# Copyright (c) 2012 OpenStack, LLC. # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an 'AS IS' BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. ATTR_NOT_SPECIFIED = object() # Defining a constant to avoid repeating string literal in several modules SHARED = 'shared' import logging import netaddr import re from quantum.common import exceptions as q_exc LOG = logging.getLogger(__name__) def _validate_boolean(data, valid_values=None): if data in [True, False]: return else: msg = _("%s is not boolean") % data LOG.debug("validate_boolean: %s", msg) return msg def _validate_values(data, valid_values=None): if data in valid_values: return else: msg_dict = dict(data=data, values=valid_values) msg = _("%(data)s is not in %(values)s") % msg_dict LOG.debug("validate_values: %s", msg) return msg def _validate_mac_address(data, valid_values=None): try: netaddr.EUI(data) return except Exception: msg = _("%s is not a valid MAC address") % data LOG.debug("validate_mac_address: %s", msg) return msg def _validate_ip_address(data, valid_values=None): try: netaddr.IPAddress(data) return except Exception: msg = _("%s is not a valid IP address") % data LOG.debug("validate_ip_address: %s", msg) return msg def _validate_ip_address_or_none(data, valid_values=None): if data is None: return None return _validate_ip_address(data, valid_values) def _validate_subnet(data, valid_values=None): try: netaddr.IPNetwork(data) return except Exception: msg = _("%s is not a valid IP subnet") % data LOG.debug("validate_subnet: %s", msg) return msg def _validate_regex(data, valid_values=None): match = re.match(valid_values, data) if match: return else: msg = _("%s is not valid") % data LOG.debug("validate_regex: %s", msg) return msg def convert_to_boolean(data): try: i = int(data) if i in [True, False]: # Ensure that the value is True or False if i: return True else: return False except ValueError, TypeError: if (data == "True" or data == "true"): return True if (data == "False" or data == "false"): return False msg = _("%s is not boolean") % data raise q_exc.InvalidInput(error_message=msg) HEX_ELEM = '[0-9A-Fa-f]' UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}', HEX_ELEM + '{4}', HEX_ELEM + '{4}', HEX_ELEM + '{12}']) # Note: In order to ensure that the MAC address is unicast the first byte # must be even. MAC_PATTERN = "^%s[aceACE02468](:%s{2}){5}$" % (HEX_ELEM, HEX_ELEM) # Dictionary that maintains a list of validation functions validators = {'type:boolean': _validate_boolean, 'type:values': _validate_values, 'type:mac_address': _validate_mac_address, 'type:ip_address': _validate_ip_address, 'type:ip_address_or_none': _validate_ip_address_or_none, 'type:subnet': _validate_subnet, 'type:regex': _validate_regex} # Note: a default of ATTR_NOT_SPECIFIED indicates that an # attribute is not required, but will be generated by the plugin # if it is not specified. Particularly, a value of ATTR_NOT_SPECIFIED # is different from an attribute that has been specified with a value of # None. For example, if 'gateway_ip' is ommitted in a request to # create a subnet, the plugin will receive ATTR_NOT_SPECIFIED # and the default gateway_ip will be generated. # However, if gateway_ip is specified as None, this means that # the subnet does not have a gateway IP. # The following is a short reference for understanding attribute info: # default: default value of the attribute (if missing, the attribute # becomes mandatory. # allow_post: the attribute can be used on POST requests. # allow_put: the attribute can be used on PUT requests. # validate: specifies rules for validating data in the attribute. # convert_to: transformation to apply to the value before it is returned # is_visible: the attribute is returned in GET responses. # required_by_policy: the attribute is required by the policy engine and # should therefore be filled by the API layer even if not present in # request body. # enforce_policy: the attribute is actively part of the policy enforcing # mechanism, ie: there might be rules which refer to this attribute. RESOURCE_ATTRIBUTE_MAP = { 'networks': { 'id': {'allow_post': False, 'allow_put': False, 'validate': {'type:regex': UUID_PATTERN}, 'is_visible': True}, 'name': {'allow_post': True, 'allow_put': True, 'default': '', 'is_visible': True}, 'subnets': {'allow_post': True, 'allow_put': True, 'default': [], 'is_visible': True}, 'admin_state_up': {'allow_post': True, 'allow_put': True, 'default': True, 'convert_to': convert_to_boolean, 'validate': {'type:boolean': None}, 'is_visible': True}, 'status': {'allow_post': False, 'allow_put': False, 'is_visible': True}, 'tenant_id': {'allow_post': True, 'allow_put': False, 'required_by_policy': True, 'is_visible': True}, SHARED: {'allow_post': True, 'allow_put': True, 'default': False, 'convert_to': convert_to_boolean, 'validate': {'type:boolean': None}, 'is_visible': True, 'required_by_policy': True, 'enforce_policy': True}, }, 'ports': { 'id': {'allow_post': False, 'allow_put': False, 'validate': {'type:regex': UUID_PATTERN}, 'is_visible': True}, 'name': {'allow_post': True, 'allow_put': True, 'default': '', 'is_visible': True}, 'network_id': {'allow_post': True, 'allow_put': False, 'validate': {'type:regex': UUID_PATTERN}, 'is_visible': True}, 'admin_state_up': {'allow_post': True, 'allow_put': True, 'default': True, 'convert_to': convert_to_boolean, 'validate': {'type:boolean': None}, 'is_visible': True}, 'mac_address': {'allow_post': True, 'allow_put': False, 'default': ATTR_NOT_SPECIFIED, 'validate': {'type:mac_address': None}, 'enforce_policy': True, 'is_visible': True}, 'fixed_ips': {'allow_post': True, 'allow_put': True, 'default': ATTR_NOT_SPECIFIED, 'enforce_policy': True, 'is_visible': True}, 'host_routes': {'allow_post': True, 'allow_put': True, 'default': ATTR_NOT_SPECIFIED, 'enforce_policy': True, 'is_visible': False}, 'device_id': {'allow_post': True, 'allow_put': True, 'default': '', 'is_visible': True}, 'device_owner': {'allow_post': True, 'allow_put': True, 'default': '', 'is_visible': True}, 'tenant_id': {'allow_post': True, 'allow_put': False, 'required_by_policy': True, 'is_visible': True}, 'status': {'allow_post': False, 'allow_put': False, 'is_visible': True}, }, 'subnets': { 'id': {'allow_post': False, 'allow_put': False, 'validate': {'type:regex': UUID_PATTERN}, 'is_visible': True}, 'name': {'allow_post': True, 'allow_put': True, 'default': '', 'is_visible': True}, 'ip_version': {'allow_post': True, 'allow_put': False, 'convert_to': int, 'validate': {'type:values': [4, 6]}, 'is_visible': True}, 'network_id': {'allow_post': True, 'allow_put': False, 'validate': {'type:regex': UUID_PATTERN}, 'is_visible': True}, 'cidr': {'allow_post': True, 'allow_put': False, 'validate': {'type:subnet': None}, 'is_visible': True}, 'gateway_ip': {'allow_post': True, 'allow_put': True, 'default': ATTR_NOT_SPECIFIED, 'validate': {'type:ip_address_or_none': None}, 'is_visible': True}, #TODO(salvatore-orlando): Enable PUT on allocation_pools 'allocation_pools': {'allow_post': True, 'allow_put': False, 'default': ATTR_NOT_SPECIFIED, 'is_visible': True}, 'dns_nameservers': {'allow_post': True, 'allow_put': True, 'default': ATTR_NOT_SPECIFIED, 'is_visible': True}, 'host_routes': {'allow_post': True, 'allow_put': True, 'default': ATTR_NOT_SPECIFIED, 'is_visible': True}, 'tenant_id': {'allow_post': True, 'allow_put': False, 'required_by_policy': True, 'is_visible': True}, 'enable_dhcp': {'allow_post': True, 'allow_put': True, 'default': True, 'convert_to': convert_to_boolean, 'validate': {'type:boolean': None}, 'is_visible': True}, } } # Associates to each resource its own parent resource # Resources without parents, such as networks, are not in this list RESOURCE_HIERARCHY_MAP = { 'ports': {'parent': 'networks', 'identified_by': 'network_id'}, 'subnets': {'parent': 'networks', 'identified_by': 'network_id'} }