def _get_tenant_volume_usages(request, usages, disabled_quotas, tenant_id):
if 'volumes' not in disabled_quotas:
try:
if tenant_id:
opts = {'all_tenants': 1, 'project_id': tenant_id}
#volumes = cinder.volume_list(request, opts)
#snapshots = cinder.volume_snapshot_list(request, opts)
if is_m1_user_admin(request):
volumes = get_volume_list(request, opts)
snapshots = get_volume_snapshot_list(request, opts)
else:
volumes = cinder.volume_list(request, opts)
snapshots = cinder.volume_snapshot_list(request, opts)
else:
#volumes = cinder.volume_list(request)
#snapshots = cinder.volume_snapshot_list(request)
if is_m1_user_admin(request):
volumes = get_volume_list(request)
snapshots = get_volume_snapshot_list(request)
else:
volumes = cinder.volume_list(request)
snapshots = cinder.volume_snapshot_list(request)
usages.tally('gigabytes', sum([int(v.size) for v in volumes]))
usages.tally('volumes', len(volumes))
usages.tally('snapshots', len(snapshots))
except cinder.ClientException:
msg = _("Unable to retrieve volume limit information.")
exceptions.handle(request, msg)
def _get_quota_data(request,
method_name,
disabled_quotas=None,
tenant_id=None):
quotasets = []
if not tenant_id:
tenant_id = request.user.tenant_id
#quotasets.append(getattr(nova, method_name)(request, tenant_id))
if is_m1_user_admin(request):
quotasets.append(tenant_quota_get_nova(request, tenant_id))
else:
quotasets.append(getattr(nova, method_name)(request, tenant_id))
qs = base.QuotaSet()
if disabled_quotas is None:
disabled_quotas = get_disabled_quotas(request)
if 'volumes' not in disabled_quotas:
try:
#quotasets.append(getattr(cinder, method_name)(request, tenant_id))
if is_m1_user_admin(request):
quotasets.append(tenant_quota_get_cinder(request, tenant_id))
else:
quotasets.append(
getattr(cinder, method_name)(request, tenant_id))
except cinder.ClientException:
disabled_quotas.extend(CINDER_QUOTA_FIELDS)
msg = _("Unable to retrieve volume limit information.")
exceptions.handle(request, msg)
for quota in itertools.chain(*quotasets):
if quota.name not in disabled_quotas:
qs[quota.name] = quota.limit
return qs
def _update_project_quota(self, request, data, project_id):
# Update the project quota.
nova_data = dict([(key, data[key])
for key in quotas.NOVA_QUOTA_FIELDS])
if is_m1_user_admin(self.request):
tenant_quota_update_nova(request, project_id, **nova_data)
else:
nova.tenant_quota_update(request, project_id, **nova_data)
if base.is_service_enabled(request, 'volume'):
cinder_data = dict([(key, data[key])
for key in quotas.CINDER_QUOTA_FIELDS])
if is_m1_user_admin(self.request):
tenant_quota_update_cinder(request, project_id, **cinder_data)
else:
cinder.tenant_quota_update(request, project_id, **cinder_data)
if api.base.is_service_enabled(request, 'network') and \
api.neutron.is_quotas_extension_supported(request):
neutron_data = {}
disabled_quotas = quotas.get_disabled_quotas(request)
for key in quotas.NEUTRON_QUOTA_FIELDS:
if key not in disabled_quotas:
neutron_data[key] = data[key]
if is_m1_user_admin(self.request):
tenant_quota_update_neutron(request, project_id,
**neutron_data)
else:
api.neutron.tenant_quota_update(request, project_id,
**neutron_data)
def get_data(self):
tenants = []
marker = self.request.GET.get(
project_tables.TenantsTable._meta.pagination_param, None)
domain_context = self.request.session.get('domain_context', None)
self._more = False
if policy.check((("identity", "identity:list_projects"), ),
self.request):
try:
if is_m1_user_admin(self.request):
tenants, self._more = get_tenants(self.request,
domain=domain_context,
paginate=True,
marker=marker)
else:
tenants, self._more = api.keystone.tenant_list(
self.request,
domain=domain_context,
paginate=True,
marker=marker)
except Exception:
exceptions.handle(self.request,
_("Unable to retrieve project list."))
elif policy.check((("identity", "identity:list_user_projects"), ),
self.request):
try:
if is_m1_user_admin(self.request):
tenants, self._more = get_tenants(
self.request,
user=self.request.user.id,
paginate=True,
marker=marker,
admin=False)
else:
tenants, self._more = api.keystone.tenant_list(
self.request,
user=self.request.user.id,
paginate=True,
marker=marker,
admin=False)
except Exception:
exceptions.handle(self.request,
_("Unable to retrieve project information."))
else:
msg = \
_("Insufficient privilege level to view project information.")
messages.info(self.request, msg)
return tenants
def get_initial(self):
initial = super(UpdateProjectView, self).get_initial()
project_id = self.kwargs['tenant_id']
initial['project_id'] = project_id
try:
# get initial project info
if is_m1_user_admin(self.request):
project_info = get_project(self.request, project_id)
else:
project_info = api.keystone.tenant_get(self.request,
project_id,
admin=True)
for field in PROJECT_INFO_FIELDS:
initial[field] = getattr(project_info, field, None)
# Retrieve the domain name where the project belong
if keystone.VERSIONS.active >= 3:
try:
if is_m1_user_admin(self.request):
domain = get_domain(self.request, initial["domain_id"])
else:
domain = api.keystone.domain_get(
self.request, initial["domain_id"])
initial["domain_name"] = domain.name
except Exception:
exceptions.handle(self.request,
_('Unable to retrieve project domain.'),
redirect=reverse(INDEX_URL))
# get initial project quota
quota_data = quotas.get_tenant_quota_data(self.request,
tenant_id=project_id)
if api.base.is_service_enabled(self.request, 'network') and \
api.neutron.is_quotas_extension_supported(self.request):
if is_m1_user_admin(self.request):
quota_data += get_tenant_quota_neutron(
self.request, tenant_id=project_id)
else:
quota_data += api.neutron.tenant_quota_get(
self.request, tenant_id=project_id)
for field in quotas.QUOTA_FIELDS:
initial[field] = quota_data.get(field).limit
except Exception:
exceptions.handle(self.request,
_('Unable to retrieve project details.'),
redirect=reverse(INDEX_URL))
return initial
def update_cell(self, request, datum, project_id, cell_name,
new_cell_value):
# inline update project info
try:
project_obj = datum
# updating changed value by new value
setattr(project_obj, cell_name, new_cell_value)
if is_m1_user_admin(request):
update_tenant(request,
project_id,
name=project_obj.name,
description=project_obj.description,
enabled=project_obj.enabled)
else:
api.keystone.tenant_update(request,
project_id,
name=project_obj.name,
description=project_obj.description,
enabled=project_obj.enabled)
except Conflict:
# Returning a nice error message about name conflict. The message
# from exception is not that clear for the users.
message = _("This name is already taken.")
raise ValidationError(message)
except Exception:
exceptions.handle(request, ignore=True)
return False
return True
def _add_roles_to_users(self, request, data, project_id, user_id, role_ids,
available_roles):
member_step = self.get_step(PROJECT_USER_MEMBER_SLUG)
current_role_ids = list(role_ids)
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
# Check if the user is in the list of users with this role.
if user_id in data[field_name]:
# Add it if necessary
if role.id not in current_role_ids:
# user role has changed
if is_m1_user_admin(request):
add_user_role_to_tenant(request,
project=project_id,
user=user_id,
role=role.id)
else:
api.keystone.add_tenant_user_role(request,
project=project_id,
user=user_id,
role=role.id)
else:
# User role is unchanged, so remove it from the
# remaining roles list to avoid removing it later.
index = current_role_ids.index(role.id)
current_role_ids.pop(index)
return current_role_ids
def _update_project(self, request, data):
# update project info
try:
project_id = data['project_id']
if is_m1_user_admin(request):
return update_tenant(request,
project_id,
name=data['name'],
description=data['description'],
enabled=data['enabled'])
else:
return api.keystone.tenant_update(
request,
project_id,
name=data['name'],
description=data['description'],
enabled=data['enabled'])
except exceptions.Conflict:
msg = _('Project name "%s" is already used.') % data['name']
self.failure_message = msg
return
except Exception:
exceptions.handle(request, ignore=True)
return
def _create_project(self, request, data):
# create the project
domain_id = data['domain_id']
try:
desc = data['description']
if is_m1_user_admin(request):
self.object = create_tenant(request,
name=data['name'],
description=desc,
enabled=data['enabled'],
domain=domain_id)
else:
self.object = api.keystone.tenant_create(
request,
name=data['name'],
description=desc,
enabled=data['enabled'],
domain=domain_id)
return self.object
except exceptions.Conflict:
msg = _('Project name "%s" is already used.') % data['name']
self.failure_message = msg
return
except Exception:
exceptions.handle(request, ignore=True)
return
def _update_project_members(self, request, data, project_id):
# update project members
users_to_add = 0
try:
if is_m1_user_admin(request):
available_roles = list_roles(request)
else:
available_roles = api.keystone.role_list(request)
member_step = self.get_step(PROJECT_USER_MEMBER_SLUG)
# count how many users are to be added
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
role_list = data[field_name]
users_to_add += len(role_list)
# add new users to project
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
role_list = data[field_name]
users_added = 0
for user in role_list:
if is_m1_user_admin(request):
add_user_role_to_tenant(request,
project=project_id,
user=user,
role=role.id)
else:
api.keystone.add_tenant_user_role(request,
project=project_id,
user=user,
role=role.id)
users_added += 1
users_to_add -= users_added
except Exception:
if PROJECT_GROUP_ENABLED:
group_msg = _(", add project groups")
else:
group_msg = ""
exceptions.handle(
request,
_('Failed to add %(users_to_add)s project '
'members%(group_msg)s and set project quotas.') % {
'users_to_add': users_to_add,
'group_msg': group_msg
})
def get_data(self, request, project_id):
if is_m1_user_admin(request):
project_info = get_project(request, project_id)
else:
project_info = api.keystone.tenant_get(request,
project_id,
admin=True)
return project_info
def _get_tenant_network_usages(request, usages, disabled_quotas, tenant_id):
floating_ips = []
try:
if network.floating_ip_supported(request):
floating_ips = network.tenant_floating_ip_list(request)
except Exception:
pass
usages.tally('floating_ips', len(floating_ips))
if 'security_group' not in disabled_quotas:
security_groups = []
security_groups = network.security_group_list(request)
usages.tally('security_groups', len(security_groups))
if 'network' not in disabled_quotas:
networks = []
#networks = neutron.network_list(request, shared=False)
if is_m1_user_admin(request):
networks = network_list_neutron(request, shared=False)
else:
networks = neutron.network_list(request, shared=False)
if tenant_id:
networks = filter(lambda net: net.tenant_id == tenant_id, networks)
usages.tally('networks', len(networks))
if 'subnet' not in disabled_quotas:
subnets = []
#subnets = neutron.subnet_list(request)
if is_m1_user_admin(request):
subnets = subnet_list_neutron(request)
else:
subnets = neutron.subnet_list(request)
usages.tally('subnets', len(subnets))
if 'router' not in disabled_quotas:
routers = []
#routers = neutron.router_list(request)
if is_m1_user_admin(request):
routers = router_list_neutron(request)
else:
routers = neutron.router_list(request)
if tenant_id:
routers = filter(lambda rou: rou.tenant_id == tenant_id, routers)
usages.tally('routers', len(routers))
def get_data(self):
try:
project_id = self.kwargs['project_id']
if is_m1_user_admin(self.request):
project = get_project(self.request, project_id)
else:
project = api.keystone.tenant_get(self.request, project_id)
except Exception:
exceptions.handle(self.request,
_('Unable to retrieve project details.'),
redirect=reverse(INDEX_URL))
return project
def tenant_limit_usages(request):
# TODO(licostan): This method shall be removed from Quota module.
# ProjectUsage/BaseUsage maybe used instead on volume/image dashboards.
limits = {}
try:
#limits.update(nova.tenant_absolute_limits(request))
if is_m1_user_admin(request):
limits.update(tenant_absolute_limits_nova(request))
else:
limits.update(nova.tenant_absolute_limits(request))
except Exception:
msg = _("Unable to retrieve compute limit information.")
exceptions.handle(request, msg)
if base.is_service_enabled(request, 'volume'):
try:
#limits.update(cinder.tenant_absolute_limits(request))
#volumes = cinder.volume_list(request)
#snapshots = cinder.volume_snapshot_list(request)
if is_m1_user_admin(request):
limits.update(tenant_absolute_limits_cinder(request))
volumes = get_volume_list(request)
snapshots = get_volume_snapshot_list(request)
else:
limits.update(cinder.tenant_absolute_limits(request))
volumes = cinder.volume_list(request)
snapshots = cinder.volume_snapshot_list(request)
# gigabytesUsed should be a total of volumes and snapshots
vol_size = sum([getattr(volume, 'size', 0) for volume in volumes])
snap_size = sum([getattr(snap, 'size', 0) for snap in snapshots])
limits['gigabytesUsed'] = vol_size + snap_size
limits['volumesUsed'] = len(volumes)
limits['snapshotsUsed'] = len(snapshots)
except cinder.ClientException:
msg = _("Unable to retrieve volume limit information.")
exceptions.handle(request, msg)
return limits
def _remove_roles_from_user(self, request, project_id, user_id,
current_role_ids):
for id_to_delete in current_role_ids:
if is_m1_user_admin(request):
remove_user_role_frm_tenant(request,
project=project_id,
user=user_id,
role=id_to_delete)
else:
api.keystone.remove_tenant_user_role(request,
project=project_id,
user=user_id,
role=id_to_delete)
def get_object(self):
tenant_id = self.kwargs['tenant_id']
try:
if is_m1_user_admin(self.request):
return get_project(self.request, tenant_id)
else:
return api.keystone.tenant_get(self.request,
tenant_id,
admin=True)
except Exception:
exceptions.handle(self.request,
_('Unable to retrieve project information.'),
redirect=reverse(INDEX_URL))
def _update_project_groups(self, request, data, project_id):
# update project groups
groups_to_add = 0
try:
if is_m1_user_admin(request):
available_roles = list_roles(request)
else:
available_roles = api.keystone.role_list(request)
member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG)
# count how many groups are to be added
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
role_list = data[field_name]
groups_to_add += len(role_list)
# add new groups to project
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
role_list = data[field_name]
groups_added = 0
for group in role_list:
if is_m1_user_admin(request):
add_gp_role(request,
role=role.id,
group=group,
project=project_id)
else:
api.keystone.add_group_role(request,
role=role.id,
group=group,
project=project_id)
groups_added += 1
groups_to_add -= groups_added
except Exception:
exceptions.handle(
request,
_('Failed to add %s project groups '
'and update project quotas.') % groups_to_add)
def contribute(self, data, context):
if data:
try:
if is_m1_user_admin(self.workflow.request):
roles = list_roles(self.workflow.request)
else:
roles = api.keystone.role_list(self.workflow.request)
except Exception:
exceptions.handle(self.workflow.request,
_('Unable to retrieve role list.'))
post = self.workflow.request.POST
for role in roles:
field = self.get_member_field_name(role.id)
context[field] = post.getlist(field)
return context
def get_initial(self):
initial = super(CreateProjectView, self).get_initial()
# Set the domain of the project
domain = api.keystone.get_default_domain(self.request)
initial["domain_id"] = domain.id
initial["domain_name"] = domain.name
# get initial quota defaults
try:
quota_defaults = quotas.get_default_quota_data(self.request)
try:
if api.base.is_service_enabled(self.request, 'network') and \
api.neutron.is_quotas_extension_supported(
self.request):
# TODO(jpichon): There is no API to access the Neutron
# default quotas (LP#1204956). For now, use the values
# from the current project.
project_id = self.request.user.project_id
if is_m1_user_admin(self.request):
quota_defaults += get_tenant_quota_neutron(
self.request, tenant_id=project_id)
else:
quota_defaults += api.neutron.tenant_quota_get(
self.request, tenant_id=project_id)
except Exception:
error_msg = _('Unable to retrieve default Neutron quota '
'values.')
self.add_error_to_step(error_msg, 'create_quotas')
for field in quotas.QUOTA_FIELDS:
initial[field] = quota_defaults.get(field).limit
except Exception:
error_msg = _('Unable to retrieve default quota values.')
self.add_error_to_step(error_msg, 'create_quotas')
return initial
def __init__(self, request, *args, **kwargs):
super(UpdateProjectGroupsAction,
self).__init__(request, *args, **kwargs)
err_msg = _('Unable to retrieve group list. Please try again later.')
# Use the domain_id from the project
domain_id = self.initial.get("domain_id", None)
project_id = ''
if 'project_id' in self.initial:
project_id = self.initial['project_id']
# Get the default role
try:
if is_m1_user_admin(request):
default_role = gt_default_role(self.request)
else:
default_role = api.keystone.get_default_role(self.request)
# Default role is necessary to add members to a project
if default_role is None:
default = getattr(settings, "OPENSTACK_KEYSTONE_DEFAULT_ROLE",
None)
msg = (_('Could not find default role "%s" in Keystone') %
default)
raise exceptions.NotFound(msg)
except Exception:
exceptions.handle(self.request,
err_msg,
redirect=reverse(INDEX_URL))
default_role_name = self.get_default_role_field_name()
self.fields[default_role_name] = forms.CharField(required=False)
self.fields[default_role_name].initial = default_role.id
# Get list of available groups
all_groups = []
try:
if is_m1_user_admin(request):
all_groups = list_groups(request, domain=domain_id)
else:
all_groups = api.keystone.group_list(request, domain=domain_id)
except Exception:
exceptions.handle(request, err_msg)
groups_list = [(group.id, group.name) for group in all_groups]
# Get list of roles
role_list = []
try:
if is_m1_user_admin(request):
role_list = list_roles(request)
else:
role_list = api.keystone.role_list(request)
except Exception:
exceptions.handle(request, err_msg, redirect=reverse(INDEX_URL))
for role in role_list:
field_name = self.get_member_field_name(role.id)
label = role.name
self.fields[field_name] = forms.MultipleChoiceField(required=False,
label=label)
self.fields[field_name].choices = groups_list
self.fields[field_name].initial = []
# Figure out groups & roles
if project_id:
try:
if is_m1_user_admin(request):
groups_roles = gt_pjct_groups_roles(request, project_id)
else:
groups_roles = api.keystone.get_project_groups_roles(
request, project_id)
except Exception:
exceptions.handle(request,
err_msg,
redirect=reverse(INDEX_URL))
for group_id in groups_roles:
roles_ids = groups_roles[group_id]
for role_id in roles_ids:
field_name = self.get_member_field_name(role_id)
self.fields[field_name].initial.append(group_id)
def get_tenant_quota_data(request, disabled_quotas=None, tenant_id=None):
qs = _get_quota_data(request,
"tenant_quota_get",
disabled_quotas=disabled_quotas,
tenant_id=tenant_id)
# TODO(jpichon): There is no API to get the default system quotas
# in Neutron (cf. LP#1204956), so for now handle tenant quotas here.
# This should be handled in _get_quota_data() eventually.
if not disabled_quotas:
return qs
# Check if neutron is enabled by looking for network and router
if 'network' and 'router' not in disabled_quotas:
tenant_id = tenant_id or request.user.tenant_id
#neutron_quotas = neutron.tenant_quota_get(request, tenant_id)
if is_m1_user_admin(request):
neutron_quotas = get_tenant_quota_neutron(request, tenant_id)
else:
neutron_quotas = neutron.tenant_quota_get(request, tenant_id)
if 'floating_ips' in disabled_quotas:
# Neutron with quota extension disabled
if 'floatingip' in disabled_quotas:
qs.add(base.QuotaSet({'floating_ips': -1}))
# Neutron with quota extension enabled
else:
# Rename floatingip to floating_ips since that's how it's
# expected in some places (e.g. Security & Access' Floating IPs)
fips_quota = neutron_quotas.get('floatingip').limit
qs.add(base.QuotaSet({'floating_ips': fips_quota}))
if 'security_groups' in disabled_quotas:
if 'security_group' in disabled_quotas:
qs.add(base.QuotaSet({'security_groups': -1}))
# Neutron with quota extension enabled
else:
# Rename security_group to security_groups since that's how it's
# expected in some places (e.g. Security & Access' Security Groups)
sec_quota = neutron_quotas.get('security_group').limit
qs.add(base.QuotaSet({'security_groups': sec_quota}))
if 'network' in disabled_quotas:
for item in qs.items:
if item.name == 'networks':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('network').limit
qs.add(base.QuotaSet({'networks': net_quota}))
if 'subnet' in disabled_quotas:
for item in qs.items:
if item.name == 'subnets':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('subnet').limit
qs.add(base.QuotaSet({'subnets': net_quota}))
if 'router' in disabled_quotas:
for item in qs.items:
if item.name == 'routers':
qs.items.remove(item)
break
else:
router_quota = neutron_quotas.get('router').limit
qs.add(base.QuotaSet({'routers': router_quota}))
return qs
def delete(self, request, obj_id):
if is_m1_user_admin(request):
delete_tenant(request, obj_id)
else:
api.keystone.tenant_delete(request, obj_id)
def _update_project_groups(self, request, data, project_id, domain_id):
# update project groups
groups_to_modify = 0
member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG)
try:
available_roles = self._get_available_roles(request)
# Get the groups currently associated with this project so we
# can diff against it.
if is_m1_user_admin(request):
project_groups = list_groups(request,
domain=domain_id,
project=project_id)
else:
project_groups = api.keystone.group_list(request,
domain=domain_id,
project=project_id)
groups_to_modify = len(project_groups)
for group in project_groups:
# Check if there have been any changes in the roles of
# Existing project members.
if is_m1_user_admin(self.request):
current_roles = roles_for_gp(self.request,
group=group.id,
project=project_id)
else:
current_roles = api.keystone.roles_for_group(
self.request, group=group.id, project=project_id)
current_role_ids = [role.id for role in current_roles]
for role in available_roles:
# Check if the group is in the list of groups with
# this role.
field_name = member_step.get_member_field_name(role.id)
if group.id in data[field_name]:
# Add it if necessary
if role.id not in current_role_ids:
# group role has changed
if is_m1_user_admin(request):
add_gp_role(request,
role=role.id,
group=group.id,
project=project_id)
else:
api.keystone.add_group_role(request,
role=role.id,
group=group.id,
project=project_id)
else:
# Group role is unchanged, so remove it from
# the remaining roles list to avoid removing it
# later.
index = current_role_ids.index(role.id)
current_role_ids.pop(index)
# Revoke any removed roles.
for id_to_delete in current_role_ids:
if is_m1_user_admin(request):
remove_group_role(request,
role=id_to_delete,
group=group.id,
project=project_id)
else:
api.keystone.remove_group_role(request,
role=id_to_delete,
group=group.id,
project=project_id)
groups_to_modify -= 1
# Grant new roles on the project.
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
# Count how many groups may be added for error handling.
groups_to_modify += len(data[field_name])
for role in available_roles:
groups_added = 0
field_name = member_step.get_member_field_name(role.id)
for group_id in data[field_name]:
if not filter(lambda x: group_id == x.id, project_groups):
if is_m1_user_admin(request):
add_gp_role(request,
role=role.id,
group=group_id,
project=project_id)
else:
api.keystone.add_group_role(request,
role=role.id,
group=group_id,
project=project_id)
groups_added += 1
groups_to_modify -= groups_added
return True
except Exception:
exceptions.handle(
request,
_('Failed to modify %s project '
'members, update project groups '
'and update project quotas.') % groups_to_modify)
return False
def _update_project_members(self, request, data, project_id):
# update project members
users_to_modify = 0
# Project-user member step
member_step = self.get_step(PROJECT_USER_MEMBER_SLUG)
try:
# Get our role options
available_roles = self._get_available_roles(request)
# Get the users currently associated with this project so we
# can diff against it.
if is_m1_user_admin(request):
users_roles = gt_pjct_users_roles(request, project=project_id)
else:
users_roles = api.keystone.get_project_users_roles(
request, project=project_id)
users_to_modify = len(users_roles)
for user_id in users_roles.keys():
# Check if there have been any changes in the roles of
# Existing project members.
current_role_ids = list(users_roles[user_id])
modified_role_ids = self._add_roles_to_users(
request, data, project_id, user_id, current_role_ids,
available_roles)
# Prevent admins from doing stupid things to themselves.
removing_admin = self._is_removing_self_admin_role(
request, project_id, user_id, available_roles,
modified_role_ids)
# Otherwise go through and revoke any removed roles.
if not removing_admin:
self._remove_roles_from_user(request, project_id, user_id,
modified_role_ids)
users_to_modify -= 1
# Grant new roles on the project.
for role in available_roles:
field_name = member_step.get_member_field_name(role.id)
# Count how many users may be added for exception handling.
users_to_modify += len(data[field_name])
for role in available_roles:
users_added = 0
field_name = member_step.get_member_field_name(role.id)
for user_id in data[field_name]:
if user_id not in users_roles:
if is_m1_user_admin(request):
add_user_role_to_tenant(request,
project=project_id,
user=user_id,
role=role.id)
else:
api.keystone.add_tenant_user_role(
request,
project=project_id,
user=user_id,
role=role.id)
users_added += 1
users_to_modify -= users_added
return True
except Exception:
if PROJECT_GROUP_ENABLED:
group_msg = _(", update project groups")
else:
group_msg = ""
exceptions.handle(
request,
_('Failed to modify %(users_to_modify)s'
' project members%(group_msg)s and '
'update project quotas.') % {
'users_to_modify': users_to_modify,
'group_msg': group_msg
})
return False
def _get_tenant_compute_usages(request, usages, disabled_quotas, tenant_id):
if tenant_id:
# determine if the user has permission to view across projects
# there are cases where an administrator wants to check the quotas
# on a project they are not scoped to
all_tenants = policy.check((("compute", "compute:get_all_tenants"), ),
request)
'''
instances, has_more = nova.server_list(
request, search_opts={'tenant_id': tenant_id},
all_tenants=all_tenants)
'''
if is_m1_user_admin(request):
instances, has_more = server_list_nova(
request,
search_opts={'tenant_id': tenant_id},
all_tenants=all_tenants)
else:
instances, has_more = nova.server_list(
request,
search_opts={'tenant_id': tenant_id},
all_tenants=all_tenants)
else:
#instances, has_more = nova.server_list(request)
if is_m1_user_admin(request):
instances, has_more = server_list_nova(request)
else:
instances, has_more = nova.server_list(request)
# Fetch deleted flavors if necessary.
#flavors = dict([(f.id, f) for f in nova.flavor_list(request)])
if is_m1_user_admin(request):
flavors = dict([(f.id, f) for f in flavor_list_nova(request)])
else:
flavors = dict([(f.id, f) for f in nova.flavor_list(request)])
missing_flavors = [
instance.flavor['id'] for instance in instances
if instance.flavor['id'] not in flavors
]
for missing in missing_flavors:
if missing not in flavors:
try:
#flavors[missing] = nova.flavor_get(request, missing)
if is_m1_user_admin(request):
flavors[missing] = flavor_get_nova(request, missing)
else:
flavors[missing] = nova.flavor_get(request, missing)
except Exception:
flavors[missing] = {}
exceptions.handle(request, ignore=True)
usages.tally('instances', len(instances))
# Sum our usage based on the flavors of the instances.
for flavor in [flavors[instance.flavor['id']] for instance in instances]:
usages.tally('cores', getattr(flavor, 'vcpus', None))
usages.tally('ram', getattr(flavor, 'ram', None))
# Initialise the tally if no instances have been launched yet
if len(instances) == 0:
usages.tally('cores', 0)
usages.tally('ram', 0)
def _get_available_roles(self, request):
if is_m1_user_admin(request):
return list_roles(request)
else:
return api.keystone.role_list(request)
