def o_callback_authorize(request):
logger.info(request.__dict__)
if 'code' not in request.GET:
logger.info(request.__dict__)
#TODO - Maybe: Redirect into a login
return HttpResponse("")
oauth_client = get_cas_oauth_client()
oauth_code = request.GET['code']
#Exchange code for ticket
access_token, expiry_date = oauth_client.get_access_token(oauth_code)
if not access_token:
logger.info(
"The Code %s is invalid/expired. Attempting another login." %
oauth_code)
return o_login_redirect(request)
#Exchange token for profile
user_profile = oauth_client.get_profile(access_token)
if not user_profile or "id" not in user_profile:
logger.error("AccessToken is producing an INVALID profile!"
" Check the CAS server and caslib.py for more"
" information.")
#NOTE: Make sure this redirects the user OUT of the loop!
return login(request)
#ASSERT: A valid OAuth token gave us the Users Profile.
# Now create an AuthToken and return it
username = user_profile["id"]
auth_token = obtainOAuthToken(username, access_token, expiry_date)
#Set the username to the user to be emulated
#to whom the token also belongs
request.session['username'] = username
request.session['token'] = auth_token.key
logger.info("Returning user - %s - to application " % username)
logger.info(request.session.__dict__)
logger.info(request.user)
return HttpResponseRedirect(settings.REDIRECT_URL + "/application/")
def _get_cached(key, data_method, scrub_method, force=False):
try:
r = redis_connection()
if force:
_invalidate(key)
data = r.get(key)
except redis.exceptions.ConnectionError:
logger.error(
"EXTERNAL SERVICE redis-server IS NOT RUNNING! "
"Somebody should turn it on!"
)
data = None
if not data:
data = data_method()
scrub_method(data)
logger.debug(
"Updated redis({0}) using {1} and {2}".format(
key, data_method, scrub_method
)
)
r.set(key, pickle.dumps(data))
r.expire(key, 30)
return data
logger.debug("Actual type {0}".format(type(data)))
return pickle.loads(data)
def put(self, request, provider_id, identity_id, machine_id):
"""
TODO: Determine who is allowed to edit machines besides
core_machine.owner
"""
user = request.user
data = request.DATA
esh_driver = prepare_driver(request, provider_id, identity_id)
if not esh_driver:
return invalid_creds(provider_id, identity_id)
esh_machine = esh_driver.get_machine(machine_id)
core_machine = convert_esh_machine(esh_driver, esh_machine,
provider_id)
if not user.is_staff\
and user is not core_machine.application.created_by:
logger.error('Non-staff/non-owner trying to update a machine')
return failure_response(
status.HTTP_401_UNAUTHORIZED,
'Only Staff and the machine Owner ' +
'are allowed to change machine info.')
core_machine.application.update(data)
serializer = ProviderMachineSerializer(core_machine,
data=data,
partial=True)
if serializer.is_valid():
logger.info('metadata = %s' % data)
update_machine_metadata(esh_driver, esh_machine, data)
serializer.save()
logger.info(serializer.data)
return Response(serializer.data)
return failure_response(status.HTTP_400_BAD_REQUEST, serializer.errors)
def deploy_failed(task_uuid, driverCls, provider, identity, instance_id,
**celery_task_args):
from core.models.instance import Instance
from core.email import send_deploy_failed_email
try:
logger.debug("deploy_failed task started at %s." % datetime.now())
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "DEPLOYERROR::%s" % (result.traceback, )
logger.error(err_str)
driver = get_driver(driverCls, provider, identity)
instance = driver.get_instance(instance_id)
update_instance_metadata(driver,
instance,
data={'tmp_status': 'deploy_error'},
replace=False)
#Send deploy email
core_instance = Instance.objects.get(provider_alias=instance_id)
send_deploy_failed_email(core_instance, err_str)
logger.debug("deploy_failed task finished at %s." % datetime.now())
except Exception as exc:
logger.warn(exc)
deploy_failed.retry(exc=exc)
def get_default_identity(username, provider=None):
"""
Return the default identity given to the user-group for provider.
"""
try:
filter_query = {}
if provider:
filter_query['provider'] = provider
from core.models.group import GroupMembership
memberships = GroupMembership.objects.filter(
user__username=username).prefetch_related('group')
for membership in memberships:
group = membership.group
identities = group.current_identities.filter(**filter_query)
if group and identities.count() > 0:
default_identity = identities.first()
logger.debug("default_identity set to %s " % default_identity)
return default_identity
# No identities found for any group
if settings.AUTO_CREATE_NEW_ACCOUNTS:
new_identities = create_new_accounts(username,
selected_provider=provider)
if new_identities:
return new_identities[0]
logger.error(
"%s has no identities. Functionality will be severely limited."
% username)
return None
except Exception as e:
logger.exception(e)
return None
def o_callback_authorize(request):
logger.info(request.__dict__)
if 'code' not in request.GET:
logger.info(request.__dict__)
#TODO - Maybe: Redirect into a login
return HttpResponse("")
oauth_client = get_cas_oauth_client()
oauth_code = request.GET['code']
#Exchange code for ticket
access_token, expiry_date = oauth_client.get_access_token(oauth_code)
if not access_token:
logger.info("The Code %s is invalid/expired. Attempting another login."
% oauth_code)
return o_login_redirect(request)
#Exchange token for profile
user_profile = oauth_client.get_profile(access_token)
if not user_profile or "id" not in user_profile:
logger.error("AccessToken is producing an INVALID profile!"
" Check the CAS server and caslib.py for more"
" information.")
#NOTE: Make sure this redirects the user OUT of the loop!
return login(request)
#ASSERT: A valid OAuth token gave us the Users Profile.
# Now create an AuthToken and return it
username = user_profile["id"]
auth_token = obtainOAuthToken(username, access_token, expiry_date)
#Set the username to the user to be emulated
#to whom the token also belongs
request.session['username'] = username
request.session['token'] = auth_token.key
logger.info("Returning user - %s - to application "
% username)
logger.info(request.session.__dict__)
logger.info(request.user)
return HttpResponseRedirect(settings.REDIRECT_URL+"/application/")
def get_default_provider(username):
"""
Return default provider given
"""
try:
from core.models.group import get_user_group
group = get_user_group(username)
provider = group.providers.filter(Q(end_date=None)
| Q(end_date__gt=timezone.now()),
active=True,
type__name="OpenStack")
if provider:
provider = provider[0]
else:
logger.error("get_default_provider could not find "
"a valid Provider")
return None
logger.debug("default provider is %s " % provider)
return provider
except IndexError:
logger.info("No provider found for %s" % username)
return None
except Exception, e:
logger.exception(e)
return None
def get_default_provider(username):
"""
Return default provider given
"""
try:
from core.models.group import get_user_group
from core.models.provider import Provider
group = get_user_group(username)
provider_ids = group.current_identities.values_list(
'provider',
flat=True)
provider = Provider.objects.filter(
id__in=provider_ids,
type__name="OpenStack")
if provider:
logger.debug("get_default_provider selected a new "
"Provider for %s: %s" % (username, provider))
provider = provider[0]
else:
logger.error("get_default_provider could not find a new "
"Provider for %s" % (username,))
return None
return provider
except Exception as e:
logger.exception("get_default_provider encountered an error "
"for %s" % (username,))
return None
def put(self, request, provider_id, identity_id, machine_id):
"""
TODO: Determine who is allowed to edit machines besides
core_machine.owner
"""
user = request.user
data = request.DATA
esh_driver = prepare_driver(request, provider_id, identity_id)
if not esh_driver:
return invalid_creds(provider_id, identity_id)
esh_machine = esh_driver.get_machine(machine_id)
core_machine = convert_esh_machine(esh_driver, esh_machine, provider_id)
if not user.is_staff\
and user is not core_machine.application.created_by:
logger.error('Non-staff/non-owner trying to update a machine')
return failure_response(
status.HTTP_401_UNAUTHORIZED,
'Only Staff and the machine Owner '
+ 'are allowed to change machine info.')
core_machine.application.update(data)
serializer = ProviderMachineSerializer(core_machine,
data=data, partial=True)
if serializer.is_valid():
logger.info('metadata = %s' % data)
update_machine_metadata(esh_driver, esh_machine, data)
serializer.save()
logger.info(serializer.data)
return Response(serializer.data)
return failure_response(
status.HTTP_400_BAD_REQUEST,
serializer.errors)
def get_default_identity(username, provider=None):
"""
Return the default identity given to the user-group for provider.
"""
try:
from core.models.group import get_user_group
group = get_user_group(username)
identities = group.identities.all()
if provider:
if provider.is_active():
identities = identities.filter(provider=provider)
return identities[0]
else:
logger.error("Provider provided for "
"get_default_identity is inactive.")
raise "Inactive Provider provided for get_default_identity "
else:
default_provider = get_default_provider(username)
default_identity = group.identities.filter(
provider=default_provider)
if not default_identity:
logger.error("User %s has no identities on Provider %s" % (username, default_provider))
raise "No Identities on Provider %s for %s" % (default_provider,username)
#Passing
default_identity = default_identity[0]
logger.debug(
"default_identity set to %s " %
default_identity)
return default_identity
except Exception as e:
logger.exception(e)
return None
def get(self, request, username):
"""
Create a new token in the database on behalf of 'username'
Returns success 201 Created - Body is JSON and contains
"""
user = request.user
if not username:
return Response("Username was not provided",
status=status.HTTP_400_BAD_REQUEST)
if user.username is not 'admin' and not user.is_superuser:
logger.error("URGENT! User: %s is attempting to emulate a user!"
% user.username)
return Response("Only admin and superusers can emulate accounts. "
"This offense has been reported",
status=status.HTTP_401_UNAUTHORIZED)
if not AtmosphereUser.objects.filter(username=username):
return Response("Username %s does not exist as an AtmosphereUser"
% username, status=status.HTTP_404_NOT_FOUND)
# User is authenticated, username exists. Make a token for them.
user_to_emulate = AtmosphereUser.objects.get_by_natural_key(username)
token = get_or_create_token(user_to_emulate, issuer="DRF-EmulatedUser")
expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
auth_json = {
# Extra data passed only on emulation..
"emulator": request.user.username,
# Normal token data..
"token": token.key,
"username": token.user.username,
"expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return Response(auth_json, status=status.HTTP_201_CREATED)
def deploy_init_to(driverCls, provider, identity, instance_id,
username=None, password=None, redeploy=False,
*args, **kwargs):
try:
logger.debug("deploy_init_to task started at %s." % datetime.now())
driver = get_driver(driverCls, provider, identity)
instance = driver.get_instance(instance_id)
if not instance:
logger.debug("Instance has been teminated: %s." % instance_id)
return
image_metadata = driver._connection\
.ex_get_image_metadata(instance.machine)
deploy_chain = get_deploy_chain(driverCls, provider, identity,
instance, username, password, redeploy)
deploy_chain.apply_async()
#Can be really useful when testing.
#if kwargs.get('delay'):
# async.get()
logger.debug("deploy_init_to task finished at %s." % datetime.now())
except SystemExit:
logger.exception("System Exits are BAD! Find this and get rid of it!")
raise Exception("System Exit called")
except NonZeroDeploymentException as non_zero:
logger.error(str(non_zero))
logger.error(non_zero.__dict__)
raise
except Exception as exc:
logger.warn(exc)
deploy_init_to.retry(exc=exc)
def get_default_identity(username, provider=None):
"""
Return the default identity given to the user-group for provider.
"""
try:
from core.models.group import get_user_group
group = get_user_group(username)
identities = group.identities.all()
if provider:
if provider.is_active():
identities = identities.filter(provider=provider)
return identities[0]
else:
logger.error("Provider provided for "
"get_default_identity is inactive.")
raise("Provider provided for get_default_identity "
"is inactive.")
else:
default_provider = get_default_provider(username)
default_identity = group.identities.filter(
provider=default_provider)[0]
logger.debug(
"default_identity set to %s " %
default_identity)
return default_identity
except Exception, e:
logger.exception(e)
return None
def delete(self,
request,
provider_id,
identity_id,
group_name,
format=None):
"""
Unshare the identity
"""
try:
identity = Identity.objects.get(id=identity_id)
except Identity.DoesNotExist:
return failure_response(status.HTTP_404_NOT_FOUND,
"Identity does not exist.")
if not identity.can_share(user):
logger.error("User %s cannot remove sharing from identity %s. " +
"This incident will be reported" %
(user, identity_id))
return failure_response(
status.HTTP_401_UNAUTHORIZED,
"User %s cannot remove sharing from identity %s. " +
"This incident will be reported" % (user, identity_id))
group = Group.objects.get(name=group_name)
id_member = identity.unshare(group)
serializer = IdentitySerializer(id_member.identity)
serialized_data = serializer.data
return Response(serialized_data)
def get_default_provider(username):
"""
Return default provider given
"""
try:
from core.models.group import get_user_group
from core.models.provider import Provider
group = get_user_group(username)
provider_ids = group.current_identities.values_list('provider',
flat=True)
provider = Provider.objects.filter(id__in=provider_ids,
type__name="OpenStack")
if provider:
logger.debug("get_default_provider selected a new "
"Provider for %s: %s" % (username, provider))
provider = provider[0]
else:
logger.error("get_default_provider could not find a new "
"Provider for %s" % (username, ))
return None
return provider
except Exception as e:
logger.exception("get_default_provider encountered an error "
"for %s" % (username, ))
return None
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
if not name:
error_map['name'] = "This field is required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error(
"User %s does not have permission to use identity %s" %
(user, identity))
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
def send_email(subject,
body,
from_email,
to,
cc=None,
fail_silently=False,
html=False):
""" Use django.core.mail.EmailMessage to send and log an Atmosphere email.
"""
try:
msg = EmailMessage(subject=subject,
body=body,
from_email=from_email,
to=to,
cc=cc)
if html:
msg.content_subtype = 'html'
msg.send(fail_silently=fail_silently)
email_logger.info("Email Sent." +
"From:%s\nTo:%sCc:%s\nSubject:%s\nBody:\n%s" %
(from_email, to, cc, subject, body))
return True
except Exception as e:
logger.error(e)
return False
def delete(self, request, provider_id,
identity_id, group_name, format=None):
"""
Unshare the identity
"""
try:
identity = Identity.objects.get(id=identity_id)
except Identity.DoesNotExist:
return failure_response(
status.HTTP_404_NOT_FOUND,
"Identity does not exist.")
if not identity.can_share(user):
logger.error("User %s cannot remove sharing from identity %s. "
+ "This incident will be reported"
% (user, identity_id))
return failure_response(
status.HTTP_401_UNAUTHORIZED,
"User %s cannot remove sharing from identity %s. "
+ "This incident will be reported"
% (user, identity_id))
group = Group.objects.get(name=group_name)
id_member = identity.unshare(group)
serializer = IdentitySerializer(id_member.identity)
serialized_data = serializer.data
return Response(serialized_data)
def post(self, request, provider_id, identity_id, format=None):
"""
Create a new identity member (ADMINS & OWNERS GROUP LEADERS ONLY)
"""
user = request.user
data = request.DATA
try:
identity = Identity.objects.get(id=identity_id)
group_name = data['group']
group = Group.objects.get(name=group_name)
prov_member = identity.provider.share(group)
id_member = identity.share(group)
except ObjectDoesNotExist as odne:
return failure_response(
status.HTTP_404_NOT_FOUND,
'%s does not exist.' % odne.message.split()[0])
if not identity.can_share(user):
logger.error("User %s cannot share identity %s. "
+ "This incident will be reported")
return failure_response(
status.HTTP_401_UNAUTHORIZED,
"User %s cannot remove sharing from identity %s. "
+ "This incident will be reported"
% (user, identity_id))
serializer = IdentitySerializer(id_member.identity)
serialized_data = serializer.data
return Response(serialized_data)
def get(self, request, username):
"""
Create a new token in the database on behalf of 'username'
Returns success 201 Created - Body is JSON and contains
"""
params = request.DATA
user = request.user
if user.username is not 'admin' and not user.is_superuser:
logger.error("URGENT! User: %s is attempting to emulate a user!"
% user.username)
return Response('Only admin and superusers can emulate accounts. '
'This offense has been reported',
status=status.HTTP_401_UNAUTHORIZED)
if not AtmosphereUser.objects.filter(username=username):
return Response("Username %s does not exist as an AtmosphereUser"
% username, status=status.HTTP_404_NOT_FOUND)
#User is authenticated, username exists. Make a token for them.
token = createAuthToken(username)
expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
auth_json = {
#Extra data passed only on emulation..
'emulated_by': request.user.username,
#Normal token data..
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return Response(auth_json, status=status.HTTP_201_CREATED)
def get_default_provider(username):
"""
Return default provider given
"""
try:
from core.models.group import get_user_group
group = get_user_group(username)
provider = group.providers.filter(
Q(end_date=None) | Q(end_date__gt=timezone.now()),
active=True, type__name="OpenStack")
if provider:
provider = provider[0]
else:
logger.error("get_default_provider could not find "
"a valid Provider")
return None
logger.debug(
"default provider is %s " % provider)
return provider
except IndexError:
logger.info("No provider found for %s" % username)
return None
except Exception, e:
logger.exception(e)
return None
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
if not name:
error_map['name'] = "This field is required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error("User %s does not have permission to use identity %s" % (user, identity))
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
def deploy_init_to(driverCls, provider, identity, instance_id,
username=None, password=None, redeploy=False,
*args, **kwargs):
try:
logger.debug("deploy_init_to task started at %s." % datetime.now())
driver = get_driver(driverCls, provider, identity)
instance = driver.get_instance(instance_id)
if not instance:
logger.debug("Instance has been teminated: %s." % instance_id)
return
image_metadata = driver._connection\
.ex_get_image_metadata(instance.machine)
deploy_chain = get_deploy_chain(driverCls, provider, identity,
instance, password, redeploy)
logger.debug("Starting deploy chain for: %s." % instance_id)
deploy_chain.apply_async()
#Can be really useful when testing.
#if kwargs.get('delay'):
# async.get()
logger.debug("deploy_init_to task finished at %s." % datetime.now())
except SystemExit:
logger.exception("System Exits are BAD! Find this and get rid of it!")
raise Exception("System Exit called")
except NonZeroDeploymentException as non_zero:
logger.error(str(non_zero))
logger.error(non_zero.__dict__)
raise
except Exception as exc:
logger.warn(exc)
deploy_init_to.retry(exc=exc)
def lookupEmail(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
logger.debug(type(userid))
if isinstance(userid, WSGIRequest):
raise Exception("WSGIRequest invalid.")
attr = _search_ldap(userid)
emailaddr = attr[0][1]["mail"][0]
return emailaddr
except Exception as e:
logger.warn("Error occurred looking up email for user: %s" % userid)
logger.exception(e)
import traceback
import sys
import inspect
s = inspect.stack()
for i in range(0, 4):
logger.debug(s[i])
etype, value, tb = sys.exc_info()
logger.error("TB = %s" % traceback.format_tb(tb))
return None
def mount_failed(task_uuid,
driverCls,
provider,
identity,
volume_id,
unmount=False,
**celery_task_args):
try:
logger.debug("mount_failed task started at %s." % datetime.now())
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "Mount Error Traceback:%s" % (result.traceback, )
logger.error(err_str)
driver = get_driver(driverCls, provider, identity)
volume = driver.get_volume(volume_id)
if unmount:
tmp_status = 'umount_error'
else:
tmp_status = 'mount_error'
return volume_service.update_volume_metadata(
driver, volume, metadata={'tmp_status': tmp_status})
logger.debug("mount_failed task finished at %s." % datetime.now())
except Exception as exc:
logger.warn(exc)
mount_failed.retry(exc=exc)
def get(self, request, username):
"""
Create a new token in the database on behalf of 'username'
Returns success 201 Created - Body is JSON and contains
"""
params = request.data
user = request.user
if not username:
return Response("Username was not provided",
status=status.HTTP_400_BAD_REQUEST)
if user.username is not 'admin' and not user.is_superuser:
logger.error("URGENT! User: %s is attempting to emulate a user!" %
user.username)
return Response(
"Only admin and superusers can emulate accounts. "
"This offense has been reported",
status=status.HTTP_401_UNAUTHORIZED)
if not AtmosphereUser.objects.filter(username=username):
return Response("Username %s does not exist as an AtmosphereUser" %
username,
status=status.HTTP_404_NOT_FOUND)
# User is authenticated, username exists. Make a token for them.
token = create_token(username, issuer="DRF-EmulatedUser")
expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
auth_json = {
# Extra data passed only on emulation..
"emulator": request.user.username,
# Normal token data..
"token": token.key,
"username": token.user.username,
"expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return Response(auth_json, status=status.HTTP_201_CREATED)
def get_default_identity(username, provider=None):
"""
Return the default identity given to the user-group for provider.
"""
try:
from core.models.group import get_user_group
group = get_user_group(username)
identities = group.identities.all()
if provider:
if provider.is_active():
identities = identities.filter(provider=provider)
return identities[0]
else:
logger.error("Provider provided for "
"get_default_identity is inactive.")
raise ("Provider provided for get_default_identity "
"is inactive.")
else:
default_provider = get_default_provider(username)
default_identity = group.identities.filter(
provider=default_provider)[0]
logger.debug("default_identity set to %s " % default_identity)
return default_identity
except Exception, e:
logger.exception(e)
return None
def post(self, request, provider_id, identity_id, format=None):
"""
Create a new identity member (ADMINS & OWNERS GROUP LEADERS ONLY)
"""
user = request.user
data = request.DATA
try:
identity = Identity.objects.get(id=identity_id)
group_name = data['group']
group = Group.objects.get(name=group_name)
prov_member = identity.provider.share(group)
id_member = identity.share(group)
except ObjectDoesNotExist as odne:
return failure_response(
status.HTTP_404_NOT_FOUND,
'%s does not exist.' % odne.message.split()[0])
if not identity.can_share(user):
logger.error("User %s cannot share identity %s. " +
"This incident will be reported")
return failure_response(
status.HTTP_401_UNAUTHORIZED,
"User %s cannot remove sharing from identity %s. " +
"This incident will be reported" % (user, identity_id))
serializer = IdentitySerializer(id_member.identity)
serialized_data = serializer.data
return Response(serialized_data)
def build_host_name(ip):
"""
Build host name from the configuration in settings
See:
* INSTANCE_HOSTNAMING_FORMAT
* INSTANCE_HOSTNAMING_DOMAIN (Required if you use `%(domain)s`)
"""
# NOTE: This is a hack until we address 'provider specific' hostnaming
if "114.5" in ip:
return raw_hostname(ip)
if not hasattr(settings, "INSTANCE_HOSTNAMING_FORMAT"):
return raw_hostname(ip)
if all((str_val not in settings.INSTANCE_HOSTNAMING_FORMAT) for str_val in ["one", "two", "three", "four"]):
logger.error(
"Invalid INSTANCE_HOSTNAMING_FORMAT: Expected string containing "
"at least one of the IP octets. "
"(ex:'vm%(three)s-%(four)s.%(domain)s')"
)
# IP --> octet_tuple (127,0,0,1)
hostnaming_format_map = create_hostnaming_map(ip)
try:
return settings.INSTANCE_HOSTNAMING_FORMAT % hostnaming_format_map
except (KeyError, TypeError) as exc:
logger.error("Invalid INSTANCE_HOSTNAMING_FORMAT: %s" % exc)
def delete_subnet(self, neutron, subnet_name):
subnet_id = self.get_subnet_id(neutron, subnet_name)
if subnet_id:
try:
return neutron.delete_subnet(subnet_id)
except:
logger.error("Problem deleting subnet: %s" % subnet_id)
raise
def delete_subnet(self, neutron, subnet_name):
subnet_id = self.get_subnet_id(neutron, subnet_name)
if subnet_id:
try:
return neutron.delete_subnet(subnet_id)
except:
logger.error("Problem deleting subnet: %s" % subnet_id)
raise
def delete_network(self, neutron, network_name):
network_id = self.get_network_id(neutron, network_name)
if network_id:
try:
return neutron.delete_network(network_id)
except:
logger.error("Problem deleting network: %s" % network_id)
raise
def delete_router(self, neutron, router_name):
router_id = self.get_router_id(neutron, router_name)
if router_id:
try:
return neutron.delete_router(router_id)
except:
logger.error("Problem deleting router: %s" % router_id)
raise
def delete_network(self, neutron, network_name):
network_id = self.get_network_id(neutron, network_name)
if network_id:
try:
return neutron.delete_network(network_id)
except:
logger.error("Problem deleting network: %s" % network_id)
raise
def delete_router(self, neutron, router_name):
router_id = self.get_router_id(neutron, router_name)
if router_id:
try:
return neutron.delete_router(router_id)
except:
logger.error("Problem deleting router: %s" % router_id)
raise
def get_project(self, project_id):
filtered_list = [
p for p in self.get_all_projects()
if str(p['id']) == str(project_id)]
if len(filtered_list) > 1:
logger.error(">1 value found for project %s" % project_id)
if filtered_list:
return filtered_list[0]
return None
def get_config(self, section, config_key, default_value=None, raise_exc=True):
try:
value = self.cloud_config[section][config_key]
except (KeyError, TypeError):
logger.error("Cloud config ['%s']['%s'] is missing -- using default value (%s)" % (section, config_key, default_value))
if not default_value and raise_exc:
raise Exception("Cloud config ['%s']['%s'] is missing -- no default value provided" % (section, config_key))
value = default_value
return value
def get_allocation(self, allocation_name):
filtered_list = [
a for a in self.get_all_allocations()
if str(a['project']) == str(allocation_name)]
if len(filtered_list) > 1:
logger.error(">1 value found for allocation %s" % allocation_name)
if filtered_list:
return filtered_list[0]
return None
def get_allocation(self, allocation_name):
filtered_list = [
a for a in self.get_all_allocations()
if str(a['project']) == str(allocation_name)
]
if len(filtered_list) > 1:
logger.error(">1 value found for allocation %s" % allocation_name)
if filtered_list:
return filtered_list[0]
return None
def get_project(self, project_id):
filtered_list = [
p
for p in self.get_all_projects() if str(p['id']) == str(project_id)
]
if len(filtered_list) > 1:
logger.error(">1 value found for project %s" % project_id)
if filtered_list:
return filtered_list[0]
return None
def find_allocations_for(self, tacc_username):
api_projects = self.find_projects_for(tacc_username)
allocations = []
for api_project in api_projects:
api_allocation = select_valid_allocation(api_project['allocations'])
if not api_allocation:
logger.error("API shows no valid allocation exists for project %s" % api_project)
continue
allocations.append(api_allocation)
return allocations
def export_request_error(task_uuid, export_request_id):
logger.info("export_request_id=%s" % export_request_id)
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "ERROR - %r Exception:%r" % (result.result, result.traceback,)
logger.error(err_str)
export_request = ExportRequest.objects.get(id=export_request_id)
export_request.status = err_str
export_request.save()
def get_application(identifier, app_uuid=None):
if not app_uuid:
app_uuid = uuid5(settings.ATMOSPHERE_NAMESPACE_UUID, str(identifier))
app_uuid = str(app_uuid)
try:
app = Application.objects.get(uuid=app_uuid)
return app
except Application.DoesNotExist:
return None
except Exception, e:
logger.error(e)
logger.error(type(e))
def find_allocations_for(self, tacc_username):
api_projects = self.find_projects_for(tacc_username)
allocations = []
for api_project in api_projects:
api_allocation = select_valid_allocation(api_project['allocations'])
if not api_allocation:
logger.error(
"API shows no valid allocation exists for project %s" %
api_project
)
continue
allocations.append(api_allocation)
return allocations
def machine_request_error(task_uuid, machine_request_id):
logger.info("machine_request_id=%s" % machine_request_id)
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "ERROR - %r Exception:%r" % (result.result, result.traceback)
logger.error(err_str)
send_image_request_failed_email(machine_request, err_str)
machine_request = MachineRequest.objects.get(id=machine_request_id)
machine_request.status = err_str
machine_request.save()
def machine_request_error(task_uuid, machine_request_id):
logger.info("machine_request_id=%s" % machine_request_id)
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
exc = result.get(propagate=False)
err_str = "ERROR - Exception:%r" % (result.traceback,)
logger.error(err_str)
max_len = MachineRequest._meta.get_field("status").max_length
if len(err_str) > max_len:
err_str = err_str[: max_len - 3] + "..."
machine_request = MachineRequest.objects.get(id=machine_request_id)
machine_request.status = err_str
machine_request.save()
def _multi_create(
self, user, identity_uuid, size_alias, source_alias, name, deploy,
allocation_source, project, boot_scripts, extra
):
"""
1. Launch multiple instances
2. Serialize the launched instances
3. Return a list of serialized instances
"""
core_instances = launch_instance(
user,
identity_uuid,
size_alias,
source_alias,
name,
deploy,
allocation_source=allocation_source,
**extra
)
serialized_data = []
# Serialize all instances launched
for core_instance in core_instances:
# Faking a 'partial update of nothing' to allow call to 'is_valid'
serialized_instance = InstanceSerializer(
core_instance,
context={'request': self.request},
data={},
partial=True
)
if not serialized_instance.is_valid():
logger.error(
"multi-instance-launch, serialized instance is invalid, {}".
format(serialized_instance)
)
instance = serialized_instance.save()
instance.project = project
instance.save()
if boot_scripts:
_save_scripts_to_instance(instance, boot_scripts)
instance.change_allocation_source(allocation_source)
# append to result
serialized_data.append(serialized_instance.data)
# return a list of instances in the response
return Response(serialized_data, status=status.HTTP_201_CREATED)
def export_request_error(task_uuid, export_request_id):
logger.info("export_request_id=%s" % export_request_id)
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "ERROR - %r Exception:%r" % (
result.result,
result.traceback,
)
logger.error(err_str)
export_request = ExportRequest.objects.get(id=export_request_id)
export_request.status = err_str
export_request.save()
def machine_request_error(task_uuid, machine_request_id):
logger.info("machine_request_id=%s" % machine_request_id)
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "ERROR - %r Exception:%r" % (
result.result,
result.traceback,
)
logger.error(err_str)
machine_request = MachineRequest.objects.get(id=machine_request_id)
machine_request.status = err_str
machine_request.save()
def is_expired(self, user):
ldap_user = lookupUser(user.username)
if not ldap_user:
logger.warn("Cannot contact LDAP -- Assume user is expired?")
return True
expiry_dict = ldap_user.get('expiry')
if not expiry_dict:
logger.error("LDAP password expiration map is missing --"
" check django_cyverse_auth: %s" % ldap_user)
return True
expiry_date = expiry_dict.get('expires_on')
if not expiry_date:
logger.error("LDAP password expiration date is missing -- "
"check django_cyverse_auth: %s" % ldap_user)
return True
_is_expired = expiry_date.replace(tzinfo=pytz.UTC) < timezone.now()
return _is_expired
def updateUserProxy(user, pgtIou, max_try=3):
attempts = 0
while attempts < max_try:
try:
# If PGTIOU exists, a UserProxy object was created
# match the user to this ticket.
userProxy = UserProxy.objects.get(proxyIOU=pgtIou)
userProxy.username = user
userProxy.expiresOn = timezone.now() + PROXY_TICKET_EXPIRY
logger.debug("Found a matching proxy IOU for %s" % userProxy.username)
userProxy.save()
return True
except UserProxy.DoesNotExist:
logger.error("Could not find UserProxy object!" "ProxyIOU & ID was not saved " "at proxy url endpoint.")
time.sleep(min(2 ** attempts, 8))
attempts += 1
return False
def get_euca_node_info(self, euca_managerCls, euca_creds):
node_dict = {'hostname': '', 'port': '', 'private_key': ''}
instance_id = self.instance.provider_alias
# Prepare and use the manager
euca_manager = euca_managerCls(**euca_creds)
node_ip = euca_manager.get_instance_node(instance_id)
# Find the matching node
try:
core_node = NodeController.objects.get(alias=node_ip)
node_dict['hostname'] = core_node.hostname
node_dict['port'] = core_node.port
node_dict['private_key'] = core_node.private_ssh_key
except NodeController.DoesNotExist:
logger.error("Must create a nodecontroller for IP: %s" % node_ip)
# Return a dict containing information on how to SCP to the node
return node_dict
def get_euca_node_info(self, euca_managerCls, euca_creds):
node_dict = {'hostname': '', 'port': '', 'private_key': ''}
instance_id = self.instance.provider_alias
# Prepare and use the manager
euca_manager = euca_managerCls(**euca_creds)
node_ip = euca_manager.get_instance_node(instance_id)
# Find the matching node
try:
core_node = NodeController.objects.get(alias=node_ip)
node_dict['hostname'] = core_node.hostname
node_dict['port'] = core_node.port
node_dict['private_key'] = core_node.private_ssh_key
except NodeController.DoesNotExist:
logger.error("Must create a nodecontroller for IP: %s" % node_ip)
# Return a dict containing information on how to SCP to the node
return node_dict
def create_new_accounts(username, selected_provider=None):
user = AtmosphereUser.objects.get(username=username)
if not user.is_valid():
raise InvalidUser("The account %s is not yet valid." % username)
providers = get_available_providers()
identities = []
if not providers:
logger.error("No currently active providers")
return identities
if selected_provider and selected_provider not in providers:
logger.error("The provider %s is NOT in the list of currently active providers. Account will not be created" % selected_provider)
return identities
for provider in providers:
new_identity = create_new_account_for(provider, user)
if new_identity:
identities.append(new_identity)
return identities
def deploy_failed(task_uuid, driverCls, provider, identity, instance_id, **celery_task_args):
from core.models.instance import Instance
from core.email import send_deploy_failed_email
try:
logger.debug("deploy_failed task started at %s." % datetime.now())
logger.info("task_uuid=%s" % task_uuid)
result = app.AsyncResult(task_uuid)
with allow_join_result():
exc = result.get(propagate=False)
err_str = "DEPLOYERROR::%s" % (result.traceback,)
logger.error(err_str)
driver = get_driver(driverCls, provider, identity)
instance = driver.get_instance(instance_id)
update_instance_metadata(driver, instance, data={"tmp_status": "deploy_error"}, replace=False)
logger.debug("deploy_failed task finished at %s." % datetime.now())
except Exception as exc:
logger.warn(exc)
deploy_failed.retry(exc=exc)
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
allocation_source_id = data.get('allocation_source_id')
project_uuid = data.get('project')
if not name:
error_map['name'] = "This field is required."
if not project_uuid:
error_map['project'] = "This field is required."
try:
user.all_projects().filter(uuid=project_uuid)
except ValueError:
error_map['project'
] = "Properly formed hexadecimal UUID string required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if not allocation_source_id:
error_map['allocation_source_id'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error(
"User %s does not have permission to use identity %s" %
(user, identity)
)
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
def _get_providers(username, selected_provider=None):
from core.models import Provider
user = AtmosphereUser.objects.get(username=username)
public_providers = Provider.objects.filter(only_current(),
active=True,
public=True)
providers = user.current_providers.filter(only_current(), active=True)
if not providers:
providers = public_providers
else:
providers |= public_providers
if selected_provider and providers and selected_provider not in providers:
logger.error(
"The provider %s is NOT in the list of currently active providers. Account will not be created"
% selected_provider)
return (user, providers.none())
return (user, providers)
def validate_input(self, user, data):
error_map = {}
name = data.get('name')
identity_uuid = data.get('identity')
source_alias = data.get('source_alias')
size_alias = data.get('size_alias')
allocation_source_id = data.get('allocation_source_id')
project_uuid = data.get('project')
if not name:
error_map['name'] = "This field is required."
if not project_uuid:
error_map['project'] = "This field is required."
try:
user.all_projects().filter(uuid=project_uuid)
except ValueError:
error_map['project'
] = "Properly formed hexadecimal UUID string required."
if not identity_uuid:
error_map['identity'] = "This field is required."
if not source_alias:
error_map['source_alias'] = "This field is required."
if not size_alias:
error_map['size_alias'] = "This field is required."
if not allocation_source_id:
error_map['allocation_source_id'] = "This field is required."
if error_map:
raise Exception(error_map)
try:
identity = Identity.objects.get(uuid=identity_uuid)
# Staff or owner ONLY
if not user.is_staff and identity.created_by != user:
logger.error(
"User %s does not have permission to use identity %s" %
(user, identity)
)
raise Identity.DoesNotExist("You are not the owner")
except Identity.DoesNotExist:
error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
raise Exception(error_map)
return
