예제 #1
0
def create_gateway(volume_id, email, gateway_type, gateway_name, host, port,
                   **kwargs):
    if "encryption_password" in kwargs.keys():
        del kwargs['encryption_password']

    # verify gateway type...
    if gateway_type not in [GATEWAY_TYPE_UG, GATEWAY_TYPE_RG, GATEWAY_TYPE_AG]:
        raise Exception("Unrecognized Gateway type %s" % gateway_type)

    gateway_type_str = GATEWAY_TYPE_TO_STR[gateway_type]

    caller_user = _check_authenticated(kwargs)

    # user and volume must both exist
    user, volume = _read_user_and_volume(email, volume_id)

    if user == None:
        raise Exception("No such user '%s'" % email)

    if (volume == None or volume.deleted):
        raise Exception("No such volume '%s'" % volume_id)

    # if the caller user doesn't own this Volume (or isn't an admin), (s)he must have a valid access request
    if not caller_user.is_admin and caller_user.owner_id != volume.owner_id:

        # caller user must be the same as the user
        if caller_user.owner_id != user.owner_id:
            raise Exception("Caller can only create gateways for itself.")

        # if the volume is not public, then there needs to be a volume access request that is granted to this user.
        if not volume.private:

            # check access status
            access_request = VolumeAccessRequest.GetAccess(
                user.owner_id, volume.volume_id)

            if access_request == None:
                # user has not been given permission to access this volume
                raise Exception(
                    "User '%s' is not allowed to access Volume '%s'" %
                    (caller_user.email, volume.name))

            if access_request.status != VolumeAccessRequest.STATUS_GRANTED:
                # user has not been given permission to create a gateway here
                raise Exception(
                    "User '%s' is not allowed to create a Gateway in Volume '%s'"
                    % (caller_user.email, volume.name))

            else:
                # verify caps
                requested_caps = kwargs.get("caps", None)
                if requested_caps is not None and requested_caps != access_request.gateway_caps:
                    raise Exception(
                        "User '%s' is not allowed to set Gateway capabilities '%s'"
                        % requested_caps)

                # verify the caller is allowed to create this kind of gateway
                if not access_request.is_gateway_type_allowed(gateway_type):
                    raise Exception(
                        "User '%s' is not allowed to create %s Gateways" %
                        (gateway_type_str))

        # user is allowed to create this gateway in this Volume...

    # verify quota
    gateway_quota = user.get_gateway_quota(gateway_type)

    if gateway_quota == 0:
        gateway_type_str = GATEWAY_TYPE_TO_STR[gateway_type]
        raise Exception("User '%s' cannot own %s Gateways" %
                        (email, gateway_type_str))

    if gateway_quota > 0:
        gateway_ids = list_gateways_by_user(user.email,
                                            caller_user=user,
                                            keys_only=True)
        if len(gateway_ids) > gateway_quota:
            gateway_type_str = GATEWAY_TYPE_TO_STR[gateway_type]
            raise Exception(
                "User '%s' has exceeded quota (%s) for %s Gateways" %
                (email, gateway_quota, gateway_type_str))

    gateway_key = Gateway.Create(user,
                                 volume,
                                 gateway_type=gateway_type,
                                 name=gateway_name,
                                 host=host,
                                 port=port,
                                 **kwargs)
    gw = gateway_key.get()

    # reversion volume cert?
    if gw is not None:
        storagetypes.deferred.defer(Volume.Reversion, volume_id)

    return gw
예제 #2
0
        if writer_gateways_qry.count() > 0:
            # there's already a writer
            raise Exception("Archive volume '%s' already has a writer" %
                            (volume.name))

    # sanity check: name can't be numeric
    tmp = None
    try:
        tmp = int(gateway_name)
    except:
        pass

    if tmp is not None:
        raise Exception("Invalid gateway name: cannot be numeric")

    gateway_key = Gateway.Create(user, volume, gateway_cert, driver_text)

    # put cert bundle as well
    if cert_bundle is not None:
        rc = VolumeCertBundle.Put(volume_id, cert_bundle_bin)
        if not rc:
            raise Exception("Invalid volume cert bundle")

    gw = gateway_key.get()

    return gw


# ----------------------------------
def read_gateway(g_name_or_id):
    return Gateway.Read(g_name_or_id)