refact api code to make it more clean

Change-Id: I4e520bd55c0a4b1df67bc8c68681437e71e310e6

bin/manage_db.py

@@ -21,13 +21,9 @@ import sys
 
 from flask.ext.script import Manager
 
-from compass.actions import clean_deployment
-from compass.actions import clean_installing_progress
 from compass.actions import deploy
 from compass.actions import reinstall
-from compass.actions import search
 from compass.api import app
-from compass.config_management.utils import config_manager
 from compass.db.api import database
 from compass.tasks.client import celery
 from compass.utils import flags
@@ -98,8 +94,9 @@ def checkdb():
 @app_manager.command
 def createdb():
     """Creates database from sqlalchemy models."""
+    database.init()
     try:
-        dropdb()
+        database.drop_db()
     except Exception:
         pass
 
@@ -114,12 +111,14 @@ def createdb():
 @app_manager.command
 def dropdb():
     """Drops database from sqlalchemy models."""
+    database.init()
     database.drop_db()
 
 
 @app_manager.command
 def createtable():
     """Create database table."""
+    database.init()
     if not flags.OPTIONS.table_name:
         print 'flag --table_name is missing'
         return
@@ -135,6 +134,7 @@ def createtable():
 @app_manager.command
 def droptable():
     """Drop database table."""
+    database.init()
     if not flags.OPTIONS.table_name:
         print 'flag --table_name is missing'
         return
@@ -147,68 +147,6 @@ def droptable():
     database.drop_table(TABLE_MAPPING[table_name])
 
 
-@app_manager.command
-def sync_from_installers():
-    """set adapters in Adapter table from installers."""
-    with database.session():
-        manager = config_manager.ConfigManager()
-        manager.update_adapters_from_installers()
-
-
-@app_manager.command
-def sync_switch_configs():
-    """Set switch configs in SwitchConfig table from setting.
-
-    .. note::
-       the switch config is stored in SWITCHES list in setting config.
-       for each entry in the SWITCHES, its type is dict and must contain
-       fields 'switch_ips' and 'filter_ports'.
-       The format of switch_ips is
-       <ip_blocks>.<ip_blocks>.<ip_blocks>.<ip_blocks>.
-       ip_blocks consists of ip_block separated by comma.
-       ip_block can be an integer and a range of integer like xx-xx.
-       The example of switch_ips is like: xxx.xxx.xxx-yyy,xxx-yyy.xxx,yyy
-       The format of filter_ports consists of list of
-       <port_prefix><port_range> separated by comma. port_range can be an
-       integer or a rnage of integer like xx-xx.
-       The example of filter_ports is like: ae1-5,20-40.
-    """
-    with database.session():
-        manager = config_manager.ConfigManager()
-        manager.update_switch_filters()
-
-
-@app_manager.command
-def clean_clusters():
-    """Delete clusters and hosts.
-
-    .. note::
-       The clusters and hosts are defined in --clusters.
-       the clusters flag is as clusterid:hostname1,hostname2,...;...
-    """
-    cluster_hosts = util.get_clusters_from_str(flags.OPTIONS.clusters)
-    if flags.OPTIONS.async:
-        celery.send_task('compass.tasks.clean_deployment', (cluster_hosts,))
-    else:
-        clean_deployment.clean_deployment(cluster_hosts)
-
-
-@app_manager.command
-def clean_installation_progress():
-    """Clean clusters and hosts installation progress.
-
-    .. note::
-       The cluster and hosts is defined in --clusters.
-       The clusters flags is as clusterid:hostname1,hostname2,...;...
-    """
-    cluster_hosts = util.get_clusters_from_str(flags.OPTIONS.clusters)
-    if flags.OPTIONS.async:
-        celery.send_task('compass.tasks.clean_installing_progress',
-                         (cluster_hosts,))
-    else:
-        clean_installing_progress.clean_installing_progress(cluster_hosts)
-
-
 @app_manager.command
 def reinstall_clusters():
     """Reinstall hosts in clusters.
@@ -217,7 +155,7 @@ def reinstall_clusters():
        The hosts are defined in --clusters.
        The clusters flag is as clusterid:hostname1,hostname2,...;...
     """
-    cluster_hosts = util.get_clusters_from_str(flags.OPTIONS.clusters)
+    cluster_hosts = flags.OPTIONS.clusters
     if flags.OPTIONS.async:
         celery.send_task('compass.tasks.reinstall', (cluster_hosts,))
     else:
@@ -232,77 +170,13 @@ def deploy_clusters():
        The hosts are defined in --clusters.
        The clusters flag is as clusterid:hostname1,hostname2,...;...
     """
-    cluster_hosts = util.get_clusters_from_str(flags.OPTIONS.clusters)
+    cluster_hosts = flags.OPTIONS.clusters
     if flags.OPTIONS.async:
         celery.send_task('compass.tasks.deploy', (cluster_hosts,))
     else:
         deploy.deploy(cluster_hosts)
 
 
-@app_manager.command
-def set_switch_machines():
-    """Set switches and machines.
-
-    .. note::
-       --switch_machines_file is the filename which stores all switches
-       and machines information.
-       each line in fake_switches_files presents one machine.
-       the format of each line machine,<switch_ip>,<switch_port>,<vlan>,<mac>
-       or switch,<switch_ip>,<switch_vendor>,<switch_version>,
-       <switch_community>,<switch_state>
-    """
-    if not flags.OPTIONS.switch_machines_file:
-        print 'flag --switch_machines_file is missing'
-        return
-
-    switches, switch_machines = util.get_switch_machines_from_file(
-        flags.OPTIONS.switch_machines_file)
-    with database.session():
-        manager = config_manager.ConfigManager()
-        manager.update_switch_and_machines(switches, switch_machines)
-
-
-@app_manager.command
-def search_cluster_hosts():
-    """Search cluster hosts by properties.
-
-    .. note::
-       --search_cluster_properties defines what properties are used to search.
-       the format of search_cluster_properties is as
-       <property_name>=<property_value>;... If no search properties are set,
-       It will returns properties of all hosts.
-       --print_cluster_properties defines what properties to print.
-       the format of print_cluster_properties is as
-       <property_name>;...
-       --search_host_properties defines what properties are used to search.
-       the format of search_host_properties is as
-       <property_name>=<property_value>;... If no search properties are set,
-       It will returns properties of all hosts.
-       --print_host_properties defines what properties to print.
-       the format of print_host_properties is as
-       <property_name>;...
-
-    """
-    cluster_properties = util.get_properties_from_str(
-        flags.OPTIONS.search_cluster_properties)
-    cluster_properties_name = util.get_properties_name_from_str(
-        flags.OPTIONS.print_cluster_properties)
-    host_properties = util.get_properties_from_str(
-        flags.OPTIONS.search_host_properties)
-    host_properties_name = util.get_properties_name_from_str(
-        flags.OPTIONS.print_host_properties)
-    cluster_hosts = util.get_clusters_from_str(flags.OPTIONS.clusters)
-    cluster_properties, cluster_host_properties = search.search(
-        cluster_hosts, cluster_properties,
-        cluster_properties_name, host_properties,
-        host_properties_name)
-    print 'clusters properties:'
-    util.print_properties(cluster_properties)
-    for clusterid, host_properties in cluster_host_properties.items():
-        print 'hosts properties under cluster %s' % clusterid
-        util.print_properties(host_properties)
-
-
 if __name__ == "__main__":
     flags.init()
     logsetting.init()

compass/actions/deploy.py

@@ -19,7 +19,6 @@
 import logging
 
 from compass.actions import util
-from compass.config_management.utils.config_manager import ConfigManager
 from compass.db.api import database
 
 
@@ -37,10 +36,3 @@ def deploy(cluster_hosts):
             raise Exception('failed to acquire lock to deploy')
 
         logging.debug('deploy cluster_hosts: %s', cluster_hosts)
-        with database.session():
-            cluster_hosts, os_versions, target_systems = (
-                util.update_cluster_hosts(cluster_hosts))
-            manager = ConfigManager()
-            manager.install_cluster_and_hosts(
-                cluster_hosts, os_versions, target_systems)
-            manager.sync()

compass/actions/reinstall.py

@@ -19,7 +19,6 @@
 import logging
 
 from compass.actions import util
-from compass.config_management.utils.config_manager import ConfigManager
 from compass.db.api import database
 
 
@@ -36,12 +35,4 @@ def reinstall(cluster_hosts):
         if not lock:
             raise Exception(
                 'failed to acquire lock to reinstall')
-
         logging.debug('reinstall cluster_hosts: %s', cluster_hosts)
-        with database.session():
-            cluster_hosts, os_versions, target_systems = (
-                util.update_cluster_hosts(cluster_hosts))
-            manager = ConfigManager()
-            manager.reinstall_cluster_and_hosts(
-                cluster_hosts, os_versions, target_systems)
-            manager.sync()

compass/api/__init__.py

@@ -40,5 +40,3 @@ app.config['REMEMBER_COOKIE_DURATION'] = (
 login_manager = LoginManager()
 login_manager.login_view = 'login'
 login_manager.init_app(app)
-
-from compass.api import api as compass_api

compass/api/api.py

@@ -16,6 +16,7 @@
 """Define all the RestfulAPI entry points."""
 import datetime
 import functools
+import logging
 import netaddr
 import simplejson as json
 
@@ -36,6 +37,7 @@ from compass.api import exception_handler
 from compass.api import utils
 from compass.db.api import adapter_holder as adapter_api
 from compass.db.api import cluster as cluster_api
+from compass.db.api import database
 from compass.db.api import host as host_api
 from compass.db.api import machine as machine_api
 from compass.db.api import metadata_holder as metadata_api
@@ -1885,7 +1887,15 @@ def update_host_state(host_id):
     )
 
 
+def init():
+    logging.info('init flask')
+    database.init()
+    adapter_api.load_adapters()
+    metadata_api.load_metadatas()
+
+
 if __name__ == '__main__':
     flags.init()
     logsetting.init()
+    init()
     app.run(host='0.0.0.0')

compass/db/api/adapter_holder.py

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 """Adapter related object holder."""
+import logging
+
 from compass.db.api import adapter as adapter_api
 from compass.db.api import database
 from compass.db.api import permission
@@ -34,12 +36,14 @@ PACKAGE_FIELD_MAPPING = {
 }
 
 
-def load_adapters():
+@database.run_in_session()
-    with database.session() as session:
+def load_adapters(session):
-        return adapter_api.get_adapters_internal(session)
+    global ADAPTER_MAPPING
+    logging.info('load adapters into memory')
+    ADAPTER_MAPPING = adapter_api.get_adapters_internal(session)
 
 
-ADAPTER_MAPPING = load_adapters()
+ADAPTER_MAPPING = {}
 
 
 def _filter_adapters(adapter_config, filter_name, filter_value):
@@ -62,7 +66,11 @@ def _filter_adapters(adapter_config, filter_name, filter_value):
 
 
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_adapters(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_ADAPTERS
+)
+def list_adapters(session, lister, **filters):
     """list adapters."""
     translated_filters = {}
     for filter_name, filter_value in filters:
@@ -71,14 +79,12 @@ def list_adapters(lister, **filters):
                 OS_FIELD_MAPPING[filter_name]
             ] = filter_value
         elif filter_name in PACKAGE_FIELD_MAPPING:
-            translated_filters.setdefault('package-adapter', {})[
+            translated_filters.setdefault('package_adapter', {})[
                 PACKAGE_FIELD_MAPPING[filter_name]
             ] = filter_value
         else:
             translated_filters[filter_name] = filter_value
-    with database.session() as session:
+
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_ADAPTERS)
     filtered_adapter_dicts = []
     adapter_dicts = ADAPTER_MAPPING.values()
     for adapter_dict in adapter_dicts:
@@ -91,11 +97,12 @@ def list_adapters(lister, **filters):
 
 
 @utils.supported_filters([])
-def get_adapter(getter, adapter_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_ADAPTERS
+)
+def get_adapter(session, getter, adapter_id, **kwargs):
     """get adapter."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_ADAPTERS)
     if adapter_id not in ADAPTER_MAPPING:
         raise exception.RecordNotExists(
             'adpater %s does not exist' % adapter_id
@@ -104,11 +111,12 @@ def get_adapter(getter, adapter_id, **kwargs):
 
 
 @utils.supported_filters([])
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_ADAPTERS
+)
 def get_adapter_roles(getter, adapter_id, **kwargs):
     """get adapter roles."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_ADAPTERS)
     if adapter_id not in ADAPTER_MAPPING:
         raise exception.RecordNotExists(
             'adpater %s does not exist' % adapter_id

compass/db/api/cluster.py

@@ -94,31 +94,30 @@ UPDATED_CLUSTERHOST_STATE_FIELDS = [
 ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_clusters(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_clusters(session, lister, **filters):
     """List clusters."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_CLUSTERS)
-        return [
-            cluster.to_dict()
-            for cluster in utils.list_db_objects(
         session, models.Cluster, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def get_cluster(getter, cluster_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_cluster(session, getter, cluster_id, **kwargs):
     """Get cluster info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTERS)
     return utils.get_db_object(
         session, models.Cluster, id=cluster_id
-        ).to_dict()
+    )
 
 
 def _conditional_exception(cluster, exception_when_not_editable):
@@ -135,7 +134,6 @@ def is_cluster_editable(
     reinstall_distributed_system_set=False,
     exception_when_not_editable=True
 ):
-    with session.begin(subtransactions=True):
     if reinstall_distributed_system_set:
         if cluster.state.state == 'INSTALLING':
             return _conditional_exception(
@@ -152,28 +150,28 @@ def is_cluster_editable(
     return True
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(ADDED_FIELDS)
-def add_cluster(creator, name, adapter_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_CLUSTER
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def add_cluster(session, creator, name, adapter_id, **kwargs):
     """Create a cluster."""
-    with database.session() as session:
+    return utils.add_db_object(
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_ADD_CLUSTER)
-        cluster = utils.add_db_object(
         session, models.Cluster, True,
         name, adapter_id=adapter_id, creator_id=creator.id, **kwargs
     )
-        cluster_dict = cluster.to_dict()
-        return cluster_dict
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=UPDATED_FIELDS)
-def update_cluster(updater, cluster_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_CLUSTER
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def update_cluster(session, updater, cluster_id, **kwargs):
     """Update a cluster."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTER)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
@@ -183,40 +181,43 @@ def update_cluster(updater, cluster_id, **kwargs):
             kwargs.get('reinstall_distributed_system', False)
         )
     )
-        utils.update_db_object(session, cluster, **kwargs)
+    return utils.update_db_object(session, cluster, **kwargs)
-        return cluster.to_dict()
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def del_cluster(deleter, cluster_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_CLUSTER
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_cluster(session, deleter, cluster_id, **kwargs):
     """Delete a cluster."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_CLUSTER)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
     is_cluster_editable(session, cluster, deleter)
-        utils.del_db_object(session, cluster)
+    return utils.del_db_object(session, cluster)
-        return cluster.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters([])
-def get_cluster_config(getter, cluster_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTER_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
+def get_cluster_config(session, getter, cluster_id, **kwargs):
     """Get cluster config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTER_CONFIG)
     return utils.get_db_object(
         session, models.Cluster, id=cluster_id
-        ).to_dict()
+    )
 
 
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_CLUSTER_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 def update_cluster_config_internal(session, updater, cluster, **kwargs):
     """Update a cluster config."""
-    with session.begin(subtransactions=True):
     is_cluster_editable(session, cluster, updater)
     utils.update_db_object(
         session, cluster, config_validated=False, **kwargs
@@ -231,56 +232,49 @@ def update_cluster_config_internal(session, updater, cluster, **kwargs):
         metadata_api.validate_package_config(
             package_config, cluster.adapter_id
         )
+    return cluster
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters(optional_support_keys=UPDATED_CONFIG_FIELDS)
-def update_cluster_config(updater, cluster_id, **kwargs):
+@database.run_in_session()
+def update_cluster_config(session, updater, cluster_id, **kwargs):
     """Update cluster config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTER_CONFIG)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
-        update_cluster_config_internal(
+    return update_cluster_config_internal(
         session, updater, cluster, **kwargs
     )
-        return cluster.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters(optional_support_keys=PATCHED_CONFIG_FIELDS)
-def patch_cluster_config(updater, cluster_id, **kwargs):
+@database.run_in_session()
+def patch_cluster_config(session, updater, cluster_id, **kwargs):
     """patch cluster config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTER_CONFIG)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
-        update_cluster_config_internal(
+    return update_cluster_config_internal(
         session, updater, cluster, **kwargs
     )
-        return cluster.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters([])
-def del_cluster_config(deleter, cluster_id):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_CLUSTER_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
+def del_cluster_config(session, deleter, cluster_id):
     """Delete a cluster config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_CLUSTER_CONFIG)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
     is_cluster_editable(session, cluster, deleter)
-        utils.update_db_object(
+    return utils.update_db_object(
         session, cluster, os_config={},
         package_config={}, config_validated=False
     )
-        return cluster.to_dict()
 
 
 @utils.supported_filters(
@@ -331,16 +325,13 @@ def add_clusterhost_internal(
 
 
 def _add_clusterhosts(session, cluster, machine_dicts):
-    with session.begin(subtransactions=True):
     for machine_dict in machine_dicts:
         add_clusterhost_internal(
-                session, cluster,
+            session, cluster, **machine_dict
-                **machine_dict
         )
 
 
 def _remove_clusterhosts(session, cluster, host_ids):
-    with session.begin(subtransactions=True):
     utils.del_db_objects(
         session, models.ClusterHost,
         cluster_id=cluster.id, host_id=host_ids
@@ -348,159 +339,159 @@ def _remove_clusterhosts(session, cluster, host_ids):
 
 
 def _set_clusterhosts(session, cluster, machine_dicts):
-    with session.begin(subtransactions=True):
     utils.del_db_objects(
         session, models.ClusterHost,
         cluster_id=cluster.id
     )
     for machine_dict in machine_dicts:
         add_clusterhost_internal(
-                session, cluster,
+            session, cluster, True, **machine_dict
-                True, **machine_dict
         )
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_CLUSTERHOST_FIELDS)
-def list_cluster_hosts(lister, cluster_id, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERHOSTS
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def list_cluster_hosts(session, lister, cluster_id, **filters):
     """Get cluster host info."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_CLUSTERHOSTS)
-        return [
-            clusterhost.to_dict()
-            for clusterhost in utils.list_db_objects(
         session, models.ClusterHost, cluster_id=cluster_id,
         **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_CLUSTERHOST_FIELDS)
-def list_clusterhosts(lister, **filters):
+@database.run_in_session()
-    """Get cluster host info."""
+@user_api.check_user_permission_in_session(
-    with database.session() as session:
+    permission.PERMISSION_LIST_CLUSTERHOSTS
-        user_api.check_user_permission_internal(
+)
-            session, lister, permission.PERMISSION_LIST_CLUSTERHOSTS)
-        return [
-            clusterhost.to_dict()
-            for clusterhost in utils.list_db_objects(
-                session, models.ClusterHost,
-                **filters
-            )
-        ]
-
-
 @utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def list_clusterhosts(session, lister, **filters):
+    """Get cluster host info."""
+    return utils.list_db_objects(
+        session, models.ClusterHost, **filters
+    )
+
+
 @utils.supported_filters([])
-def get_cluster_host(getter, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERHOSTS
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def get_cluster_host(session, getter, cluster_id, host_id, **kwargs):
     """Get clusterhost info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTERHOSTS)
     return utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters([])
-def get_clusterhost(getter, clusterhost_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERHOSTS
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def get_clusterhost(session, getter, clusterhost_id, **kwargs):
     """Get clusterhost info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTERHOSTS)
     return utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters(
     ADDED_CLUSTERHOST_FIELDS,
     optional_support_keys=UPDATED_CLUSTERHOST_FIELDS
 )
-def add_cluster_host(creator, cluster_id, machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_CLUSTER_HOSTS
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def add_cluster_host(session, creator, cluster_id, machine_id, **kwargs):
     """Add cluster host."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_UPDATE_CLUSTER_HOSTS)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
-        clusterhost = add_clusterhost_internal(
+    return add_clusterhost_internal(
         session, cluster, True,
         machine_id=machine_id, **kwargs
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters([])
-def del_cluster_host(deleter, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_CLUSTER_HOST
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def del_cluster_host(session, deleter, cluster_id, host_id, **kwargs):
     """Delete cluster host."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_CLUSTER_HOST)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
     )
-        utils.del_db_object(
+    return utils.del_db_object(
         session, clusterhost
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters([])
-def del_clusterhost(deleter, clusterhost_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_CLUSTER_HOST
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
+def del_clusterhost(session, deleter, clusterhost_id, **kwargs):
     """Delete cluster host."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_CLUSTER_HOST)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         id=clusterhost_id
     )
-        utils.del_db_object(
+    return utils.del_db_object(
         session, clusterhost
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters([])
-def get_cluster_host_config(getter, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERHOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
+def get_cluster_host_config(session, getter, cluster_id, host_id, **kwargs):
     """Get clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTERHOST_CONFIG)
     return utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters([])
-def get_clusterhost_config(getter, clusterhost_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_CLUSTERHOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
+def get_clusterhost_config(session, getter, clusterhost_id, **kwargs):
     """Get clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_CLUSTERHOST_CONFIG)
     return utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
-        ).to_dict()
+    )
 
 
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_CLUSTERHOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 def update_clusterhost_config_internal(
     session, updater, clusterhost, **kwargs
 ):
     """Update clusterhost config internal."""
-    with session.begin(subtransactions=True):
     is_cluster_editable(session, clusterhost.cluster, updater)
     utils.update_db_object(
         session, clusterhost, config_validated=False, **kwargs
@@ -510,125 +501,121 @@ def update_clusterhost_config_internal(
         metadata_api.validate_package_config(
             package_config, clusterhost.cluster.adapter_id
         )
+    return clusterhost
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters(
     optional_support_keys=UPDATED_CLUSTERHOST_CONFIG_FIELDS
 )
-def update_cluster_host_config(updater, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+def update_cluster_host_config(
+    session, updater, cluster_id, host_id, **kwargs
+):
     """Update clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTERHOST_CONFIG)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
     )
-        update_clusterhost_config_internal(
+    return update_clusterhost_config_internal(
         session, updater, clusterhost, **kwargs
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters(
     optional_support_keys=UPDATED_CLUSTERHOST_CONFIG_FIELDS
 )
-def update_clusterhost_config(updater, clusterhost_id, **kwargs):
+@database.run_in_session()
+def update_clusterhost_config(
+    session, updater, clusterhost_id, **kwargs
+):
     """Update clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTERHOST_CONFIG)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
     )
-        update_clusterhost_config_internal(
+    return update_clusterhost_config_internal(
         session, updater, clusterhost, **kwargs
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters(PATCHED_CLUSTERHOST_CONFIG_FIELDS)
-def patch_cluster_host_config(updater, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+def patch_cluster_host_config(
+    session, updater, cluster_id, host_id, **kwargs
+):
     """patch clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTERHOST_CONFIG)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
     )
-        update_clusterhost_config_internal(
+    return update_clusterhost_config_internal(
         session, updater, clusterhost, **kwargs
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters(PATCHED_CLUSTERHOST_CONFIG_FIELDS)
-def patch_clusterhost_config(updater, clusterhost_id, **kwargs):
+@database.run_in_session()
+def patch_clusterhost_config(
+    session, updater, clusterhost_id, **kwargs
+):
     """patch clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_CLUSTERHOST_CONFIG)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
     )
-        update_clusterhost_config_internal(
+    return update_clusterhost_config_internal(
         session, updater, clusterhost, **kwargs
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters([])
-def delete_cluster_host_config(deleter, cluster_id, host_id):
+@database.run_in_session()
-    """Delet a clusterhost config."""
+@user_api.check_user_permission_in_session(
-    with database.session() as session:
+    permission.PERMISSION_DEL_CLUSTERHOST_CONFIG
-        user_api.check_user_permission_internal(
+)
-            session, deleter, permission.PERMISSION_DEL_CLUSTERHOST_CONFIG)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
+def delete_cluster_host_config(
+    session, deleter, cluster_id, host_id
+):
+    """Delete a clusterhost config."""
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, hsot_id=host_id
     )
     is_cluster_editable(session, clusterhost.cluster, deleter)
-        utils.update_db_object(
+    return utils.update_db_object(
         session, clusterhost, package_config={}, config_validated=False
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
 @utils.supported_filters([])
-def delete_clusterhost_config(deleter, clusterhost_id):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_CLUSTERHOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_CONFIG_FIELDS)
+def delete_clusterhost_config(session, deleter, clusterhost_id):
     """Delet a clusterhost config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_CLUSTERHOST_CONFIG)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
     )
     is_cluster_editable(session, clusterhost.cluster, deleter)
-        utils.update_db_object(
+    return utils.update_db_object(
         session, clusterhost, package_config={}, config_validated=False
     )
-        return clusterhost.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 @utils.supported_filters(
     optional_support_keys=['add_hosts', 'remove_hosts', 'set_hosts']
 )
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_CLUSTER_HOSTS
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_FIELDS)
 def update_cluster_hosts(
-    updater, cluster_id, add_hosts=[], set_hosts=None,
+    session, updater, cluster_id, add_hosts=[], set_hosts=None,
     remove_hosts=[]
 ):
     """Update cluster hosts."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_CLUSTER_HOSTS)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
@@ -639,17 +626,18 @@ def update_cluster_hosts(
         _add_clusterhosts(session, cluster, add_hosts)
     if set_hosts is not None:
         _set_clusterhosts(session, cluster, set_hosts)
-        return [host.to_dict() for host in cluster.clusterhosts]
+    return cluster.clusterhosts
 
 
-@utils.wrap_to_dict(RESP_REVIEW_FIELDS)
 @utils.supported_filters([])
-def review_cluster(reviewer, cluster_id):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_REVIEW_CLUSTER
+)
+@utils.wrap_to_dict(RESP_REVIEW_FIELDS)
+def review_cluster(session, reviewer, cluster_id):
     """review cluster."""
     from compass.db.api import host as host_api
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, reviewer, permission.PERMISSION_REVIEW_CLUSTER)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
@@ -688,7 +676,7 @@ def review_cluster(reviewer, cluster_id):
             deployed_package_config = util.mrege_dict(
                 package_config, clusterhost_package_config
             )
-                metadata_api.validate_os_config(
+            metadata_api.validate_package_config(
                 deployed_package_config,
                 cluster.adapter_id, True
             )
@@ -704,14 +692,17 @@ def review_cluster(reviewer, cluster_id):
     }
 
 
-@utils.wrap_to_dict(RESP_ACTION_FIELDS)
 @utils.supported_filters(optional_support_keys=['clusterhosts'])
-def deploy_cluster(deployer, cluster_id, clusterhosts=[], **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEPLOY_CLUSTER
+)
+@utils.wrap_to_dict(RESP_ACTION_FIELDS)
+def deploy_cluster(
+    session, deployer, cluster_id, clusterhosts=[], **kwargs
+):
     """deploy cluster."""
     from compass.tasks import client as celery_client
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deployer, permission.PERMISSION_DEPLOY_CLUSTER)
     cluster = utils.get_db_object(
         session, models.Cluster, id=cluster_id
     )
@@ -727,52 +718,62 @@ def deploy_cluster(deployer, cluster_id, clusterhosts=[], **kwargs):
     }
 
 
-@utils.wrap_to_dict(RESP_STATE_FIELDS)
 @utils.supported_filters([])
-def get_cluster_state(getter, cluster_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_GET_CLUSTER_STATE
+)
+@utils.wrap_to_dict(RESP_STATE_FIELDS)
+def get_cluster_state(session, getter, cluster_id, **kwargs):
     """Get cluster state info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_GET_CLUSTER_STATE)
     return utils.get_db_object(
         session, models.Cluster, id=cluster_id
     ).state_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
 @utils.supported_filters([])
-def get_cluster_host_state(getter, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_GET_CLUSTERHOST_STATE
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
+def get_cluster_host_state(
+    session, getter, cluster_id, host_id, **kwargs
+):
     """Get clusterhost state info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_GET_CLUSTERHOST_STATE)
     return utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
     ).state_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
 @utils.supported_filters([])
-def get_clusterhost_state(getter, clusterhost_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_GET_CLUSTERHOST_STATE
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
+def get_clusterhost_state(
+    session, getter, clusterhost_id, **kwargs
+):
     """Get clusterhost state info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_GET_CLUSTERHOST_STATE)
     return utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
     ).state_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
 @utils.supported_filters(
     optional_support_keys=UPDATED_CLUSTERHOST_STATE_FIELDS
 )
-def update_cluster_host_state(updater, cluster_id, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_CLUSTERHOST_STATE
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
+def update_cluster_host_state(
+    session, updater, cluster_id, host_id, **kwargs
+):
     """Update a clusterhost state."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_CLUSTERHOST_STATE)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost,
         cluster_id=cluster_id, host_id=host_id
@@ -781,17 +782,20 @@ def update_cluster_host_state(updater, cluster_id, host_id, **kwargs):
     return clusterhost.state_dict()
 
 
-@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
 @utils.supported_filters(
     optional_support_keys=UPDATED_CLUSTERHOST_STATE_FIELDS
 )
-def update_clusterhost_state(updater, clusterhost_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_CLUSTERHOST_STATE
+)
+@utils.wrap_to_dict(RESP_CLUSTERHOST_STATE_FIELDS)
+def update_clusterhost_state(
+    session, updater, clusterhost_id, **kwargs
+):
     """Update a clusterhost state."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_CLUSTERHOST_STATE)
     clusterhost = utils.get_db_object(
         session, models.ClusterHost, id=clusterhost_id
     )
-        is_cluster_editable(session, clusterhost.cluster, updater)
+    utils.update_db_object(session, clusterhost.state, **kwargs)
     return clusterhost.state_dict()

compass/db/api/database.py

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 """Provider interface to manipulate database."""
+import functools
 import logging
 import netaddr
 
@@ -33,22 +34,22 @@ SCOPED_SESSION = None
 SESSION_HOLDER = local()
 
 
-def init(database_url):
+def init(database_url=None):
     """Initialize database.
 
     :param database_url: string, database url.
     """
     global ENGINE
     global SCOPED_SESSION
+    if not database_url:
+        database_url = setting.SQLALCHEMY_DATABASE_URI
+    logging.info('init database %s', database_url)
     ENGINE = create_engine(database_url, convert_unicode=True)
     SESSION.configure(bind=ENGINE)
     SCOPED_SESSION = scoped_session(SESSION)
     models.BASE.query = SCOPED_SESSION.query_property()
 
 
-init(setting.SQLALCHEMY_DATABASE_URI)
-
-
 def in_session():
     """check if in database session scope."""
     if hasattr(SESSION_HOLDER, 'session'):
@@ -105,6 +106,16 @@ def current_session():
             raise exception.DatabaseException(str(error))
 
 
+def run_in_session():
+    def decorator(func):
+        @functools.wraps(func)
+        def wrapper(*args, **kwargs):
+            with session() as my_session:
+                return func(my_session, *args, **kwargs)
+        return wrapper
+    return decorator
+
+
 def _setup_user_table(user_session):
     """Initialize default user."""
     logging.info('setup user table')
@@ -229,10 +240,10 @@ def _setup_package_adapter_roles(role_session):
     adapter.add_roles_internal(role_session)
 
 
-def create_db():
+@run_in_session()
+def create_db(my_session):
     """Create database."""
     models.BASE.metadata.create_all(bind=ENGINE)
-    with session() as my_session:
     _setup_permission_table(my_session)
     _setup_user_table(my_session)
     _setup_switch_table(my_session)
@@ -255,13 +266,13 @@ def drop_db():
     models.BASE.metadata.drop_all(bind=ENGINE)
 
 
-def create_table(table):
+@run_in_session()
+def create_table(my_session, table):
     """Create table.
 
     :param table: Class of the Table defined in the model.
     """
     table.__table__.create(bind=ENGINE, checkfirst=True)
-    with session() as my_session:
     if table == models.User:
         _setup_user_table(my_session)
     elif table == models.Permission:

compass/db/api/host.py

@@ -68,45 +68,44 @@ UPDATED_STATE_FIELDS = [
 ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_hosts(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOSTS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_hosts(session, lister, **filters):
     """List hosts."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_HOSTS)
-        return [
-            host.to_dict()
-            for host in utils.list_db_objects(
         session, models.Host, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def get_host(getter, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOSTS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_host(session, getter, host_id, **kwargs):
     """get host info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_HOSTS)
     return utils.get_db_object(
         session, models.Host, id=host_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_CLUSTER_FIELDS)
 @utils.supported_filters([])
-def get_host_clusters(getter, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_CLUSTERS
+)
+@utils.wrap_to_dict(RESP_CLUSTER_FIELDS)
+def get_host_clusters(session, getter, host_id, **kwargs):
     """get host clusters."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_HOST_CLUSTERS)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
-        clusterhosts = host.clusterhosts
+    return [clusterhost.cluster for clusterhost in host.clusterhosts]
-        return [clusterhost.cluster.to_dict() for clusterhost in clusterhosts]
 
 
 def _conditional_exception(host, exception_when_not_editable):
@@ -139,13 +138,14 @@ def is_host_editable(
     return True
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(UPDATED_FIELDS)
-def update_host(updater, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_HOST
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def update_host(session, updater, host_id, **kwargs):
     """Update a host."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_HOST)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
@@ -153,42 +153,43 @@ def update_host(updater, host_id, **kwargs):
         session, host, updater,
         reinstall_os_set=kwargs.get('reinstall_os', False)
     )
-        utils.update_db_object(session, host, **kwargs)
+    return utils.update_db_object(session, host, **kwargs)
-        return host.to_dict()
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def del_host(deleter, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_HOST
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_host(session, deleter, host_id, **kwargs):
     """Delete a host."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_HOST)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
     is_host_editable(session, host, deleter)
-        utils.del_db_object(session, host)
+    return utils.del_db_object(session, host)
-        return host.to_dict()
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters([])
-def get_host_config(getter, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
+def get_host_config(session, getter, host_id, **kwargs):
     """Get host config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_HOST_CONFIG)
     return utils.get_db_object(
         session, models.Host, id=host_id
-        ).to_dict()
+    )
 
 
-def _update_host_config(updater, host_id, **kwargs):
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_HOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
+def _update_host_config(session, updater, host_id, **kwargs):
     """Update host config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_HOST_CONFIG)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
@@ -199,200 +200,202 @@ def _update_host_config(updater, host_id, **kwargs):
         metadata_api.validate_os_config(
             os_config, host.adapter_id
         )
-        return host.to_dict()
+    return host
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters(UPDATED_CONFIG_FIELDS)
-def update_host_config(updater, host_id, **kwargs):
+@database.run_in_session()
-    return _update_host_config(updater, host_id, **kwargs)
+def update_host_config(session, updater, host_id, **kwargs):
+    return _update_host_config(session, updater, host_id, **kwargs)
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters(PATCHED_CONFIG_FIELDS)
-def patch_host_config(updater, host_id, **kwargs):
+@database.run_in_session()
-    return _update_host_config(updater, host_id, **kwargs)
+def patch_host_config(session, updater, host_id, **kwargs):
+    return _update_host_config(session, updater, host_id, **kwargs)
 
 
-@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
 @utils.supported_filters([])
-def del_host_config(deleter, host_id):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_HOST_CONFIG
+)
+@utils.wrap_to_dict(RESP_CONFIG_FIELDS)
+def del_host_config(session, deleter, host_id):
     """delete a host config."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_HOST_CONFIG)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
     is_host_editable(session, host, deleter)
-        utils.update_db_object(
+    return utils.update_db_object(
         session, host, os_config={}, config_validated=False
     )
-        return host.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters(
     optional_support_keys=SUPPORTED_NETOWORK_FIELDS
 )
-def list_host_networks(lister, host_id, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def list_host_networks(session, lister, host_id, **filters):
     """Get host networks."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_HOST_NETWORKS)
-        host_networks = utils.list_db_objects(
         session, models.HostNetwork,
         host_id=host_id, **filters
     )
-        return [host_network.to_dict() for host_network in host_networks]
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters(
     optional_support_keys=SUPPORTED_NETOWORK_FIELDS
 )
-def list_hostnetworks(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def list_hostnetworks(session, lister, **filters):
     """Get host networks."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_HOST_NETWORKS)
-        host_networks = utils.list_db_objects(
         session, models.HostNetwork, **filters
     )
-        return [host_network.to_dict() for host_network in host_networks]
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters([])
-def get_host_network(getter, host_id, subnet_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def get_host_network(session, getter, host_id, subnet_id, **kwargs):
     """Get host network."""
-    with database.session() as session:
+    return utils.get_db_object(
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_HOST_NETWORKS)
-        host_network = utils.get_db_object(
         session, models.HostNetwork,
         host_id=host_id, subnet_id=subnet_id
     )
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters([])
-def get_hostnetwork(getter, host_network_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_HOST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def get_hostnetwork(session, getter, host_network_id, **kwargs):
     """Get host network."""
-    with database.session() as session:
+    return utils.get_db_object(
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_HOST_NETWORKS)
-        host_network = utils.get_db_object(
         session, models.HostNetwork,
         id=host_network_id
     )
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters(
     ADDED_NETWORK_FIELDS, optional_support_keys=OPTIONAL_ADDED_NETWORK_FIELDS
 )
-def add_host_network(creator, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_HOST_NETWORK
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def add_host_network(session, creator, host_id, **kwargs):
     """Create a host network."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_ADD_HOST_NETWORK)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )
     is_host_editable(session, host, creator)
-        host_network = utils.add_db_object(
+    return utils.add_db_object(
         session, models.HostNetwork, True,
         host_id, **kwargs
     )
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters(
     optional_support_keys=UPDATED_NETWORK_FIELDS
 )
-def update_host_network(updater, host_id, subnet_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_HOST_NETWORK
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def update_host_network(session, updater, host_id, subnet_id, **kwargs):
     """Update a host network."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_HOST_NETWORK)
     host_network = utils.get_db_object(
         session, models.HostNetwork,
         host_id=host_id, subnet_id=subnet_id
     )
     is_host_editable(session, host_network.host, updater)
-        utils.update_db_object(session, host_network, **kwargs)
+    return utils.update_db_object(session, host_network, **kwargs)
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters(UPDATED_NETWORK_FIELDS)
-def update_hostnetwork(updater, host_network_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_HOST_NETWORK
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def update_hostnetwork(session, updater, host_network_id, **kwargs):
     """Update a host network."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_HOST_NETWORK)
     host_network = utils.get_db_object(
         session, models.HostNetwork, id=host_network_id
     )
     is_host_editable(session, host_network.host, updater)
-        utils.update_db_object(session, host_network, **kwargs)
+    return utils.update_db_object(session, host_network, **kwargs)
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters([])
-def del_host_network(deleter, host_id, subnet_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_HOST_NETWORK
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def del_host_network(session, deleter, host_id, subnet_id, **kwargs):
     """Delete a host network."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_HOST_NETWORK)
     host_network = utils.get_db_object(
         session, models.HostNetwork,
         host_id=host_id, subnet_id=subnet_id
     )
     is_host_editable(session, host_network.host, deleter)
-        utils.del_db_object(session, host_network)
+    return utils.del_db_object(session, host_network)
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
 @utils.supported_filters([])
-def del_hostnetwork(deleter, host_network_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_HOST_NETWORK
+)
+@utils.wrap_to_dict(RESP_NETWORK_FIELDS)
+def del_hostnetwork(session, deleter, host_network_id, **kwargs):
     """Delete a host network."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_HOST_NETWORK)
     host_network = utils.get_db_object(
         session, models.HostNetwork, id=host_network_id
     )
     is_host_editable(session, host_network.host, deleter)
-        utils.del_db_object(session, host_network)
+    return utils.del_db_object(session, host_network)
-        return host_network.to_dict()
 
 
-@utils.wrap_to_dict(RESP_STATE_FIELDS)
 @utils.supported_filters([])
-def get_host_state(getter, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_GET_HOST_STATE
+)
+@utils.wrap_to_dict(RESP_STATE_FIELDS)
+def get_host_state(session, getter, host_id, **kwargs):
     """Get host state info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_GET_HOST_STATE)
     return utils.get_db_object(
         session, models.Host, id=host_id
     ).state_dict()
 
 
-@utils.wrap_to_dict(RESP_STATE_FIELDS)
 @utils.supported_filters(UPDATED_STATE_FIELDS)
-def update_host_state(updater, host_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_HOST_STATE
+)
+@utils.wrap_to_dict(RESP_STATE_FIELDS)
+def update_host_state(session, updater, host_id, **kwargs):
     """Update a host state."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_HOST_STATE)
     host = utils.get_db_object(
         session, models.Host, id=host_id
     )

compass/db/api/installer.py

@@ -39,11 +39,9 @@ def _add_installers(session, model, configs):
 
 def add_os_installers_internal(session):
     configs = util.load_configs(setting.OS_INSTALLER_DIR)
-    with session.begin(subtransactions=True):
     return _add_installers(session, models.OSInstaller, configs)
 
 
 def add_package_installers_internal(session):
     configs = util.load_configs(setting.PACKAGE_INSTALLER_DIR)
-    with session.begin(subtransactions=True):
     return _add_installers(session, models.PackageInstaller, configs)

compass/db/api/machine.py

@@ -66,8 +66,8 @@ def _check_ipmi_credentials(ipmi_credentials):
             )
         check_ipmi_credential_field = '_check_ipmi_credentials_%s' % key
         this_module = globals()
-        if hasattr(this_module, check_ipmi_credential_field):
+        if check_ipmi_credential_field in this_module:
-            getattr(this_module, check_ipmi_credential_field)(
+            this_module[check_ipmi_credential_field](
                 ipmi_credentials[key]
             )
         else:
@@ -76,80 +76,73 @@ def _check_ipmi_credentials(ipmi_credentials):
             )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def get_machine(getter, machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_MACHINES
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_machine(session, getter, machine_id, **kwargs):
     """get field dict of a machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_MACHINES)
     return utils.get_db_object(
         session, models.Machine, True, id=machine_id
-        ).to_dict()
+    )
 
 
+@utils.supported_filters(
+    optional_support_keys=SUPPORTED_FIELDS
+)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_MACHINES
+)
 @utils.output_filters(
     tag=utils.general_filter_callback,
     location=utils.general_filter_callback
 )
 @utils.wrap_to_dict(RESP_FIELDS)
-@utils.supported_filters(
+def list_machines(session, lister, **filters):
-    optional_support_keys=SUPPORTED_FIELDS
-)
-def list_machines(lister, **filters):
     """List machines."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_MACHINES)
-        return [
-            machine.to_dict()
-            for machine in utils.list_db_objects(
         session, models.Machine, **filters
     )
-        ]
 
 
-def _update_machine(updater, machine_id, **kwargs):
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_MACHINE
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def _update_machine(session, updater, machine_id, **kwargs):
     """Update a machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_MACHINE)
     machine = utils.get_db_object(session, models.Machine, id=machine_id)
-        utils.update_db_object(session, machine, **kwargs)
+    return utils.update_db_object(session, machine, **kwargs)
-        machine_dict = machine.to_dict()
-        utils.validate_outputs(
-            {'ipmi_credentials': _check_ipmi_credentials},
-            machine_dict
-        )
-        return machine_dict
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(ipmi_credentials=_check_ipmi_credentials)
 @utils.supported_filters(optional_support_keys=UPDATED_FIELDS)
-def update_machine(updater, machine_id, **kwargs):
+@utils.input_validates(ipmi_credentials=_check_ipmi_credentials)
+@database.run_in_session()
+def update_machine(session, updater, machine_id, **kwargs):
     return _update_machine(
-        updater, machine_id,
+        session, updater, machine_id, **kwargs
-        **kwargs
     )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=PATCHED_FIELDS)
-def patch_machine(updater, machine_id, **kwargs):
+@database.run_in_session()
+@utils.output_validates(ipmi_credentials=_check_ipmi_credentials)
+def patch_machine(session, updater, machine_id, **kwargs):
     return _update_machine(
-        updater, machine_id,
+        session, updater, machine_id, **kwargs
-        **kwargs
     )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters()
-def del_machine(deleter, machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_MACHINE
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_machine(session, deleter, machine_id, **kwargs):
     """Delete a machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_MACHINE)
     machine = utils.get_db_object(session, models.Switch, id=machine_id)
-        utils.del_db_object(session, machine)
+    return utils.del_db_object(session, machine)
-        return machine.to_dict()

compass/db/api/metadata.py

@@ -67,7 +67,6 @@ def _add_metadata(
     parent=None, adapter=None
 ):
     metadata = config.get('_self', {})
-    print 'add metadata %s to adapter %s' % (metadata, adapter)
     if 'field' in metadata:
         field = utils.get_db_object(
             session, field_model, field=metadata['field']

compass/db/api/metadata_holder.py

@@ -23,12 +23,14 @@ from compass.db.api import utils
 from compass.db import exception
 
 
-def load_metadatas():
+@database.run_in_session()
-    with database.session() as session:
+def load_metadatas(session):
-        return metadata_api.get_metadatas_internal(session)
+    global METADATA_MAPPING
+    logging.info('load metadatas into memory')
+    METADATA_MAPPING = metadata_api.get_metadatas_internal(session)
 
 
-METADATA_MAPPING = load_metadatas()
+METADATA_MAPPING = {}
 
 
 def _validate_config(
@@ -84,11 +86,12 @@ def _filter_metadata(metadata):
 
 
 @utils.supported_filters([])
-def get_metadata(getter, adapter_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_METADATAS
+)
+def get_metadata(session, getter, adapter_id, **kwargs):
     """get adapter."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_METADATAS)
     if adapter_id not in METADATA_MAPPING:
         raise exception.RecordNotExists(
             'adpater %s does not exist' % adapter_id

compass/db/api/network.py

@@ -39,73 +39,70 @@ def _check_subnet(subnet):
             'subnet %s format unrecognized' % subnet)
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_subnets(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_subnets(session, lister, **filters):
     """List subnets."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_NETWORKS)
-        return [
-            network.to_dict()
-            for network in utils.list_db_objects(
         session, models.Network, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def get_subnet(getter, subnet_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_NETWORKS
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_subnet(session, getter, subnet_id, **kwargs):
     """Get subnet info."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_NETWORKS)
     return utils.get_db_object(
         session, models.Network, id=subnet_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(subnet=_check_subnet)
 @utils.supported_filters(ADDED_FIELDS)
-def add_subnet(creator, subnet, **kwargs):
+@utils.input_validates(subnet=_check_subnet)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_NETWORK
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def add_subnet(session, creator, subnet, **kwargs):
     """Create a subnet."""
-    with database.session() as session:
+    return utils.add_db_object(
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_ADD_NETWORK)
-        network = utils.add_db_object(
         session, models.Network, True, subnet
     )
-        network_dict = network.to_dict()
-        print 'network: %s' % network_dict
-        return network_dict
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(subnet=_check_subnet)
 @utils.supported_filters(UPDATED_FIELDS)
-def update_subnet(updater, subnet_id, **kwargs):
+@utils.input_validates(subnet=_check_subnet)
-    """Update a subnet."""
+@database.run_in_session()
-    with database.session() as session:
+@user_api.check_user_permission_in_session(
-        user_api.check_user_permission_internal(
+    permission.PERMISSION_ADD_NETWORK
-            session, updater, permission.PERMISSION_ADD_NETWORK)
+)
-        network = utils.get_db_object(
-            session, models.Network, id=subnet_id
-        )
-        utils.update_db_object(session, network, **kwargs)
-        return network.to_dict()
-
-
 @utils.wrap_to_dict(RESP_FIELDS)
-@utils.supported_filters([])
+def update_subnet(session, updater, subnet_id, **kwargs):
-def del_subnet(deleter, subnet_id, **kwargs):
+    """Update a subnet."""
-    """Delete a subnet."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_NETWORK)
     network = utils.get_db_object(
         session, models.Network, id=subnet_id
     )
-        utils.del_db_object(session, network)
+    return utils.update_db_object(session, network, **kwargs)
-        return network.to_dict()
+
+
+@utils.supported_filters([])
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_NETWORK
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_subnet(session, deleter, subnet_id, **kwargs):
+    """Delete a subnet."""
+    network = utils.get_db_object(
+        session, models.Network, id=subnet_id
+    )
+    return utils.del_db_object(session, network)

compass/db/api/permission.py

@@ -14,6 +14,7 @@
 
 """Permission database operations."""
 from compass.db.api import database
+from compass.db.api import user as user_api
 from compass.db.api import utils
 from compass.db import exception
 from compass.db import models
@@ -43,9 +44,19 @@ PERMISSION_LIST_PERMISSIONS = PermissionWrapper(
 PERMISSION_LIST_SWITCHES = PermissionWrapper(
     'list_switches', 'list switches', 'list all switches'
 )
+PERMISSION_LIST_SWITCH_FILTERS = PermissionWrapper(
+    'list_switch_filters',
+    'list switch filters',
+    'list switch filters'
+)
 PERMISSION_ADD_SWITCH = PermissionWrapper(
     'add_switch', 'add switch', 'add switch'
 )
+PERMISSION_UPDATE_SWITCH_FILTERS = PermissionWrapper(
+    'update_switch_filters',
+    'update switch filters',
+    'update switch filters'
+)
 PERMISSION_DEL_SWITCH = PermissionWrapper(
     'delete_switch', 'delete switch', 'delete switch'
 )
@@ -195,6 +206,8 @@ PERMISSIONS = [
     PERMISSION_LIST_SWITCHES,
     PERMISSION_ADD_SWITCH,
     PERMISSION_DEL_SWITCH,
+    PERMISSION_LIST_SWITCH_FILTERS,
+    PERMISSION_UPDATE_SWITCH_FILTERS,
     PERMISSION_LIST_SWITCH_MACHINES,
     PERMISSION_ADD_SWITCH_MACHINE,
     PERMISSION_DEL_SWITCH_MACHINE,
@@ -244,42 +257,31 @@ def list_permissions_internal(session, **filters):
     return utils.list_db_objects(session, models.Permission, **filters)
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_permissions(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(PERMISSION_LIST_PERMISSIONS)
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_permissions(session, lister, **filters):
     """list permissions."""
-    from compass.db.api import user as user_api
+    return utils.list_db_objects(
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, lister, PERMISSION_LIST_PERMISSIONS
-        )
-        return [
-            permission.to_dict()
-            for permission in utils.list_db_objects(
         session, models.Permission, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters()
-def get_permission(getter, permission_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(PERMISSION_LIST_PERMISSIONS)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_permission(session, getter, permission_id, **kwargs):
     """get permissions."""
-    from compass.db.api import user as user_api
+    return utils.get_db_object(
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, PERMISSION_LIST_PERMISSIONS
-        )
-        permission = utils.get_db_object(
         session, models.Permission, id=permission_id
     )
-        return permission.to_dict()
 
 
 def add_permissions_internal(session):
     """internal functions used by other db.api modules only."""
     permissions = []
-    with session.begin(subtransactions=True):
     for permission in PERMISSIONS:
         permissions.append(
             utils.add_db_object(

compass/db/api/switch.py

@@ -170,156 +170,149 @@ def get_switch_internal(
         )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def get_switch(getter, switch_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCHES
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def get_switch(session, getter, switch_id, **kwargs):
     """get field dict of a switch."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_SWITCHES)
     return utils.get_db_object(
         session, models.Switch, id=switch_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_switches(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCHES
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_switches(session, lister, **filters):
     """List switches."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_SWITCHES)
-        return [
-            switch.to_dict()
-            for switch in utils.list_db_objects(
         session, models.Switch, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters([])
-def del_switch(deleter, switch_id, **kwargs):
+@database.run_in_session()
-    """Delete a switch."""
+@user_api.check_user_permission_in_session(
-    with database.session() as session:
+    permission.PERMISSION_DEL_SWITCH
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_SWITCH)
-        switch = utils.get_db_object(session, models.Switch, id=switch_id)
-        utils.del_db_object(session, switch)
-        return switch.to_dict()
-
-
-@utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(
-    ip=utils.check_ip,
-    credentials=_check_credentials
 )
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_switch(session, deleter, switch_id, **kwargs):
+    """Delete a switch."""
+    switch = utils.get_db_object(session, models.Switch, id=switch_id)
+    return utils.del_db_object(session, switch)
+
+
 @utils.supported_filters(
     ADDED_FIELDS,
     optional_support_keys=OPTIONAL_ADDED_FIELDS
 )
-def add_switch(creator, ip, **kwargs):
+@utils.input_validates(
+    ip=utils.check_ip,
+    credentials=_check_credentials
+)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def add_switch(session, creator, ip, **kwargs):
     """Create a switch."""
     ip_int = long(netaddr.IPAddress(ip))
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_ADD_SWITCH)
     return add_switch_internal(
         session, ip_int, **kwargs
-        ).to_dict()
+    )
 
 
 def update_switch_internal(session, switch, **kwargs):
     """update switch."""
-    with session.begin(subtransactions=True):
     return utils.update_db_object(
         session, switch,
         **kwargs
     )
 
 
-def _update_switch(updater, switch_id, **kwargs):
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH
+)
+@utils.wrap_to_dict(RESP_FIELDS)
+def _update_switch(session, updater, switch_id, **kwargs):
     """Update a switch."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH)
     switch = utils.get_db_object(
         session, models.Switch, id=switch_id
     )
-        utils.update_db_object(session, switch, **kwargs)
+    return utils.update_db_object(session, switch, **kwargs)
-        switch_dict = switch.to_dict()
-        utils.validate_outputs(
-            {'credentials': _check_credentials},
-            switch_dict
-        )
-        return switch_dict
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(credentials=_check_credentials)
 @utils.supported_filters(optional_support_keys=UPDATED_FIELDS)
-def update_switch(updater, switch_id, **kwargs):
+@utils.input_validates(credentials=_check_credentials)
-    _update_switch(updater, switch_id, **kwargs)
+@database.run_in_session()
+def update_switch(session, updater, switch_id, **kwargs):
+    return _update_switch(session, updater, switch_id, **kwargs)
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=PATCHED_FIELDS)
-def patch_switch(updater, switch_id, **kwargs):
+@database.run_in_session()
-    _update_switch(updater, switch_id, **kwargs)
+@utils.output_validates(credentials=_check_credentials)
+def patch_switch(session, updater, switch_id, **kwargs):
+    return _update_switch(session, updater, switch_id, **kwargs)
 
 
-@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FILTER_FIELDS)
-def list_switch_filters(lister, **filters):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCH_FILTERS
+)
+@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
+def list_switch_filters(session, lister, **filters):
     """list switch filters."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_SWITCHES
-        )
-        return [
-            switch.to_dict()
-            for switch in utils.list_db_objects(
         session, models.Switch, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
 @utils.supported_filters()
-def get_switch_filters(getter, switch_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCH_FILTERS
+)
+@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
+def get_switch_filters(session, getter, switch_id, **kwargs):
     """get switch filter."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_SWITCHES)
     return utils.get_db_object(
         session, models.Switch, id=switch_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
-@utils.input_validates(filters=_check_filter)
 @utils.supported_filters(optional_support_keys=UPDATED_FILTERS_FIELDS)
-def update_switch_filters(updater, switch_id, **kwargs):
+@utils.input_validates(filters=_check_filter)
-    """Update a switch filter."""
+@database.run_in_session()
-    with database.session() as session:
+@user_api.check_user_permission_in_session(
-        user_api.check_user_permission_internal(
+    permission.PERMISSION_UPDATE_SWITCH_FILTERS
-            session, updater, permission.PERMISSION_ADD_SWITCH)
+)
-        switch = utils.get_db_object(session, models.Switch, id=switch_id)
-        utils.update_db_object(session, switch, **kwargs)
-        return switch.to_dict()
-
-
 @utils.wrap_to_dict(RESP_FILTERS_FIELDS)
-@utils.input_validates(patched_filters=_check_filter)
+def update_switch_filters(session, updater, switch_id, **kwargs):
-@utils.supported_filters(optional_support_keys=PATCHED_FILTERS_FIELDS)
+    """Update a switch filter."""
-def patch_switch_filter(updater, switch_id, **kwargs):
-    """Update a switch."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH)
     switch = utils.get_db_object(session, models.Switch, id=switch_id)
-        utils.update_db_object(session, switch, **kwargs)
+    return utils.update_db_object(session, switch, **kwargs)
-        return switch.to_dict()
+
+
+@utils.supported_filters(optional_support_keys=PATCHED_FILTERS_FIELDS)
+@utils.input_validates(patched_filters=_check_filter)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_SWITCH_FILTERS
+)
+@utils.wrap_to_dict(RESP_FILTERS_FIELDS)
+def patch_switch_filter(session, updater, switch_id, **kwargs):
+    """Patch a switch filter."""
+    switch = utils.get_db_object(session, models.Switch, id=switch_id)
+    return utils.update_db_object(session, switch, **kwargs)
 
 
 def filter_machine_internal(filters, port):
@@ -415,19 +408,14 @@ def _filter_vlans(vlan_filter, obj):
     return True
 
 
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCH_MACHINES
+)
 @utils.output_filters(port=_filter_port, vlans=_filter_vlans)
 @utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.supported_filters(optional_support_keys=SUPPORTED_MACHINES_FIELDS)
+def _list_switch_machines(session, user, switch_machines):
-def list_switch_machines(getter, switch_id, **filters):
-    """Get switch machines."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_SWITCH_MACHINES)
-        switch_machines = get_switch_machines_internal(
-            session, switch_id=switch_id, **filters
-        )
     return [
-            switch_machine.to_dict() for switch_machine in switch_machines
+        switch_machine for switch_machine in switch_machines
         if filter_machine_internal(
             switch_machine.switch.filters,
             switch_machine.port
@@ -435,36 +423,32 @@ def list_switch_machines(getter, switch_id, **filters):
     ]
 
 
-@utils.output_filters(port=_filter_port, vlans=_filter_vlans)
+@utils.supported_filters(optional_support_keys=SUPPORTED_MACHINES_FIELDS)
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+@database.run_in_session()
+def list_switch_machines(session, getter, switch_id, **filters):
+    """Get switch machines."""
+    switch_machines = get_switch_machines_internal(
+        session, switch_id=switch_id, **filters
+    )
+    return _list_switch_machines(session, getter, switch_machines)
+
+
 @utils.supported_filters(
     optional_support_keys=SUPPORTED_SWITCH_MACHINES_FIELDS
 )
-def list_switchmachines(lister, **filters):
+@database.run_in_session()
+def list_switchmachines(session, lister, **filters):
     """List switch machines."""
-    with database.session() as session:
+    switch_machines = get_switch_machines_internal(
-        user_api.check_user_permission_internal(
-            session, lister, permission.PERMISSION_LIST_SWITCH_MACHINES)
-        switch_machines = [
-            switch_machine
-            for switch_machine in get_switch_machines_internal(
         session, **filters
     )
-            if filter_machine_internal(
+    return _list_switch_machines(session, lister, switch_machines)
-                switch_machine.switch.filters, switch_machine.port
-            )
-        ]
-        return [
-            switch_machine.to_dict()
-            for switch_machine in switch_machines
-        ]
 
 
 def add_switch_machines_internal(
     session, switch, machine_dicts,
     exception_when_switch_machine_existing=True
 ):
-    with session.begin(subtransactions=True):
     machine_id_switch_machine_dict = {}
     for mac, all_dict in machine_dicts.items():
         switch_machine_dict = {}
@@ -502,33 +486,34 @@ def add_switch_machines_internal(
     return switch_machines
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.input_validates(mac=utils.check_mac, vlans=_check_vlan)
 @utils.supported_filters(
     ADDED_MACHINES_FIELDS,
     optional_support_keys=OPTIONAL_ADDED_MACHINES_FIELDS
 )
-def add_switch_machine(creator, switch_id, mac, port, **kwargs):
+@utils.input_validates(mac=utils.check_mac, vlans=_check_vlan)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def add_switch_machine(session, creator, switch_id, mac, **kwargs):
     """Add switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, creator, permission.PERMISSION_ADD_SWITCH_MACHINE)
     switch = utils.get_db_object(
         session, models.Switch, id=switch_id)
-        kwargs['port'] = port
     switch_machines = add_switch_machines_internal(
         session, switch, {mac: kwargs})
-        return switch_machines[0].to_dict()
+    return switch_machines[0]
 
 
-@utils.wrap_to_dict(RESP_ACTION_FIELDS)
 @utils.supported_filters()
-def poll_switch_machines(poller, switch_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_SWITCH_MACHINES
+)
+@utils.wrap_to_dict(RESP_ACTION_FIELDS)
+def poll_switch_machines(session, poller, switch_id, **kwargs):
     """poll switch machines."""
     from compass.tasks import client as celery_client
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, poller, permission.PERMISSION_UPDATE_SWITCH_MACHINES)
     switch = utils.get_db_object(session, models.Switch, id=switch_id)
     celery_client.celery.send_task(
         'compass.tasks.pollswitch',
@@ -541,29 +526,31 @@ def poll_switch_machines(poller, switch_id, **kwargs):
     }
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 @utils.supported_filters([])
-def get_switch_machine(getter, switch_id, machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCH_MACHINES
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def get_switch_machine(session, getter, switch_id, machine_id, **kwargs):
     """get field dict of a switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_SWITCH_MACHINES)
     return utils.get_db_object(
         session, models.SwitchMachine,
         switch_id=switch_id, machine_id=machine_id
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 @utils.supported_filters([])
-def get_switchmachine(getter, switch_machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_LIST_SWITCH_MACHINES
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def get_switchmachine(session, getter, switch_machine_id, **kwargs):
     """get field dict of a switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, getter, permission.PERMISSION_LIST_SWITCH_MACHINES)
     return utils.get_db_object(
         session, models.SwitchMachine, id=switch_machine_id
-        ).to_dict()
+    )
 
 
 def update_switch_machine_internal(
@@ -577,127 +564,123 @@ def update_switch_machine_internal(
             switch_machine_dict[key] = value
         else:
             machine_dict[key] = value
-    with session.begin(subtransactions=True):
-        utils.update_db_object(
-            session, switch_machine, **switch_machine_dict
-        )
     if machine_dict:
         utils.update_db_object(
             session, switch_machine.machine, **machine_dict
         )
+    return utils.update_db_object(
+        session, switch_machine, **switch_machine_dict
+    )
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.input_validates(vlans=_check_vlan)
 @utils.supported_filters(optional_support_keys=UPDATED_MACHINES_FIELDS)
-def update_switch_machine(updater, switch_id, machine_id, **kwargs):
+@utils.input_validates(vlans=_check_vlan)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def update_switch_machine(session, updater, switch_id, machine_id, **kwargs):
     """Update switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH_MACHINE)
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         switch_id=switch_id, machine_id=machine_id
     )
-        update_switch_machine_internal(
+    return update_switch_machine_internal(
         session, switch_machine,
         UPDATED_SWITCH_MACHINES_FIELDS, **kwargs
     )
-        return switch_machine.to_dict()
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.input_validates(vlans=_check_vlan)
 @utils.supported_filters(optional_support_keys=UPDATED_MACHINES_FIELDS)
-def update_switchmachine(updater, switch_machine_id, **kwargs):
+@utils.input_validates(vlans=_check_vlan)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def update_switchmachine(session, updater, switch_machine_id, **kwargs):
     """Update switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH_MACHINE)
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         id=switch_machine_id
     )
-        update_switch_machine_internal(
+    return update_switch_machine_internal(
         session, switch_machine,
         UPDATED_SWITCH_MACHINES_FIELDS, **kwargs
     )
-        return switch_machine.to_dict()
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.input_validates(patched_vlans=_check_vlan)
 @utils.supported_filters(optional_support_keys=PATCHED_MACHINES_FIELDS)
-def patch_switch_machine(updater, switch_id, machine_id, **kwargs):
+@utils.input_validates(patched_vlans=_check_vlan)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def patch_switch_machine(session, updater, switch_id, machine_id, **kwargs):
     """Patch switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH_MACHINE)
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         switch_id=switch_id, machine_id=machine_id
     )
-        update_switch_machine_internal(
+    return update_switch_machine_internal(
         session, switch_machine,
         PATCHED_SWITCH_MACHINES_FIELDS, **kwargs
     )
-        return switch_machine.to_dict()
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
-@utils.input_validates(patched_vlans=_check_vlan)
 @utils.supported_filters(optional_support_keys=PATCHED_MACHINES_FIELDS)
-def patch_switchmachine(updater, switch_machine_id, **kwargs):
+@utils.input_validates(patched_vlans=_check_vlan)
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_ADD_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def patch_switchmachine(session, updater, switch_machine_id, **kwargs):
     """Patch switch machine."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_ADD_SWITCH_MACHINE)
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         id=switch_machine_id
     )
-        update_switch_machine_internal(
+    return update_switch_machine_internal(
         session, switch_machine,
         PATCHED_SWITCH_MACHINES_FIELDS, **kwargs
     )
-        return switch_machine.to_dict()
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 @utils.supported_filters()
-def del_switch_machine(deleter, switch_id, machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def del_switch_machine(session, deleter, switch_id, machine_id, **kwargs):
     """Delete switch machines."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_SWITCH_MACHINE
-        )
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         switch_id=switch_id, machine_id=machine_id
     )
-        utils.del_db_object(session, switch_machine)
+    return utils.del_db_object(session, switch_machine)
-        return switch_machine.to_dict()
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 @utils.supported_filters()
-def del_switchmachine(deleter, switch_machine_id, **kwargs):
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_DEL_SWITCH_MACHINE
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
+def del_switchmachine(session, deleter, switch_machine_id, **kwargs):
     """Delete switch machines."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, deleter, permission.PERMISSION_DEL_SWITCH_MACHINE
-        )
     switch_machine = utils.get_db_object(
         session, models.SwitchMachine,
         id=switch_machine_id
     )
-        utils.del_db_object(session, switch_machine)
+    return utils.del_db_object(session, switch_machine)
-        return switch_machine.to_dict()
 
 
 @utils.supported_filters(optional_support_keys=UPDATED_SWITCH_MACHINES_FIELDS)
 def _update_machine_internal(session, switch_id, machine_id, **kwargs):
-    with session.begin(subtransactions=True):
     utils.add_db_object(
         session, models.SwitchMachine, False, switch_id, machine_id,
         **kwargs
@@ -712,7 +695,6 @@ def _add_machines(session, switch, machines):
 
 
 def _remove_machines(session, switch, machines):
-    with session.begin(subtransactions=True):
     utils.del_db_objects(
         session, models.SwitchMachine,
         switch_id=switch.id, machine_id=machines
@@ -720,7 +702,6 @@ def _remove_machines(session, switch, machines):
 
 
 def _set_machines(session, switch, machines):
-    with session.begin(subtransactions=True):
     utils.del_db_objects(
         session, models.SwitchMachine,
         switch_id=switch.id
@@ -731,21 +712,22 @@ def _set_machines(session, switch, machines):
         )
 
 
-@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 @utils.supported_filters(
     optional_support_keys=[
         'add_machines', 'remove_machines', 'set_machines'
     ]
 )
+@database.run_in_session()
+@user_api.check_user_permission_in_session(
+    permission.PERMISSION_UPDATE_SWITCH_MACHINES
+)
+@utils.wrap_to_dict(RESP_MACHINES_FIELDS)
 def update_switch_machines(
-    updater, switch_id,
+    session, updater, switch_id,
     add_machines=[], remove_machines=[],
     set_machines=None, **kwargs
 ):
     """update switch machines."""
-    with database.session() as session:
-        user_api.check_user_permission_internal(
-            session, updater, permission.PERMISSION_UPDATE_SWITCH_MACHINES)
     switch = utils.get_db_object(
         session, models.Switch, id=switch_id
     )
@@ -753,19 +735,13 @@ def update_switch_machines(
         _remove_machines(
             session, switch, remove_machines
         )
-
     if add_machines:
         _add_machines(
             session, switch, add_machines
         )
-
     if set_machines is not None:
         _set_machines(
             session, switch,
             set_machines
         )
-
+    return switch.switch_machines
-        return [
-            switch_machine.to_dict()
-            for switch_machine in switch.switch_machines
-        ]

compass/db/api/user.py

@@ -14,11 +14,11 @@
 
 """User database operations."""
 import datetime
+import functools
 
 from flask.ext.login import UserMixin
 
 from compass.db.api import database
-from compass.db.api import permission
 from compass.db.api import utils
 from compass.db import exception
 from compass.db import models
@@ -81,7 +81,6 @@ def add_user_internal(
 
 def _check_user_permission(session, user, permission):
     """Check user has permission."""
-    with session.begin(subtransactions=True):
     if user.is_admin:
         return
 
@@ -97,6 +96,46 @@ def _check_user_permission(session, user, permission):
         )
 
 
+def check_user_permission_in_session(permission):
+    def decorator(func):
+        @functools.wraps(func)
+        def wrapper(session, user, *args, **kwargs):
+            _check_user_permission(session, user, permission)
+            return func(session, user, *args, **kwargs)
+        return wrapper
+    return decorator
+
+
+def check_user_admin():
+    def decorator(func):
+        @functools.wraps(func)
+        def wrapper(user, *args, **kwargs):
+            if not user.is_admin:
+                raise exception.Forbidden(
+                    'User %s is not admin.' % (
+                        user.email
+                    )
+                )
+            return func(user, *args, **kwargs)
+        return wrapper
+    return decorator
+
+
+def check_user_admin_or_owner():
+    def decorator(func):
+        @functools.wraps(func)
+        def wrapper(user, user_id, *args, **kwargs):
+            if not user.is_admin and user.id != user_id:
+                raise exception.Forbidden(
+                    'User %s is not admin or the owner of user id %s.' % (
+                        user.email, user_id
+                    )
+                )
+            return func(user, user_id, *args, **kwargs)
+        return wrapper
+    return decorator
+
+
 def check_user_permission_internal(session, user, permission):
     """internal function only used by other db.api modules."""
     _check_user_permission(session, user, permission)
@@ -105,7 +144,6 @@ def check_user_permission_internal(session, user, permission):
 def _add_user_permissions(session, user, **permission_filters):
     """add permissions to a user."""
     from compass.db.api import permission as permission_api
-    with session.begin(subtransactions=True):
     for api_permission in permission_api.list_permissions_internal(
         session, **permission_filters
     ):
@@ -118,12 +156,12 @@ def _add_user_permissions(session, user, **permission_filters):
 def _remove_user_permissions(session, user, **permission_filters):
     """remove permissions to a user."""
     from compass.db.api import permission as permission_api
-    with session.begin(subtransactions=True):
+    permission_ids = [
-        permission_ids = []
+        api_permission.id
         for api_permission in permission_api.list_permissions_internal(
             session, **permission_filters
-        ):
+        )
-            permission_ids.append(api_permission.id)
+    ]
     utils.del_db_objects(
         session, models.UserPermission,
         user_id=user.id, permission_id=permission_ids
@@ -132,11 +170,9 @@ def _remove_user_permissions(session, user, **permission_filters):
 
 def _set_user_permissions(session, user, **permission_filters):
     """set permissions to a user."""
-    from compass.db.api import permission as permission_api
-    with session.begin(subtransactions=True):
     utils.del_db_objects(
         session, models.UserPermission,
-            user_id=user.id, permission_id=permission.id
+        user_id=user.id
     )
     _add_user_permissions(session, user, **permission_filters)
 
@@ -180,8 +216,8 @@ class UserWrapper(UserMixin):
             self.__class__.__name__, self.email, self.password)
 
 
-def get_user_object(email, **kwargs):
+@database.run_in_session()
-    with database.session() as session:
+def get_user_object(session, email, **kwargs):
     user_dict = utils.get_db_object(
         session, models.User, email=email
     ).to_dict()
@@ -189,11 +225,11 @@ def get_user_object(email, **kwargs):
     return UserWrapper(**user_dict)
 
 
-def get_user_object_from_token(token):
+@database.run_in_session()
+def get_user_object_from_token(session, token):
     expire_timestamp = {
         'ge': datetime.datetime.now()
     }
-    with database.session() as session:
     user_token = utils.get_db_object(
         session, models.UserToken,
         token=token, expire_timestamp=expire_timestamp
@@ -206,278 +242,185 @@ def get_user_object_from_token(token):
     return UserWrapper(**user_dict)
 
 
-@utils.wrap_to_dict(RESP_TOKEN_FIELDS)
 @utils.supported_filters()
-def record_user_token(user, token, expire_timestamp):
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_TOKEN_FIELDS)
+def record_user_token(session, user, token, expire_timestamp):
     """record user token in database."""
-    with database.session() as session:
+    return utils.add_db_object(
-        user_token = utils.add_db_object(
         session, models.UserToken, True,
         token, user_id=user.id,
         expire_timestamp=expire_timestamp
     )
-        return user_token.to_dict()
 
 
+@utils.supported_filters()
+@database.run_in_session()
 @utils.wrap_to_dict(RESP_TOKEN_FIELDS)
-@utils.supported_filters()
+def clean_user_token(session, user, token):
-def clean_user_token(user, token):
     """clean user token in database."""
-    with database.session() as session:
+    return utils.del_db_objects(
-        user_tokens = utils.del_db_objects(
         session, models.UserToken,
-            token=token
+        token=token, user_id=user.id
     )
-        return [user_token.to_dict() for user_token in user_tokens]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters()
-def get_user(getter, user_id, **kwargs):
+@check_user_admin_or_owner()
-    """get field dict of a user."""
+@database.run_in_session()
-    with database.session() as session:
-        user = utils.get_db_object(session, models.User, id=user_id)
-        if not getter.is_admin and getter.id != user_id:
-            # The user is not allowed to get user
-            raise exception.Forbidden(
-                'User %s has no permission to list user %s.' % (
-                    getter.email, user.email
-                )
-            )
-
-        return user.to_dict()
-
-
 @utils.wrap_to_dict(RESP_FIELDS)
+def get_user(session, getter, user_id, **kwargs):
+    """get field dict of a user."""
+    return utils.get_db_object(session, models.User, id=user_id)
+
+
 @utils.supported_filters(
     optional_support_keys=SUPPORTED_FIELDS
 )
-def list_users(lister, **filters):
+@check_user_admin()
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_users(session, lister, **filters):
     """List fields of all users by some fields."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        if not lister.is_admin:
-            # The user is not allowed to list users
-            raise exception.Forbidden(
-                'User %s has no permission to list users.' % (
-                    lister.email
-                )
-            )
-        return [
-            user.to_dict()
-            for user in utils.list_db_objects(
         session, models.User, **filters
     )
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.input_validates(email=_check_email)
 @utils.supported_filters(
     ADDED_FIELDS, optional_support_keys=OPTIONAL_ADDED_FIELDS
 )
-def add_user(creator, email, password, **kwargs):
+@check_user_admin()
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def add_user(session, creator, email, password, **kwargs):
     """Create a user and return created user object."""
-    with database.session() as session:
-        if not creator.is_admin:
-            # The user is not allowed to create a user.
-            raise exception.Forbidden(
-                'User %s has no permission to create user.' % (
-                    creator.email
-                )
-            )
-
     return add_user_internal(
         session, email, password, **kwargs
-        ).to_dict()
+    )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters()
-def del_user(deleter, user_id, **kwargs):
+@database.run_in_session()
-    """delete a user and return the deleted user object."""
+@check_user_admin()
-    with database.session() as session:
-        if not deleter.is_admin:
-            raise exception.Forbidden(
-                'User %s has no permission to delete user.' % (
-                    deleter.email
-                )
-            )
-
-        user = utils.get_db_object(session, models.User, id=user_id)
-        utils.del_db_object(session, user)
-        return user.to_dict()
-
-
 @utils.wrap_to_dict(RESP_FIELDS)
-@utils.input_validates(email=_check_email)
+def del_user(session, deleter, user_id, **kwargs):
-@utils.supported_filters(optional_support_keys=UPDATED_FIELDS)
+    """delete a user and return the deleted user object."""
-def update_user(updater, user_id, **kwargs):
-    """Update a user and return the updated user object."""
-    with database.session() as session:
     user = utils.get_db_object(session, models.User, id=user_id)
-        update_info = {}
+    return utils.del_db_object(session, user)
+
+
+@utils.supported_filters(optional_support_keys=UPDATED_FIELDS)
+@utils.input_validates(email=_check_email)
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def update_user(session, updater, user_id, **kwargs):
+    """Update a user and return the updated user object."""
+    user = utils.get_db_object(
+        session, models.User, id=user_id
+    )
+    allowed_fields = set()
     if updater.is_admin:
-            update_info.update(dict([
+        allowed_fields |= set(ADMIN_UPDATED_FIELDS)
-                (key, value) for key, value in kwargs.items()
-                if key in ADMIN_UPDATED_FIELDS
-            ]))
-            kwargs = dict([
-                (key, value) for key, value in kwargs.items()
-                if key not in ADMIN_UPDATED_FIELDS
-            ])
-
     if updater.id == user_id:
-            update_info.update(dict([
+        allowed_fields |= set(SELF_UPDATED_FIELDS)
-                (key, value) for key, value in kwargs.items()
+    unsupported_fields = allowed_fields - set(kwargs)
-                if key in SELF_UPDATED_FIELDS
+    if unsupported_fields:
-            ]))
-            kwargs = dict([
-                (key, value) for key, value in kwargs.items()
-                if key not in SELF_UPDATED_FIELDS
-            ])
-
-        if kwargs:
             # The user is not allowed to update a user.
         raise exception.Forbidden(
-                'User %s has no permission to update user %s: %s.' % (
+            'User %s has no permission to update user %s fields %s.' % (
-                    updater.email, user.email, kwargs
+                updater.email, user.email, unsupported_fields
             )
         )
-
+    return utils.update_db_object(session, user, **kwargs)
-        utils.update_db_object(session, user, **update_info)
-        return user.to_dict()
 
 
-@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=PERMISSION_SUPPORTED_FIELDS)
-def get_permissions(getter, user_id, **kwargs):
+@check_user_admin_or_owner()
+@database.run_in_session()
+@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
+def get_permissions(session, getter, user_id, **kwargs):
     """List permissions of a user."""
-    with database.session() as session:
+    return utils.list_db_objects(
-        if not getter.is_admin and getter.id != user_id:
-            # The user is not allowed to list permissions
-            raise exception.Forbidden(
-                'User %s has no permission to list user %s permissions.' % (
-                    getter.email, user_id
-                )
-            )
-        user_permissions = utils.list_db_objects(
         session, models.UserPermission, user_id=user_id, **kwargs
     )
-        return [
-            user_permission.to_dict()
-            for user_permission in user_permissions
-        ]
 
 
-@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
 @utils.supported_filters()
-def get_permission(getter, user_id, permission_id, **kwargs):
+@check_user_admin_or_owner()
+@database.run_in_session()
+@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
+def get_permission(session, getter, user_id, permission_id, **kwargs):
     """Get a specific user permission."""
-    with database.session() as session:
+    return utils.get_db_object(
-        if not getter.is_admin and getter.id != user_id:
-            # The user is not allowed to get permission
-            raise exception.Forbidden(
-                'User %s has no permission to get user %s permission.' % (
-                    getter.email, user_id
-                )
-            )
-
-        user_permission = utils.get_db_object(
         session, models.UserPermission,
         user_id=user_id, permission_id=permission_id,
         **kwargs
     )
-        return user_permission.to_dict()
 
 
-@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
 @utils.supported_filters()
-def del_permission(deleter, user_id, permission_id, **kwargs):
+@check_user_admin_or_owner()
+@database.run_in_session()
+@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
+def del_permission(session, deleter, user_id, permission_id, **kwargs):
     """Delete a specific user permission."""
-    with database.session() as session:
-        if not deleter.is_admin and deleter.id != user_id:
-            # The user is not allowed to delete permission
-            raise exception.Forbidden(
-                'User %s has no permission to delete user %s permission.' % (
-                    deleter.email, user_id
-                )
-            )
-
     user_permission = utils.get_db_object(
         session, models.UserPermission,
         user_id=user_id, permission_id=permission_id,
         **kwargs
     )
-        utils.del_db_object(session, user_permission)
+    return utils.del_db_object(session, user_permission)
-        return user_permission.to_dict()
 
 
+@utils.supported_filters(PERMISSION_ADDED_FIELDS)
+@check_user_admin()
+@database.run_in_session()
 @utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
-@utils.supported_filters(
+def add_permission(session, creator, user_id, permission_id):
-    PERMISSION_ADDED_FIELDS
-)
-def add_permission(creator, user_id, permission_id):
     """Add an user permission."""
-    with database.session() as session:
+    return utils.add_db_object(
-        if not creator.is_admin:
-            # The user is not allowed to add a permission.
-            raise exception.Forbidden(
-                'User %s has no permission to add a permission.' % (
-                    creator.email
-                )
-            )
-        user_permission = utils.add_db_object(
         session, models.UserPermission, True,
         user_id, permission_id
     )
-        return user_permission.to_dict()
 
 
-@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
+def _get_permission_filters(permission_ids):
-@utils.supported_filters(
-    optional_support_keys=[
-        'add_permissions', 'remove_permissions', 'set_permissions'
-    ]
-)
-def update_permissions(
-    updater, user_id,
-    add_permissions=[], remove_permissions=[],
-    set_permissions=None, **kwargs
-):
-    """update user permissions."""
-    def get_permission_filters(permission_ids):
     if permission_ids == 'all':
         return {}
     else:
         return {'id': permission_ids}
 
-    with database.session() as session:
+
-        if not updater.is_admin:
+@utils.supported_filters(
-            raise exception.Forbidden(
+    optional_support_keys=[
-                'User %s has no permission to update user %s: %s.' % (
+        'add_permissions', 'remove_permissions', 'set_permissions'
-                    updater.email, user_id, kwargs
+    ]
-                )
+)
-            )
+@check_user_admin()
+@database.run_in_session()
+@utils.wrap_to_dict(PERMISSION_RESP_FIELDS)
+def update_permissions(
+    session, updater, user_id,
+    add_permissions=[], remove_permissions=[],
+    set_permissions=None, **kwargs
+):
+    """update user permissions."""
     user = utils.get_db_object(session, models.User, id=user_id)
     if remove_permissions:
         _remove_user_permissions(
             session, user,
-                **get_permission_filters(remove_permissions)
+            **_get_permission_filters(remove_permissions)
         )
-
     if add_permissions:
         _add_user_permissions(
             session, user,
-                **get_permission_filters(add_permissions)
+            **_get_permission_filters(add_permissions)
         )
-
     if set_permissions is not None:
         _set_user_permissions(
             session, user,
-                **get_permission_filters(set_permissions)
+            **_get_permission_filters(set_permissions)
         )
-
+    return user.user_permissions
-        return [
-            user_permission.to_dict()
-            for user_permission in user.user_permissions
-        ]

compass/db/api/user_log.py

@@ -27,113 +27,86 @@ USER_SUPPORTED_FIELDS = ['timestamp']
 RESP_FIELDS = ['user_id', 'logs', 'timestamp']
 
 
-def log_user_action(user_id, action):
+@database.run_in_session()
+def log_user_action(session, user_id, action):
     """Log user action."""
-    with database.session() as session:
     utils.add_db_object(
         session, models.UserLog, True, user_id=user_id, action=action
     )
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
+def _compress_response(actions, user_id):
+    user_actions = []
+    for action in actions:
+        action_dict = action.to_dict()
+        del action_dict['user_id']
+        user_actions.append(action_dict)
+    return {'user_id': user_id, 'logs': user_actions}
+
+
+def _compress_response_by_user(actions):
+    actions = {}
+    for action in actions:
+        action_dict = action.to_dict()
+        user_id = action_dict['user_id']
+        del action_dict['user_id']
+        actions.setdefault(user_id, []).append(action_dict)
+
+    return [
+        {'user_id': user_id, 'logs': user_actions}
+        for user_id, user_actions in actions.items()
+    ]
+
+
 @utils.supported_filters(optional_support_keys=USER_SUPPORTED_FIELDS)
-def list_user_actions(lister, user_id, **filters):
+@user_api.check_user_admin_or_owner()
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_user_actions(session, lister, user_id, **filters):
     """list user actions."""
-    with database.session() as session:
+    return _compress_response(
-        if not lister.is_admin and lister.id != user_id:
+        utils.list_db_objects(
-            # The user is not allowed to list users actions.
-            raise exception.Forbidden(
-                'User %s has no permission to list user %s actions.' % (
-                    lister.email, user_id
-                )
-            )
-
-        user_actions = []
-        for action in utils.list_db_objects(
             session, models.UserLog, user_id=user_id, **filters
-        ):
+        ),
-            action_dict = action.to_dict()
+        user_id
-            del action_dict['user_id']
+    )
-            user_actions.append(action_dict)
-
-        return {'user_id': user_id, 'logs': user_actions}
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def list_actions(lister, **filters):
+@user_api.check_user_admin()
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def list_actions(session, lister, **filters):
     """list actions."""
-    with database.session() as session:
+    return _compress_response_by_user(
-        if not lister.is_admin:
+        utils.list_db_objects(
-             # The user is not allowed to list users actions.
-            raise exception.Forbidden(
-                'User %s has no permission to list all users actions.' % (
-                    lister.email
-                )
-            )
-
-        actions = {}
-        for action in utils.list_db_objects(
             session, models.UserLog, **filters
-        ):
+        )
-            action_dict = action.to_dict()
+    )
-            user_id = action_dict['user_id']
-            del action_dict['user_id']
-            actions.setdefault(user_id, []).append(action_dict)
-
-        return [
-            {'user_id': user_id, 'logs': user_actions}
-            for user_id, user_actions in actions.items()
-        ]
 
 
-@utils.wrap_to_dict(RESP_FIELDS)
 @utils.supported_filters(optional_support_keys=USER_SUPPORTED_FIELDS)
-def del_user_actions(deleter, user_id, **filters):
+@user_api.check_user_admin_or_owner()
-    """delete user actions."""
+@database.run_in_session()
-    with database.session() as session:
-        if not deleter.is_admin and deleter.id != user_id:
-            # The user is not allowed to delete users actions.
-            raise exception.Forbidden(
-                'User %s has no permission to delete user %s actions.' % (
-                    deleter.email, user_id
-                )
-            )
-
-        user_actions = []
-        for action in utils.del_db_objects(
-                session, models.UserLog, user_id=user_id, **filters
-        ):
-            action_dict = action.to_dict()
-            del action_dict['user_id']
-            user_actions.append(action_dict)
-
-        return {'user_id': user_id, 'logs': user_actions}
-
-
 @utils.wrap_to_dict(RESP_FIELDS)
+def del_user_actions(session, deleter, user_id, **filters):
+    """delete user actions."""
+    return _compress_response(
+        utils.del_db_objects(
+            session, models.UserLog, user_id=user_id, **filters
+        ),
+        user_id
+    )
+
+
 @utils.supported_filters(optional_support_keys=SUPPORTED_FIELDS)
-def del_actions(deleter, **filters):
+@user_api.check_user_admin()
+@database.run_in_session()
+@utils.wrap_to_dict(RESP_FIELDS)
+def del_actions(session, deleter, **filters):
     """delete actions."""
-    with database.session() as session:
+    return _compress_response_by_user(
-        if not deleter.is_admin:
+        utils.del_db_objects(
-            # The user is not allowed to delete users actions.
-            raise exception.Forbidden(
-                'User %s has no permission to delete all users actions.' % (
-                    deleter.email
-                )
-            )
-
-        actions = {}
-        for action in utils.del_db_objects(
             session, models.UserLog, **filters
-        ):
+        )
-            action_dict = action.to_dict()
+    )
-            user_id = action_dict['user_id']
-            del action_dict['user_id']
-            actions.setdefault(user_id, []).append(action_dict)
-
-        return [
-            {'user_id': user_id, 'logs': user_actions}
-            for user_id, user_actions in actions.items()
-        ]

compass/db/api/utils.py

@@ -71,7 +71,7 @@ def _model_filter_by_condition(
 
 def _between_condition(col_attr, value):
     if value[0] is not None and value[1] is not None:
-        col_attr.between(value[0], value[1])
+        return col_attr.between(value[0], value[1])
     if value[0] is not None:
         return col_attr >= value[0]
     if value[1] is not None:
@@ -80,7 +80,6 @@ def _between_condition(col_attr, value):
 
 
 def model_filter(query, model, **filters):
-    print 'model query %s: filter %s' % (query, filters)
     for key, value in filters.items():
         col_attr = getattr(model, key)
         if isinstance(value, list):
@@ -118,19 +117,19 @@ def model_filter(query, model, **filters):
                 )
             if 'ne' in value:
                 query = _model_filter_by_condition(
-                    query, col_attr, value['eq'], None,
+                    query, col_attr, value['ne'], None,
                     lambda attr, data, condition_func: ~attr.in_(data)
                 )
             if 'in' in value:
                 query = query.filter(col_attr.in_(value['in']))
             if 'startswith' in value:
                 query = _model_filter_by_condition(
-                    query, col_attr, value['startswitch'],
+                    query, col_attr, value['startswith'],
                     lambda attr, data: attr.like('%s%%' % data)
                 )
             if 'endswith' in value:
                 query = _model_filter_by_condition(
-                    query, col_attr, value['endswitch'],
+                    query, col_attr, value['endswith'],
                     lambda attr, data: attr.like('%%%s' % data)
                 )
             if 'like' in value:
@@ -153,21 +152,22 @@ def wrap_to_dict(support_keys=[]):
     def decorator(func):
         @functools.wraps(func)
         def wrapper(*args, **kwargs):
-            obj = func(*args, **kwargs)
+            return _wrapper_dict(func(*args, **kwargs), support_keys)
-            if isinstance(obj, list):
-                obj = [_wrapper_dict(o, support_keys) for o in obj]
-            else:
-                obj = _wrapper_dict(obj, support_keys)
-            return obj
         return wrapper
     return decorator
 
 
 def _wrapper_dict(data, support_keys):
     """Helper for warpping db object into dictionary."""
-    info = {}
+    if isinstance(data, list):
-    if not isinstance(data, dict):
+        return [_wrapper_dict(item, support_keys) for item in data]
+    if isinstance(data, models.HelperMixin):
         data = data.to_dict()
+    if not isinstance(data, dict):
+        raise exception.InvalidResponse(
+            'response %s type is not dict' % data
+        )
+    info = {}
     for key in support_keys:
         if key in data:
             info[key] = data[key]
@@ -178,26 +178,24 @@ def supported_filters(support_keys=[], optional_support_keys=[]):
     def decorator(func):
         @functools.wraps(func)
         def wrapper(*args, **filters):
-            print 'filter %s %s' % (args, filters)
             must_support_keys = set(support_keys)
             all_support_keys = must_support_keys | set(optional_support_keys)
-            supports = {}
+            filter_keys = set(filters)
-            for filter_key, filter_value in filters.items():
+            unsupported_keys = filter_keys - all_support_keys
-                if filter_key not in all_support_keys:
+            if unsupported_keys:
                 raise exception.InvalidParameter(
-                        'filter key %s is not supported' % filter_key
+                    'filter keys %s are not supported' % str(
+                        list(unsupported_keys)
                     )
-
+                )
-                if filter_key in must_support_keys:
+            missing_keys = must_support_keys - filter_keys
-                    must_support_keys.remove(filter_key)
+            if missing_keys:
-
-                supports[filter_key] = filter_value
-
-            if must_support_keys:
                 raise exception.InvalidParameter(
-                    'filter keys %s not found' % list(must_support_keys)
+                    'filter keys %s not found' % str(
+                        list(missing_keys)
                     )
-            return func(*args, **supports)
+                )
+            return func(*args, **filters)
         return wrapper
     return decorator
 
@@ -314,10 +312,18 @@ def input_validates(*args_validators, **kwargs_validators):
 
 
 def _output_validates(kwargs_validators, obj):
-    if not isinstance(obj, dict):
+    if isinstance(obj, list):
+        for item in obj:
+            _output_validates(kwargs_validators, item)
+        return
+    if isinstance(obj, models.HelperMixin):
         obj = obj.to_dict()
+    if not isinstance(obj, dict):
+        raise exception.InvalidResponse(
+            'response %s type is not dict' % str(obj)
+        )
     for key, value in obj.items():
-        if kwargs_validators.get(key):
+        if key in kwargs_validators:
             kwargs_validators[key](value)
 
 
@@ -438,6 +444,7 @@ def update_db_object(session, db_object, **kwargs):
         db_object.initialize()
         session.flush()
         db_object.validate()
+        return db_object
 
 
 def del_db_object(session, db_object):
@@ -445,6 +452,7 @@ def del_db_object(session, db_object):
     with session.begin(subtransactions=True):
         logging.debug('delete db object %s', db_object)
         session.delete(db_object)
+        return db_object
 
 
 def check_ip(ip):

compass/db/models.py

@@ -1162,6 +1162,20 @@ class SwitchMachine(BASE, HelperMixin, TimestampMixin):
         self.machine_id = machine_id
         super(SwitchMachine, self).__init__(**kwargs)
 
+    def validate(self):
+        if not self.switch:
+            raise exception.InvalidParameter(
+                'switch is not set in %s' % self.id
+            )
+        if not self.machine:
+            raise exception.Invalidparameter(
+                'machine is not set in %s' % self.id
+            )
+        if not self.port:
+            raise exception.InvalidParameter(
+                'port is not set in %s' % self.id
+            )
+
     @hybrid_property
     def mac(self):
         return self.machine.mac

misc/apache/compass.wsgi

@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-from compass.api import app as application
 from compass.utils import flags
 from compass.utils import logsetting
 from compass.utils import setting_wrapper as setting
@@ -7,3 +6,7 @@ from compass.utils import setting_wrapper as setting
 flags.init()
 flags.OPTIONS.logfile = setting.WEB_LOGFILE
 logsetting.init()
+
+from compass.api import api as compass_api
+compass_api.init()
+application = compass_api.app

misc/apache/ods-server.conf

@@ -3,11 +3,14 @@
 # Specify python path if you use virtualenv
 # WSGIPythonHome /home/vagrant/hwtest
 
+WSGIDaemonProcess api threads=4 display-name=%{GROUP}
+WSGIProcessGroup api
+WSGIScriptAlias /api /var/www/compass/compass.wsgi
+WSGISocketPrefix /var/run/wsgi
+
 <VirtualHost *:80>
   DocumentRoot /var/www/compass_web
   RewriteRule ^/$ /ods/ods.html [R=301,L]
-  WSGIScriptAlias /api /var/www/compass/compass.wsgi
-
   RewriteEngine on
   RewriteRule ^/$ /ods/ods.html [R]