def handle(self, request, data): def find_or_create_access_keys(request, tenant_id): keys = api.keystone.list_ec2_credentials(request, request.user.id) for key in keys: if key.tenant_id == tenant_id: return key return api.keystone.create_ec2_credentials(request, request.user.id, tenant_id) try: # NOTE(jakedahn): Keystone errors unless we specifically scope # the token to tenant before making the call. api.keystone.token_create_scoped(request, data.get('tenant'), request.user.token.id) credentials = api.nova.get_x509_credentials(request) cacert = api.nova.get_x509_root_certificate(request) keys = find_or_create_access_keys(request, data.get('tenant')) context = { 'ec2_access_key': keys.access, 'ec2_secret_key': keys.secret, 'ec2_endpoint': api.url_for(request, 'ec2', endpoint_type='publicURL') } try: s3_endpoint = api.url_for(request, 's3', endpoint_type='publicURL') except exceptions.ServiceCatalogException: s3_endpoint = None context['s3_endpoint'] = s3_endpoint except: exceptions.handle(request, _('Unable to fetch EC2 credentials.'), redirect=request.build_absolute_uri()) try: temp_zip = tempfile.NamedTemporaryFile(delete=True) with closing(zipfile.ZipFile(temp_zip.name, mode='w')) as archive: archive.writestr('pk.pem', credentials.private_key) archive.writestr('cert.pem', credentials.data) archive.writestr('cacert.pem', cacert.data) archive.writestr( 'ec2rc.sh', render_to_string('settings/ec2/ec2rc.sh.template', context)) except: exceptions.handle(request, _('Error writing zipfile: %(exc)s'), redirect=request.build_absolute_uri()) response = http.HttpResponse(mimetype='application/zip') response.write(temp_zip.read()) response['Content-Disposition'] = 'attachment; \ filename=%s-x509.zip' \ % data.get('tenant') response['Content-Length'] = temp_zip.tell() return response
def handle(self, request, data): def find_or_create_access_keys(request, tenant_id): keys = api.keystone.list_ec2_credentials(request, request.user.id) if keys: return keys[0] else: return api.keystone.create_ec2_credentials( request, request.user.id, tenant_id) try: api.keystone.token_create_scoped(request, data.get('tenant'), request.user.token) keys = find_or_create_access_keys(request, data.get('tenant')) tenant_id = data['tenant'] tenant_name = dict(self.fields['tenant'].choices)[tenant_id] control_bucket = "juju-openstack-%s-%s" % (tenant_name, str(uuid.uuid4())[19:]) context = { 'ec2_access_key': keys.access, 'ec2_secret_key': keys.secret, 'ec2_url': api.url_for(request, 'ec2'), 's3_url': api.url_for(request, 's3'), 'juju_admin_secret': uuid.uuid4().hex, 'control_bucket': control_bucket } except Exception, e: LOG.exception( "S3 endpoint required for Juju environments.yaml creation.") messages.error(request, _('Could not generate environment config: %s') % e) return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data): def find_or_create_access_keys(request, tenant_id): keys = api.keystone.list_ec2_credentials(request, request.user.id) if keys: return keys[0] else: return api.keystone.create_ec2_credentials(request, request.user.id, tenant_id) try: api.keystone.token_create_scoped(request, data.get('tenant'), request.user.token) keys = find_or_create_access_keys(request, data.get('tenant')) tenant_id = data['tenant'] tenant_name = dict(self.fields['tenant'].choices)[tenant_id] control_bucket = "juju-openstack-%s-%s" % (tenant_name, str(uuid.uuid4())[19:]) context = {'ec2_access_key': keys.access, 'ec2_secret_key': keys.secret, 'ec2_url': api.url_for(request, 'ec2'), 's3_url': api.url_for(request, 's3'), 'juju_admin_secret': uuid.uuid4().hex, 'control_bucket': control_bucket } except Exception, e: LOG.exception("S3 endpoint required for Juju environments.yaml creation.") messages.error(request, _('Could not generate environment config: %s') % e) return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data): def find_or_create_access_keys(request, tenant_id): keys = api.keystone.list_ec2_credentials(request, request.user.id) if keys: #TODO(jakedahn): Once real CRUD is created, we can allow user # to generate per access/secret pair. return keys[0] else: return api.keystone.create_ec2_credentials(request, request.user.id, tenant_id) try: # NOTE(jakedahn): Keystone errors unless we specifically scope # the token to tenant before making the call. api.keystone.token_create_scoped(request, data.get('tenant'), request.user.token) credentials = api.nova.get_x509_credentials(request) cacert = api.nova.get_x509_root_certificate(request) keys = find_or_create_access_keys(request, data.get('tenant')) context = {'ec2_access_key': keys.access, 'ec2_secret_key': keys.secret, 'ec2_endpoint': api.url_for(request, 'ec2', endpoint_type='publicURL')} try: s3_endpoint = api.url_for(request, 's3', endpoint_type='publicURL') except exceptions.ServiceCatalogException: s3_endpoint = None context['s3_endpoint'] = s3_endpoint except: exceptions.handle(request, _('Unable to fetch EC2 credentials.'), redirect=request.build_absolute_uri()) try: temp_zip = tempfile.NamedTemporaryFile(delete=True) with closing(zipfile.ZipFile(temp_zip.name, mode='w')) as archive: archive.writestr('pk.pem', credentials.private_key) archive.writestr('cert.pem', credentials.data) archive.writestr('cacert.pem', cacert.data) archive.writestr('ec2rc.sh', render_to_string( 'settings/ec2/ec2rc.sh.template', context)) except: exceptions.handle(request, _('Error writing zipfile: %(exc)s'), redirect=request.build_absolute_uri()) response = http.HttpResponse(mimetype='application/zip') response.write(temp_zip.read()) response['Content-Disposition'] = 'attachment; \ filename=%s-x509.zip' \ % data.get('tenant') response['Content-Length'] = temp_zip.tell() return response
def novaclient(request): insecure = getattr(api.settings, 'OPENSTACK_SSL_NO_VERIFY', False) api.LOG.debug('novaclient connection created using token "%s" and url "%s"' % (request.user.token.id, api.url_for(request, 'compute'))) extensions = shell.OpenStackComputeShell()._discover_extensions("1.1") c = client.Client(request.user.username, request.user.token.id, extensions=extensions, project_id=request.user.tenant_id, auth_url=api.url_for(request, 'compute'), insecure=insecure) c.client.auth_token = request.user.token.id c.client.management_url = api.url_for(request, 'compute') return c
def handle(self, request, data): try: tenant_id = data['tenant'] tenant_name = dict(self.fields['tenant'].choices)[tenant_id] keystone_url = api.url_for(request, 'identity', endpoint_type='publicURL') context = {'user': request.user, 'auth_url': keystone_url, 'tenant_id': tenant_id, 'tenant_name': tenant_name} response = shortcuts.render(request, 'settings/project/openrc.sh.template', context, content_type="text/plain") response['Content-Disposition'] = 'attachment; filename=openrc.sh' response['Content-Length'] = str(len(response.content)) return response except Exception, e: LOG.exception("Exception in DownloadOpenRCForm.") messages.error(request, _('Error Downloading RC File: %s') % e) return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data): try: credentials = api.nova.get_x509_credentials(request) cacert = api.nova.get_x509_root_certificate(request) access_secret = api.keystone.create_ec2_credentials(request, request.user.id, data.get('tenant')) context = {'ec2_access_key': access_secret.access, 'ec2_secret_key': access_secret.secret, 'ec2_endpoint': api.url_for(request, 'identity')} except: exceptions.handle(request, _('Unable to fetch EC2 credentials.'), redirect=request.build_absolute_uri()) try: temp_zip = tempfile.NamedTemporaryFile(delete=True) with zipfile.ZipFile(temp_zip.name, mode='w') as archive: archive.writestr('pk.pem', credentials.private_key) archive.writestr('cert.pem', credentials.data) archive.writestr('cacert.pem', cacert.data) archive.writestr('ec2rc.sh', render_to_string( 'settings/ec2/ec2rc.sh.template', context)) except: exceptions.handle(request, _('Error writing zipfile: %(exc)s'), redirect=request.build_absolute_uri()) response = http.HttpResponse(mimetype='application/zip') response.write(temp_zip.read()) response['Content-Disposition'] = 'attachment; \ filename=%s-x509.zip' \ % data.get('tenant') response['Content-Length'] = temp_zip.tell() return response
def handle(self, request, data): try: tenant_id = data["tenant"] tenant_name = dict(self.fields["tenant"].choices)[tenant_id] keystone_url = api.url_for(request, "identity", endpoint_type="publicURL") context = { "user": request.user, "auth_url": keystone_url, "tenant_id": tenant_id, "tenant_name": tenant_name, } response = shortcuts.render( request, "settings/project/openrc.sh.template", context, content_type="text/plain" ) response["Content-Disposition"] = "attachment; filename=openrc.sh" response["Content-Length"] = str(len(response.content)) return response except Exception, e: LOG.exception("Exception in DownloadOpenRCForm.") messages.error(request, _("Error Downloading RC File: %s") % e) return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data): def find_or_create_access_keys(request, tenant_id): keys = api.keystone.list_ec2_credentials(request, request.user.id) if keys: return keys[0] else: return api.keystone.create_ec2_credentials(request, request.user.id, tenant_id) try: api.keystone.token_create_scoped(request, data.get('tenant'), request.user.token) keys = find_or_create_access_keys(request, data.get('tenant')) tenant_id = data['tenant'] tenant_name = dict(self.fields['tenant'].choices)[tenant_id] control_bucket = "juju-openstack-%s-%s" % (tenant_name, str(uuid.uuid4())[19:]) context = {'ec2_access_key': keys.access, 'ec2_secret_key': keys.secret, 'ec2_url': api.url_for(request, 'ec2'), 's3_url': api.url_for(request, 's3'), 'juju_admin_secret': uuid.uuid4().hex, 'control_bucket': control_bucket } except: exceptions.handle(request, _('Unable to fetch generate Juju environment config.'), redirect=request.build_absolute_uri()) response = shortcuts.render(request, 'settings/juju/environments.yaml.template', context, content_type='text/plain') response['Content-Disposition'] = 'attachment; filename=environments.yaml' response['Content-Length'] = str(len(response.content)) return response
def handle(self, request, data): response = shortcuts.redirect(request.build_absolute_uri()) # variables original_password = data['original_password'] new_password = data['new_password'] user_id = request.session['user_id'] username = request.session['username'] proceed = True # Make sure the password is somewhat strong if len(new_password) < 8 or \ all(c.isalpha() == True for c in new_password) or \ all(c.isdigit() == True for c in new_password) or \ all(c.isalnum() == True for c in new_password): proceed = False msg = 'Password not strong enough.' # Don't allow the password to be changed for the admin if username == 'admin': proceed = False msg = 'Cannot change password for the admin user.' if proceed: # URLs keystone_url = api.url_for(request, 'identity', endpoint_type='publicURL') password_url = "%s/OS-KSCRUD/users/%s" % (keystone_url, user_id) token_url = "%s/tokens" % keystone_url payload = {'user': {'original_password': data['original_password'], 'password': data['new_password']}} headers = {'X_Auth_Token': request.user.token.id, 'content-type': 'application/json'} r = requests.patch(password_url, data=json.dumps(payload), headers=headers) if r.status_code == 200: messages.success(request, translation.ugettext("Password changed.")) logout(request) else: messages.error(request, translation.ugettext("Password change failed.")) else: messages.error(request, translation.ugettext(msg)) return response