def user_roles(request, user_id):
nova = get_nova_admin_connection()
userroles = nova.get_user_roles(user_id)
try:
modeluser = auth_models.User.objects.get(username=user_id)
except auth_models.User.DoesNotExist:
modeluser = None
if request.method == 'POST':
form = forms.GlobalRolesForm(request.POST)
if form.is_valid():
username = user_id
# hacky work around to interface correctly with multiple select form
remove_global_roles(username)
roleform = request.POST.getlist("role")
for role in roleform:
nova.add_user_role(username, str(role))
return redirect('admin_user_roles', user_id)
else:
roles = [str(role.role) for role in userroles]
form = forms.GlobalRolesForm({
'username': modeluser and modeluser.id or None,
'role': roles,
})
return render_to_response('admin/django_nova/project/global_edit_user.html', {
'form' : form,
'user' : modeluser,
}, context_instance = template.RequestContext(request))
def projects_list(request):
nova = get_nova_admin_connection()
projects = nova.get_projects()
return render_to_response('admin/django_nova/project/project_list.html', {
'projects' : projects
}, context_instance = template.RequestContext(request))
def get_zip(self):
"""
Returns a buffer of a zip file containing signed credentials
for the project's Nova user.
"""
nova = get_nova_admin_connection()
return nova.get_zip(self.username, self.projectname)
def edit_user(request, project_id, username):
nova = get_nova_admin_connection()
project = get_project_or_404(request, project_id)
user = nova.get_user(username)
userroles = nova.get_user_roles(username, project_id)
if project.projectManagerId != request.user.username:
return redirect('login')
if request.method == 'POST':
form = nova_forms.ProjectUserForm(project, user, request.POST)
if form.is_valid():
form.save()
return redirect('nova_project_manage', project_id)
else:
roles = [str(role.role) for role in userroles]
form = nova_forms.ProjectUserForm(project,
user,
{'role': roles,
'user': user})
return render_to_response('django_nova/projects/edit_user.html', {
'form' : form,
'project': project,
'user' : user,
}, context_instance = template.RequestContext(request))
def project_view(request, project_name):
nova = get_nova_admin_connection()
project = nova.get_project(project_name)
users = nova.get_project_members(project_name)
try:
manager = auth_models.User.objects.get(username=project.projectManagerId)
except auth_models.User.DoesNotExist:
manager = None
if request.method == 'POST':
form = forms.ProjectForm(request.POST)
if form.is_valid():
try:
nova.modify_project(form.cleaned_data["projectname"],
form.cleaned_data["manager"],
form.cleaned_data["description"])
messages.success(request,
'Successfully modified the project %s.' %
project_name)
except boto.exception.EC2ResponseError, e:
messages.error(request,
'Unable modify the project %s: %s - %s' %
(project_name, e.code, e.error_message))
return redirect('admin_project', request.POST["projectname"])
def set_project_roles(projectname, username, roles):
nova = get_nova_admin_connection()
# hacky work around to interface correctly with multiple select form
_remove_roles(projectname, username)
for role in roles:
nova.add_user_role(username, str(role), projectname)
def handle_noargs(self, **options):
nova = get_nova_admin_connection()
users = User.objects.all()
for user in users:
if not nova.has_user(user.username):
self.stdout.write("creating user %s... " % user.username)
nova.create_user(user.username)
self.stdout.write("ok\n")
def get_nova_connection(self):
"""
Returns a boto connection for a user's project.
"""
nova = get_nova_admin_connection()
return nova.connection_for(self.username,
self.projectname,
clc_url=self.region['endpoint'],
region=self.region['name'])
def get_instance_type_choices():
"""
Returns list of instance types from nova admin api
"""
nova = get_nova_admin_connection()
instance_types = nova.get_instance_types()
rv = []
for t in instance_types:
rv.append((t.name, "%s (%sMB memory, %s cpu, %sGB space)" % \
(t.name, t.memory_mb, t.vcpus, t.disk_gb)))
return rv
def _remove_roles(project, username):
nova = get_nova_admin_connection()
userroles = nova.get_user_roles(username, project)
roles = [str(role.role) for role in userroles]
for role in roles:
if role == "developer":
nova.remove_user_role(username, "developer", project)
if role == "sysadmin":
nova.remove_user_role(username, "sysadmin", project)
if role == "netadmin":
nova.remove_user_role(username, "netadmin", project)
def delete_project(request, project_name):
nova = get_nova_admin_connection()
if request.method == 'POST':
nova.delete_project(project_name)
return redirect('admin_projects')
project = nova.get_project(project_name)
return render_to_response('admin/django_nova/project/delete_project.html', {
'project' : project,
}, context_instance = template.RequestContext(request))
def user_post_save(sender, instance, created, *args, **kwargs):
"""
Creates a Nova User when a new Django User is created.
"""
# NOTE(devcamcar): If running unit tests, don't use a real endpoint.
if settings.NOVA_DEFAULT_ENDPOINT == 'none':
return
if created:
nova = get_nova_admin_connection()
if not nova.has_user(instance.username):
nova.create_user(instance.username)
def users_list(request):
nova = get_nova_admin_connection()
users = nova.get_users()
for user in users:
# NOTE(devcamcar): Temporarily disabled for performance reasons.
#roles = [str(role.role) for role in nova.get_user_roles(user.username)]
roles = []
user.roles = ", ".join(roles)
return render_to_response('admin/django_nova/project/user_list.html', {
'users' : users
}, context_instance = template.RequestContext(request))
def delete_project_user(request, project_name, project_user):
nova = get_nova_admin_connection()
if request.method == 'POST':
nova.remove_project_member(project_user, project_name)
return redirect('admin_project', project_name)
project = nova.get_project(project_name)
user = nova.get_user(project_user)
return render_to_response('admin/django_nova/project/delete_project_user.html', {
'user' : user,
'project' : project,
}, context_instance = template.RequestContext(request))
def get_all_regions():
"""
Returns a list of all regions.
"""
regions = cache.get("regions")
if not regions:
nova = get_nova_admin_connection()
conn = nova.connection_for(settings.NOVA_ADMIN_USER, settings.NOVA_PROJECT)
results = conn.get_all_regions()
regions = [{"name": r.name, "endpoint": r.endpoint} for r in results]
cache.set("regions", regions, 60 * 60 * 24)
return regions
def get_projects(user):
"""
Returns a list of projects for a user.
"""
# key = 'projects.%s' % user
# projects = cache.get(key)
# if not projects:
# nova = get_nova_admin_connection()
# projects = nova.get_projects(user=user)
# cache.set(key, projects, 30)
# return projects
nova = get_nova_admin_connection()
return nova.get_projects(user=user)
def remove_global_roles(username):
nova = get_nova_admin_connection()
userroles = nova.get_user_roles(username)
roles = [str(role.role) for role in userroles]
for role in roles:
if role == "developer":
nova.remove_user_role(username, "developer")
if role == "sysadmin":
nova.remove_user_role(username, "sysadmin")
if role == "netadmin":
nova.remove_user_role(username, "netadmin")
if role == "cloudadmin":
nova.remove_user_role(username, "cloudadmin")
if role == "itsec":
nova.remove_user_role(username, "itsec")
def project_start_vpn(request, project_id):
nova = get_nova_admin_connection()
project = nova.get_project(project_id)
if project == None:
raise http.Http404()
try:
nova.start_vpn(project_id)
messages.success(request,
'Successfully started VPN for project %s.' %
project_id)
except boto.exception.EC2ResponseError, e:
messages.error(request,
'Unable to start VPN for the project %s: %s - %s' %
(project_id, e.code, e.error_message))
def get_project_or_404(request, project_id):
"""
Returns a project or 404s if it doesn't exist.
"""
# Ensure that a connection is never attempted for a user that is unauthenticated.
if not request.user.is_authenticated:
raise PermissionDenied("User not authenticated")
nova = get_nova_admin_connection()
project = nova.get_project(project_id)
region = get_current_region(request)
if not project:
raise Http404("Project %s does not exist." % project_id)
return manager.ProjectManager(request.user, project, region)
def add_project(request):
nova = get_nova_admin_connection()
if request.method == 'POST':
form = forms.ProjectForm(request.POST)
if form.is_valid():
manager = form.cleaned_data["manager"]
nova.create_project(form.cleaned_data["projectname"],
manager.username,
form.cleaned_data["description"])
return redirect('admin_project', request.POST["projectname"])
else:
form = forms.ProjectForm()
return render_to_response('admin/django_nova/project/add_project.html', {
'form' : form,
}, context_instance = template.RequestContext(request))
def get_user_image_permissions(username, project_name):
"""
Returns true if user is a sysadmin and can modify image attributes.
"""
nova = get_nova_admin_connection()
user_has_modify_permissions = False
# checks global roles, if user is a sysadmin they can modify image attribtues.
if not user_has_modify_permissions:
for role in nova.get_user_roles(username):
if role.role == "sysadmin":
user_has_modify_permissions = True
# checks project roles, if user is a sysadmin they can modify image attribtues.
if not user_has_modify_permissions:
for role in nova.get_user_roles(username, project_name):
if role.role == "sysadmin":
user_has_modify_permissions = True
return user_has_modify_permissions
def manage(request, project_id):
project = get_project_or_404(request, project_id)
if project.projectManagerId != request.user.username:
return redirect('login')
nova = get_nova_admin_connection()
members = nova.get_project_members(project_id)
for member in members:
project_role = [str(role.role) for role in nova.get_user_roles(member.memberId, project_id)]
global_role = [str(role.role) for role in nova.get_user_roles(member.memberId, project=False)]
member.project_roles = ", ".join(project_role)
member.global_roles = ", ".join(global_role)
return render_to_response('django_nova/projects/manage.html', {
'project': project,
'members': members,
}, context_instance = template.RequestContext(request))
def add_project_user(request, project_name):
nova = get_nova_admin_connection()
if request.method == 'POST':
form = forms.AddProjectUserForm(request.POST, project=project_name)
if form.is_valid():
username = form.cleaned_data["username"].username
nova.add_project_member(username, project_name,)
roleform = request.POST.getlist("role")
for role in roleform:
nova.add_user_role(username, str(role), project_name)
return redirect('admin_project', project_name)
else:
form = forms.AddProjectUserForm(project=project_name)
project = nova.get_project(project_name)
return render_to_response('admin/django_nova/project/add_project_user.html', {
'form' : form,
'project' : project,
}, context_instance = template.RequestContext(request))
def project_user(request, project_name, project_user):
nova = get_nova_admin_connection()
project = nova.get_project(project_name)
userroles = nova.get_user_roles(project_user, project_name)
try:
modeluser = auth_models.User.objects.get(username = project_user)
except auth_models.User.DoesNotExist:
modeluser = None
if request.method == 'POST':
form = forms.ProjectUserForm(project, request.user, request.POST)
if form.is_valid():
username = project_user
# hacky work around to interface correctly with multiple select form
remove_project_roles(username, project_name)
roleform = request.POST.getlist("role")
for role in roleform:
nova.add_user_role(username, str(role), project_name)
return redirect('admin_project', project_name)
else:
roles = [str(role.role) for role in userroles]
form = forms.ProjectUserForm(project,
request.user,
{'role': roles,
'user': modeluser})
return render_to_response('admin/django_nova/project/project_user.html', {
'form' : form,
'project' : project,
'user': modeluser,
}, context_instance = template.RequestContext(request))
def project_sendcredentials(request, project_id):
nova = get_nova_admin_connection()
project = nova.get_project(project_id)
users = [user.memberId for user in nova.get_project_members(project_id)]
form = forms.SendCredentialsForm(query_list=users)
if project == None:
raise http.Http404()
if request.method == 'POST':
if len(request.POST.getlist('users')) < 1:
msg = "Please select a user to send credentials to."
return render_to_response('admin/django_nova/project/send_credentials.html', {
'project' : project,
'form' : form,
'users' : users,
'error': msg,
}, context_instance = template.RequestContext(request))
else:
for username in request.POST.getlist('users'):
models.CredentialsAuthorization.authorize(username, project_id)
msg = "Credentials were successfully sent."
return render_to_response('admin/django_nova/project/send_credentials.html', {
'project' : project,
'form' : form,
'users' : users,
'success': msg,
}, context_instance = template.RequestContext(request))
return render_to_response('admin/django_nova/project/send_credentials.html', {
'project' : project,
'form' : form,
'users' : users,
}, context_instance = template.RequestContext(request))
def get_zip(self):
nova = get_nova_admin_connection()
self.delete()
return nova.get_zip(self.username, self.project)
def get_members(project):
nova = get_nova_admin_connection()
members = nova.get_project_members(project)
return [str(user.memberId) for user in members]
def get_roles(project_roles=True):
nova = get_nova_admin_connection()
roles = nova.get_roles(project_roles=project_roles)
return [(role.role, role.role) for role in roles]
