def add_rule(add_rule_request=None): # noqa: E501 """Add rule Add a new rule, READ permission required on target resource, ADD permission required on Rule # noqa: E501 :param add_rule_request: :type add_rule_request: dict | bytes :rtype: Rule """ if connexion.request.is_json: add_rule_request = AddRuleRequest.from_dict( connexion.request.get_json()) # noqa: E501 try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 try: auth_context.check_perm('rule', 'add', None) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 kwargs = add_rule_request.to_dict() arbitrary = kwargs['selectors'] is None delete_none(kwargs) data_type = kwargs.pop('data_type') # Get the proper Rule subclass. rule_key = f'{"arbitrary" if arbitrary else "resource"}-{data_type}' rule_cls = RULES[rule_key] # Add new rule. try: rule = rule_cls.add(auth_context, **kwargs) except BadRequestError as e: return str(e), 400 # Advance rule counter. auth_context.owner.rule_counter += 1 auth_context.owner.save() return rule.as_dict()
def create_network(create_network_request=None): # noqa: E501 """Create network Creates one or more networks on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. CREATE permission required on network. # noqa: E501 :param create_network_request: :type create_network_request: dict | bytes :rtype: CreateNetworkResponse """ from mist.api.methods import list_resources if connexion.request.is_json: create_network_request = CreateNetworkRequest.from_dict(connexion.request.get_json()) # noqa: E501 try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 params = delete_none(create_network_request.to_dict()) try: tags, _ = auth_context.check_perm("network", "add", None) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 try: [cloud], total = list_resources( auth_context, 'cloud', search=params.pop('cloud'), limit=1) except ValueError: return 'Cloud does not exist', 404 try: auth_context.check_perm('cloud', 'read', cloud.id) auth_context.check_perm('cloud', 'create_resources', cloud.id) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 if not hasattr(cloud.ctl, 'network'): return 'Network support is not available', 501 # Create the new network network_params = {'name': params['name']} if 'extra' in params: network_params.update(params['extra']) try: network = NETWORKS[cloud.ctl.provider].add( cloud=cloud, **network_params) except BadRequestError as e: return str(e), 400 except NetworkListingError as e: return str(e), 503 network.assign_to(auth_context.user) if tags: add_tags_to_resource(auth_context.owner, network, tags) return network.as_dict()
def create_zone(create_zone_request=None): # noqa: E501 """Create zone Creates one or more zones on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. CREATE permission required on zone. # noqa: E501 :param create_zone_request: :type create_zone_request: dict | bytes :rtype: CreateZoneResponse """ from mist.api.methods import list_resources if connexion.request.is_json: create_zone_request = CreateZoneRequest.from_dict(connexion.request.get_json()) # noqa: E501 try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 params = delete_none(create_zone_request.to_dict()) try: [cloud], total = list_resources( auth_context, 'cloud', search=params.pop('cloud'), limit=1) except ValueError: return 'Cloud does not exist', 404 try: auth_context.check_perm("cloud", "read", cloud.id) auth_context.check_perm("cloud", "create_resources", cloud.id) tags, _ = auth_context.check_perm("zone", "add", None) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 params['domain'] = params.pop('name') try: new_zone = Zone.add(owner=cloud.owner, cloud=cloud, **params) except BadRequestError as e: return str(e), 400 except CloudUnauthorizedError: return 'You are not authorized to perform this action', 403 except ZoneCreationError as e: return str(e), 503 except ZoneListingError as e: return str(e), 503 except CloudUnavailableError as e: return str(e), 503 new_zone.assign_to(auth_context.user) if tags: resolve_id_and_set_tags(auth_context.owner, 'zone', new_zone.id, tags, cloud_id=cloud.id) return new_zone.as_dict()
def edit_machine(machine, edit_machine_request=None): # noqa: E501 """Edit machine Edit target machine # noqa: E501 :param machine: :type machine: str :param edit_machine_request: :type edit_machine_request: dict | bytes :rtype: None """ from mist.api.methods import list_resources if connexion.request.is_json: edit_machine_request = EditMachineRequest.from_dict(connexion.request.get_json()) # noqa: E501 params = delete_none(edit_machine_request.to_dict()) try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 from mist.api.logs.methods import log_event try: [machine], total = list_resources(auth_context, 'machine', search=machine, limit=1) except ValueError: return 'Machine does not exist', 404 if machine.cloud.owner != auth_context.owner: return 'Machine does not exist', 404 # VMs in libvirt can be started no matter if they are terminated if machine.state == 'terminated' and not isinstance(machine.cloud, LibvirtCloud): return 'Machine does not exist', 404 log_event( auth_context.owner.id, 'request', 'edit_machine', machine_id=machine.id, user_id=auth_context.user.id, ) try: auth_context.check_perm('machine', 'edit', machine.id) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 machine.ctl.update(auth_context, params) return 'Machine successfully updated'
def edit_rule(rule, edit_rule_request=None): # noqa: E501 """Update rule Edit a rule given its UUID, EDIT permission required on rule # noqa: E501 :param rule: :type rule: str :param edit_rule_request: :type edit_rule_request: dict | bytes :rtype: Rule """ from mist.api.methods import list_resources from mist.api.notifications.models import Notification if connexion.request.is_json: edit_rule_request = EditRuleRequest.from_dict( connexion.request.get_json()) # noqa: E501 try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 try: [rule], total = list_resources(auth_context, 'rule', search=rule, limit=1) except ValueError: return 'Rule does not exist', 404 try: auth_context.check_perm('rule', 'edit', rule.id) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 rule.ctl.set_auth_context(auth_context) kwargs = delete_none(edit_rule_request.to_dict()) try: rule.ctl.update(**kwargs) except (BadRequestError, ValidationError) as e: return str(e), 400 Notification.objects(owner=auth_context.owner, rtype='rule', rid=rule.id).delete() return rule.as_dict()
def create_volume(create_volume_request=None): # noqa: E501 """Create volume Creates one or more volumes on the specified cloud. If async is true, a jobId will be returned. READ permission required on cloud. CREATE_RESOURCES permission required on cloud. READ permission required on location. CREATE_RESOURCES permission required on location. CREATE permission required on volume. # noqa: E501 :param create_volume_request: :type create_volume_request: dict | bytes :rtype: CreateVolumeResponse """ from mist.api.methods import list_resources if connexion.request.is_json: create_volume_request = CreateVolumeRequest.from_dict( connexion.request.get_json()) # noqa: E501 params = delete_none(create_volume_request.to_dict()) try: auth_context = connexion.context['token_info']['auth_context'] except KeyError: return 'Authentication failed', 401 try: tags, _ = auth_context.check_perm("network", "add", None) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 try: [cloud], total = list_resources(auth_context, 'cloud', search=params.pop('cloud'), limit=1) except ValueError: return 'Cloud does not exist', 404 if not hasattr(cloud.ctl, 'storage'): return 'Volume support is not available', 501 try: [location], total = list_resources(auth_context, 'location', search=params.pop('location'), limit=1) except ValueError: return 'Location does not exist', 404 params['location'] = location.id try: auth_context.check_perm("cloud", "read", cloud.id) auth_context.check_perm("cloud", "create_resources", cloud.id) auth_context.check_perm("location", "read", location.id) auth_context.check_perm("location", "create_resources", location.id) tags, _ = auth_context.check_perm("volume", "create", None) except PolicyUnauthorizedError: return 'You are not authorized to perform this action', 403 try: volume = cloud.ctl.storage.create_volume(**params) except (VolumeCreationError, VolumeListingError) as e: return str(e), 503 owner = auth_context.owner if tags: add_tags_to_resource(owner, volume, tags) volume.assign_to(auth_context.user) trigger_session_update(owner.id, ['volumes']) if config.HAS_RBAC: owner.mapper.update(volume, callback=async_session_update, args=( owner.id, ['volumes'], )) return volume.as_dict()