def _update_project_quota(self, request, data, project_id): # Update the project quota. nova_data = dict([(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) if is_m1_user_admin(self.request): tenant_quota_update_nova(request, project_id, **nova_data) else: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) if is_m1_user_admin(self.request): tenant_quota_update_cinder(request, project_id, **cinder_data) else: cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] if is_m1_user_admin(self.request): tenant_quota_update_neutron(request, project_id, **neutron_data) else: api.neutron.tenant_quota_update(request, project_id, **neutron_data)
def _update_project_quota(self, request, data, project_id): # Update the project quota. enabled_quota_groups = getattr(settings, 'ENABLED_QUOTA_GROUPS', {}) nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: if enabled_quota_groups.get('nova', True): nova.tenant_quota_update(request, project_id, **nova_data) if enabled_quota_groups.get('cinder', True): if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if enabled_quota_groups.get('neutron', True): if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.'))
def _update_project_quota(self, request, data, project_id): # update the project quota nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return False
def _update_project_quota(self, request, data, project_id): # Update the project quota. nova_data = dict( [(key, data[key]) for key in NOVA_QUOTA_FIELDS]) data['region_id'] = request.user.services_region try: nova.tenant_quota_update(request, project_id, region=data['region_id'], **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, region=data['region_id'], **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} for key in NEUTRON_QUOTA_FIELDS: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, region=data['region_id'], **neutron_data) except Exception: raise exceptions.handle(request, _('Unable to set project quotas.'))
def _update_project_quota(self, request, data, project_id): disabled_quotas = quotas.get_disabled_quotas(request) # Update the project quotas. if api.base.is_service_enabled(request, 'compute'): nova_data = {key: data[key] for key in set(quotas.NOVA_QUOTA_FIELDS) - disabled_quotas} nova.tenant_quota_update(request, project_id, **nova_data) if cinder.is_volume_service_enabled(request): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data)
def _update_project_quota(self, request, data, project_id): disabled_quotas = quotas.get_disabled_quotas(request) # Update the project quotas. if api.base.is_service_enabled(request, 'compute'): nova_data = { key: data[key] for key in quotas.NOVA_QUOTA_FIELDS - disabled_quotas } if nova_data: nova.tenant_quota_update(request, project_id, **nova_data) if cinder.is_volume_service_enabled(request): cinder_data = { key: data[key] for key in quotas.CINDER_QUOTA_FIELDS - disabled_quotas } if cinder_data: cinder.tenant_quota_update(request, project_id, **cinder_data) if (api.base.is_service_enabled(request, 'network') and api.neutron.is_quotas_extension_supported(request)): neutron_data = { key: data[key] for key in quotas.NEUTRON_QUOTA_FIELDS - disabled_quotas } if neutron_data: api.neutron.tenant_quota_update(request, project_id, **neutron_data)
def handle(self, request, data): # create the project domain_context = self.request.session.get('domain_context', None) try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_context) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: exceptions.handle(request, _('Failed to add %s project members ' 'and set project quotas.') % users_to_add) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): # create the project domain_context = self.request.session.get('domain_context', None) try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_context) except: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) # count how many users are to be added for role in available_roles: role_list = data["role_" + role.id] users_to_add += len(role_list) # add new users to project for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except: exceptions.handle( request, _('Failed to add %s project members ' 'and set project quotas.' % users_to_add)) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) except: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): # create the project try: desc = data['description'] self.object = api.keystone.tenant_create(request, tenant_name=data['name'], description=desc, enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) # count how many users are to be added for role in available_roles: role_list = data["role_" + role.id] users_to_add += len(role_list) # add new users to project for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user, role_id=role.id) users_added += 1 users_to_add -= users_added except: exceptions.handle(request, _('Failed to add %s project members ' 'and set project quotas.' % users_to_add)) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) except: exceptions.handle(request, _('Unable to set project quotas.')) return True
def _update_project_quota(self, request, data, project_id): disabled_quotas = quotas.get_disabled_quotas(request) # Update the project quotas. if api.base.is_service_enabled(request, 'compute'): nova_data = {key: data[key] for key in quotas.NOVA_QUOTA_FIELDS - disabled_quotas} if nova_data: nova.tenant_quota_update(request, project_id, **nova_data) if cinder.is_volume_service_enabled(request): cinder_data = {key: data[key] for key in quotas.CINDER_QUOTA_FIELDS - disabled_quotas} if cinder_data: cinder.tenant_quota_update(request, project_id, **cinder_data) if (api.base.is_service_enabled(request, 'network') and api.neutron.is_quotas_extension_supported(request)): neutron_data = {key: data[key] for key in quotas.NEUTRON_QUOTA_FIELDS - disabled_quotas} if neutron_data: api.neutron.tenant_quota_update(request, project_id, **neutron_data)
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] domain_id = '' # update project info try: project = api.keystone.tenant_update( request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) # Use the domain_id from the project if available domain_id = getattr(project, "domain_id", None) except Exception: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user(self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [role for role in current_roles if role.name.lower() == 'admin'] if len(admin_roles): removing_admin = any([role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle(request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % {'users_to_modify': users_to_modify, 'group_msg': group_msg}) return False if PROJECT_GROUP_ENABLED: # update project groups groups_to_modify = 0 member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) try: # Get the groups currently associated with this project so we # can diff against it. project_groups = api.keystone.group_list(request, domain=domain_id, project=project_id) groups_to_modify = len(project_groups) for group in project_groups: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_group( self.request, group=group.id, project=project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the group is in the list of groups with # this role. field_name = member_step.get_member_field_name(role.id) if group.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # group role has changed api.keystone.add_group_role( request, role=role.id, group=group.id, project=project_id) else: # Group role is unchanged, so remove it from # the remaining roles list to avoid removing it # later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Revoke any removed roles. for id_to_delete in current_role_ids: api.keystone.remove_group_role(request, role=id_to_delete, group=group.id, project=project_id) groups_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many groups may be added for error handling. groups_to_modify += len(data[field_name]) for role in available_roles: groups_added = 0 field_name = member_step.get_member_field_name(role.id) for group_id in data[field_name]: if not filter(lambda x: group_id == x.id, project_groups): api.keystone.add_group_role(request, role=role.id, group=group_id, project=project_id) groups_added += 1 groups_to_modify -= groups_added except Exception: exceptions.handle(request, _('Failed to modify %s project ' 'members, update project groups ' 'and update project quotas.') % groups_to_modify) return False # update the project quota nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return False
def handle(self, request, data): # create the project domain_id = data['domain_id'] try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_id) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s project ' 'members%(group_msg)s and set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle(request, _('Failed to add %s project groups ' 'and update project quotas.') % groups_to_add) # Update the project quota. nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [ role for role in api.keystone.roles_for_user( self.request, user.id, project_id) ] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota ifcb = data['injected_file_content_bytes'] try: # TODO(gabriel): Once nova-volume is fully deprecated the # "volumes" and "gigabytes" quotas should no longer be sent to # the nova API to be updated anymore. nova.tenant_quota_update( request, project_id, metadata_items=data['metadata_items'], injected_file_content_bytes=ifcb, volumes=data['volumes'], gigabytes=data['gigabytes'], ram=data['ram'], floating_ips=data['floating_ips'], instances=data['instances'], injected_files=data['injected_files'], cores=data['cores'], security_groups=data['security_groups'], security_group_rules=data['security_group_rules']) if is_service_enabled(request, 'volume'): cinder.tenant_quota_update(request, project_id, volumes=data['volumes'], gigabytes=data['gigabytes']) return True except: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user(self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the user is in the list of users with this role. if user.id in data["role_" + role.id]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [role for role in current_roles if role.name.lower() == 'admin'] if len(admin_roles): removing_admin = any([role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: # Count how many users may be added for exception handling. users_to_modify += len(data["role_" + role.id]) for role in available_roles: users_added = 0 for user_id in data["role_" + role.id]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle(request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] domain_id = '' # update project info try: project = api.keystone.tenant_update( request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) # Use the domain_id from the project if available domain_id = getattr(project, "domain_id", None) except Exception: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user(self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Check if the user is in the list of users with this role. if user.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [role for role in current_roles if role.name.lower() == 'admin'] if len(admin_roles): removing_admin = any([role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle(request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % {'users_to_modify': users_to_modify, 'group_msg': group_msg}) return False if PROJECT_GROUP_ENABLED: # update project groups groups_to_modify = 0 member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) try: # Get the groups currently associated with this project so we # can diff against it. project_groups = api.keystone.group_list(request, domain=domain_id, project=project_id) groups_to_modify = len(project_groups) for group in project_groups: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_group( self.request, group=group.id, project=project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the group is in the list of groups with # this role. field_name = member_step.get_member_field_name(role.id) if group.id in data[field_name]: # Add it if necessary if role.id not in current_role_ids: # group role has changed api.keystone.add_group_role( request, role=role.id, group=group.id, project=project_id) else: # Group role is unchanged, so remove it from # the remaining roles list to avoid removing it # later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Revoke any removed roles. for id_to_delete in current_role_ids: api.keystone.remove_group_role(request, role=id_to_delete, group=group.id, project=project_id) groups_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many groups may be added for error handling. groups_to_modify += len(data[field_name]) for role in available_roles: groups_added = 0 field_name = member_step.get_member_field_name(role.id) for group_id in data[field_name]: if not filter(lambda x: group_id == x.id, project_groups): api.keystone.add_group_role(request, role=role.id, group=group_id, project=project_id) groups_added += 1 groups_to_modify -= groups_added except Exception: exceptions.handle(request, _('Failed to modify %s project ' 'members, update project groups ' 'and update project quotas.' % groups_to_modify)) return False # update the project quota nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) return True except Exception: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return False
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [role for role in api.keystone.roles_for_user(self.request, user.id, project_id)] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle(request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota ifcb = data['injected_file_content_bytes'] try: # TODO(gabriel): Once nova-volume is fully deprecated the # "volumes" and "gigabytes" quotas should no longer be sent to # the nova API to be updated anymore. nova.tenant_quota_update(request, project_id, metadata_items=data['metadata_items'], injected_file_content_bytes=ifcb, volumes=data['volumes'], gigabytes=data['gigabytes'], ram=data['ram'], floating_ips=data['floating_ips'], instances=data['instances'], injected_files=data['injected_files'], cores=data['cores']) if is_service_enabled(request, 'volume'): cinder.tenant_quota_update(request, project_id, volumes=data['volumes'], gigabytes=data['gigabytes']) return True except: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): project_id = data["project_id"] # update project info try: api.keystone.tenant_update( request, tenant_id=project_id, tenant_name=data["name"], description=data["description"], enabled=data["enabled"], ) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [role for role in api.keystone.roles_for_user(self.request, user.id, project_id)] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id ) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if ( user.id == request.user.id and project_id == request.user.tenant_id and any(x.name == "admin" for x in current_roles) ): # Cannot remove "admin" role on current(admin) project msg = _( 'You cannot remove the "admin" role from the ' "project you are currently logged into. Please " "switch to another project with admin permissions " "or remove the role manually via the CLI" ) messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id ) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user_id, role_id=role.id ) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _("Failed to modify %s project members " "and update project quotas." % users_to_modify) ) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, "volume"): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) # jt # Update the image quota. Default quota is hard-coded. should be fixed. # Unfortunately these quotas values are always written when quotas are # changed as we don't have access to the pre-existing values. api.jt.set_image_quota(project_id, data["images"]) api.jt.set_expiration_date(project_id, data["expiration"]) api.jt.set_start_date(project_id, data["start_date"]) api.jt.set_dair_notice(project_id, data["dair_notice"]) api.jt.set_object_mb_quota(project_id, data["object_mb"]) api.jt.set_reseller_logo(project_id, data["reseller_logo"]) return True except: exceptions.handle( request, _("Modified project information and " "members, but unable to modify " "project quotas.") ) return True
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [ role for role in api.keystone.roles_for_user( self.request, user.id, project_id) ] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # create the project domain_id = data['domain_id'] try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_id) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added # jt # Make sure admin is added to the project as a ResellerAdmin users = api.keystone.user_list(request) admin_id = [user.id for user in users if user.name == 'admin'][0] reseller_admin_role_id = [role.id for role in available_roles if role.name == 'ResellerAdmin'][0] api.keystone.add_tenant_user_role(request, project=project_id, user=admin_id, role=reseller_admin_role_id) except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s ' 'project members%(group_msg)s and ' 'set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle(request, _('Failed to add %s project groups ' 'and update project quotas.' % groups_to_add)) # Update the project quota. nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = dict([(key, data[key]) for key in quotas.NEUTRON_QUOTA_FIELDS]) api.neutron.tenant_quota_update(request, project_id, **neutron_data) # jt if data['images'] != 5: api.jt.set_image_quota(project_id, data['images']) if data['expiration'] != 'Information not available.': api.jt.set_expiration_date(project_id, data['expiration']) if data['start_date'] != 'Information not available.': api.jt.set_start_date(project_id, data['start_date']) if data['dair_notice'] != '': api.jt.set_dair_notice(project_id, data['dair_notice']) if data['dair_notice_link'] != '': api.jt.set_dair_notice_link(project_id, data['dair_notice_link']) if data['object_mb'] != 204800: api.jt.set_object_mb_quota(project_id, data['object_mb']) if data['reseller_logo'] != 'Information not available.': api.jt.set_reseller_logo(project_id, data['reseller_logo']) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): # FIXME(gabriel): This should be refactored to use Python's built-in # sets and do this all in a single "roles to add" and "roles to remove" # pass instead of the multi-pass thing happening now. project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, project_id, name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: # Get our role options available_roles = api.keystone.role_list(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user( self.request, user.id, project_id) current_role_ids = [role.id for role in current_roles] for role in available_roles: # Check if the user is in the list of users with this role. if user.id in data["role_" + role.id]: # Add it if necessary if role.id not in current_role_ids: # user role has changed api.keystone.add_tenant_user_role( request, project=project_id, user=user.id, role=role.id) else: # User role is unchanged, so remove it from the # remaining roles list to avoid removing it later. index = current_role_ids.index(role.id) current_role_ids.pop(index) # Prevent admins from doing stupid things to themselves. is_current_user = user.id == request.user.id is_current_project = project_id == request.user.tenant_id admin_roles = [ role for role in current_roles if role.name.lower() == 'admin' ] if len(admin_roles): removing_admin = any( [role.id in current_role_ids for role in admin_roles]) else: removing_admin = False if is_current_user and is_current_project and removing_admin: # Cannot remove "admin" role on current(admin) project msg = _('You cannot revoke your administrative privileges ' 'from the project you are currently logged into. ' 'Please switch to another project with ' 'administrative privileges or remove the ' 'administrative role manually via the CLI.') messages.warning(request, msg) # Otherwise go through and revoke any removed roles. else: for id_to_delete in current_role_ids: api.keystone.remove_tenant_user_role( request, project=project_id, user=user.id, role=id_to_delete) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: # Count how many users may be added for exception handling. users_to_modify += len(data["role_" + role.id]) for role in available_roles: users_added = 0 for user_id in data["role_" + role.id]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle( request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle( request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def handle(self, request, data): # create the project try: desc = data['description'] self.object = api.keystone.tenant_create(request, tenant_name=data['name'], description=desc, enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) # count how many users are to be added for role in available_roles: role_list = data["role_" + role.id] users_to_add += len(role_list) # add new users to project for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user, role_id=role.id) users_added += 1 users_to_add -= users_added # jt # Make sure admin is added to the project as a ResellerAdmin users = api.keystone.user_list(request) admin_id = [user.id for user in users if user.name == 'admin'][0] reseller_admin_role_id = [ role.id for role in available_roles if role.name == 'ResellerAdmin' ][0] api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=admin_id, role_id=reseller_admin_role_id) except: exceptions.handle( request, _('Failed to add %s project members ' 'and set project quotas.' % users_to_add)) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) # jt # Update the custom quotas if data['images'] != 5: api.jt.set_image_quota(project_id, data['images']) if data['expiration'] != 'Information not available.': api.jt.set_expiration_date(project_id, data['expiration']) if data['start_date'] != 'Information not available.': api.jt.set_start_date(project_id, data['start_date']) if data['dair_notice'] != 'Information not available.': api.jt.set_dair_notice(project_id, data['dair_notice']) if data['object_mb'] != 204800: api.jt.set_object_mb_quota(project_id, data['object_mb']) if data['reseller_logo'] != 'Information not available.': api.jt.set_reseller_logo(project_id, data['reseller_logo']) except: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): project_id = data['project_id'] # update project info try: api.keystone.tenant_update(request, tenant_id=project_id, tenant_name=data['name'], description=data['description'], enabled=data['enabled']) except: exceptions.handle(request, ignore=True) return False # update project members users_to_modify = 0 try: available_roles = api.keystone.role_list(request) project_members = api.keystone.user_list(request, tenant_id=project_id) users_to_modify = len(project_members) for user in project_members: current_roles = [role for role in api.keystone.roles_for_user(self.request, user.id, project_id)] effective_roles = [] for role in available_roles: role_list = data["role_" + role.id] if user.id in role_list: effective_roles.append(role) if role not in current_roles: # user role has changed api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=role.id) else: # user role is unchanged current_roles.pop(current_roles.index(role)) if user.id == request.user.id and \ project_id == request.user.tenant_id and \ any(x.name == 'admin' for x in current_roles): # Cannot remove "admin" role on current(admin) project msg = _('You cannot remove the "admin" role from the ' 'project you are currently logged into. Please ' 'switch to another project with admin permissions ' 'or remove the role manually via the CLI') messages.warning(request, msg) else: # delete user's removed roles for to_delete in current_roles: api.keystone.remove_tenant_user_role( request, tenant_id=project_id, user_id=user.id, role_id=to_delete.id) users_to_modify -= 1 # add new roles to project for role in available_roles: # count how many users may be added for exception handling role_list = data["role_" + role.id] users_to_modify += len(role_list) for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user_id in role_list: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user_id, role_id=role.id) users_added += 1 users_to_modify -= users_added except: exceptions.handle(request, _('Failed to modify %s project members ' 'and update project quotas.' % users_to_modify)) return True # update the project quota nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) return True except: exceptions.handle(request, _('Modified project information and ' 'members, but unable to modify ' 'project quotas.')) return True
def _tenant_quota_update(self, request, project_id, data): nova.tenant_quota_update(request, project_id, **data)
def handle(self, request, data): # create the project domain_id = data['domain_id'] try: desc = data['description'] self.object = api.keystone.tenant_create(request, name=data['name'], description=desc, enabled=data['enabled'], domain=domain_id) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s ' 'project members%(group_msg)s and ' 'set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle(request, _('Failed to add %s project groups ' 'and update project quotas.' % groups_to_add)) # Update the project quota. nova_data = dict( [(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if base.is_service_enabled(request, 'volume'): cinder_data = dict([(key, data[key]) for key in quotas.CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) if api.base.is_service_enabled(request, 'network') and \ api.neutron.is_quotas_extension_supported(request): neutron_data = {} disabled_quotas = quotas.get_disabled_quotas(request) for key in quotas.NEUTRON_QUOTA_FIELDS: if key not in disabled_quotas: neutron_data[key] = data[key] api.neutron.tenant_quota_update(request, project_id, **neutron_data) except Exception: exceptions.handle(request, _('Unable to set project quotas.')) return True
def handle(self, request, data): # create the project domain_context = self.request.session.get("domain_context", None) try: desc = data["description"] self.object = api.keystone.tenant_create( request, name=data["name"], description=desc, enabled=data["enabled"], domain=domain_context ) except Exception: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle( request, _("Failed to add %(users_to_add)s " "project members%(group_msg)s and " "set project quotas.") % {"users_to_add": users_to_add, "group_msg": group_msg}, ) if PROJECT_GROUP_ENABLED: # update project groups groups_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG) # count how many groups are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_to_add += len(role_list) # add new groups to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] groups_added = 0 for group in role_list: api.keystone.add_group_role(request, role=role.id, group=group, project=project_id) groups_added += 1 groups_to_add -= groups_added except Exception: exceptions.handle( request, _("Failed to add %s project groups " "and update project quotas." % groups_to_add) ) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, "volume"): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) except Exception: exceptions.handle(request, _("Unable to set project quotas.")) return True
def handle(self, request, data): # create the project try: desc = data["description"] self.object = api.keystone.tenant_create( request, tenant_name=data["name"], description=desc, enabled=data["enabled"] ) except: exceptions.handle(request, ignore=True) return False project_id = self.object.id # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) # count how many users are to be added for role in available_roles: role_list = data["role_" + role.id] users_to_add += len(role_list) # add new users to project for role in available_roles: role_list = data["role_" + role.id] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, tenant_id=project_id, user_id=user, role_id=role.id) users_added += 1 users_to_add -= users_added # jt # Make sure admin is added to the project as a ResellerAdmin users = api.keystone.user_list(request) admin_id = [user.id for user in users if user.name == "admin"][0] reseller_admin_role_id = [role.id for role in available_roles if role.name == "ResellerAdmin"][0] api.keystone.add_tenant_user_role( request, tenant_id=project_id, user_id=admin_id, role_id=reseller_admin_role_id ) except: exceptions.handle(request, _("Failed to add %s project members " "and set project quotas." % users_to_add)) # Update the project quota. nova_data = dict([(key, data[key]) for key in NOVA_QUOTA_FIELDS]) try: nova.tenant_quota_update(request, project_id, **nova_data) if is_service_enabled(request, "volume"): cinder_data = dict([(key, data[key]) for key in CINDER_QUOTA_FIELDS]) cinder.tenant_quota_update(request, project_id, **cinder_data) # jt # Update the custom quotas if data["images"] != 5: api.jt.set_image_quota(project_id, data["images"]) if data["expiration"] != "Information not available.": api.jt.set_expiration_date(project_id, data["expiration"]) if data["start_date"] != "Information not available.": api.jt.set_start_date(project_id, data["start_date"]) if data["dair_notice"] != "Information not available.": api.jt.set_dair_notice(project_id, data["dair_notice"]) if data["object_mb"] != 204800: api.jt.set_object_mb_quota(project_id, data["object_mb"]) if data["reseller_logo"] != "Information not available.": api.jt.set_reseller_logo(project_id, data["reseller_logo"]) except: exceptions.handle(request, _("Unable to set project quotas.")) return True