def project_users_list(request, project_id):
if request.method == 'GET':
keystone_client = get_keystone_admin_auth()
users = keystone_client.users.list()
roles = keystone_client.roles.list()
for role in roles:
if role.name == 'user':
user_role_id = role.id
break
role_assignments = keystone_client.role_assignments.list()
valid_users = list()
for ra in role_assignments:
if hasattr(ra, 'user') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \
and ra.role['id'] == user_role_id:
valid_users.append(ra.user['id'])
user_list = list()
for user in users:
if user.id in valid_users:
user_data = {}
user_data['id'] = user.id
user_data['name'] = user.name
user_list.append(user_data)
return JSONResponse(user_list, status=status.HTTP_200_OK)
return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def project_groups_list(request, project_id):
if request.method == 'GET':
keystone_client = keystone_client = get_keystone_admin_auth()
groups = keystone_client.groups.list()
roles = keystone_client.roles.list()
for role in roles:
if role.name == 'user':
user_role_id = role.id
break
role_assignments = keystone_client.role_assignments.list()
valid_groups = list()
for ra in role_assignments:
if hasattr(ra, 'group') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \
and ra.role['id'] == user_role_id:
valid_groups.append(ra.group['id'])
groups_list = list()
for group in groups:
if group.id in valid_groups:
group_data = {}
group_data['id'] = group.id
group_data['name'] = group.name
groups_list.append(group_data)
return JSONResponse(groups_list, status=status.HTTP_200_OK)
return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def project_groups_list(request, project_id):
if request.method == 'GET':
keystone_client = keystone_client = get_keystone_admin_auth()
groups = keystone_client.groups.list()
roles = keystone_client.roles.list()
for role in roles:
if role.name == 'user':
user_role_id = role.id
break
role_assignments = keystone_client.role_assignments.list()
valid_groups = list()
for ra in role_assignments:
if hasattr(ra, 'group') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \
and ra.role['id'] == user_role_id:
valid_groups.append(ra.group['id'])
groups_list = list()
for group in groups:
if group.id in valid_groups:
group_data = {}
group_data['id'] = group.id
group_data['name'] = group.name
groups_list.append(group_data)
return JSONResponse(groups_list, status=status.HTTP_200_OK)
return JSONResponse('Method ' + str(request.method) + ' not allowed.',
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def project_users_list(request, project_id):
if request.method == 'GET':
keystone_client = get_keystone_admin_auth()
users = keystone_client.users.list()
roles = keystone_client.roles.list()
for role in roles:
if role.name == 'user':
user_role_id = role.id
break
role_assignments = keystone_client.role_assignments.list()
valid_users = list()
for ra in role_assignments:
if hasattr(ra, 'user') and 'project' in ra.scope and ra.scope['project']['id'] == project_id \
and ra.role['id'] == user_role_id:
valid_users.append(ra.user['id'])
user_list = list()
for user in users:
if user.id in valid_users:
user_data = {}
user_data['id'] = user.id
user_data['name'] = user.name
user_list.append(user_data)
return JSONResponse(user_list, status=status.HTTP_200_OK)
return JSONResponse('Method ' + str(request.method) + ' not allowed.',
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def process_request(request):
# Example of the django logging
# logger.info('Remote address: ' + str(request.META['REMOTE_ADDR']))
# logger.info('User agent: ' + str(request.META['HTTP_USER_AGENT']))
# logger.info('X-Auth-Token: ' + str(request.META['HTTP_X_AUTH_TOKEN']))
if 'HTTP_X_AUTH_TOKEN' in request.META:
token = request.META['HTTP_X_AUTH_TOKEN']
else:
return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED)
is_admin = False
now = timezone.now()
if token not in valid_tokens:
keystone_client = get_keystone_admin_auth()
try:
token_data = keystone_client.tokens.validate(token)
except exceptions.base.ClientException:
return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED)
for role in token_data['roles']:
if role['name'] == 'admin':
is_admin = True
if token_data.expires > now and is_admin:
valid_tokens[token] = token_data.expires
return None
else:
token_expiration = valid_tokens[token]
if token_expiration > now:
return None
else:
valid_tokens.pop(token, None)
return JSONResponse('You must be authenticated as admin.', status=status.HTTP_401_UNAUTHORIZED)
def projects(request, project_id=None):
"""
GET: List all projects ordered by name
PUT: Save a project (enable)
DELETE: Delete a project (disable)
POST: Check if a project exist or is enabled
"""
try:
r = get_redis_connection()
except RedisError:
return JSONResponse('Error connecting with DB', status=status.HTTP_500_INTERNAL_SERVER_ERROR)
if request.method == 'GET':
enabled_projects = r.lrange('projects_crystal_enabled', 0, -1)
return JSONResponse(enabled_projects, status=status.HTTP_200_OK)
if request.method == 'PUT':
project_list = get_project_list()
project_name = project_list[project_id]
if project_name == settings.MANAGEMENT_ACCOUNT:
return JSONResponse("Management project could not be set as Crystal project",
status=status.HTTP_400_BAD_REQUEST)
try:
# Set Manager as admin of the Crystal Project
keystone_client = get_keystone_admin_auth()
admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(keystone_client)
keystone_client.roles.grant(role=admin_role_id, user=admin_user_id, project=project_id)
keystone_client.roles.grant(role=reseller_admin_role_id, user=admin_user_id, project=project_id)
# Post Storlet and Dependency containers
url, token = get_swift_url_and_token(project_name)
swift_client.put_container(url, token, ".storlet")
swift_client.put_container(url, token, ".dependency")
headers = {'X-Account-Meta-Crystal-Enabled': True, 'X-Account-Meta-Storlet-Enabled': True}
swift_client.post_account(url, token, headers)
# Create project docker image
create_docker_image(r, project_id)
r.lpush('projects_crystal_enabled', project_id)
return JSONResponse("Crystal Project correctly enabled", status=status.HTTP_201_CREATED)
except:
return JSONResponse("Error Enabling Crystal Project", status=status.HTTP_400_BAD_REQUEST)
if request.method == 'DELETE':
try:
project_list = get_project_list()
project_name = project_list[project_id]
# Delete Storlet and Dependency containers
try:
url, token = get_swift_url_and_token(project_name)
headers = {'X-Account-Meta-Crystal-Enabled': '', 'X-Account-Meta-Storlet-Enabled': ''}
swift_client.post_account(url, token, headers)
swift_client.delete_container(url, token, ".storlet")
swift_client.delete_container(url, token, ".dependency")
except:
pass
# Delete Manager as admin of the Crystal Project
keystone_client = get_keystone_admin_auth()
admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(keystone_client)
try:
keystone_client.roles.revoke(role=admin_role_id, user=admin_user_id, project=project_id)
keystone_client.roles.revoke(role=reseller_admin_role_id, user=admin_user_id, project=project_id)
except:
pass
# Delete project docker image
delete_docker_image(r, project_id)
r.lrem('projects_crystal_enabled', project_id)
return JSONResponse("Crystal project correctly disabled.", status=status.HTTP_201_CREATED)
except RedisError:
return JSONResponse("Error inserting data", status=status.HTTP_400_BAD_REQUEST)
if request.method == 'POST':
enabled_projects = r.lrange('projects_crystal_enabled', 0, -1)
if project_id in enabled_projects:
return JSONResponse(project_id, status=status.HTTP_200_OK)
return JSONResponse('The project with id: ' + str(project_id) + ' does not exist.',
status=status.HTTP_404_NOT_FOUND)
return JSONResponse('Method ' + str(request.method) + ' not allowed.', status=status.HTTP_405_METHOD_NOT_ALLOWED)
def projects(request, project_id=None):
"""
GET: List all projects ordered by name
PUT: Save a project (enable)
DELETE: Delete a project (disable)
POST: Check if a project exist or is enabled
"""
try:
r = get_redis_connection()
except RedisError:
return JSONResponse('Error connecting with DB',
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
if request.method == 'GET':
enabled_projects = r.lrange('projects_crystal_enabled', 0, -1)
return JSONResponse(enabled_projects, status=status.HTTP_200_OK)
if request.method == 'PUT':
project_list = get_project_list()
project_name = project_list[project_id]
if project_name == settings.MANAGEMENT_ACCOUNT:
return JSONResponse(
"Management project could not be set as Crystal project",
status=status.HTTP_400_BAD_REQUEST)
try:
# Set Manager as admin of the Crystal Project
keystone_client = get_keystone_admin_auth()
admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(
keystone_client)
keystone_client.roles.grant(role=admin_role_id,
user=admin_user_id,
project=project_id)
keystone_client.roles.grant(role=reseller_admin_role_id,
user=admin_user_id,
project=project_id)
# Post Storlet and Dependency containers
url, token = get_swift_url_and_token(project_name)
swift_client.put_container(url, token, ".storlet")
swift_client.put_container(url, token, ".dependency")
headers = {
'X-Account-Meta-Crystal-Enabled': True,
'X-Account-Meta-Storlet-Enabled': True
}
swift_client.post_account(url, token, headers)
# Create project docker image
create_docker_image(r, project_id)
r.lpush('projects_crystal_enabled', project_id)
return JSONResponse("Crystal Project correctly enabled",
status=status.HTTP_201_CREATED)
except:
return JSONResponse("Error Enabling Crystal Project",
status=status.HTTP_400_BAD_REQUEST)
if request.method == 'DELETE':
try:
project_list = get_project_list()
project_name = project_list[project_id]
# Delete Storlet and Dependency containers
try:
url, token = get_swift_url_and_token(project_name)
headers = {
'X-Account-Meta-Crystal-Enabled': '',
'X-Account-Meta-Storlet-Enabled': ''
}
swift_client.post_account(url, token, headers)
swift_client.delete_container(url, token, ".storlet")
swift_client.delete_container(url, token, ".dependency")
except:
pass
# Delete Manager as admin of the Crystal Project
keystone_client = get_keystone_admin_auth()
admin_role_id, reseller_admin_role_id, admin_user_id = get_admin_role_user_ids(
keystone_client)
try:
keystone_client.roles.revoke(role=admin_role_id,
user=admin_user_id,
project=project_id)
keystone_client.roles.revoke(role=reseller_admin_role_id,
user=admin_user_id,
project=project_id)
except:
pass
# Delete project docker image
delete_docker_image(r, project_id)
r.lrem('projects_crystal_enabled', project_id)
return JSONResponse("Crystal project correctly disabled.",
status=status.HTTP_201_CREATED)
except RedisError:
return JSONResponse("Error inserting data",
status=status.HTTP_400_BAD_REQUEST)
if request.method == 'POST':
enabled_projects = r.lrange('projects_crystal_enabled', 0, -1)
if project_id in enabled_projects:
return JSONResponse(project_id, status=status.HTTP_200_OK)
return JSONResponse('The project with id: ' + str(project_id) +
' does not exist.',
status=status.HTTP_404_NOT_FOUND)
return JSONResponse('Method ' + str(request.method) + ' not allowed.',
status=status.HTTP_405_METHOD_NOT_ALLOWED)