def can_access(self, context): request = context['request'] public_region = keystone.is_public_region( request, 'community_network_topology') if public_region: return False return True
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'easystack_overview') if public_region: return False return True
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Instance_Snapshots') if public_region: return False return True
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'EasyStack_Admin') if public_region: return False is_access = super(EasyStack_Admin, self).can_access(context) cloud_admin = keystone.is_cloud_admin(request) v3, project_admin = keystone.is_project_admin(request) if v3: return is_access and cloud_admin and project_admin return is_access
def volume_snapshot_list(request, search_opts=None): c_client = cinderclient(request) if c_client is None: return [] if keystone.is_public_region(request): return [] else: return [ VolumeSnapshot(s) for s in c_client.volume_snapshots.list(search_opts=search_opts) ]
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Identity') if public_region: return False v3, domain_admin = keystone.is_domain_admin(request) v3, project_admin = keystone.is_project_admin(request) if v3: return super(Identity, self).can_access(context)\ and (domain_admin or project_admin) return super(Identity, self).can_access(context)
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Billing') if public_region: return False billing_enable = getattr(settings, 'ENABLE_BILLING', False) if not billing_enable or \ keystone.is_cloud_admin(request) or \ keystone.is_dedicated_context(request) or \ keystone.is_default_domain_member(request)[1]: return False return True
def ensure_volume_snapshots(request, volumes): if keystone.is_public_region(request): return volumes volumes_map = SortedDict([(i['id'], i) for i in volumes]) snapshot_list = api.cinder.volume_snapshot_list(request) for snapshot in snapshot_list: if snapshot.volume_id in volumes_map: volume = volumes_map[snapshot.volume_id] volume.setdefault('snapshots', []) volume['snapshots'].append(snapshot.to_dict()) return volumes
def openstack(request): """Context processor necessary for OpenStack Dashboard functionality. The following variables are added to the request context: ``authorized_tenants`` A list of tenant objects which the current user has access to. ``regions`` A dictionary containing information about region support, the current region, and available regions. """ context = {} # Auth/Keystone context context.setdefault('authorized_tenants', []) if request.user.is_authenticated(): context['authorized_tenants'] = [ tenant for tenant in request.user.authorized_tenants if tenant.enabled] context['ISPUBLICREGION'] = keystone.is_public_region(request) # Region context/support available_regions = getattr(settings, 'AVAILABLE_REGIONS', []) regions = {'support': len(available_regions) > 1, 'current': {'endpoint': request.session.get('region_endpoint'), 'name': request.session.get('region_name')}, 'available': [{'endpoint': region[0], 'name':region[1]} for region in available_regions]} context['regions'] = regions # Adding webroot access context['WEBROOT'] = getattr(settings, "WEBROOT", "/") context['DEBUG_TOAST_ENABLED'] = getattr(settings, "DEBUG_TOAST_ENABLED", False) context['LDAP_EDITABLE'] = getattr(settings, "LDAP_EDITABLE", True) context['MANA_BILLING_ENABLE'] = getattr( settings, "MANA_BILLING_ENABLE", False) context['LOADBALANCER_ENABLE'] = getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {}).get('enable_lb', False) context['MANA_ENABLE'] = getattr(settings, "MANA_ENABLE", False) context['MANILA_ENABLED'] = getattr(settings, "MANILA_ENABLED", False) context['TICKET_ENABLED'] = getattr(settings, "TICKET_ENABLED", False) context['DOMAIN_QUOTA_ENABLED'] = getattr(settings, "DOMAIN_QUOTA_ENABLED", False) notice_enable = getattr(settings, 'NOTICE_ENABLE', False) context['NOTICE_ENABLE'] = notice_enable context['EMAIL_ACTIVATION'] = getattr(settings, "EMAIL_ACTIVATION", True) context['RELEASE_NUM'] = getattr(settings, "RELEASE_NUM", '4.0.1') if notice_enable: context.update(notice.get_notice()) return context
def get(self, request): """Get a detailed list of volume snapshots associated with the current user's project. The listing result is an object with property "items". """ if keystone.is_public_region(request): return {'items':[]} result = api.cinder.volume_snapshot_list( request, search_opts=rest_utils.parse_filters_kwargs(request)[0] ) return {'items': [u.to_dict() for u in result]}
def get_disabled_quotas(request): disabled_quotas = [] # if aws_region disable network quotas, keypair quotas, snapshot quotas if keystone.is_public_region(request): disabled_quotas.extend(NEUTRON_QUOTA_FIELDS) disabled_quotas.extend([ 'key_pairs', 'snapshots', 'loadbalancer', 'pool', 'listener', 'backups' ]) # Cinder if not base.is_service_enabled(request, 'volume'): disabled_quotas.extend(CINDER_QUOTA_FIELDS) # Neutron if not getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {}).get( 'enable_lb', False): disabled_quotas.extend(LOADBALANCER_QUOTA_FIELDS) if not base.is_service_enabled(request, 'network'): disabled_quotas.extend(NEUTRON_QUOTA_FIELDS) else: # Remove the nova network quotas disabled_quotas.extend(['floating_ips', 'fixed_ips']) if neutron.is_extension_supported(request, 'security-group'): # If Neutron security group is supported, disable Nova quotas disabled_quotas.extend(['security_groups', 'security_group_rules']) else: # If Nova security group is used, disable Neutron quotas disabled_quotas.extend(['security_group', 'security_group_rule']) try: if not neutron.is_quotas_extension_supported(request): disabled_quotas.extend(NEUTRON_QUOTA_FIELDS) except Exception: LOG.exception("There was an error checking if the Neutron " "quotas extension is enabled.") return disabled_quotas
def can_access(self, context): # todo temporarily enabling panel for any user # request = context['request'] # if not request.user.has_perms(self.permissions): # return False # try: # if not neutron.is_service_enabled(request,` # config_name='enable_lb', # ext_name='lbaas'): # return False # except Exception: # LOG.error("Call to list enabled services failed. This is likely " # "due to a problem communicating with the Neutron " # "endpoint. Load Balancers panel will not be displayed") # return False # if not super(LoadBalancer, self).allowed(context): # return False request = context['request'] public_region = keystone.is_public_region(request, 'loadbalancersv2') if public_region: return False network_settings = getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {}) return network_settings.get('enable_lb', False)
def inner(request, *args, **kwargs): need_billing = enable_billing \ and not policy.check((("identity", "cloud_admin"),), request) \ and not keystone.is_dedicated_context(request) \ and not request.user.user_domain_id == 'default' \ and not keystone.is_public_region(request) # if we enable billing if need_billing: balance = get_balance(request) if balance <= 0: LOG.error("Account Balance is less than 0") raise exceptions.NotAuthenticated( "Account Balance is less than 0") # make sure product time be earlier than resource create time create_time = datetime.datetime.utcnow()\ .strftime("%Y-%m-%d %H:%M:%S") # do request result = func(request, *args, **kwargs) # if we enable billing, create a product if need_billing: try: if 'unit' in request.DATA: kwargs['unit'] = request.DATA['unit'] if (kwargs['unit'] == 'H'): kwargs['payment_type'] = 'post_paid' elif (kwargs['unit'] == 'M'): kwargs['payment_type'] = 'pre_paid' else: kwargs['payment_type'] = 'pre_paid' elif 'metadata' in request.DATA: if 'unit' in kwargs['metadata']: kwargs['unit'] = kwargs['metadata']['unit'] if (kwargs['unit'] == 'H'): kwargs['payment_type'] = 'post_paid' elif (kwargs['unit'] == 'M'): kwargs['payment_type'] = 'pre_paid' else: kwargs['payment_type'] = 'pre_paid' else: kwargs['unit'] = 'H' kwargs['payment_type'] = 'post_paid' elif 'loadbalancer' in request.DATA: if 'unit' in request.DATA['loadbalancer']: kwargs['unit'] = request.DATA['loadbalancer'][ 'unit'] if (kwargs['unit'] == 'H'): kwargs['payment_type'] = 'post_paid' elif (kwargs['unit'] == 'M'): kwargs['payment_type'] = 'pre_paid' else: kwargs['payment_type'] = 'pre_paid' else: kwargs['unit'] = 'H' kwargs['payment_type'] = 'post_paid' else: kwargs['unit'] = 'H' kwargs['payment_type'] = 'post_paid' _create_product(request, result, create_time, *args, **kwargs) except Exception as e: LOG.error(e) # TODO(need to fix): # raise exception to Servers post() in rest/nova.py raise e return result
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Alerts') if public_region: return False return False
def get_tenant_quota_data(request, disabled_quotas=None, tenant_id=None): qs = _get_quota_data(request, "tenant_quota_get", disabled_quotas=disabled_quotas, tenant_id=tenant_id) # TODO(jpichon): There is no API to get the default system quotas # in Neutron (cf. LP#1204956), so for now handle tenant quotas here. # This should be handled in _get_quota_data() eventually. if not disabled_quotas: return qs # Check if neutron is enabled by looking for network and router if 'network' not in disabled_quotas and 'router' not in disabled_quotas: tenant_id = tenant_id or request.user.tenant_id neutron_quotas = neutron.tenant_quota_get(request, tenant_id) if 'floating_ips' in disabled_quotas: # Neutron with quota extension disabled if 'floatingip' in disabled_quotas: qs.add(base.QuotaSet({'floating_ips': -1})) # Neutron with quota extension enabled else: # Rename floatingip to floating_ips since that's how it's # expected in some places (e.g. Security & Access' Floating IPs) fips_quota = neutron_quotas.get('floatingip').limit qs.add(base.QuotaSet({'floating_ips': fips_quota})) if 'security_groups' in disabled_quotas: if 'security_group' in disabled_quotas: qs.add(base.QuotaSet({'security_groups': -1})) # Neutron with quota extension enabled else: # Rename security_group to security_groups since that's how it's # expected in some places (e.g. Security & Access' Security Groups) sec_quota = neutron_quotas.get('security_group').limit qs.add(base.QuotaSet({'security_groups': sec_quota})) if 'network' in disabled_quotas: for item in qs.items: if item.name == 'networks': qs.items.remove(item) break else: net_quota = neutron_quotas.get('network').limit qs.add(base.QuotaSet({'networks': net_quota})) if 'subnet' in disabled_quotas: for item in qs.items: if item.name == 'subnets': qs.items.remove(item) break else: net_quota = neutron_quotas.get('subnet').limit qs.add(base.QuotaSet({'subnets': net_quota})) if 'router' in disabled_quotas: for item in qs.items: if item.name == 'routers': qs.items.remove(item) break else: router_quota = neutron_quotas.get('router').limit qs.add(base.QuotaSet({'routers': router_quota})) if not keystone.is_public_region(request): if 'loadbalancer' in disabled_quotas: for item in qs.items: if item.name == 'loadbalancers': qs.items.remove(item) break else: loadbalancer_quota = neutron_quotas.get('loadbalancer').limit qs.add(base.QuotaSet({'loadbalancers': loadbalancer_quota})) if 'listener' in disabled_quotas: for item in qs.items: if item.name == 'listeners': qs.items.remove(item) break else: listener_quota = neutron_quotas.get('listener').limit qs.add(base.QuotaSet({'listeners': listener_quota})) if 'healthmonitor' in disabled_quotas: for item in qs.items: if item.name == 'healthmonitors': qs.items.remove(item) break else: healthmonitor_quota = neutron_quotas.get('healthmonitor').limit qs.add(base.QuotaSet({'healthmonitors': healthmonitor_quota})) if 'pool' in disabled_quotas: for item in qs.items: if item.name == 'pools': qs.items.remove(item) break else: pool_quota = neutron_quotas.get('pool').limit qs.add(base.QuotaSet({'pools': pool_quota})) if 'port' in disabled_quotas: for item in qs.items: if item.name == 'ports': qs.items.remove(item) break else: port_quota = neutron_quotas.get('port').limit qs.add(base.QuotaSet({'ports': port_quota})) return qs
def _get_neutron_quota(request, tenant_id, disabled_quotas): quotasets = [] qs = base.QuotaSet() # Check if neutron is enabled by looking for network and router if 'network' not in disabled_quotas and 'router' not in disabled_quotas: tenant_id = tenant_id or request.user.tenant_id neutron_quotas = neutron.tenant_quota_get(request, tenant_id) if 'floating_ips' in disabled_quotas: # Neutron with quota extension disabled if 'floatingip' in disabled_quotas: qs.add(base.QuotaSet({'floating_ips': -1})) # Neutron with quota extension enabled else: # Rename floatingip to floating_ips since that's how it's # expected in some places (e.g. Security & Access' Floating IPs) fips_quota = neutron_quotas.get('floatingip').limit qs.add(base.QuotaSet({'floating_ips': fips_quota})) if 'security_groups' in disabled_quotas: if 'security_group' in disabled_quotas: qs.add(base.QuotaSet({'security_groups': -1})) # Neutron with quota extension enabled else: # Rename security_group to security_groups since that's how it's # expected in some places (e.g. Security & Access' Security Groups) sec_quota = neutron_quotas.get('security_group').limit qs.add(base.QuotaSet({'security_groups': sec_quota})) if 'network' in disabled_quotas: for item in qs.items: if item.name == 'networks': qs.items.remove(item) break else: net_quota = neutron_quotas.get('network').limit qs.add(base.QuotaSet({'networks': net_quota})) if 'subnet' in disabled_quotas: for item in qs.items: if item.name == 'subnets': qs.items.remove(item) break else: net_quota = neutron_quotas.get('subnet').limit qs.add(base.QuotaSet({'subnets': net_quota})) if 'router' in disabled_quotas: for item in qs.items: if item.name == 'routers': qs.items.remove(item) break else: router_quota = neutron_quotas.get('router').limit qs.add(base.QuotaSet({'routers': router_quota})) if not keystone.is_public_region(request): if 'loadbalancer' in disabled_quotas: for item in qs.items: if item.name == 'loadbalancers': qs.items.remove(item) break else: loadbalancer_quota = neutron_quotas.get('loadbalancer').limit qs.add(base.QuotaSet({'loadbalancers': loadbalancer_quota})) if 'listener' in disabled_quotas: for item in qs.items: if item.name == 'listeners': qs.items.remove(item) break else: listener_quota = neutron_quotas.get('listener').limit qs.add(base.QuotaSet({'listeners': listener_quota})) if 'healthmonitor' in disabled_quotas: for item in qs.items: if item.name == 'healthmonitors': qs.items.remove(item) break else: healthmonitor_quota = neutron_quotas.get('healthmonitor').limit qs.add(base.QuotaSet({'healthmonitors': healthmonitor_quota})) if 'pool' in disabled_quotas: for item in qs.items: if item.name == 'pools': qs.items.remove(item) break else: pool_quota = neutron_quotas.get('pool').limit qs.add(base.QuotaSet({'pools': pool_quota})) if 'port' in disabled_quotas: for item in qs.items: if item.name == 'ports': qs.items.remove(item) break else: port_quota = neutron_quotas.get('port').limit qs.add(base.QuotaSet({'ports': port_quota})) return qs
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Security_Groups') if public_region: return False return True
def get(self, request): enable_billing = False if not keystone.is_public_region(request): if not keystone.is_dedicated_context(request): enable_billing = getattr(settings, 'ENABLE_BILLING', True) return rest_utils.JSONResponse(enable_billing, 200)
def get(self, request): if not keystone.is_public_region(request): fixing = billing.get_active_pricefixing(request) if fixing is None: return rest_utils.JSONResponse(False, 200) return rest_utils.JSONResponse(True, 200)
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Volume Backups') if public_region: return False return True
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'FloatingIP') if public_region: return False return True
def can_access(self, context): request = context['request'] public_region = keystone.is_public_region(request, 'Tickets') if public_region: return False return getattr(settings, "TICKET_ENABLED", False)