Ejemplo n.º 1
0
    def handle(self, request, data):
        project_id = data['project_id']
        # update project info
        try:
            api.tenant_update(request,
                              tenant_id=project_id,
                              tenant_name=data['name'],
                              description=data['description'],
                              enabled=data['enabled'])
        except:
            exceptions.handle(request, ignore=True)
            return False

        # update project members
        users_to_modify = 0
        try:
            available_roles = api.keystone.role_list(request)
            project_members = api.keystone.user_list(request,
                                                     tenant_id=project_id)
            users_to_modify = len(project_members)
            for user in project_members:
                current_roles = [role for role in
                                 api.roles_for_user(self.request,
                                                    user.id,
                                                    project_id)]
                effective_roles = []
                for role in available_roles:
                    role_list = data["role_" + role.id]
                    if user.id in role_list:
                        effective_roles.append(role)
                        if role not in current_roles:
                            # user role has changed
                            api.add_tenant_user_role(request,
                                                     tenant_id=project_id,
                                                     user_id=user.id,
                                                     role_id=role.id)
                        else:
                            # user role is unchanged
                            current_roles.pop(current_roles.index(role))
                if user.id == request.user.id and \
                        project_id == request.user.tenant_id and \
                        any(x.name == 'admin' for x in current_roles):
                    # Cannot remove "admin" role on current(admin) project
                    msg = _('You cannot remove the "admin" role from the '
                            'project you are currently logged into. Please '
                            'switch to another project with admin permissions '
                            'or remove the role manually via the CLI')
                    messages.warning(request, msg)
                else:
                    # delete user's removed roles
                    for to_delete in current_roles:
                        api.remove_tenant_user_role(request,
                                                    tenant_id=project_id,
                                                    user_id=user.id,
                                                    role_id=to_delete.id)
                users_to_modify -= 1

            # add new roles to project
            for role in available_roles:
                # count how many users may be added for exception handling
                role_list = data["role_" + role.id]
                users_to_modify += len(role_list)
            for role in available_roles:
                role_list = data["role_" + role.id]
                users_added = 0
                for user_id in role_list:
                    if not filter(lambda x: user_id == x.id, project_members):
                        api.add_tenant_user_role(request,
                                                 tenant_id=project_id,
                                                 user_id=user_id,
                                                 role_id=role.id)
                    users_added += 1
                users_to_modify -= users_added
        except:
            exceptions.handle(request, _('Failed to modify %s project members '
                                         'and update project quotas.'
                                         % users_to_modify))
            return True

        # update the project quota
        ifcb = data['injected_file_content_bytes']
        try:
            api.tenant_quota_update(request,
                                    project_id,
                                    metadata_items=data['metadata_items'],
                                    injected_file_content_bytes=ifcb,
                                    volumes=data['volumes'],
                                    gigabytes=data['gigabytes'],
                                    ram=data['ram'],
                                    floating_ips=data['floating_ips'],
                                    instances=data['instances'],
                                    injected_files=data['injected_files'],
                                    cores=data['cores'])
            return True
        except:
            exceptions.handle(request, _('Modified project information and '
                                         'members, but unable to modify '
                                         'project quotas.'))
            return True
Ejemplo n.º 2
0
    def test_update_project_quota_update_error(self):
        project = self.tenants.first()
        quota = self.quotas.first()
        default_role = self.roles.first()
        users = self.users.list()
        roles = self.roles.list()
        current_roles = self.roles.list()

        # get/init
        api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
            .AndReturn(project)
        api.tenant_quota_get(IsA(http.HttpRequest), self.tenant.id) \
            .AndReturn(quota)

        api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
        api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        workflow_data = {}
        for user in users:
            api.roles_for_user(IsA(http.HttpRequest), user.id,
                               self.tenant.id).AndReturn(roles)
            role_ids = [role.id for role in roles]
            if role_ids:
                workflow_data.setdefault("role_" + role_ids[0], []) \
                             .append(user.id)

        # update some fields
        project._info["name"] = "updated name"
        project._info["description"] = "updated description"
        quota.metadata_items = 444
        quota.volumes = 444

        updated_project = {
            "tenant_name": project._info["name"],
            "tenant_id": project.id,
            "description": project._info["description"],
            "enabled": project.enabled
        }
        updated_quota = self._get_quota_info(quota)

        # contribute
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        # handle
        # handle
        api.tenant_update(IsA(http.HttpRequest), **updated_project) \
            .AndReturn(project)

        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
        api.keystone.user_list(IsA(http.HttpRequest),
                               tenant_id=self.tenant.id).AndReturn(users)

        for user in users:
            api.roles_for_user(IsA(http.HttpRequest),
                                        user.id,
                                        self.tenant.id) \
                              .AndReturn(current_roles)
            for role in roles:
                if "role_" + role.id in workflow_data:
                    ulist = workflow_data["role_" + role.id]
                    if role not in current_roles:
                        api.add_tenant_user_role(IsA(http.HttpRequest),
                                                 tenant_id=self.tenant.id,
                                                 user_id=user,
                                                 role_id=role.id)
                    else:
                        current_roles.pop(current_roles.index(role))
            for to_delete in current_roles:
                api.remove_tenant_user_role(IsA(http.HttpRequest),
                                            tenant_id=self.tenant.id,
                                            user_id=user.id,
                                            role_id=to_delete.id)
        for role in roles:
            if "role_" + role.id in workflow_data:
                ulist = workflow_data["role_" + role.id]
                for user in ulist:
                    if not filter(lambda x: user == x.id, users):
                        api.add_tenant_user_role(IsA(http.HttpRequest),
                                                 tenant_id=self.tenant.id,
                                                 user_id=user,
                                                 role_id=role.id)

        api.tenant_quota_update(IsA(http.HttpRequest), project.id,
                                **updated_quota).AndRaise(self.exceptions.nova)

        self.mox.ReplayAll()

        # submit form data
        project_data = {
            "name": project._info["name"],
            "id": project.id,
            "description": project._info["description"],
            "enabled": project.enabled
        }
        workflow_data.update(project_data)
        workflow_data.update(updated_quota)
        url = reverse('horizon:admin:projects:update', args=[self.tenant.id])
        res = self.client.post(url, workflow_data)

        self.assertNoFormErrors(res)
        self.assertRedirectsNoFollow(res, INDEX_URL)
Ejemplo n.º 3
0
    def test_update_project_quota_update_error(self):
        project = self.tenants.first()
        quota = self.quotas.first()
        default_role = self.roles.first()
        users = self.users.list()
        roles = self.roles.list()

        # get/init
        api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
            .AndReturn(project)
        api.tenant_quota_get(IsA(http.HttpRequest), self.tenant.id) \
            .AndReturn(quota)

        api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
        api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        workflow_data = {}

        for user in users:
            api.roles_for_user(IsA(http.HttpRequest),
                               user.id,
                               self.tenant.id).AndReturn(roles)

        workflow_data["role_1"] = ['1', '3']  # admin role
        workflow_data["role_2"] = ['1', '2', '3']  # member role

        # update some fields
        project._info["name"] = "updated name"
        project._info["description"] = "updated description"
        quota.metadata_items = 444
        quota.volumes = 444

        updated_project = {"tenant_name": project._info["name"],
                           "tenant_id": project.id,
                           "description": project._info["description"],
                           "enabled": project.enabled}
        updated_quota = self._get_quota_info(quota)

        # contribute
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        # handle
        # handle
        api.tenant_update(IsA(http.HttpRequest), **updated_project) \
            .AndReturn(project)

        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
        api.keystone.user_list(IsA(http.HttpRequest),
                               tenant_id=self.tenant.id).AndReturn(users)

        # admin user - try to remove all roles on current project, warning
        api.roles_for_user(IsA(http.HttpRequest), '1', self.tenant.id) \
                           .AndReturn(roles)

        # member user 1 - has role 1, will remove it
        api.roles_for_user(IsA(http.HttpRequest), '2', self.tenant.id) \
                           .AndReturn((roles[1],))

        # member user 3 - has role 2
        api.roles_for_user(IsA(http.HttpRequest), '3', self.tenant.id) \
                           .AndReturn((roles[0],))
        # add role 2
        api.add_tenant_user_role(IsA(http.HttpRequest),
                                     tenant_id=self.tenant.id,
                                     user_id='3',
                                     role_id='2')

        api.tenant_quota_update(IsA(http.HttpRequest),
                                project.id,
                                **updated_quota).AndRaise(self.exceptions.nova)

        self.mox.ReplayAll()

        # submit form data
        project_data = {"name": project._info["name"],
                         "id": project.id,
                         "description": project._info["description"],
                         "enabled": project.enabled}
        workflow_data.update(project_data)
        workflow_data.update(updated_quota)
        url = reverse('horizon:admin:projects:update',
                      args=[self.tenant.id])
        res = self.client.post(url, workflow_data)

        self.assertNoFormErrors(res)
        self.assertMessageCount(error=1, warning=0)
        self.assertRedirectsNoFollow(res, INDEX_URL)
Ejemplo n.º 4
0
    def test_update_project_quota_update_error(self):
        project = self.tenants.first()
        quota = self.quotas.first()
        default_role = self.roles.first()
        users = self.users.list()
        roles = self.roles.list()
        current_roles = self.roles.list()

        # get/init
        api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
            .AndReturn(project)
        api.tenant_quota_get(IsA(http.HttpRequest), self.tenant.id) \
            .AndReturn(quota)

        api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
        api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        workflow_data = {}
        for user in users:
            api.roles_for_user(IsA(http.HttpRequest),
                               user.id,
                               self.tenant.id).AndReturn(roles)
            role_ids = [role.id for role in roles]
            if role_ids:
                workflow_data.setdefault("role_" + role_ids[0], []) \
                             .append(user.id)

        # update some fields
        project._info["name"] = "updated name"
        project._info["description"] = "updated description"
        quota.metadata_items = 444
        quota.volumes = 444

        updated_project = {"tenant_name": project._info["name"],
                           "tenant_id": project.id,
                           "description": project._info["description"],
                           "enabled": project.enabled}
        updated_quota = self._get_quota_info(quota)

        # contribute
        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)

        # handle
        # handle
        api.tenant_update(IsA(http.HttpRequest), **updated_project) \
            .AndReturn(project)

        api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
        api.keystone.user_list(IsA(http.HttpRequest),
                               tenant_id=self.tenant.id).AndReturn(users)

        for user in users:
            api.roles_for_user(IsA(http.HttpRequest),
                                        user.id,
                                        self.tenant.id) \
                              .AndReturn(current_roles)
            for role in roles:
                if "role_" + role.id in workflow_data:
                    ulist = workflow_data["role_" + role.id]
                    if role not in current_roles:
                        api.add_tenant_user_role(IsA(http.HttpRequest),
                                             tenant_id=self.tenant.id,
                                             user_id=user,
                                             role_id=role.id)
                    else:
                        current_roles.pop(current_roles.index(role))
            for to_delete in current_roles:
                api.remove_tenant_user_role(IsA(http.HttpRequest),
                                            tenant_id=self.tenant.id,
                                            user_id=user.id,
                                            role_id=to_delete.id)
        for role in roles:
            if "role_" + role.id in workflow_data:
                ulist = workflow_data["role_" + role.id]
                for user in ulist:
                    if not filter(lambda x: user == x.id, users):
                        api.add_tenant_user_role(IsA(http.HttpRequest),
                                                 tenant_id=self.tenant.id,
                                                 user_id=user,
                                                 role_id=role.id)

        api.tenant_quota_update(IsA(http.HttpRequest),
                                project.id,
                                **updated_quota).AndRaise(self.exceptions.nova)

        self.mox.ReplayAll()

        # submit form data
        project_data = {"name": project._info["name"],
                         "id": project.id,
                         "description": project._info["description"],
                         "enabled": project.enabled}
        workflow_data.update(project_data)
        workflow_data.update(updated_quota)
        url = reverse('horizon:admin:projects:update',
                      args=[self.tenant.id])
        res = self.client.post(url, workflow_data)

        self.assertNoFormErrors(res)
        self.assertRedirectsNoFollow(res, INDEX_URL)
Ejemplo n.º 5
0
    def handle(self, request, data):
        project_id = data['project_id']
        # update project info
        try:
            api.tenant_update(request,
                              tenant_id=project_id,
                              tenant_name=data['name'],
                              description=data['description'],
                              enabled=data['enabled'])
        except:
            exceptions.handle(request, ignore=True)
            return False

        # update project members
        users_to_modify = 0
        try:
            available_roles = api.keystone.role_list(request)
            project_members = api.keystone.user_list(request,
                                                     tenant_id=project_id)
            users_to_modify = len(project_members)
            for user in project_members:
                current_roles = api.roles_for_user(self.request,
                                                   user.id,
                                                   project_id)
                for role in available_roles:
                    role_list = data["role_" + role.id]
                    if user.id in role_list:
                        if role not in current_roles:
                            # user role has changed
                            api.add_tenant_user_role(request,
                                                     tenant_id=project_id,
                                                     user_id=user.id,
                                                     role_id=role.id)
                        else:
                            # user role is unchanged
                            current_roles.pop(current_roles.index(role))
                # delete user's removed roles
                for to_delete in current_roles:
                    api.remove_tenant_user_role(request,
                                                tenant_id=project_id,
                                                user_id=user.id,
                                                role_id=to_delete.id)
                users_to_modify -= 1

            # add new roles to project
            for role in available_roles:
                # count how many users may be added for exception handling
                role_list = data["role_" + role.id]
                users_to_modify += len(role_list)
            for role in available_roles:
                role_list = data["role_" + role.id]
                users_added = 0
                for user in role_list:
                    if not filter(lambda x: user == x.id, project_members):
                        api.add_tenant_user_role(request,
                                                 tenant_id=project_id,
                                                 user_id=user,
                                                 role_id=role.id)
                    users_added += 1
                users_to_modify -= users_added
        except:
            exceptions.handle(request, _('Failed to modify %s project members '
                                         'and update project quotas.'
                                         % users_to_modify))
            return True

        # update the project quota
        ifcb = data['injected_file_content_bytes']
        try:
            api.tenant_quota_update(request,
                                    project_id,
                                    metadata_items=data['metadata_items'],
                                    injected_file_content_bytes=ifcb,
                                    volumes=data['volumes'],
                                    gigabytes=data['gigabytes'],
                                    ram=data['ram'],
                                    floating_ips=data['floating_ips'],
                                    instances=data['instances'],
                                    injected_files=data['injected_files'],
                                    cores=data['cores'])
            return True
        except:
            exceptions.handle(request, _('Modified project information and '
                                         'members, but unable to modify '
                                         'project quotas.'))
            return True