octavia.common package

Subpackages

Submodules

octavia.common.base_taskflow module

class BaseTaskFlowEngine[source]

Bases: object

This is the task flow engine

Use this engine to start/load flows in the code

taskflow_load(flow, **kwargs)[source]
class DynamicLoggingConductor(name, jobboard, persistence=None, engine=None, engine_options=None, wait_timeout=None, log=None, max_simultaneous_jobs=1)[source]

Bases: BlockingConductor

class ExtendExpiryDynamicLoggingConductor(name, jobboard, persistence=None, engine=None, engine_options=None, wait_timeout=None, log=None, max_simultaneous_jobs=1)[source]

Bases: DynamicLoggingConductor

class ExtendExpiryListener(engine, job)[source]

Bases: Listener

class FilteredJob(board, name, uuid=None, details=None, backend=None, book=None, book_data=None)[source]

Bases: Job

class JobDetailsFilter(name='')[source]

Bases: Filter

filter(record)[source]

Determine if the specified record is to be logged.

Returns True if the record should be logged, or False otherwise. If deemed appropriate, the record may be modified in-place.

class TaskFlowServiceController(driver)[source]

Bases: object

run_conductor(name)[source]
run_poster(flow_factory, *args, **kwargs)[source]
retryMaskFilter(record)[source]

octavia.common.clients module

class CinderAuth[source]

Bases: object

cinder_client = None
classmethod get_cinder_client(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None)[source]

Create cinder client object.

Parameters:

  • region – The region of the service

  • service_name – The name of the cinder service in the catalog

  • endpoint – The endpoint of the service

  • endpoint_type – The endpoint type of the service

  • insecure – Turn off certificate validation

  • cacert – CA Cert file path

Returns:

a Cinder Client object

Raises:

Exception – if the client cannot be created

class GlanceAuth[source]

Bases: object

classmethod get_glance_client(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None)[source]

Create glance client object.

Parameters:

  • region – The region of the service

  • service_name – The name of the glance service in the catalog

  • endpoint – The endpoint of the service

  • endpoint_type – The endpoint_type of the service

  • insecure – Turn off certificate validation

  • cacert – CA Cert file path

Returns:

a Glance Client object.

Raises:

Exception – if the client cannot be created

glance_client = <glanceclient.v2.client.Client object>
class NeutronAuth[source]

Bases: object

classmethod get_neutron_client()[source]

Create neutron client object.

classmethod get_user_neutron_client(context)[source]

Get neutron client for request user.

It’s possible that the token in the context is a trust scoped which can’t be used to initialize a keystone session. We directly use the token and endpoint_url to initialize neutron client.

neutron_client = None
class NovaAuth[source]

Bases: object

classmethod get_nova_client(region, service_name=None, endpoint=None, endpoint_type='publicURL', insecure=False, cacert=None)[source]

Create nova client object.

Parameters:

  • region – The region of the service

  • service_name – The name of the nova service in the catalog

  • endpoint – The endpoint of the service

  • endpoint_type – The type of the endpoint

  • insecure – Turn off certificate validation

  • cacert – CA Cert file path

Returns:

a Nova Client object.

Raises:

Exception – if the client cannot be created

nova_client = <novaclient.v2.client.Client object>

octavia.common.config module

Routines for configuring Octavia

handle_neutron_deprecations()[source]
init(args, **kwargs)[source]
register_cli_opts()[source]
register_ks_options(group)[source]
set_lib_defaults()[source]

Update default value for configuration options from other namespace.

Example, oslo lib config options. This is needed for config generator tool to pick these default value changes. https://docs.openstack.org/oslo.config/latest/cli/ generator.html#modifying-defaults-from-other-namespaces

setup_logging(conf)[source]

Sets up the logging options for a log with supplied name.

Parameters:

conf – a cfg.ConfOpts object

setup_remote_debugger()[source]

Required setup for remote debugging.

octavia.common.constants module

octavia.common.context module

class RequestContext(user_id=None, **kwargs)[source]

Bases: RequestContext

property session

octavia.common.data_models module

class AdditionalVip(load_balancer_id=None, ip_address=None, subnet_id=None, network_id=None, port_id=None, load_balancer=None)[source]

Bases: BaseDataModel

class Amphora(id=None, load_balancer_id=None, compute_id=None, status=None, lb_network_ip=None, vrrp_ip=None, ha_ip=None, vrrp_port_id=None, ha_port_id=None, load_balancer=None, role=None, cert_expiration=None, cert_busy=False, vrrp_interface=None, vrrp_id=None, vrrp_priority=None, cached_zone=None, created_at=None, updated_at=None, image_id=None, compute_flavor=None)[source]

Bases: BaseDataModel

delete()[source]
class AmphoraHealth(amphora_id=None, last_update=None, busy=False)[source]

Bases: BaseDataModel

class AvailabilityZone(name=None, description=None, enabled=None, availability_zone_profile_id=None)[source]

Bases: BaseDataModel

class AvailabilityZoneProfile(id=None, name=None, provider_name=None, availability_zone_data=None)[source]

Bases: BaseDataModel

class BaseDataModel[source]

Bases: object

classmethod from_dict(dict)[source]
to_dict(calling_classes=None, recurse=False, **kwargs)[source]

Converts a data model to a dictionary.

update(update_dict)[source]

Generic update method which works for simple,

non-relational attributes.

class Flavor(id=None, name=None, description=None, enabled=None, flavor_profile_id=None)[source]

Bases: BaseDataModel

class FlavorProfile(id=None, name=None, provider_name=None, flavor_data=None)[source]

Bases: BaseDataModel

class HealthMonitor(id=None, project_id=None, pool_id=None, type=None, delay=None, timeout=None, fall_threshold=None, rise_threshold=None, http_method=None, url_path=None, expected_codes=None, enabled=None, pool=None, name=None, provisioning_status=None, operating_status=None, created_at=None, updated_at=None, tags=None, http_version=None, domain_name=None)[source]

Bases: BaseDataModel

delete()[source]
class L7Policy(id=None, name=None, description=None, listener_id=None, action=None, redirect_pool_id=None, redirect_url=None, position=None, listener=None, redirect_pool=None, enabled=None, l7rules=None, provisioning_status=None, operating_status=None, project_id=None, created_at=None, updated_at=None, redirect_prefix=None, tags=None, redirect_http_code=None)[source]

Bases: BaseDataModel

delete()[source]
update(update_dict)[source]

Generic update method which works for simple,

non-relational attributes.

class L7Rule(id=None, l7policy_id=None, type=None, enabled=None, compare_type=None, key=None, value=None, l7policy=None, invert=False, provisioning_status=None, operating_status=None, project_id=None, created_at=None, updated_at=None, tags=None)[source]

Bases: BaseDataModel

delete()[source]
class Listener(id=None, project_id=None, name=None, description=None, default_pool_id=None, load_balancer_id=None, protocol=None, protocol_port=None, connection_limit=None, enabled=None, provisioning_status=None, operating_status=None, tls_certificate_id=None, stats=None, default_pool=None, load_balancer=None, sni_containers=None, peer_port=None, l7policies=None, pools=None, insert_headers=None, created_at=None, updated_at=None, timeout_client_data=None, timeout_member_connect=None, timeout_member_data=None, timeout_tcp_inspect=None, tags=None, client_ca_tls_certificate_id=None, client_authentication=None, client_crl_container_id=None, allowed_cidrs=None, tls_ciphers=None, tls_versions=None, alpn_protocols=None, hsts_max_age=None, hsts_include_subdomains=None, hsts_preload=None)[source]

Bases: BaseDataModel

delete()[source]
update(update_dict)[source]

Generic update method which works for simple,

non-relational attributes.

class ListenerCidr(listener_id=None, cidr=None)[source]

Bases: BaseDataModel

to_dict(**kwargs)[source]

Converts a data model to a dictionary.

class ListenerStatistics(listener_id=None, amphora_id=None, bytes_in=0, bytes_out=0, active_connections=0, total_connections=0, request_errors=0, received_time=0.0)[source]

Bases: BaseDataModel

db_fields()[source]
get_stats()[source]
class LoadBalancer(id=None, project_id=None, name=None, description=None, provisioning_status=None, operating_status=None, enabled=None, topology=None, vip=None, listeners=None, amphorae=None, pools=None, vrrp_group=None, server_group_id=None, created_at=None, updated_at=None, provider=None, tags=None, flavor_id=None, availability_zone=None, additional_vips=None)[source]

Bases: BaseDataModel

update(update_dict)[source]

Generic update method which works for simple,

non-relational attributes.

class LoadBalancerStatistics(bytes_in=0, bytes_out=0, active_connections=0, total_connections=0, request_errors=0, listeners=None)[source]

Bases: BaseDataModel

get_stats()[source]
class Member(id=None, project_id=None, pool_id=None, ip_address=None, protocol_port=None, weight=None, backup=None, enabled=None, subnet_id=None, operating_status=None, pool=None, created_at=None, updated_at=None, provisioning_status=None, name=None, monitor_address=None, monitor_port=None, tags=None)[source]

Bases: BaseDataModel

delete()[source]
class Pool(id=None, project_id=None, name=None, description=None, protocol=None, lb_algorithm=None, enabled=None, operating_status=None, members=None, health_monitor=None, session_persistence=None, load_balancer_id=None, load_balancer=None, listeners=None, l7policies=None, created_at=None, updated_at=None, provisioning_status=None, tags=None, tls_certificate_id=None, ca_tls_certificate_id=None, crl_container_id=None, tls_enabled=None, tls_ciphers=None, tls_versions=None, alpn_protocols=None)[source]

Bases: BaseDataModel

delete()[source]
update(update_dict)[source]

Generic update method which works for simple,

non-relational attributes.

class Quotas(project_id=None, load_balancer=None, listener=None, pool=None, health_monitor=None, member=None, l7policy=None, l7rule=None, in_use_health_monitor=None, in_use_listener=None, in_use_load_balancer=None, in_use_member=None, in_use_pool=None, in_use_l7policy=None, in_use_l7rule=None)[source]

Bases: BaseDataModel

class SNI(listener_id=None, position=None, listener=None, tls_container_id=None)[source]

Bases: BaseDataModel

to_dict(**kwargs)[source]

Converts a data model to a dictionary.

class SessionPersistence(pool_id=None, type=None, cookie_name=None, pool=None, persistence_timeout=None, persistence_granularity=None)[source]

Bases: BaseDataModel

delete()[source]
class TLSContainer(id=None, primary_cn=None, certificate=None, private_key=None, passphrase=None, intermediates=None)[source]

Bases: BaseDataModel

class VRRPGroup(load_balancer_id=None, vrrp_group_name=None, vrrp_auth_type=None, vrrp_auth_pass=None, advert_int=None, smtp_server=None, smtp_connect_timeout=None, load_balancer=None)[source]

Bases: BaseDataModel

class Vip(load_balancer_id=None, ip_address=None, subnet_id=None, network_id=None, port_id=None, load_balancer=None, qos_policy_id=None, octavia_owned=None, vnic_type=None)[source]

Bases: BaseDataModel

octavia.common.decorators module

Decorators to provide backwards compatibility for V1 API.

rename_kwargs(**renamed_kwargs)[source]

Renames a class’s variables and maintains backwards compatibility.

Parameters:

renamed_kwargs – mapping of old kwargs to new kwargs. For example, to say a class has renamed variable foo to bar the decorator would be used like: rename_kwargs(foo=’bar’)

octavia.common.exceptions module

Octavia base exception handling.

exception APIException(**kwargs)[source]

Bases: HTTPClientError

code = 500
msg = 'Something unknown went wrong'
exception AmphoraNetworkConfigException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Cannot configure network resource in the amphora: %(detail)s'
exception CertificateGenerationException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Could not sign the certificate request: %(msg)s'
exception CertificateRetrievalException(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Could not retrieve certificate: %(ref)s'
exception CertificateStorageException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Could not store certificate: %(msg)s'
exception ComputeBuildException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to build compute instance due to: %(fault)s'
exception ComputeBuildQueueTimeoutException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to get an amphora build slot.'
exception ComputeDeleteException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to delete compute instance. The compute service reports: %(compute_msg)s'
exception ComputeGetException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to retrieve compute instance.'
exception ComputeGetInterfaceException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to retrieve compute virtual interfaces.'
exception ComputeNoResourcesException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'The compute service does not have the resources available to fulfill the request'
exception ComputePortInUseException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Compute driver reports port %(port)s is already in use.'
exception ComputeStatusException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to retrieve compute instance status.'
exception ComputeUnknownException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Unknown exception from the compute driver: %(exc)s.'
exception ComputeWaitTimeoutException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Waiting for compute id %(id)s to go active timeout.'
exception DisabledOption(**kwargs)[source]

Bases: APIException

code = 400
msg = 'The selected %(option)s is not allowed in this deployment: %(value)s'
exception DuplicateHealthMonitor(**kwargs)[source]

Bases: APIException

code = 409
msg = 'This pool already has a health monitor'
exception DuplicateListenerEntry(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Another Listener on this Load Balancer is already using protocol %(protocol)s and protocol_port %(port)d'
exception DuplicateMemberEntry(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Another member on this pool is already using ip %(ip_address)s on protocol_port %(port)d'
exception DuplicatePoolEntry(**kwargs)[source]

Bases: APIException

code = 409
msg = 'This listener already has a default pool'
exception IDAlreadyExists(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Already an entity with that specified id.'
exception ImageGetException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to retrieve image with %(tag)s tag.'
exception ImmutableObject(**kwargs)[source]

Bases: APIException

code = 409
msg = '%(resource)s %(id)s is immutable and cannot be updated.'
exception InputFileError(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Error with file %(file_name)s. Reason: %(reason)s'
exception InvalidAmphoraOperatingSystem(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Invalid amphora operating system: %(os_name)s'
exception InvalidFilterArgument(**kwargs)[source]

Bases: APIException

code = 400
msg = 'One or more arguments are either duplicate or invalid'
exception InvalidHMACException(*args, **kwargs)[source]

Bases: OctaviaException

message = "HMAC hashes didn't match"
exception InvalidIPAddress(**kwargs)[source]

Bases: APIException

code = 400
msg = 'The IP Address %(ip_addr)s is invalid.'
exception InvalidL7PolicyAction(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Invalid L7 Policy action specified: %(action)s'
exception InvalidL7PolicyArgs(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Invalid L7 Policy arguments: %(msg)s'
exception InvalidL7Rule(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Invalid L7 Rule: %(msg)s'
exception InvalidLimit(**kwargs)[source]

Bases: APIException

code = 400
msg = "Supplied pagination limit '%(key)s' is not valid."
exception InvalidMarker(**kwargs)[source]

Bases: APIException

code = 400
msg = "Supplied pagination marker '%(key)s' is not valid."
exception InvalidOption(**kwargs)[source]

Bases: APIException

code = 400
msg = '%(value)s is not a valid option for %(option)s'
exception InvalidRegex(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Unable to parse regular expression: %(e)s'
exception InvalidSortDirection(**kwargs)[source]

Bases: APIException

code = 400
msg = "Supplied sort direction '%(key)s' is not valid."
exception InvalidSortKey(**kwargs)[source]

Bases: APIException

code = 400
msg = "Supplied sort key '%(key)s' is not valid."
exception InvalidString(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Invalid characters in %(what)s'
exception InvalidSubresource(**kwargs)[source]

Bases: APIException

code = 400
msg = '%(resource)s %(id)s not found.'
exception InvalidTopology(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Invalid topology specified: %(topology)s'
exception InvalidURL(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Not a valid URL: %(url)s'
exception InvalidURLPath(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Not a valid URLPath: %(url_path)s'
exception L7RuleValidation(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Error parsing L7Rule: %(error)s'
exception LBPendingStateError(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Invalid state %(state)s of loadbalancer resource %(id)s'
exception ListenerNoChildren(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Protocol %(protocol)s listeners cannot have child objects.'
exception MisMatchedKey(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Key and x509 certificate do not match'
exception MissingAPIProjectID(**kwargs)[source]

Bases: APIException

code = 400
message = 'Missing project ID in request where one is required.'
exception MissingArguments(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Missing arguments.'
exception MissingCertSubject(**kwargs)[source]

Bases: APIException

code = 400
msg = 'No CN or DNSName(s) found in certificate. The certificate is invalid.'
exception MissingProjectID(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Missing project ID in request where one is required.'
exception MissingVIPSecurityGroup(*args, **kwargs)[source]

Bases: OctaviaException

message = 'VIP security group is missing for load balancer: %(lb_id)s'
exception NeedsPassphrase(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Passphrase needed to decrypt key but client did not provide one.'
exception NetworkConfig(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Unable to allocate network resource from config'
exception NetworkServiceError(*args, **kwargs)[source]

Bases: OctaviaException

message = 'The networking service had a failure: %(net_error)s'
exception NoReadyAmphoraeException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'There are not any READY amphora available.'
exception NotFound(**kwargs)[source]

Bases: APIException

code = 404
msg = '%(resource)s %(id)s not found.'
exception ObjectInUse(**kwargs)[source]

Bases: APIException

code = 409
msg = '%(object)s %(id)s is in use and cannot be modified.'
exception OctaviaException(*args, **kwargs)[source]

Bases: Exception

Base Octavia Exception.

To correctly use this class, inherit from it and define a ‘message’ property. That message will get printf’d with the keyword arguments provided to the constructor.

message = 'An unknown exception occurred.'
orig_code = None
orig_msg = None
static use_fatal_exceptions()[source]
exception PolicyForbidden(**kwargs)[source]

Bases: APIException

code = 403
msg = 'Policy does not allow this request to be performed.'
exception PoolInUseByL7Policy(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Pool %(id)s is in use by L7 policy %(l7policy_id)s'
exception ProjectBusyException(**kwargs)[source]

Bases: APIException

code = 503
msg = 'Project busy.  Unable to lock the project.  Please try again.'
exception ProviderDriverError(**kwargs)[source]

Bases: APIException

code = 500
msg = "Provider '%(prov)s' reports error: %(user_msg)s"
exception ProviderFlavorMismatchError(**kwargs)[source]

Bases: APIException

code = 400
msg = "Flavor '%(flav)s' is not compatible with provider '%(prov)s'"
exception ProviderNotEnabled(**kwargs)[source]

Bases: APIException

code = 400
msg = "Provider '%(prov)s' is not enabled."
exception ProviderNotFound(**kwargs)[source]

Bases: APIException

code = 501
msg = "Provider '%(prov)s' was not found."
exception ProviderNotImplementedError(**kwargs)[source]

Bases: APIException

code = 501
msg = "Provider '%(prov)s' does not support a requested action: %(user_msg)s"
exception ProviderUnsupportedOptionError(**kwargs)[source]

Bases: APIException

code = 501
msg = "Provider '%(prov)s' does not support a requested option: %(user_msg)s"
exception QuotaException(**kwargs)[source]

Bases: APIException

code = 403
msg = 'Quota has been met for resources: %(resource)s'
exception RecordAlreadyExists(**kwargs)[source]

Bases: APIException

code = 409
msg = 'A %(field)s of %(name)s already exists.'
exception ServerGroupObjectCreateException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to create server group object.'
exception ServerGroupObjectDeleteException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to delete server group object.'
exception SingleCreateDetailsMissing(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Missing details for %(type)s object: %(name)s'
exception TooManyL7RulesOnL7Policy(**kwargs)[source]

Bases: APIException

code = 409
msg = 'Too many rules on L7 policy %(id)s'
exception UnreadableCert(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Could not read X509 from PEM'
exception UnreadablePKCS12(**kwargs)[source]

Bases: APIException

code = 400
msg = 'The PKCS12 bundle is unreadable. Please check the PKCS12 bundle validity. In addition, make sure it does not require a pass phrase. Error: %(error)s'
exception VIPValidationException(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Validation failure: VIP must contain one of: %(objects)s.'
exception ValidationException(**kwargs)[source]

Bases: APIException

code = 400
msg = 'Validation failure: %(detail)s'
exception VolumeDeleteException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to delete volume instance.'
exception VolumeGetException(*args, **kwargs)[source]

Bases: OctaviaException

message = 'Failed to retrieve volume instance.'

octavia.common.keystone module

class KeystoneSession(section='service_auth')[source]

Bases: object

get_auth()[source]
get_service_user_id()[source]
get_session(auth=None)[source]

Initializes a Keystone session.

Returns:

a Keystone Session object

class SkippingAuthProtocol(app, conf)[source]

Bases: AuthProtocol

SkippingAuthProtocol to reach special endpoints

Bypasses keystone authentication for special request paths, such as the api version discovery path.

Note:

SkippingAuthProtocol is lean customization of keystonemiddleware.auth_token.AuthProtocol that disables keystone communication if the request path is in the _NOAUTH_PATHS list.

process_request(request)[source]

Process request.

Evaluate the headers in a request and attempt to authenticate the request. If authenticated then additional headers are added to the request for use by applications. If not authenticated the request will be rejected or marked unauthenticated depending on configuration.

octavia.common.policy module

Policy Engine For Octavia.

class IsAdminCheck(kind, match)[source]

Bases: Check

An explicit check for is_admin.

class Policy(conf=<oslo_config.cfg.ConfigOpts object>, policy_file=None, rules=None, default_rule=None, use_conf=True, overwrite=True)[source]

Bases: Enforcer

authorize(action, target, context, do_raise=True, exc=None)[source]

Verifies that the action is valid on the target in this context.

Parameters:

  • context – The oslo context for this request.

  • action – string representing the action to be checked this should be colon separated for clarity. i.e. compute:create_instance, compute:attach_volume, volume:attach_volume

  • target – dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. {'project_id': context.project_id}

  • do_raise – if True (the default), raises PolicyForbidden; if False, returns False

  • exc – Class of the exceptions to raise if the check fails. Any remaining arguments passed to enforce() (both positional and keyword arguments) will be passed to the exceptions class. If not specified, PolicyForbidden will be used.

Raises:

PolicyForbidden – if verification fails and do_raise is True. Or if ‘exc’ is specified it will raise an exceptions of that type.

Returns:

returns a non-False value (not necessarily “True”) if authorized, and the exact value False if not authorized and do_raise is False.

check_is_admin(context)[source]

Does roles contains ‘admin’ role according to policy setting.

get_rules()[source]
get_enforcer()[source]
get_no_context_enforcer()[source]
reset()[source]

octavia.common.rpc module

cleanup()[source]
create_transport(url)[source]
get_client(target, version_cap=None, serializer=None, call_monitor_timeout=None)[source]
get_notifier(service=None, host=None, publisher_id=None)[source]
get_server(target, endpoints, executor='threading', access_policy=<class 'oslo_messaging.rpc.dispatcher.DefaultRPCAccessPolicy'>, serializer=None)[source]
get_transport_url(url_str=None)[source]
init()[source]

octavia.common.service module

prepare_service(argv=None)[source]

Sets global config from config file and sets up logging.

octavia.common.stats module

class StatsMixin[source]

Bases: object

get_listener_stats(session, listener_id)[source]

Gets the listener statistics data_models object.

get_loadbalancer_stats(session, loadbalancer_id)[source]

octavia.common.utils module

Utilities and helper functions.

b(s)[source]
base64_sha1_string(string_to_hash)[source]

Get a b64-encoded sha1 hash of a string. Not intended to be secure!

class exception_logger(logger=None)[source]

Bases: object

Wrap a function and log raised exception

Parameters:

logger – the logger to log the exception default is LOG.exception

Returns:

origin value if no exception raised; re-raise the exception if any occurred

expand_expected_codes(codes)[source]

Expand the expected code string in set of codes.

200-204 -> 200, 201, 202, 204 200, 203 -> 200, 203

get_amphora_driver()[source]
get_compatible_server_certs_key_passphrase()[source]
get_compatible_value(value)[source]
get_hostname()[source]
get_network_driver()[source]
get_vip_security_group_name(loadbalancer_id)[source]
ip_netmask_to_cidr(ip, netmask)[source]
ip_port_str(ip_address, port)[source]

Return IP port as string representation depending on address family.

ip_version(ip_address)[source]
is_cidr_ipv6(cidr)[source]

Check if CIDR is IPv6 address with subnet prefix.

is_ipv4(ip_address)[source]

Check if ip address is IPv4 address.

is_ipv6(ip_address)[source]

Check if ip address is IPv6 address.

is_ipv6_lla(ip_address)[source]

Check if ip address is IPv6 link local address.

map_protocol_to_nftable_protocol(rule_dict)[source]
netmask_to_prefix(netmask)[source]
subnet_ip_availability(nw_ip_avail, subnet_id, req_num_ips)[source]

octavia.common.validate module

Several handy validation functions that go beyond simple type checking. Defined here so these can also be used at deeper levels than the API.

check_alpn_protocols(protocols)[source]
check_cipher_prohibit_list(cipherstring)[source]
check_default_ciphers_prohibit_list_conflict()[source]
check_default_tls_versions_min_conflict()[source]
check_hsts_options(listener: dict)[source]
check_hsts_options_put(listener: octavia.api.v2.types.listener.ListenerPUT, db_listener: Listener)[source]
check_port_in_use(port)[source]

Raise an exception when a port is used.

check_session_persistence(SP_dict)[source]
check_tls_version_list(versions)[source]
check_tls_version_min(versions, message=None)[source]

Checks a TLS version string against the configured minimum.

cookie_value_string(value, what=None)[source]

Raises an error if the value string contains invalid characters.

header_name(header, what=None)[source]

Raises an error if header does not look like an HTML header name.

header_value_string(value, what=None)[source]

Raises an error if the value string contains invalid characters.

ip_not_reserved(ip_address)[source]
is_ip_member_of_cidr(address, cidr)[source]
l7rule_data(l7rule)[source]

Raises an error if the l7rule given is invalid in some way.

network_allowed_by_config(network_id, valid_networks=None)[source]
network_exists_optionally_contains_subnet(network_id, subnet_id=None, context=None)[source]

Raises an exception when a network does not exist.

If a subnet is provided, also validate the network contains that subnet.

port_exists(port_id, context=None)[source]

Raises an exception when a port does not exist.

qos_extension_enabled(network_driver)[source]
qos_policy_exists(qos_policy_id)[source]
regex(regex)[source]

Raises an error if the string given is not a valid regex.

sanitize_l7policy_api_args(l7policy, create=False)[source]

Validate and make consistent L7Policy API arguments.

This method is mainly meant to sanitize L7 Policy create and update API dictionaries, so that we strip ‘None’ values that don’t apply for our particular update. This method does not verify that any redirect_pool_id exists in the database, but will raise an error if a redirect_url doesn’t look like a URL.

Parameters:

l7policy – The L7 Policy dictionary we are sanitizing / validating

subnet_exists(subnet_id, context=None)[source]

Raises an exception when a subnet does not exist.

url(url, require_scheme=True)[source]

Raises an error if the url doesn’t look like a URL.

url_path(url_path)[source]

Raises an error if the url_path doesn’t look like a URL Path.

validate_l7rule_ssl_types(l7rule)[source]

Module contents