def get_disabled_quotas(request): disabled_quotas = [] # Cinder if not base.is_service_enabled(request, 'volume'): disabled_quotas.extend(CINDER_QUOTA_FIELDS) # Neutron if not base.is_service_enabled(request, 'network'): disabled_quotas.extend(NEUTRON_QUOTA_FIELDS) else: # Remove the nova network quotas disabled_quotas.extend(['floating_ips', 'fixed_ips']) if neutron.is_security_group_extension_supported(request): # If Neutron security group is supported, disable Nova quotas disabled_quotas.extend(['security_groups', 'security_group_rules']) else: # If Nova security group is used, disable Neutron quotas disabled_quotas.extend(['security_group', 'security_group_rule']) try: if not neutron.is_quotas_extension_supported(request): disabled_quotas.extend(NEUTRON_QUOTA_FIELDS) except Exception: LOG.exception("There was an error checking if the Neutron " "quotas extension is enabled.") return disabled_quotas
def __init__(self, request): neutron_enabled = base.is_service_enabled(request, 'network') if neutron_enabled: self.floating_ips = neutron.FloatingIpManager(request) else: self.floating_ips = nova.FloatingIpManager(request) if (neutron_enabled and neutron.is_security_group_extension_supported(request)): self.secgroups = neutron.SecurityGroupManager(request) else: self.secgroups = nova.SecurityGroupManager(request)
def get_volume_snapshots_data(self): if base.is_service_enabled(self.request, 'volume'): try: snapshots = api.cinder.volume_snapshot_list(self.request) volumes = api.cinder.volume_list(self.request) volumes = dict((v.id, v) for v in volumes) except Exception: snapshots = [] volumes = {} exceptions.handle(self.request, _("Unable to retrieve " "volume snapshots.")) for snapshot in snapshots: volume = volumes.get(snapshot.volume_id) setattr(snapshot, '_volume', volume) else: snapshots = [] return snapshots
def tenant_limit_usages(request): limits = {} try: limits.update(nova.tenant_absolute_limits(request)) except Exception: msg = _("Unable to retrieve compute limit information.") exceptions.handle(request, msg) if base.is_service_enabled(request, 'volume'): try: limits.update(cinder.tenant_absolute_limits(request)) volumes = cinder.volume_list(request) total_size = sum([getattr(volume, 'size', 0) for volume in volumes]) limits['gigabytesUsed'] = total_size limits['volumesUsed'] = len(volumes) except Exception: msg = _("Unable to retrieve volume limit information.") exceptions.handle(request, msg) return limits
def tenant_limit_usages(request): limits = {} try: limits.update(nova.tenant_absolute_limits(request)) except Exception: msg = _("Unable to retrieve compute limit information.") exceptions.handle(request, msg) if base.is_service_enabled(request, 'volume'): try: limits.update(cinder.tenant_absolute_limits(request)) volumes = cinder.volume_list(request) total_size = sum( [getattr(volume, 'size', 0) for volume in volumes]) limits['gigabytesUsed'] = total_size limits['volumesUsed'] = len(volumes) except Exception: msg = _("Unable to retrieve volume limit information.") exceptions.handle(request, msg) return limits
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] domain_id = '' # update project info try: project = api.keystone.tenant_update( request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) # Use the domain_id from the project if available domain_id = getattr(project, "domain_id", None) except Exception: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user( self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [ role for role in current_roles if role.name.lower() == 'admin' ] if len(admin_roles): removing_admin = any( [role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle( request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % { 'users_to_modify': users_to_modify, 'group_msg': group_msg }) return True if PROJECT_GROUP_ENABLED: # update project groups groups_to_modify = 0 member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) try: # Get the groups currently associated with this project so we # can diff against it. project_groups = api.keystone.group_list(request, domain=domain_id, project=project_id) groups_to_modify = len(project_groups) for group in project_groups: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_group( self.request, group=group.id, project=project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the group is in the list of groups with # this role. field_name = member_step.get_member_field_name(role.id) if group.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # group role has changed api.keystone.add_group_role(request, role=role.id, group=group.id, project=project_id) else: # Group role is unchanged, so remove it from # the remaining roles list to avoid removing it # later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Revoke any removed roles. for id_to_delete in current_role_ids: api.keystone.remove_group_role(request, role=id_to_delete, group=group.id, project=project_id) groups_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many groups may be added for error handling. groups_to_modify += len(data[field_name]) for role in available_roles: groups_added = 0 field_name = member_step.get_member_field_name(role.id) for group_id in data[field_name]: if not filter(lambda x: group_id == x.id, project_groups): api.keystone.add_group_role(request, role=role.id, group=group_id, project=project_id) groups_added += 1 groups_to_modify -= groups_added except Exception: exceptions.handle( request, _('Failed to modify %s project ' 'members, update project groups ' 'and update project quotas.' % groups_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # create the project domain_id = data['domain_id'] try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_id) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle( request, _('Failed to add %(users_to_add)s ' 'project members%(group_msg)s and ' 'set project quotas.') % { 'users_to_add': users_to_add, 'group_msg': group_msg }) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle( request, _('Failed to add %s project groups ' 'and update project quotas.' % groups_to_add)) # Update the project quota. nova_data = dict([(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] domain_id = '' # update project info try: project = api.keystone.tenant_update( request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) # Use the domain_id from the project if available domain_id = getattr(project, "domain_id", None) except Exception: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user(self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [role for role in current_roles if role.name.lower() == 'admin'] if len(admin_roles): removing_admin = any([role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle(request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % {'users_to_modify': users_to_modify, 'group_msg': group_msg}) return True if PROJECT_GROUP_ENABLED: # update project groups groups_to_modify = 0 member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) try: # Get the groups currently associated with this project so we # can diff against it. project_groups = api.keystone.group_list(request, domain=domain_id, project=project_id) groups_to_modify = len(project_groups) for group in project_groups: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_group( self.request, group=group.id, project=project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the group is in the list of groups with # this role. field_name = member_step.get_member_field_name(role.id) if group.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # group role has changed api.keystone.add_group_role( request, role=role.id, group=group.id, project=project_id) else: # Group role is unchanged, so remove it from # the remaining roles list to avoid removing it # later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Revoke any removed roles. for id_to_delete in current_role_ids: api.keystone.remove_group_role(request, role=id_to_delete, group=group.id, project=project_id) groups_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many groups may be added for error handling. groups_to_modify += len(data[field_name]) for role in available_roles: groups_added = 0 field_name = member_step.get_member_field_name(role.id) for group_id in data[field_name]: if not filter(lambda x: group_id == x.id, project_groups): api.keystone.add_group_role(request, role=role.id, group=group_id, project=project_id) groups_added += 1 groups_to_modify -= groups_added except Exception: exceptions.handle(request, _('Failed to modify %s project ' 'members, update project groups ' 'and update project quotas.' % groups_to_modify)) return True # update the project quota nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # create the project domain_id = data['domain_id'] try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_id) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s ' 'project members%(group_msg)s and ' 'set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle(request, _('Failed to add %s project groups ' 'and update project quotas.' % groups_to_add)) # Update the project quota. nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True