def handle(self, request, data):
def find_or_create_access_keys(request, tenant_id):
keys = api.keystone.list_ec2_credentials(request, request.user.id)
for key in keys:
if key.tenant_id == tenant_id:
return key
return api.keystone.create_ec2_credentials(request,
request.user.id,
tenant_id)
try:
# NOTE(jakedahn): Keystone errors unless we specifically scope
# the token to tenant before making the call.
api.keystone.token_create_scoped(request, data.get('tenant'),
request.user.token.id)
credentials = api.nova.get_x509_credentials(request)
cacert = api.nova.get_x509_root_certificate(request)
keys = find_or_create_access_keys(request, data.get('tenant'))
context = {
'ec2_access_key':
keys.access,
'ec2_secret_key':
keys.secret,
'ec2_endpoint':
api.url_for(request, 'ec2', endpoint_type='publicURL')
}
try:
s3_endpoint = api.url_for(request,
's3',
endpoint_type='publicURL')
except exceptions.ServiceCatalogException:
s3_endpoint = None
context['s3_endpoint'] = s3_endpoint
except:
exceptions.handle(request,
_('Unable to fetch EC2 credentials.'),
redirect=request.build_absolute_uri())
try:
temp_zip = tempfile.NamedTemporaryFile(delete=True)
with closing(zipfile.ZipFile(temp_zip.name, mode='w')) as archive:
archive.writestr('pk.pem', credentials.private_key)
archive.writestr('cert.pem', credentials.data)
archive.writestr('cacert.pem', cacert.data)
archive.writestr(
'ec2rc.sh',
render_to_string('settings/ec2/ec2rc.sh.template',
context))
except:
exceptions.handle(request,
_('Error writing zipfile: %(exc)s'),
redirect=request.build_absolute_uri())
response = http.HttpResponse(mimetype='application/zip')
response.write(temp_zip.read())
response['Content-Disposition'] = 'attachment; \
filename=%s-x509.zip' \
% data.get('tenant')
response['Content-Length'] = temp_zip.tell()
return response
def handle(self, request, data):
def find_or_create_access_keys(request, tenant_id):
keys = api.keystone.list_ec2_credentials(request, request.user.id)
if keys:
return keys[0]
else:
return api.keystone.create_ec2_credentials(
request, request.user.id, tenant_id)
try:
api.keystone.token_create_scoped(request, data.get('tenant'),
request.user.token)
keys = find_or_create_access_keys(request, data.get('tenant'))
tenant_id = data['tenant']
tenant_name = dict(self.fields['tenant'].choices)[tenant_id]
control_bucket = "juju-openstack-%s-%s" % (tenant_name,
str(uuid.uuid4())[19:])
context = {
'ec2_access_key': keys.access,
'ec2_secret_key': keys.secret,
'ec2_url': api.url_for(request, 'ec2'),
's3_url': api.url_for(request, 's3'),
'juju_admin_secret': uuid.uuid4().hex,
'control_bucket': control_bucket
}
except Exception, e:
LOG.exception(
"S3 endpoint required for Juju environments.yaml creation.")
messages.error(request,
_('Could not generate environment config: %s') % e)
return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data):
def find_or_create_access_keys(request, tenant_id):
keys = api.keystone.list_ec2_credentials(request, request.user.id)
if keys:
return keys[0]
else:
return api.keystone.create_ec2_credentials(request,
request.user.id,
tenant_id)
try:
api.keystone.token_create_scoped(request,
data.get('tenant'),
request.user.token)
keys = find_or_create_access_keys(request, data.get('tenant'))
tenant_id = data['tenant']
tenant_name = dict(self.fields['tenant'].choices)[tenant_id]
control_bucket = "juju-openstack-%s-%s" % (tenant_name, str(uuid.uuid4())[19:])
context = {'ec2_access_key': keys.access,
'ec2_secret_key': keys.secret,
'ec2_url': api.url_for(request, 'ec2'),
's3_url': api.url_for(request, 's3'),
'juju_admin_secret': uuid.uuid4().hex,
'control_bucket': control_bucket
}
except Exception, e:
LOG.exception("S3 endpoint required for Juju environments.yaml creation.")
messages.error(request, _('Could not generate environment config: %s') % e)
return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data):
def find_or_create_access_keys(request, tenant_id):
keys = api.keystone.list_ec2_credentials(request, request.user.id)
if keys:
#TODO(jakedahn): Once real CRUD is created, we can allow user
# to generate per access/secret pair.
return keys[0]
else:
return api.keystone.create_ec2_credentials(request,
request.user.id,
tenant_id)
try:
# NOTE(jakedahn): Keystone errors unless we specifically scope
# the token to tenant before making the call.
api.keystone.token_create_scoped(request,
data.get('tenant'),
request.user.token)
credentials = api.nova.get_x509_credentials(request)
cacert = api.nova.get_x509_root_certificate(request)
keys = find_or_create_access_keys(request, data.get('tenant'))
context = {'ec2_access_key': keys.access,
'ec2_secret_key': keys.secret,
'ec2_endpoint': api.url_for(request,
'ec2',
endpoint_type='publicURL')}
try:
s3_endpoint = api.url_for(request,
's3',
endpoint_type='publicURL')
except exceptions.ServiceCatalogException:
s3_endpoint = None
context['s3_endpoint'] = s3_endpoint
except:
exceptions.handle(request,
_('Unable to fetch EC2 credentials.'),
redirect=request.build_absolute_uri())
try:
temp_zip = tempfile.NamedTemporaryFile(delete=True)
with closing(zipfile.ZipFile(temp_zip.name, mode='w')) as archive:
archive.writestr('pk.pem', credentials.private_key)
archive.writestr('cert.pem', credentials.data)
archive.writestr('cacert.pem', cacert.data)
archive.writestr('ec2rc.sh', render_to_string(
'settings/ec2/ec2rc.sh.template', context))
except:
exceptions.handle(request,
_('Error writing zipfile: %(exc)s'),
redirect=request.build_absolute_uri())
response = http.HttpResponse(mimetype='application/zip')
response.write(temp_zip.read())
response['Content-Disposition'] = 'attachment; \
filename=%s-x509.zip' \
% data.get('tenant')
response['Content-Length'] = temp_zip.tell()
return response
def novaclient(request):
insecure = getattr(api.settings, 'OPENSTACK_SSL_NO_VERIFY', False)
api.LOG.debug('novaclient connection created using token "%s" and url "%s"' %
(request.user.token.id, api.url_for(request, 'compute')))
extensions = shell.OpenStackComputeShell()._discover_extensions("1.1")
c = client.Client(request.user.username,
request.user.token.id,
extensions=extensions,
project_id=request.user.tenant_id,
auth_url=api.url_for(request, 'compute'),
insecure=insecure)
c.client.auth_token = request.user.token.id
c.client.management_url = api.url_for(request, 'compute')
return c
def novaclient(request):
insecure = getattr(api.settings, 'OPENSTACK_SSL_NO_VERIFY', False)
api.LOG.debug('novaclient connection created using token "%s" and url "%s"' %
(request.user.token.id, api.url_for(request, 'compute')))
extensions = shell.OpenStackComputeShell()._discover_extensions("1.1")
c = client.Client(request.user.username,
request.user.token.id,
extensions=extensions,
project_id=request.user.tenant_id,
auth_url=api.url_for(request, 'compute'),
insecure=insecure)
c.client.auth_token = request.user.token.id
c.client.management_url = api.url_for(request, 'compute')
return c
def handle(self, request, data):
try:
tenant_id = data['tenant']
tenant_name = dict(self.fields['tenant'].choices)[tenant_id]
keystone_url = api.url_for(request,
'identity',
endpoint_type='publicURL')
context = {'user': request.user,
'auth_url': keystone_url,
'tenant_id': tenant_id,
'tenant_name': tenant_name}
response = shortcuts.render(request,
'settings/project/openrc.sh.template',
context,
content_type="text/plain")
response['Content-Disposition'] = 'attachment; filename=openrc.sh'
response['Content-Length'] = str(len(response.content))
return response
except Exception, e:
LOG.exception("Exception in DownloadOpenRCForm.")
messages.error(request, _('Error Downloading RC File: %s') % e)
return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data):
try:
credentials = api.nova.get_x509_credentials(request)
cacert = api.nova.get_x509_root_certificate(request)
access_secret = api.keystone.create_ec2_credentials(request,
request.user.id, data.get('tenant'))
context = {'ec2_access_key': access_secret.access,
'ec2_secret_key': access_secret.secret,
'ec2_endpoint': api.url_for(request, 'identity')}
except:
exceptions.handle(request,
_('Unable to fetch EC2 credentials.'),
redirect=request.build_absolute_uri())
try:
temp_zip = tempfile.NamedTemporaryFile(delete=True)
with zipfile.ZipFile(temp_zip.name, mode='w') as archive:
archive.writestr('pk.pem', credentials.private_key)
archive.writestr('cert.pem', credentials.data)
archive.writestr('cacert.pem', cacert.data)
archive.writestr('ec2rc.sh', render_to_string(
'settings/ec2/ec2rc.sh.template', context))
except:
exceptions.handle(request,
_('Error writing zipfile: %(exc)s'),
redirect=request.build_absolute_uri())
response = http.HttpResponse(mimetype='application/zip')
response.write(temp_zip.read())
response['Content-Disposition'] = 'attachment; \
filename=%s-x509.zip' \
% data.get('tenant')
response['Content-Length'] = temp_zip.tell()
return response
def handle(self, request, data):
try:
tenant_id = data["tenant"]
tenant_name = dict(self.fields["tenant"].choices)[tenant_id]
keystone_url = api.url_for(request, "identity", endpoint_type="publicURL")
context = {
"user": request.user,
"auth_url": keystone_url,
"tenant_id": tenant_id,
"tenant_name": tenant_name,
}
response = shortcuts.render(
request, "settings/project/openrc.sh.template", context, content_type="text/plain"
)
response["Content-Disposition"] = "attachment; filename=openrc.sh"
response["Content-Length"] = str(len(response.content))
return response
except Exception, e:
LOG.exception("Exception in DownloadOpenRCForm.")
messages.error(request, _("Error Downloading RC File: %s") % e)
return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data):
try:
tenant_id = data['tenant']
tenant_name = dict(self.fields['tenant'].choices)[tenant_id]
keystone_url = api.url_for(request,
'identity',
endpoint_type='publicURL')
context = {'user': request.user,
'auth_url': keystone_url,
'tenant_id': tenant_id,
'tenant_name': tenant_name}
response = shortcuts.render(request,
'settings/project/openrc.sh.template',
context,
content_type="text/plain")
response['Content-Disposition'] = 'attachment; filename=openrc.sh'
response['Content-Length'] = str(len(response.content))
return response
except Exception, e:
LOG.exception("Exception in DownloadOpenRCForm.")
messages.error(request, _('Error Downloading RC File: %s') % e)
return shortcuts.redirect(request.build_absolute_uri())
def handle(self, request, data):
def find_or_create_access_keys(request, tenant_id):
keys = api.keystone.list_ec2_credentials(request, request.user.id)
if keys:
return keys[0]
else:
return api.keystone.create_ec2_credentials(request,
request.user.id,
tenant_id)
try:
api.keystone.token_create_scoped(request,
data.get('tenant'),
request.user.token)
keys = find_or_create_access_keys(request, data.get('tenant'))
tenant_id = data['tenant']
tenant_name = dict(self.fields['tenant'].choices)[tenant_id]
control_bucket = "juju-openstack-%s-%s" % (tenant_name, str(uuid.uuid4())[19:])
context = {'ec2_access_key': keys.access,
'ec2_secret_key': keys.secret,
'ec2_url': api.url_for(request, 'ec2'),
's3_url': api.url_for(request, 's3'),
'juju_admin_secret': uuid.uuid4().hex,
'control_bucket': control_bucket
}
except:
exceptions.handle(request,
_('Unable to fetch generate Juju environment config.'),
redirect=request.build_absolute_uri())
response = shortcuts.render(request,
'settings/juju/environments.yaml.template',
context,
content_type='text/plain')
response['Content-Disposition'] = 'attachment; filename=environments.yaml'
response['Content-Length'] = str(len(response.content))
return response
def handle(self, request, data):
response = shortcuts.redirect(request.build_absolute_uri())
# variables
original_password = data['original_password']
new_password = data['new_password']
user_id = request.session['user_id']
username = request.session['username']
proceed = True
# Make sure the password is somewhat strong
if len(new_password) < 8 or \
all(c.isalpha() == True for c in new_password) or \
all(c.isdigit() == True for c in new_password) or \
all(c.isalnum() == True for c in new_password):
proceed = False
msg = 'Password not strong enough.'
# Don't allow the password to be changed for the admin
if username == 'admin':
proceed = False
msg = 'Cannot change password for the admin user.'
if proceed:
# URLs
keystone_url = api.url_for(request, 'identity', endpoint_type='publicURL')
password_url = "%s/OS-KSCRUD/users/%s" % (keystone_url, user_id)
token_url = "%s/tokens" % keystone_url
payload = {'user': {'original_password': data['original_password'], 'password': data['new_password']}}
headers = {'X_Auth_Token': request.user.token.id, 'content-type': 'application/json'}
r = requests.patch(password_url, data=json.dumps(payload), headers=headers)
if r.status_code == 200:
messages.success(request, translation.ugettext("Password changed."))
logout(request)
else:
messages.error(request, translation.ugettext("Password change failed."))
else:
messages.error(request, translation.ugettext(msg))
return response
