~soren/nova/iptables-security-groups

« back to all changes in this revision

Viewing changes to nova/db/sqlalchemy/api.py

Committer: Soren Hansen
Date: 2011-01-03 09:56:21 UTC
mfrom: (430.2.79 nova)
Revision ID: soren@linux2go.dk-20110103095621-qy398qk1uk8o7cy3

Merge trunk

files added:
CA/genvpn.sh

bin/nova-combined

nova/api/openstack/common.py

nova/auth/openssh-lpk_openldap.schema

nova/auth/openssh-lpk_sun.schema

nova/fakememcache.py

nova/service.py

nova/tests/api/__init__.py

nova/tests/db

nova/tests/db/__init__.py

nova/tests/db/fakes.py

nova/tests/test_middleware.py

nova/tests/test_xenapi.py

nova/tests/xenapi

nova/tests/xenapi/__init__.py

nova/tests/xenapi/stubs.py

nova/virt/xenapi/fake.py

nova/virt/xenapi/volume_utils.py

plugins/xenserver

plugins/xenserver/doc

plugins/xenserver/doc/networking.rst

plugins/xenserver/networking

plugins/xenserver/networking/etc

plugins/xenserver/networking/etc/init.d

plugins/xenserver/networking/etc/init.d/host-rules

plugins/xenserver/networking/etc/xensource

plugins/xenserver/networking/etc/xensource/scripts

plugins/xenserver/networking/etc/xensource/scripts/vif_5.6-fp1.patch

plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py

plugins/xenserver/xenapi/etc/xapi.d/plugins/glance

run_tests.py

files removed:
nova/api/cloudpipe

nova/api/cloudpipe/__init__.py

nova/auth/openssh-lpk_openldap.schema

nova/auth/openssh-lpk_sun.schema

nova/process.py

nova/server.py

nova/service.py

nova/tests/api_integration.py

nova/tests/process_unittest.py

nova/tests/validator_unittest.py

nova/validate.py

nova/virt/libvirt.rescue.qemu.xml.template

nova/virt/libvirt.rescue.uml.xml.template

nova/virt/libvirt.rescue.xen.xml.template

nova/virt/libvirt.uml.xml.template

nova/virt/libvirt.xen.xml.template

run_tests.py

files renamed:
CA/INTER/ => CA/projects/

nova/cloudpipe/bootscript.sh => nova/cloudpipe/bootscript.template

nova/tests/api/__init__.py => nova/tests/api/test.py

nova/tests/access_unittest.py => nova/tests/test_access.py

nova/tests/api_unittest.py => nova/tests/test_api.py

nova/tests/auth_unittest.py => nova/tests/test_auth.py

nova/tests/cloud_unittest.py => nova/tests/test_cloud.py

nova/tests/compute_unittest.py => nova/tests/test_compute.py

nova/tests/flags_unittest.py => nova/tests/test_flags.py

nova/tests/misc_unittest.py => nova/tests/test_misc.py

nova/tests/network_unittest.py => nova/tests/test_network.py

nova/tests/quota_unittest.py => nova/tests/test_quota.py

nova/tests/rpc_unittest.py => nova/tests/test_rpc.py

nova/tests/scheduler_unittest.py => nova/tests/test_scheduler.py

nova/tests/service_unittest.py => nova/tests/test_service.py

nova/tests/twistd_unittest.py => nova/tests/test_twistd.py

nova/tests/virt_unittest.py => nova/tests/test_virt.py

nova/tests/volume_unittest.py => nova/tests/test_volume.py

nova/virt/libvirt.qemu.xml.template => nova/virt/libvirt.xml.template

plugins/xenapi/ => plugins/xenserver/xenapi/

files modified:
.bzrignore

.mailmap

Authors

CA/geninter.sh

CA/genrootca.sh

CA/openssl.cnf.tmpl

MANIFEST.in

bin/nova-api

bin/nova-compute

bin/nova-dhcpbridge

bin/nova-manage

bin/nova-network

bin/nova-scheduler

bin/nova-volume

contrib/nova.sh

contrib/puppet/files/production/nova-iptables

doc/ext/nova_autodoc.py

nova/adminclient.py

nova/api/__init__.py

nova/api/ec2/__init__.py

nova/api/ec2/admin.py

nova/api/ec2/apirequest.py

nova/api/ec2/cloud.py

nova/api/ec2/metadatarequesthandler.py

nova/api/openstack/__init__.py

nova/api/openstack/auth.py

nova/api/openstack/backup_schedules.py

nova/api/openstack/flavors.py

nova/api/openstack/images.py

nova/api/openstack/ratelimiting/__init__.py

nova/api/openstack/servers.py

nova/api/openstack/sharedipgroups.py

nova/auth/dbdriver.py

nova/auth/fakeldap.py

nova/auth/ldapdriver.py

nova/auth/manager.py

nova/auth/nova_openldap.schema

nova/auth/nova_sun.schema

nova/auth/opendj.sh

nova/auth/slap.sh

nova/cloudpipe/pipelib.py

nova/compute/api.py

nova/compute/disk.py

nova/compute/instance_types.py

nova/compute/manager.py

nova/compute/monitor.py

nova/compute/power_state.py

nova/crypto.py

nova/db/api.py

nova/db/sqlalchemy/api.py

nova/db/sqlalchemy/models.py

nova/exception.py

nova/fakerabbit.py

nova/flags.py

nova/image/glance.py

nova/image/s3.py

nova/manager.py

nova/network/linux_net.py

nova/network/manager.py

nova/objectstore/handler.py

nova/objectstore/image.py

nova/rpc.py

nova/scheduler/chance.py

nova/scheduler/driver.py

nova/scheduler/manager.py

nova/scheduler/simple.py

nova/test.py

nova/tests/api/openstack/__init__.py

nova/tests/api/openstack/fakes.py

nova/tests/api/openstack/test_auth.py

nova/tests/api/openstack/test_images.py

nova/tests/api/openstack/test_servers.py

nova/tests/objectstore_unittest.py

nova/twistd.py

nova/utils.py

nova/virt/connection.py

nova/virt/fake.py

nova/virt/images.py

nova/virt/libvirt_conn.py

nova/virt/xenapi/__init__.py

nova/virt/xenapi/network_utils.py

nova/virt/xenapi/vm_utils.py

nova/virt/xenapi/vmops.py

nova/virt/xenapi/volumeops.py

nova/virt/xenapi_conn.py

nova/volume/driver.py

nova/volume/manager.py

nova/wsgi.py

plugins/xenserver/xenapi/etc/xapi.d/plugins/objectstore

run_tests.sh

setup.py

tools/clean-vlans

tools/pip-requires

tools/setup_iptables.sh

Show diffs side-by-side

added added

removed removed

nova/db/sqlalchemy/api.py

def is_admin_context(context):

"""Indicates if the request context is an administrator."""

if not context:

warnings.warn('Use of empty request context is deprecated',

warnings.warn(_('Use of empty request context is deprecated'),

DeprecationWarning)

raise Exception('die')

return context.is_admin

130

first()

131

132

if not result:

133

raise exception.NotFound('No service for id %s' % service_id)

133

raise exception.NotFound(_('No service for id %s') % service_id)

134

135

return result

136

227

filter_by(deleted=can_read_deleted(context)).\

228

first()

229

if not result:

230

raise exception.NotFound('No service for %s, %s' % (host, binary))

230

raise exception.NotFound(_('No service for %s, %s') % (host, binary))

231

232

return result

233

252

###################

253

254

255

@require_admin_context

256

def certificate_get(context, certificate_id, session=None):

257

if not session:

258

session = get_session()

259

260

result = session.query(models.Certificate).\

261

filter_by(id=certificate_id).\

262

filter_by(deleted=can_read_deleted(context)).\

263

first()

264

265

if not result:

266

raise exception.NotFound('No certificate for id %s' % certificate_id)

267

268

return result

269

270

271

@require_admin_context

272

def certificate_create(context, values):

273

certificate_ref = models.Certificate()

274

for (key, value) in values.iteritems():

275

certificate_ref[key] = value

276

certificate_ref.save()

277

return certificate_ref

278

279

280

@require_admin_context

281

def certificate_destroy(context, certificate_id):

282

session = get_session()

283

with session.begin():

284

certificate_ref = certificate_get(context,

285

certificate_id,

286

session=session)

287

certificate_ref.delete(session=session)

288

289

290

@require_admin_context

291

def certificate_get_all_by_project(context, project_id):

292

session = get_session()

293

return session.query(models.Certificate).\

294

filter_by(project_id=project_id).\

295

filter_by(deleted=False).\

296

all()

297

298

299

@require_admin_context

300

def certificate_get_all_by_user(context, user_id):

301

session = get_session()

302

return session.query(models.Certificate).\

303

filter_by(user_id=user_id).\

304

filter_by(deleted=False).\

305

all()

306

307

308

@require_admin_context

309

def certificate_get_all_by_user_and_project(_context, user_id, project_id):

310

session = get_session()

311

return session.query(models.Certificate).\

312

filter_by(user_id=user_id).\

313

filter_by(project_id=project_id).\

314

filter_by(deleted=False).\

315

all()

316

317

318

@require_admin_context

319

def certificate_update(context, certificate_id, values):

320

session = get_session()

321

with session.begin():

322

certificate_ref = certificate_get(context,

323

certificate_id,

324

session=session)

325

for (key, value) in values.iteritems():

326

certificate_ref[key] = value

327

certificate_ref.save(session=session)

328

329

330

###################

331

332

255

333

@require_context

256

334

def floating_ip_allocate_address(context, host, project_id):

257

335

authorize_project_context(context, project_id)

385

463

session = get_session()

386

464

387

465

result = session.query(models.FloatingIp).\

466

options(joinedload_all('fixed_ip.network')).\

388

467

filter_by(address=address).\

389

468

filter_by(deleted=can_read_deleted(context)).\

390

469

first()

491

570

options(joinedload('instance')).\

492

571

first()

493

572

if not result:

494

raise exception.NotFound('No floating ip for address %s' % address)

573

raise exception.NotFound(_('No floating ip for address %s') % address)

495

574

496

575

if is_user_context(context):

497

576

authorize_project_context(context, result.instance.project_id)

528

607

#TODO(gundlach): instance_create and volume_create are nearly identical

529

608

#and should be refactored. I expect there are other copy-and-paste

530

609

#functions between the two of them as well.

610

611

531

612

@require_context

532

613

def instance_create(context, values):

533

614

"""Create a new Instance record in the database.

579

660

580

661

if is_admin_context(context):

581

662

result = session.query(models.Instance).\

663

options(joinedload_all('fixed_ip.floating_ips')).\

582

664

options(joinedload('security_groups')).\

583

665

options(joinedload_all('security_groups.rules')).\

666

options(joinedload('volumes')).\

584

667

filter_by(id=instance_id).\

585

668

filter_by(deleted=can_read_deleted(context)).\

586

669

first()

587

670

elif is_user_context(context):

588

671

result = session.query(models.Instance).\

672

options(joinedload_all('fixed_ip.floating_ips')).\

589

673

options(joinedload('security_groups')).\

590

674

options(joinedload_all('security_groups.rules')).\

675

options(joinedload('volumes')).\

591

676

filter_by(project_id=context.project_id).\

592

677

filter_by(id=instance_id).\

593

678

filter_by(deleted=False).\

594

679

first()

595

680

if not result:

596

raise exception.NotFound('No instance for id %s' % instance_id)

681

raise exception.NotFound(_('No instance for id %s') % instance_id)

597

682

598

683

return result

599

684

653

738

all()

654

739

655

740

741

@require_admin_context

742

def instance_get_project_vpn(context, project_id):

743

session = get_session()

744

return session.query(models.Instance).\

745

options(joinedload_all('fixed_ip.floating_ips')).\

746

options(joinedload('security_groups')).\

747

filter_by(project_id=project_id).\

748

filter_by(image_id=FLAGS.vpn_image_id).\

749

filter_by(deleted=can_read_deleted(context)).\

750

first()

751

752

656

753

@require_context

657

754

def instance_get_by_internal_id(context, internal_id):

658

755

session = get_session()

671

768

filter_by(deleted=False).\

672

769

first()

673

770

if not result:

674

raise exception.NotFound('Instance %s not found' % (internal_id))

771

raise exception.NotFound(_('Instance %s not found') % (internal_id))

675

772

676

773

return result

677

774

749

846

instance_ref.save(session=session)

750

847

751

848

849

@require_context

850

def instance_action_create(context, values):

851

"""Create an instance action from the values dictionary."""

852

action_ref = models.InstanceActions()

853

action_ref.update(values)

854

855

session = get_session()

856

with session.begin():

857

action_ref.save(session=session)

858

return action_ref

859

860

861

@require_admin_context

862

def instance_get_actions(context, instance_id):

863

"""Return the actions associated to the given instance id"""

864

session = get_session()

865

actions = {}

866

for action in session.query(models.InstanceActions).\

867

filter_by(instance_id=instance_id).\

868

all():

869

actions[action.action] = action.error

870

return actions

871

872

752

873

###################

753

874

754

875

792

913

filter_by(deleted=can_read_deleted(context)).\

793

914

first()

794

915

if not result:

795

raise exception.NotFound('no keypair for user %s, name %s' %

916

raise exception.NotFound(_('no keypair for user %s, name %s') %

796

917

(user_id, name))

797

918

return result

798

919

907

1028

filter_by(deleted=False).\

908

1029

first()

909

1030

if not result:

910

raise exception.NotFound('No network for id %s' % network_id)

1031

raise exception.NotFound(_('No network for id %s') % network_id)

911

1032

912

1033

return result

913

1034

915

1036

# NOTE(vish): pylint complains because of the long method name, but

916

1037

# it fits with the names of the rest of the methods

917

1038

# pylint: disable-msg=C0103

1039

1040

918

1041

@require_admin_context

919

1042

def network_get_associated_fixed_ips(context, network_id):

920

1043

session = get_session()

935

1058

first()

936

1059

937

1060

if not result:

938

raise exception.NotFound('No network for bridge %s' % bridge)

1061

raise exception.NotFound(_('No network for bridge %s') % bridge)

939

1062

return result

940

1063

941

1064

949

1072

filter_by(deleted=False).\

950

1073

first()

951

1074

if not rv:

952

raise exception.NotFound('No network for instance %s' % instance_id)

1075

raise exception.NotFound(_('No network for instance %s') % instance_id)

953

1076

return rv

954

1077

955

1078

963

1086

with_lockmode('update').\

964

1087

first()

965

1088

if not network_ref:

966

raise exception.NotFound('No network for id %s' % network_id)

1089

raise exception.NotFound(_('No network for id %s') % network_id)

967

1090

968

1091

# NOTE(vish): if with_lockmode isn't supported, as in sqlite,

969

1092

# then this has concurrency issues

987

1110

988

1111

989

1112

@require_context

990

def project_get_network(context, project_id):

1113

def project_get_network(context, project_id, associate=True):

991

1114

session = get_session()

992

rv = session.query(models.Network).\

993

filter_by(project_id=project_id).\

994

filter_by(deleted=False).\

995

first()

996

if not rv:

1115

result = session.query(models.Network).\

1116

filter_by(project_id=project_id).\

1117

filter_by(deleted=False).\

1118

first()

1119

if not result:

1120

if not associate:

1121

return None

997

1122

try:

998

1123

return network_associate(context, project_id)

999

1124

except IntegrityError:

1000

1125

# NOTE(vish): We hit this if there is a race and two

1001

1126

# processes are attempting to allocate the

1002

1127

# network at the same time

1003

rv = session.query(models.Network).\

1004

filter_by(project_id=project_id).\

1005

filter_by(deleted=False).\

1006

first()

1007

return rv

1128

result = session.query(models.Network).\

1129

filter_by(project_id=project_id).\

1130

filter_by(deleted=False).\

1131

first()

1132

return result

1008

1133

1009

1134

1010

1135

###################

1064

1189

###################

1065

1190

1066

1191

1192

@require_admin_context

1067

1193

def auth_destroy_token(_context, token):

1068

1194

session = get_session()

1069

1195

session.delete(token)

1070

1196

1071

1197

1198

@require_admin_context

1072

1199

def auth_get_token(_context, token_hash):

1073

1200

session = get_session()

1074

1201

tk = session.query(models.AuthToken).\

1075

1202

filter_by(token_hash=token_hash).\

1076

1203

first()

1077

1204

if not tk:

1078

raise exception.NotFound('Token %s does not exist' % token_hash)

1205

raise exception.NotFound(_('Token %s does not exist') % token_hash)

1079

1206

return tk

1080

1207

1081

1208

1209

@require_admin_context

1082

1210

def auth_create_token(_context, token):

1083

1211

tk = models.AuthToken()

1084

1212

tk.update(token)

1099

1227

filter_by(deleted=can_read_deleted(context)).\

1100

1228

first()

1101

1229

if not result:

1102

raise exception.NotFound('No quota for project_id %s' % project_id)

1230

raise exception.NotFound(_('No quota for project_id %s') % project_id)

1103

1231

1104

1232

return result

1105

1233

1254

1382

filter_by(deleted=False).\

1255

1383

first()

1256

1384

if not result:

1257

raise exception.NotFound('No volume for id %s' % volume_id)

1385

raise exception.NotFound(_('No volume for id %s') % volume_id)

1258

1386

1259

1387

return result

1260

1388

1310

1438

raise exception.NotAuthorized()

1311

1439

1312

1440

if not result:

1313

raise exception.NotFound('Volume %s not found' % ec2_id)

1441

raise exception.NotFound(_('Volume %s not found') % ec2_id)

1314

1442

1315

1443

return result

1316

1444

1334

1462

options(joinedload('instance')).\

1335

1463

first()

1336

1464

if not result:

1337

raise exception.NotFound('Volume %s not found' % ec2_id)

1465

raise exception.NotFound(_('Volume %s not found') % ec2_id)

1338

1466

1339

1467

return result.instance

1340

1468

1346

1474

filter_by(volume_id=volume_id).\

1347

1475

first()

1348

1476

if not result:

1349

raise exception.NotFound('No export device found for volume %s' %

1477

raise exception.NotFound(_('No export device found for volume %s') %

1350

1478

volume_id)

1351

1479

1352

1480

return (result.shelf_id, result.blade_id)

1359

1487

filter_by(volume_id=volume_id).\

1360

1488

first()

1361

1489

if not result:

1362

raise exception.NotFound('No target id found for volume %s' %

1490

raise exception.NotFound(_('No target id found for volume %s') %

1363

1491

volume_id)

1364

1492

1365

1493

return result.target_num

1404

1532

options(joinedload_all('rules')).\

1405

1533

first()

1406

1534

if not result:

1407

raise exception.NotFound("No secuity group with id %s" %

1535

raise exception.NotFound(_("No security group with id %s") %

1408

1536

security_group_id)

1409

1537

return result

1410

1538

1421

1549

first()

1422

1550

if not result:

1423

1551

raise exception.NotFound(

1424

'No security group named %s for project: %s' \

1552

_('No security group named %s for project: %s')

1425

1553

% (group_name, project_id))

1426

1554

return result

1427

1555

1509

1637

filter_by(id=security_group_rule_id).\

1510

1638

first()

1511

1639

if not result:

1512

raise exception.NotFound("No secuity group rule with id %s" %

1640

raise exception.NotFound(_("No secuity group rule with id %s") %

1513

1641

security_group_rule_id)

1514

1642

return result

1515

1643

1583

1711

first()

1584

1712

1585

1713

if not result:

1586

raise exception.NotFound('No user for id %s' % id)

1714

raise exception.NotFound(_('No user for id %s') % id)

1587

1715

1588

1716

return result

1589

1717

1599

1727

first()

1600

1728

1601

1729

if not result:

1602

raise exception.NotFound('No user for access key %s' % access_key)

1730

raise exception.NotFound(_('No user for access key %s') % access_key)

1603

1731

1604

1732

return result

1605

1733

1661

1789

first()

1662

1790

1663

1791

if not result:

1664

raise exception.NotFound("No project with id %s" % id)

1792

raise exception.NotFound(_("No project with id %s") % id)

1665

1793

1666

1794

return result

1667

1795

Older »