GlanceAuth
[source]¶Bases: object
get_glance_client
(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None)[source]¶Create glance client object.
Parameters: |
|
---|---|
Returns: | a Glance Client object. |
Raises: | Exception – if the client cannot be created |
glance_client
= None¶NeutronAuth
[source]¶Bases: object
get_neutron_client
(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, ca_cert=None)[source]¶Create neutron client object.
Parameters: |
|
---|---|
Returns: | a Neutron Client object. |
Raises: | Exception – if the client cannot be created |
neutron_client
= None¶NovaAuth
[source]¶Bases: object
get_nova_client
(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None)[source]¶Create nova client object.
Parameters: |
|
---|---|
Returns: | a Nova Client object. |
Raises: | Exception – if the client cannot be created |
nova_client
= None¶Routines for configuring Octavia
Amphora
(id=None, load_balancer_id=None, compute_id=None, status=None, lb_network_ip=None, vrrp_ip=None, ha_ip=None, vrrp_port_id=None, ha_port_id=None, load_balancer=None, role=None, cert_expiration=None, cert_busy=False, vrrp_interface=None, vrrp_id=None, vrrp_priority=None, cached_zone=None, created_at=None, updated_at=None, image_id=None)[source]¶BaseDataModel
[source]¶Bases: object
HealthMonitor
(id=None, project_id=None, pool_id=None, type=None, delay=None, timeout=None, fall_threshold=None, rise_threshold=None, http_method=None, url_path=None, expected_codes=None, enabled=None, pool=None, name=None, provisioning_status=None, operating_status=None, created_at=None, updated_at=None)[source]¶L7Policy
(id=None, name=None, description=None, listener_id=None, action=None, redirect_pool_id=None, redirect_url=None, position=None, listener=None, redirect_pool=None, enabled=None, l7rules=None, provisioning_status=None, operating_status=None, project_id=None, created_at=None, updated_at=None)[source]¶L7Rule
(id=None, l7policy_id=None, type=None, enabled=None, compare_type=None, key=None, value=None, l7policy=None, invert=False, provisioning_status=None, operating_status=None, project_id=None, created_at=None, updated_at=None)[source]¶Listener
(id=None, project_id=None, name=None, description=None, default_pool_id=None, load_balancer_id=None, protocol=None, protocol_port=None, connection_limit=None, enabled=None, provisioning_status=None, operating_status=None, tls_certificate_id=None, stats=None, default_pool=None, load_balancer=None, sni_containers=None, peer_port=None, l7policies=None, pools=None, insert_headers=None, created_at=None, updated_at=None, timeout_client_data=None, timeout_member_connect=None, timeout_member_data=None, timeout_tcp_inspect=None)[source]¶ListenerStatistics
(listener_id=None, amphora_id=None, bytes_in=0, bytes_out=0, active_connections=0, total_connections=0, request_errors=0)[source]¶LoadBalancer
(id=None, project_id=None, name=None, description=None, provisioning_status=None, operating_status=None, enabled=None, topology=None, vip=None, listeners=None, amphorae=None, pools=None, vrrp_group=None, server_group_id=None, created_at=None, updated_at=None, provider=None)[source]¶LoadBalancerStatistics
(bytes_in=0, bytes_out=0, active_connections=0, total_connections=0, request_errors=0, listeners=None)[source]¶Member
(id=None, project_id=None, pool_id=None, ip_address=None, protocol_port=None, weight=None, backup=None, enabled=None, subnet_id=None, operating_status=None, pool=None, created_at=None, updated_at=None, provisioning_status=None, name=None, monitor_address=None, monitor_port=None)[source]¶Pool
(id=None, project_id=None, name=None, description=None, protocol=None, lb_algorithm=None, enabled=None, operating_status=None, members=None, health_monitor=None, session_persistence=None, load_balancer_id=None, load_balancer=None, listeners=None, l7policies=None, created_at=None, updated_at=None, provisioning_status=None)[source]¶Quotas
(project_id=None, load_balancer=None, listener=None, pool=None, health_monitor=None, member=None, in_use_health_monitor=None, in_use_listener=None, in_use_load_balancer=None, in_use_member=None, in_use_pool=None)[source]¶SessionPersistence
(pool_id=None, type=None, cookie_name=None, pool=None, persistence_timeout=None, persistence_granularity=None)[source]¶TLSContainer
(id=None, primary_cn=None, certificate=None, private_key=None, passphrase=None, intermediates=None)[source]¶VRRPGroup
(load_balancer_id=None, vrrp_group_name=None, vrrp_auth_type=None, vrrp_auth_pass=None, advert_int=None, smtp_server=None, smtp_connect_timeout=None, load_balancer=None)[source]¶Decorators to provide backwards compatibility for V1 API.
Octavia base exception handling.
APIException
(**kwargs)[source]¶Bases: webob.exc.HTTPClientError
code
= 500¶msg
= 'Something unknown went wrong'¶CertificateGenerationException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Could not sign the certificate request: %(msg)s'¶CertificateRetrievalException
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Could not retrieve certificate: %(ref)s'¶CertificateStorageException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Could not store certificate: %(msg)s'¶ComputeBuildException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to build compute instance due to: %(fault)s'¶ComputeBuildQueueTimeoutException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to get an amphora build slot.'¶ComputeDeleteException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to delete compute instance.'¶ComputeGetException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to retrieve compute instance.'¶ComputeGetInterfaceException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to retrieve compute virtual interfaces.'¶ComputeStatusException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to retrieve compute instance status.'¶ComputeWaitTimeoutException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Waiting for compute to go active timeout.'¶DisabledOption
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'The selected %(option)s is not allowed in this deployment: %(value)s'¶DuplicateHealthMonitor
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'This pool already has a health monitor'¶DuplicateListenerEntry
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Another Listener on this Load Balancer is already using protocol_port %(port)d'¶DuplicateMemberEntry
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Another member on this pool is already using ip %(ip_address)s on protocol_port %(port)d'¶DuplicatePoolEntry
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'This listener already has a default pool'¶GlanceNoTaggedImages
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'No Glance images are tagged with %(tag)s tag.'¶IDAlreadyExists
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Already an entity with that specified id.'¶ImmutableObject
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= '%(resource)s %(id)s is immutable and cannot be updated.'¶InvalidAmphoraOperatingSystem
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Invalid amphora operating system: %(os_name)s'¶InvalidFilterArgument
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'One or more arguments are either duplicate or invalid'¶InvalidHMACException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= "HMAC hashes didn't match"¶InvalidL7PolicyAction
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Invalid L7 Policy action specified: %(action)s'¶InvalidL7PolicyArgs
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Invalid L7 Policy arguments: %(msg)s'¶InvalidL7Rule
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Invalid L7 Rule: %(msg)s'¶InvalidLimit
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= "Supplied pagination limit '%(key)s' is not valid."¶InvalidMarker
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= "Supplied pagination marker '%(key)s' is not valid."¶InvalidOption
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= '%(value)s is not a valid option for %(option)s'¶InvalidRegex
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Unable to parse regular expression: %(e)s'¶InvalidSortDirection
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= "Supplied sort direction '%(key)s' is not valid."¶InvalidSortKey
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= "Supplied sort key '%(key)s' is not valid."¶InvalidString
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Invalid characters in %(what)s'¶InvalidSubresource
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= '%(resource)s %(id)s not found.'¶InvalidTopology
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Invalid topology specified: %(topology)s'¶InvalidURL
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Not a valid URL: %(url)s'¶InvalidURLPath
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Not a valid URLPath: %(url_path)s'¶L7RuleValidation
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Error parsing L7Rule: %(error)s'¶LBPendingStateError
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Invalid state %(state)s of loadbalancer resource %(id)s'¶MisMatchedKey
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Key and x509 certificate do not match'¶MissingAPIProjectID
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶message
= 'Missing project ID in request where one is required.'¶MissingArguments
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Missing arguments.'¶MissingProjectID
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Missing project ID in request where one is required.'¶MissingVIPSecurityGroup
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'VIP security group is missing for load balancer: %(lb_id)s'¶NeedsPassphrase
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Passphrase needed to decrypt key but client did not provide one.'¶NetworkConfig
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Unable to allocate network resource from config'¶NoReadyAmphoraeException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'There are not any READY amphora available.'¶NotFound
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 404¶msg
= '%(resource)s %(id)s not found.'¶OctaviaException
(*args, **kwargs)[source]¶Bases: Exception
Base Octavia Exception.
To correctly use this class, inherit from it and define a ‘message’ property. That message will get printf’d with the keyword arguments provided to the constructor.
message
= 'An unknown exception occurred.'¶orig_code
= None¶orig_msg
= None¶PolicyForbidden
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 403¶msg
= 'Policy does not allow this request to be performed.'¶PoolInUseByL7Policy
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Pool %(id)s is in use by L7 policy %(l7policy_id)s'¶ProjectBusyException
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 503¶msg
= 'Project busy. Unable to lock the project. Please try again.'¶ProviderDriverError
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 500¶msg
= "Provider '%(prov)s' reports error: %(user_msg)s"¶ProviderNotEnabled
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= "Provider '%(prov)s' is not enabled."¶ProviderNotFound
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 501¶msg
= "Provider '%(prov)s' was not found."¶ProviderNotImplementedError
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 501¶msg
= "Provider '%(prov)s' does not support a requested action: %(user_msg)s"¶ProviderUnsupportedOptionError
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 501¶msg
= "Provider '%(prov)s' does not support a requested option: %(user_msg)s"¶QuotaException
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 403¶msg
= 'Quota has been met for resources: %(resource)s'¶ServerGroupObjectCreateException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to create server group object.'¶ServerGroupObjectDeleteException
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Failed to delete server group object.'¶SingleCreateDetailsMissing
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Missing details for %(type)s object: %(name)'¶TooManyL7RulesOnL7Policy
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 409¶msg
= 'Too many rules on L7 policy %(id)s'¶UnreadableCert
(*args, **kwargs)[source]¶Bases: octavia.common.exceptions.OctaviaException
message
= 'Could not read X509 from PEM'¶VIPValidationException
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Validation failure: VIP must contain one of: %(objects)s.'¶ValidationException
(**kwargs)[source]¶Bases: octavia.common.exceptions.APIException
code
= 400¶msg
= 'Validation failure: %(detail)s'¶SkippingAuthProtocol
(app, conf)[source]¶Bases: keystonemiddleware.auth_token.AuthProtocol
SkippingAuthProtocol to reach special endpoints
Bypasses keystone authentication for special request paths, such as the api version discovery path.
keystonemiddleware.auth_token.AuthProtocol
that disables keystone communication if the request path
is in the _NOAUTH_PATHS list.process_request
(request)[source]¶Process request.
Evaluate the headers in a request and attempt to authenticate the request. If authenticated then additional headers are added to the request for use by applications. If not authenticated the request will be rejected or marked unauthenticated depending on configuration.
Policy Engine For Octavia.
IsAdminCheck
(kind, match)[source]¶Bases: oslo_policy._checks.Check
An explicit check for is_admin.
Policy
(conf=<oslo_config.cfg.ConfigOpts object>, policy_file=None, rules=None, default_rule=None, use_conf=True, overwrite=True)[source]¶Bases: oslo_policy.policy.Enforcer
Verifies that the action is valid on the target in this context.
Parameters: |
|
---|---|
Raises: | PolicyForbidden – if verification fails and do_raise is True. Or if ‘exc’ is specified it will raise an exceptions of that type. |
Returns: | returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False. |
Utilities and helper functions.
base64_sha1_string
(string_to_hash)[source]¶Get a b64-encoded sha1 hash of a string. Not intended to be secure!
exception_logger
(logger=None)[source]¶Bases: object
Wrap a function and log raised exception
Parameters: | logger – the logger to log the exception default is LOG.exception |
---|---|
Returns: | origin value if no exception raised; re-raise the exception if any occurred |
Several handy validation functions that go beyond simple type checking. Defined here so these can also be used at deeper levels than the API.
Raises an error if the value string contains invalid characters.
header_name
(header, what=None)[source]¶Raises an error if header does not look like an HTML header name.
header_value_string
(value, what=None)[source]¶Raises an error if the value string contains invalid characters.
network_exists_optionally_contains_subnet
(network_id, subnet_id=None)[source]¶Raises an exception when a network does not exist.
If a subnet is provided, also validate the network contains that subnet.
sanitize_l7policy_api_args
(l7policy, create=False)[source]¶Validate and make consistent L7Policy API arguments.
This method is mainly meant to sanitize L7 Policy create and update API dictionaries, so that we strip ‘None’ values that don’t apply for our particular update. This method does not verify that any redirect_pool_id exists in the database, but will raise an error if a redirect_url doesn’t look like a URL.
Parameters: | l7policy – The L7 Policy dictionary we are santizing / validating |
---|
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.