                     if not delete_in_process:
                         self.engine.del_item(engine_session, engine_topic, _id)
                         cherrypy.response.status = HTTPStatus.NO_CONTENT.value
-                if engine_topic in ("vim_accounts", "wim_accounts", "sdns"):
+                if engine_topic in ("vim_accounts", "wim_accounts", "sdns", "k8sclusters", "k8srepos"):
                     cherrypy.response.status = HTTPStatus.ACCEPTED.value
 
             elif method in ("PUT", "PATCH"):
@@ -1156,6 +1178,18 @@ class Server(object):
                             cherrypy.request.login += ";{}={}".format(logging_id, outdata[logging_id][:36])
 
 
+def _get_version():
+    """
+    Try to get version from package using pkg_resources (available with setuptools)
+    """
+    global nbi_version
+    try:
+        from pkg_resources import get_distribution
+        nbi_version = get_distribution("osm_nbi").version
+    except Exception:
+        pass
+
+
 def _start_service():
     """
     Callback function called when cherrypy.engine starts
@@ -1256,8 +1290,8 @@ def _start_service():
 
     # load and print version. Ignore possible errors, e.g. file not found
     try:
+        _get_version()
         backend = engine_config["authentication"]["backend"]
-        nbi_version
         cherrypy.log.error("Starting OSM NBI Version '{}' with '{}' authentication backend"
                            .format(nbi_version + " " + nbi_version_date, backend))
     except Exception: