def add_user_permission_group(self,
permission_group,
user_object,
vm_object=None,
ignore_duplicate=False):
"""Add a user to a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Check if user running script is able to add users to permission group
if not (self.is_superuser() or (vm_object and self.assert_permission(
PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user')):
raise InsufficientPermissionsException(
'VM owners cannot add manager other owners')
user_object = self._convert_remote_object(user_object)
vm_object = self._convert_remote_object(
vm_object) if vm_object is not None else None
username = user_object.get_username()
# Check if user is already in the group
if (vm_object):
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
if (username not in self.get_users_in_permission_group(
permission_group, vm_object)):
# Add user to permission configuration for VM
def add_user_to_config(config):
config['permissions'][permission_group].append(username)
config_object.update_config(
add_user_to_config, 'Added user \'%s\' to group \'%s\'' %
(username, permission_group))
# @TODO FIX ME
if self._is_cluster_master:
cluster_object = self._get_registered_object('cluster')
vm_name = vm_object.get_name() if vm_object else None
cluster_object.run_remote_command(
'auth-add_user_permission_group', {
'permission_group': permission_group,
'username': username,
'vm_name': vm_name
})
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' already in group \'%s\'' %
(username, permission_group))
def delete_user_permission_group(self,
permission_group,
user_object,
vm_object=None):
"""Remove user from a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
# Check if user running script is able to remove users to permission group
if not (self.is_superuser() or
(self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user') and vm_object):
raise InsufficientPermissionsException(
'Does not have required permission')
user_object = self._convert_remote_object(user_object)
vm_object = self._convert_remote_object(
vm_object) if vm_object is not None else None
username = user_object.get_username()
# Check if user exists in the group
if username not in self.get_users_in_permission_group(
permission_group, vm_object):
raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' %
(username, permission_group))
if vm_object:
config_object = vm_object.get_config_object()
vm_name = vm_object.get_name()
else:
config_object = MCVirtConfig()
vm_name = None
# Remove user from permission configuration for VM
def remove_user_from_group(config):
config['permissions'][permission_group].remove(username)
config_object.update_config(
remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' %
(username, permission_group))
# @TODO FIX ME
if self._is_cluster_master:
cluster_object = self._get_registered_object('cluster')
cluster_object.run_remote_command(
'auth-delete_user_permission_group', {
'permission_group': permission_group,
'username': username,
'vm_name': vm_name
})
def assert_permission(self, permission_enum, vm_object=None):
"""Use check_permission function to determine if a user has a given permission
and throws an exception if the permission is not present.
"""
if self.check_permission(permission_enum, vm_object):
return True
else:
# If the permission has not been found, throw an exception explaining that
# the user does not have permission
raise InsufficientPermissionsException('User does not have the'
' required permission: %s' %
permission_enum.name)
def add_superuser(self, user_object, ignore_duplicate=False):
"""Add a new superuser."""
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
ArgumentValidator.validate_boolean(ignore_duplicate)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
mcvirt_config = MCVirtConfig()
# Ensure user is not already a superuser
if username not in self.get_superusers():
def update_config(config):
config['superusers'].append(username)
mcvirt_config.update_config(update_config,
'Added superuser \'%s\'' % username)
elif not ignore_duplicate:
raise DuplicatePermissionException(
'User \'%s\' is already a superuser' % username)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.add_superuser(remote_user,
ignore_duplicate=ignore_duplicate)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def delete_superuser(self, user_object):
"""Remove a superuser."""
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
# Ensure the user is a superuser
if not self.is_superuser():
raise InsufficientPermissionsException(
'User must be a superuser to manage superusers')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Ensure user to be removed is a superuser
if (username not in self.get_superusers()):
raise UserNotPresentInGroup('User \'%s\' is not a superuser' %
username)
mcvirt_config = MCVirtConfig()
def update_config(config):
config['superusers'].remove(username)
mcvirt_config.update_config(
update_config, 'Removed \'%s\' from superuser group' % username)
if self._is_cluster_master:
def remote_command(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
remote_auth = connection.get_connection('auth')
remote_auth.delete_superuser(remote_user)
cluster = self._get_registered_object('cluster')
cluster.run_remote_command(remote_command)
def assert_user_type(self, *user_type_names):
"""Ensure that the currently logged in user is of a specified type."""
if not self.check_user_type(*user_type_names):
raise InsufficientPermissionsException(
'User must be on the following: %s' %
', '.join(user_type_names))
def delete_user_permission_group(self,
permission_group,
user_object,
vm_object=None):
"""Remove user from a permissions group on a VM object."""
assert permission_group in PERMISSION_GROUPS.keys()
assert isinstance(
self._convert_remote_object(user_object),
self._get_registered_object('user_factory').USER_CLASS)
if vm_object:
assert isinstance(
self._convert_remote_object(vm_object),
self._get_registered_object(
'virtual_machine_factory').VIRTUAL_MACHINE_CLASS)
# Check if user running script is able to remove users to permission group
if not (self.is_superuser() or
(self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object)
and permission_group == 'user') and vm_object):
raise InsufficientPermissionsException(
'Does not have required permission')
user_object = self._convert_remote_object(user_object)
username = user_object.get_username()
# Check if user exists in the group
if username not in self.get_users_in_permission_group(
permission_group, vm_object):
raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' %
(username, permission_group))
if vm_object:
vm_object = self._convert_remote_object(vm_object)
config_object = vm_object.get_config_object()
else:
config_object = MCVirtConfig()
# Remove user from permission configuration for VM
def remove_user_from_group(config):
config['permissions'][permission_group].remove(username)
config_object.update_config(
remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' %
(username, permission_group))
if self._is_cluster_master:
def add_remote_user_to_group(connection):
remote_user_factory = connection.get_connection('user_factory')
remote_user = remote_user_factory.get_user_by_username(
user_object.get_username())
connection.annotate_object(remote_user)
remote_auth = connection.get_connection('auth')
if vm_object:
remote_vm_factory = connection.get_connection(
'virtual_machine_factory')
remote_vm = remote_vm_factory.getVirtualMachineByName(
vm_object.get_name())
else:
remote_vm = None
remote_auth.delete_user_permission_group(
permission_group, remote_user, remote_vm)
cluster_object = self._get_registered_object('cluster')
cluster_object.run_remote_command(add_remote_user_to_group)
