class SetAccessControlsAction(workflows.Action):
keypair = forms.ThemableDynamicChoiceField(
label=_("Key Pair"),
help_text=_("Key pair to use for "
"authentication."),
add_item_link=KEYPAIR_IMPORT_URL)
admin_pass = forms.RegexField(
label=_("Admin Password"),
required=False,
widget=forms.PasswordInput(render_value=False),
regex=validators.password_validator(),
error_messages={'invalid': validators.password_validator_msg()})
confirm_admin_pass = forms.CharField(
label=_("Confirm Admin Password"),
required=False,
widget=forms.PasswordInput(render_value=False))
groups = forms.MultipleChoiceField(
label=_("Security Groups"),
required=False,
initial=["default"],
widget=forms.ThemableCheckboxSelectMultiple(),
help_text=_("Launch instance in these "
"security groups."))
class Meta(object):
name = _("Access & Security")
help_text = _("Control access to your instance via key pairs, "
"security groups, and other mechanisms.")
def __init__(self, request, *args, **kwargs):
super(SetAccessControlsAction, self).__init__(request, *args, **kwargs)
if not api.nova.can_set_server_password():
del self.fields['admin_pass']
del self.fields['confirm_admin_pass']
self.fields['keypair'].required = api.nova.requires_keypair()
def populate_keypair_choices(self, request, context):
keypairs = instance_utils.keypair_field_data(request, True)
if len(keypairs) == 2:
self.fields['keypair'].initial = keypairs[1][0]
return keypairs
def populate_groups_choices(self, request, context):
try:
groups = api.neutron.security_group_list(request)
security_group_list = [(sg.id, sg.name) for sg in groups]
except Exception:
exceptions.handle(request,
_('Unable to retrieve list of security groups'))
security_group_list = []
return security_group_list
def clean(self):
'''Check to make sure password fields match.'''
cleaned_data = super(SetAccessControlsAction, self).clean()
if 'admin_pass' in cleaned_data:
if cleaned_data['admin_pass'] != cleaned_data.get(
'confirm_admin_pass', None):
raise forms.ValidationError(_('Passwords do not match.'))
return cleaned_data
class CreateUserForm(PasswordMixin, BaseUserForm):
name = forms.CharField(max_length=100, label=_("User Name"))
email = forms.EmailField(max_length=40, label=_("Email"))
project = forms.ThemableDynamicChoiceField(label=_("Project"),
required=False)
idp = forms.CharField(max_length=30, label=_("Identity Provider"))
cn = forms.CharField(max_length=255,
label=_("Common Name"),
required=False)
duration = forms.IntegerField(label=_("Duration"), required=False)
source = forms.CharField(max_length=255, label=_("Source"), required=False)
def __init__(self, *args, **kwargs):
super(CreateUserForm, self).__init__(*args, **kwargs)
# Reorder form fields from multiple inheritance
ordering = [
"name", "email", "password", "confirm_password", "project", "idp",
"cn", "duration", "source"
]
self.fields = collections.OrderedDict(
(key, self.fields[key]) for key in ordering)
# We have to protect the entire "data" dict because it contains the
# password and confirm_password strings.
@sensitive_variables('data')
def handle(self, request, data):
try:
LOG.info('Creating GARR user with name "%s"', data['name'])
new_user = User.create_user(data)
messages.success(
request,
_('User "%s" was successfully created.') % data['name'])
return True
except Exception:
messages.error(request, _('Unable to create user.'))
return exceptions.handle(request, ignore=True)
class CreateUserForm(PasswordMixin, BaseUserForm, AddExtraColumnMixIn):
# Hide the domain_id and domain_name by default
domain_id = forms.CharField(label=_("Domain ID"),
required=False,
widget=forms.HiddenInput())
domain_name = forms.CharField(label=_("Domain Name"),
required=False,
widget=forms.HiddenInput())
name = forms.CharField(max_length=255, label=_("User Name"))
description = forms.CharField(
widget=forms.widgets.Textarea(attrs={'rows': 4}),
label=_("Description"),
required=False)
email = forms.EmailField(label=_("Email"), required=False)
project = forms.ThemableDynamicChoiceField(label=_("Primary Project"),
required=PROJECT_REQUIRED,
add_item_link=ADD_PROJECT_URL)
role_id = forms.ThemableChoiceField(label=_("Role"),
required=PROJECT_REQUIRED)
enabled = forms.BooleanField(label=_("Enabled"),
required=False,
initial=True)
def __init__(self, *args, **kwargs):
roles = kwargs.pop('roles')
super(CreateUserForm, self).__init__(*args, **kwargs)
# Reorder form fields from multiple inheritance
ordering = [
"domain_id", "domain_name", "name", "description", "email",
"password", "confirm_password", "project", "role_id", "enabled"
]
self.add_extra_fields(ordering)
self.fields = collections.OrderedDict(
(key, self.fields[key]) for key in ordering)
role_choices = [(role.id, role.name) for role in roles]
self.fields['role_id'].choices = role_choices
# For keystone V3, display the two fields in read-only
if api.keystone.VERSIONS.active >= 3:
readonlyInput = forms.TextInput(attrs={'readonly': 'readonly'})
self.fields["domain_id"].widget = readonlyInput
self.fields["domain_name"].widget = readonlyInput
# For keystone V2.0, hide description field
else:
self.fields["description"].widget = forms.HiddenInput()
# We have to protect the entire "data" dict because it contains the
# password and confirm_password strings.
@sensitive_variables('data')
def handle(self, request, data):
domain = api.keystone.get_default_domain(self.request, False)
try:
LOG.info('Creating user with name "%s"' % data['name'])
desc = data["description"]
if "email" in data:
data['email'] = data['email'] or None
# add extra information
if api.keystone.VERSIONS.active >= 3:
EXTRA_INFO = getattr(settings, 'USER_TABLE_EXTRA_INFO', {})
kwargs = dict((key, data.get(key)) for key in EXTRA_INFO)
else:
kwargs = {}
new_user = \
api.keystone.user_create(request,
name=data['name'],
email=data['email'],
description=desc or None,
password=data['password'],
project=data['project'] or None,
enabled=data['enabled'],
domain=domain.id,
**kwargs)
messages.success(
request,
_('User "%s" was successfully created.') % data['name'])
if data['project'] and data['role_id']:
roles = api.keystone.roles_for_user(request, new_user.id,
data['project']) or []
assigned = [
role for role in roles if role.id == str(data['role_id'])
]
if not assigned:
try:
api.keystone.add_tenant_user_role(
request, data['project'], new_user.id,
data['role_id'])
except Exception:
exceptions.handle(
request,
_('Unable to add user '
'to primary project.'))
return new_user
except exceptions.Conflict:
msg = _('User name "%s" is already used.') % data['name']
messages.error(request, msg)
except Exception:
exceptions.handle(request, _('Unable to create user.'))
class ActivateUserForm(PasswordMixin, BaseUserForm, AddExtraColumnMixIn):
# Hide the domain_id and domain_name by default
domain_id = forms.CharField(label=_("Domain ID"),
required=False,
widget=forms.HiddenInput())
domain_name = forms.CharField(label=_("Domain Name"),
required=False,
widget=forms.HiddenInput())
name = forms.CharField(max_length=255, label=_("User Name"))
description = forms.CharField(
widget=forms.widgets.Textarea(attrs={'rows': 4}),
label=_("Description"),
required=False)
email = forms.EmailField(label=_("Email"), required=False)
project = forms.ThemableDynamicChoiceField(label=_("Primary Project"),
required=PROJECT_REQUIRED)
role_id = forms.ThemableChoiceField(label=_("Role"),
required=PROJECT_REQUIRED)
enabled = forms.BooleanField(label=_("Enabled"),
required=False,
initial=True)
default_user_id = forms.IntegerField(label=_('User ID'),
widget=forms.HiddenInput())
@staticmethod
def get_os_projects(request, project_name, domain_id):
# Populate project choices
project_choices = []
keystone_projects, has_more = api.keystone.tenant_list(request)
matching_project = None
# Check if asigned project matches
# with the ones from Keystone and
# set that project as a default choice
for project in keystone_projects:
if project.enabled:
if project_name == project.name:
matching_project = (project.id, project.name)
else:
project_choices.append((project.id, project.name))
if matching_project:
project_choices.append(0, matching_project)
elif not project_choices:
project_choices.insert(0, ('', _('No available projects')))
else:
project_choices.insert(0, ('', _('Select a project.')))
return project_choices
def __init__(self, *args, **kwargs):
roles = kwargs.pop('roles')
super(ActivateUserForm, self).__init__(*args, **kwargs)
project_name = kwargs['initial'].get('project', None)
domain_id = kwargs['initial'].get('domain_id', None)
self.fields['project'].choices = self.get_os_projects(
args[0], project_name, domain_id)
# Reorder form fields from multiple inheritance
ordering = [
"default_user_id", "domain_id", "domain_name", "name",
"description", "email", "password", "confirm_password", "project",
"role_id", "enabled"
]
self.add_extra_fields(ordering)
self.fields = collections.OrderedDict(
(key, self.fields[key]) for key in ordering)
role_choices = [(role.id, role.name) for role in roles]
self.fields['role_id'].choices = role_choices
# For keystone V3, display the two fields in read-only
if api.keystone.VERSIONS.active >= 3:
readonlyInput = forms.TextInput(attrs={'readonly': 'readonly'})
self.fields["domain_id"].widget = readonlyInput
self.fields["domain_name"].widget = readonlyInput
# For keystone V2.0, hide description field
else:
self.fields["description"].widget = forms.HiddenInput()
# Disable required constraint on password field
# If no password is inserted the default one is used
self.fields['password'].required = False
self.fields['confirm_password'].required = False
# We have to protect the entire "data" dict because it contains the
# password and confirm_password strings.
@sensitive_variables('data')
def handle(self, request, data):
user_id = data.get('default_user_id', None)
if not data['password']:
data['password'] = KEYSTONE_USER_PASS
return self.create_keystone_user(request, data)
@staticmethod
def create_keystone_user(request, data):
domain = api.keystone.get_default_domain(request, False)
try:
LOG.info('Creating user with name "%s"', data['name'])
# add extra information
if api.keystone.VERSIONS.active >= 3:
EXTRA_INFO = getattr(settings, 'USER_TABLE_EXTRA_INFO', {})
kwargs = dict((key, data.get(key)) for key in EXTRA_INFO)
else:
kwargs = {}
new_user = \
api.keystone.user_create(request,
name=data['name'],
email=data['email'],
description=data['description'] or None,
password=data['password'],
project=data['project'] or None,
enabled=data['enabled'],
domain=domain.id,
**kwargs)
messages.success(
request,
_('User "%s" was successfully created.') % data['name'])
if data['project'] and data['role_id']:
roles = api.keystone.roles_for_user(request, new_user.id,
data['project']) or []
assigned = [
role for role in roles if role.id == str(data['role_id'])
]
if not assigned:
try:
api.keystone.add_tenant_user_role(
request, data['project'], new_user.id,
data['role_id'])
except Exception:
exceptions.handle(
request,
_('Unable to add user '
'to primary project.'))
return new_user
except exceptions.Conflict:
msg = _('User name "%s" is already used.') % data['name']
messages.error(request, msg)
except Exception:
exceptions.handle(request, _('Unable to create user.'))
