def stop_slices(self):
"""
First step: stop conflictive (non-standard) slices at FlowVisor.
"""
ids = get_conflictive_slices_ids()
errors = []
slice_id = ""
slices = filter_own_slices(ids)
for slice in slices:
# We get only OpenFlow aggregates to delete their slices at FV
aggs = slice.aggregates.filter(leaf_name="OpenFlowAggregate")
for agg in aggs:
try:
slice_id = str(SITE_DOMAIN_DEFAULT) + "_" + str(slice.id)
print "Stopping", slice_id, "at aggregate", str(agg)
time.sleep(FLOWVISOR_SLEEP_TIME)
with Timeout(TIMEOUT):
agg.as_leaf_class().client.proxy.delete_slice(slice_id)
# Stopping slice at Expedient
slice.started = False
slice.save()
except Exception as e:
message = """Could not fix the naming in Aggreggate Manager %s for slice with the following details:
name:\t\t %s
FlowVisor name:\t\t %s
The cause of the error is: %s. Please try to fix it manually""" % (str(agg.as_leaf_class()),slice.name, slice_id, e)
send_mail("OCF: error while standardizing Flowvisor slices", message, "*****@*****.**", [settings.ROOT_EMAIL])
errors.append(message)
if errors:
return "\033[93mFailure while stopping non-standard slices at FlowVisor: %s\033[0m" % str(errors)
else:
return "\033[92mSuccessfully stopped non-standard slices at FlowVisor\033[0m"
def stop_expired_slices():
"""Find expired slices and stop them, sending an email to the owner."""
expired_slices = Slice.objects.filter(
expiration_date__lte=datetime.now(), started=True)
for slice in expired_slices:
threadlocals.push_frame(user=slice.owner)
try:
slice.stop(slice.owner)
except:
logger.error(
"Error stopping expired slice"
" %s: %s" % (slice, traceback.format_exc()))
threadlocals.pop_frame()
try:
send_mail(
"Your slice %s expired." % slice,
"Your slice %s has been stopped because it expired on %s."
"Before you restart your slice, you will need to update the "
"slice's expiration date." % (slice, slice.expiration_date),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[slice.owner.email],
)
except:
logger.error(
"Error sending expired slice "
"email to user: %s" % traceback.format_exc())
def start_slices(self):
"""
Second step: start previously conflictive (non-standard) slices at FlowVisor.
"""
errors = []
slice_ids = []
# If 'conflictive_slice_ids' file exists, do the following.
# Otherwise warn and skip.
try:
f = open("%s/conflictive_slice_ids" % path, "r")
ids = pickle.load(f)
f.close()
os.remove("%s/conflictive_slice_ids" % path)
slices = filter_own_slices(ids)
for (counter, slice) in enumerate(slices):
aggs = slice.aggregates.filter(leaf_name="OpenFlowAggregate")
slice_id = str(settings.SITE_DOMAIN) + "_" + str(slice.id)
slice_ids.append({
"id": slice_id,
"keywords": ids[counter]['keywords']
})
for agg in aggs:
try:
print "Starting", slice_id, "at aggregate", str(agg)
time.sleep(FLOWVISOR_SLEEP_TIME)
with Timeout(TIMEOUT):
agg.as_leaf_class().client.proxy.create_slice(
slice_id, slice.project.name,
slice.project.description, slice.name,
slice.description,
slice.openflowsliceinfo.controller_url,
slice.owner.email,
slice.openflowsliceinfo.password,
agg.as_leaf_class()._get_slivers(slice))
# Starting slice at Expedient
slice.started = True
slice.save()
except Exception as e:
message = """Could not fix the naming in Aggregate Manager %s for slice with the following details: name:\t\t %s
FlowVisor name:\t\t %s
The cause of the error is: %s. Please try to fix it manually""" % (str(
agg.as_leaf_class()), slice.name, slice_id, e)
send_mail(
"OCF: error while standardizing Flowvisor slices",
message, "*****@*****.**",
[settings.ROOT_EMAIL])
errors.append(message)
# Save the slice IDs to grant flowspace nevertheless of other errors
f = open("%s/slice_ids_to_grant_fs" % path, "w")
pickle.dump(slice_ids, f)
f.close()
if errors:
return "\033[93mFailure while starting previously non-standard slices at FlowVisor: %s\033[0m" % str(
errors)
else:
return "\033[92mSuccessfully started previously non-standard slices at FlowVisor\033[0m"
except Exception as e:
print e
return "\033[93mCould not access file with slice IDs. Skipping...\033[0m\n"
def stop_expired_slices():
"""Find expired slices and stop them, sending an email to the owner."""
expired_slices = Slice.objects.filter(expiration_date__lte=datetime.now(),
started=True)
for slice in expired_slices:
threadlocals.push_frame(user=slice.owner)
try:
slice.stop(slice.owner)
except:
logger.error("Error stopping expired slice"
" %s: %s" % (slice, traceback.format_exc()))
threadlocals.pop_frame()
try:
send_mail(
"Your slice %s expired." % slice,
"Your slice %s has been stopped because it expired on %s."
"Before you restart your slice, you will need to update the "
"slice's expiration date." % (slice, slice.expiration_date),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[slice.owner.email],
)
except:
logger.error("Error sending expired slice "
"email to user: %s" % traceback.format_exc())
def save(self, domain_override=None, email_template_name='registration/password_reset_email.html',
use_https=False, token_generator=default_token_generator):
"""
Generates a one-use only link for resetting password and sends to the user.
A minimal exception control is implemented to avoid problems with e-mail.
"""
from expedient.common.utils.mail import send_mail # Wrapper for django.core.mail__send_mail
for user in self.users_cache:
if not domain_override:
current_site = Site.objects.get_current()
site_name = current_site.name
domain = current_site.domain
else:
site_name = domain = domain_override
if user.password == '!':
t = loader.get_template('registration/password_reset_email_ofreg.html')
else:
t = loader.get_template(email_template_name)
c = {
'email': user.email,
'domain': domain,
'site_name': site_name,
'uid': int_to_base36(user.id),
'user': user,
'token': token_generator.make_token(user),
'protocol': use_https and 'https' or 'http',
}
try:
send_mail(("Password reset for user %s in %s") % (user.username,site_name),
t.render(Context(c)), None, [user.email])
except Exception as e:
print "[ERROR] Exception at 'expedient.clearinghouse.users.forms': user '%s' (%s) could not fully reset its password. LDAPPasswordResetForm returned: %s" % (user.username, user.email, str(e))
def add_member(request, proj_id):
"""Add a member to the project"""
project = get_object_or_404(Project, id=proj_id)
if request.method == "POST":
form = AddMemberForm(project=project, giver=request.user, data=request.POST)
if form.is_valid():
user = User.objects.get(id = request.POST['user'] )
form.save()
try:
#Sync LDAP
project.save()
except:
logger.warning("User '%s' may have not been added to project '%s'. It could be a bug within LDAP." % (user.username, project.name))
DatedMessage.objects.post_message_to_user(
"User '%s' may not own the requested permissions. It could be a bug within LDAP." % user.username,
request.user, msg_type=DatedMessage.TYPE_ERROR)
return HttpResponseRedirect(reverse("project_detail", args=[proj_id]))
#Send mail notification to the user
roles = ', '.join(repr(role.encode('ascii')) for role in ProjectRole.objects.filter( id__in = request.POST.getlist('roles')).values_list('name', flat=True))
#XXX: Not sure about this... maybe give_permission_to...
for aggregate in project._get_aggregates():
if not has_permission(user, aggregate, "can_use_aggregate"):
aggregate.add_to_user(user,"/")
try:
# Get project detail URL to send via e-mail
from expedient.clearinghouse.project import urls
project_detail_url = reverse("project_detail", args=[project.id]) or "/"
# No "https://" check should be needed if settings are OK
site_domain_url = "https://" + Site.objects.get_current().domain + project_detail_url
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "Project %s membership notification" % (project.name),
"You have been added to project '%s' as a user with the following roles: %s.\nYou may start experimenting now by going to %s\n\n" % (project.name, roles, site_domain_url),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
return HttpResponseRedirect(reverse("project_detail", args=[proj_id]))
else:
form = AddMemberForm(project=project, giver=request.user)
return simple.direct_to_template(
request,
template=TEMPLATE_PATH+"/add_member.html",
extra_context={
"form": form,
"project": project,
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % project.name, reverse("project_detail", args=[project.id])),
("Add Member", request.path),
),
},
)
def add_member(request, proj_id):
"""Add a member to the project"""
project = get_object_or_404(Project, id=proj_id)
if request.method == "POST":
form = AddMemberForm(project=project, giver=request.user, data=request.POST)
if form.is_valid():
user = User.objects.get(id = request.POST['user'] )
form.save()
try:
#Sync LDAP
project.save()
except:
logger.warning("User '%s' may have not been added to project '%s'. It could be a bug within LDAP." % (user.username, project.name))
DatedMessage.objects.post_message_to_user(
"User '%s' may not own the requested permissions. It could be a bug within LDAP." % user.username,
request.user, msg_type=DatedMessage.TYPE_ERROR)
return HttpResponseRedirect(reverse("project_detail", args=[proj_id]))
#Send mail notification to the user
roles = ', '.join(repr(role.encode('ascii')) for role in ProjectRole.objects.filter( id__in = request.POST.getlist('roles')).values_list('name', flat=True))
#XXX: Not sure about this... maybe give_permission_to...
for aggregate in project._get_aggregates():
if not has_permission(user, aggregate, "can_use_aggregate"):
aggregate.add_to_user(user,"/")
try:
# Get project detail URL to send via e-mail
from expedient.clearinghouse.project import urls
project_detail_url = reverse("project_detail", args=[project.id]) or "/"
# No "https://" check should be needed if settings are OK
site_domain_url = "https://" + Site.objects.get_current().domain + project_detail_url
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "Project %s membership notification" % (project.name),
"You have been added to project '%s' as a user with the following roles: %s.\nYou may start experimenting now by going to %s\n\n" % (project.name, roles, site_domain_url),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
return HttpResponseRedirect(reverse("project_detail", args=[proj_id]))
else:
form = AddMemberForm(project=project, giver=request.user)
return simple.direct_to_template(
request,
template=TEMPLATE_PATH+"/add_member.html",
extra_context={
"form": form,
"project": project,
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % project.name, reverse("project_detail", args=[project.id])),
("Add Member", request.path),
),
},
)
def start_slices(self):
"""
Second step: start previously conflictive (non-standard) slices at FlowVisor.
"""
errors = []
slice_ids = []
# If 'conflictive_slice_ids' file exists, do the following.
# Otherwise warn and skip.
try:
f = open("%s/conflictive_slice_ids" % path,"r")
ids = pickle.load(f)
f.close()
os.remove("%s/conflictive_slice_ids" % path)
slices = filter_own_slices(ids)
for (counter, slice) in enumerate(slices):
aggs = slice.aggregates.filter(leaf_name="OpenFlowAggregate")
slice_id = str(settings.SITE_DOMAIN) + "_" + str(slice.id)
slice_ids.append({"id":slice_id, "keywords":ids[counter]['keywords']})
for agg in aggs:
try:
print "Starting", slice_id, "at aggregate", str(agg)
time.sleep(FLOWVISOR_SLEEP_TIME)
with Timeout(TIMEOUT):
agg.as_leaf_class().client.proxy.create_slice(slice_id, slice.project.name,slice.project.description,slice.name, slice.description, slice.openflowsliceinfo.controller_url, slice.owner.email, slice.openflowsliceinfo.password, agg.as_leaf_class()._get_slivers(slice))
# Starting slice at Expedient
slice.started = True
slice.save()
except Exception as e:
message = """Could not fix the naming in Aggregate Manager %s for slice with the following details: name:\t\t %s
FlowVisor name:\t\t %s
The cause of the error is: %s. Please try to fix it manually""" % (str(agg.as_leaf_class()),slice.name, slice_id, e)
send_mail("OCF: error while standardizing Flowvisor slices", message, "*****@*****.**", [settings.ROOT_EMAIL])
errors.append(message)
# Save the slice IDs to grant flowspace nevertheless of other errors
f = open("%s/slice_ids_to_grant_fs" % path,"w")
pickle.dump(slice_ids, f)
f.close()
if errors:
return "\033[93mFailure while starting previously non-standard slices at FlowVisor: %s\033[0m" % str(errors)
else:
return "\033[92mSuccessfully started previously non-standard slices at FlowVisor\033[0m"
except Exception as e:
print e
return "\033[93mCould not access file with slice IDs. Skipping...\033[0m\n"
def create_message(request, model=None, template_name=None,
template_loader=loader, extra_context=None, post_save_redirect=None,
login_required=False, context_processors=None, form_class=None):
if extra_context is None: extra_context = {}
if login_required and not request.user.is_authenticated():
return redirect_to_login(request.path)
model, form_class = create_update.get_model_and_form_class(model, form_class)
if request.method == 'POST':
form = form_class(request.POST, request.FILES)
if form.is_valid():
new_object = form.save()
msg = ugettext("The %(verbose_name)s was created successfully.") %\
{"verbose_name": model._meta.verbose_name}
messages.success(request, msg, fail_silently=True)
new_object.sender = request.user
new_object.save()
if new_object.type == DatedMessage.TYPE_U2U:
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "User %s has sent you a message" % (new_object.sender),
"Original Message:\n\"%s\"\n\n\nYou can check the new message at https://%s/messagecenter/\n\n" % (new_object.msg_text, settings.SITE_DOMAIN),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list= User.objects.filter(id__in = request.POST.getlist('users')).values_list('email', flat=True),
#recipient_list=[settings.ROOT_EMAIL],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
return create_update.redirect(post_save_redirect, new_object)
else:
form = form_class()
# Create the template, context, response
if not template_name:
template_name = "%s/%s_form.html" % (model._meta.app_label, model._meta.object_name.lower())
t = template_loader.get_template(template_name)
c = RequestContext(request, {
'form': form,
}, context_processors)
create_update.apply_extra_context(extra_context, c)
return HttpResponse(t.render(c))
def save(self,
domain_override=None,
email_template_name='registration/password_reset_email.html',
use_https=False,
token_generator=default_token_generator,
subject_template_name="",
request=None,
from_email=""):
"""
Generates a one-use only link for resetting password and sends to the user.
A minimal exception control is implemented to avoid problems with e-mail.
"""
from expedient.common.utils.mail import send_mail # Wrapper for django.core.mail__send_mail
for user in self.users_cache:
if not domain_override:
current_site = Site.objects.get_current()
site_name = current_site.name
domain = current_site.domain
else:
site_name = domain = domain_override
if user.password == '!':
t = loader.get_template(
'registration/password_reset_email_ofreg.html')
else:
t = loader.get_template(email_template_name)
c = {
'email': user.email,
'domain': domain,
'site_name': site_name,
'uid': int_to_base36(user.id),
'user': user,
'token': token_generator.make_token(user),
'protocol': use_https and 'https' or 'http',
}
try:
send_mail(("Password reset for user %s in %s") %
(user.username, site_name), t.render(Context(c)),
None, [user.email])
except Exception as e:
print "[ERROR] Exception at 'expedient.clearinghouse.users.forms': user '%s' (%s) could not fully reset its password. LDAPPasswordResetForm returned: %s" % (
user.username, user.email, str(e))
def stop_slices(self):
"""
First step: stop conflictive (non-standard) slices at FlowVisor.
"""
ids = get_conflictive_slices_ids()
errors = []
slice_id = ""
slices = filter_own_slices(ids)
for slice in slices:
# We get only OpenFlow aggregates to delete their slices at FV
aggs = slice.aggregates.filter(leaf_name="OpenFlowAggregate")
for agg in aggs:
try:
slice_id = str(SITE_DOMAIN_DEFAULT) + "_" + str(slice.id)
print "Stopping", slice_id, "at aggregate", str(agg)
time.sleep(FLOWVISOR_SLEEP_TIME)
with Timeout(TIMEOUT):
agg.as_leaf_class().client.proxy.delete_slice(slice_id)
# Stopping slice at Expedient
slice.started = False
slice.save()
except Exception as e:
message = """Could not fix the naming in Aggreggate Manager %s for slice with the following details:
name:\t\t %s
FlowVisor name:\t\t %s
The cause of the error is: %s. Please try to fix it manually""" % (str(
agg.as_leaf_class()), slice.name, slice_id, e)
send_mail(
"OCF: error while standardizing Flowvisor slices",
message, "*****@*****.**",
[settings.ROOT_EMAIL])
errors.append(message)
if errors:
return "\033[93mFailure while stopping non-standard slices at FlowVisor: %s\033[0m" % str(
errors)
else:
return "\033[92mSuccessfully stopped non-standard slices at FlowVisor\033[0m"
def notify_slice_expirations():
"""Notify owners that their slices will expire soon."""
expiration_time = datetime.now() + timedelta(
seconds=settings.SLICE_EXPIRATION_NOTIFICATION_TIME)
almost_expired_slices = Slice.objects.filter(
expiration_date__lte=expiration_time, started=True)
for slice in almost_expired_slices:
try:
send_mail(
"Your slice %s is almost expired." % slice,
"Your slice %s is almost expired. If you don't do anything, "
"it will expired on %s. "
"To renew your slice, you will need to update the "
"slice's expiration date." % (slice, slice.expiration_date),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[slice.owner.email],
)
except:
logger.error("Error sending almost expired slice "
"email to user: %s" % traceback.format_exc())
def notify_slice_expirations():
"""Notify owners that their slices will expire soon."""
expiration_time = datetime.now() + timedelta(
seconds=settings.SLICE_EXPIRATION_NOTIFICATION_TIME)
almost_expired_slices = Slice.objects.filter(
expiration_date__lte=expiration_time, started=True)
for slice in almost_expired_slices:
try:
send_mail(
"Your slice %s is almost expired." % slice,
"Your slice %s is almost expired. If you don't do anything, "
"it will expired on %s. "
"To renew your slice, you will need to update the "
"slice's expiration date." % (slice, slice.expiration_date),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[slice.owner.email],
)
except:
logger.error(
"Error sending almost expired slice "
"email to user: %s" % traceback.format_exc())
def request_permission_view(request, permission, permittee,
target_obj_or_class, redirect_to=None):
# Get the object permission
obj_perm = ObjectPermission.objects.get_or_create_for_object_or_class(
permission, target_obj_or_class)[0]
# Get the object permission name
perm_name = obj_perm.permission.name
# Get the users who can delegate the permission
if permission_owners_func:
user_qs = permission_owners_func(request, obj_perm, permittee)
else:
#user_qs = Permittee.objects.filter_for_class_and_permission_name(
# klass=User,
# permission=obj_perm.permission,
# target_obj_or_class=obj_perm.target,
# can_delegate=True)
#ONLY ISLAND MANAGER/S
user_qs=User.objects.filter(is_superuser=1)
# process the request
if request.method == "POST":
permittee = Permittee.objects.get_or_create_from_instance(
permittee)[0]
perm_request = PermissionRequest(requesting_user=request.user,
permittee=permittee,
requested_permission=obj_perm)
posted_message = "permission %s" % permission.name
if perm_name == "can_create_project":
form = ProjectRequestForm(user_qs, request.POST,
instance=perm_request)
posted_message = "project %s" % str(request.POST["name"])
else:
form = PermissionRequestForm(user_qs, request.POST,
instance=perm_request)
if form.is_valid():
# Post a permission request for the permission owner
perm_request = form.save()
DatedMessage.objects.post_message_to_user(
"Sent request for %s to user %s" %
(posted_message, perm_request.permission_owner),
user=request.user, msg_type=DatedMessage.TYPE_SUCCESS)
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "Request for %s from user %s" % (posted_message, request.user),
"You have a new request for permission %s from user %s (%s). Please go to the Permission Management section in your Dashboard to manage it: https://%s\n\n Original User Message:\n\"%s\"" % (permission.name,request.user, request.user.email, settings.SITE_IP_ADDR, perm_request.message),
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[perm_request.permission_owner.email],
#recipient_list=[settings.ROOT_EMAIL],
)
except Exception as e:
print "Email \"Request for permission %s from user %s\" could no be sent" % (permission.name,request.user)
if callable(always_redirect_to):
redirect_to = always_redirect_to(request)
else:
redirect_to = always_redirect_to or redirect_to
return simple.redirect_to(request, redirect_to,
permanent=False)
# GET
else:
# Show the project form when the user can create projects
if perm_name == "can_create_project":
form = ProjectRequestForm(user_qs)
else:
form = PermissionRequestForm(user_qs)
ec = {"form": form, "obj_perm": obj_perm, "perm_name": perm_name}
ec.update(extra_context)
return simple.direct_to_template(
request, template=template,
extra_context=ec)
def confirm_requests(request):
"""Confirm the approval of the permission requests."""
approved_req_ids = request.session.setdefault("approved_req_ids", [])
delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
denied_req_ids = request.session.setdefault("denied_req_ids", [])
approved_reqs = []
for req_id in approved_req_ids:
req = get_object_or_404(PermissionRequest, id=req_id)
delegatable = req_id in delegatable_req_ids
approved_reqs.append((req, delegatable))
denied_reqs = []
for req_id in denied_req_ids:
denied_reqs.append(get_object_or_404(PermissionRequest, id=req_id))
if request.method == "POST":
# check if confirmed and then do actions.
if request.POST.get("post", "no") == "yes":
for req in denied_reqs:
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s denied."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_WARNING)
post_message = "Request for %s denied." % str(
req.requested_permission.target).capitalize()
if req.requested_permission.permission.name == "can_create_project":
# Removes "* Project name: "
try:
project_name = req.message.split("||")[0].strip()[16:]
post_message = "Request for project %s creation denied." % project_name
# Notify requesting user
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX +
"Denied project request for '%s'" %
(project_name),
"Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details."
% project_name,
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
e)
except:
pass
# -------------------------------------------
# It is not about permission granting anymore
# -------------------------------------------
# Notify requesting user
DatedMessage.objects.post_message_to_user(
post_message,
user=req.requesting_user,
sender=req.permission_owner,
msg_type=DatedMessage.TYPE_WARNING)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
post_message,
user=request.user,
sender=req.permission_owner,
msg_type=DatedMessage.TYPE_WARNING)
for req, delegate in approved_reqs:
# --------------------------------------------------------
# Do NOT grant permission to create projects in the future
# --------------------------------------------------------
# req.allow(can_delegate=delegate)
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s approved."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_SUCCESS)
post_message = "Request for %s approved." % str(
req.requested_permission.target).capitalize()
permission_user_post = post_message
requesting_user_post = post_message
email_header = post_message
email_body = "%s." % post_message
message_type = DatedMessage.TYPE_SUCCESS
# ---------------------------------------
# Project will be created in a direct way
# ---------------------------------------
if req.requested_permission.permission.name == "can_create_project":
project_name = ""
try:
project = Project()
project.uuid = uuid.uuid4()
message = req.message.split("||")
# Removes "* Project name: "
project.name = message[0].strip()[16:]
project_name = project.name
# Removes "* Project description: "
project.description = message[3].strip()[23:]
post_message = "Successfully created project %s" % project.name
project.save()
create_project_roles(project, req.requesting_user)
project.save()
email_header = "Approved project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been approved." % project_name
except Exception as e:
# Any error when creating a project results into:
# 1. Denying the petition
# 2. Notifying user in their Expedient
# 3. Notifying user via e-mail
post_message = "Project '%s' could not be created" % project_name
permission_user_post = post_message
requesting_user_post = post_message
# Handle exception text for user
if "duplicate entry" in str(e).lower():
email_body = "There is already a project with name '%s'. Try using a different name" % project_name
requesting_user_post += ". Details: project '%s' already exists" % project_name
else:
email_body = "There might have been a problem when interpreting the information for project '%s'" % str(
project_name)
requesting_user_post += ". Contact your Island Manager for further details"
# Handle exception text for admin
if "Details" not in post_message:
permission_user_post = "%s. Details: %s" % (
post_message, str(e))
message_type = DatedMessage.TYPE_ERROR
# Email for requesting user
email_header = "Denied project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (
project_name, email_body)
# Notify requesting user
DatedMessage.objects.post_message_to_user(
requesting_user_post,
user=req.requesting_user,
sender=req.permission_owner,
msg_type=message_type)
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + email_header,
email_body,
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
e)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
permission_user_post,
user=request.user,
sender=req.permission_owner,
msg_type=message_type)
# After this post we will be done with all this information
del request.session["approved_req_ids"]
del request.session["delegatable_req_ids"]
del request.session["denied_req_ids"]
return HttpResponseRedirect(reverse("home"))
else:
return direct_to_template(request=request,
template=TEMPLATE_PATH +
"/confirm_requests.html",
extra_context={
"approved_reqs": approved_reqs,
"denied_reqs": denied_reqs,
})
from openflow.optin_manager.opts.helper import opt_fses_outof_exp
import traceback
traceback.print_exc()
all_opts = UserOpts.objects.filter(experiment=e)
for opt in all_opts:
optfses = OptsFlowSpace.objects.filter(opt = opt)
opt_fses_outof_exp(optfses)
all_opts.delete()
print exc
raise Exception(parseFVexception(exc,"Couldn't re-opt into updated experiment. Lost all the opt-ins: "))
try:
# Get project detail URL to send via e-mail
from openflow.optin_manager.opts import urls
from django.core.urlresolvers import reverse
project_detail_url = reverse("opt_in_experiment") or "/"
# No "https://" check should be needed if settings are OK
site_domain_url = "https://" + Site.objects.get_current().domain + project_detail_url
# Tuple with the requested VLAN range
try:
vlan_range = "\nVLAN range: %s\n\n" % str((all_efs[0].vlan_id_s, all_efs[0].vlan_id_e))
except:
vlan_range = "\n\n"
send_mail(settings.EMAIL_SUBJECT_PREFIX+" Flowspace Request: OptinManager '"+str(project_name)+"'", "Hi, Island Manager\n\nA new flowspace was requested:\n\nProject: " + str(project_name) + "\nSlice: " + str(slice_name) + str(vlan_range) + "You may add a new Rule for this request at: %s" % site_domain_url, from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[settings.ROOT_EMAIL],)
except Exception, e:
print "SFA.CreateOCFSliver error: \n%s" % str(e)
#transaction.commit()
return {'error_msg': "",'switches': []}
def confirm_requests(request):
"""Confirm the approval of the permission requests."""
approved_req_ids = request.session.setdefault("approved_req_ids", [])
delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
denied_req_ids = request.session.setdefault("denied_req_ids", [])
approved_reqs = []
for req_id in approved_req_ids:
req = get_object_or_404(PermissionRequest, id=req_id)
delegatable = req_id in delegatable_req_ids
approved_reqs.append((req, delegatable))
denied_reqs = []
for req_id in denied_req_ids:
denied_reqs.append(
get_object_or_404(PermissionRequest, id=req_id))
if request.method == "POST":
# check if confirmed and then do actions.
if request.POST.get("post", "no") == "yes":
for req in denied_reqs:
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s denied."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_WARNING)
post_message = "Request for %s denied." % str(req.requested_permission.target).capitalize()
if req.requested_permission.permission.name == "can_create_project":
# Removes "* Project name: "
try:
project_name = req.message.split("||")[0].strip()[16:]
post_message = "Request for project %s creation denied." % project_name
# Notify requesting user
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + "Denied project request for '%s'" % (project_name),
"Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details." % project_name,
from_email = settings.DEFAULT_FROM_EMAIL,
recipient_list = [req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
except:
pass
# -------------------------------------------
# It is not about permission granting anymore
# -------------------------------------------
# Notify requesting user
DatedMessage.objects.post_message_to_user(
post_message,
user = req.requesting_user,
sender = req.permission_owner,
msg_type = DatedMessage.TYPE_WARNING)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
post_message,
user = request.user,
sender = req.permission_owner,
msg_type = DatedMessage.TYPE_WARNING)
for req, delegate in approved_reqs:
# --------------------------------------------------------
# Do NOT grant permission to create projects in the future
# --------------------------------------------------------
# req.allow(can_delegate=delegate)
req.deny()
# DatedMessage.objects.post_message_to_user(
# "Request for permission %s for object %s approved."
# % (req.requested_permission.permission.name,
# req.requested_permission.target),
# user=req.requesting_user,
# sender=req.permission_owner,
# msg_type=DatedMessage.TYPE_SUCCESS)
post_message = "Request for %s approved." % str(req.requested_permission.target).capitalize()
permission_user_post = post_message
requesting_user_post = post_message
email_header = post_message
email_body = "%s." % post_message
message_type = DatedMessage.TYPE_SUCCESS
# ---------------------------------------
# Project will be created in a direct way
# ---------------------------------------
if req.requested_permission.permission.name == "can_create_project":
project_name = ""
try:
project = Project()
project.uuid = uuid.uuid4()
message = req.message.split("||")
# Removes "* Project name: "
project.name = message[0].strip()[16:]
project_name = project.name
# Removes "* Project description: "
project.description = message[3].strip()[23:]
project.urn = 'n/a'
#import pdb; pdb.set_trace()
if settings.ENABLE_CBAS:
user_profile = UserProfile.get_or_create_profile(req.requesting_user)
cert = user_profile.certificate
creds = user_profile.credentials
project_urn = create_project(certificate=cert, credentials=creds,
project_name=project.name, project_desc=project.description)
if project_urn:
project.urn = project_urn
post_message = "Successfully created project %s" % project.name
project.save()
create_project_roles(project, req.requesting_user)
project.save()
email_header = "Approved project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been approved." % project_name
except Exception as e:
# Any error when creating a project results into:
# 1. Denying the petition
# 2. Notifying user in their Expedient
# 3. Notifying user via e-mail
post_message = "Project '%s' could not be created" % project_name
permission_user_post = post_message
requesting_user_post = post_message
# Handle exception text for user
if "duplicate entry" in str(e).lower():
email_body = "There is already a project with name '%s'. Try using a different name" % project_name
requesting_user_post += ". Details: project '%s' already exists" % project_name
else:
email_body = "There might have been a problem when interpreting the information for project '%s'" % str(project_name)
requesting_user_post += ". Contact your Island Manager for further details"
# Handle exception text for admin
if "Details" not in post_message:
permission_user_post = "%s. Details: %s" % (post_message, str(e))
message_type = DatedMessage.TYPE_ERROR
# Email for requesting user
email_header = "Denied project request for '%s'" % project_name
email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (project_name, email_body)
# Notify requesting user
DatedMessage.objects.post_message_to_user(
requesting_user_post,
user = req.requesting_user,
sender = req.permission_owner,
msg_type = message_type)
try:
send_mail(
settings.EMAIL_SUBJECT_PREFIX + email_header,
email_body,
from_email = settings.DEFAULT_FROM_EMAIL,
recipient_list = [req.requesting_user.email],
)
except Exception as e:
print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)
# Notify user with permission (e.g. root)
DatedMessage.objects.post_message_to_user(
permission_user_post,
user = request.user,
sender = req.permission_owner,
msg_type = message_type)
# After this post we will be done with all this information
del request.session["approved_req_ids"]
del request.session["delegatable_req_ids"]
del request.session["denied_req_ids"]
return HttpResponseRedirect(reverse("home"))
else:
return direct_to_template(
request=request,
template=TEMPLATE_PATH+"/confirm_requests.html",
extra_context={
"approved_reqs": approved_reqs,
"denied_reqs": denied_reqs,
}
)
