コード例 #1
0
ファイル: glance.py プロジェクト: bopopescu/nova-19 
def _translate_plain_exception(exc_value):
    if isinstance(exc_value,
                  (glanceclient.exc.Forbidden, glanceclient.exc.Unauthorized)):
        return exception.Forbidden(six.text_type(exc_value))
    if isinstance(exc_value, glanceclient.exc.NotFound):
        return exception.NotFound(six.text_type(exc_value))
    if isinstance(exc_value, glanceclient.exc.BadRequest):
        return exception.Invalid(six.text_type(exc_value))
    return exc_value
コード例 #2
0
    def create_isolated_vdc_network(self,
                                    vdc_name,
                                    network_name,
                                    gateway_name,
                                    start_address,
                                    end_address,
                                    gateway_ip,
                                    netmask,
                                    dns1=None,
                                    dns2=None,
                                    dns_suffix=None):
        vdc = self.get_vdc(vdc_name)
        iprange = IpRangeType(StartAddress=start_address,
                              EndAddress=end_address)
        ipranges = IpRangesType(IpRange=[iprange])
        ipscope = IpScopeType(IsInherited=False,
                              Gateway=gateway_ip,
                              Netmask=netmask,
                              Dns1=dns1,
                              Dns2=dns2,
                              DnsSuffix=dns_suffix,
                              IpRanges=ipranges)
        ipscopes = IpScopesType(IpScope=[ipscope])

        configuration = NetworkConfigurationType(IpScopes=ipscopes,
                                                 FenceMode="isolated")
        net = OrgVdcNetworkType(name=network_name,
                                Description="Network created name is " +
                                network_name,
                                EdgeGateway=None,
                                Configuration=configuration,
                                IsShared=False)
        namespacedef = 'xmlns="http://www.vmware.com/vcloud/v1.5"'
        content_type = "application/vnd.vmware.vcloud.orgVdcNetwork+xml"
        body = '<?xml version="1.0" encoding="UTF-8"?>{0}'.format(
            CommonUtils.convertPythonObjToStr(net,
                                              name='OrgVdcNetwork',
                                              namespacedef=namespacedef))
        postlink = filter(lambda link: link.get_type() == content_type,
                          vdc.get_Link())[0].href
        headers = self.vcloud_session.get_vcloud_headers()
        headers["Content-Type"] = content_type
        response = requests.post(postlink,
                                 data=body,
                                 headers=headers,
                                 verify=self.verify)

        if response.status_code == requests.codes.forbidden:
            raise exception.Forbidden("Create_isolated_vdc_network error, " +
                                      "network_name:" + network_name)
        if response.status_code == requests.codes.created:
            network = networkType.parseString(response.content, True)
            task = network.get_Tasks().get_Task()[0]
            return (True, task)
        else:
            return (False, response.content)
コード例 #3
0
    def delete_key(self, ctxt, key_id, **kwargs):
        """Deletes the key identified by the specified id.

        A Forbidden exception is raised if the context is None and a
        KeyError is raised if the UUID is invalid.
        """
        if ctxt is None:
            raise exception.Forbidden()

        del self.keys[key_id]
コード例 #4
0
ファイル: conf_key_mgr.py プロジェクト: eepalms/CloudMonatt 
    def store(self, context, managed_object, **kwargs):
        """Stores (i.e., registers) a key with the key manager."""
        if context is None:
            raise exception.Forbidden()

        if managed_object != self._get_key():
            raise exception.KeyManagerError(
                reason="cannot store arbitrary keys")

        return self.key_id
コード例 #5
0
    def get_key(self, ctxt, key_id, **kwargs):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if ctxt is None:
            raise exception.Forbidden()

        return self.keys[key_id]
コード例 #6
0
ファイル: conf_key_mgr.py プロジェクト: eepalms/CloudMonatt 
    def create_key(self, context, algorithm, length, **kwargs):
        """Creates a symmetric key.

        This implementation returns a UUID for the key read from the
        configuration file. A Forbidden exception is raised if the
        specified context is None.
        """
        if context is None:
            raise exception.Forbidden()

        return self.key_id
コード例 #7
0
    def create_key(self, ctxt, **kwargs):
        """Creates a key.

        This implementation returns a UUID for the created key. A
        Forbidden exception is raised if the specified context is None.
        """
        if ctxt is None:
            raise exception.Forbidden()

        key = self._generate_key(**kwargs)
        return self.store_key(ctxt, key)
コード例 #8
0
    def delete(self, context, managed_object_id):
        """Represents deleting the key.

        Simply delete the key from our list of keys.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id not in self._passphrases:
            raise exception.KeyManagerError(
                reason="cannot delete non-existent secret")

        del self._passphrases[managed_object_id]
コード例 #9
0
    def get(self, context, managed_object_id):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id not in self._passphrases:
            raise KeyError('cannot retrieve non-existent secret')

        return self._passphrases[managed_object_id]
コード例 #10
0
    def store(self, context, managed_object, **kwargs):
        """Stores (i.e., registers) a passphrase with the key manager."""
        if context is None:
            raise exception.Forbidden()

        if not isinstance(managed_object, passphrase.Passphrase):
            raise exception.KeyManagerError(
                reason='cannot store anything except passphrases')

        uuid = uuidutils.generate_uuid()
        managed_object._id = uuid  # set the id to simulate persistence
        self._passphrases[uuid] = managed_object

        return uuid
コード例 #11
0
 def get_task_result(self, task):
     """
     Wait the task finished, and return the result
     """
     headers = self.vcloud_session.get_vcloud_headers()
     headers["Content-Type"] = "application/vnd.vmware.vcloud.task+xml"
     response = requests.get(task.href, headers=headers, verify=self.verify)
     if response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Create_isolated_vdc_network error, " +
                                   "network_name:" + network_name)
     if response.status_code == requests.codes.ok:
         doc = self.parsexml_(response.content)
         return doc.attrib
     return {'status': "Error"}
コード例 #12
0
 def get_isolated_network_href(self, vdc_name, network_name):
     vdc = self.get_vdc(vdc_name)
     link = filter(lambda link: link.get_rel() == "orgVdcNetworks",
                   vdc.get_Link())
     response = requests.get(
         link[0].get_href(),
         headers=self.vcloud_session.get_vcloud_headers(),
         verify=self.verify)
     queryResultRecords = queryRecordViewType.parseString(
         response.content, True)
     if response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Get_isolated_network_href error, " +
                                   "network_name:" + network_name)
     if response.status_code == requests.codes.ok:
         for record in queryResultRecords.get_Record():
             if record.name == network_name:
                 return record.href
     elif response.status_code == requests.codes.forbidden:
         raise exception.Forbidden("Get_isolated_network_href forbidden, " +
                                   "network_name:" + network_name)
     else:
         raise exception.NovaException("Get_isolated_network_href error, " +
                                       " response:" + response)
コード例 #13
0
ファイル: conf_key_mgr.py プロジェクト: eepalms/CloudMonatt 
    def get(self, context, managed_object_id):
        """Retrieves the key identified by the specified id.

        This implementation returns the key that is associated with the
        specified UUID. A Forbidden exception is raised if the specified
        context is None; a KeyError is raised if the UUID is invalid.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id != self.key_id:
            raise KeyError(str(managed_object_id) + " != " + str(self.key_id))

        return self._get_key()
コード例 #14
0
    def _get_barbican_client(self, ctxt):
        """Creates a client to connect to the Barbican service.

        :param ctxt: the user context for authentication
        :return: a Barbican Client object
        :raises Forbidden: if the ctxt is None
        """

        if not self._barbican_client:
            # Confirm context is provided, if not raise forbidden
            if not ctxt:
                msg = _("User is not authorized to use key manager.")
                LOG.error(msg)
                raise exception.Forbidden(msg)

            try:
                _SESSION = session.Session.load_from_conf_options(
                    CONF, BARBICAN_OPT_GROUP)

                auth = ctxt.get_auth_plugin()
                service_type, service_name, interface = (
                    CONF.barbican.catalog_info.split(':'))
                region_name = CONF.barbican.os_region_name
                service_parameters = {
                    'service_type': service_type,
                    'service_name': service_name,
                    'interface': interface,
                    'region_name': region_name
                }

                if CONF.barbican.endpoint_template:
                    self._base_url = (CONF.barbican.endpoint_template %
                                      ctxt.to_dict())
                else:
                    self._base_url = _SESSION.get_endpoint(
                        auth, **service_parameters)

                # the barbican endpoint can't have the '/v1' on the end
                self._barbican_endpoint = self._base_url.rpartition('/')[0]

                sess = session.Session(auth=auth)
                self._barbican_client = barbican_client.Client(
                    session=sess, endpoint=self._barbican_endpoint)

            except Exception as e:
                with excutils.save_and_reraise_exception():
                    LOG.error(_LE("Error creating Barbican client: %s"), e)

        return self._barbican_client
コード例 #15
0
ファイル: conf_key_mgr.py プロジェクト: eepalms/CloudMonatt 
    def delete(self, context, managed_object_id):
        """Represents deleting the key.

        Because the ConfKeyManager has only one key, which is read from the
        configuration file, the key is not actually deleted when this is
        called.
        """
        if context is None:
            raise exception.Forbidden()

        if managed_object_id != self.key_id:
            raise exception.KeyManagerError(
                reason="cannot delete non-existent key")

        LOG.warning(_LW("Not deleting key %s"), managed_object_id)
コード例 #16
0
ファイル: cinder.py プロジェクト: woraser/nova 
 def wrapper(self, ctx, *args, **kwargs):
     try:
         res = method(self, ctx, *args, **kwargs)
     except (cinder_exception.ConnectionError,
             keystone_exception.ConnectionError) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.CinderConnectionFailed(reason=err_msg))
     except (keystone_exception.BadRequest,
             cinder_exception.BadRequest) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.InvalidInput(reason=err_msg))
     except (keystone_exception.Forbidden,
             cinder_exception.Forbidden) as exc:
         err_msg = encodeutils.exception_to_unicode(exc)
         _reraise(exception.Forbidden(err_msg))
     return res
コード例 #17
0
 def wrapper(self, ctx, *args, **kwargs):
     try:
         res = method(self, ctx, *args, **kwargs)
     except (cinder_exception.ConnectionError,
             keystone_exception.ConnectionError):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(
             exception.CinderConnectionFailed(
                 reason=six.text_type(exc_value)))
     except (keystone_exception.BadRequest, cinder_exception.BadRequest):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(exception.InvalidInput(reason=six.text_type(exc_value)))
     except (keystone_exception.Forbidden, cinder_exception.Forbidden):
         exc_type, exc_value, exc_trace = sys.exc_info()
         _reraise(exception.Forbidden(six.text_type(exc_value)))
     return res
コード例 #18
0
    def delete_isolated_vdc_network(self, vdc_name, network_name):
        netref = self.get_isolated_network_href(vdc_name, network_name)
        if netref is None:
            return (True, None)
        response = requests.delete(
            netref,
            headers=self.vcloud_session.get_vcloud_headers(),
            verify=self.verify)

        if response.status_code == requests.codes.forbidden:
            raise exception.Forbidden("Delete_isolated_vdc_network error, " +
                                      "network_name:" + network_name)
        if response.status_code == requests.codes.accepted:
            task = taskType.parseString(response.content, True)
            return (True, task)
        else:
            return (False, response.content)
コード例 #19
0
ファイル: test_glance.py プロジェクト: yatinkumbhare/nova 
    def test_detail_client_failure(self, is_avail_mock, trans_from_mock,
                                   ext_query_mock, reraise_mock):
        params = {}
        ext_query_mock.return_value = params
        raised = exception.Forbidden()
        client = mock.MagicMock()
        client.call.side_effect = glanceclient.exc.Forbidden
        ctx = mock.sentinel.ctx
        reraise_mock.side_effect = raised
        service = glance.GlanceImageService(client)

        with testtools.ExpectedException(exception.Forbidden):
            service.detail(ctx, **params)

        client.call.assert_called_once_with(ctx, 1, 'list')
        self.assertFalse(is_avail_mock.called)
        self.assertFalse(trans_from_mock.called)
        reraise_mock.assert_called_once_with()
コード例 #20
0
 def clone(self, image_location, dest_name, dest_pool=None):
     _fsid, pool, image, snapshot = self.parse_url(
             image_location['url'])
     LOG.debug('cloning %(pool)s/%(img)s@%(snap)s to '
               '%(dest_pool)s/%(dest_name)s',
               dict(pool=pool, img=image, snap=snapshot,
                    dest_pool=dest_pool, dest_name=dest_name))
     with RADOSClient(self, str(pool)) as src_client:
         with RADOSClient(self, dest_pool) as dest_client:
             try:
                 RbdProxy().clone(src_client.ioctx,
                                  image,
                                  snapshot,
                                  dest_client.ioctx,
                                  str(dest_name),
                                  features=src_client.features)
             except rbd.PermissionError:
                 raise exception.Forbidden(_('no write permission on '
                                             'storage pool %s') % dest_pool)
コード例 #21
0
 def get_vdc(self, vdc_name):
     if self.vcloud_session and self.vcloud_session.organization:
         refs = filter(
             lambda ref: ref.name == vdc_name and ref.type_ ==
             'application/vnd.vmware.vcloud.vdc+xml',
             self.vcloud_session.organization.Link)
         if len(refs) == 1:
             self.response = requests.get(
                 refs[0].href,
                 headers=self.vcloud_session.get_vcloud_headers(),
                 verify=self.verify)
             if self.response.status_code == requests.codes.ok:
                 # print self.response.content
                 return vdcType.parseString(self.response.content, True)
         elif response.status_code == requests.codes.forbidden:
             raise exception.Forbidden("Get_vdc forbidden, " + "vdc_name:" +
                                       vdc_name)
         else:
             raise exception.NovaException("Get_vdc error, " + "response:" +
                                           response)
コード例 #22
0
 def network_api_disassociate(self, context, instance, address):
     raise exception.Forbidden()
コード例 #23
0
 def index(self, req):
     raise exception.Forbidden()
コード例 #24
0
def require_context(ctxt):
    """Raise exception.Forbidden() if context is not a user or an
    admin context.
    """
    if not ctxt.is_admin and not is_user_context(ctxt):
        raise exception.Forbidden()
コード例 #25
0
def authorize_root_or_parent_project_context(context, project_id):
    """Ensures a request has permission to access root or parent project"""
    if not context.project_id:
        raise exception.Forbidden()
    elif context.project_id != project_id:
        raise exception.Forbidden()
コード例 #26
0
 def get_processed_exception(ec2_response_error_exc):
     if ec2_response_error_exc.error_code == "AuthFailure":
         return exception.Forbidden("Please check AWS credentials")
     if ec2_response_error_exc.error_code == "InvalidAMIID.NotFound":
         return exception.ImageNotFoundEC2("Invalid Image")
     return exception.NovaException(ec2_response_error_exc.message)