def django_user_model():
"""
MongoEngine user model as defined in AUTH_USER_MODEL
Overrides the default pytest-django fixture
"""
return get_user_document()
def logout(request):
msg = 'Logging out user "%(username)s".' % \
{'username': request.user.username}
LOG.info(msg)
try:
user = get_user_document().objects(username=request.user.username).first()
if request.user.hp_attr:
hp_clouds = Hpclouddata.objects.all()
for hp_cloud in hp_clouds:
delete_token(endpoint=hp_cloud.endpoint,token_id=hp_cloud.token.id)
hp = Hpclouddata.objects(id = hp_cloud.id).first()
hp.delete()
user.hp_attr = None
user.hpname = None
if request.user.token and request.user.endpoint:
delete_token(endpoint=request.user.endpoint, token_id=request.user.token.id)
user.token = None
user.authorized_tenants = None
user.service_catalog = None
user.services_region = None
user.project_name = None
user.tenant_name = None
user.tenant_id = None
user.project_id = None
user.endpoint = None
user.openstackname = None
else:
LOG.debug("User token not deleted")
user.is_superuser = False
user.save()
except:
LOG.debug("User token not deleted")
return django_logout(request)
def contribute_to_class(self, model, name):
super(MappUserManager, self).contribute_to_class(model, name)
self.dj_model = self.model
self.model = get_user_document()
self.dj_model.USERNAME_FIELD = self.model.USERNAME_FIELD
self.dj_model.REQUIRED_FIELDS = self.model.REQUIRED_FIELDS
"""
def handle(self, request, data):
user = get_user_document().objects(username=request.user.username).first()
cnext_clouds = sum([[y.cloudid for y in i.policy if
y.cloudid.platform == "Cnext"] for i in request.user.roles], [])
for cloud in cnext_clouds:
if str(cloud.id) == str(data['account_name']):
user.cnextpublickey = cloud["cloud_meta"]["publickey"]
user.cnextprivatekey = cloud["cloud_meta"]["privatekey"]
user.cnextendpoint = cloud["cloud_meta"]["endpoint"]
user.cnextname = cloud["name"]
user.save()
return True
return False
def user_field(user, field, *args):
"""
Gets or sets (optional) user model fields. No-op if fields do not exist.
"""
if field and hasattr(user, field):
if args:
# Setter
v = args[0]
if v:
User = get_user_document()
v = v[0:User._meta.get_field(field).max_length]
setattr(user, field, v)
else:
# Getter
return getattr(user, field)
def handle(self, request, data):
user = get_user_document().objects(username=request.user.username).first()
hp_clouds = sum(
[[y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"] for i in request.user.roles], []
)
for cloud in hp_clouds:
if str(cloud.id) == str(data["account_name"]):
hpclouds = Hpclouddata.objects.all()
for hpcloud in hpclouds:
if hpcloud.hpcloudid.id == cloud.id:
user.hp_attr = hpcloud
user.hpname = cloud["name"]
user.save()
return True
return False
def email_address_exists(email, exclude_user=None):
emailaddresses = EmailAddress.objects
if exclude_user:
emailaddresses = emailaddresses.exclude(user=exclude_user)
ret = emailaddresses.filter(email__iexact=email).first()
if not ret:
email_field = app_settings.USER_MODEL_EMAIL_FIELD
if email_field:
users = get_user_document().objects
if exclude_user:
users = users.exclude(pk=exclude_user.pk)
ret = users.filter(**{email_field+'__iexact': email}).first()
return ret
def handle(self, request, data):
user = get_user_document().objects(
username=request.user.username).first()
aws_clouds = sum(
[[y.cloudid for y in i.policy if y.cloudid.platform == "Amazon"]
for i in request.user.roles], [])
for cloud in aws_clouds:
if str(cloud.id) == str(data['account_name']):
user.awspublickey = cloud["cloud_meta"]["publickey"]
user.awsprivatekey = cloud["cloud_meta"]["privatekey"]
user.awsendpoint = cloud["cloud_meta"]["endpoint"]
user.awsname = cloud["name"]
user.save()
return True
return False
def handle(self, request, data):
user = get_user_document().objects(
username=request.user.username).first()
hp_clouds = sum(
[[y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"]
for i in request.user.roles], [])
for cloud in hp_clouds:
if str(cloud.id) == str(data['account_name']):
hpclouds = Hpclouddata.objects.all()
for hpcloud in hpclouds:
if hpcloud.hpcloudid.id == cloud.id:
user.hp_attr = hpcloud
user.hpname = cloud["name"]
user.save()
return True
return False
def _get_user_model():
"""
Get the User Document class user for MongoEngine authentication.
Use the model defined in SOCIAL_AUTH_USER_MODEL if defined, or
defaults to MongoEngine's configured user document class.
"""
custom_model = getattr(settings, setting_name('USER_MODEL'), None)
if custom_model:
return module_member(custom_model)
try:
# Custom user model support with MongoEngine 0.8
from mongoengine.django.mongo_auth.models import get_user_document
return get_user_document()
except ImportError:
return module_member('mongoengine.django.auth.User')
def _get_user_model():
"""
Get the User Document class user for MongoEngine authentication.
Use the model defined in SOCIAL_AUTH_USER_MODEL if defined, or
defaults to MongoEngine's configured user document class.
"""
custom_model = getattr(settings, setting_name('USER_MODEL'), None)
if custom_model:
return module_member(custom_model)
try:
# Custom user model support with MongoEngine 0.8
from mongoengine.django.mongo_auth.models import get_user_document
return get_user_document()
except ImportError:
return module_member('mongoengine.django.auth.User')
def switch_cnext_tenants(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
""" Switches an authenticated user from one project to another. """
LOG.debug('Switching to tenant %s for user "%s".'
% (tenant_id, request.user.username))
user = get_user_document().objects(username=request.user.username).first()
cnext_tenant = tenantclouds.objects(id=tenant_id).first()
user.cnextpublickey = cnext_tenant["cloud_meta"]["publickey"]
user.cnextprivatekey = cnext_tenant["cloud_meta"]["privatekey"]
user.cnextendpoint = cnext_tenant["cloud_meta"]["endpoint"]
user.cnextname = cnext_tenant["name"]
user.save()
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
return shortcuts.redirect(redirect_to)
def switch_cnext_tenants(request,
tenant_id,
redirect_field_name=REDIRECT_FIELD_NAME):
""" Switches an authenticated user from one project to another. """
LOG.debug('Switching to tenant %s for user "%s".' %
(tenant_id, request.user.username))
user = get_user_document().objects(username=request.user.username).first()
cnext_tenant = tenantclouds.objects(id=tenant_id).first()
user.cnextpublickey = cnext_tenant["cloud_meta"]["publickey"]
user.cnextprivatekey = cnext_tenant["cloud_meta"]["privatekey"]
user.cnextendpoint = cnext_tenant["cloud_meta"]["endpoint"]
user.cnextname = cnext_tenant["name"]
user.save()
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
return shortcuts.redirect(redirect_to)
def handle(self, request, data):
user = get_user_document().objects(username=request.user.username).first()
openstack_clouds = sum([[y.cloudid for y in i.policy if
y.cloudid.platform == "Openstack"] for i in request.user.roles], [])
for cloud in openstack_clouds:
if str(cloud.id) == str(data['account_name']):
os_cloud = tenantclouds.objects(id = cloud.id).first()
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,
username=os_cloud.cloud_meta['publickey'],
password=encode_decode(os_cloud.cloud_meta['privatekey'],'decode'),
auth_url= os_cloud.cloud_meta['endpoint'])
utoken = openstack_user.token
if utoken:
delete_token(user.endpoint,user.token.id)
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
user.token = otoken
user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = os_cloud.cloud_meta['endpoint'] + ""
user.openstackname = os_cloud.name
user.save()
return True
return False
def logout(request):
msg = 'Logging out user "%(username)s".' % \
{'username': request.user.username}
LOG.info(msg)
try:
user = get_user_document().objects(
username=request.user.username).first()
if request.user.hp_attr:
hp_clouds = Hpclouddata.objects.all()
for hp_cloud in hp_clouds:
delete_token(endpoint=hp_cloud.endpoint,
token_id=hp_cloud.token.id)
hp = Hpclouddata.objects(id=hp_cloud.id).first()
hp.delete()
user.hp_attr = None
user.hpname = None
if request.user.token and request.user.endpoint:
delete_token(endpoint=request.user.endpoint,
token_id=request.user.token.id)
user.token = None
user.authorized_tenants = None
user.service_catalog = None
user.services_region = None
user.project_name = None
user.tenant_name = None
user.tenant_id = None
user.project_id = None
user.endpoint = None
user.openstackname = None
else:
LOG.debug("User token not deleted")
user.is_superuser = False
user.save()
except:
LOG.debug("User token not deleted")
return django_logout(request)
def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
""" Switches an authenticated user from one project to another. """
LOG.debug('Switching to tenant %s for user "%s".'
% (tenant_id, request.user.username))
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
endpoint = request.user.endpoint
try:
if get_keystone_version() >= 3:
endpoint = endpoint.replace('v2.0', 'v3')
client = get_keystone_client().Client(tenant_id=tenant_id,
token=request.user.token.id,
auth_url=endpoint,
insecure=insecure,
debug=settings.DEBUG)
auth_ref = client.auth_ref
msg = 'Project switch successful for user "%(username)s".' % \
{'username': request.user.username}
LOG.info(msg)
except keystone_exceptions.ClientException:
msg = 'Project switch failed for user "%(username)s".' % \
{'username': request.user.username}
LOG.warning(msg)
auth_ref = None
LOG.exception('An error occurred while switching sessions.')
# Ensure the user-originating redirection url is safe.
# Taken from django.contrib.auth.views.login()
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if auth_ref:
old_endpoint = request.session['region_endpoint']
old_token = request.user.token
if old_token and old_endpoint and old_token.id != auth_ref.auth_token:
delete_token(endpoint=old_endpoint, token_id=old_token.id)
openstack_user = create_user_from_token(request, Token(auth_ref), endpoint)
user = get_user_document().objects(username=request.user.username).first()
utoken = openstack_user.token
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
user.token = otoken
user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
role_perms = set(["openstack.roles.%s" % role['name'].lower()
for role in otoken.roles])
if "openstack.roles.admin" in role_perms:
user.is_superuser = True
else:
user.is_superuser = False
user.save()
set_session_from_user(request, user)
return shortcuts.redirect(redirect_to)
def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
""" Switches an authenticated user from one project to another. """
LOG.debug('Switching to tenant %s for user "%s".' %
(tenant_id, request.user.username))
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
endpoint = request.user.endpoint
try:
if get_keystone_version() >= 3:
endpoint = endpoint.replace('v2.0', 'v3')
client = get_keystone_client().Client(tenant_id=tenant_id,
token=request.user.token.id,
auth_url=endpoint,
insecure=insecure,
debug=settings.DEBUG)
auth_ref = client.auth_ref
msg = 'Project switch successful for user "%(username)s".' % \
{'username': request.user.username}
LOG.info(msg)
except keystone_exceptions.ClientException:
msg = 'Project switch failed for user "%(username)s".' % \
{'username': request.user.username}
LOG.warning(msg)
auth_ref = None
LOG.exception('An error occurred while switching sessions.')
# Ensure the user-originating redirection url is safe.
# Taken from django.contrib.auth.views.login()
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if auth_ref:
old_endpoint = request.session['region_endpoint']
old_token = request.user.token
if old_token and old_endpoint and old_token.id != auth_ref.auth_token:
delete_token(endpoint=old_endpoint, token_id=old_token.id)
openstack_user = create_user_from_token(request, Token(auth_ref),
endpoint)
user = get_user_document().objects(
username=request.user.username).first()
utoken = openstack_user.token
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
user.token = otoken
user.authorized_tenants = [
remove_tenants(d.__dict__)
for d in openstack_user.authorized_tenants
]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
role_perms = set([
"openstack.roles.%s" % role['name'].lower()
for role in otoken.roles
])
if "openstack.roles.admin" in role_perms:
user.is_superuser = True
else:
user.is_superuser = False
user.save()
set_session_from_user(request, user)
return shortcuts.redirect(redirect_to)
def authenticate(self, request=None,username=None, password=None):
try:
get_user_document().objects(username=username.lower()).first()
except Exception, e:
print e
def get_user(self, user_id):
return get_user_document().objects.with_id(user_id)
def handle(self, request, data):
user = get_user_document().objects(
username=request.user.username).first()
user.awsendpoint = str(data['region_name'])
user.save()
return True
def get_user_model(self):
return get_user_document()
def get_user_model(self):
return get_user_document()
def action(self, request, obj_id):
cloud = tenantclouds.objects(id=obj_id).first()
roles = roledetail.objects(tenantid=request.user.tenantid)
for role in roles:
list1 = []
for a in role.policy:
if (str(a.cloudid.id) == str(obj_id)):
pass
else:
list1.append(a)
roledetail.objects(id=role.id).update(set__policy=list1)
user = get_user_document().objects(
username=request.user.username).first()
if cloud.platform == "Openstack":
if user.openstackname == cloud.name:
clouds = sum([[
y.cloudid
for y in i.policy if y.cloudid.platform == "Openstack"
] for i in user.roles], [])
if clouds:
openstack_user = openstack_authenticate.authenticate(
user_domain_name=None,
username=clouds[0]["cloud_meta"]["publickey"],
password=encode_decode(
clouds[0]["cloud_meta"]["privatekey"], "decode"),
auth_url=clouds[0]["cloud_meta"]["endpoint"])
utoken = openstack_user.token
if utoken:
delete_token(user.endpoint, user.token.id)
otoken = trail.DocToken(
user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
user.token = otoken
user.authorized_tenants = [
remove_tenants(d.__dict__)
for d in openstack_user.authorized_tenants
]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = clouds[0]["cloud_meta"]["endpoint"] + ""
user.openstackname = clouds[0]["name"]
else:
delete_token(user.endpoint, user.token.id)
user.authorized_tenants = []
user.service_catalog = []
user.services_region = None
user.project_name = None
user.tenant_name = None
user.tenant_id = None
user.project_id = None
user.endpoint = None
user.token = None
user.openstackname = None
if cloud.platform == "Cnext":
if user.cnextname == cloud.name:
clouds = sum([[
y.cloudid
for y in i.policy if y.cloudid.platform == "Cnext"
] for i in user.roles], [])
if clouds:
user.cnextpublickey = clouds[0]["cloud_meta"]["publickey"]
user.cnextprivatekey = encode_decode(
clouds[0]["cloud_meta"]["privatekey"], "encode")
user.cnextendpoint = clouds[0]["cloud_meta"]["endpoint"]
user.cnextname = clouds[0]["name"]
else:
user.cnextpublickey = ""
user.cnextprivatekey = ""
user.cnextendpoint = ""
user.cnextname = ""
if cloud.platform == "Hpcloud":
hp_clouds = Hpclouddata.objects.all()
for hp_cloud in hp_clouds:
if hp_cloud.hpcloudid.id == cloud.id:
if hp_cloud.id == request.user.hp_attr.id:
clouds = sum([[
y.cloudid for y in i.policy
if y.cloudid.platform == "Hpcloud"
] for i in user.roles], [])
if clouds:
hpclouds = Hpclouddata.objects.all()
for hpcloud in hpclouds:
if hpcloud.hpcloudid.id != cloud.id:
user.hp_attr = hpcloud
hpcloudobj = tenantclouds.objects(
id=hpcloud.hpcloudid.id).first()
user.hpname = hpcloudobj.name
else:
user.hp_attr = None
user.hpname = None
hp = Hpclouddata.objects(id=hp_cloud.id).first()
hp.delete()
else:
hp = Hpclouddata.objects(id=hp_cloud.id).first()
hp.delete()
if cloud.platform == "Amazon":
if user.awsname == cloud.name:
clouds = sum([[
y.cloudid
for y in i.policy if y.cloudid.platform == "Amazon"
] for i in user.roles], [])
if clouds:
user.awspublickey = clouds[0]["cloud_meta"]["publickey"]
user.awsprivatekey = encode_decode(
clouds[0]["cloud_meta"]["privatekey"], "encode")
user.awsendpoint = clouds[0]["cloud_meta"]["endpoint"]
user.awsname = clouds[0]["name"]
else:
user.awspublickey = ""
user.awsprivatekey = ""
user.awsendpoint = ""
user.awsname = ""
user.save()
cloud.delete()
def action(self, request, obj_id):
cloud = tenantclouds.objects(id = obj_id).first()
roles = roledetail.objects(tenantid=request.user.tenantid)
for role in roles:
list1 = []
for a in role.policy:
if (str(a.cloudid.id) == str(obj_id)):
pass
else:
list1.append(a)
roledetail.objects(id=role.id).update(set__policy=list1)
user = get_user_document().objects(username=request.user.username).first()
if cloud.platform == "Openstack":
if user.openstackname == cloud.name:
clouds = sum([[y.cloudid for y in i.policy
if y.cloudid.platform == "Openstack"]
for i in user.roles], [])
if clouds:
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=clouds[0]["cloud_meta"]["publickey"],
password=encode_decode(clouds[0]["cloud_meta"]["privatekey"],"decode"),
auth_url= clouds[0]["cloud_meta"]["endpoint"])
utoken = openstack_user.token
if utoken:
delete_token(user.endpoint,user.token.id)
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
user.token = otoken
user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = clouds[0]["cloud_meta"]["endpoint"] + ""
user.openstackname = clouds[0]["name"]
else:
delete_token(user.endpoint,user.token.id)
user.authorized_tenants = []
user.service_catalog = []
user.services_region = None
user.project_name = None
user.tenant_name = None
user.tenant_id = None
user.project_id = None
user.endpoint = None
user.token = None
user.openstackname = None
if cloud.platform =="Cnext":
if user.cnextname == cloud.name:
clouds = sum([[y.cloudid for y in i.policy
if y.cloudid.platform == "Cnext"]
for i in user.roles], [])
if clouds:
user.cnextpublickey = clouds[0]["cloud_meta"]["publickey"]
user.cnextprivatekey = encode_decode(clouds[0]["cloud_meta"]["privatekey"],"encode")
user.cnextendpoint = clouds[0]["cloud_meta"]["endpoint"]
user.cnextname = clouds[0]["name"]
else:
user.cnextpublickey = ""
user.cnextprivatekey = ""
user.cnextendpoint = ""
user.cnextname = ""
if cloud.platform == "Hpcloud":
hp_clouds = Hpclouddata.objects.all()
for hp_cloud in hp_clouds:
if hp_cloud.hpcloudid.id == cloud.id:
if hp_cloud.id == request.user.hp_attr.id:
clouds = sum([[y.cloudid for y in i.policy
if y.cloudid.platform == "Hpcloud"]
for i in user.roles], [])
if clouds:
hpclouds = Hpclouddata.objects.all()
for hpcloud in hpclouds:
if hpcloud.hpcloudid.id != cloud.id:
user.hp_attr = hpcloud
hpcloudobj = tenantclouds.objects(id = hpcloud.hpcloudid.id).first()
user.hpname = hpcloudobj.name
else:
user.hp_attr = None
user.hpname = None
hp = Hpclouddata.objects(id = hp_cloud.id).first()
hp.delete()
else:
hp = Hpclouddata.objects(id = hp_cloud.id).first()
hp.delete()
if cloud.platform =="Amazon":
if user.awsname == cloud.name:
clouds = sum([[y.cloudid for y in i.policy
if y.cloudid.platform == "Amazon"]
for i in user.roles], [])
if clouds:
user.awspublickey = clouds[0]["cloud_meta"]["publickey"]
user.awsprivatekey = encode_decode(clouds[0]["cloud_meta"]["privatekey"],"encode")
user.awsendpoint = clouds[0]["cloud_meta"]["endpoint"]
user.awsname = clouds[0]["name"]
else:
user.awspublickey = ""
user.awsprivatekey = ""
user.awsendpoint = ""
user.awsname = ""
user.save()
cloud.delete()
def test_get_user_document(self):
self.assertEqual(get_user_document(), User)
def authenticate(self, request=None, username=None, password=None):
try:
get_user_document().objects(username=username.lower()).first()
except Exception, e:
print e
class CloudMongoBackend(object):
'To check permission seperate backend'
"""Authenticate using MongoEngine and mongoengine.django.auth.User.
"""
supports_object_permissions = False
supports_anonymous_user = False
supports_inactive_user = False
DEFAULT_IDENTITY_PORT = "" #":5000/v2.0"
def authenticate(self, request=None, username=None, password=None):
try:
get_user_document().objects(username=username.lower()).first()
except Exception, e:
print e
user = get_user_document().objects(username=username.lower()).first()
if user:
if password and user.check_password(password):
if not user.status:
msg = _("Your Account is Not Activated. \n"
"Please Activate Account, and Login")
LOG.debug(msg)
raise KeystoneAuthException(msg)
if user.roles == []:
msg = _("You do not have any permission to perform")
LOG.debug(msg)
raise KeystoneAuthException(msg)
backend = auth.get_backends()[0]
user.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
else:
msg = _("Please Login with " "Correct Password.")
LOG.debug(msg)
raise KeystoneAuthException(msg)
cloud = []
cloud1 = []
cloud2 = []
cloud1 = sum([[
y.cloudid for y in i.policy if y.cloudid.platform == "Cnext"
] for i in user.roles], [])
cloud2 = sum([[
y.cloudid for y in i.policy if y.cloudid.platform == "Amazon"
] for i in user.roles], [])
cloud3 = sum([[
y.cloudid for y in i.policy if y.cloudid.platform == "Hpcloud"
] for i in user.roles], [])
cloud = sum([[
y.cloudid
for y in i.policy if y.cloudid.platform == "Openstack"
] for i in user.roles], [])
if cloud:
try:
cloud_endpoint = cloud[0]["cloud_meta"]["endpoint"]
cloud_accesskey = cloud[0]["cloud_meta"]["publickey"]
cloud_privatekey = trail.encode_decode(
cloud[0]["cloud_meta"]["privatekey"], "decode")
##Getting openstack user object by calling keystone client ##
openstack_user = authenticate(user_domain_name=None,
username=cloud_accesskey,
password=cloud_privatekey,
auth_url=cloud_endpoint +
self.DEFAULT_IDENTITY_PORT)
utoken = openstack_user.token
otoken = trail.DocToken(
user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
user.token = otoken
user.authorized_tenants = [
remove_tenants(d.__dict__)
for d in openstack_user.authorized_tenants
]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = cloud_endpoint + self.DEFAULT_IDENTITY_PORT
user.openstackname = cloud[0]["name"]
msg = _("Successfully user token created in " "Mongodb.")
LOG.debug(msg)
except:
pass
if cloud1:
user.cnextpublickey = cloud1[0]["cloud_meta"]["publickey"]
user.cnextprivatekey = cloud1[0]["cloud_meta"]["privatekey"]
user.cnextendpoint = cloud1[0]["cloud_meta"]["endpoint"]
user.cnextname = cloud1[0]["name"]
if cloud2:
user.awspublickey = cloud2[0]["cloud_meta"]["publickey"]
user.awsprivatekey = cloud2[0]["cloud_meta"]["privatekey"]
user.awsendpoint = cloud2[0]["cloud_meta"]["endpoint"]
user.awsname = cloud2[0]["name"]
if cloud3:
try:
for x in range(len(cloud3)):
cloud_endpoint = cloud3[x]["cloud_meta"]["endpoint"]
cloud_accesskey = cloud3[x]["cloud_meta"]["publickey"]
cloud_privatekey = trail.encode_decode(
cloud3[x]["cloud_meta"]["privatekey"], "decode")
##Getting openstack user object by calling keystone client ##
openstack_user = authenticate(
user_domain_name=None,
username=cloud_accesskey,
password=cloud_privatekey,
auth_url=cloud_endpoint +
self.DEFAULT_IDENTITY_PORT)
utoken = openstack_user.token
otoken = trail.DocToken(
user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
hp = trail.Hpclouddata(token = otoken,\
authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\
service_catalog = openstack_user.service_catalog,\
services_region = openstack_user.services_region,\
project_name = openstack_user.project_name,\
tenant_name = openstack_user.tenant_name,\
tenant_id = openstack_user.tenant_id,\
project_id = openstack_user.project_id,\
endpoint = cloud_endpoint + "",\
hpcloudid = cloud3[x]["id"]
)
hp.save()
if x == 0:
user.hp_attr = hp
user.hpname = cloud3[x]["name"]
msg = _("Successfully user token created in " "Mongodb.")
LOG.debug(msg)
except:
pass
user.save()
return user
else:
msg = _("Invalid Credentials.")
LOG.debug(msg)
raise KeystoneAuthException(msg)
return None
def get_user(self, user_id):
return get_user_document().objects.with_id(user_id)
def handle(self, request, context):
cloud_id = context.get('cloud_id', None)
username = context.get('publickey', None)
cloudname = context.get('cloudname', None)
platform = context.get('platform', None)
password = context.get('secretkey', None)
endpoint = context.get('endpoint', None)
cloud_type = context.get('cloud_type', None)
if (username == '') & (password == ''):
username = context.get('publickey', None)
password = context.get('secretkey', None)
get_user_document().objects(username=request.user.username).first()
user = get_user_document().objects(
username=request.user.username).first()
try:
if platform == "Cnext":
httpInst = httplib2.Http()
httpInst.add_credentials(name = username, \
password = password)
url = endpoint + "/api/instance?resourceType=vm"
resp, body = httpInst.request(url)
if resp.status == 200:
cloud = tenantclouds(name=cloudname,
cloud_type=cloud_type,
platform=platform,
cloud_meta={
"publickey":
username,
"privatekey":
encode_decode(password, "encode"),
"endpoint":
endpoint
},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
roles = roledetail.objects(
tenantid=request.user.tenantid.id)
allowed_action = actions.objects.first().allowed
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {
"cloudid": cloud.id,
"provider": "ALL",
"region": "ALL",
"allowed": allowed_action
}
roledetail.objects(id=role.id).update(
push__policy=i)
else:
pass
if user.cnextname == "" or user.cnextname is None:
user.cnextpublickey = username
user.cnextprivatekey = encode_decode(
password, "encode")
user.cnextendpoint = endpoint
user.cnextname = cloudname
user.save()
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Openstack":
openstack_user = openstack_authenticate.authenticate(
user_domain_name=None,
username=username,
password=password,
auth_url=endpoint)
utoken = openstack_user.token
if utoken:
cloud = tenantclouds(name=cloudname,
cloud_type=cloud_type,
platform=platform,
cloud_meta={
"publickey":
username,
"privatekey":
encode_decode(password, "encode"),
"endpoint":
endpoint
},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
allowed_action = actions.objects.first().allowed
roles = roledetail.objects(
tenantid=request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {
"cloudid": cloud.id,
"provider": "",
"region": "",
"allowed": allowed_action
}
roledetail.objects(id=role.id).update(
push__policy=i)
if user.openstackname == "" or user.openstackname is None:
otoken = trail.DocToken(
user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
user.token = otoken
user.authorized_tenants = [
remove_tenants(d.__dict__)
for d in openstack_user.authorized_tenants
]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = endpoint + ""
user.openstackname = cloudname
msg = _("Successfully user token created in "
"Mongodb.")
user.save()
LOG.debug(msg)
else:
delete_token(endpoint, utoken.id)
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Hpcloud":
openstack_user = openstack_authenticate.authenticate(
user_domain_name=None,
username=username,
password=password,
auth_url=endpoint)
utoken = openstack_user.token
if utoken:
cloud = tenantclouds(name=cloudname,
cloud_type=cloud_type,
platform=platform,
cloud_meta={
"publickey":
username,
"privatekey":
encode_decode(password, "encode"),
"endpoint":
endpoint
},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
allowed_action = actions.objects.first().allowed
roles = roledetail.objects(
tenantid=request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {
"cloudid": cloud.id,
"provider": "",
"region": "",
"allowed": allowed_action
}
roledetail.objects(id=role.id).update(
push__policy=i)
otoken = trail.DocToken(
user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog)
hp = trail.Hpclouddata(token = otoken,\
authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\
service_catalog = openstack_user.service_catalog,\
services_region = openstack_user.services_region,\
project_name = openstack_user.project_name,\
tenant_name = openstack_user.tenant_name,\
tenant_id = openstack_user.tenant_id,\
project_id = openstack_user.project_id,\
endpoint = endpoint + "",\
hpcloudid = cloud.id
)
hp.save()
if user.hp_attr == "" or user.hp_attr is None:
user.hp_attr = hp
user.hpname = cloudname
user.save()
msg = _("Successfully user token created in " "Mongodb.")
LOG.debug(msg)
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Amazon":
status = test(endpoint, username, password)
if status == True:
cloud = tenantclouds(name=cloudname,
cloud_type=cloud_type,
platform=platform,
cloud_meta={
"publickey":
username,
"privatekey":
encode_decode(password, "encode"),
"endpoint":
endpoint
},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
roles = roledetail.objects(
tenantid=request.user.tenantid.id)
allowed_action = actions.objects.first().allowed
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {
"cloudid": cloud.id,
"provider": "ALL",
"region": "ALL",
"allowed": allowed_action
}
roledetail.objects(id=role.id).update(
push__policy=i)
else:
pass
if user.awsname == "" or user.awsname is None:
user.awspublickey = username
user.awsprivatekey = encode_decode(password, "encode")
user.awsendpoint = endpoint
user.awsname = cloudname
user.save()
refresh_session_policies(request, request.user)
return True
else:
return False
else:
cloud = tenantclouds(name=cloudname,
cloud_type=cloud_type,
platform=platform,
cloud_meta={
"publickey":
username,
"privatekey":
encode_decode(password, "encode"),
"endpoint":
endpoint
},
tenantid=request.user.tenantid.id)
cloud.save()
roles = roledetail.objects(tenantid=request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {
"cloudid":
cloud.id,
"provider": [],
"region": [],
"allowed": [
"Create Instance", "Delete Instance",
"Create KP and SG", "Delete KP and SG",
"Start Instance", "Stop Instance",
"Create Volume", "Delete Volume",
"Attach and Dettach Volume"
]
}
roledetail.objects(id=role.id).update(push__policy=i)
return True
except Exception, e:
messages.error(request, _(e.message))
LOG.error(e.message)
def test_get_user_document(self):
self.assertEqual(get_user_document(), User)
def handle(self, request, context):
cloud_id = context.get('cloud_id', None)
username = context.get('publickey', None)
cloudname = context.get('cloudname', None)
platform = context.get('platform', None)
password = context.get('secretkey', None)
endpoint = context.get('endpoint', None)
cloud_type = context.get('cloud_type', None)
if (username == '') & (password == ''):
username = context.get('publickey', None)
password = context.get('secretkey', None)
get_user_document().objects(username=request.user.username).first()
user = get_user_document().objects(username=request.user.username).first()
try:
if platform == "Cnext":
httpInst = httplib2.Http()
httpInst.add_credentials(name = username, \
password = password)
url = endpoint + "/api/instance?resourceType=vm"
resp, body = httpInst.request(url)
if resp.status == 200 :
cloud = tenantclouds(name = cloudname,cloud_type = cloud_type,
platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
roles = roledetail.objects(tenantid = request.user.tenantid.id)
allowed_action = actions.objects.first().allowed
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {"cloudid":cloud.id,"provider":"ALL","region":"ALL","allowed": allowed_action}
roledetail.objects(id = role.id).update(push__policy=i)
else:
pass
if user.cnextname == "" or user.cnextname is None:
user.cnextpublickey = username
user.cnextprivatekey = encode_decode(password,"encode")
user.cnextendpoint = endpoint
user.cnextname = cloudname
user.save()
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Openstack":
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username,
password=password,
auth_url= endpoint)
utoken = openstack_user.token
if utoken:
cloud = tenantclouds(name = cloudname,cloud_type = cloud_type,
platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
allowed_action = actions.objects.first().allowed
roles = roledetail.objects(tenantid = request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {"cloudid":cloud.id,"provider":"","region":"","allowed":allowed_action}
roledetail.objects(id = role.id).update(push__policy=i)
if user.openstackname == "" or user.openstackname is None:
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
user.token = otoken
user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = endpoint + ""
user.openstackname = cloudname
msg = _("Successfully user token created in "
"Mongodb.")
user.save()
LOG.debug(msg)
else:
delete_token(endpoint,utoken.id)
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Hpcloud":
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username,
password=password,
auth_url= endpoint)
utoken = openstack_user.token
if utoken:
cloud = tenantclouds(name = cloudname,cloud_type = cloud_type,
platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
allowed_action = actions.objects.first().allowed
roles = roledetail.objects(tenantid = request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {"cloudid":cloud.id,"provider":"","region":"","allowed":allowed_action}
roledetail.objects(id = role.id).update(push__policy=i)
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
hp = trail.Hpclouddata(token = otoken,\
authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants],\
service_catalog = openstack_user.service_catalog,\
services_region = openstack_user.services_region,\
project_name = openstack_user.project_name,\
tenant_name = openstack_user.tenant_name,\
tenant_id = openstack_user.tenant_id,\
project_id = openstack_user.project_id,\
endpoint = endpoint + "",\
hpcloudid = cloud.id
)
hp.save()
if user.hp_attr == "" or user.hp_attr is None:
user.hp_attr = hp
user.hpname = cloudname
user.save()
msg = _("Successfully user token created in "
"Mongodb.")
LOG.debug(msg)
refresh_session_policies(request, request.user)
return True
else:
return False
elif platform == "Amazon":
status = test(endpoint,username,password)
if status == True:
cloud = tenantclouds(name = cloudname,cloud_type = cloud_type,
platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint},
tenantid=request.user.tenantid.id,
cloudid=cloud_id)
cloud.save()
roles = roledetail.objects(tenantid = request.user.tenantid.id)
allowed_action = actions.objects.first().allowed
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {"cloudid":cloud.id,"provider":"ALL","region":"ALL","allowed": allowed_action}
roledetail.objects(id = role.id).update(push__policy=i)
else:
pass
if user.awsname == "" or user.awsname is None:
user.awspublickey = username
user.awsprivatekey = encode_decode(password,"encode")
user.awsendpoint = endpoint
user.awsname = cloudname
user.save()
refresh_session_policies(request, request.user)
return True
else:
return False
else:
cloud = tenantclouds(name = cloudname,cloud_type = cloud_type,
platform = platform,cloud_meta ={"publickey":username,"privatekey":encode_decode(password,"encode"),"endpoint":endpoint},
tenantid=request.user.tenantid.id)
cloud.save()
roles = roledetail.objects(tenantid = request.user.tenantid.id)
for role in roles:
if role.roletype == "Tenant Admin" and role.name == "Tenant Admin":
i = {"cloudid":cloud.id,"provider":[],"region":[],"allowed":[ "Create Instance" , "Delete Instance" , "Create KP and SG" , "Delete KP and SG" , "Start Instance" , "Stop Instance" , "Create Volume" , "Delete Volume" , "Attach and Dettach Volume"]}
roledetail.objects(id = role.id).update(push__policy=i)
return True
except Exception,e:
messages.error(request,_(e.message))
LOG.error(e.message)
from datetime import datetime
import binascii
import os
from mongoengine import Document, StringField, DateTimeField, ReferenceField
from mongoengine.django.mongo_auth.models import get_user_document
AUTH_USER_MODEL = get_user_document()
class Token(Document):
key = StringField(max_length=40, primary_key=True)
user = ReferenceField(AUTH_USER_MODEL)
created = DateTimeField(default=datetime.now())
def save(self, *args, **kwargs):
if not self.key:
self.key = self.generate_key()
return super(Token, self).save(*args, **kwargs)
def generate_key(self):
return binascii.hexlify(os.urandom(20)).decode()
def __str__(self):
return self.key
import datetime
from django.utils.six.moves import urllib_parse
from django.utils.six.moves.urllib_request import urlopen, Request
from django.contrib.auth.backends import ModelBackend
from django.conf import settings
from uuid import uuid4
from django_cas_ng.signals import cas_user_authenticated
is_mongo_backend = getattr(settings, 'CAS_MONGO_BACKEND', True)
if is_mongo_backend:
from mongoengine.django.mongo_auth.models import get_user_document
User = get_user_document()
else:
from django.contrib.auth import get_user_model
User = get_user_model()
__all__ = ['CASBackend']
def _verify_cas1(ticket, service):
"""Verifies CAS 1.0 authentication ticket.
Returns username on success and None on failure.
"""
params = [('ticket', ticket), ('service', service)]
url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'validate') + '?' +
def handle(self, request, data):
user = get_user_document().objects(username=request.user.username).first()
user.awsendpoint = str(data['region_name'])
user.save()
return True
import datetime
from django.utils.six.moves import urllib_parse
from django.utils.six.moves.urllib_request import urlopen, Request
from django.contrib.auth.backends import ModelBackend
from django.conf import settings
from uuid import uuid4
from django_cas_ng.signals import cas_user_authenticated
is_mongo_backend = getattr(settings, 'CAS_MONGO_BACKEND', True)
if is_mongo_backend:
from mongoengine.django.mongo_auth.models import get_user_document
User = get_user_document()
else:
from django.contrib.auth import get_user_model
User = get_user_model()
__all__ = ['CASBackend']
def _verify_cas1(ticket, service):
"""Verifies CAS 1.0 authentication ticket.
Returns username on success and None on failure.
"""
params = [('ticket', ticket), ('service', service)]
url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'validate') + '?' +
from mongoengine import *
from allauth.account import app_settings
from mongoengine.django.mongo_auth.models import get_user_document
from mongoengine.django.utils import datetime_now
from django.utils.translation import ugettext_lazy as _
USER_DOCUMENT = get_user_document()
from django.utils import timezone
from moe_auth.auth import managers
from django.utils.crypto import get_random_string
from allauth.account import signals
from allauth.utils import build_absolute_uri
from allauth.account.adapter import get_adapter
from django.core.urlresolvers import reverse
import string
def _simple_domain_name_validator(value):
"""
Validates that the given value contains no whitespaces to prevent common
typos.
"""
if not value:
return False
checks = ((s in value) for s in string.whitespace)
if any(checks):
return False
return True
# raise ValidationError(
# _("The domain name cannot contain any spaces or tabs."),
# code='invalid',
# )
def handle(self, request, context):
id = context.get('id', None)
username = context.get('username', None)
cloudname = context.get('cloudname', None)
password = context.get('password', None)
endpoint = context.get('endpoint', None)
if (username == '') & (password == ''):
username = context.get('publickey', None)
password = context.get('secretkey', None)
try:
user = get_user_document().objects(username=request.user.username).first()
cloud = tenantclouds.objects(id = id).first()
if cloud.platform =="Amazon":
status = test(endpoint,username,password)
if status == True:
if user.awsname == cloud.name:
user.awspublickey = username
user.awsprivatekey = trail.encode_decode(password,"encode")
user.awsendpoint = endpoint
user.awsname = cloudname
else:
return False
if cloud.platform =="Cnext":
httpInst = httplib2.Http()
httpInst.add_credentials(name = username, \
password = password)
url = endpoint + ":8130/apiv2/instance"
resp, body = httpInst.request(url)
if resp.status == 200 :
if user.cnextname == cloud.name:
user.cnextpublickey = username
user.cnextprivatekey = trail.encode_decode(password,"encode")
user.cnextendpoint = endpoint
user.cnextname = cloudname
else:
return False
if cloud.platform =="Hpcloud":
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username,
password=password,
auth_url= endpoint)
utoken = openstack_user.token
if utoken:
hp = Hpclouddata.objects(id = request.user.hp_attr.id).first()
hpcloud = tenantclouds.objects(id = hp.hpcloudid.id).first()
if hpcloud.name == cloud.name:
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
hp.token = otoken
hp.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
hp.service_catalog = openstack_user.service_catalog
hp.services_region = openstack_user.services_region
hp.project_name = openstack_user.project_name
hp.tenant_name = openstack_user.tenant_name
hp.tenant_id = openstack_user.tenant_id
hp.project_id = openstack_user.project_id
hp.endpoint = endpoint
hp.save()
user.hpname = cloudname
else:
return False
if cloud.platform =="Openstack":
openstack_user = openstack_authenticate.authenticate(user_domain_name=None,username=username,
password=password,
auth_url= endpoint)
utoken = openstack_user.token
if utoken:
if user.openstackname == cloud.name:
delete_token(user.endpoint,user.token.id)
otoken = trail.DocToken(user=utoken.user,
user_domain_id=utoken.user_domain_id,
id=utoken.id,
project=utoken.project,
tenant=utoken.project,
domain=utoken.domain,
roles=utoken.roles,
serviceCatalog=utoken.serviceCatalog
)
user.token = otoken
user.authorized_tenants = [remove_tenants(d.__dict__) for d in openstack_user.authorized_tenants]
user.service_catalog = openstack_user.service_catalog
user.services_region = openstack_user.services_region
user.project_name = openstack_user.project_name
user.tenant_name = openstack_user.tenant_name
user.tenant_id = openstack_user.tenant_id
user.project_id = openstack_user.project_id
user.endpoint = endpoint + ""
user.openstackname = cloudname
else:
delete_token(endpoint,utoken.id)
else:
return False
clouds = tenantclouds.objects(id = id).update(set__name = cloudname,set__cloud_meta ={"publickey":username,"privatekey":trail.encode_decode(password,"encode"),"endpoint":endpoint})
user.save()
refresh_session_policies(request, request.user)
return True
except Exception,e:
messages.error(request,_(e.message))
LOG.error(e.message)
