def delete_superuser(self, user_object):
"""Remove a superuser."""
assert isinstance(self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers'
)
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Ensure user to be removed is a superuser
if (username not in self.get_superusers()):
raise UserNotPresentInGroup('User \'%s\' is not a superuser' % username)
mcvirt_config = MCVirtConfig()
def update_config(config):
config['superusers'].remove(username)
mcvirt_config.update_config(update_config, 'Removed \'%s\' from superuser group' %
username)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.delete_superuser(remote_user)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def add_user_permission_group(self,
permission_group,
user_object,
vm_object=None,
ignore_duplicate=False):
"""Add a user to a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Check if user running script is able to add users to permission group
if not (self.is_superuser() or (vm_object and self.assert_permission(
PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user')):
raise InsufficientPermissionsException(
'VM owners cannot add manager other owners')
user_object = self._convert_remote_object(user_object)
vm_object = self._convert_remote_object(
vm_object) if vm_object is not None else None
username = user_object.get_username()
# Check if user is already in the group
if (vm_object):
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
if (username not in self.get_users_in_permission_group(
permission_group, vm_object)):
# Add user to permission configuration for VM
def add_user_to_config(config):
config['permissions'][permission_group].append(username)
config_object.update_config(
add_user_to_config, 'Added user \'%s\' to group \'%s\'' %
(username, permission_group))
# @TODO FIX ME
if self._is_cluster_master:
cluster_object = self._get_registered_object('cluster')
vm_name = vm_object.get_name() if vm_object else None
cluster_object.run_remote_command(
'auth-add_user_permission_group', {
'permission_group': permission_group,
'username': username,
'vm_name': vm_name
})
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' already in group \'%s\'' %
(username, permission_group))
def delete_user_permission_group(self, permission_group, user_object, vm_object=None):
"""Remove user from a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
# Check if user running script is able to remove users to permission group
if not (self.is_superuser() or
(self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and
permission_group == 'user') and vm_object):
raise InsufficientPermissionsException('Does not have required permission')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Check if user exists in the group
if username not in self.get_users_in_permission_group(permission_group, vm_object):
raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' %
(username, permission_group))
if vm_object:
vm_object = self._convert_remote_object(vm_object)
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
# Remove user from permission configuration for VM
def remove_user_from_group(config):
config['permissions'][permission_group].remove(username)
config_object.update_config(remove_user_from_group,
'Removed user \'%s\' from group \'%s\'' %
(username, permission_group))
if self._is_cluster_master:
def add_remote_user_to_group(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username()
)
connection.annotate_object(remote_user)
remote_auth = connection.get_connection('auth')
if vm_object:
remote_vm_factory = connection.get_connection('virtual_machine_factory')
remote_vm = remote_vm_factory.getVirtualMachineByName(
vm_object.get_name()
)
else:
remote_vm = None
remote_auth.delete_user_permission_group(permission_group, remote_user, remote_vm)
cluster_object = self._get_registered_object('cluster')
cluster_object.run_remote_command(add_remote_user_to_group)
def delete_user_permission_group(self,
permission_group,
user_object,
vm_object=None):
"""Remove user from a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
# Check if user running script is able to remove users to permission group
if not (self.is_superuser() or
(self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user') and vm_object):
raise InsufficientPermissionsException(
'Does not have required permission')
user_object = self._convert_remote_object(user_object)
vm_object = self._convert_remote_object(
vm_object) if vm_object is not None else None
username = user_object.get_username()
# Check if user exists in the group
if username not in self.get_users_in_permission_group(
permission_group, vm_object):
raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' %
(username, permission_group))
if vm_object:
config_object = vm_object.get_config_object()
vm_name = vm_object.get_name()
else:
config_object = MCVirtConfig()
vm_name = None
# Remove user from permission configuration for VM
def remove_user_from_group(config):
config['permissions'][permission_group].remove(username)
config_object.update_config(
remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' %
(username, permission_group))
# @TODO FIX ME
if self._is_cluster_master:
cluster_object = self._get_registered_object('cluster')
cluster_object.run_remote_command(
'auth-delete_user_permission_group', {
'permission_group': permission_group,
'username': username,
'vm_name': vm_name
})
def set_cluster_ip_address(self, ip_address):
"""Update the cluster IP address for the node."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
ArgumentValidator.validate_ip_address(ip_address)
# Update global MCVirt configuration
def update_config(config):
config['cluster']['cluster_ip'] = ip_address
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' %
ip_address)
def set_cluster_ip_address(self, ip_address):
"""Update the cluster IP address for the node."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
ArgumentValidator.validate_ip_address(ip_address)
# Update global MCVirt configuration
def update_config(config):
config['cluster']['cluster_ip'] = ip_address
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' %
ip_address)
def set_storage_volume_group(self, volume_group):
"""Update the MCVirt configuration to set the volume group for VM storage."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
ArgumentValidator.validate_vg_name(volume_group)
# Update global MCVirt configuration
def update_config(config):
config['vm_storage_vg'] = volume_group
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config,
'Set virtual machine storage volume group to %s' %
volume_group)
def set_storage_volume_group(self, volume_group):
"""Update the MCVirt configuration to set the volume group for VM storage."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
ArgumentValidator.validate_vg_name(volume_group)
# Update global MCVirt configuration
def update_config(config):
config['vm_storage_vg'] = volume_group
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config,
'Set virtual machine storage volume group to %s' %
volume_group)
def add_user_permission_group(self, permission_group, user_object,
vm_object=None, ignore_duplicate=False):
"""Add a user to a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Check if user running script is able to add users to permission group
if not (self.is_superuser() or
(vm_object and self.assert_permission(PERMISSIONS.MANAGE_VM_USERS,
vm_object) and
permission_group == 'user')):
raise InsufficientPermissionsException('VM owners cannot add manager other owners')
user_object = self._convert_remote_object(user_object)
vm_object = self._convert_remote_object(vm_object) if vm_object is not None else None
username = user_object.get_username()
# Check if user is already in the group
if (vm_object):
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
if (username not in self.get_users_in_permission_group(permission_group, vm_object)):
# Add user to permission configuration for VM
def add_user_to_config(config):
config['permissions'][permission_group].append(username)
config_object.update_config(add_user_to_config, 'Added user \'%s\' to group \'%s\'' %
(username, permission_group))
# @TODO FIX ME
if self._is_cluster_master:
cluster_object = self._get_registered_object('cluster')
vm_name = vm_object.get_name() if vm_object else None
cluster_object.run_remote_command('auth-add_user_permission_group',
{'permission_group': permission_group,
'username': username,
'vm_name': vm_name})
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' already in group \'%s\'' % (username, permission_group)
)
def set_cluster_ip_address(self, ip_address):
"""Update the cluster IP address for the node."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
# Check validity of IP address (mainly to ensure that )
pattern = re.compile(r"^((([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])[ (\[]?(\.|dot)"
"[ )\]]?){3}([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]))$")
if not pattern.match(ip_address):
raise InvalidIPAddressException('%s is not a valid IP address' % ip_address)
# Update global MCVirt configuration
def update_config(config):
config['cluster']['cluster_ip'] = ip_address
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' %
ip_address)
def set_storage_volume_group(self, volume_group):
"""Update the MCVirt configuration to set the volume group for VM storage."""
self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE)
# Ensure volume_group name is valid
pattern = re.compile("^[A-Z0-9a-z_-]+$")
if not pattern.match(volume_group):
raise InvalidVolumeGroupNameException('%s is not a valid volume group name' %
volume_group)
# Update global MCVirt configuration
def update_config(config):
config['vm_storage_vg'] = volume_group
mcvirt_config = MCVirtConfig()
mcvirt_config.update_config(update_config,
'Set virtual machine storage volume group to %s' %
volume_group)
def add_superuser(self, user_object, ignore_duplicate=False):
"""Add a new superuser."""
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
mcvirt_config = MCVirtConfig()
# Ensure user is not already a superuser
if username not in self.get_superusers():
def update_config(config):
config['superusers'].append(username)
mcvirt_config.update_config(update_config,
'Added superuser \'%s\'' % username)
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' is already a superuser' % username)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.add_superuser(remote_user,
ignore_duplicate=ignore_duplicate)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def delete_superuser(self, user_object):
"""Remove a superuser."""
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Ensure user to be removed is a superuser
if (username not in self.get_superusers()):
raise UserNotPresentInGroup('User \'%s\' is not a superuser' %
username)
mcvirt_config = MCVirtConfig()
def update_config(config):
config['superusers'].remove(username)
mcvirt_config.update_config(
update_config, 'Removed \'%s\' from superuser group' % username)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.delete_superuser(remote_user)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def add_superuser(self, user_object, ignore_duplicate=False):
"""Add a new superuser."""
assert isinstance(self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers'
)
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
mcvirt_config = MCVirtConfig()
# Ensure user is not already a superuser
if username not in self.get_superusers():
def update_config(config):
config['superusers'].append(username)
mcvirt_config.update_config(update_config, 'Added superuser \'%s\'' % username)
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' is already a superuser' % username
)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.add_superuser(remote_user, ignore_duplicate=ignore_duplicate)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def delete_user_permission_group(self,
permission_group,
user_object,
vm_object=None):
"""Remove user from a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
if vm_object:
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
# Check if user running script is able to remove users to permission group
if not (self.is_superuser() or
(self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user') and vm_object):
raise InsufficientPermissionsException(
'Does not have required permission')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Check if user exists in the group
if username not in self.get_users_in_permission_group(
permission_group, vm_object):
raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' %
(username, permission_group))
if vm_object:
vm_object = self._convert_remote_object(vm_object)
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
# Remove user from permission configuration for VM
def remove_user_from_group(config):
config['permissions'][permission_group].remove(username)
config_object.update_config(
remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' %
(username, permission_group))
if self._is_cluster_master:
def add_remote_user_to_group(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
connection.annotate_object(remote_user)
remote_auth = connection.get_connection('auth')
if vm_object:
remote_vm_factory = connection.get_connection(
'virtual_machine_factory')
remote_vm = remote_vm_factory.getVirtualMachineByName(
vm_object.get_name())
else:
remote_vm = None
remote_auth.delete_user_permission_group(
permission_group, remote_user, remote_vm)
cluster_object = self._get_registered_object('cluster')
cluster_object.run_remote_command(add_remote_user_to_group)
