NSX-1: move validation for security* to codebase

cloudify-cosmo · Jan 19, 2017 · 39b32b4 · 39b32b4
1 parent a90693a
commit 39b32b4
Show file tree

Hide file tree

Showing 15 changed files with 129 additions and 89 deletions.
diff --git a/cloudify_nsx/library/nsx_common.py b/cloudify_nsx/library/nsx_common.py
@@ -206,7 +206,9 @@ def get_properties_and_validate(name, kwargs, validate_dict=None):
     if not validate_dict:
         _, validate_dict = get_properties('validate_' + name, kwargs)
     else:
-        ctx.logger.info("Used predefined rules %s: %s" % (name, str(validate_dict)))
+        ctx.logger.info("Used predefined rules %s: %s" % (
+            name, str(validate_dict))
+        )
     ctx.logger.info("checking %s: %s" % (name, str(properties_dict)))
     return use_existing, validate(
         properties_dict, validate_dict, use_existing

diff --git a/cloudify_nsx/security/group.py b/cloudify_nsx/security/group.py
@@ -21,8 +21,28 @@
 
 @operation
 def create(**kwargs):
+
+    validation_rules = {
+        "scopeId": {
+            "default": "globalroot-0",
+            "required": True
+        },
+        "name": {
+            "required": True
+        },
+        "member": {
+            "set_none": True
+        },
+        "excludeMember": {
+            "set_none": True
+        },
+        "dynamicMemberDefinition": {
+            "set_none": True
+        }
+    }
+
     use_existing, group = common.get_properties_and_validate(
-        'group', kwargs
+        'group', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/group_dynamic_member.py b/cloudify_nsx/security/group_dynamic_member.py
@@ -20,8 +20,19 @@
 
 @operation
 def create(**kwargs):
+
+    validation_rules = {
+        "security_group_id": {
+            "required": True
+        },
+        # dynamic member definition
+        "dynamic_set": {
+            "required": True
+        }
+    }
+
     use_existing, dynamic_member = common.get_properties_and_validate(
-        'dynamic_member', kwargs
+        'dynamic_member', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/group_exclude_member.py b/cloudify_nsx/security/group_exclude_member.py
@@ -20,8 +20,19 @@
 
 @operation
 def create(**kwargs):
+
+    validate_rules = {
+        "security_group_id": {
+            "required": True
+        },
+        # member id
+        "objectId": {
+            "required": True
+        }
+    }
+
     use_existing, group_exclude_member = common.get_properties_and_validate(
-        'group_exclude_member', kwargs
+        'group_exclude_member', kwargs, validate_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/group_member.py b/cloudify_nsx/security/group_member.py
@@ -20,8 +20,18 @@
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "security_group_id": {
+            "required": True,
+        },
+        # member id
+        "objectId": {
+            "required": True
+        }
+    }
+
     use_existing, group_member = common.get_properties_and_validate(
-        'group_member', kwargs
+        'group_member', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/policy.py b/cloudify_nsx/security/policy.py
@@ -31,8 +31,30 @@ def _update_policy(exist_policy):
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "name": {
+            "required": True
+        },
+        "description": {
+            "set_none": True
+        },
+        "precedence": {
+            "type": "string",
+            "required": True
+        },
+        "parent": {
+            "set_none": True
+        },
+        "securityGroupBinding": {
+            "set_none": True
+        },
+        "actionsByCategory": {
+            "set_none": True
+        }
+    }
+
     use_existing, policy = common.get_properties_and_validate(
-        'policy', kwargs
+        'policy', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/policy_group_bind.py b/cloudify_nsx/security/policy_group_bind.py
@@ -20,8 +20,17 @@
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "security_policy_id": {
+            "required": True
+        },
+        "security_group_id": {
+            "required": True
+        }
+    }
+
     use_existing, policy_group_bind = common.get_properties_and_validate(
-        'policy_group_bind', kwargs
+        'policy_group_bind', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/policy_section.py b/cloudify_nsx/security/policy_section.py
@@ -20,8 +20,20 @@
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "security_policy_id": {
+            "required": True
+        },
+        "category": {
+            "required": True
+        },
+        "action": {
+            "required": True
+        }
+    }
+
     use_existing, policy_section = common.get_properties_and_validate(
-        'policy_section', kwargs
+        'policy_section', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/tag.py b/cloudify_nsx/security/tag.py
@@ -21,8 +21,17 @@
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "name": {
+            "required": True
+        },
+        "description": {
+            "set_none": True
+        }
+    }
+
     use_existing, tag = common.get_properties_and_validate(
-        'tag', kwargs
+        'tag', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/security/tag_vm.py b/cloudify_nsx/security/tag_vm.py
@@ -20,8 +20,17 @@
 
 @operation
 def create(**kwargs):
+    validation_rules = {
+        "tag_id": {
+            "required": True
+        },
+        "vm_id": {
+            "required": True
+        }
+    }
+
     use_existing, vm_tag = common.get_properties_and_validate(
-        'vm_tag', kwargs
+        'vm_tag', kwargs, validation_rules
     )
 
     resource_id = ctx.instance.runtime_properties.get('resource_id')

diff --git a/cloudify_nsx/vcenter/datacenter.py b/cloudify_nsx/vcenter/datacenter.py
@@ -30,7 +30,7 @@ def create(**kwargs):
         }
     }
 
-    use_existing, resource_pool = common.get_properties_and_validate(
+    use_existing, datacenter = common.get_properties_and_validate(
         'datacenter', kwargs, validation_rules
     )
 

diff --git a/cloudify_nsx/vcenter/datastore.py b/cloudify_nsx/vcenter/datastore.py
@@ -30,7 +30,7 @@ def create(**kwargs):
         }
     }
 
-    use_existing, resource_pool = common.get_properties_and_validate(
+    use_existing, datastore = common.get_properties_and_validate(
         'datastore', kwargs, validation_rules
     )
 

diff --git a/cloudify_nsx/vcenter/dvportgroup.py b/cloudify_nsx/vcenter/dvportgroup.py
@@ -29,7 +29,7 @@ def create(**kwargs):
         }
     }
 
-    use_existing, resource_pool = common.get_properties_and_validate(
+    use_existing, dvportgroup = common.get_properties_and_validate(
         'dvportgroup', kwargs, validation_rules
     )
 

diff --git a/cloudify_nsx/vcenter/vm.py b/cloudify_nsx/vcenter/vm.py
@@ -30,7 +30,7 @@ def create(**kwargs):
         }
     }
 
-    use_existing, resource_pool = common.get_properties_and_validate(
+    use_existing, vm = common.get_properties_and_validate(
         'server', kwargs, validation_rules
     )
 

diff --git a/plugin.yaml b/plugin.yaml
@@ -180,19 +180,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_group:
-        default:
-          scopeId:
-            default: globalroot-0
-            required: true
-          name:
-            required: true
-          member:
-            set_none: true
-          excludeMember:
-            set_none: true
-          dynamicMemberDefinition:
-            set_none: true
       group:
         default:
           scopeId: globalroot-0
@@ -220,13 +207,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_dynamic_member:
-        default:
-          security_group_id:
-            required: true
-          # dynamic member definition
-          dynamic_set:
-            required: true
       dynamic_member:
         default:
           dynamic_set: ""
@@ -251,13 +231,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_group_member:
-        default:
-          security_group_id:
-            required: true
-          # member id
-          objectId:
-            required: true
       group_member:
         default:
           security_group_id: ""
@@ -282,13 +255,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_group_exclude_member:
-        default:
-          security_group_id:
-            required: true
-          # member id
-          objectId:
-            required: true
       group_exclude_member:
         default:
           security_group_id: ""
@@ -313,21 +279,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_policy:
-        default:
-          name:
-            required: true
-          description:
-            set_none: true
-          precedence:
-            type: string
-            required: true
-          parent:
-            set_none: true
-          securityGroupBinding:
-            set_none: true
-          actionsByCategory:
-            set_none: true
       policy:
         default:
           name: ""
@@ -356,12 +307,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_policy_group_bind:
-        default:
-          security_policy_id:
-            required: true
-          security_group_id:
-            required: true
       policy_group_bind:
         default:
           security_policy_id: ""
@@ -386,14 +331,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_policy_section:
-        default:
-          security_policy_id:
-            required: true
-          category:
-            required: true
-          action:
-            required: true
       policy_section:
         default:
           security_policy_id: ""
@@ -419,12 +356,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_tag:
-        default:
-          name:
-            required: true
-          description:
-            set_none: true
       tag:
         default:
           name: ""
@@ -449,12 +380,6 @@ node_types:
       # resource nsx id
       resource_id:
         required: false
-      validate_vm_tag:
-        default:
-          tag_id:
-            required: true
-          vm_id:
-            required: true
       vm_tag:
         default:
           tag_id: ""