X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fnbi.py;h=ecd6a5ad30bb9c008fb5de85b92eb8b3c10c427c;hp=defb01ccd21aff2ff515f373ecc1b9a316ac33fb;hb=341ac1bac7b115d64a50ec166aa5e6d186b39443;hpb=bdebce96965945c2ce86d80c60c17091c1a7fd42 diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index defb01c..ecd6a5a 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -18,34 +18,35 @@ import cherrypy import time import json import yaml -import html_out as html +import osm_nbi.html_out as html import logging import logging.handlers import getopt import sys -from authconn import AuthException -from auth import Authenticator -from engine import Engine, EngineException -from subscriptions import SubscriptionThread -from validation import ValidationError +from osm_nbi.authconn import AuthException, AuthconnException +from osm_nbi.auth import Authenticator +from osm_nbi.engine import Engine, EngineException +from osm_nbi.subscriptions import SubscriptionThread +from osm_nbi.validation import ValidationError from osm_common.dbbase import DbException from osm_common.fsbase import FsException from osm_common.msgbase import MsgException from http import HTTPStatus from codecs import getreader from os import environ, path +from osm_nbi import version as nbi_version, version_date as nbi_version_date __author__ = "Alfonso Tierno " -__version__ = "0.1.3" -version_date = "Jan 2019" +__version__ = "0.1.3" # file version, not NBI version +version_date = "Aug 2019" + database_version = '1.2' auth_database_version = '1.0' nbi_server = None # instance of Server class subscription_thread = None # instance of SubscriptionThread class - """ North Bound Interface (O: OSM specific; 5,X: SOL005 not implemented yet; O5: SOL005 implemented) URL: /osm GET POST PUT DELETE PATCH @@ -110,6 +111,12 @@ URL: /osm GET POST / O O O /sdns O O / O O O + /k8sclusters O O + / O O O + /k8srepos O O + / O O + /osmrepos O O + / O O /nst/v1 O O /netslice_templates_content O O @@ -210,45 +217,66 @@ valid_url_methods = { }, "users": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "users:", - "": {"METHODS": ("GET", "POST", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "users:id:" } }, "projects": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "projects:", - "": {"METHODS": ("GET", "DELETE", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "projects:id:"} }, "roles": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "roles:", - "": {"METHODS": ("GET", "POST", "DELETE", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "roles:id:" } }, "vims": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "vims:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "vims:id:" } }, "vim_accounts": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "vim_accounts:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "vim_accounts:id:" } }, "wim_accounts": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "wim_accounts:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "wim_accounts:id:" } }, "sdns": {"METHODS": ("GET", "POST"), "ROLE_PERMISSION": "sdn_controllers:", - "": {"METHODS": ("GET", "DELETE", "PATCH", "PUT"), + "": {"METHODS": ("GET", "DELETE", "PATCH"), "ROLE_PERMISSION": "sdn_controllers:id:" } }, + "k8sclusters": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "k8sclusters:", + "": {"METHODS": ("GET", "DELETE", "PATCH"), + "ROLE_PERMISSION": "k8sclusters:id:" + } + }, + "k8srepos": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "k8srepos:", + "": {"METHODS": ("GET", "DELETE"), + "ROLE_PERMISSION": "k8srepos:id:" + } + }, + "osmrepos": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "osmrepos:", + "": {"METHODS": ("GET", "DELETE", "PATCH"), + "ROLE_PERMISSION": "osmrepos:id:" + } + }, + "domains": {"METHODS": ("GET", ), + "ROLE_PERMISSION": "domains:", + }, } }, "pdu": { @@ -279,9 +307,9 @@ valid_url_methods = { "nsd": {"METHODS": ("GET",), # descriptor inside package "ROLE_PERMISSION": "nsds:id:content:" }, - "artifacts": {"*": {"METHODS": ("GET",), - "ROLE_PERMISSION": "nsds:id:nsd_artifact:" - } + "artifacts": {"METHODS": ("GET",), + "ROLE_PERMISSION": "nsds:id:nsd_artifact:", + "*": None, } } }, @@ -316,15 +344,24 @@ valid_url_methods = { "vnfd": {"METHODS": ("GET", ), # descriptor inside package "ROLE_PERMISSION": "vnfds:id:content:" }, - "artifacts": {"*": {"METHODS": ("GET", ), - "ROLE_PERMISSION": "vnfds:id:vnfd_artifact:" - } - } + "artifacts": {"METHODS": ("GET", ), + "ROLE_PERMISSION": "vnfds:id:vnfd_artifact:", + "*": None, + }, + "action": {"METHODS": ("POST", ), + "ROLE_PERMISSION": "vnfds:id:action:" + }, } }, "subscriptions": {"TODO": ("GET", "POST"), "": {"TODO": ("GET", "DELETE")} }, + "vnfpkg_op_occs": {"METHODS": ("GET", ), + "ROLE_PERMISSION": "vnfds:vnfpkgops:", + "": {"METHODS": ("GET", ), + "ROLE_PERMISSION": "vnfds:vnfpkgops:id:" + } + }, } }, "nslcm": { @@ -371,6 +408,12 @@ valid_url_methods = { "ROLE_PERMISSION": "vnf_instances:id:" } }, + "subscriptions": {"METHODS": ("GET", "POST"), + "ROLE_PERMISSION": "ns_subscriptions:", + "": {"METHODS": ("GET", "DELETE"), + "ROLE_PERMISSION": "ns_subscriptions:id:" + } + }, } }, "nst": { @@ -391,9 +434,9 @@ valid_url_methods = { "nst": {"METHODS": ("GET",), # descriptor inside package "ROLE_PERMISSION": "slice_templates:id:content:" }, - "artifacts": {"*": {"METHODS": ("GET",), - "ROLE_PERMISSION": "slice_templates:id:content:" - } + "artifacts": {"METHODS": ("GET",), + "ROLE_PERMISSION": "slice_templates:id:content:", + "*": None } } }, @@ -463,8 +506,8 @@ class Server(object): def __init__(self): self.instance += 1 - self.engine = Engine() self.authenticator = Authenticator(valid_url_methods, valid_query_string) + self.engine = Engine(self.authenticator) def _format_in(self, kwargs): try: @@ -479,7 +522,7 @@ class Server(object): cherrypy.request.headers.pop("Content-File-MD5", None) elif "application/yaml" in cherrypy.request.headers["Content-Type"]: error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) elif "application/binary" in cherrypy.request.headers["Content-Type"] or \ "application/gzip" in cherrypy.request.headers["Content-Type"] or \ @@ -499,11 +542,11 @@ class Server(object): # "Only 'Content-Type' of type 'application/json' or # 'application/yaml' for input format are available") error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) else: error_text = "Invalid yaml format " - indata = yaml.load(cherrypy.request.body) + indata = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader) cherrypy.request.headers.pop("Content-File-MD5", None) if not indata: indata = {} @@ -518,7 +561,7 @@ class Server(object): kwargs[k] = None elif format_yaml: try: - kwargs[k] = yaml.load(v) + kwargs[k] = yaml.load(v, Loader=yaml.SafeLoader) except Exception: pass elif k.endswith(".gt") or k.endswith(".lt") or k.endswith(".gte") or k.endswith(".lte"): @@ -537,7 +580,7 @@ class Server(object): v[index] = None elif format_yaml: try: - v[index] = yaml.load(v[index]) + v[index] = yaml.load(v[index], Loader=yaml.SafeLoader) except Exception: pass @@ -555,7 +598,7 @@ class Server(object): return string of dictionary data according to requested json, yaml, xml. By default json :param data: response to be sent. Can be a dict, text or file :param token_info: Contains among other username and project - :param _format: The format to be set as Content-Type ir data is a file + :param _format: The format to be set as Content-Type if data is a file :return: None """ accept = cherrypy.request.headers.get("Accept") @@ -574,20 +617,14 @@ class Server(object): # TODO check that cherrypy close file. If not implement pending things to close per thread next return data if accept: - if "application/json" in accept: - cherrypy.response.headers["Content-Type"] = 'application/json; charset=utf-8' - a = json.dumps(data, indent=4) + "\n" - return a.encode("utf8") - elif "text/html" in accept: + if "text/html" in accept: return html.format(data, cherrypy.request, cherrypy.response, token_info) - - elif "application/yaml" in accept or "*/*" in accept or "text/plain" in accept: + elif "application/yaml" in accept or "*/*" in accept: pass - # if there is not any valid accept, raise an error. But if response is already an error, format in yaml - elif cherrypy.response.status >= 400: - raise cherrypy.HTTPError(HTTPStatus.NOT_ACCEPTABLE.value, - "Only 'Accept' of type 'application/json' or 'application/yaml' " - "for output format are available") + elif "application/json" in accept or (cherrypy.response.status and cherrypy.response.status >= 300): + cherrypy.response.headers["Content-Type"] = 'application/json; charset=utf-8' + a = json.dumps(data, indent=4) + "\n" + return a.encode("utf8") cherrypy.response.headers["Content-Type"] = 'application/yaml' return yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False, tags=False, encoding='utf-8', allow_unicode=True) # , canonical=True, default_style='"' @@ -598,7 +635,7 @@ class Server(object): try: if cherrypy.request.method == "GET": token_info = self.authenticator.authorize() - outdata = "Index page" + outdata = token_info # Home page else: raise cherrypy.HTTPError(HTTPStatus.METHOD_NOT_ALLOWED.value, "Method {} not allowed for tokens".format(cherrypy.request.method)) @@ -613,13 +650,29 @@ class Server(object): @cherrypy.expose def version(self, *args, **kwargs): # TODO consider to remove and provide version using the static version file - global __version__, version_date try: if cherrypy.request.method != "GET": raise NbiException("Only method GET is allowed", HTTPStatus.METHOD_NOT_ALLOWED) elif args or kwargs: raise NbiException("Invalid URL or query string for version", HTTPStatus.METHOD_NOT_ALLOWED) - return __version__ + " " + version_date + # TODO include version of other modules, pick up from some kafka admin message + osm_nbi_version = {"version": nbi_version, "date": nbi_version_date} + return self._format_out(osm_nbi_version) + except NbiException as e: + cherrypy.response.status = e.http_code.value + problem_details = { + "code": e.http_code.name, + "status": e.http_code.value, + "detail": str(e), + } + return self._format_out(problem_details, None) + + def domain(self): + try: + domains = { + "user_domain_name": cherrypy.tree.apps['/osm'].config["authentication"].get("user_domain_name"), + "project_domain_name": cherrypy.tree.apps['/osm'].config["authentication"].get("project_domain_name")} + return self._format_out(domains) except NbiException as e: cherrypy.response.status = e.http_code.value problem_details = { @@ -629,6 +682,20 @@ class Server(object): } return self._format_out(problem_details, None) + @staticmethod + def _format_login(token_info): + """ + Changes cherrypy.request.login to include username/project_name;session so that cherrypy access log will + log this information + :param token_info: Dictionary with token content + :return: None + """ + cherrypy.request.login = token_info.get("username", "-") + if token_info.get("project_name"): + cherrypy.request.login += "/" + token_info["project_name"] + if token_info.get("id"): + cherrypy.request.login += ";session=" + token_info["id"][0:12] + @cherrypy.expose def token(self, method, token_id=None, kwargs=None): token_info = None @@ -636,52 +703,55 @@ class Server(object): indata = self._format_in(kwargs) if not isinstance(indata, dict): raise NbiException("Expected application/yaml or application/json Content-Type", HTTPStatus.BAD_REQUEST) - try: - if method == "GET": + + if method == "GET": + token_info = self.authenticator.authorize() + # for logging + self._format_login(token_info) + if token_id: + outdata = self.authenticator.get_token(token_info, token_id) + else: + outdata = self.authenticator.get_token_list(token_info) + elif method == "POST": + try: token_info = self.authenticator.authorize() - if token_id: - outdata = self.authenticator.get_token(token_info, token_id) - else: - outdata = self.authenticator.get_token_list(token_info) - elif method == "POST": - try: - token_info = self.authenticator.authorize() - except Exception: - token_info = None - if kwargs: - indata.update(kwargs) - outdata = self.authenticator.new_token(token_info, indata, cherrypy.request.remote) - token_info = outdata - cherrypy.session['Authorization'] = outdata["_id"] - self._set_location_header("admin", "v1", "tokens", outdata["_id"]) - # cherrypy.response.cookie["Authorization"] = outdata["id"] - # cherrypy.response.cookie["Authorization"]['expires'] = 3600 - elif method == "DELETE": - if not token_id and "id" in kwargs: - token_id = kwargs["id"] - elif not token_id: - token_info = self.authenticator.authorize() - token_id = token_info["_id"] - outdata = self.authenticator.del_token(token_id) + except Exception: token_info = None - cherrypy.session['Authorization'] = "logout" - # cherrypy.response.cookie["Authorization"] = token_id - # cherrypy.response.cookie["Authorization"]['expires'] = 0 - else: - raise NbiException("Method {} not allowed for token".format(method), HTTPStatus.METHOD_NOT_ALLOWED) - return self._format_out(outdata, token_info) - except (NbiException, EngineException, DbException, AuthException) as e: - cherrypy.log("tokens Exception {}".format(e)) - cherrypy.response.status = e.http_code.value - problem_details = { - "code": e.http_code.name, - "status": e.http_code.value, - "detail": str(e), - } - return self._format_out(problem_details, token_info) + if kwargs: + indata.update(kwargs) + # This is needed to log the user when authentication fails + cherrypy.request.login = "{}".format(indata.get("username", "-")) + outdata = token_info = self.authenticator.new_token(token_info, indata, cherrypy.request.remote) + cherrypy.session['Authorization'] = outdata["_id"] + self._set_location_header("admin", "v1", "tokens", outdata["_id"]) + # for logging + self._format_login(token_info) + + # cherrypy.response.cookie["Authorization"] = outdata["id"] + # cherrypy.response.cookie["Authorization"]['expires'] = 3600 + elif method == "DELETE": + if not token_id and "id" in kwargs: + token_id = kwargs["id"] + elif not token_id: + token_info = self.authenticator.authorize() + # for logging + self._format_login(token_info) + token_id = token_info["_id"] + outdata = self.authenticator.del_token(token_id) + token_info = None + cherrypy.session['Authorization'] = "logout" + # cherrypy.response.cookie["Authorization"] = token_id + # cherrypy.response.cookie["Authorization"]['expires'] = 0 + else: + raise NbiException("Method {} not allowed for token".format(method), HTTPStatus.METHOD_NOT_ALLOWED) + return self._format_out(outdata, token_info) @cherrypy.expose def test(self, *args, **kwargs): + if not cherrypy.config.get("server.enable_test") or (isinstance(cherrypy.config["server.enable_test"], str) and + cherrypy.config["server.enable_test"].lower() == "false"): + cherrypy.response.status = HTTPStatus.METHOD_NOT_ALLOWED.value + return "test URL is disabled" thread_info = None if args and args[0] == "help": return "
\ninit\nfile/  download file\ndb-clear/table\nfs-clear[/folder]\nlogin\nlogin2\n"\
@@ -739,14 +809,15 @@ class Server(object):
             return_text = "
{} ->\n".format(main_topic)
             try:
                 if cherrypy.request.method == 'POST':
-                    to_send = yaml.load(cherrypy.request.body)
+                    to_send = yaml.load(cherrypy.request.body, Loader=yaml.SafeLoader)
                     for k, v in to_send.items():
                         self.engine.msg.write(main_topic, k, v)
                         return_text += "  {}: {}\n".format(k, v)
                 elif cherrypy.request.method == 'GET':
                     for k, v in kwargs.items():
-                        self.engine.msg.write(main_topic, k, yaml.load(v))
-                        return_text += "  {}: {}\n".format(k, yaml.load(v))
+                        v_dict = yaml.load(v, Loader=yaml.SafeLoader)
+                        self.engine.msg.write(main_topic, k, v_dict)
+                        return_text += "  {}: {}\n".format(k, v_dict)
             except Exception as e:
                 return_text += "Error: " + str(e)
             return_text += "
\n"
@@ -790,7 +861,9 @@ class Server(object):
             elif "" in reference:
                 reference = reference[""]
             elif "*" in reference:
-                reference = reference["*"]
+                # if there is content
+                if reference["*"]:
+                    reference = reference["*"]
                 break
             else:
                 raise NbiException("Unexpected URL item {}".format(arg), HTTPStatus.METHOD_NOT_ALLOWED)
@@ -845,7 +918,8 @@ class Server(object):
             method: show, list, delete, write
         """
         admin_query = {"force": False, "project_id": (token_info["project_id"], ), "username": token_info["username"],
-                       "admin": token_info["admin"], "public": None}
+                       "admin": token_info["admin"], "public": None,
+                       "allow_show_user_project_role": token_info["allow_show_user_project_role"]}
         if kwargs:
             # FORCE
             if "FORCE" in kwargs:
@@ -928,15 +1002,13 @@ class Server(object):
             query_string_operations = self._extract_query_string_operations(kwargs, method)
             if main_topic == "admin" and topic == "tokens":
                 return self.token(method, _id, kwargs)
-
-            # self.engine.load_dbase(cherrypy.request.app.config)
-
-            token_info = self.authenticator.authorize(role_permission, query_string_operations)
+            token_info = self.authenticator.authorize(role_permission, query_string_operations, _id)
+            if main_topic == "admin" and topic == "domains":
+                return self.domain()
             engine_session = self._manage_admin_query(token_info, kwargs, method, _id)
             indata = self._format_in(kwargs)
             engine_topic = topic
-            if topic == "subscriptions":
-                engine_topic = main_topic + "_" + topic
+
             if item and topic != "pm_jobs":
                 engine_topic = item
 
@@ -944,6 +1016,10 @@ class Server(object):
                 engine_topic = "nsds"
             elif main_topic == "vnfpkgm":
                 engine_topic = "vnfds"
+                if topic == "vnfpkg_op_occs":
+                    engine_topic = "vnfpkgops"
+                if topic == "vnf_packages" and item == "action":
+                    engine_topic = "vnfpkgops"
             elif main_topic == "nslcm":
                 engine_topic = "nsrs"
                 if topic == "ns_lcm_op_occs":
@@ -961,6 +1037,9 @@ class Server(object):
             if engine_topic == "vims":   # TODO this is for backward compatibility, it will be removed in the future
                 engine_topic = "vim_accounts"
 
+            if topic == "subscriptions":
+                engine_topic = main_topic + "_" + topic
+
             if method == "GET":
                 if item in ("nsd_content", "package_content", "artifacts", "vnfd", "nsd", "nst", "nst_content"):
                     if item in ("vnfd", "nsd", "nst"):
@@ -975,12 +1054,13 @@ class Server(object):
                                                          cherrypy.request.headers.get("Accept"))
                     outdata = file
                 elif not _id:
-                    outdata = self.engine.get_item_list(engine_session, engine_topic, kwargs)
+                    outdata = self.engine.get_item_list(engine_session, engine_topic, kwargs, api_req=True)
                 else:
                     if item == "reports":
                         # TODO check that project_id (_id in this context) has permissions
                         _id = args[0]
-                    outdata = self.engine.get_item(engine_session, engine_topic, _id)
+                    outdata = self.engine.get_item(engine_session, engine_topic, _id, True)
+
             elif method == "POST":
                 cherrypy.response.status = HTTPStatus.CREATED.value
                 if topic in ("ns_descriptors_content", "vnf_packages_content", "netslice_templates_content"):
@@ -1019,7 +1099,6 @@ class Server(object):
                     indata["netsliceInstanceId"] = _id
                     nsilcmop_id, _ = self.engine.new_item(rollback, engine_session, "nsilcmops", indata, kwargs)
                     outdata = {"id": _id, "nsilcmop_id": nsilcmop_id}
-
                 elif topic == "netslice_instances" and item:
                     indata["lcmOperationType"] = item
                     indata["netsliceInstanceId"] = _id
@@ -1027,6 +1106,21 @@ class Server(object):
                     self._set_location_header(main_topic, version, "nsi_lcm_op_occs", _id)
                     outdata = {"id": _id}
                     cherrypy.response.status = HTTPStatus.ACCEPTED.value
+                elif topic == "vnf_packages" and item == "action":
+                    indata["lcmOperationType"] = item
+                    indata["vnfPkgId"] = _id
+                    _id, _ = self.engine.new_item(rollback, engine_session, "vnfpkgops", indata, kwargs)
+                    self._set_location_header(main_topic, version, "vnfpkg_op_occs", _id)
+                    outdata = {"id": _id}
+                    cherrypy.response.status = HTTPStatus.ACCEPTED.value
+                elif topic == "subscriptions":
+                    _id, _ = self.engine.new_item(rollback, engine_session, engine_topic, indata, kwargs)
+                    self._set_location_header(main_topic, version, topic, _id)
+                    link = {}
+                    link["self"] = cherrypy.response.headers["Location"]
+                    outdata = {"id": _id, "filter": indata["filter"], "callbackUri": indata["CallbackUri"],
+                               "_links": link}
+                    cherrypy.response.status = HTTPStatus.CREATED.value
                 else:
                     _id, op_id = self.engine.new_item(rollback, engine_session, engine_topic, indata, kwargs,
                                                       cherrypy.request.headers)
@@ -1042,34 +1136,32 @@ class Server(object):
                     outdata = self.engine.del_item_list(engine_session, engine_topic, kwargs)
                     cherrypy.response.status = HTTPStatus.OK.value
                 else:  # len(args) > 1
-                    delete_in_process = False
+                    # for NS NSI generate an operation
+                    op_id = None
                     if topic == "ns_instances_content" and not engine_session["force"]:
                         nslcmop_desc = {
                             "lcmOperationType": "terminate",
                             "nsInstanceId": _id,
                             "autoremove": True
                         }
-                        opp_id, _ = self.engine.new_item(rollback, engine_session, "nslcmops", nslcmop_desc, None)
-                        if opp_id:
-                            delete_in_process = True
-                            outdata = {"_id": opp_id}
-                            cherrypy.response.status = HTTPStatus.ACCEPTED.value
+                        op_id, _ = self.engine.new_item(rollback, engine_session, "nslcmops", nslcmop_desc, kwargs)
+                        if op_id:
+                            outdata = {"_id": op_id}
                     elif topic == "netslice_instances_content" and not engine_session["force"]:
                         nsilcmop_desc = {
                             "lcmOperationType": "terminate",
                             "netsliceInstanceId": _id,
                             "autoremove": True
                         }
-                        opp_id, _ = self.engine.new_item(rollback, engine_session, "nsilcmops", nsilcmop_desc, None)
-                        if opp_id:
-                            delete_in_process = True
-                            outdata = {"_id": opp_id}
-                            cherrypy.response.status = HTTPStatus.ACCEPTED.value
-                    if not delete_in_process:
-                        self.engine.del_item(engine_session, engine_topic, _id)
-                        cherrypy.response.status = HTTPStatus.NO_CONTENT.value
-                if engine_topic in ("vim_accounts", "wim_accounts", "sdns"):
-                    cherrypy.response.status = HTTPStatus.ACCEPTED.value
+                        op_id, _ = self.engine.new_item(rollback, engine_session, "nsilcmops", nsilcmop_desc, None)
+                        if op_id:
+                            outdata = {"_id": op_id}
+                    # if there is not any deletion in process, delete
+                    if not op_id:
+                        op_id = self.engine.del_item(engine_session, engine_topic, _id)
+                        if op_id:
+                            outdata = {"op_id": op_id}
+                    cherrypy.response.status = HTTPStatus.ACCEPTED.value if op_id else HTTPStatus.NO_CONTENT.value
 
             elif method in ("PUT", "PATCH"):
                 op_id = None
@@ -1096,10 +1188,15 @@ class Server(object):
             # if Role information changes, it is needed to reload the information of roles
             if topic == "roles" and method != "GET":
                 self.authenticator.load_operation_to_allowed_roles()
+
+            if topic == "projects" and method == "DELETE" \
+                    or topic in ["users", "roles"] and method in ["PUT", "PATCH", "DELETE"]:
+                self.authenticator.remove_token_from_cache()
+
             return self._format_out(outdata, token_info, _format)
         except Exception as e:
             if isinstance(e, (NbiException, EngineException, DbException, FsException, MsgException, AuthException,
-                              ValidationError)):
+                              ValidationError, AuthconnException)):
                 http_code_value = cherrypy.response.status = e.http_code.value
                 http_code_name = e.http_code.name
                 cherrypy.log("Exception {}".format(e))
@@ -1116,6 +1213,9 @@ class Server(object):
                     if rollback_item.get("operation") == "set":
                         self.engine.db.set_one(rollback_item["topic"], {"_id": rollback_item["_id"]},
                                                rollback_item["content"], fail_on_empty=False)
+                    elif rollback_item.get("operation") == "del_list":
+                        self.engine.db.del_list(rollback_item["topic"], rollback_item["filter"], 
+                                                fail_on_empty=False)
                     else:
                         self.engine.db.del_one(rollback_item["topic"], {"_id": rollback_item["_id"]},
                                                fail_on_empty=False)
@@ -1133,6 +1233,13 @@ class Server(object):
             }
             return self._format_out(problem_details, token_info)
             # raise cherrypy.HTTPError(e.http_code.value, str(e))
+        finally:
+            if token_info:
+                self._format_login(token_info)
+                if method in ("PUT", "PATCH", "POST") and isinstance(outdata, dict):
+                    for logging_id in ("id", "op_id", "nsilcmop_id", "nslcmop_id"):
+                        if outdata.get(logging_id):
+                            cherrypy.request.login += ";{}={}".format(logging_id, outdata[logging_id][:36])
 
 
 def _start_service():
@@ -1233,13 +1340,9 @@ def _start_service():
     subscription_thread.start()
     # Do not capture except SubscriptionException
 
-    # load and print version. Ignore possible errors, e.g. file not found
-    try:
-        with open("{}/version".format(engine_config["/static"]['tools.staticdir.dir'])) as version_file:
-            version_data = version_file.read()
-            cherrypy.log.error("Starting OSM NBI Version: {}".format(version_data.replace("\n", " ")))
-    except Exception:
-        pass
+    backend = engine_config["authentication"]["backend"]
+    cherrypy.log.error("Starting OSM NBI Version '{} {}' with '{}' authentication backend"
+                       .format(nbi_version, nbi_version_date, backend))
 
 
 def _stop_service():