def _check_duplicated_group_name(group_name, env=None): ''' 检查应用组是否重名 :param group_name: :return: ''' if env: params = { 'WHERE_AND': { '=': { 'name': group_name, 'dc_type': env, 'isdeleted': '0', }, }, } else: params = { 'WHERE_AND': { '=': { 'name': group_name, 'isdeleted': '0', }, }, } group_num, group_data = group_s.GroupService().query_data(**params) if group_num > 0: return True return False
def users_in_group(group_id): ''' :return: 返回某个group下的所有用户信息 ''' checkexist = group_service.GroupService().get_group_info(group_id) if not checkexist: logging.info('no such group_id') return json_helper.format_api_resp(code=ErrorCode.NOT_EXIST_USER) params = { 'ORDER': [ ['id', 'desc'], ], 'PAGINATION': { 'page_size': request.values.get('page_size', 20), 'page_no': request.values.get('page_no', 1), } } total_nums, data = user_group_service.UserGroupService().get_alluser_group( group_id) resp = UsersGroup() resp.total = total_nums for i in data: _user_group_info = user_group_info.UserGroupInfo().user_group_info(i) resp.rows.append(_user_group_info) return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())
def check(group_id, user_id): if not user_id or not group_id: logging.info( 'no user_id or group_id or rold_id when add user to a group') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) group_info = group_s.GroupService().get_group_info(group_id) if not group_info[1]: logging.info('no such group_id %s when add user to a group', group_id) return json_helper.format_api_resp(code=ErrorCode.NOT_EXIST_USER) user_group = user_g_s.UserGroupService().query_user_role_group( user_id, group_id) if user_group[1]: logging.info( 'same user %s already in group %s when add user to a group', user_id, group_id) return json_helper.format_api_resp(code=ErrorCode.DUPLICATED_ERR, msg='用户已经存在于该组,请不要重复加入') params = { 'WHERE_AND': { '=': { 'group_id': group_id, } } } is_exist_role_group = access_service.AccessService().query_info(params) if not is_exist_role_group[1]: # 查询access表中是否存在这个role-group的对应关系,(不查area)没有就报错 logging.info('not such role_group_area mapping exist') return json_helper.format_api_resp(code=ErrorCode.NOT_EXIST_USER, msg="该组没有角色权限对应关系,不能添加新用户")
def v2v_esx_init_info(): resp = V2v_esx_InitInfoResp() # area层级信息 - 总部 area_ZB, area_DQ = v2v_esx_get_hostpool_info() resp.area_ZB = area_ZB resp.area_DQ = area_DQ # flavor信息 flavors_nums, flavors_data = flavor_service.FlavorService( ).get_all_flavors() for i in flavors_data: _flavor_info = flavor_init_info.FlavorInitInfo().init_from_db(i) resp.flavors.append(_flavor_info) #网段信息 segmentlist = init_segment() resp.segment = segmentlist # group信息 groups_params = { 'WHERE_AND': { '=': { 'isdeleted': '0' } }, } groups_nums, groups_data = group_service.GroupService().query_data( **groups_params) for i in groups_data: _group_info = group_info.GroupInitInfo().init_from_db_1(i) resp.groups.append(_group_info) return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())
def current_user_groups_by_userid(user_id): ''' 获取指定用户的所属应用组 :return: ''' groups_list = [] user_groups_num, user_groups_data = user_g_s.UserGroupService( ).get_allgroup_user(user_id) for _user_group in user_groups_data: _group_num, _group_data = group_s.GroupService().get_group_info( _user_group['group_id']) if _group_num > 0: groups_list.append(_group_data[0]) return groups_list
def init_group_info(group_id): ''' 用户编辑组时的初始化信息 :param group_id: :return: ''' resp = {} group_tuple = group_s.GroupService().get_group_info(group_id) group_dict = group_tuple[1][0] area_list = group_area_info(group_id) # role_info = access_service.AccessService().get_one('group_id', group_id) # role_id = role_info['role_id'] num, role_info = user_g_s.UserGroupService().get_user_role( group_dict['owner'], group_id) if num <= 0: role_id = None else: role_id = role_info[0]['role_id'] used_area = [] result_dict = { 'vm': group_dict['vm'], 'disk': group_dict['disk'], 'cpu': group_dict['cpu'], 'mem': group_dict['mem'], 'owner': group_dict['owner'], 'role_id': role_id, 'name': group_dict['name'], 'area_list': area_list, 'p_cluster_id': group_dict['p_cluster_id'] } used_area.append(result_dict) # used_area = group_init_info.GroupInitInfo().init_group_info(result_dict) resp['used_area'] = used_area ret_init = area.get_area_info() for i in ret_init: if i["parent_id"] == -1: i["parent_id"] = i["id"] i["parent_name"] = i["name"] i["name"] = None i["id"] = None all_area = [] for i in ret_init: all_area = [] resp['all_area'] = ret_init return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp)
def current_user_groups(): ''' 获取当前用户的所属应用组 :return: ''' c_user = get_user() c_user_id = c_user['user_id'] if not c_user_id: return None groups_list = [] user_groups_num, user_groups_data = user_g_s.UserGroupService( ).get_allgroup_user(c_user_id) for _user_group in user_groups_data: _group_num, _group_data = group_s.GroupService().get_group_info( _user_group['group_id']) if _group_num > 0: groups_list.append(_group_data[0]) return groups_list
def delete_user_group(): ''' 将组中的某个用户删除 ''' user_id = request.values.get('user_id') group_id = request.values.get('group_id') if not user_id or not group_id: logging.info('no user_id or group_id when delete user from a group') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) user_group_num, user_group_data = user_g_s.UserGroupService( ).query_user_role_group(user_id, group_id) if user_group_num < 0: logging.info( 'no such user %s in group %s when delete user from a group', user_id, group_id) return json_helper.format_api_resp(code=ErrorCode.NOT_EXIST_USER) groups_num, groups_data = group_s.GroupService().get_group_info(group_id) if groups_num < 0: logging.error('no group %s info in db when delete user from a group', group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) # 不能删除组所有者 if groups_data[0]['owner'] == user_id: logging.warn( 'not allow delete group %s owner %s when delete user from a group', group_id, user_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='不能删除组的所有者!') ret = user_g_s.delete_user(user_id, group_id) if ret <= 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) return json_helper.format_api_resp(code=ErrorCode.SUCCESS)
def check_group_quota(group_id, flavor_info, data_disk_gb, vm_count): ''' 判断应用组配额是否足够 :param group_id: :param flavor_info: :param data_disk_gb: :param vm_count: :return: ''' quota_used = group_s.get_group_quota_used(group_id) if not quota_used: logging.error('group %s has no quota used info when check group quota', group_id) return False, '没有该应用组配额使用情况,无法创建实例' group_num, group_info = group_s.GroupService().get_group_info(group_id) if group_num < 1: logging.error('no group %s info when check group quota', group_id) return False, '该应用组信息不存在,无法创建实例,请联系系统组处理' all_cpu_g = group_info[0]['cpu'] all_mem_gb_g = group_info[0]['mem'] all_disk_gb_g = group_info[0]['disk'] all_vm_g = group_info[0]['vm'] used_cpu_g = quota_used['all_vcpu'] used_mem_mb_g = quota_used['all_mem_mb'] used_disk_gb_g = quota_used['all_disk_gb'] used_vm_g = quota_used['instance_num'] cpu = flavor_info['vcpu'] mem_mb = flavor_info['memory_mb'] root_disk_gb = flavor_info['root_disk_gb'] if int(used_vm_g) + int(vm_count) > int(all_vm_g): logging.error('group %s: vm used %s + apply count %s > all num %s', group_id, used_vm_g, vm_count, all_vm_g) return False, '应用组VM配额已不够,无法创建实例,请联系系统组处理' if int(used_cpu_g) + int(cpu) * int(vm_count) > int(all_cpu_g): logging.error( 'group %s: cpu used %s + flavor cpu %s * num %s > all cpu %s', group_id, used_cpu_g, cpu, vm_count, all_cpu_g) return False, '应用组CPU配额已不够,无法创建实例,请联系系统组处理' all_mem_mb_g = int(all_mem_gb_g) * 1024 if int(used_mem_mb_g) + int(mem_mb) * int(vm_count) > all_mem_mb_g: logging.error( 'group %s: mem used %s + flavor mem %s * num %s > all mem %s', group_id, used_mem_mb_g, mem_mb, vm_count, all_mem_mb_g) return False, '应用组MEM配额已不够,无法创建实例,请联系系统组处理' if int(used_disk_gb_g) + (int(root_disk_gb) + int(data_disk_gb) ) * int(vm_count) > int(all_disk_gb_g): logging.error( 'group %s: disk used %s + (flavor disk %s + data disk %s) * num %s > all disk %s', group_id, used_disk_gb_g, root_disk_gb, data_disk_gb, vm_count, all_disk_gb_g) return False, '应用组DISK配额已不够,无法创建实例,请联系系统组处理' return True, None
def _check_change_group_quota(n_group_id, n_flavor, c_flavor,extend_list=None): ''' 检查修改新应用组后的配额是否足够 :param n_group_id: :param n_flavor: :param c_flavor: :return: ''' quota_used = group_s.get_group_quota_used(n_group_id) if not quota_used: logging.error('group %s has no quota used info when check change group quota', n_group_id) return False group_num, group_data = group_s.GroupService().get_group_info(n_group_id) if group_num < 1: logging.error('no group %s info when check change group quota', n_group_id) return False # 新应用组的总配额情况 all_cpu_g = group_data[0]['cpu'] all_mem_gb_g = group_data[0]['mem'] all_vm_g = group_data[0]['vm'] all_disk_g = group_data[0]['disk'] # 新应用组的配额使用情况 used_cpu_g = quota_used['all_vcpu'] used_mem_mb_g = quota_used['all_mem_mb'] used_vm_g = quota_used['instance_num'] used_disk_g = quota_used['all_disk_gb'] # 新配额信息 n_cpu = n_flavor['vcpu'] n_mem_mb = n_flavor['memory_mb'] # 旧配额信息 c_cpu = c_flavor['vcpu'] c_mem_mb = c_flavor['memory_mb'] if int(used_vm_g) + 1 > int(all_vm_g): logging.error('group %s: vm used %s + 1 > all num %s', n_group_id, used_vm_g, all_vm_g) return False, '新应用组的实例数目配额不足,无法修改应用组' if int(used_cpu_g) - int(c_cpu) + int(n_cpu) > int(all_cpu_g): logging.error('group %s: cpu used %s - old cpu %s + new cpu %s > all cpu %s', n_group_id, used_cpu_g, c_cpu, n_cpu, all_cpu_g) return False, '新应用组的CPU配额不足,无法修改应用组' all_mem_mb_g = int(all_mem_gb_g) * 1024 if int(used_mem_mb_g) - int(c_mem_mb) + int(n_mem_mb) > all_mem_mb_g: logging.error('group %s: mem used %s - old mem %s + new mem %s > all mem %s', n_group_id, used_mem_mb_g, c_mem_mb, n_mem_mb, all_mem_mb_g) return False, '新应用组的内存配额不足,无法修改应用组' if extend_list: sum_extend_size = sum([int(i['mount_extend_size']) for i in extend_list]) else: sum_extend_size = 0 if int(used_disk_g) + sum_extend_size > int(all_disk_g): logging.error('group %s: disk used %s + extend_size %s > all disk_size %s', used_disk_g, sum_extend_size, all_disk_g) return False, '新应用组的磁盘空间配额不足,无法修改应用组' return True, None
def configure_init(instance_id): ''' 修改配置时获取初始数据 :param instance_id: :return: ''' if not instance_id: logging.info('no instance id when get configure info') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR, msg="参数错误") resp = ConfigureInitInfoResp() ins_data = ins_s.InstanceService().get_instance_info(instance_id) host_ip = ins_s.get_hostip_of_instance(instance_id) if not ins_data or not host_ip: logging.info('instance %s data is no exist in db when get configure info', instance_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) resp.c_instance_name = ins_data['name'] resp.c_app_info = ins_data['app_info'] resp.c_owner = ins_data['owner'] ins_status = ins_data['status'] if ins_status != VMStatus.STARTUP and ins_status != VMStatus.SHUTDOWN: logging.error('instance status %s is invalid when get instance configure init info', ins_status) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='只能在开机或关机状态下修改配置') if ins_data['create_source'] == '0': ins_images_data = ins_s.get_images_of_instance(instance_id) if ins_images_data: resp.c_system = ins_images_data[0]['system'] else: ins_images_data = v2v_ins_s.V2VInstanceService().get_v2v_instance_info(instance_id) if ins_images_data: resp.c_system = ins_images_data['os_type'] """ ins_disks_data = ins_s.get_disks_of_instance(instance_id) if not ins_disks_data: logging.error('instance %s has no disk info when change instance configure', instance_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) # 关机状态、windows系统都不能修改数据盘 if ins_status != VMStatus.SHUTDOWN and resp.c_system == 'linux': for _disk in ins_disks_data: _disk_info = { 'size_gb': _disk['size_gb'], 'mount_point': _disk['mount_point'] } resp.c_disk_gb_list.append(_disk_info) """ ins_flavor_data = ins_s.get_flavor_of_instance(instance_id) if not ins_flavor_data: logging.error('instance %s has no flavor info when change instance configure', instance_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) resp.c_flavor_id = ins_flavor_data['flavor_id'] # flavor信息 flavors_nums, flavors_data = fla_s.FlavorService().get_all_flavors() for _flavor in flavors_data: # 系统盘容量不能修改 if _flavor['root_disk_gb'] == ins_flavor_data['root_disk_gb']: # 开机状态不能修改内存 if ins_status == VMStatus.STARTUP: if _flavor['memory_mb'] == ins_flavor_data['memory_mb']: _flavor_info = flavor_init_info.FlavorInitInfo().init_from_db(_flavor) resp.flavors.append(_flavor_info) else: _flavor_info = flavor_init_info.FlavorInitInfo().init_from_db(_flavor) resp.flavors.append(_flavor_info) ins_group_data = ins_s.get_group_of_instance(instance_id) if ins_group_data: resp.c_group_id = ins_group_data['group_id'] # user_group_ids_list = current_user_group_ids() # # 超级管理员组 # if 1 in user_group_ids_list: # is_super_group = True # else: # is_super_group = False # group信息 user_groups = current_user_groups() user_group_ids_list = [] is_super_group = False for _groups in user_groups: user_group_ids_list.append(_groups['id']) # 超级管理员组 if _groups['name'] == "supergroup": is_super_group = True # group信息 groups_params = { 'WHERE_AND': { '=': { 'dc_type': ins_group_data['dc_type'], 'isdeleted': '0' } }, } groups_nums, groups_data = group_s.GroupService().query_data(**groups_params) for _group in groups_data: # 管理员组的成员可以显示所有组,而非管理员组的只显示当前用户所在应用组 if not is_super_group and _group['id'] not in user_group_ids_list: continue _group_info = { 'group_id': _group['id'], 'group_name': _group['name'] } resp.groups.append(_group_info) # 连接libvirtd查询虚拟机网卡状态信息 _net_online = [] _net_offline = [] _libvirt_net_ret, _libvirt_net_info = vmManager.libvirt_get_netcard_state(host_ip, ins_data['name']) if _libvirt_net_ret != 0: _nic_status = False else: _nic_status = True for _p_libvirt_net_info in _libvirt_net_info: if _p_libvirt_net_info['state'] == NetCardStatus.UP: _net_online.append(_p_libvirt_net_info['mac']) else: _net_offline.append(_p_libvirt_net_info['mac']) # 虚拟机网卡信息返回前端 _db_net_card_data = ins_s.get_net_info_of_instance(instance_id) if _db_net_card_data: for _p_db_net_card_data in _db_net_card_data: if not _nic_status: _p_ins_nic_status = '' else: if _p_db_net_card_data['mac'] in _net_online: _p_ins_nic_status = '1' elif _p_db_net_card_data['mac'] in _net_offline: _p_ins_nic_status = '0' else: _p_ins_nic_status = '2' if not _p_db_net_card_data['segment_type']: _ip_type = '-1' else: _ip_type = _p_db_net_card_data['segment_type'] _i_net_info = { 'ip_addr': _p_db_net_card_data['ip_address'], 'vlan': _p_db_net_card_data['vlan'], 'mac_addr': _p_db_net_card_data['mac'], 'nic_status': _p_ins_nic_status, 'ip_type': _ip_type, 'nic_type': _p_db_net_card_data['nic_type'] } resp.c_net.append(_i_net_info) # 获取虚拟机所在网络区域下所有ip信息 resp.c_ips = [] ins_netarea_info = ins_s.get_netarea_of_instance(instance_id) ins_datacenter_info = ins_s.get_datacenter_of_instance(instance_id) if ins_datacenter_info and ins_datacenter_info['dc_type']: if ins_netarea_info and ins_netarea_info['id']: ip_segment_num, ip_segment_datas = ip_segment_s().get_segment_datas_in_net_area(ins_netarea_info['id']) if ip_segment_num > 0: # 获取可用ip ips_available = ip_service.get_all_available_ips(ip_segment_datas, ins_datacenter_info['dc_type']) if len(ips_available) > 0: ip_list = [] for ip_info in ips_available: ip_params = { "value": ip_info['ip_address'], "vlan": ip_info['vlan'], "ip_type": ip_info['ip_type'] } ip_list.append(ip_params) resp.c_ips = ip_list return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())
def v2v_op_init_info(): resp = V2v_0p_InitInfoResp() # area层级信息 - 总部 area_data = hostpool_service.get_level_info_hostpool_cs() for i in area_data: if not _filter_least_host_num(i['hostpool_id'], i['least_host_num']): continue resp.area.append(i) # flavor信息 flavors_nums, flavors_data = flavor_service.FlavorService( ).get_all_flavors() for i in flavors_data: _flavor_info = flavor_init_info.FlavorInitInfo().init_from_db(i) resp.flavors.append(_flavor_info) # segment信息 resp.segment = [] # {"env": "SIT", "seg": "10.202.26.0"}, # {"env": "SIT", "seg": "10.202.34.0"}, # {"env": "SIT", "seg": "10.202.50.0"}, # {"env": "SIT", "seg": "10.202.32.0"}, # {"env": "SIT", "seg": "10.202.84.0"}, # {"env": "SIT", "seg": "10.202.86.0"}, # {"env": "SIT", "seg": "10.202.42.0"}, # {"env": "SIT", "seg": "10.202.24.0"}, # {"env": "SIT", "seg": "10.202.44.0"}, # {"env": "SIT", "seg": "10.202.91.0"}, # {"env": "SIT", "seg": "10.202.16.0"}, # {"env": "SIT", "seg": "10.202.40.0"}, # {"env": "SIT", "seg": "10.202.98.0"}, # {"env": "SIT", "seg": "10.202.54.0"}, # {"env": "SIT", "seg": "10.202.38.0"}, # {"env": "SIT", "seg": "10.202.90.0"}, # {"env": "SIT", "seg": "10.202.52.0"}, # {"env": "SIT", "seg": "10.202.36.0"}, # {"env": "SIT", "seg": "10.202.94.0"}, # {"env": "SIT", "seg": "10.202.99.0"}, # {"env": "DEV", "seg": "10.202.10.0"}, # {"env": "DEV", "seg": "10.202.11.0"}, # {"env": "DEV", "seg": "10.202.12.0"}, # {"env": "DEV", "seg": "10.202.125.0"}, # {"env": "DEV", "seg": "10.202.23.0"}, # {"env": "DEV", "seg": "10.202.13.0"}, # {"env": "DEV", "seg": "10.202.14.0"}, # {"env": "DEV", "seg": "10.202.15.0"}, # {"env": "DEV", "seg": "10.202.4.0"}, # {"env": "DEV", "seg": "10.202.5.0"}, # {"env": "DEV", "seg": "10.202.6.0"}, # {"env": "DEV", "seg": "10.202.7.0"}, # {"env": "DEV", "seg": "10.202.8.0"}, # {"env": "DEV", "seg": "10.202.9.0"} # ] # group信息 groups_params = { 'WHERE_AND': { '=': { 'isdeleted': '0' } }, } groups_nums, groups_data = group_service.GroupService().query_data( **groups_params) for i in groups_data: _group_info = group_info.GroupInitInfo().init_from_db_1(i) resp.groups.append(_group_info) return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())
def delete_group(group_id): ''' 删除用户组的流程:查询instance_group表,如果group在表中,就在tb_group表中将group的isdeleted改为1, 然后在user_group表中删除所有group_id的行,在access表中删除group信息 如果group不在instance_group表中,则直接删除group ''' def _check_ins_exist_in_group(group_id): ''' 检查组下是否有VM :param group_id: :return: ''' instances = ins_s.get_instances_in_group(group_id) if len(instances) > 0: return True return False if not group_id: logging.info('no group_id when delete group') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) group_num, group_data = group_s.GroupService().get_group_info(group_id) if group_num <= 0: logging.error('no group %s info in db when delete group', group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) # 只能超级管理员组成员和组所有者才能删除,超级管理员组ID为1 user_group_ids = current_user_group_ids() if group_data[0]['owner'] != get_user( )['user_id'] and 1 not in user_group_ids: logging.error( 'only allow super group member or group owner %s to delete group %s', group_data[0]['owner'], group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='您没有权限删除该应用组!') # 该应用组下没有VM才能删除 if _check_ins_exist_in_group(group_id): logging.error( 'no allow delete group %s which has vms when delete group', group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='该应用组分配有虚拟机,不能删除该组!') # 删除access中所有group_id的数据,然后插入前端提交的数据 delete_access = access.delete_access_info(group_id) if delete_access < 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) rest = ins_g_s.InstanceGroupService().query_data( where_field="group_id", where_field_value=group_id) # 如果instance_group表中没有group_id,就直接在group表中删除它 if not rest: group.delete_group(group_id) else: update_data = {'isdeleted': '1', 'deleted_at': get_datetime_str()} where_data = { 'id': group_id, } ret = group_s.update_group_info(update_data, where_data) if ret < 0: logging.error("update group error, update_data:%s, where_data:%s", str(update_data), str(where_data)) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) # 不管group在不在Instance_group表中,都删除它下面的所有用户 delete_users = user_g_s.delete_users_in_group(group_id) if delete_users < 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) return json_helper.format_api_resp(code=ErrorCode.SUCCESS)
def add_group(): name = request.values.get('name') owner = request.values.get('owner') cpu = request.values.get('cpu') mem = request.values.get('mem') disk = request.values.get('disk') vm = request.values.get('vm') env = request.values.get('dc_type') role_id = request.values.get('role_id') area_str = request.values.get('area_str') p_cluster_id = request.values.get('p_cluster_id') if not name or not owner or not area_str or not str(env): logging.info('no name or owner or area_str or env when add group') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) role_exist = role_service.RoleService().query_role('id', role_id) if not role_exist: logging.info('no such role %s when add group', role_id) return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) # 应用组名不能重复 if _check_duplicated_group_name(name, str(env)): logging.error('duplicated group name %s when add group', name) return json_helper.format_api_resp(code=ErrorCode.DUPLICATED_ERR, msg="应用组名不能重复,请更改应用组名!") params_u = { 'WHERE_AND': { '=': { 'userid': owner, 'isdeleted': '0', }, }, } user_num, user_data = user_s.UserService().query_data(**params_u) if user_num <= 0: username = '' # 用户不存在,新增 user_data = { 'userid': owner, 'username': username, 'status': '0', 'created_at': get_datetime_str() } user_ret = user_s.UserService().add_user(user_data) # 记录安全日志 field_data = {'User_name': owner or None, 'Oper_type': 'add'} if user_ret.get('row_num') > 0: field_data.update({'Oper_result': '1 Success'}) CloudLogger.audit(AuditType.USERMGR, field_data) else: field_data.update({ 'Oper_result': '0 Fail', 'fail_reason': 'insert new user info to db fail' }) CloudLogger.audit(AuditType.USERMGR, field_data) return False, 'add new user info to db fail' # logging.error('no user %s info when add group', owner) # return json_helper.format_api_resp(code=ErrorCode.NOT_EXIST_USER, msg='不存在该用户,请检查用户ID') else: username = user_data[0]['username'] insert_data = { 'name': name, 'displayname': name, 'isdeleted': '0', 'owner': owner, 'cpu': cpu, 'mem': mem, 'disk': disk, 'vm': vm, 'dc_type': str(env), 'p_cluster_id': p_cluster_id, 'created_at': get_datetime_str() } ret = group_s.GroupService().add_group_info(insert_data) if ret.get('row_num') <= 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) group_id = ret.get('last_id') ret_result = access_service.add_access_list(int(group_id), int(role_id), str(area_str)) if ret_result.get('row_num') <= 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) user_group_data = { 'user_id': owner, 'user_name': username, 'group_id': group_id, 'group_name': name, 'role_id': role_id, 'status': '0', 'created_at': get_datetime_str(), 'expire_at': get_datetime_str(), # todo } ret_u_g = user_g_s.UserGroupService().add_user_group(user_group_data) if ret_u_g.get('row_num') <= 0: logging.error( 'add user group info error when add group, insert_data:%s', user_group_data) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) return json_helper.format_api_resp(code=ErrorCode.SUCCESS)
def update_group(group_id): ''' 修改应用组信息 :param group_id: :return: ''' name_n = request.values.get('name') owner_n = request.values.get('owner') cpu_n = request.values.get('cpu') mem_n = request.values.get('mem') disk_n = request.values.get('disk') vm_n = request.values.get('vm') area_str_n = request.values.get('area_str') role_id_c = request.values.get('role_id') p_cluster_id = request.values.get('p_cluster_id') if not cpu_n or not mem_n or not disk_n or not vm_n or not area_str_n or not role_id_c: logging.info('param is invalid when update group') return json_helper.format_api_resp(code=ErrorCode.PARAM_ERR) group_num_c, group_data_c = group_s.GroupService().get_group_info(group_id) if group_num_c <= 0: logging.error('no group %s info when update group', group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) update_data = { 'cpu': cpu_n, 'mem': mem_n, 'disk': disk_n, 'vm': vm_n, 'updated_at': get_datetime_str() } # 只能超级管理员组成员和组所有者才能修改组名和所有者,超级管理员组ID为1 user_group_ids = current_user_group_ids() if group_data_c[0]['owner'] != get_user( )['user_id'] and 1 not in user_group_ids: if name_n or owner_n: logging.error( 'only allow super group member or group owner %s to update group %s name or owner', group_data_c[0]['owner'], group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='您没有权限修改该应用组的组名和所有者!') if name_n: if group_data_c[0]['name'] != name_n and _check_duplicated_group_name( name_n): logging.error('duplicated group name %s when update group', name_n) return json_helper.format_api_resp(code=ErrorCode.DUPLICATED_ERR, msg="应用组名不能重复,请更改应用组名!") update_data['name'] = name_n if owner_n: # 新所有者一定要在该应用组里 group_user_num, group_user_data = user_g_s.UserGroupService( ).get_alluser_group(group_id) in_group_flag = False for _group in group_user_data: if _group['user_id'] == owner_n: in_group_flag = True break if not in_group_flag: logging.error( 'new owner %s must exist in group %s when update group', owner_n, group_id) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR, msg='应用组新所有者必须属于该组,请先添加入组!') update_data['owner'] = owner_n if p_cluster_id: update_data['p_cluster_id'] = p_cluster_id where_data = { 'id': group_id, } ret = group_s.update_group_info(update_data, where_data) if ret < 0: logging.error("update group error, update_data:%s, where_data:%s", str(update_data), str(where_data)) return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) # 删除access中所有group_id的数据,然后插入前端提交的数据 delete_access = access.delete_access_info(group_id) if delete_access < 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) ret_result = access_service.add_access_list(int(group_id), int(role_id_c), str(area_str_n)) if ret_result < 0: return json_helper.format_api_resp(code=ErrorCode.SYS_ERR) return json_helper.format_api_resp(code=ErrorCode.SUCCESS)
def instance_init_info(): def _filter_least_host_num(hostpool_id, least_host_num): ''' 过滤掉不满足最少host数的集群 :param hostpool_id: :param least_host_num: :return: ''' # 获取主机列表 all_hosts_nums, all_hosts_data = host_s.HostService().get_hosts_of_hostpool(hostpool_id) if all_hosts_nums < least_host_num or all_hosts_nums < 1: logging.info('filter hostpool %s that has no least host nums %s when get create init info', hostpool_id, least_host_num) return False return True def _filter_no_segment_info(hostpool_id): ''' 过滤掉没有网段信息的集群 :param hostpool_id: :return: ''' segments_list = hostpool_service.get_segment_info(hostpool_id) if not segments_list: logging.error('filter hostpool %s that has no segment info when get create init info', hostpool_id) return False return True resp = InstanceInitInfoResp() user_all_area_ids = current_user_all_area_ids() # area层级信息 - 总部 area_zb_data = hostpool_service.get_level_info_hostpool_zb() for i in area_zb_data: # 不显示不满足最少host数的集群 if not _filter_least_host_num(i['hostpool_id'], i['least_host_num']): continue # 不显示没有网段信息的集群 if not _filter_no_segment_info(i['hostpool_id']): continue # 只显示当前用户所属的区域 if user_all_area_ids and i['area_id'] not in user_all_area_ids: continue resp.area_ZB.append(i) # area层级信息 - 地区 area_dq_data = hostpool_service.get_level_info_hostpool_dq() for i in area_dq_data: # 不显示不满足最少host数的集群 if not _filter_least_host_num(i['hostpool_id'], i['least_host_num']): continue # 不显示没有网段信息的集群 if not _filter_no_segment_info(i['hostpool_id']): continue # 只显示当前用户所属的区域 if user_all_area_ids and i['area_id'] not in user_all_area_ids: continue _area_dq_info = area_dq_init_info.AreaDQInitInfo().init_from_db(i) # 表示有父区域 if i['parent_id']: _parent_info = area_service.AreaService().get_area_info(i['parent_id']) if _parent_info: _area_dq_info.area_name = _parent_info['displayname'] _area_dq_info.child_area_name = i['area_name'] else: # 有父区域ID但没有相应信息,则当做没有父区域 _area_dq_info.area_name = i['area_name'] else: _area_dq_info.area_name = i['area_name'] resp.area_DQ.append(_area_dq_info) # flavor信息 flavors_nums, flavors_data = flavor_service.FlavorService().get_all_flavors() for i in flavors_data: _flavor_info = flavor_init_info.FlavorInitInfo().init_from_db(i) resp.flavors.append(_flavor_info) # image信息 - windows images_windows_nums, images_windows_data = image_service.ImageService().get_all_images('windows') for i in images_windows_data: _image_windows_info = image_init_info.ImageInitInfo().init_from_db(i) resp.images_windows.append(_image_windows_info) # image信息 - linux images_linux_nums, images_linux_data = image_service.ImageService().get_all_images('linux') for i in images_linux_data: _image_linux_info = image_init_info.ImageInitInfo().init_from_db(i) resp.images_linux.append(_image_linux_info) # group信息 user_groups = current_user_groups() user_group_ids_list = [] is_super_group = False for _groups in user_groups: user_group_ids_list.append(_groups['id']) # 超级管理员组 if _groups['name'] == "supergroup": is_super_group = True groups_params = { 'WHERE_AND': { '=': { 'isdeleted': '0' } }, } groups_nums, groups_data = group_service.GroupService().query_data(**groups_params) for i in groups_data: # 管理员组的成员可以显示所有组,而非管理员组的只显示当前用户所在应用组 if not is_super_group and i['id'] not in user_group_ids_list: continue _group_info = group_info.GroupInitInfo().init_from_db_1(i) resp.groups.append(_group_info) return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())
def _user_group_check(env, sys_code, sys_opr_name, sys_opr_id, cluster_id): # 检查应用系统管理员用户是否存在,不存在则新增 user = user_s.UserService().get_user_info_by_user_id(sys_opr_id) if not user: # 用户不存在,新增,并将用户锁定,待后续开放用户运维在解锁 user_data = { 'userid': sys_opr_id, 'username': sys_opr_name, 'status': '1', 'created_at': get_datetime_str() } user_ret = user_s.UserService().add_user(user_data) # 记录安全日志 field_data = {'User_name': sys_opr_name or None, 'Oper_type': 'add'} if user_ret.get('row_num') > 0: field_data.update({'Oper_result': '1 Success'}) CloudLogger.audit(AuditType.USERMGR, field_data) else: field_data.update({ 'Oper_result': '0 Fail', 'fail_reason': 'insert new user info to db fail' }) CloudLogger.audit(AuditType.USERMGR, field_data) return False, 'add new user info to db fail' # 检查应用组是否存在,不存在新建 group = group_s.get_group_info_by_name_and_env(sys_code, env) if not group: group_data = { 'name': sys_code, 'displayname': sys_code, 'isdeleted': '0', 'dc_type': env, 'owner': sys_opr_id, 'cpu': 20000, 'mem': 40000, 'disk': 1000000, 'vm': 5000, 'p_cluster_id': cluster_id, 'created_at': get_datetime_str() } group_ret = group_s.GroupService().add_group_info(group_data) if group_ret.get('row_num') <= 0: return False, 'add group info to db fail' group_id = group_ret.get('last_id') role_id = 2 area_zb_ret = area_s.AreaService().get_area_zb_info() if not area_zb_ret: return False, 'get zongbu area id fail' area_zb_id = area_zb_ret['id'] ret_result = access_service.add_access_list(int(group_id), int(role_id), str(area_zb_id)) if ret_result.get('row_num') <= 0: return False, 'add access info to db fail' user_group_data = { 'user_id': sys_opr_id, 'user_name': sys_opr_name, 'group_id': group_id, 'group_name': sys_code, 'role_id': role_id, 'status': '0', 'created_at': get_datetime_str(), 'expire_at': get_datetime_str(), # todo } ret_u_g = user_g_s.UserGroupService().add_user_group(user_group_data) if ret_u_g.get('row_num') <= 0: logging.error( 'add user group info error when add group, insert_data:%s', user_group_data) return False, 'add user group info to db fail' else: # 获取应用组对应用户信息 role_id = 2 opr_is_exist = False group_id = group['id'] ret_num, ret_query_g_u = user_g_s.UserGroupService().get_alluser_group( group_id) for one_ret_query_g_u in ret_query_g_u: if one_ret_query_g_u['user_id'] == sys_opr_id: opr_is_exist = True if not opr_is_exist: # 将用户加入应用组中 user_group_data = { 'user_id': sys_opr_id, 'user_name': sys_opr_name, 'group_id': group_id, 'group_name': sys_code, 'role_id': role_id, 'status': '0', 'created_at': get_datetime_str(), 'expire_at': get_datetime_str(), # todo } ret_u_g = user_g_s.UserGroupService().add_user_group( user_group_data) if ret_u_g.get('row_num') <= 0: logging.error( 'add user group info error when add group, insert_data:%s', user_group_data) return False, 'add user group info to db fail' # 修改应用组owner update_data = {'owner': sys_opr_id} where_data = { 'id': group_id, } ret_change_owner = group_s.update_group_info( update_data, where_data) if ret_change_owner < 0: logging.error( "update group error, update_data:%s, where_data:%s", str(update_data), str(where_data)) return False, 'update group owner to db fail' return True, group_id
def kvm_common_info(): def _filter_least_host_num(hostpool_id, least_host_num): ''' 过滤掉不满足最少host数的集群 :param hostpool_id: :param least_host_num: :return: ''' # 获取主机列表 all_hosts_nums, all_hosts_data = host_s.HostService( ).get_hosts_of_hostpool(hostpool_id) if all_hosts_nums < least_host_num or all_hosts_nums < 1: logging.info( 'filter hostpool %s that has no least host nums %s when get create init info', hostpool_id, least_host_num) return False return True def _filter_no_segment_info(hostpool_id): ''' 过滤掉没有网段信息的集群 :param hostpool_id: :return: ''' segments_list = hostpool_service.get_segment_info(hostpool_id) if not segments_list: logging.error( 'filter hostpool %s that has no segment info when get create init info', hostpool_id) return False return True data_from_api = request.data data_requset = json_helper.loads(data_from_api) user_id = data_requset['userId'] resp = KvmInfoResp() user_all_area_ids = user_s.user_all_area_ids_by_userid(user_id) # area层级信息 - 总部 area_zb_data = hostpool_service.get_level_info_hostpool_zb() for i in area_zb_data: # 不显示不满足最少host数的集群 if not _filter_least_host_num(i['hostpool_id'], i['least_host_num']): continue # 不显示没有负载均衡网络的区域 if "LoadBalance" not in i['net_area_name']: continue # 不显示没有网段信息的集群 if not _filter_no_segment_info(i['hostpool_id']): continue # 只显示当前用户所属的区域 if user_all_area_ids and i['area_id'] not in user_all_area_ids: continue resp.area_ZB.append(i) # area层级信息 - 地区 area_dq_data = hostpool_service.get_level_info_hostpool_dq() for i in area_dq_data: # 不显示不满足最少host数的集群 if not _filter_least_host_num(i['hostpool_id'], i['least_host_num']): continue # 不显示没有负载均衡网络的区域 if "LoadBalance" not in i['net_area_name']: continue # 不显示没有网段信息的集群 if not _filter_no_segment_info(i['hostpool_id']): continue # 只显示当前用户所属的区域 if user_all_area_ids and i['area_id'] not in user_all_area_ids: continue _area_dq_info = area_dq_init_info.AreaDQInitInfo().init_from_db(i) # 表示有父区域 if i['parent_id']: _parent_info = area_service.AreaService().get_area_info( i['parent_id']) if _parent_info: _area_dq_info.area_name = _parent_info['displayname'] _area_dq_info.child_area_name = i['area_name'] else: # 有父区域ID但没有相应信息,则当做没有父区域 _area_dq_info.area_name = i['area_name'] else: _area_dq_info.area_name = i['area_name'] resp.area_DQ.append(_area_dq_info) # group信息 user_groups = user_s.current_user_groups_by_userid(user_id) user_group_ids_list = [] is_middleware_admin_group = False for _groups in user_groups: user_group_ids_list.append(_groups['id']) # 中间件管理员组,这里后期要注意,如果中间件管理员组id不为2,则识别不出用户是否是中间件管理员组 if _groups['id'] == 2: is_middleware_admin_group = True groups_params = { 'WHERE_AND': { '=': { 'isdeleted': '0' } }, } groups_nums, groups_data = group_service.GroupService().query_data( **groups_params) for i in groups_data: # 中间件管理员组可以显示所有组,而非管理员组的只显示当前用户所在应用组 if not is_middleware_admin_group and i['id'] not in user_group_ids_list: continue _group_info = group_info.GroupInitInfo().init_from_db_1(i) resp.groups.append(_group_info) return json_helper.format_api_resp(code=ErrorCode.SUCCESS, data=resp.to_json())