def create_project():
data = parse_request_data(_SCHEMA.allowed, _SCHEMA.create_required)
# first, check network
networks = g.client_set.compute.networks
network_id = data['network']
try:
net = networks.get(data['network'])
except osc_exc.NotFound:
raise exc.InvalidElementValue('network', 'link object', network_id,
'Network does not exist.')
if net.project_id is not None:
raise exc.InvalidElementValue('network', 'link object', network_id,
'Network is already used.')
tenant = g.client_set.identity_admin.tenants.create(
data['name'], data.get('description', ''))
set_audit_resource_id(tenant)
try:
networks.associate(net.id, tenant.id)
except osc_exc.BadRequest:
tenant.delete()
raise exc.InvalidRequest('Failed to associate network %r '
'with created project' % data['network'])
_set_quota(tenant.id, data)
result = _project_to_view(tenant, networks.get(net.id),
_quotaset_for_project(tenant.id))
return make_json_response(result)
def create_fw_rule(fw_rule_set_id):
data = parse_request_data(_SCHEMA.allowed, _SCHEMA.required)
protocol = data['protocol']
if protocol not in ('TCP', 'UDP', 'ICMP'):
raise exc.InvalidElementValue(
'protocol', 'string', protocol, 'Protocol must be one of '
'"TCP", "UDP" or "ICMP"')
sg = _get_security_group(fw_rule_set_id)
from_port = data.get('port-range-first', -1)
to_port = data.get('port-range-last', from_port)
client = auth.client_set_for_tenant(sg.tenant_id,
fallback_to_api=g.is_admin,
eperm_status=404)
try:
rule = client.compute.security_group_rules.create(
parent_group_id=fw_rule_set_id,
ip_protocol=protocol.lower(),
from_port=from_port,
to_port=to_port,
cidr=data['source'])
except osc_exc.NotFound:
abort(404)
set_audit_resource_id(rule)
return make_json_response(_fw_rule_object_to_view(rule))
def _get_user(user_id):
try:
return g.client_set.identity_admin.users.get(user_id)
except osc_exc.NotFound:
raise exc.InvalidElementValue(
'id', 'link object', user_id,
'User with id %r does not exist' % user_id)
def _render_link_template(template, code):
link = template.replace('{{code}}', code)
if '{{' in link or '{%' in link:
# any other template construction are not allowed
raise exc.InvalidElementValue('link-template', 'string', template,
'Unsupported template construction')
return link
def _add_user_to_projects(user, projects):
if not projects:
return
auth.assert_admin()
role_id = member_role_id()
for project in projects:
try:
g.client_set.identity_admin.roles.add_user_role(user=user,
role=role_id,
tenant=project)
except osc_exc.NotFound:
raise exc.InvalidElementValue('projects', 'link object', project,
'Project does not exist')
def add_instance_fw_rule_set(instance_id):
server = fetch_instance(instance_id)
set_id = parse_request_data(required=_SCHEMA.required)['id']
set_audit_resource_id(set_id)
try:
sg = admin_client_set().compute.security_groups.get(set_id)
except osc_exc.NotFound:
raise exc.InvalidElementValue('id', 'string', set_id,
'Security group does not exist')
tcs = client_set_for_tenant(server.tenant_id, fallback_to_api=g.is_admin)
try:
tcs.compute.servers.add_security_group(server, sg.name)
except osc_exc.BadRequest, e:
raise exc.InvalidRequest(str(e))
def _illegal_element(self, value, reason=None):
raise exc.InvalidElementValue(self.name, self.typename, value, reason)