def collector_operation(request):
LOG.info("*** get data is ***" + str(request.GET))
user = request.GET['user']
LOG.info('1')
resource = request.GET['resource']
resource_name = request.GET['resource_name']
LOG.info('1')
action= request.GET['action']
LOG.info('1')
result = request.GET['result']
LOG.info('1')
operation_type = request.GET['operation_type']
LOG.info('1')
message = request.GET['message']
LOG.info('1')
# Pending issue: user_id, udc_id, resource_id
try:
operation = Operation(user_id=1, resource=resource, resource_name=resource_name, action=action, operation_type=operation_type, message=message, udc_id=1, resource_id=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({"success": True,
"msg": _("Success.")})
def activate_user(request):
pk = request.data['id']
user = User.objects.get(pk=pk)
user.is_active = True
user.save()
try:
operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource=user.username, resource_id=1, resource_name='用户',action="启用用户", result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({"success": True, "msg": _('User has been activated!')},
status=status.HTTP_200_OK)
def devicepolicyupdate(request):
policies = {"usb": 0}
LOG.info("*** request.data is ***" + str(request.data))
role = request.data['role']
instance_id = request.data['id']
role_str = str(role)
role_list = role_str.split(",")
device_id = request.data['device_id']
LOG.info("********** role_list is **********" + str(role_list))
LOG.info("********** instance_id is **********" + str(instance_id))
instance = Instance.objects.get(pk=instance_id)
instance_uuid = instance.uuid
refered_instance = Instance.objects.filter(uuid=instance_uuid)
for role in policies:
LOG.info("*** role is ****" + str(role))
for ins in refered_instance:
if role in role_list:
ins.policy |= 1 << policies[role]
else:
ins.policy &= 0 << policies[role]
for ins in refered_instance:
ins.device_id = device_id
ins.save()
d = {
'vm_id': instance.uuid,
'storage': instance.policy,
'devices': device_id
}
LOG.info(">>>>>>> request update policy: {}".format(d))
res = requests.post('{}/policy'.format(settings.MGR_HTTP_ADDR),
json=d,
timeout=5)
LOG.info(">>>>>>> response: {}".format(res))
try:
operation = Operation(user=request.user,
udc_id=request.session['UDC_ID'],
resource='虚拟机',
resource_id=1,
resource_name='权限',
action="usbrole",
result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({"success": True, "msg": _('Sucess.')})
def resetuserpassword(request):
LOG.info("*** start to change password")
new_password = request.data['new_password']
LOG.info("*** new_password is ****" + str(new_password))
user_id = request.data['user_id']
LOG.info("*** user_id is ****" + str(user_id))
confirm_password = request.data['confirm_password']
LOG.info("*** confirm_password is ****" + str(confirm_password))
if new_password != confirm_password:
return Response({"success": False, "msg": _(
"The new password doesn't match confirm password!")})
user = User.objects.get(pk=user_id)
user.set_password(new_password)
user.save()
LOG.info("************* CHANGE PASSWORD !!!!!!!!!!!!!!!!!!")
try:
user_id = user.id
user_keystone = UserDataCenter.objects.get(user_id=user_id)
LOG.info("**** user_keystone is ***" + str(user_keystone))
username = user_keystone.keystone_user
tenant_id = user_keystone.tenant_uuid
change_user_keystone_passwd(user_id, username, tenant_id, new_password)
except:
raise
try:
operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='用户', resource_id=1, resource_name='重置密码',action="resetpassword", result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({"success": True, "msg": _(
"Password has been changed! Please login in again.")})
def deactivate_user(request):
pk = request.data['id']
LOG.info(str(pk))
LOG.info(str(request.user.id))
if str(pk) == str(request.user.id):
LOG.info("*** aaaaa ****")
return Response({"success": False, "msg": _('不能禁止已登陆用户!')},
status=status.HTTP_400_BAD_REQUEST)
user = User.objects.get(pk=pk)
user.is_active = False
user.save()
try:
operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource=user.username, resource_id=1, resource_name='用户',action="禁用用户", result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({"success": True, "msg": _('User has been deactivated!')},
status=status.HTTP_200_OK)
def assignrole(request):
LOG.info("******** datat is **********" + str(request.data))
username = request.data.get('username')
roles = request.data.get('roles')
if not roles:
return Response({'success': False, "msg": _('请选择')})
roles_split = roles.split(",")
roles_name = []
for r in roles_split:
r_ = r.split(":")
roles_name.append(r_[1])
# system managers need admin role to create/delete encrypted disks
if "system" in roles_name:
roles_name.append("admin")
LOG.info("******** roles are ******" + str(roles_name))
# Check user has instances or not.
if "system" in roles or "security" in roles or "audit" in roles:
user_id = request.data.get('id')
LOG.info("ccc")
user = User.objects.get(pk=user_id)
LOG.info("ccc")
has_instances = user_has_instance(request, user)
LOG.info("ccc")
if has_instances:
LOG.info("has instances")
return Response({
'success': False,
"msg": _('User has instances!')
})
udc = UserDataCenter.objects.filter(keystone_user__contains=username)
LOG.info("******** udc are ********" + str(udc))
user_tenant_id = None
keystone_user = None
keystone_user_id = None
for u in udc:
user_tenant_id = u.tenant_uuid
LOG.info("******* user_tenant_id is *********" + str(user_tenant_id))
keystone_user = u.keystone_user
keystone_user_id = u.keystone_user_id
LOG.info("******* keystone_user is *********" + str(keystone_user))
# Before assign role remove the current roles first.
rc = create_rc_by_dc(DataCenter.objects.all()[0])
current_user_roles = keystone.roles_for_user(rc, keystone_user_id,
user_tenant_id)
current_user_roles_list = []
for c_role in current_user_roles:
# Do not remove member role and SwiftOperator
current_user_roles_list.append(c_role.name)
LOG.info("*** c_role is ***" + str(c_role.name))
LOG.info("*** c_role id is ***" + str(c_role.id))
if c_role.name != "_member_" and c_role.name != "SwiftOperator":
LOG.info("member swift no")
keystone.remove_tenant_user_role(rc,
project=user_tenant_id,
user=keystone_user_id,
role=c_role.id)
for role in roles_name:
LOG.info("******** role is *********" + str(role))
if role not in current_user_roles_list:
add_user_role(keystone_user, role, user_tenant_id)
user = User.objects.get(pk=user_id)
user.last_name = role
user.save()
#user_ = request.user
#Operation.log(user_, obj_name=user_.name, action="分配权限", result=1)
try:
operation = Operation(user=request.user,
udc_id=request.session['UDC_ID'],
resource='用户',
resource_id=1,
resource_name='权限',
action="asignrole",
result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
return Response({
'success': True,
"msg": _('User role assigned successfully!')
})
def create_user(request):
LOG.info("****** start to create user *****")
LOG.info("******* data is ******" + str(request.data))
LOG.info("****** username is ******" + str(request.data['username']))
posted_username = request.data['username']
if str(posted_username) in ['neutron', 'cinder', 'keystone', 'nova', 'glance', 'heat', 'swift', 'admin', 'ceilometer']:
return Response({"success": False,
"msg": _("Service user must not be created.")})
LOG.info("****** password is ******" + str(request.data['password1']))
user = User()
LOG.info("ccccccccccccc")
form = CloudUserCreateFormWithoutCapatcha(data=request.POST, instance=user)
LOG.info("ddddddddddddd")
if not form.is_valid():
LOG.info("form is not valid")
return Response({"success": False, "msg": _("Data is not valid")})
user = form.save()
#update start
if settings.TRI_ENABLED and request.data['is_system_user'] == 'true':
LOG.info("******** I am systemuser ***************")
#user = User.objects.create_superuser(username=username, email=email, password=password1)
UserProxy.grant_system_user(user)
LOG.info("fffffffffff")
#return Response({"success": True,
# "msg": _("User is created successfully!")})
if settings.TRI_ENABLED and request.data['is_safety_user'] == 'true':
LOG.info("******** I am safetyuser ***************")
#user = User.objects.create_superuser(username=username, email=email, password=password1)
LOG.info("******** SUPERUSER CREATE SUCCESS **********")
UserProxy.grant_safety_user(user)
LOG.info("fffffffffff")
#return Response({"success": True,
# "msg": _("User is created successfully!")})
if settings.TRI_ENABLED and request.data['is_audit_user'] == 'true':
LOG.info("******** I am audituser ***************")
#user = User.objects.create_superuser(username=username, email=email, password=password1)
LOG.info("******** SUPERUSER CREATE SUCCESS **********")
UserProxy.grant_audit_user(user)
LOG.info("fffffffffff")
#return Response({"success": True,
# "msg": _("User is created successfully!")})
# If workflow is disabled, then only resrouce user can be created,
# otherwise admin can create resource user and workflow approver user.
if not settings.WORKFLOW_ENABLED:
tenant_id = request.data['tenant']
LOG.info("tennat_id is " + str(tenant_id))
password = request.data['password1']
link_user_to_dc_task.delay(user, DataCenter.get_default(), tenant_id, password)
try:
operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='用户', resource_id=1, resource_name='用户',action="创建用户", result=1)
operation.save()
except Exception as e:
LOG.info(str(e))
else:
if 'is_resource_user' in request.data and \
request.data['is_resource_user'] == 'true':
tenant_id = request.data['tenant']
link_user_to_dc_task(user, DataCenter.get_default(), tenant_id, password)
if 'is_approver' in request.data and \
request.data['is_approver'] == 'true':
UserProxy.grant_workflow_approve(user)
return Response({"success": True,
"msg": _("User is created successfully!")})
