"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "ironic/api/controllers/v1/node.py" between
ironic-17.0.2.tar.gz and ironic-17.0.3.tar.gz

About: OpenStack Ironic (Optional Service: Bare-Metal Provisioning) aims to provision bare metal machines instead of virtual machines, forked from the Nova baremetal driver.
The "Wallaby" series (latest release).

node.py  (ironic-17.0.2):node.py  (ironic-17.0.3)
skipping to change at line 1335 skipping to change at line 1335
cdict = api.request.context.to_policy_values() cdict = api.request.context.to_policy_values()
target_dict = dict(cdict) target_dict = dict(cdict)
owner = node.get('owner') owner = node.get('owner')
lessee = node.get('lessee') lessee = node.get('lessee')
if owner: if owner:
target_dict['node.owner'] = owner target_dict['node.owner'] = owner
if lessee: if lessee:
target_dict['node.lessee'] = lessee target_dict['node.lessee'] = lessee
# Scrub the dictionary's contents down to what was requested.
api_utils.sanitize_dict(node, fields)
# NOTE(tenbrae): the 'show_password' policy setting name exists for # NOTE(tenbrae): the 'show_password' policy setting name exists for
# legacy purposes and can not be changed. Changing it will # legacy purposes and can not be changed. Changing it will
# cause upgrade problems for any operators who have # cause upgrade problems for any operators who have
# customized the value of this field # customized the value of this field
# NOTE(TheJulia): These methods use policy.check and normally return # NOTE(TheJulia): These methods use policy.check and normally return
# False in a noauth or password auth based situation, because the # False in a noauth or password auth based situation, because the
# effective caller doesn't match the policy check rule. # effective caller doesn't match the policy check rule.
show_driver_secrets = policy.check("show_password", cdict, target_dict) show_driver_secrets = policy.check("show_password", cdict, target_dict)
show_instance_secrets = policy.check("show_instance_secrets", show_instance_secrets = policy.check("show_instance_secrets",
cdict, target_dict) cdict, target_dict)
skipping to change at line 1356 skipping to change at line 1359
# but until we have auditing clarity, it might not be a big deal. # but until we have auditing clarity, it might not be a big deal.
# Determine if we need to do the additional checks. Keep in mind # Determine if we need to do the additional checks. Keep in mind
# nova integrated with ironic is API read heavy, so it is ideal # nova integrated with ironic is API read heavy, so it is ideal
# to keep the policy checks for say system-member based roles to # to keep the policy checks for say system-member based roles to
# a minimum as they are likely the regular API users as well. # a minimum as they are likely the regular API users as well.
# Also, the default for the filter_threshold is system-member. # Also, the default for the filter_threshold is system-member.
evaluate_additional_policies = not policy.check_policy( evaluate_additional_policies = not policy.check_policy(
"baremetal:node:get:filter_threshold", "baremetal:node:get:filter_threshold",
target_dict, cdict) target_dict, cdict)
node_keys = node.keys()
if evaluate_additional_policies: if evaluate_additional_policies:
# NOTE(TheJulia): The net effect of this is that by default, # NOTE(TheJulia): The net effect of this is that by default,
# at least matching common/policy.py defaults. is these should # at least matching common/policy.py defaults. is these should
# be stripped out. # be stripped out.
if not policy.check("baremetal:node:get:last_error", if ('last_error' in node_keys
target_dict, cdict): and not policy.check("baremetal:node:get:last_error",
target_dict, cdict)):
# Guard the last error from being visible as it can contain # Guard the last error from being visible as it can contain
# hostnames revealing infrastucture internal details. # hostnames revealing infrastucture internal details.
node['last_error'] = ('** Value Redacted - Requires ' node['last_error'] = ('** Value Redacted - Requires '
'baremetal:node:get:last_error ' 'baremetal:node:get:last_error '
'permission. **') 'permission. **')
if not policy.check("baremetal:node:get:reservation", if ('reservation' in node_keys
target_dict, cdict): and not policy.check("baremetal:node:get:reservation",
target_dict, cdict)):
# Guard conductor names from being visible. # Guard conductor names from being visible.
node['reservation'] = ('** Redacted - requires baremetal:' node['reservation'] = ('** Redacted - requires baremetal:'
'node:get:reservation permission. **') 'node:get:reservation permission. **')
if not policy.check("baremetal:node:get:driver_internal_info", if ('driver_internal_info' in node_keys
target_dict, cdict): and not policy.check("baremetal:node:get:driver_internal_info",
target_dict, cdict)):
# Guard conductor names from being visible. # Guard conductor names from being visible.
node['driver_internal_info'] = { node['driver_internal_info'] = {
'content': '** Redacted - Requires baremetal:node:get:' 'content': '** Redacted - Requires baremetal:node:get:'
'driver_internal_info permission. **'} 'driver_internal_info permission. **'}
if not policy.check("baremetal:node:get:driver_info",
target_dict, cdict): if 'driver_info' in node_keys:
if (evaluate_additional_policies
and not policy.check("baremetal:node:get:driver_info",
target_dict, cdict)):
# Guard infrastructure intenral details from being visible. # Guard infrastructure intenral details from being visible.
node['driver_info'] = { node['driver_info'] = {
'content': '** Redacted - requires baremetal:node:get:' 'content': '** Redacted - requires baremetal:node:get:'
'driver_info permission. **'} 'driver_info permission. **'}
if not show_driver_secrets:
node['driver_info'] = strutils.mask_dict_password(
node['driver_info'], "******")
if not show_driver_secrets and node.get('driver_info'): if not show_instance_secrets and 'instance_info' in node_keys:
node['driver_info'] = strutils.mask_dict_password(
node['driver_info'], "******")
if not show_instance_secrets and node.get('instance_info'):
node['instance_info'] = strutils.mask_dict_password( node['instance_info'] = strutils.mask_dict_password(
node['instance_info'], "******") node['instance_info'], "******")
# NOTE(tenbrae): agent driver may store a swift temp_url on the # NOTE(tenbrae): agent driver may store a swift temp_url on the
# instance_info, which shouldn't be exposed to non-admin users. # instance_info, which shouldn't be exposed to non-admin users.
# Now that ironic supports additional policies, we need to hide # Now that ironic supports additional policies, we need to hide
# it here, based on this policy. # it here, based on this policy.
# Related to bug #1613903 # Related to bug #1613903
if node['instance_info'].get('image_url'): if node['instance_info'].get('image_url'):
node['instance_info']['image_url'] = "******" node['instance_info']['image_url'] = "******"
if node.get('driver_internal_info', {}).get('agent_secret_token'): if node.get('driver_internal_info', {}).get('agent_secret_token'):
node['driver_internal_info']['agent_secret_token'] = "******" node['driver_internal_info']['agent_secret_token'] = "******"
update_state_in_older_versions(node) if 'provision_state' in node_keys:
# Update legacy state data for provision state, but only if
# the key is present.
update_state_in_older_versions(node)
hide_fields_in_newer_versions(node) hide_fields_in_newer_versions(node)
api_utils.sanitize_dict(node, fields)
show_states_links = ( show_states_links = (
api_utils.allow_links_node_states_and_driver_properties()) api_utils.allow_links_node_states_and_driver_properties())
show_portgroups = api_utils.allow_portgroups_subcontrollers() show_portgroups = api_utils.allow_portgroups_subcontrollers()
show_volume = api_utils.allow_volume() show_volume = api_utils.allow_volume()
if not show_volume: if not show_volume:
node.pop('volume', None) node.pop('volume', None)
if not show_portgroups: if not show_portgroups:
node.pop('portgroups', None) node.pop('portgroups', None)
if not show_states_links: if not show_states_links:
skipping to change at line 1710 skipping to change at line 1722
_("The sort_key value %(key)s is an invalid field for " _("The sort_key value %(key)s is an invalid field for "
"sorting") % {'key': sort_key}) "sorting") % {'key': sort_key})
marker_obj = None marker_obj = None
if marker: if marker:
marker_obj = objects.Node.get_by_uuid(api.request.context, marker_obj = objects.Node.get_by_uuid(api.request.context,
marker) marker)
# The query parameters for the 'next' URL # The query parameters for the 'next' URL
parameters = {} parameters = {}
possible_filters = {
'maintenance': maintenance,
'chassis_uuid': chassis_uuid,
'associated': associated,
'provision_state': provision_state,
'driver': driver,
'resource_class': resource_class,
'fault': fault,
'conductor_group': conductor_group,
'owner': owner,
'lessee': lessee,
'project': project,
'description_contains': description_contains,
'retired': retired,
'instance_uuid': instance_uuid
}
filters = {}
for key, value in possible_filters.items():
if value is not None:
filters[key] = value
nodes = objects.Node.list(api.request.context, limit, marker_obj,
sort_key=sort_key, sort_dir=sort_dir,
filters=filters)
# Special filtering on results based on conductor field
if conductor:
nodes = self._filter_by_conductor(nodes, conductor)
parameters = {'sort_key': sort_key, 'sort_dir': sort_dir}
if associated:
parameters['associated'] = associated
if maintenance:
parameters['maintenance'] = maintenance
if retired:
parameters['retired'] = retired
if detail is not None:
parameters['detail'] = detail
if instance_uuid: if instance_uuid:
# NOTE(rloo) if instance_uuid is specified, the other query
# parameters are ignored. Since there can be at most one node that
# has this instance_uuid, we do not want to generate a 'next' link.
nodes = self._get_nodes_by_instance(instance_uuid)
# NOTE(rloo) if limit==1 and len(nodes)==1 (see # NOTE(rloo) if limit==1 and len(nodes)==1 (see
# Collection.has_next()), a 'next' link will # Collection.has_next()), a 'next' link will
# be generated, which we don't want. # be generated, which we don't want.
# NOTE(TheJulia): This is done after the query as
# instance_uuid is a unique constraint in the DB
# and we cannot pass a limit of 0 to sqlalchemy
# and expect a response.
limit = 0 limit = 0
else:
possible_filters = {
'maintenance': maintenance,
'chassis_uuid': chassis_uuid,
'associated': associated,
'provision_state': provision_state,
'driver': driver,
'resource_class': resource_class,
'fault': fault,
'conductor_group': conductor_group,
'owner': owner,
'lessee': lessee,
'project': project,
'description_contains': description_contains,
'retired': retired,
}
filters = {}
for key, value in possible_filters.items():
if value is not None:
filters[key] = value
nodes = objects.Node.list(api.request.context, limit, marker_obj,
sort_key=sort_key, sort_dir=sort_dir,
filters=filters)
# Special filtering on results based on conductor field
if conductor:
nodes = self._filter_by_conductor(nodes, conductor)
parameters = {'sort_key': sort_key, 'sort_dir': sort_dir}
if associated:
parameters['associated'] = associated
if maintenance:
parameters['maintenance'] = maintenance
if retired:
parameters['retired'] = retired
if detail is not None:
parameters['detail'] = detail
return node_list_convert_with_links(nodes, limit, return node_list_convert_with_links(nodes, limit,
url=resource_url, url=resource_url,
fields=fields, fields=fields,
**parameters) **parameters)
def _get_nodes_by_instance(self, instance_uuid):
"""Retrieve a node by its instance uuid.
It returns a list with the node, or an empty list if no node is found.
"""
try:
node = objects.Node.get_by_instance_uuid(api.request.context,
instance_uuid)
return [node]
except exception.InstanceNotFound:
return []
def _check_names_acceptable(self, names, error_msg): def _check_names_acceptable(self, names, error_msg):
"""Checks all node 'name's are acceptable, it does not return a value. """Checks all node 'name's are acceptable, it does not return a value.
This function will raise an exception for unacceptable names. This function will raise an exception for unacceptable names.
:param names: list of node names to check :param names: list of node names to check
:param error_msg: error message in case of exception.ClientSideError, :param error_msg: error message in case of exception.ClientSideError,
should contain %(name)s placeholder. should contain %(name)s placeholder.
:raises: exception.NotAcceptable :raises: exception.NotAcceptable
:raises: exception.ClientSideError :raises: exception.ClientSideError
 End of changes. 16 change blocks. 
73 lines changed or deleted 70 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)