def get_images_list():
"""Return list of images visible for given condigions.
If g.tenant_id is not set it is admin blueprint.
We have to show only images owned by systenant, which are also
public (can be protected as well (we set it so, but other tools can
change this attribute or set it to a wrong value from the beginning).
If g.tenant_id is set it is project blueprint.
We have to show the same images as for admin blueprint _and_
images owned by current project (attribute "owner" must be equal to
g.tenant_id) no matter if image is public/protected.
NOTE(apugachev):
Currently for some reason Glance does not return list of images owned
by tenant with id '1' even if they are public - if they are requested
through token issued for some other project then '1'.
That's why we combine image lists here in case if list is for project.
"""
admin_id = clients.get_systenant_id()
is_global = lambda x: x.owner == admin_id and x.is_public
result = filter(
is_global,
clients.admin_clients().glance.images.list())
if getattr(flask.g, 'tenant_id', None):
result.extend(filter(
lambda x: x.owner == flask.g.tenant_id and x not in result,
clients.user_clients(flask.g.tenant_id).glance.images.list()))
result = sorted(result, key=lambda x: x.name)
return result
def index():
"""List users.
TODO(apugachev): find way to count users without fetching all users.
This would allow to use marker and limit to fetch one page only.
"""
identity_admin = clients.admin_clients().identity_admin
users = sorted(
identity_admin.users.list(limit=1000000),
key=lambda x: x.name)
p = pagination.Pagination(users)
data = p.slice(users)
potential_admins = set([
user.id
for user in (identity_admin.users.list(clients.get_systenant_id()))])
for user in data:
# TODO(apugachev) modify to work with form.DeleteUser
form = forms.DeleteUserForm()
form.user_id.data = user.id
user.delete_form = form
if user.id in potential_admins:
for role in (identity_admin.roles.
roles_for_user(user.id)):
if clients.role_tenant_is_admin(role):
user.is_global_admin = True
break
return {
'pagination': p,
'data': data,
'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
'subtitle': 'List of users'
}
def index():
"""List users.
TODO(apugachev): find way to count users without fetching all users.
This would allow to use marker and limit to fetch one page only.
"""
identity_admin = clients.admin_clients().identity_admin
users = sorted(identity_admin.users.list(limit=1000000),
key=lambda x: x.name)
p = pagination.Pagination(users)
data = p.slice(users)
potential_admins = set([
user.id
for user in (identity_admin.users.list(clients.get_systenant_id()))
])
for user in data:
# TODO(apugachev) modify to work with form.DeleteUser
form = forms.DeleteUserForm()
form.user_id.data = user.id
user.delete_form = form
if user.id in potential_admins:
for role in (identity_admin.roles.roles_for_user(user.id)):
if clients.role_tenant_is_admin(role):
user.is_global_admin = True
break
return {
'pagination': p,
'data': data,
'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
'subtitle': 'List of users'
}
def get_images_list():
"""Return list of images visible for given condigions.
If g.tenant_id is not set it is admin blueprint.
We have to show only images owned by systenant, which are also
public (can be protected as well (we set it so, but other tools can
change this attribute or set it to a wrong value from the beginning).
If g.tenant_id is set it is project blueprint.
We have to show the same images as for admin blueprint _and_
images owned by current project (attribute "owner" must be equal to
g.tenant_id) no matter if image is public/protected.
NOTE(apugachev):
Currently for some reason Glance does not return list of images owned
by tenant with id '1' even if they are public - if they are requested
through token issued for some other project then '1'.
That's why we combine image lists here in case if list is for project.
"""
admin_id = clients.get_systenant_id()
is_global = lambda x: x.owner == admin_id and x.is_public
result = filter(is_global, clients.admin_clients().glance.images.list())
if getattr(flask.g, 'tenant_id', None):
result.extend(
filter(
lambda x: x.owner == flask.g.tenant_id and x not in result,
clients.user_clients(flask.g.tenant_id).glance.images.list()))
result = sorted(result, key=lambda x: x.name)
return result
def get_visible_tenants():
"""Return visible tenants.
Exclude systenants and tenants which are not enabled.
"""
systenant_id = clients.get_systenant_id()
return filter(lambda x: x.enabled and x.id != systenant_id,
clients.admin_clients().keystone.tenants.list())
def get_visible_tenants():
"""Return visible tenants.
Exclude systenants and tenants which are not enabled.
"""
systenant_id = clients.get_systenant_id()
return filter(
lambda x: x.enabled and x.id != systenant_id,
clients.admin_clients().keystone.tenants.list())
def revoke_admin(user_id):
"""Revoke admin permission.
Remove admin role in admin tenant (aka systenant).
TODO(apugachev): convert to POST
TODO(apugachev): add form to plug in the CSRF protection
"""
clients.admin_clients().keystone.roles.remove_user_role(
user_id, clients.get_role_id("admin"), clients.get_systenant_id())
flask.flash('Admin role removed', 'success')
return flask.redirect(flask.url_for('.index'))
def billing_details(tenant_id):
'''
Present billing info for tenant.
'''
tenant_list = clients.user_clients(
clients.get_systenant_id()).identity_admin.tenants.list()
tenant = filter(lambda x: x.id == tenant_id, tenant_list)
if not tenant:
flask.abort(404)
tenant = tenant[0]
return generic_billing.generic_billing(
tenant, flask.g.user, tenant_list)
def delete(image_id):
image = clients.admin_clients().glance.images.get(image_id)
owner = getattr(image, 'owner')
if owner == clients.get_systenant_id():
principal.Permission(('role', 'admin')).test()
else:
principal.Permission(('role', 'member', owner)).test()
form = forms.DeleteForm()
if form.validate_on_submit():
image.delete()
flask.flash('Image successfully deleted', 'success')
else:
flask.flash('Invalid form', 'error')
return flask.redirect(flask.url_for('.index'))
def revoke_admin(user_id):
"""Revoke admin permission.
Remove admin role in admin tenant (aka systenant).
TODO(apugachev): convert to POST
TODO(apugachev): add form to plug in the CSRF protection
"""
clients.admin_clients().keystone.roles.remove_user_role(
user_id,
clients.get_role_id("admin"),
clients.get_systenant_id())
flask.flash('Admin role removed', 'success')
return flask.redirect(flask.url_for('.index'))
def delete(image_id):
image = clients.admin_clients().glance.images.get(image_id)
owner = getattr(image, 'owner')
if owner == clients.get_systenant_id():
principal.Permission(('role', 'admin')).test()
else:
principal.Permission(('role', 'member', owner)).test()
form = forms.DeleteForm()
if form.validate_on_submit():
image.delete()
flask.flash('Image successfully deleted', 'success')
else:
flask.flash('Invalid form', 'error')
return flask.redirect(flask.url_for('.index'))
def billing():
'''
Define tenant to show and redirect there.
Not every billing account points to an existing tenants.
'''
def out(tenant_id):
return flask.redirect(
flask.url_for(
'.billing_details',
tenant_id=tenant_id))
billing_accounts = clients.admin_clients().billing.account.list()
tenants = clients.admin_clients().keystone.tenants.list()
for n in billing_accounts:
for k in tenants:
if n['name'] == k.id:
return out(k.id)
return out(clients.get_systenant_id())
def register_in_keystone():
"""
"""
try:
new_keystone_user = clients.admin_clients().keystone.users.create(
username, password, email)
if role != 'user':
all_roles = clients.admin_clients().keystone.roles.list()
for r in all_roles:
if r.name.lower() == role.lower():
clients.admin_clients().keystone.roles.add_user_role(
new_keystone_user, r,
tenant=clients.get_systenant_id()
)
break
else:
flask.current_app.logger(
'Matching Keystone role for %s nto found.' % role.lower(),
'error')
return new_keystone_user
except Exception, e:
raise Exception("Registration fail", e.message)
def register_in_keystone():
"""
"""
try:
new_keystone_user = clients.admin_clients().keystone.users.create(
username, password, email)
if role != 'user':
all_roles = clients.admin_clients().keystone.roles.list()
for r in all_roles:
if r.name.lower() == role.lower():
clients.admin_clients().keystone.roles.add_user_role(
new_keystone_user,
r,
tenant=clients.get_systenant_id())
break
else:
flask.current_app.logger(
'Matching Keystone role for %s nto found.' %
role.lower(), 'error')
return new_keystone_user
except Exception, e:
raise Exception("Registration fail", e.message)
def get_tenant_id():
return getattr(flask.g, 'tenant_id', clients.get_systenant_id())
def get_tenant_id():
return getattr(flask.g, 'tenant_id', clients.get_systenant_id())
def is_non_admin(tenant):
return tenant.id != \
clients.get_systenant_id()
def is_non_admin(tenant):
return tenant.id != \
clients.get_systenant_id()
