Example #1
0
def _translate_plain_exception(exc_value):
    if isinstance(exc_value,
                  (glanceclient.exc.Forbidden, glanceclient.exc.Unauthorized)):
        return exception.Forbidden(six.text_type(exc_value))
    if isinstance(exc_value, glanceclient.exc.NotFound):
        return exception.NotFound(six.text_type(exc_value))
    if isinstance(exc_value, glanceclient.exc.BadRequest):
        return exception.Invalid(six.text_type(exc_value))
    return exc_value
Example #2
0
    def create_isolated_vdc_network(self,
                                    vdc_name,
                                    network_name,
                                    gateway_name,
                                    start_address,
                                    end_address,
                                    gateway_ip,
                                    netmask,
                                    dns1=None,
                                    dns2=None,
                                    dns_suffix=None):
        vdc = self.get_vdc(vdc_name)
        iprange = IpRangeType(StartAddress=start_address,
                              EndAddress=end_address)
        ipranges = IpRangesType(IpRange=[iprange])
        ipscope = IpScopeType(IsInherited=False,
                              Gateway=gateway_ip,
                              Netmask=netmask,
                              Dns1=dns1,
                              Dns2=dns2,
                              DnsSuffix=dns_suffix,
                              IpRanges=ipranges)
        ipscopes = IpScopesType(IpScope=[ipscope])

        configuration = NetworkConfigurationType(IpScopes=ipscopes,
                                                 FenceMode="isolated")
        net = OrgVdcNetworkType(name=network_name,
                                Description="Network created name is " +
                                network_name,
                                EdgeGateway=None,
                                Configuration=configuration,
                                IsShared=False)
        namespacedef = 'xmlns="http://www.vmware.com/vcloud/v1.5"'
        content_type = "application/vnd.vmware.vcloud.orgVdcNetwork+xml"
        body = '<?xml version="1.0" encoding="UTF-8"?>{0}'.format(
            CommonUtils.convertPythonObjToStr(net,
                                              name='OrgVdcNetwork',
                                              namespacedef=namespacedef))
        postlink = filter(lambda link: link.get_type() == content_type,
                          vdc.get_Link())[0].href
        headers = self.vcloud_session.get_vcloud_headers()
        headers["Content-Type"] = content_type
        response = requests.post(postlink,
                                 data=body,
                                 headers=headers,
                                 verify=self.verify)

        if response.status_code == requests.codes.forbidden:
            raise exception.Forbidden("Create_isolated_vdc_network error, " +
                                      "network_name:" + network_name)
        if response.status_code == requests.codes.created:
            network = networkType.parseString(response.content, True)
            task = network.get_Tasks().get_Task()[0]
            return (True, task)
        else:
            return (False, response.content)
Example #3
0
    def delete_key(self, ctxt, key_id, **kwargs):
        """Deletes the key identified by the specified id.

        A Forbidden exception is raised if the context is None and a
        KeyError is raised if the UUID is invalid.
        """
        if ctxt is None:
            raise exception.Forbidden()

        del self.keys[key_id]
Example #4
0
    def store(self, context, managed_object, **kwargs):
        """Stores (i.e., registers) a key with the key manager."""
        if context is None:
            raise exception.Forbidden()

        if managed_object != self._get_key():
            raise exception.KeyManagerError(
                reason="cannot store arbitrary keys")

        return self.key_id
Example #5
0
    def get_key(self, ctxt, key_id, **kwargs):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if ctxt is None:
            raise exception.Forbidden()

        return self.keys[key_id]
Example #6
0
    def create_key(self, context, algorithm, length, **kwargs):
        """Creates a symmetric key.

        This implementation returns a UUID for the key read from the
        configuration file. A Forbidden exception is raised if the
        specified context is None.
        """
        if context is None:
            raise exception.Forbidden()

        return self.key_id
Example #7
0
    def create_key(self, ctxt, **kwargs):
        """Creates a key.

        This implementation returns a UUID for the created key. A
        Forbidden exception is raised if the specified context is None.
        """
        if ctxt is None:
            raise exception.Forbidden()

        key = self._generate_key(**kwargs)
        return self.store_key(ctxt, key)
Example #8
0
    def delete(self, context, managed_object_id):
        """Represents deleting the key.

        Simply delete the key from our list of keys.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id not in self._passphrases:
            raise exception.KeyManagerError(
                reason="cannot delete non-existent secret")

        del self._passphrases[managed_object_id]
Example #9
0
    def get(self, context, managed_object_id):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id not in self._passphrases:
            raise KeyError('cannot retrieve non-existent secret')

        return self._passphrases[managed_object_id]
Example #10
0
    def store(self, context, managed_object, **kwargs):
        """Stores (i.e., registers) a passphrase with the key manager."""
        if context is None:
            raise exception.Forbidden()

        if not isinstance(managed_object, passphrase.Passphrase):
            raise exception.KeyManagerError(
                reason='cannot store anything except passphrases')

        uuid = uuidutils.generate_uuid()
        managed_object._id = uuid  # set the id to simulate persistence
        self._passphrases[uuid] = managed_object

        return uuid
Example #11
0
 def get_task_result(self, task):
     """
     Wait the task finished, and return the result
     """
     headers = self.vcloud_session.get_vcloud_headers()
     headers["Content-Type"] = "application/vnd.vmware.vcloud.task+xml"
     response = requests.get(task.href, headers=headers, verify=self.verify)
     if response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Create_isolated_vdc_network error, " +
                                   "network_name:" + network_name)
     if response.status_code == requests.codes.ok:
         doc = self.parsexml_(response.content)
         return doc.attrib
     return {'status': "Error"}
Example #12
0
 def get_isolated_network_href(self, vdc_name, network_name):
     vdc = self.get_vdc(vdc_name)
     link = filter(lambda link: link.get_rel() == "orgVdcNetworks",
                   vdc.get_Link())
     response = requests.get(
         link[0].get_href(),
         headers=self.vcloud_session.get_vcloud_headers(),
         verify=self.verify)
     queryResultRecords = queryRecordViewType.parseString(
         response.content, True)
     if response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Get_isolated_network_href error, " +
                                   "network_name:" + network_name)
     if response.status_code == requests.codes.ok:
         for record in queryResultRecords.get_Record():
             if record.name == network_name:
                 return record.href
     elif response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Get_isolated_network_href forbidden, " +
                                   "network_name:" + network_name)
     else:
         raise exception.NovaException("Get_isolated_network_href error, " +
                                       " response:" + response)
Example #13
0
    def get(self, context, managed_object_id):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id != self.key_id:
            raise KeyError(str(managed_object_id) + " != " + str(self.key_id))

        return self._get_key()
Example #14
0
    def _get_barbican_client(self, ctxt):
        """Creates a client to connect to the Barbican service.

        :param ctxt: the user context for authentication
        :return: a Barbican Client object
        :raises Forbidden: if the ctxt is None
        """

        if not self._barbican_client:
            # Confirm context is provided, if not raise forbidden
            if not ctxt:
                msg = _("User is not authorized to use key manager.")
                LOG.error(msg)
                raise exception.Forbidden(msg)

            try:
                _SESSION = session.Session.load_from_conf_options(
                    CONF, BARBICAN_OPT_GROUP)

                auth = ctxt.get_auth_plugin()
                service_type, service_name, interface = (
                    CONF.barbican.catalog_info.split(':'))
                region_name = CONF.barbican.os_region_name
                service_parameters = {
                    'service_type': service_type,
                    'service_name': service_name,
                    'interface': interface,
                    'region_name': region_name
                }

                if CONF.barbican.endpoint_template:
                    self._base_url = (CONF.barbican.endpoint_template %
                                      ctxt.to_dict())
                else:
                    self._base_url = _SESSION.get_endpoint(
                        auth, **service_parameters)

                # the barbican endpoint can't have the '/v1' on the end
                self._barbican_endpoint = self._base_url.rpartition('/')[0]

                sess = session.Session(auth=auth)
                self._barbican_client = barbican_client.Client(
                    session=sess, endpoint=self._barbican_endpoint)

            except Exception as e:
                with excutils.save_and_reraise_exception():
                    LOG.error(_LE("Error creating Barbican client: %s"), e)

        return self._barbican_client
Example #15
0
    def delete(self, context, managed_object_id):
        """Represents deleting the key.

        Because the ConfKeyManager has only one key, which is read from the
        configuration file, the key is not actually deleted when this is
        called.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id != self.key_id:
            raise exception.KeyManagerError(
                reason="cannot delete non-existent key")

        LOG.warning(_LW("Not deleting key %s"), managed_object_id)
Example #16
0
 def wrapper(self, ctx, *args, **kwargs):
     try:
         res = method(self, ctx, *args, **kwargs)
     except (cinder_exception.ConnectionError,
             keystone_exception.ConnectionError) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.CinderConnectionFailed(reason=err_msg))
     except (keystone_exception.BadRequest,
             cinder_exception.BadRequest) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.InvalidInput(reason=err_msg))
     except (keystone_exception.Forbidden,
             cinder_exception.Forbidden) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.Forbidden(err_msg))
     return res
Example #17
0
 def wrapper(self, ctx, *args, **kwargs):
     try:
         res = method(self, ctx, *args, **kwargs)
     except (cinder_exception.ConnectionError,
             keystone_exception.ConnectionError):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(
             exception.CinderConnectionFailed(
                 reason=six.text_type(exc_value)))
     except (keystone_exception.BadRequest, cinder_exception.BadRequest):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(exception.InvalidInput(reason=six.text_type(exc_value)))
     except (keystone_exception.Forbidden, cinder_exception.Forbidden):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(exception.Forbidden(six.text_type(exc_value)))
     return res
Example #18
0
    def delete_isolated_vdc_network(self, vdc_name, network_name):
        netref = self.get_isolated_network_href(vdc_name, network_name)
        if netref is None:
            return (True, None)
        response = requests.delete(
            netref,
            headers=self.vcloud_session.get_vcloud_headers(),
            verify=self.verify)

        if response.status_code == requests.codes.forbidden:
            raise exception.Forbidden("Delete_isolated_vdc_network error, " +
                                      "network_name:" + network_name)
        if response.status_code == requests.codes.accepted:
            task = taskType.parseString(response.content, True)
            return (True, task)
        else:
            return (False, response.content)
Example #19
0
    def test_detail_client_failure(self, is_avail_mock, trans_from_mock,
                                   ext_query_mock, reraise_mock):
        params = {}
        ext_query_mock.return_value = params
        raised = exception.Forbidden()
        client = mock.MagicMock()
        client.call.side_effect = glanceclient.exc.Forbidden
        ctx = mock.sentinel.ctx
        reraise_mock.side_effect = raised
        service = glance.GlanceImageService(client)

        with testtools.ExpectedException(exception.Forbidden):
            service.detail(ctx, **params)

        client.call.assert_called_once_with(ctx, 1, 'list')
        self.assertFalse(is_avail_mock.called)
        self.assertFalse(trans_from_mock.called)
        reraise_mock.assert_called_once_with()
Example #20
0
 def clone(self, image_location, dest_name, dest_pool=None):
     _fsid, pool, image, snapshot = self.parse_url(
             image_location['url'])
     LOG.debug('cloning %(pool)s/%(img)s@%(snap)s to '
               '%(dest_pool)s/%(dest_name)s',
               dict(pool=pool, img=image, snap=snapshot,
                    dest_pool=dest_pool, dest_name=dest_name))
     with RADOSClient(self, str(pool)) as src_client:
         with RADOSClient(self, dest_pool) as dest_client:
             try:
                 RbdProxy().clone(src_client.ioctx,
                                  image,
                                  snapshot,
                                  dest_client.ioctx,
                                  str(dest_name),
                                  features=src_client.features)
             except rbd.PermissionError:
                 raise exception.Forbidden(_('no write permission on '
                                             'storage pool %s') % dest_pool)
Example #21
0
 def get_vdc(self, vdc_name):
     if self.vcloud_session and self.vcloud_session.organization:
         refs = filter(
             lambda ref: ref.name == vdc_name and ref.type_ ==
             'application/vnd.vmware.vcloud.vdc+xml',
             self.vcloud_session.organization.Link)
         if len(refs) == 1:
             self.response = requests.get(
                 refs[0].href,
                 headers=self.vcloud_session.get_vcloud_headers(),
                 verify=self.verify)
             if self.response.status_code == requests.codes.ok:
                 # print self.response.content
                 return vdcType.parseString(self.response.content, True)
         elif response.status_code == requests.codes.forbidden:
             raise exception.Forbidden("Get_vdc forbidden, " + "vdc_name:" +
                                       vdc_name)
         else:
             raise exception.NovaException("Get_vdc error, " + "response:" +
                                           response)
Example #22
0
 def network_api_disassociate(self, context, instance, address):
     raise exception.Forbidden()
Example #23
0
 def index(self, req):
     raise exception.Forbidden()
Example #24
0
def require_context(ctxt):
    """Raise exception.Forbidden() if context is not a user or an
    admin context.
    """
    if not ctxt.is_admin and not is_user_context(ctxt):
        raise exception.Forbidden()
Example #25
0
def authorize_root_or_parent_project_context(context, project_id):
    """Ensures a request has permission to access root or parent project"""
    if not context.project_id:
        raise exception.Forbidden()
    elif context.project_id != project_id:
        raise exception.Forbidden()
Example #26
0
 def get_processed_exception(ec2_response_error_exc):
     if ec2_response_error_exc.error_code == "AuthFailure":
         return exception.Forbidden("Please check AWS credentials")
     if ec2_response_error_exc.error_code == "InvalidAMIID.NotFound":
         return exception.ImageNotFoundEC2("Invalid Image")
     return exception.NovaException(ec2_response_error_exc.message)