def post(self, request, format=None):
"""
Invites a user to the current tenant.
This endpoint requires either Admin access or the
request to come from a project_admin|project_mod.
As such this Task is considered pre-approved.
"""
self.logger.info("(%s) - New AttachUser request." % timezone.now())
# Default project_id to the keystone user's project
if ('project_id' not in request.data
or request.data['project_id'] is None):
request.data['project_id'] = request.keystone_user['project_id']
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
if isinstance(errors, dict):
return Response(errors, status=status)
return Response({'errors': errors}, status=status)
response_dict = {'notes': processed['notes']}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
def post(self, request, format=None):
"""
Unauthenticated endpoint bound primarily to NewProjectWithUser.
This process requires approval, so this will validate
incoming data and create a task to be approved
later.
"""
self.logger.info("(%s) - Starting new project task." % timezone.now())
class_conf = settings.TASK_SETTINGS.get(self.task_type, {})
# we need to set the region the resources will be created in:
request.data['region'] = class_conf.get('default_region')
# parent_id for new project, if null defaults to domain:
request.data['parent_id'] = class_conf.get('default_parent_id')
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
return Response(errors, status=status)
notes = {'notes': ['New task for CreateProject.']}
create_notification(processed['task'], notes)
self.logger.info("(%s) - Task created." % timezone.now())
response_dict = {'notes': ['task created']}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
def post(self, request, format=None):
""" Add MFA to an account """
request.data['user_id'] = request.keystone_user['user_id']
request.data['delete'] = False
existing_task = self._reuse_existing_task(request)
if existing_task is not None:
self.logger.info("(%s) - Existing EditMFA request." %
timezone.now())
return existing_task
self.logger.info("(%s) - New EditMFA request." % timezone.now())
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
return Response(errors, status=status)
token = Token.objects.filter(task=processed.get('task'))[0]
response_dict = {
'notes': processed.get('notes'),
'otpauth': self.get_provisioning_uri(request.data['user_id']),
'token_id': token.token
}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
def post(self, request, format=None):
"""
Unauthenticated endpoint bound to the password reset action.
This will submit and approve a password reset request.
---
parameters:
- name: email
required: true
type: string
description: The email of the user to reset
- name: username
required: false
type: string
description: The username of the user, not required if using
USERNAME_IS_PASSWORD
responseMessages:
- code: 400
message: Validation Errors
- code: 200
message: Success. Does not indicate user exists.
"""
self.logger.info("(%s) - New ResetUser request." % timezone.now())
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
return Response(errors, status=status)
task = processed['task']
self.logger.info("(%s) - AutoApproving Resetuser request." %
timezone.now())
# NOTE(amelia): Not using auto approve due to security implications
# as it will return all errors including whether the user exists
self.approve(request, task)
response_dict = {
'notes':
["If user with email exists, reset token will be issued."]
}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=200)
def post(self, request, format=None):
"""
Unauthenticated endpoint bound primarily to NewClientSignUp
and NewProjectSignUp.
This task requires approval, so this will validate
incoming data and create a task to be approved
later.
"""
self.logger.info("(%s) - Starting new OpenStackSignUp task." %
timezone.now())
class_conf = settings.TASK_SETTINGS.get(self.task_type, {})
# we need to set the region the resources will be created in:
request.data['region'] = class_conf.get('default_region')
# Will a default network be setup:
request.data['setup_network'] = class_conf.get('setup_network', False)
# domain_id for new project:
request.data['domain_id'] = class_conf.get(
'default_domain_id', 'default')
# parent_id for new project, if null defaults to domain:
request.data['parent_id'] = class_conf.get('default_parent_id')
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
return Response(errors, status=status)
notes = {
'notes':
['New OpenStackSignUp task.']
}
create_notification(processed['task'], notes)
self.logger.info("(%s) - Task created." % timezone.now())
response_dict = {'notes': ['Sign-up submitted.']}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
def post(self, request, format=None):
"""
This endpoint requires either mod access or the
request to come from a project_admin.
As such this Task is considered pre-approved.
Runs process_actions, then does the approve step and
post_approve validation, and creates a Token if valid.
"""
self.logger.info("(%s) - New EditUser request." % timezone.now())
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with task." %
timezone.now())
return Response(errors, status=status)
response_dict = {'notes': processed.get('notes')}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
def _edit_user(self, request, user_id, remove_role=False, format=None):
""" Helper function to add or remove roles from a user """
request.data['remove'] = remove_role
if 'project_id' not in request.data:
request.data['project_id'] = request.keystone_user['project_id']
request.data['user_id'] = user_id
self.logger.info("(%s) - New EditUser %s request." %
(timezone.now(), request.method))
processed, status = self.process_actions(request)
errors = processed.get('errors', None)
if errors:
self.logger.info("(%s) - Validation errors with registration." %
timezone.now())
return Response({'errors': errors}, status=status)
response_dict = {'notes': processed.get('notes')}
add_task_id_for_roles(request, processed, response_dict, ['admin'])
return Response(response_dict, status=status)
