def project_users_list(request, project_id): if request.method == 'GET': keystone_client = get_keystone_admin_auth() users = keystone_client.users.list() roles = keystone_client.roles.list() for role in roles: if role.name == 'user': user_role_id = role.id break role_assignments = keystone_client.role_assignments.list() valid_users = list() for ra in role_assignments: if hasattr(ra, 'user') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \ and ra.role['id'] == user_role_id: valid_users.append(ra.user['id']) user_list = list() for user in users: if user.id in valid_users: user_data = {} user_data['id'] = user.id user_data['name'] = user.name user_list.append(user_data) return JSONResponse(user_list, status=status.HTTP_200_OK) return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def project_groups_list(request, project_id): if request.method == 'GET': keystone_client = keystone_client = get_keystone_admin_auth() groups = keystone_client.groups.list() roles = keystone_client.roles.list() for role in roles: if role.name == 'user': user_role_id = role.id break role_assignments = keystone_client.role_assignments.list() valid_groups = list() for ra in role_assignments: if hasattr(ra, 'group') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \ and ra.role['id'] == user_role_id: valid_groups.append(ra.group['id']) groups_list = list() for group in groups: if group.id in valid_groups: group_data = {} group_data['id'] = group.id group_data['name'] = group.name groups_list.append(group_data) return JSONResponse(groups_list, status=status.HTTP_200_OK) return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def process_request(request): # Example of the django logging # logger.info('Remote address: ' + str(request.META['REMOTE_ADDR'])) # logger.info('User agent: ' + str(request.META['HTTP_USER_AGENT'])) # logger.info('X-Auth-Token: ' + str(request.META['HTTP_X_AUTH_TOKEN'])) if 'HTTP_X_AUTH_TOKEN' in request.META: token = request.META['HTTP_X_AUTH_TOKEN'] else: return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED) is_admin = False now = timezone.now() if token not in valid_tokens: keystone_client = get_keystone_admin_auth() try: token_data = keystone_client.tokens.validate(token) except exceptions.base.ClientException: return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED) for role in token_data['roles']: if role['name'] == 'admin': is_admin = True if token_data.expires > now and is_admin: valid_tokens[token] = token_data.expires return None else: token_expiration = valid_tokens[token] if token_expiration > now: return None else: valid_tokens.pop(token, None) return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED)
def projects(request, project_id=None): """ GET: List all projects ordered by name PUT: Save a project (enable) DELETE: Delete a project (disable) POST: Check if a project exist or is enabled """ try: r = get_redis_connection() except RedisError: return JSONResponse('Error connecting with DB', status=status.HTTP_500_INTERNAL_SERVER_ERROR) if request.method == 'GET': enabled_projects = r.lrange('projects_crystal_enabled', 0, -1) return JSONResponse(enabled_projects, status=status.HTTP_200_OK) if request.method == 'PUT': project_list = get_project_list() project_name = project_list[project_id] if project_name == settings.MANAGEMENT_ACCOUNT: return JSONResponse("Management project could not be set as Crystal project", status=status.HTTP_400_BAD_REQUEST) try: # Set Manager as admin of the Crystal Project keystone_client = get_keystone_admin_auth() admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(keystone_client) keystone_client.roles.grant(role=admin_role_id, user=admin_user_id, project=project_id) keystone_client.roles.grant(role=reseller_admin_role_id, user=admin_user_id, project=project_id) # Post Storlet and Dependency containers url, token = get_swift_url_and_token(project_name) swift_client.put_container(url, token, ".storlet") swift_client.put_container(url, token, ".dependency") headers = {'X-Account-Meta-Crystal-Enabled': True, 'X-Account-Meta-Storlet-Enabled': True} swift_client.post_account(url, token, headers) # Create project docker image create_docker_image(r, project_id) r.lpush('projects_crystal_enabled', project_id) return JSONResponse("Crystal Project correctly enabled", status=status.HTTP_201_CREATED) except: return JSONResponse("Error Enabling Crystal Project", status=status.HTTP_400_BAD_REQUEST) if request.method == 'DELETE': try: project_list = get_project_list() project_name = project_list[project_id] # Delete Storlet and Dependency containers try: url, token = get_swift_url_and_token(project_name) headers = {'X-Account-Meta-Crystal-Enabled': '', 'X-Account-Meta-Storlet-Enabled': ''} swift_client.post_account(url, token, headers) swift_client.delete_container(url, token, ".storlet") swift_client.delete_container(url, token, ".dependency") except: pass # Delete Manager as admin of the Crystal Project keystone_client = get_keystone_admin_auth() admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(keystone_client) try: keystone_client.roles.revoke(role=admin_role_id, user=admin_user_id, project=project_id) keystone_client.roles.revoke(role=reseller_admin_role_id, user=admin_user_id, project=project_id) except: pass # Delete project docker image delete_docker_image(r, project_id) r.lrem('projects_crystal_enabled', project_id) return JSONResponse("Crystal project correctly disabled.", status=status.HTTP_201_CREATED) except RedisError: return JSONResponse("Error inserting data", status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': enabled_projects = r.lrange('projects_crystal_enabled', 0, -1) if project_id in enabled_projects: return JSONResponse(project_id, status=status.HTTP_200_OK) return JSONResponse('The project with id: ' + str(project_id) + ' does not exist.', status=status.HTTP_404_NOT_FOUND) return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def projects(request, project_id=None): """ GET: List all projects ordered by name PUT: Save a project (enable) DELETE: Delete a project (disable) POST: Check if a project exist or is enabled """ try: r = get_redis_connection() except RedisError: return JSONResponse('Error connecting with DB', status=status.HTTP_500_INTERNAL_SERVER_ERROR) if request.method == 'GET': enabled_projects = r.lrange('projects_crystal_enabled', 0, -1) return JSONResponse(enabled_projects, status=status.HTTP_200_OK) if request.method == 'PUT': project_list = get_project_list() project_name = project_list[project_id] if project_name == settings.MANAGEMENT_ACCOUNT: return JSONResponse( "Management project could not be set as Crystal project", status=status.HTTP_400_BAD_REQUEST) try: # Set Manager as admin of the Crystal Project keystone_client = get_keystone_admin_auth() admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids( keystone_client) keystone_client.roles.grant(role=admin_role_id, user=admin_user_id, project=project_id) keystone_client.roles.grant(role=reseller_admin_role_id, user=admin_user_id, project=project_id) # Post Storlet and Dependency containers url, token = get_swift_url_and_token(project_name) swift_client.put_container(url, token, ".storlet") swift_client.put_container(url, token, ".dependency") headers = { 'X-Account-Meta-Crystal-Enabled': True, 'X-Account-Meta-Storlet-Enabled': True } swift_client.post_account(url, token, headers) # Create project docker image create_docker_image(r, project_id) r.lpush('projects_crystal_enabled', project_id) return JSONResponse("Crystal Project correctly enabled", status=status.HTTP_201_CREATED) except: return JSONResponse("Error Enabling Crystal Project", status=status.HTTP_400_BAD_REQUEST) if request.method == 'DELETE': try: project_list = get_project_list() project_name = project_list[project_id] # Delete Storlet and Dependency containers try: url, token = get_swift_url_and_token(project_name) headers = { 'X-Account-Meta-Crystal-Enabled': '', 'X-Account-Meta-Storlet-Enabled': '' } swift_client.post_account(url, token, headers) swift_client.delete_container(url, token, ".storlet") swift_client.delete_container(url, token, ".dependency") except: pass # Delete Manager as admin of the Crystal Project keystone_client = get_keystone_admin_auth() admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids( keystone_client) try: keystone_client.roles.revoke(role=admin_role_id, user=admin_user_id, project=project_id) keystone_client.roles.revoke(role=reseller_admin_role_id, user=admin_user_id, project=project_id) except: pass # Delete project docker image delete_docker_image(r, project_id) r.lrem('projects_crystal_enabled', project_id) return JSONResponse("Crystal project correctly disabled.", status=status.HTTP_201_CREATED) except RedisError: return JSONResponse("Error inserting data", status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': enabled_projects = r.lrange('projects_crystal_enabled', 0, -1) if project_id in enabled_projects: return JSONResponse(project_id, status=status.HTTP_200_OK) return JSONResponse('The project with id: ' + str(project_id) + ' does not exist.', status=status.HTTP_404_NOT_FOUND) return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)