SlicePrivilege and SitePrivilege support
diff --git a/xos/tosca/custom_types/xos.yaml b/xos/tosca/custom_types/xos.yaml
index 59cbb77..044f281 100644
--- a/xos/tosca/custom_types/xos.yaml
+++ b/xos/tosca/custom_types/xos.yaml
@@ -230,7 +230,11 @@
tosca.relationships.PIPrivilege:
derived_from: tosca.relationships.Root
- valid_target_types: [ tosca.capabilities.xos.Slice, tosca.capabiltys.xos.Site ]
+ valid_target_types: [ tosca.capabiltys.xos.Site ]
+
+ tosca.relationships.TechPrivilege:
+ derived_from: tosca.relationships.Root
+ valid_target_types: [ tosca.capabiltys.xos.Site ]
tosca.capabilities.xos.Service:
derived_from: tosca.capabilities.Root
diff --git a/xos/tosca/engine.py b/xos/tosca/engine.py
index 5417cbc..a0d917d 100644
--- a/xos/tosca/engine.py
+++ b/xos/tosca/engine.py
@@ -122,7 +122,7 @@
if nodetemplate.type in resources.resources:
cls = resources.resources[nodetemplate.type]
#print "work on", cls.__name__, nodetemplate.name
- obj = cls(user, nodetemplate)
+ obj = cls(user, nodetemplate, self)
obj.create_or_update()
def destroy(self, user):
@@ -131,7 +131,7 @@
for nodetemplate in nodetemplates:
if nodetemplate.type in resources.resources:
cls = resources.resources[nodetemplate.type]
- obj = cls(user, nodetemplate)
+ obj = cls(user, nodetemplate, self)
for model in obj.get_existing_objs():
models.append( (obj, model) )
models.reverse()
@@ -139,3 +139,22 @@
print "destroying", model
resource.delete(model)
+ def name_to_xos_class(self, user, name):
+ nt = self.nodetemplates_by_name.get(name)
+ if not nt:
+ raise Exception("failed to find nodetemplate %s" % name)
+
+ cls = resources.resources.get(nt.type)
+ if not cls:
+ raise Exception("nodetemplate %s's type does not resolve to a known resource type" % name)
+
+ return (nt, cls, cls.xos_model)
+
+ def name_to_xos_model(self, user, name):
+ (nt, cls, model_class) = self.name_to_xos_class(user, name)
+ obj = cls(user, nt, self)
+ existing_objs = obj.get_existing_objs()
+ if not existing_objs:
+ raise Exception("failed to find xos %s %s" % (cls.__name__, name))
+ return existing_objs[0]
+
diff --git a/xos/tosca/resources/slice.py b/xos/tosca/resources/slice.py
index 054111c..073e205 100644
--- a/xos/tosca/resources/slice.py
+++ b/xos/tosca/resources/slice.py
@@ -5,7 +5,7 @@
sys.path.append("/opt/tosca")
from translator.toscalib.tosca_template import ToscaTemplate
-from core.models import Slice,User,Site,Network,NetworkSlice
+from core.models import Slice,User,Site,Network,NetworkSlice,SliceRole,SlicePrivilege
from xosresource import XOSResource
@@ -27,6 +27,17 @@
ns.save()
self.info("Added network connection from '%s' to '%s'" % (str(obj), str(net)))
+ rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), ("tosca.relationships.AccessPrivilege", "access"),
+ ("tosca.relationships.PIPrivilege", "pi"), ("tosca.relationships.TechPrivilege", "tech") )
+ for (rel, role) in rolemap:
+ for email in self.get_requirements(rel):
+ role = self.get_xos_object(SliceRole, role=role)
+ user = self.get_xos_object(User, email=email)
+ if not SlicePrivilege.objects.filter(user=user, role=role, slice=obj):
+ sp = SlicePrivilege(user=user, role=role, slice=obj)
+ sp.save()
+ self.info("Added slice privilege on %s role %s for %s" % (str(obj), str(role), str(user)))
+
def create(self):
nodetemplate = self.nodetemplate
sliceName = nodetemplate.name
diff --git a/xos/tosca/resources/user.py b/xos/tosca/resources/user.py
index 0f0c0a1..125df4f 100644
--- a/xos/tosca/resources/user.py
+++ b/xos/tosca/resources/user.py
@@ -5,7 +5,7 @@
sys.path.append("/opt/tosca")
from translator.toscalib.tosca_template import ToscaTemplate
-from core.models import User, Site
+from core.models import User, Site, SiteRole, SliceRole, SlicePrivilege, SitePrivilege
from xosresource import XOSResource
@@ -32,7 +32,23 @@
return self.xos_model.objects.filter(email = self.nodetemplate.name)
def postprocess(self, obj):
- pass
+ rolemap = ( ("tosca.relationships.AdminPrivilege", "admin"), ("tosca.relationships.AccessPrivilege", "access"),
+ ("tosca.relationships.PIPrivilege", "pi"), ("tosca.relationships.TechPrivilege", "tech") )
+ for (rel, role) in rolemap:
+ for obj_name in self.get_requirements(rel):
+ dest = self.engine.name_to_xos_model(self.user, obj_name)
+ if dest.__class__.__name__ == "Slice":
+ role_obj = self.get_xos_object(SliceRole, role=role)
+ if not SlicePrivilege.objects.filter(user=user, role=role_obj, slice=dest):
+ sp = SlicePrivilege(user=obj, role=role_obj, slice=dest)
+ sp.save()
+ self.info("Added slice privilege on %s role %s for %s" % (str(dest), str(role), str(obj)))
+ elif dest.__class__.__name__ == "Site":
+ role_obj = self.get_xos_object(SiteRole, role=role)
+ if not SitePrivilege.objects.filter(user=obj, role=role_obj, site=dest):
+ sp = SitePrivilege(user=obj, role=role_obj, site=dest)
+ sp.save()
+ self.info("Added site privilege on %s role %s for %s" % (str(dest), str(role), str(obj)))
def create(self):
nodetemplate = self.nodetemplate
diff --git a/xos/tosca/resources/xosresource.py b/xos/tosca/resources/xosresource.py
index 756aaf8..a0426cf 100644
--- a/xos/tosca/resources/xosresource.py
+++ b/xos/tosca/resources/xosresource.py
@@ -5,10 +5,11 @@
xos_model = None
provides = None
- def __init__(self, user, nodetemplate):
+ def __init__(self, user, nodetemplate, engine):
self.dirty = False
self.user = user
self.nodetemplate = nodetemplate
+ self.engine = engine
def get_all_required_node_names(self):
results = []
diff --git a/xos/tosca/samples/privileges.yaml b/xos/tosca/samples/privileges.yaml
new file mode 100644
index 0000000..d15f343
--- /dev/null
+++ b/xos/tosca/samples/privileges.yaml
@@ -0,0 +1,60 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Make some network templates
+
+imports:
+ - custom_types/xos.yaml
+
+topology_template:
+ node_templates:
+ mysite:
+ type: tosca.nodes.Site
+
+ johndoe@foo.bar:
+ type: tosca.nodes.User
+ properties:
+ password: letmein
+ firstname: john
+ lastname: doe
+ requirements:
+ - site:
+ node: mysite
+ relationship: tosca.relationships.MemberOfSite
+ # Site privilege must always be specified in user objects, since
+ # user depends on site.
+ - privilege:
+ node: mysite
+ relationship: tosca.relationships.PIPrivilege
+
+ janedoe@foo.bar:
+ type: tosca.nodes.User
+ properties:
+ password: letmein
+ firstname: john
+ lastname: doe
+ requirements:
+ - site:
+ node: mysite
+ relationship: tosca.relationships.MemberOfSite
+ - privilege:
+ node: mysite
+ relationship: tosca.relationships.TechPrivilege
+
+ privsite:
+ type: tosca.nodes.Site
+
+ privsite_slice1:
+ type: tosca.nodes.Slice
+ requirements:
+ - slice:
+ node: privsite
+ relationship: tosca.relationships.MemberOfSite
+ # Slice privileges must always be specified in slice objects, since
+ # slice depends on user.
+ - privilege:
+ node: johndoe@foo.bar
+ relationship: tosca.relationships.AdminPrivilege
+ - privilege:
+ node: janedoe@foo.bar
+ relationship: tosca.relationships.AccessPrivilege
+