def update_cell(self, request, datum, user_id, cell_name, new_cell_value): try: user_obj = datum setattr(user_obj, cell_name, new_cell_value) kwargs = {} attr_to_keyword_map = { 'name': 'name', 'description': 'description', 'email': 'email', 'enabled': 'enabled', 'project_id': 'project' } for key in attr_to_keyword_map: value = getattr(user_obj, key, None) keyword_name = attr_to_keyword_map[key] if value is not None: kwargs[keyword_name] = value api.keystone.user_update(request, user_obj, **kwargs) except horizon_exceptions.Conflict: message = _("This name is already taken.") messages.warning(request, message) raise django_exceptions.ValidationError(message) except Exception: horizon_exceptions.handle(request, ignore=True) return False return True
def get_floating_ips_data(self): try: floating_ips = network.tenant_floating_ip_list(self.request) except: floating_ips = [] exceptions.handle(self.request, _('Unable to retrieve floating IP addresses.')) try: floating_ip_pools = network.floating_ip_pools_list(self.request) except: floating_ip_pools = [] messages.warning(self.request, _('Unable to retrieve floating IP pools.')) pool_dict = dict([(obj.id, obj.name) for obj in floating_ip_pools]) instances = [] try: instances, has_more = nova.server_list(self.request, all_tenants=True) except: exceptions.handle(self.request, _('Unable to retrieve instance list.')) instances_dict = dict([(obj.id, obj) for obj in instances]) for ip in floating_ips: ip.instance_name = instances_dict[ip.instance_id].name \ if ip.instance_id in instances_dict else None ip.pool_name = pool_dict.get(ip.pool, ip.pool) return floating_ips
def delete(self, request, obj_id): try: # 执行删除前状态检查,当状态为"unverified"或"failed"时直接删除数据库记录 # 否则更新状态为"deleted",保证数据统计时有记录,然后调用网宿api,删除加速记录 domain = Domain.objects.get(pk=obj_id) cdn = middware.DomainManage() if domain.status == "unverified" or domain.status == "failed" or domain.status == "addfailed" \ or domain.status == 'verified': domain.delete() elif domain.status == 'inProgress': msg = _("%s status is %s, can not do this action") % (domain.domain_name, _(domain.status)) messages.warning(request, msg) else: domain.status = 'deleted' domain.deleted_at = datetime.now() domain.save() cdn.delete(domainId=domain.domain_id) except Exception: name = self.table.get_object_display(obj_id) msg = _('Unable to delete domain %s') % name LOG.info(msg) messages.error(request, msg) exceptions.handle(request, msg) redirect = reverse(self.redirect_url) raise exceptions.Http302(redirect, message=msg)
def reset_service_password_view(request, service_name): if not utils.can_manage_endpoints(request): return redirect('horizon:user_home') region = request.session['endpoints_user_region'] password = uuid.uuid4().hex try: service_account, isNewAccount = fiware_api.keystone.reset_service_account(request=request, service=service_name, region=region, password=password) except Exception: messages.error(request, 'An error occured when resetting the password. Please contact and admin.') return redirect('horizon:endpoints_management:endpoints_management:service', service_name) if isNewAccount: messages.warning(request, 'Account did not exist for service {0}, so a new one was created.'.format(service_name.capitalize())) else: messages.success(request, 'Password for service {0} was reset.'.format(service_name.capitalize())) request.session['new_service_password'] = password request.session['new_service_name'] = service_name return redirect('horizon:endpoints_management:endpoints_management:service', service_name)
def form_valid(self, form): try: handled = form.handle(self.request, form.cleaned_data) except Exception: handled = None exceptions.handle(self.request) if handled: domain_id = self.kwargs["domain_id"] access_type = form.cleaned_data["type"] control_type = form.cleaned_data['access_type'] refer = form.cleaned_data["refer"] white_list = form.cleaned_data["white_list"] black_list = form.cleaned_data["black_list"] forbid_ip = form.cleaned_data["forbid_ip"] domain = Domain.objects.get(pk=domain_id) if domain.status == 'Deployed': modify = middware.DomainManage() if control_type == 'white': if forbid_ip == u'': visitControlRule = middware.domainApi.VisitControlRule(pathPattern=str(access_type), allowNullReferer=refer, validReferers=str(white_list).strip('\r\n').split('\r\n')) else: visitControlRule = middware.domainApi.VisitControlRule(pathPattern=str(access_type), allowNullReferer=refer, validReferers=str(white_list).strip('\r\n').split('\r\n'), forbiddenIps=str(forbid_ip).strip('\r\n').split('\r\n')) else: if forbid_ip == u'': visitControlRule = middware.domainApi.VisitControlRule(pathPattern=str(access_type), invalidReferers=str(black_list).strip('\r\n').split('\r\n')) else: visitControlRule = middware.domainApi.VisitControlRule(pathPattern=str(access_type), invalidReferers=str(black_list).strip('\r\n').split('\r\n'), forbiddenIps=str(forbid_ip).strip('\r\n').split('\r\n')) domain_class = middware.domainApi.Domain(domainId=domain.domain_id, visitControlRules=[visitControlRule]) ret = modify.modify(domain_class) if ret.getMsg() == 'success': msg = _("modify successfully") messages.success(self.request, msg) access_id = self.kwargs['access_id'] access = AccessControl.objects.get(pk=access_id) access.pathPattern = access_type access.allowNullReffer = refer access.validRefers = white_list access.invalidRefers = black_list access.forbiddenIps = forbid_ip access.save() else: messages.error(self.request, ret.getMsg()) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url) else: msg = _("%s status is %s, can not do this action") % (domain.domain_name, _(domain.status)) messages.warning(self.request, msg) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url)
def get_initial(self, **kwargs): initial = super(ActionWorkflowView, self).get_initial() try: action_id, job_id = self.kwargs['job_id'].split('===') except ValueError: job_id = self.kwargs['job_id'] action_id = None if self.is_update(): initial.update({'original_name': None}) job = self.get_object()[0] d = job.get_dict() for action in d['job_actions']: try: if action['action_id'] == action_id: actions = create_dict_action(**action) rules = {k: v for k, v in action.items() if not k == 'freezer_action'} initial.update(**actions['freezer_action']) initial.update(**rules) except KeyError: messages.warning(self.request, _("Cannot edit an action " "created by the scheduler")) exceptions.handle(self.request, "") initial.update({'original_name': job.id}) return initial
def get_context_data(self, **kwargs): context = super(VerifyView, self).get_context_data(**kwargs) domain_id = self.kwargs['domain_id'] domain = Domain.objects.get(pk=domain_id) domain_name = domain.domain_name check_method = middware.DomainManage() check_info = check_method.verify_file_check(str(domain_name)) memcached_servers=settings.CACHES.get("default").get("LOCATION") mc = memcache.Client(memcached_servers) domain_uuid = mc.get(str(domain_name)) if domain.status == 'unverified' or domain.status == 'failed': if domain_uuid is not None: if not check_info: context["message"] = _("Please create name which name is on below into your web server(%s)," "and write: ") % domain_name context["uuid"] = domain_uuid context["file"] = domain_uuid+'.txt' msg = _("Not detected verification file") messages.warning(self.request, msg) else: context["message"] = _("Verification file has been detected, please verify") else: domain.status = 'failed' domain.save() elif domain.status == 'addfailed': context["message"] = _("The %s status is %s") % (domain.domain_name, _(domain.status)) else: context["disable"] = 'disabled="disable"' context["message"] = _("The %s status is %s") % (domain.domain_name, _(domain.status)) args = (self.kwargs['domain_id'],) context['submit_url'] = reverse(self.submit_url, args=args) return context
def disable(self, request, obj_id): try: # 执行删除前状态检查 domain = Domain.objects.get(pk=obj_id) if domain.status == 'Deployed': domain.status = 'inProgress' domain.save() a = middware.DomainManage() a.disable(domainId=domain.domain_id) # 插入操作日志 Logger(request).create(resource_type='CDN', action_name='Disable Domain Name', resource_name='CDN', config=_('Domain: %s') %domain.domain_name, status='Success') else: # 插入操作日志 Logger(request).create(resource_type='CDN', action_name='Disable Domain Name', resource_name='CDN', config=_('Domain: %s') %domain.domain_name, status='Error') msg = _("%s status is %s, can not do this action") % (domain.domain_name, _(domain.status)) messages.warning(request, msg) except Exception: # 插入操作日志 Logger(request).create(resource_type='CDN', action_name='Disable Domain Name', resource_name='CDN', config='', status='Error') obj = self.table.get_object_by_id(obj_id) name = self.table.get_object_display(obj) msg = _('Unable to disable domain %s') % name LOG.info(msg) messages.error(request, msg) exceptions.handle(request, msg) redirect = reverse(self.redirect_url) raise exceptions.Http302(redirect, message=msg)
def done(self, form_list, **kwargs): data = self.get_all_cleaned_data() app_id = self.storage.get_step_data("upload")["package"].id # Remove package file from result data for key in ("package", "import_type", "url", "repo_version", "repo_name"): del data[key] dep_pkgs = self.storage.get_step_data("upload").get("dependencies", []) redirect = reverse("horizon:murano:packages:index") dep_data = {"enabled": data["enabled"], "is_public": data["is_public"]} murano_client = api.muranoclient(self.request) for dep_pkg in dep_pkgs: try: murano_client.packages.update(dep_pkg.id, dep_data) except Exception as e: msg = _("Couldn't update package {0} parameters. Error: {1}").format(dep_pkg.fully_qualified_name, e) LOG.warning(msg) messages.warning(self.request, msg) try: data["tags"] = [t.strip() for t in data["tags"].split(",")] murano_client.packages.update(app_id, data) except exc.HTTPForbidden: msg = _("You are not allowed to change" " this properties of the package") LOG.exception(msg) exceptions.handle(self.request, msg, redirect=reverse("horizon:murano:packages:index")) except (exc.HTTPException, Exception): LOG.exception(_("Modifying package failed")) exceptions.handle(self.request, _("Unable to modify package"), redirect=redirect) else: msg = _("Package parameters successfully updated.") LOG.info(msg) messages.success(self.request, msg) return http.HttpResponseRedirect(redirect)
def _is_removing_self_admin_role(self, request, project_id, user_id, available_roles, current_role_ids): is_current_user = user_id == request.user.id is_current_project = project_id == request.user.tenant_id available_admin_role_ids = [role.id for role in available_roles if role.name.lower() == 'admin'] admin_roles = [role for role in current_role_ids if role in available_admin_role_ids] if len(admin_roles): removing_admin = any([role in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) return True else: return False
def handle(self, request, data): failed, succeeded = [], [] user_is_editable = api.keystone.keystone_can_edit_user() user = data.pop('id') tenant = data.pop('tenant_id') if user_is_editable: password = data.pop('password') data.pop('confirm_password', None) if user_is_editable: # Update user details msg_bits = (_('name'), _('email')) try: api.keystone.user_update(request, user, **data) succeeded.extend(msg_bits) except: failed.extend(msg_bits) exceptions.handle(request, ignore=True) # Update default tenant msg_bits = (_('primary project'),) try: api.keystone.user_update_tenant(request, user, tenant) succeeded.extend(msg_bits) except: failed.append(msg_bits) exceptions.handle(request, ignore=True) # Check for existing roles # Show a warning if no role exists for the tenant user_roles = api.keystone.roles_for_user(request, user, tenant) if not user_roles: messages.warning(request, _('The user %s has no role defined for' + ' that project.') % data.get('name', None)) if user_is_editable: # If present, update password # FIXME(gabriel): password change should be its own form and view if password: msg_bits = (_('password'),) try: api.keystone.user_update_password(request, user, password) succeeded.extend(msg_bits) if user == request.user.id: logout(request) except: failed.extend(msg_bits) exceptions.handle(request, ignore=True) if succeeded: messages.success(request, _('User has been updated successfully.')) if failed: failed = map(force_unicode, failed) messages.error(request, _('Unable to update %(attributes)s for the user.') % {"attributes": ", ".join(failed)}) return True
def update_cell(self, request, datum, obj_id, cell_name, new_cell_value): try: if not new_cell_value or new_cell_value.isspace(): message = _("The environment name field cannot be empty.") messages.warning(request, message) raise ValueError(message) mc = api_utils.muranoclient(request) mc.environments.update(datum.id, name=new_cell_value) except exc.HTTPConflict: message = _("This name is already taken.") messages.warning(request, message) LOG.warning(_("Couldn't update environment. Reason: ") + message) # FIXME(kzaitsev): There is a bug in horizon and inline error # icons are missing. This means, that if we return 400 here, by # raising django.core.exceptions.ValidationError(message) the UI # will break a little. Until the bug is fixed this will raise 500 # bug link: https://bugs.launchpad.net/horizon/+bug/1359399 # Alternatively this could somehow raise 409, which would result # in the same behaviour. raise ValueError(message) except Exception: exceptions.handle(request, ignore=True) return False return True
def handle(self, request, context): validate_code = context.get('validate_code', None) if validate_code: request.session[validate_code] = None instance_id = context.get('instance_id', None) instance_name = context.get('name', None) username = context.get("username", None) password = context.get("password", None) image_name = context.get("image_name", None) is_allow_inject_passwd = context.get("is_allow_inject_passwd", 'False') is_allow_inject_passwd = True if 'True' == is_allow_inject_passwd else False is_sync_set_root = context.get("is_sync_set_root", False) is_reboot = context.get('is_reboot', False) if not is_allow_inject_passwd: messages.warning(request, _('Unable to Reset Password for instance %s.') % instance_name) return False try: #instance = api.nova.server_get(request, instance_id) user_data_script_helper = userdata.UserDataScriptHelper(image_name, is_sync_set_root=is_sync_set_root, is_rebuild=True) user_data = user_data_script_helper.get_user_data(username, password) api.nova.server_change_user_data(request, instance_id, user_data) # operation log config = _('Instance Name: %s') % instance_name api.logger.Logger(request).create(resource_type='instance', action_name='Reset Password', resource_name='Instance', config=config, status='Success') def hard_reboot(): api.nova.server_reboot(request, instance_id, soft_reboot=True) # operation log api.logger.Logger(request).create(resource_type='instance', action_name='Reboot System', resource_name='Instance', config=_('Instance Name: %s') % instance_name, status='Success') if is_reboot: hard_reboot() return True except Exception: exceptions.handle(request) # operation log api.logger.Logger(request).create(resource_type='instance', action_name='Reset Password', resource_name='Instance', config='', status='Error') return False
def single(self, table, request, object_id): try: api.trove.root_disable(request, object_id) table.data[0].password = None messages.success(request, _("Successfully disabled root access.")) except Exception as e: messages.warning(request, _("Cannot disable root access: %s") % e.message)
def handle(self, request, data): superset_id = data['superset_id'] member_step = self.get_step(self.member_slug) self.relationship = self._load_relationship_api() try: object_list = self.relationship._list_all_objects( request, superset_id) owners_objects_relationship = \ self.relationship._list_current_assignments(request, superset_id) # re-index by object with a owner list for easier processing # in later steps current_objects = idm_utils.swap_dict(owners_objects_relationship) # Parse the form data modified_objects = {} for obj in object_list: field_name = member_step.get_member_field_name(obj.id) modified_objects[obj.id] = data[field_name] # Create the delete and add sets objects_to_add, objects_to_delete = \ self._create_add_and_delete_sets(modified_objects, current_objects) # Add the objects for object_id in objects_to_add: for owner_id in objects_to_add[object_id]: if (not self.current_user_editable and owner_id == request.user.id): messages.warning( request, 'You can\'t edit your own roles') else: self.relationship._add_object_to_owner( self.request, superset=superset_id, owner=owner_id, obj=object_id) # Remove the objects for object_id in objects_to_delete: for owner_id in objects_to_delete[object_id]: if (not self.current_user_editable and owner_id == request.user.id): messages.warning( request, 'You can\'t edit your own roles') else: self.relationship._remove_object_from_owner( self.request, superset=superset_id, owner=owner_id, obj=object_id) return True except Exception: exceptions.handle(request, ('Failed to modify organization\'s members.')) return False
def allowed(self, request, datum): try: if self.table: quota = api.designate.quota_get(request) return quota['domains'] > len(self.table.data) except: msg = _("The quotas could not be retrieved.") messages.warning(request, msg) return True
def form_valid(self, form): try: handled = form.handle(self.request, form.cleaned_data) except Exception: handled = None exceptions.handle(self.request) if handled: domain_id = self.kwargs['domain_id'] cache_type = form.cleaned_data['type'] ignore = form.cleaned_data["ignore"] time = form.cleaned_data["time"] domain = Domain.objects.get(pk=domain_id) if domain.status == 'Deployed': modify = middware.DomainManage() ret = modify.find(domain.domain_id) domain_result = ret.getDomain() cacheBehavior = middware.domainApi.CacheBehavior(pathPattern=cache_type, ignoreCacheControl=ignore, cacheTtl=time) if domain_result.cacheBehaviors is not None: domain_class = middware.domainApi.Domain(domainId=domain.domain_id, cacheBehaviors=domain_result.cacheBehaviors+[cacheBehavior]) else: domain_class = middware.domainApi.Domain(domainId=domain.domain_id, cacheBehaviors=[cacheBehavior]) ret = modify.modify(domain_class) if ret.getMsg() == 'success': msg = _("modify successfully") messages.success(self.request, msg) cache_id = self.kwargs["cache_id"] cache = CacheRule.objects.get(pk=cache_id) cache.pathPattern = cache_type cache.ignoreCacheControl = ignore cache.cacheTtl = time cache.save() # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') %domain.domain_name, status='Success') else: messages.error(self.request, ret.getMsg()) # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') %domain.domain_name, status='Error') redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url) else: # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') %domain.domain_name, status='Error') msg = _("%s status is %s, can not do this action") % (domain.domain_name, _(domain.status)) messages.warning(self.request, msg) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url)
def swift_delete_container(request, name): # It cannot be deleted if it's not empty. The batch remove of objects # be done in swiftclient instead of Horizon. objects, more = swift_get_objects(request, name) if objects: messages.warning(request, _("The container cannot be deleted since it's not empty.")) return False swift_api(request).delete_container(name) return True
def allowed(self, request, datum): if policy.check((("dns", "get_quota"),), request): try: if self.table: quota = api.designate.quota_get(request) return quota['domains'] > len(self.table.data) except Exception: msg = _("The quotas could not be retrieved.") messages.warning(request, msg) return True
def user_update(request, user,admin=False, **data): manager = keystoneclient(request, admin=admin).users error = None if not keystone_can_edit_user(): raise keystone_exceptions.ClientException(405, _("Identity service " "does not allow editing user data.")) # The v2 API updates user model, password and default project separately if VERSIONS.active < 3: password = data.pop('password') project = data.pop('project') # Update user details try: user = manager.update(user, **data) except Exception: error = exceptions.handle(request, ignore=True) # Update default tenant try: user_update_tenant(request, user, project) user.tenantId = project except Exception: error = exceptions.handle(request, ignore=True) # Check for existing roles # Show a warning if no role exists for the project user_roles = roles_for_user(request, user, project) if not user_roles: messages.warning(request, _('User %s has no role defined for ' 'that project.') % data.get('name', None)) # If present, update password # FIXME(gabriel): password change should be its own form + view if password: try: user_update_password(request, user, password) if user == request.user.id: logout(request) except Exception: error = exceptions.handle(request, ignore=True) if error is not None: raise error # v3 API is so much simpler... else: if not data['password']: data.pop('password') user = manager.update(user, **data) return VERSIONS.upgrade_v2_user(user)
def get(self, request, *args, **kwargs): enable_metering_feature = getattr( self.request, 'enable_metering_feature', False) if not enable_metering_feature: response = splash(request) msg = _('Oops,this feature had been disabled, please go to ' '"Global Settings" page to check the configuration') messages.warning(request, msg) else: response = super(IndexView, self).get(request, *args, **kwargs) return response
def console(request, instance_id, filename): tail = request.GET.get('length') if not tail or (tail and not tail.isdigit()): msg = _('Log length must be a nonnegative integer.') messages.warning(request, msg) data = (_('Unable to load {0} log for instance "{1}".') .format(filename, instance_id)) return http.HttpResponse(data.encode('utf-8'), content_type='text/plain') return build_response(request, instance_id, filename, tail)
def get(self, request, *args, **kwargs): enable_image_upload_delete = getattr( self.request, 'enable_image_upload_delete', False) if not enable_image_upload_delete: response = splash(request) msg = _('Sorry,The image upload and delete function is disable, ' 'please connect with administrator') messages.warning(request, msg) else: response = super(ContribCreateView, self).get(request, *args, **kwargs) return response
def _get_vip(request, pool, vip_dict): if pool["vip_id"] is not None: try: if vip_dict: vip = vip_dict.get(pool["vip_id"]) else: vip = _vip_get(request, pool["vip_id"]) except Exception: messages.warning(request, _("Unable to get VIP for pool " "%(pool)s.") % {"pool": pool["id"]}) vip = Vip({"id": pool["vip_id"], "name": ""}) return vip else: return None
def handle(self, request, data): try: instance_id = data['instance_id'] metadatas = utils.get_metadata(self.request, instance_id) if data['name'] not in metadatas.keys(): metadatas.update({data['name']:data['value']}) utils.set_metadata(self.request, instance_id, metadatas) messages.success(request,_('Metadata was successfully added.')) return True else: messages.warning(request,_('Such metadata key already exists. Please, go to Update Metadata to change it.')) except Exception: exceptions.handle(request,_('Unable to add metadata.'))
def user_update(request, user, **data): manager = keystoneclient(request, admin=True).users error = None if not keystone_can_edit_user(): raise keystone_exceptions.ClientException(405, _("Identity service " "does not allow editing user data.")) # The v2 API updates user model, password and default project separately if VERSIONS.active < 3: password = data.pop("password") project = data.pop("project") # Update user details try: user = manager.update(user, **data) except Exception: error = exceptions.handle(request, ignore=True) # Update default tenant try: user_update_tenant(request, user, project) user.tenantId = project except Exception: error = exceptions.handle(request, ignore=True) # Check for existing roles # Show a warning if no role exists for the project user_roles = roles_for_user(request, user, project) if not user_roles: messages.warning(request, _("User %s has no role defined for " "that project.") % data.get("name", None)) # If present, update password # FIXME(gabriel): password change should be its own form + view if password: try: user_update_password(request, user, password) if user.id == request.user.id: return utils.logout_with_message(request, _("Password changed. Please log in again to continue.")) except Exception: error = exceptions.handle(request, ignore=True) if error is not None: raise error # v3 API is so much simpler... else: if not data["password"]: data.pop("password") user = manager.update(user, **data) if data.get("password") and user.id == request.user.id: return utils.logout_with_message(request, _("Password changed. Please log in again to continue."))
def _get_network_list(self, request): search_opts = {"router:external": True} try: networks = api.neutron.network_list(request, **search_opts) except Exception: msg = _("Failed to get network list.") LOG.info(msg) messages.warning(request, msg) networks = [] choices = [(network.id, network.name or network.id) for network in networks] if choices: choices.insert(0, ("", _("Select network"))) return choices
def _pool_get(request, pool_id, expand_resource=False): try: pool = neutronclient(request).show_pool(pool_id).get('pool') except Exception: messages.warning(request, _("Unable to get pool detail.")) return None if expand_resource: # TODO(lyj): The expand resource(subnet, member etc.) attached # to a pool could be deleted without cleanup pool related database, # this will cause exceptions if we trying to get the deleted resources. # so we need to handle the situation by showing a warning message here. # we can safely remove the try/except once the neutron bug is fixed # https://bugs.launchpad.net/neutron/+bug/1406854 try: pool['subnet'] = neutron.subnet_get(request, pool['subnet_id']) except Exception: messages.warning(request, _("Unable to get subnet for pool " "%(pool)s.") % {"pool": pool_id}) pool['vip'] = _get_vip(request, pool, vip_dict=None, expand_name_only=False) try: pool['members'] = _member_list(request, expand_pool=False, pool_id=pool_id) except Exception: messages.warning(request, _("Unable to get members for pool " "%(pool)s.") % {"pool": pool_id}) try: pool['health_monitors'] = pool_health_monitor_list( request, id=pool['health_monitors']) except Exception: messages.warning(request, _("Unable to get health monitors " "for pool %(pool)s.") % {"pool": pool_id}) return Pool(pool)
def console(request, instance_id): data = _('Unable to get log for instance "%s".') % instance_id tail = request.GET.get('length') if tail and not tail.isdigit(): msg = _('Log length must be a nonnegative integer.') messages.warning(request, msg) else: try: data = api.nova.server_console_output(request, instance_id, tail_length=tail) except Exception: exceptions.handle(request, ignore=True) return http.HttpResponse(data.encode('utf-8'), content_type='text/plain')
def _get_server_list(self, request): # search_opts = {'router:external': False} try: servers,has_more_data = api.nova.server_list(request) except Exception: msg = _('Failed to get server list.') LOG.info(msg) messages.warning(request, msg) servers = [] choices = [(server.id, server.name or server.id) for server in servers] # if choices: choices.insert(0, ("", _("Select server"))) return choices
def verify_view(request, domain_id): redirect_url = reverse_lazy('horizon:cdn:cdn_domain_manager:index') try: domain_id = domain_id domain_list = Domain.objects.get(pk=domain_id) domain_name = domain_list.domain_name origin_type = domain_list.source_type origin_address = domain_list.sourceaddress_set.filter( domain_id=domain_id) if origin_type == 'url': origin_config = middware.domainApi.OriginConfig( originDomainName=origin_address[0].source_address) else: originips = [i.source_address for i in origin_address] origin_config = middware.domainApi.OriginConfig( originIps=originips) domain_class = middware.domainApi.Domain(domainName=domain_name, comment='syscloud', originConfig=origin_config, serviceType='web') domain = middware.DomainManage() if domain_list.status == 'unverified' or domain_list.status == 'failed' or domain_list.status == 'addfailed': if domain.verify_file_check(str(domain_name)): ret = domain.add(domain_class) msg = ret.getMsg() status = ret.getRet() if status == 202: domain_ret = ret.location.split('/') domainId = domain_ret[len(domain_ret) - 1] domain_list.domain_id = domainId domain_list.domain_cname = ret.cname domain_list.xCncRequestId = ret.xCncRequestId domain_list.status = 'inProgress' domain_list.save() messages.success(request, msg) # 插入操作日志 Logger(request).create(resource_type='CDN', action_name='Verify Domain', resource_name='CDN', config=_('Domain: %s') % domain_name, status='Success') else: messages.error(request, msg) logging.warning('CDN:' + domain_name + ':' + msg) domain_list.error_log = msg domain_list.status = 'addfailed' domain_list.save() # 插入操作日志 Logger(request).create( resource_type='CDN', action_name='Verify Domain', resource_name='CDN', config=_('Audit Error Log(%s): %s') % (domain_name, msg), status='Error') else: domain_list.status = 'failed' domain_list.save() Logger(request).create(resource_type='CDN', action_name='Verify Domain', resource_name='CDN', config=_('Domain: %s') % domain_name, status='Error') else: msg = _("the %s status is %s") % (domain_list.domain_name, _(domain_list.status)) messages.warning(request, msg) return HttpResponseRedirect(redirect_url) except Exception: Logger(request).create(resource_type='CDN', action_name='Verify Domain', resource_name='CDN', config='', status='Error') msg = _('Failed') redirect = redirect_url exceptions.handle(request, msg, redirect=redirect) return False
def form_valid(self, form): try: handled = form.handle(self.request, form.cleaned_data) except Exception: handled = None exceptions.handle(self.request) if handled: domain_id = self.kwargs["domain_id"] access_type = form.cleaned_data["type"] control_type = form.cleaned_data['access_type'] refer = form.cleaned_data["refer"] white_list = form.cleaned_data["white_list"] black_list = form.cleaned_data["black_list"] forbid_ip = form.cleaned_data["forbid_ip"] domain = Domain.objects.get(pk=domain_id) if domain.status == 'Deployed': modify = middware.DomainManage() if control_type == 'white': if forbid_ip == u'': visitControlRule = middware.domainApi.VisitControlRule( pathPattern=str(access_type), allowNullReferer=refer, validReferers=str(white_list).strip('\r\n').split( '\r\n')) else: visitControlRule = middware.domainApi.VisitControlRule( pathPattern=str(access_type), allowNullReferer=refer, validReferers=str(white_list).strip('\r\n').split( '\r\n'), forbiddenIps=str(forbid_ip).strip('\r\n').split( '\r\n')) else: if forbid_ip == u'': visitControlRule = middware.domainApi.VisitControlRule( pathPattern=str(access_type), invalidReferers=str(black_list).strip( '\r\n').split('\r\n')) else: visitControlRule = middware.domainApi.VisitControlRule( pathPattern=str(access_type), invalidReferers=str(black_list).strip( '\r\n').split('\r\n'), forbiddenIps=str(forbid_ip).strip('\r\n').split( '\r\n')) domain_class = middware.domainApi.Domain( domainId=domain.domain_id, visitControlRules=[visitControlRule]) ret = modify.modify(domain_class) if ret.getMsg() == 'success': msg = _("modify successfully") messages.success(self.request, msg) access_id = self.kwargs['access_id'] access = AccessControl.objects.get(pk=access_id) access.pathPattern = access_type access.allowNullReffer = refer access.validRefers = white_list access.invalidRefers = black_list access.forbiddenIps = forbid_ip access.save() else: messages.error(self.request, ret.getMsg()) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url) else: msg = _("%s status is %s, can not do this action") % ( domain.domain_name, _(domain.status)) messages.warning(self.request, msg) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url)
def __init__(self, *args, **kwargs): __method__ = 'tabs.InventoryRacksTabs.__init__' # This will instantiate the default tab (needed so generic tabs can # be created for each rack) super(InventoryRacksTabs, self).__init__(*args, **kwargs) # to create each generic tab, the tab group and request are needed tab_group = self request = self._tabs['default_tab'].request # objects to hold new list of tabs (classes) and defined_tabs objects list_tabs = [] # hold list of new tab classes for the tab group defined_tabs = self._tabs.__class__() # Retrieve all defined racks (so the list of actual tabs can be # created) logging.debug("%s: before retrieving rack all racks", __method__) (rc, result_dict) = rack_mgr.list_racks() if rc != 0: messages.error( self.request, _('Unable to retrieve Operational' ' Management inventory information' ' for racks.')) logging.error( '%s: Unable to retrieve Operational Management' ' inventory information. A Non-0 return code' ' returned from rack_mgr.list_racks. The' ' return code is: %s', __method__, rc) return all_racks = result_dict['racks'] if len(all_racks) <= 0: # Display this message at the warning-level so that it remains # visible until dismissed. If sent at the info-level, it will only # display for a few seconds before disapparing automatically. messages.warning( self.request, _('No racks exist in the ' 'Operational Management ' 'inventory.')) # loop through each rack (creating a defined tab for each) for a_rack in all_racks: # For each rack, build a defined rack tab # create a defined rack tab (instantiating a generic tab) defined_rack_tab = GenericTab(tab_group, request) # initialize the defined rack tab (with rack information) defined_rack_tab.initialize(a_rack["label"], a_rack['rackid']) # Add the defined rack tab class to the list of classes in the # tab group list_tabs.append(defined_rack_tab.__class__) # Add the defined rack tab (the new tab) to the list of defined # tabs defined_tabs[a_rack["label"] + "_tab"] = defined_rack_tab logging.debug("%s: creating a new tab for rack with label: %s", __method__, a_rack['label']) # end loop through each rack # clear out that default tab from the tab group self._tabs.clear() # update the tab group with the list of defined tabs self._tabs.update(defined_tabs) # update tabs with the list of tab classes self.tabs = tuple(list_tabs) # Add the application URLs to the list of attributes of the tab group. # We need those attributes when launching various applications self.attrs.update(retrieve_application_links(self, request))
def _update_domain_members(self, request, domain_id, data): # update domain members users_to_modify = 0 # Project-user member step member_step = self.get_step(constants.DOMAIN_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. domain_members = api.keystone.user_list(request, domain=domain_id) users_to_modify = len(domain_members) for user in domain_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user(self.request, user.id, domain=domain_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_domain_user_role(request, domain=domain_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id # TODO(lcheng) When Horizon moves to Domain scoped token for # invoking identity operation, replace this with: # domain_id == request.user.domain_id is_current_domain = True admin_roles = [ role for role in current_roles if role.name.lower() == 'admin' ] if len(admin_roles): removing_admin = any( [role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_domain and removing_admin: # Cannot remove "admin" role on current(admin) domain msg = _('You cannot revoke your administrative privileges ' 'from the domain you are currently logged into. ' 'Please switch to another domain with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_domain_user_role(request, domain=domain_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, domain_members): api.keystone.add_tenant_user_role(request, project=domain_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added return True except Exception: exceptions.handle( request, _('Failed to modify %s project ' 'members and update domain groups.') % users_to_modify) return False
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. domain_context = request.session.get('domain_context', None) project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) except Exception: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user( self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [ role for role in current_roles if role.name.lower() == 'admin' ] if len(admin_roles): removing_admin = any( [role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle( request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % { 'users_to_modify': users_to_modify, 'group_msg': group_msg }) return True if PROJECT_GROUP_ENABLED: # update project groups groups_to_modify = 0 member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) try: # Get the groups currently associated with this project so we # can diff against it. project_groups = api.keystone.group_list(request, domain=domain_context, project=project_id) groups_to_modify = len(project_groups) for group in project_groups: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_group( self.request, group=group.id, project=project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the group is in the list of groups with # this role. field_name = member_step.get_member_field_name(role.id) if group.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # group role has changed api.keystone.add_group_role(request, role=role.id, group=group.id, project=project_id) else: # Group role is unchanged, so remove it from # the remaining roles list to avoid removing it # later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Revoke any removed roles. for id_to_delete in current_role_ids: api.keystone.remove_group_role(request, role=id_to_delete, group=group.id, project=project_id) groups_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many groups may be added for error handling. groups_to_modify += len(data[field_name]) for role in available_roles: groups_added = 0 field_name = member_step.get_member_field_name(role.id) for group_id in data[field_name]: if not filter(lambda x: group_id == x.id, project_groups): api.keystone.add_group_role(request, role=role.id, group=group_id, project=project_id) groups_added += 1 groups_to_modify -= groups_added except Exception: exceptions.handle( request, _('Failed to modify %s project ' 'members, update project groups ' 'and update project quotas.' % groups_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [ role for role in api.roles_for_user( self.request, user.id, project_id) ] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.add_tenant_user_role(request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.remove_tenant_user_role(request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota ifcb = data['injected_file_content_bytes'] try: # TODO(gabriel): Once nova-volume is fully deprecated the # "volumes" and "gigabytes" quotas should no longer be sent to # the nova API to be updated anymore. nova.tenant_quota_update(request, project_id, metadata_items=data['metadata_items'], injected_file_content_bytes=ifcb, volumes=data['volumes'], gigabytes=data['gigabytes'], ram=data['ram'], floating_ips=data['floating_ips'], instances=data['instances'], injected_files=data['injected_files'], cores=data['cores']) if is_service_enabled(request, 'volume'): cinder.tenant_quota_update(request, project_id, volumes=data['volumes'], gigabytes=data['gigabytes']) return True except: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def process_step(self, form): @catalog_views.update_latest_apps def _update_latest_apps(request, app_id): LOG.info('Adding {0} application to the' ' latest apps list'.format(app_id)) step_data = self.get_form_step_data(form) if self.steps.current == 'upload': import_type = form.cleaned_data['import_type'] data = {} f = None base_url = packages_consts.MURANO_REPO_URL if import_type == 'by_url': f = form.cleaned_data['url'] elif import_type == 'by_name': f = muranoclient_utils.to_url( form.cleaned_data['name'], path='bundles/', base_url=base_url, extension='.bundle', ) try: bundle = muranoclient_utils.Bundle.from_file(f) except Exception as e: if '(404)' in e.message: msg = _("Bundle creation failed." "Reason: Can't find Bundle name from repository.") else: msg = _("Bundle creation failed." "Reason: {0}").format(e) LOG.exception(msg) messages.error(self.request, msg) raise exceptions.Http302( reverse('horizon:app-catalog:packages:index')) for package_spec in bundle.package_specs(): try: package = muranoclient_utils.Package.from_location( package_spec['Name'], version=package_spec.get('Version'), url=package_spec.get('Url'), base_url=base_url, path=None, ) except Exception as e: msg = _("Error {0} occurred while parsing package {1}")\ .format(e, package_spec.get('Name')) messages.error(self.request, msg) LOG.exception(msg) continue reqs = package.requirements(base_url=base_url) for dep_name, dep_package in six.iteritems(reqs): _ensure_images(dep_name, dep_package, self.request) try: files = {dep_name: dep_package.file()} package = api.muranoclient( self.request).packages.create(data, files) messages.success( self.request, _('Package {0} uploaded').format(dep_name)) _update_latest_apps(request=self.request, app_id=package.id) except exc.HTTPConflict: msg = _("Package {0} already registered.").format( dep_name) messages.warning(self.request, msg) LOG.exception(msg) except exc.HTTPException as e: reason = muranodashboard_utils.parse_api_error( getattr(e, 'details', '')) if not reason: raise msg = _("Package {0} upload failed. {1}").format( dep_name, reason) messages.warning(self.request, msg) LOG.exception(msg) except Exception as e: msg = _("Importing package {0} failed. " "Reason: {1}").format(dep_name, e) messages.warning(self.request, msg) LOG.exception(msg) continue return step_data
def done(self, form_list, **kwargs): data = self.get_all_cleaned_data() app_id = self.storage.get_step_data('upload')['package'].id # Remove package file from result data for key in ('package', 'import_type', 'url', 'repo_version', 'repo_name'): del data[key] dep_pkgs = self.storage.get_step_data('upload').get('dependencies', []) installed_images = self.storage.get_step_data('upload').get( 'images', []) redirect = reverse('horizon:app-catalog:packages:index') dep_data = {'enabled': data['enabled'], 'is_public': data['is_public']} murano_client = api.muranoclient(self.request) for dep_pkg in dep_pkgs: try: murano_client.packages.update(dep_pkg.id, dep_data) LOG.debug('Success update for package {0}.'.format(dep_pkg.id)) except Exception as e: msg = _("Couldn't update package {0} parameters. Error: {1}")\ .format(dep_pkg.fully_qualified_name, e) LOG.warning(msg) messages.warning(self.request, msg) # Images have been imported as private images during the 'upload' step # If the package is public, make the required images public if data['is_public']: try: glance_client = glance.glanceclient(self.request, '1') except Exception: glance_client = None if glance_client: for img in installed_images: try: glance_client.images.update(img['id'], is_public=True) LOG.debug('Success update for image {0}'.format( img['id'])) except Exception as e: msg = _("Error {0} occurred while setting image {1}, " "{2} public").format(e, img['name'], img['id']) messages.error(self.request, msg) LOG.exception(msg) elif len(installed_images): msg = _("Couldn't initialise glance v1 client, " "therefore could not make the following images " "public: {0}").format(' '.join( [img['name'] for img in installed_images])) messages.warning(self.request, msg) LOG.warning(msg) try: data['tags'] = [t.strip() for t in data['tags'].split(',')] murano_client.packages.update(app_id, data) except exc.HTTPForbidden: msg = _("You are not allowed to change" " this properties of the package") LOG.exception(msg) exceptions.handle( self.request, msg, redirect=reverse('horizon:app-catalog:packages:index')) except (exc.HTTPException, Exception): LOG.exception(_('Modifying package failed')) exceptions.handle(self.request, _('Unable to modify package'), redirect=redirect) else: msg = _('Package parameters successfully updated.') LOG.info(msg) messages.success(self.request, msg) return http.HttpResponseRedirect(redirect)
def process_step(self, form): @catalog_views.update_latest_apps def _update_latest_apps(request, app_id): LOG.info('Adding {0} application to the' ' latest apps list'.format(app_id)) step_data = self.get_form_step_data(form).copy() if self.steps.current == 'upload': import_type = form.cleaned_data['import_type'] data = {} f = None base_url = packages_consts.MURANO_REPO_URL if import_type == 'upload': pkg = form.cleaned_data['package'] f = pkg.file elif import_type == 'by_url': f = form.cleaned_data['url'] elif import_type == 'by_name': name = form.cleaned_data['repo_name'] version = form.cleaned_data['repo_version'] f = muranoclient_utils.to_url( name, version=version, path='apps/', extension='.zip', base_url=base_url, ) try: package = muranoclient_utils.Package.from_file(f) name = package.manifest['FullName'] except Exception as e: if '(404)' in e.message: msg = _("Package creation failed." "Reason: Can't find Package name from repository.") else: msg = _("Package creation failed." "Reason: {0}").format(e) LOG.exception(msg) messages.error(self.request, msg) raise exceptions.Http302( reverse('horizon:app-catalog:packages:index')) reqs = package.requirements(base_url=base_url) original_package = reqs.pop(name) step_data['dependencies'] = [] step_data['images'] = [] for dep_name, dep_package in six.iteritems(reqs): _ensure_images(dep_name, dep_package, self.request, step_data) try: files = {dep_name: dep_package.file()} package = api.muranoclient(self.request).packages.create( data, files) messages.success( self.request, _('Package {0} uploaded').format(dep_name)) _update_latest_apps(request=self.request, app_id=package.id) step_data['dependencies'].append(package) except exc.HTTPConflict: msg = _("Package {0} already registered.").format(dep_name) messages.warning(self.request, msg) LOG.exception(msg) except Exception as e: msg = _("Error {0} occurred while " "installing package {1}").format(e, dep_name) messages.error(self.request, msg) LOG.exception(msg) continue # add main packages images _ensure_images(name, original_package, self.request, step_data) # import main package itself try: files = {name: original_package.file()} package = api.muranoclient(self.request).packages.create( data, files) messages.success(self.request, _('Package {0} uploaded').format(name)) _update_latest_apps(request=self.request, app_id=package.id) step_data['package'] = package except exc.HTTPConflict: msg = _("Package with specified name already exists") LOG.exception(msg) exceptions.handle( self.request, msg, redirect=reverse('horizon:app-catalog:packages:index')) except exc.HTTPInternalServerError as e: self._handle_exception(e) except exc.HTTPException as e: reason = muranodashboard_utils.parse_api_error( getattr(e, 'details', '')) if not reason: raise LOG.exception(reason) exceptions.handle( self.request, reason, redirect=reverse('horizon:app-catalog:packages:index')) except Exception as original_e: self._handle_exception(original_e) return step_data
def user_update(request, user, **data): manager = keystoneclient(request, admin=True).users error = None if not keystone_can_edit_user(): raise keystone_exceptions.ClientException(405, _("Identity service " "does not allow editing user data.")) # The v2 API updates user model, password and default project separately if VERSIONS.active < 3: password = data.pop('password') project = data.pop('project') # Update user details try: user = manager.update(user, **data) except Exception: error = exceptions.handle(request, ignore=True) # Update default tenant try: user_update_tenant(request, user, project) user.tenantId = project except Exception: error = exceptions.handle(request, ignore=True) # Check for existing roles # Show a warning if no role exists for the project user_roles = roles_for_user(request, user, project) if not user_roles: messages.warning(request, _('User %s has no role defined for ' 'that project.') % data.get('name', None)) # If present, update password # FIXME(gabriel): password change should be its own form + view if password: try: user_update_password(request, user, password) if user.id == request.user.id: return utils.logout_with_message( request, _("Password changed. Please log in again to continue.") ) except Exception: error = exceptions.handle(request, ignore=True) if error is not None: raise error # v3 API is so much simpler... else: if not data['password']: data.pop('password') user = manager.update(user, **data) if data.get('password') and user.id == request.user.id: return utils.logout_with_message( request, _("Password changed. Please log in again to continue.") )
def user_update(request, user, **data): manager = keystoneclient(request, admin=True).users error = None if not keystone_can_edit_user(): raise keystone_exceptions.ClientException( 405, _("Identity service does not allow editing user data.")) # The v2 API updates user model and default project separately if VERSIONS.active < 3: # Update user details try: user = manager.update(user, **data) except keystone_exceptions.Conflict: raise exceptions.Conflict() except Exception: error = exceptions.handle(request, ignore=True) if "project" in data: project = data.pop('project') password = data.pop('password') # Update default tenant try: user_update_tenant(request, user, project) user.tenantId = project except Exception: error = exceptions.handle(request, ignore=True) # Check for existing roles # Show a warning if no role exists for the project user_roles = roles_for_user(request, user, project) if not user_roles: messages.warning( request, _('User %s has no role defined for ' 'that project.') % data.get('name', None)) if password: email = data.pop('email') LOG.info("v2 password:%s email:%s" % (password, email)) try: user_update_password(request, user, password) if user.id == request.user.id: return utils.logout_with_message( request, _("Password changed. Please log in again to continue." )) if email: LOG.info("v2 send email") send_mail(request, email, password) except Exception: error = exceptions.handle(request, ignore=True) if error is not None: raise error # v3 API is so much simpler... else: try: user = manager.update(user, **data) password = data.pop('password') if password: email = data.pop('email') LOG.info("v3 password:%s email:%s" % (password, email)) try: user_update_password(request, user, password) if user.id == request.user.id: return utils.logout_with_message( request, _("Password changed. Please log in again to continue." )) if email: LOG.info("v3 send email") send_mail(request, email, password) except Exception: error = exceptions.handle(request, ignore=True) if error is not None: raise error except keystone_exceptions.Conflict: raise exceptions.Conflict()
def form_valid(self, form): try: handled = form.handle(self.request, form.cleaned_data) except Exception: handled = None exceptions.handle(self.request) if handled: domain_id = self.kwargs['domain_id'] cache_type = form.cleaned_data['type'] ignore = form.cleaned_data["ignore"] time = form.cleaned_data["time"] domain = Domain.objects.get(pk=domain_id) if domain.status == 'Deployed': modify = middware.DomainManage() ret = modify.find(domain.domain_id) domain_result = ret.getDomain() cacheBehavior = middware.domainApi.CacheBehavior( pathPattern=cache_type, ignoreCacheControl=ignore, cacheTtl=time) if domain_result.cacheBehaviors is not None: domain_class = middware.domainApi.Domain( domainId=domain.domain_id, cacheBehaviors=domain_result.cacheBehaviors + [cacheBehavior]) else: domain_class = middware.domainApi.Domain( domainId=domain.domain_id, cacheBehaviors=[cacheBehavior]) ret = modify.modify(domain_class) if ret.getMsg() == 'success': msg = _("modify successfully") messages.success(self.request, msg) cache_id = self.kwargs["cache_id"] cache = CacheRule.objects.get(pk=cache_id) cache.pathPattern = cache_type cache.ignoreCacheControl = ignore cache.cacheTtl = time cache.save() # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') % domain.domain_name, status='Success') else: messages.error(self.request, ret.getMsg()) # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') % domain.domain_name, status='Error') redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url) else: # 插入操作日志 Logger(self.request).create(resource_type='CDN', action_name='Update Cache', resource_name='CDN', config=_('Domain: %s') % domain.domain_name, status='Error') msg = _("%s status is %s, can not do this action") % ( domain.domain_name, _(domain.status)) messages.warning(self.request, msg) redirect_url = self.get_success_url() return HttpResponseRedirect(redirect_url)
def handle(self, request, data): image_id = data.get('image_id', '') flavor_id = data.get('flavor', '') source_type = 'docker' sys_type = '' architecture = '' LOG.debug('image_id %s flavor_id %s', image_id, flavor_id) need_points, check_result = self.pre_auth_user(flavor_id) if not check_result: messages.warning(request, _("You Do not have enough points")) return False try: image = api.glance.image_get(request, image_id) source_type = image.properties.get('hypervisor_type', '') sys_type = image.properties.get('sys_type', '') architecture = image.properties.get('architecture', '') except Exception: pass check_vm_result = self.recount_vm(source_type) if not check_vm_result: return False self.create_network() try: instance = api.nova.server_create( request, self.instance_name, image_id, flavor_id, '', '', [u'default'], block_device_mapping=None, block_device_mapping_v2=None, nics=self.nics, availability_zone=self.avail_zone, instance_count=1, meta={"SPN": "Cloud"}, admin_pass='', disk_config='AUTO') portid = "%(port-id)s_%(ip_addr)s" % { 'port-id': self.port.id, 'ip_addr': self.private_ip } api.network.floating_ip_associate(self.request, self.floating_ip.id, portid) if not self.request.user.is_superuser: transaction_user_points.delay(self.request.user.username, "*****@*****.**", need_points) self.set_vpn_account() self.send_email() dt = { "image_id": image_id, "flavor_id": flavor_id, "instance_id": instance.id, "image_name": instance.image_name, "os_type": instance.image_os_type, "floating_ip": self.floating_ip.ip, "private_ip": self.private_ip, "virtual_type": source_type, "sys_type": sys_type, "architecture": architecture, "use_accelerator": False, } add_operation.delay(jsonpickle.encode(request), jsonpickle.encode(dt)) update_custom_image_data.delay(image_id) reward_user.delay(image_id) LOG.debug('dt %s', dt) messages.success(self.request, self.success_message) return True except Exception: exceptions.handle(request) return False
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [role for role in api.keystone.roles_for_user(self.request, user.id, project_id)] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle(request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def _update_project_members(self, request, data, project_id): member_ids = set() prjadm_ids = set() prjrole_id = None result = None for role in self._get_available_roles(request): tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) for tmpid in data[field_name]: member_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjadm_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjrole_id = role.id with transaction.atomic(): ep_qset = Expiration.objects.filter(project=self.this_project) disposable_exps = ep_qset.exclude( registration__userid__in=member_ids) changed_regs = [x.registration for x in disposable_exps] rm_email_list = EMail.objects.filter(registration__in=changed_regs) for item in ep_qset: if item.registration.userid in member_ids: member_ids.remove(item.registration.userid) added_regs = Registration.objects.filter(userid__in=member_ids) add_email_list = EMail.objects.filter(registration__in=added_regs) # # Use per-user expiration date as a fall back # for expiration date per tenant # for item in added_regs: def_expdate = item.expdate if item.expdate else datetime.now( ) + timedelta(365) c_args = { 'registration': item, 'project': self.this_project, 'expdate': item.expdate } Expiration(**c_args).save() changed_regs.append(item) # # Enable reminders to cloud admin for manually added users # RegRequest.objects.filter(registration__in=added_regs, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # Delete expiration for manually removed users # disposable_exps.delete() # # Remove subscription request for manually added or removed members # PrjRequest.objects.filter(registration__in=changed_regs, project=self.this_project).delete() # # Delete and re-create the project admin cache # PrjRole.objects.filter(project=self.this_project).delete() for item in Registration.objects.filter(userid__in=prjadm_ids): new_prjrole = PrjRole() new_prjrole.registration = item new_prjrole.project = self.this_project new_prjrole.roleid = prjrole_id new_prjrole.save() LOG.debug("Re-created prj admin: %s" % item.username) result = super(ExtUpdateProject, self)._update_project_members( request, data, project_id) # # Notify users, both new and removed # for e_item in rm_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_RM, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) for e_item in add_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) if len(prjadm_ids) == 0: messages.warning(request, _("Missing project admin for this project")) return result
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user( self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the user is in the list of users with this role. if user.id in data["role_" + role.id]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [ role for role in current_roles if role.name.lower() == 'admin' ] if len(admin_roles): removing_admin = any( [role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: # Count how many users may be added for exception handling. users_to_modify += len(data["role_" + role.id]) for role in available_roles: users_added = 0 for user_id in data["role_" + role.id]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): try: tenant_id = self.request.user.tenant_id user_name = self.request.user.username project_name = self.request.user.project_name domain = Domain.objects.filter(domain_name=data['domain_name']) # 判断域名是否已添加 if domain: if domain[0].status != 'deleted': message = _('%s has created') % data['domain_name'] messages.warning(request, message) return True if domain[0].status == 'deleted': domainId = domain[0].domain_id domain_api = DomainManage() domain_api.enable(domainId=domainId) domain[0].status = 'inProgress' domain[0].save() message = _( '%s has been in database,it will be enable for you' ) % data['domain_name'] messages.success(request, message) return True else: # 添加记费类型 billing_type = CdnBillMethod.objects.get(tenant_id=tenant_id) domain_name = data['domain_name'].strip() p = Domain(tenant_id=tenant_id, user_name=user_name, project_name=project_name, domain_name=domain_name, domain_cname='-', source_type=data['source_type'], current_type=billing_type.current_type, update_type=billing_type.update_type, update_at=billing_type.update_at, effect_at=billing_type.effect_at) p.save() if data['source_type'] == 'ip': for i in data['origin_config_a'].strip('\r\n').split( '\r\n'): o = p.sourceaddress_set.create(source_address=i) o.save() else: o = p.sourceaddress_set.create( source_address=data['origin_config_b']) o.save() # 插入操作日志 api.logger.Logger(self.request).create( resource_type='CDN', action_name='Create Domain Name', resource_name='CDN', config=_('Domain: %s') % data['domain_name'], status='Success') # 将domain_name和随机生成的uuid绑定存储到memcache中,为域名鉴权提供依据 set_memcache_value(str(data['domain_name']), str(uuid.uuid4())) message = _( 'Domain %s was successfully created') % data['domain_name'] messages.success(request, message) return data['domain_name'] except exceptions: # 插入操作日志 api.logger.Logger(self.request).create( resource_type='CDN', action_name='Create Domain Name', resource_name='CDN', config=_('Domain: %s') % data['domain_name'], status='Error') msg = _('Failed to create Domain %s') % data['name'] redirect = self.failure_url exceptions.handle(request, msg, redirect=redirect) return False
def __init__(self, request, *args, **kwargs): super(CreateNetwork, self).__init__(request, *args, **kwargs) tenant_choices = [('', _("Select a project"))] tenants, has_more = api.keystone.tenant_list(request) for tenant in tenants: if tenant.enabled: tenant_choices.append((tenant.id, tenant.name)) self.fields['tenant_id'].choices = tenant_choices try: is_extension_supported = \ api.neutron.is_extension_supported(request, 'provider') except Exception: msg = _("Unable to verify Neutron service providers") exceptions.handle(self.request, msg) self._hide_provider_network_type() is_extension_supported = False if is_extension_supported: neutron_settings = getattr(settings, 'OPENSTACK_NEUTRON_NETWORK', {}) self.seg_id_range = SEGMENTATION_ID_RANGE.copy() seg_id_range = neutron_settings.get('segmentation_id_range') if seg_id_range: self.seg_id_range.update(seg_id_range) self.provider_types = PROVIDER_TYPES.copy() extra_provider_types = neutron_settings.get('extra_provider_types') if extra_provider_types: self.provider_types.update(extra_provider_types) self.nettypes_with_seg_id = [ net_type for net_type in self.provider_types if self.provider_types[net_type]['require_segmentation_id'] ] self.nettypes_with_physnet = [ net_type for net_type in self.provider_types if self.provider_types[net_type]['require_physical_network'] ] supported_provider_types = neutron_settings.get( 'supported_provider_types', DEFAULT_PROVIDER_TYPES) if supported_provider_types == ['*']: supported_provider_types = DEFAULT_PROVIDER_TYPES undefined_provider_types = [ net_type for net_type in supported_provider_types if net_type not in self.provider_types ] if undefined_provider_types: LOG.error('Undefined provider network types are found: %s', undefined_provider_types) seg_id_help = [ _("For %(type)s networks, valid IDs are %(min)s to %(max)s.") % { 'type': net_type, 'min': self.seg_id_range[net_type][0], 'max': self.seg_id_range[net_type][1] } for net_type in self.nettypes_with_seg_id ] self.fields['segmentation_id'].help_text = ' '.join(seg_id_help) # Register network types which require segmentation ID attrs = dict( ('data-network_type-%s' % network_type, _('Segmentation ID')) for network_type in self.nettypes_with_seg_id) self.fields['segmentation_id'].widget.attrs.update(attrs) physical_networks = getattr(settings, 'OPENSTACK_NEUTRON_NETWORK', {}).get('physical_networks', []) if physical_networks: self.fields['physical_network'] = forms.ThemableChoiceField( label=_("Physical Network"), choices=[(net, net) for net in physical_networks], widget=forms.ThemableSelectWidget( attrs={ 'class': 'switched', 'data-switch-on': 'network_type', }), help_text=_("The name of the physical network over " "which the virtual network is implemented."), ) # Register network types which require physical network attrs = dict( ('data-network_type-%s' % network_type, _('Physical Network')) for network_type in self.nettypes_with_physnet) self.fields['physical_network'].widget.attrs.update(attrs) network_type_choices = [ (net_type, self.provider_types[net_type]['display_name']) for net_type in supported_provider_types ] if not network_type_choices: self._hide_provider_network_type() else: self.fields['network_type'].choices = network_type_choices try: if api.neutron.is_extension_supported(request, 'network_availability_zone'): zones = api.neutron.list_availability_zones( self.request, 'network', 'available') self.fields['az_hints'].choices = [(zone['name'], zone['name']) for zone in zones] else: del self.fields['az_hints'] except Exception: msg = _('Failed to get availability zone list.') messages.warning(request, msg) del self.fields['az_hints']