def test_project_stats_work(self): tcs = self._fake_client_set_factory() tenant = doubles.make(self.mox, doubles.Tenant, id=u'pid', name=u'test project') self.fake_client_set.identity_admin.tenants.get(u'pid') \ .AndReturn(tenant) self.fake_client_set.identity_admin.tenants.list_users(u'pid') \ .AndReturn(range(42)) auth.client_set_for_tenant(u'pid', fallback_to_api=True) \ .AndReturn(tcs) tcs.compute.servers.list().AndReturn(range(3)) tcs.image.images.list().AndReturn([]) expected = { u'project': { u'id': u'pid', u'href': u'/v1/projects/pid', u'name': u'test project' }, u'members': 42, u'instances': 3, u'local-images': 0, u'total-images': 0, u'href': u'/v1/stats/by-project/pid' } self.mox.ReplayAll() rv = self.client.get('/v1/stats/by-project/pid') data = self.check_and_parse_response(rv) self.assertEquals(data, expected)
def test_project_stats_work(self): tcs = self._fake_client_set_factory() tenant = doubles.make(self.mox, doubles.Tenant, id=u'pid', name=u'test project') self.fake_client_set.identity_admin.tenants.get(u'pid') \ .AndReturn(tenant) self.fake_client_set.identity_admin.tenants.list_users(u'pid') \ .AndReturn(range(42)) auth.client_set_for_tenant(u'pid', fallback_to_api=True) \ .AndReturn(tcs) tcs.compute.servers.list().AndReturn(range(3)) tcs.image.images.list().AndReturn([]) expected = { u'project': { u'id': u'pid', u'href': u'/v1/projects/pid', u'name': u'test project' }, u'members': 42, u'instances': 3, u'local-images': 0, u'total-images': 0, u'href': u'/v1/stats/by-project/pid' } self.mox.ReplayAll() rv = self.client.get('/v1/stats/by-project/pid') data = self.check_and_parse_response(rv) self.assertEquals(data, expected)
def test_bound_client_user(self): # pretend we have unbound client set: self.fake_client_set.http_client.access['user']['roles'] = [] tenants = [doubles.make(self.mox, doubles.Tenant, id='PID1'), doubles.make(self.mox, doubles.Tenant, id='PID2')] self.fake_client_set.identity_public.tenants.list() \ .AndReturn(tenants) auth.client_set_for_tenant('PID1').AndReturn('FAKE_CS') self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() self.assertEquals(auth.bound_client_set(), 'FAKE_CS')
def create_fw_rule(fw_rule_set_id): data = parse_request_data(_SCHEMA.allowed, _SCHEMA.required) protocol = data['protocol'] if protocol not in ('TCP', 'UDP', 'ICMP'): raise exc.InvalidElementValue('protocol', 'string', protocol, 'Protocol must be one of ' '"TCP", "UDP" or "ICMP"') sg = _get_security_group(fw_rule_set_id) from_port = data.get('port-range-first', -1) to_port = data.get('port-range-last', from_port) client = auth.client_set_for_tenant(sg.tenant_id, fallback_to_api=g.is_admin, eperm_status=404) try: rule = client.compute.security_group_rules.create( parent_group_id=fw_rule_set_id, ip_protocol=protocol.lower(), from_port=from_port, to_port=to_port, cidr=data['source']) except osc_exc.NotFound: abort(404) set_audit_resource_id(rule) return make_json_response(_fw_rule_object_to_view(rule))
def create_image(): data = parse_request_data(_SCHEMA.create_allowed, _SCHEMA.create_required) is_public = data.get('global', 'project' not in data) if is_public: _assert_param_absent('project', data, 'public') auth.assert_admin() client_set = g.client_set else: if 'project' not in data: raise exc.MissingElement('project') client_set = auth.client_set_for_tenant(data['project']) props = {} if data['disk-format'] == 'ami': # TODO(imelnikov): check that images have correct types if 'kernel' in data: props['kernel_id'] = data['kernel'] if 'ramdisk' in data: props['ramdisk_id'] = data['ramdisk'] else: _assert_param_absent('kernel', data, data['disk-format']) _assert_param_absent('ramdisk', data, data['disk-format']) image = client_set.image.images.create( name=data['name'], disk_format=data['disk-format'], container_format=data['container-format'], is_public=is_public, properties=props) set_audit_resource_id(image) return make_json_response(_image_to_view(image))
def test_bound_client_user(self): # pretend we have unbound client set: self.fake_client_set.http_client.access['user']['roles'] = [] tenants = [ doubles.make(self.mox, doubles.Tenant, id='PID1'), doubles.make(self.mox, doubles.Tenant, id='PID2') ] self.fake_client_set.identity_public.tenants.list() \ .AndReturn(tenants) auth.client_set_for_tenant('PID1').AndReturn('FAKE_CS') self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() self.assertEquals(auth.bound_client_set(), 'FAKE_CS')
def create_image(): data = parse_request_data(_SCHEMA.create_allowed, _SCHEMA.create_required) is_public = data.get('global', 'project' not in data) if is_public: _assert_param_absent('project', data, 'public') auth.assert_admin() client_set = g.client_set else: if 'project' not in data: raise exc.MissingElement('project') client_set = auth.client_set_for_tenant(data['project']) props = {} if data['disk-format'] == 'ami': # TODO(imelnikov): check that images have correct types if 'kernel' in data: props['kernel_id'] = data['kernel'] if 'ramdisk' in data: props['ramdisk_id'] = data['ramdisk'] else: _assert_param_absent('kernel', data, data['disk-format']) _assert_param_absent('ramdisk', data, data['disk-format']) image = client_set.image.images.create( name=data['name'], disk_format=data['disk-format'], container_format=data['container-format'], is_public=is_public, properties=props) set_audit_resource_id(image) return make_json_response(_image_to_view(image))
def create_fw_rule(fw_rule_set_id): data = parse_request_data(_SCHEMA.allowed, _SCHEMA.required) protocol = data['protocol'] if protocol not in ('TCP', 'UDP', 'ICMP'): raise exc.InvalidElementValue( 'protocol', 'string', protocol, 'Protocol must be one of ' '"TCP", "UDP" or "ICMP"') sg = _get_security_group(fw_rule_set_id) from_port = data.get('port-range-first', -1) to_port = data.get('port-range-last', from_port) client = auth.client_set_for_tenant(sg.tenant_id, fallback_to_api=g.is_admin, eperm_status=404) try: rule = client.compute.security_group_rules.create( parent_group_id=fw_rule_set_id, ip_protocol=protocol.lower(), from_port=from_port, to_port=to_port, cidr=data['source']) except osc_exc.NotFound: abort(404) set_audit_resource_id(rule) return make_json_response(_fw_rule_object_to_view(rule))
def create_fw_rule_set(): data = parse_request_data(_SCHEMA.allowed, _SCHEMA.required) tcs = client_set_for_tenant(data['project'], eperm_status=404, fallback_to_api=g.is_admin) sg = tcs.compute.security_groups.create( name=data['name'], description=data.get('description', '')) set_audit_resource_id(sg) return make_json_response(_sg_to_view(sg))
def remove_instance_fw_rule_set(instance_id, set_id): server = fetch_instance(instance_id) sg = _find_sg_on_server(instance_id, set_id) tcs = client_set_for_tenant(server.tenant_id, fallback_to_api=g.is_admin) try: tcs.compute.servers.remove_security_group(server, sg.name) except osc_exc.BadRequest, e: raise exc.InvalidRequest(str(e))
def remove_instance_fw_rule_set(instance_id, set_id): server = fetch_instance(instance_id) sg = _find_sg_on_server(instance_id, set_id) tcs = client_set_for_tenant(server.tenant_id, fallback_to_api=g.is_admin) try: tcs.compute.servers.remove_security_group(server, sg.name) except osc_exc.BadRequest, e: raise exc.InvalidRequest(str(e))
def test_client_set_for_tenant_works(self): tcs = self._fake_client_set_factory() self.mock_client_set().AndReturn(tcs) tcs.http_client.authenticate() self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() cs = auth.client_set_for_tenant('PID') self.assertEquals(cs, tcs)
def test_client_set_for_tenant_works(self): tcs = self._fake_client_set_factory() self.mock_client_set().AndReturn(tcs) tcs.http_client.authenticate() self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() cs = auth.client_set_for_tenant('PID') self.assertEquals(cs, tcs)
def create_fw_rule_set(): data = parse_request_data(_SCHEMA.allowed, _SCHEMA.required) tcs = client_set_for_tenant(data['project'], eperm_status=404, fallback_to_api=g.is_admin) sg = tcs.compute.security_groups.create(name=data['name'], description=data.get( 'description', '')) set_audit_resource_id(sg) return make_json_response(_sg_to_view(sg))
def _images_for_tenant(tenant_id, is_public): try: tenant = auth.admin_client_set().identity_admin \ .tenants.get(tenant_id) except osc_exc.NotFound: return [] # consistent with project:eq client = auth.client_set_for_tenant(tenant_id, fallback_to_api=g.is_admin) image_list = client.image.images.list(filters={'is_public': is_public}) return [_image_to_view(image, tenant) for image in image_list]
def test_client_set_for_tenant_fallback(self): tcs = self._fake_client_set_factory() self.mock_client_set().AndReturn(tcs) tcs.http_client.authenticate()\ .AndRaise(Unauthorized('denied')) auth.api_client_set('PID').AndReturn('REPLY') self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() result = auth.client_set_for_tenant('PID', fallback_to_api=True) self.assertEquals('REPLY', result)
def _images_for_tenant(tenant_id, is_public): try: tenant = auth.admin_client_set().identity_admin \ .tenants.get(tenant_id) except osc_exc.NotFound: return [] # consistent with project:eq client = auth.client_set_for_tenant(tenant_id, fallback_to_api=g.is_admin) image_list = client.image.images.list( filters={'is_public': is_public}) return [_image_to_view(image, tenant) for image in image_list]
def test_client_set_for_tenant_fallback(self): tcs = self._fake_client_set_factory() self.mock_client_set().AndReturn(tcs) tcs.http_client.authenticate()\ .AndRaise(Unauthorized('denied')) auth.api_client_set('PID').AndReturn('REPLY') self.mox.ReplayAll() with self.app.test_request_context(): self.install_fake_auth() result = auth.client_set_for_tenant('PID', fallback_to_api=True) self.assertEquals('REPLY', result)
def _servers_for_user(): project_id = get_matcher_argument("project", "eq") if project_id is not None: projects = (project_id,) else: projects = get_matcher_argument("project", "in") result = [] for project_id in current_user_project_ids(): if projects is None or project_id in projects: cs = client_set_for_tenant(project_id) result.extend(cs.compute.servers.list()) return result
def list_fw_rule_sets(): parse_collection_request(_SCHEMA) if g.my_projects: tenants = g.client_set.identity_public.tenants.list() else: tenants = admin_client_set().identity_admin.tenants.list() result = [] for tenant in tenants: if tenant.name != app.config['SYSTENANT']: tcs = client_set_for_tenant(tenant.id, fallback_to_api=g.is_admin) for sg in tcs.compute.security_groups.list(): result.append(_sg_to_view(sg, tenant.name)) return make_collection_response(u'fw-rule-sets', result)
def list_fw_rule_sets(): parse_collection_request(_SCHEMA) if g.my_projects: tenants = g.client_set.identity_public.tenants.list() else: tenants = admin_client_set().identity_admin.tenants.list() result = [] for tenant in tenants: if tenant.name != app.config['SYSTENANT']: tcs = client_set_for_tenant(tenant.id, fallback_to_api=g.is_admin) for sg in tcs.compute.security_groups.list(): result.append(_sg_to_view(sg, tenant.name)) return make_collection_response(u'fw-rule-sets', result)
def add_instance_fw_rule_set(instance_id): server = fetch_instance(instance_id) set_id = parse_request_data(required=_SCHEMA.required)['id'] set_audit_resource_id(set_id) try: sg = admin_client_set().compute.security_groups.get(set_id) except osc_exc.NotFound: raise exc.InvalidElementValue('id', 'string', set_id, 'Security group does not exist') tcs = client_set_for_tenant(server.tenant_id, fallback_to_api=g.is_admin) try: tcs.compute.servers.add_security_group(server, sg.name) except osc_exc.BadRequest, e: raise exc.InvalidRequest(str(e))
def add_instance_fw_rule_set(instance_id): server = fetch_instance(instance_id) set_id = parse_request_data(required=_SCHEMA.required)['id'] set_audit_resource_id(set_id) try: sg = admin_client_set().compute.security_groups.get(set_id) except osc_exc.NotFound: raise exc.InvalidElementValue('id', 'string', set_id, 'Security group does not exist') tcs = client_set_for_tenant(server.tenant_id, fallback_to_api=g.is_admin) try: tcs.compute.servers.add_security_group(server, sg.name) except osc_exc.BadRequest, e: raise exc.InvalidRequest(str(e))
def get_project_stats(project_id): tenant = get_tenant(project_id) acs = auth.admin_client_set() users = acs.identity_admin.tenants.list_users(tenant.id) tcs = auth.client_set_for_tenant(project_id, fallback_to_api=g.is_admin) servers = tcs.compute.servers.list() images = tcs.image.images.list() local_images = [image for image in images if image.owner == tenant.id] return make_json_response({ u'project': link_for_tenant(tenant), u'instances': len(servers), u'members': len(users), u'local-images': len(local_images), u'total-images': len(images), 'href': url_for('stats.get_project_stats', project_id=tenant.id) })
def create_instance(): data = parse_request_data(_SCHEMA.create_allowed, _SCHEMA.create_required) tcs = client_set_for_tenant(data["project"]) security_groups = _security_group_ids_to_names(data.get("fw-rule-sets"), tcs.compute.security_groups) try: server = tcs.compute.servers.create( name=data["name"], image=data["image"], flavor=data["instance-type"], security_groups=security_groups, key_name=data.get("ssh-key-pair"), admin_pass=data.get("admin-pass"), ) if "expires-at" in data or "remind-at" in data: InstanceDataDAO.create(server.id, expires_at=data.get("expires-at"), remind_at=data.get("remind-at")) except osc_exc.OverLimit, e: return make_json_response( status_code=403, data={"path": request.path, "method": request.method, "message": "Limits exceeded (%s)" % str(e)}, )
def get_project_stats(project_id): tenant = get_tenant(project_id) acs = auth.admin_client_set() users = acs.identity_admin.tenants.list_users(tenant.id) tcs = auth.client_set_for_tenant(project_id, fallback_to_api=g.is_admin) servers = tcs.compute.servers.list() images = tcs.image.images.list() local_images = [image for image in images if image.owner == tenant.id] return make_json_response({ u'project': link_for_tenant(tenant), u'instances': len(servers), u'members': len(users), u'local-images': len(local_images), u'total-images': len(images), 'href': url_for('stats.get_project_stats', project_id=tenant.id) })