def confirm_requests(request):
"""Confirm the approval of the permission requests."""
approved_req_ids = request.session.setdefault("approved_req_ids", [])
delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
denied_req_ids = request.session.setdefault("denied_req_ids", [])
approved_reqs = []
for req_id in approved_req_ids:
req = get_object_or_404(PermissionRequest, id=req_id)
delegatable = req_id in delegatable_req_ids
approved_reqs.append((req, delegatable))
denied_reqs = []
for req_id in denied_req_ids:
denied_reqs.append(get_object_or_404(PermissionRequest, id=req_id))
if request.method == "POST":
# check if confirmed and then do actions.
if request.POST.get("post", "no") == "yes":
for req in denied_reqs:
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s denied."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_WARNING)
post_message = "Request for %s denied." % str(
req.requested_permission.target).capitalize()
if req.requested_permission.permission.name == "can_create_project":
# Removes "* Project name: "
try:
project_name = req.message.split("||")[0].strip()[16:]
post_message = "Request for project %s creation denied." % project_name
# Notify requesting user
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX +
"Denied project request for '%s'" %
(project_name),
"Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details."
% project_name,
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
e)
except:
pass
# -------------------------------------------
# It is not about permission granting anymore
# -------------------------------------------
# Notify requesting user
DatedMessage.objects.post_message_to_user(
post_message,
user=req.requesting_user,
sender=req.permission_owner,
msg_type=DatedMessage.TYPE_WARNING)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
post_message,
user=request.user,
sender=req.permission_owner,
msg_type=DatedMessage.TYPE_WARNING)
for req, delegate in approved_reqs:
# --------------------------------------------------------
# Do NOT grant permission to create projects in the future
# --------------------------------------------------------
# req.allow(can_delegate=delegate)
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s approved."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_SUCCESS)
post_message = "Request for %s approved." % str(
req.requested_permission.target).capitalize()
permission_user_post = post_message
requesting_user_post = post_message
email_header = post_message
email_body = "%s." % post_message
message_type = DatedMessage.TYPE_SUCCESS
# ---------------------------------------
# Project will be created in a direct way
# ---------------------------------------
if req.requested_permission.permission.name == "can_create_project":
project_name = ""
try:
project = Project()
project.uuid = uuid.uuid4()
message = req.message.split("||")
# Removes "* Project name: "
project.name = message[0].strip()[16:]
project_name = project.name
# Removes "* Project description: "
project.description = message[3].strip()[23:]
post_message = "Successfully created project %s" % project.name
project.save()
create_project_roles(project, req.requesting_user)
project.save()
email_header = "Approved project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been approved." % project_name
except Exception as e:
# Any error when creating a project results into:
# 1. Denying the petition
# 2. Notifying user in their Expedient
# 3. Notifying user via e-mail
post_message = "Project '%s' could not be created" % project_name
permission_user_post = post_message
requesting_user_post = post_message
# Handle exception text for user
if "duplicate entry" in str(e).lower():
email_body = "There is already a project with name '%s'. Try using a different name" % project_name
requesting_user_post += ". Details: project '%s' already exists" % project_name
else:
email_body = "There might have been a problem when interpreting the information for project '%s'" % str(
project_name)
requesting_user_post += ". Contact your Island Manager for further details"
# Handle exception text for admin
if "Details" not in post_message:
permission_user_post = "%s. Details: %s" % (
post_message, str(e))
message_type = DatedMessage.TYPE_ERROR
# Email for requesting user
email_header = "Denied project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (
project_name, email_body)
# Notify requesting user
DatedMessage.objects.post_message_to_user(
requesting_user_post,
user=req.requesting_user,
sender=req.permission_owner,
msg_type=message_type)
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + email_header,
email_body,
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
e)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
permission_user_post,
user=request.user,
sender=req.permission_owner,
msg_type=message_type)
# After this post we will be done with all this information
del request.session["approved_req_ids"]
del request.session["delegatable_req_ids"]
del request.session["denied_req_ids"]
return HttpResponseRedirect(reverse("home"))
else:
return direct_to_template(request=request,
template=TEMPLATE_PATH +
"/confirm_requests.html",
extra_context={
"approved_reqs": approved_reqs,
"denied_reqs": denied_reqs,
})
def CreateSliver(slice_urn, rspec, user):
(project_name, project_desc, slice_name, slice_desc, slice_expiry,
controller_url, firstname, lastname, affiliation,
email, password, slivers) = rspec_mod.parse_slice(rspec)
logger.debug("Parsed Rspec")
slice_expiry = datetime.fromtimestamp(slice_expiry)
give_permission_to("can_create_project", Project, user)
user.first_name = firstname
user.last_name = lastname
user.email = email
profile = UserProfile.get_or_create_profile(user)
profile.affiliation = affiliation
user.save()
profile.save()
# Check if the slice exists
try:
slice = get_slice(slice_urn)
# update the slice info
slice.description = slice_desc
slice.name = slice_name
slice.expiration_date = slice_expiry
slice.save()
# update the project info
slice.project.name = project_name
slice.project.description = project_desc
slice.project.save()
project = slice.project
except Slice.DoesNotExist:
# Check if the project exists
try:
project = Project.objects.get(name=project_name)
# update the project info
logger.debug("Updating project")
project.description = project_desc
project.save()
except Project.DoesNotExist:
# create the project
logger.debug("Creating project")
project = Project.objects.create(
name=project_name,
description=project_desc,
)
create_project_roles(project, user)
# create the slice
logger.debug("Creating slice")
try:
slice = Slice.objects.create(
name=slice_name,
description=slice_desc,
project=project,
owner=user,
expiration_date = slice_expiry,
)
except IntegrityError:
raise DuplicateSliceNameException(slice_name)
logger.debug("Creating/updating slice info")
# create openflow slice info for the slice
create_or_update(
OpenFlowSliceInfo,
filter_attrs={"slice": slice},
new_attrs={
"controller_url": controller_url,
"password": password,
},
)
logger.debug("creating gapislice")
# store a pointer to this slice using the slice_urn
create_or_update(
GENISliceInfo,
filter_attrs={
"slice": slice,
},
new_attrs={
"slice_urn": slice_urn,
},
)
logger.debug("adding resources")
sliver_ids = []
# delete all flowspace in the slice
FlowSpaceRule.objects.filter(slivers__slice=slice).delete()
# add the new flowspace
for fs_dict, iface_qs in slivers:
# give the user, project, slice permission to use the aggregate
aggregate_ids = list(iface_qs.values_list("aggregate", flat=True))
for agg_id in aggregate_ids:
aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class()
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
give_permission_to("can_use_aggregate", aggregate, slice)
# Create flowspace
logger.debug("Creating flowspace %s" % fs_dict)
fs = FlowSpaceRule.objects.create(**fs_dict)
# make sure all the selected interfaces are added
for iface in iface_qs:
sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
slice=slice, resource=iface)
sliver_ids.append(sliver.id)
fs.slivers.add(sliver)
logger.debug("Deleting old resources")
# Delete all removed interfaces
OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete()
logger.debug("Starting the slice %s %s" % (slice, slice.name))
# make the reservation
tl = threadlocals.get_thread_locals()
tl["project"] = project
tl["slice"] = slice
slice.start(user)
logger.debug("Done creating sliver")
return rspec_mod.create_resv_rspec(user, slice)
def confirm_requests(request):
"""Confirm the approval of the permission requests."""
approved_req_ids = request.session.setdefault("approved_req_ids", [])
delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
denied_req_ids = request.session.setdefault("denied_req_ids", [])
approved_reqs = []
for req_id in approved_req_ids:
req = get_object_or_404(PermissionRequest, id=req_id)
delegatable = req_id in delegatable_req_ids
approved_reqs.append((req, delegatable))
denied_reqs = []
for req_id in denied_req_ids:
denied_reqs.append(
get_object_or_404(PermissionRequest, id=req_id))
if request.method == "POST":
# check if confirmed and then do actions.
if request.POST.get("post", "no") == "yes":
for req in denied_reqs:
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s denied."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_WARNING)
post_message = "Request for %s denied." % str(req.requested_permission.target).capitalize()
if req.requested_permission.permission.name == "can_create_project":
# Removes "* Project name: "
try:
project_name = req.message.split("||")[0].strip()[16:]
post_message = "Request for project %s creation denied." % project_name
# Notify requesting user
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "Denied project request for '%s'" % (project_name),
"Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details." % project_name,
from_email = settings.DEFAULT_FROM_EMAIL,
recipient_list = [req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
except:
pass
# -------------------------------------------
# It is not about permission granting anymore
# -------------------------------------------
# Notify requesting user
DatedMessage.objects.post_message_to_user(
post_message,
user = req.requesting_user,
sender = req.permission_owner,
msg_type = DatedMessage.TYPE_WARNING)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
post_message,
user = request.user,
sender = req.permission_owner,
msg_type = DatedMessage.TYPE_WARNING)
for req, delegate in approved_reqs:
# --------------------------------------------------------
# Do NOT grant permission to create projects in the future
# --------------------------------------------------------
# req.allow(can_delegate=delegate)
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s approved."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_SUCCESS)
post_message = "Request for %s approved." % str(req.requested_permission.target).capitalize()
permission_user_post = post_message
requesting_user_post = post_message
email_header = post_message
email_body = "%s." % post_message
message_type = DatedMessage.TYPE_SUCCESS
# ---------------------------------------
# Project will be created in a direct way
# ---------------------------------------
if req.requested_permission.permission.name == "can_create_project":
project_name = ""
try:
project = Project()
project.uuid = uuid.uuid4()
message = req.message.split("||")
# Removes "* Project name: "
project.name = message[0].strip()[16:]
project_name = project.name
# Removes "* Project description: "
project.description = message[3].strip()[23:]
project.urn = 'n/a'
#import pdb; pdb.set_trace()
if settings.ENABLE_CBAS:
user_profile = UserProfile.get_or_create_profile(req.requesting_user)
cert = user_profile.certificate
creds = user_profile.credentials
project_urn = create_project(certificate=cert, credentials=creds,
project_name=project.name, project_desc=project.description)
if project_urn:
project.urn = project_urn
post_message = "Successfully created project %s" % project.name
project.save()
create_project_roles(project, req.requesting_user)
project.save()
email_header = "Approved project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been approved." % project_name
except Exception as e:
# Any error when creating a project results into:
# 1. Denying the petition
# 2. Notifying user in their Expedient
# 3. Notifying user via e-mail
post_message = "Project '%s' could not be created" % project_name
permission_user_post = post_message
requesting_user_post = post_message
# Handle exception text for user
if "duplicate entry" in str(e).lower():
email_body = "There is already a project with name '%s'. Try using a different name" % project_name
requesting_user_post += ". Details: project '%s' already exists" % project_name
else:
email_body = "There might have been a problem when interpreting the information for project '%s'" % str(project_name)
requesting_user_post += ". Contact your Island Manager for further details"
# Handle exception text for admin
if "Details" not in post_message:
permission_user_post = "%s. Details: %s" % (post_message, str(e))
message_type = DatedMessage.TYPE_ERROR
# Email for requesting user
email_header = "Denied project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (project_name, email_body)
# Notify requesting user
DatedMessage.objects.post_message_to_user(
requesting_user_post,
user = req.requesting_user,
sender = req.permission_owner,
msg_type = message_type)
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + email_header,
email_body,
from_email = settings.DEFAULT_FROM_EMAIL,
recipient_list = [req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
permission_user_post,
user = request.user,
sender = req.permission_owner,
msg_type = message_type)
# After this post we will be done with all this information
del request.session["approved_req_ids"]
del request.session["delegatable_req_ids"]
del request.session["denied_req_ids"]
return HttpResponseRedirect(reverse("home"))
else:
return direct_to_template(
request=request,
template=TEMPLATE_PATH+"/confirm_requests.html",
extra_context={
"approved_reqs": approved_reqs,
"denied_reqs": denied_reqs,
}
)
def handle_noargs(self, **options):
username = options.get("username")
password = options.get("password")
filename = options.get("filename")
do_aggs = options.get("load_aggs")
do_slices = options.get("load_slices")
start_slices = options.get("start_slices")
append = options.get("append")
f = open(filename)
data = load(f)
f.close()
client = Client()
client.login(username=username, password=password)
user = User.objects.get(username=username)
threadlocals.get_thread_locals()["user"] = user
if do_aggs:
for agg_dict in data["aggregates"]:
resp = test_get_and_post_form(
client, reverse("openflow_aggregate_create"),
agg_dict,
)
assert(resp.status_code == 302)
assert(
re.search(
r"/openflow/aggregate/\d+/links/$",
resp["Location"]))
if do_slices:
for project_dict in data["projects"]:
project, _ = Project.objects.get_or_create(
name=project_dict["name"],
description=project_dict["description"],
)
create_project_roles(project, user)
threadlocals.get_thread_locals()["project"] = project
# add aggregates to project
for aggregate in OpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
for aggregate in GCFOpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
# add slices to project
for slice_dict in project_dict["slices"]:
slice = Slice.objects.create(
name=slice_dict["name"],
description=slice_dict["description"],
project=project,
owner=user,
)
OpenFlowSliceInfo.objects.create(
slice=slice,
controller_url=slice_dict["controller_url"],
password=slice_dict["password"],
)
info, _ = GENISliceInfo.objects.get_or_create(
slice=slice,
)
if not info.ssh_private_key or not info.ssh_public_key:
info.generate_ssh_keys()
info.save()
# add aggregates to slices
for aggregate in OpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, slice)
for aggregate in GCFOpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, slice)
# add slivers
slivers = []
for dpid, port in slice_dict["ifaces"]:
try:
sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
slice=slice,
resource=OpenFlowInterface.objects.get(
port_num=port, switch__datapath_id=dpid),
)
slivers.append(sliver)
except OpenFlowInterface.DoesNotExist:
continue
# add flowspace
for sfs_dict in slice_dict["sfs"]:
fs_dict = {}
for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \
"nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src":
fs_dict[attr+"_start"] = sfs_dict[attr]
fs_dict[attr+"_end"] = sfs_dict[attr]
fs = FlowSpaceRule.objects.create(**fs_dict)
for sliver in slivers:
fs.slivers.add(sliver)
if start_slices:
tl = threadlocals.get_thread_locals()
tl["project"] = project
tl["slice"] = slice
slice.start(user)
def handle_noargs(self, **options):
username = options.get("username")
password = options.get("password")
filename = options.get("filename")
do_aggs = options.get("load_aggs")
do_slices = options.get("load_slices")
start_slices = options.get("start_slices")
append = options.get("append")
f = open(filename)
data = load(f)
f.close()
client = Client()
client.login(username=username, password=password)
user = User.objects.get(username=username)
threadlocals.get_thread_locals()["user"] = user
if do_aggs:
for agg_dict in data["aggregates"]:
resp = test_get_and_post_form(
client,
reverse("openflow_aggregate_create"),
agg_dict,
)
assert (resp.status_code == 302)
assert (re.search(r"/openflow/aggregate/\d+/links/$",
resp["Location"]))
if do_slices:
for project_dict in data["projects"]:
project, _ = Project.objects.get_or_create(
name=project_dict["name"],
description=project_dict["description"],
)
create_project_roles(project, user)
threadlocals.get_thread_locals()["project"] = project
# add aggregates to project
for aggregate in OpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
for aggregate in GCFOpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
# add slices to project
for slice_dict in project_dict["slices"]:
slice = Slice.objects.create(
name=slice_dict["name"],
description=slice_dict["description"],
project=project,
owner=user,
)
OpenFlowSliceInfo.objects.create(
slice=slice,
controller_url=slice_dict["controller_url"],
password=slice_dict["password"],
)
info, _ = GENISliceInfo.objects.get_or_create(
slice=slice, )
if not info.ssh_private_key or not info.ssh_public_key:
info.generate_ssh_keys()
info.save()
# add aggregates to slices
for aggregate in OpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate,
slice)
for aggregate in GCFOpenFlowAggregate.objects.all():
give_permission_to("can_use_aggregate", aggregate,
slice)
# add slivers
slivers = []
for dpid, port in slice_dict["ifaces"]:
try:
sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
slice=slice,
resource=OpenFlowInterface.objects.get(
port_num=port, switch__datapath_id=dpid),
)
slivers.append(sliver)
except OpenFlowInterface.DoesNotExist:
continue
# add flowspace
for sfs_dict in slice_dict["sfs"]:
fs_dict = {}
for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \
"nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src":
fs_dict[attr + "_start"] = sfs_dict[attr]
fs_dict[attr + "_end"] = sfs_dict[attr]
fs = FlowSpaceRule.objects.create(**fs_dict)
for sliver in slivers:
fs.slivers.add(sliver)
if start_slices:
tl = threadlocals.get_thread_locals()
tl["project"] = project
tl["slice"] = slice
slice.start(user)
def CreateSliver(slice_urn, rspec, user):
(project_name, project_desc, slice_name, slice_desc, slice_expiry,
controller_url, firstname, lastname, affiliation, email, password,
slivers) = rspec_mod.parse_slice(rspec)
logger.debug("Parsed Rspec")
slice_expiry = datetime.fromtimestamp(slice_expiry)
give_permission_to("can_create_project", Project, user)
user.first_name = firstname
user.last_name = lastname
user.email = email
profile = UserProfile.get_or_create_profile(user)
profile.affiliation = affiliation
user.save()
profile.save()
# Check if the slice exists
try:
slice = get_slice(slice_urn)
# update the slice info
slice.description = slice_desc
slice.name = slice_name
slice.expiration_date = slice_expiry
slice.save()
# update the project info
slice.project.name = project_name
slice.project.description = project_desc
slice.project.save()
project = slice.project
except Slice.DoesNotExist:
# Check if the project exists
try:
project = Project.objects.get(name=project_name)
# update the project info
logger.debug("Updating project")
project.description = project_desc
project.save()
except Project.DoesNotExist:
# create the project
logger.debug("Creating project")
project = Project.objects.create(
name=project_name,
description=project_desc,
)
create_project_roles(project, user)
# create the slice
logger.debug("Creating slice")
try:
slice = Slice.objects.create(
name=slice_name,
description=slice_desc,
project=project,
owner=user,
expiration_date=slice_expiry,
)
except IntegrityError:
raise DuplicateSliceNameException(slice_name)
logger.debug("Creating/updating slice info")
# create openflow slice info for the slice
create_or_update(
OpenFlowSliceInfo,
filter_attrs={"slice": slice},
new_attrs={
"controller_url": controller_url,
"password": password,
},
)
logger.debug("creating gapislice")
# store a pointer to this slice using the slice_urn
create_or_update(
GENISliceInfo,
filter_attrs={
"slice": slice,
},
new_attrs={
"slice_urn": slice_urn,
},
)
logger.debug("adding resources")
sliver_ids = []
# delete all flowspace in the slice
FlowSpaceRule.objects.filter(slivers__slice=slice).delete()
# add the new flowspace
for fs_dict, iface_qs in slivers:
# give the user, project, slice permission to use the aggregate
aggregate_ids = list(iface_qs.values_list("aggregate", flat=True))
for agg_id in aggregate_ids:
aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class()
give_permission_to("can_use_aggregate", aggregate, user)
give_permission_to("can_use_aggregate", aggregate, project)
give_permission_to("can_use_aggregate", aggregate, slice)
# Create flowspace
logger.debug("Creating flowspace %s" % fs_dict)
fs = FlowSpaceRule.objects.create(**fs_dict)
# make sure all the selected interfaces are added
for iface in iface_qs:
sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
slice=slice, resource=iface)
sliver_ids.append(sliver.id)
fs.slivers.add(sliver)
logger.debug("Deleting old resources")
# Delete all removed interfaces
OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete()
logger.debug("Starting the slice %s %s" % (slice, slice.name))
# make the reservation
tl = threadlocals.get_thread_locals()
tl["project"] = project
tl["slice"] = slice
slice.start(user)
logger.debug("Done creating sliver")
return rspec_mod.create_resv_rspec(user, slice)
