def user_create(request, name=None, email=None, password=None, project=None,
enabled=None, domain=None):
manager = keystoneclient(request, admin=True).users
try:
if VERSIONS.active < 3:
user = manager.create(name, password, email, project, enabled)
return VERSIONS.upgrade_v2_user(user)
else:
return manager.create(name, password=password, email=email,
project=project, enabled=enabled,
domain=domain)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def swift_delete_container(request, name):
# It cannot be deleted if it's not empty. The batch remove of objects
# be done in swiftclient instead of Horizon.
objects, more = swift_get_objects(request, name)
if objects:
error_msg = unicode(
_("The container cannot be deleted "
"since it's not empty."))
exc = exceptions.Conflict(error_msg)
exc._safe_message = error_msg
raise exc
swift_api(request).delete_container(name)
return True
def identity_provider_update(request,
idp_id,
description=None,
enabled=False,
remote_ids=None):
manager = keystoneclient(request, admin=True).federation.identity_providers
try:
return manager.update(idp_id,
description=description,
enabled=enabled,
remote_ids=remote_ids)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def tenant_create(request,
name,
description=None,
enabled=None,
domain=None,
**kwargs):
manager = VERSIONS.get_project_manager(request, admin=True)
try:
return manager.create(name,
domain,
description=description,
enabled=enabled,
**kwargs)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def rule_create(self, parent_group_id,
direction=None, ethertype=None,
ip_protocol=None, from_port=None, to_port=None,
cidr=None, group_id=None):
# Nova Security Group API does not use direction and ethertype fields.
try:
sg = self.client.security_group_rules.create(parent_group_id,
ip_protocol,
from_port,
to_port,
cidr,
group_id)
except nova_exceptions.BadRequest:
raise horizon_exceptions.Conflict(
_('Security group rule already exists.'))
return SecurityGroupRule(sg)
def delete(self, request, volume_id):
if id == 'default':
raise django.http.HttpResponseNotFound('default')
# need check if there is volumes created from this snapshot
volumes = api.cinder.volume_list(request)
in_use = False
for volume in volumes:
if volume.snapshot_id == volume_id:
in_use = True
break
if in_use:
msg = _("Unable to delete in use volume snapshot.")
raise exceptions.Conflict(msg)
api.cinder.volume_snapshot_delete(request, volume_id)
def swift_delete_folder(request, container_name, object_name):
objects, more = swift_get_objects(request, container_name,
prefix=object_name)
# In case the given object is pseudo folder,
# it can be deleted only if it is empty.
# swift_get_objects will return at least
# one object (i.e container_name) even if the
# given pseudo folder is empty. So if swift_get_objects
# returns more than one object then only it will be
# considered as non empty folder.
if len(objects) > 1:
error_msg = _("The pseudo folder cannot be deleted "
"since it is not empty.")
exc = exceptions.Conflict(error_msg)
raise exc
swift_api(request).delete_object(container_name, object_name)
return True
def cluster_template_update(request, ct_id, name, plugin_name,
hadoop_version, description=None,
cluster_configs=None, node_groups=None,
anti_affinity=None, net_id=None):
try:
template = client(request).cluster_templates.update(
cluster_template_id=ct_id,
name=name,
plugin_name=plugin_name,
hadoop_version=hadoop_version,
description=description,
cluster_configs=cluster_configs,
node_groups=node_groups,
anti_affinity=anti_affinity,
net_id=net_id)
except APIException as e:
raise exceptions.Conflict(e)
return template
def application_credential_create(request,
name,
secret=None,
description=None,
expires_at=None,
roles=None,
unrestricted=False):
user = request.user.id
manager = keystoneclient(request).application_credentials
try:
return manager.create(name=name,
user=user,
secret=secret,
description=description,
expires_at=expires_at,
roles=roles,
unrestricted=unrestricted)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def user_create(request,
name=None,
email=None,
password=None,
project=None,
enabled=None,
domain=None,
description=None,
**data):
manager = keystoneclient(request, admin=True).users
try:
return manager.create(name,
password=password,
email=email,
default_project=project,
enabled=enabled,
domain=domain,
description=description,
**data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def tenant_create(request,
name,
description=None,
enabled=None,
domain=None,
pool_type=None,
**kwargs):
manager = VERSIONS.get_project_manager(request, admin=True)
LOG.info("pool_type ========================%s" % pool_type)
try:
if VERSIONS.active < 3:
return manager.create(name, description, enabled, **kwargs)
else:
return manager.create(name,
domain,
pool_type=pool_type,
description=description,
enabled=enabled,
**kwargs)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def test_handle_translated(self):
translated_unicode = u'\u30b3\u30f3\u30c6\u30ca\u30fc\u304c' \
u'\u7a7a\u3067\u306f\u306a\u3044\u305f' \
u'\u3081\u3001\u524a\u9664\u3067\u304d' \
u'\u307e\u305b\u3093\u3002'
# Japanese translation of:
# 'Because the container is not empty, it can not be deleted.'
expected = ['error', force_text(translated_unicode), '']
req = self.request
req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
try:
raise exceptions.Conflict(translated_unicode)
except exceptions.Conflict:
exceptions.handle(req)
# The real test here is to make sure the handle method doesn't throw a
# UnicodeEncodeError, but making sure the message is correct could be
# useful as well.
self.assertItemsEqual(req.horizon['async_messages'], [expected])
def tenant_update(request,
project,
name=None,
description=None,
enabled=None,
domain=None,
**kwargs):
manager = VERSIONS.get_project_manager(request, admin=True)
try:
if VERSIONS.active < 3:
return manager.update(project, name, description, enabled,
**kwargs)
else:
return manager.update(project,
name=name,
description=description,
enabled=enabled,
domain=domain,
**kwargs)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def rule_create(self,
parent_group_id,
direction=None,
ethertype=None,
ip_protocol=None,
from_port=None,
to_port=None,
cidr=None,
group_id=None):
if not cidr:
cidr = None
if from_port < 0:
from_port = None
if to_port < 0:
to_port = None
if isinstance(ip_protocol, int) and ip_protocol < 0:
ip_protocol = None
body = {
'security_group_rule': {
'security_group_id': parent_group_id,
'direction': direction,
'ethertype': ethertype,
'protocol': ip_protocol,
'port_range_min': from_port,
'port_range_max': to_port,
'remote_ip_prefix': cidr,
'remote_group_id': group_id
}
}
try:
rule = self.client.create_security_group_rule(body)
except neutron_exc.Conflict:
raise exceptions.Conflict(_('Security group rule already exists.'))
rule = rule.get('security_group_rule')
sg_dict = self._sg_name_dict(parent_group_id, [rule])
return SecurityGroupRule(rule, sg_dict)
def update_users_roles(self, request, orig_users, users):
"""Edit user(s) of the target.
"""
orig_users = set(self.UserWithRoles.users_from_dict(orig_users))
users = set(self.UserWithRoles.users_from_dict(users))
to_add_users = users - orig_users
to_remove_users = orig_users - users
to_edit_users = orig_users & users
# NOTE(lzm): can't edit current user!
# TODO(lzm): check if admin role must be in current user
# when current user is in `to_edit_users`
current_user = {'id': request.user.id, 'name': request.user.username}
if self.UserWithRoles(current_user) in to_remove_users:
msg = _("Can't edit current user %s") % current_user['name']
raise exceptions.Conflict(msg)
for user in to_add_users:
self.add_user_roles(request, user)
for user in to_remove_users:
self.remove_user_roles(request, user)
for user in to_edit_users:
orig_roles = set(self._filter_user(orig_users, user.id).roles)
roles = set(self._filter_user(users, user.id).roles)
to_add_roles = roles - orig_roles
to_remove_roles = orig_roles - roles
edit_user = user.clone()
edit_user.roles = to_add_roles
self.add_user_roles(request, edit_user)
edit_user.roles = to_remove_roles
self.remove_user_roles(request, edit_user)
def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(
405, _("Identity service does not allow editing user data."))
# The v2 API updates user model, password and default project separately
if VERSIONS.active < 3:
password = data.pop('password')
project = data.pop('project')
# Update user details
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
except Exception:
error = exceptions.handle(request, ignore=True)
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(request,
_('User %s has no role defined for '
'that project.')
% data.get('name', None))
# If present, update password
# FIXME(gabriel): password change should be its own form + view
if password:
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to "
"continue."),
redirect=False
)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
# v3 API is so much simpler...
else:
if not data['password']:
data.pop('password')
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
if data.get('password') and user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."),
redirect=False
)
def protocol_create(request, protocol_id, identity_provider, mapping):
manager = keystoneclient(request).federation.protocols
try:
return manager.create(protocol_id, identity_provider, mapping)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def user_update(request, user, **data):
manager = keystoneclient(request, admin=True).users
error = None
if not keystone_can_edit_user():
raise keystone_exceptions.ClientException(
405, _("Identity service does not allow editing user data."))
# The v2 API updates user model and default project separately
if VERSIONS.active < 3:
# Update user details
try:
user = manager.update(user, **data)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
except Exception:
error = exceptions.handle(request, ignore=True)
if "project" in data:
project = data.pop('project')
password = data.pop('password')
# Update default tenant
try:
user_update_tenant(request, user, project)
user.tenantId = project
except Exception:
error = exceptions.handle(request, ignore=True)
# Check for existing roles
# Show a warning if no role exists for the project
user_roles = roles_for_user(request, user, project)
if not user_roles:
messages.warning(
request,
_('User %s has no role defined for '
'that project.') % data.get('name', None))
if password:
email = data.pop('email')
LOG.info("v2 password:%s email:%s" % (password, email))
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."
))
if email:
LOG.info("v2 send email")
send_mail(request, email, password)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
# v3 API is so much simpler...
else:
try:
user = manager.update(user, **data)
password = data.pop('password')
if password:
email = data.pop('email')
LOG.info("v3 password:%s email:%s" % (password, email))
try:
user_update_password(request, user, password)
if user.id == request.user.id:
return utils.logout_with_message(
request,
_("Password changed. Please log in again to continue."
))
if email:
LOG.info("v3 send email")
send_mail(request, email, password)
except Exception:
error = exceptions.handle(request, ignore=True)
if error is not None:
raise error
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
def mapping_create(request, mapping_id, rules):
manager = keystoneclient(request, admin=True).federation.mappings
try:
return manager.create(mapping_id=mapping_id, rules=rules)
except keystone_exceptions.Conflict:
raise exceptions.Conflict()
