def get_fw_rule_set(fw_rule_set_id): try: sg = g.client_set.compute.security_groups.get(fw_rule_set_id) except osc_exc.NotFound: abort(404) assert_admin_or_project_user(sg.tenant_id, eperm_status=404) return make_json_response(_sg_to_view(sg))
def fetch_instance(instance_id): try: instance = admin_client_set().compute.servers.get(instance_id) except osc_exc.NotFound: abort(404) assert_admin_or_project_user(instance.tenant_id, eperm_status=404) return instance
def _project_users_list(project_id): assert_admin_or_project_user(project_id, eperm_status=404) if project_id == default_tenant_id(): abort(404) try: return admin_client_set().identity_admin.tenants.list_users(project_id) except osc_exc.NotFound: abort(404)
def _get_security_group(sg_id): try: sg = auth.admin_client_set().compute.security_groups.get(sg_id) except osc_exc.NotFound: abort(404) auth.assert_admin_or_project_user(sg.tenant_id, eperm_status=404) # TODO(imelnikov): do we need to check if group belongs to systenant? return sg
def delete_fw_rule_set(fw_rule_set_id): try: sg = admin_client_set().compute.security_groups.get(fw_rule_set_id) assert_admin_or_project_user(sg.tenant_id, eperm_status=404) sg.delete() except osc_exc.NotFound: abort(404) set_audit_resource_id(sg) return make_json_response(None, status_code=204)
def _security_groups_for_server(instance_id): try: result = admin_client_set().compute.security_groups._list( '/servers/%s/os-security-groups' % instance_id, 'security_groups') except osc_exc.HttpException: fetch_instance(instance_id) # check that server exists and is visible raise # if server exists, re-raise: it was other error if not result: fetch_instance(instance_id) # check that server exists and is visible else: assert_admin_or_project_user(result[0].tenant_id, eperm_status=404) return result
def _fetch_image(image_id, to_modify): try: image = auth.admin_client_set().image.images.get(image_id) except osc_exc.NotFound: abort(404) # NOTE(imelnikov): yes, glance may return False as string if image.deleted and image.deleted != 'False': abort(404) if image.owner == auth.default_tenant_id(): if to_modify: auth.assert_admin() else: auth.assert_admin_or_project_user(image.owner) return image