Exemplo n.º 1
0
    def checkCloudspaceStatus(self, requiredaccessrights, cloudspace):
        """
        Check if the required action can be executed on a cloudspace. If cloudspace is
        'DESTROYED' then a 404 NotFound will be returned, else if an action requires a permission
        other than READ, the call will fail with 403 Forbidden if cloudspace is not in any of the
        statuses 'VIRTUAL', 'DEPLOYING' or'DEPLOYED'

        :param requiredaccessrights: the required access rights to access an cloudspace or one of
            its machines
        :param cloudspace: the cloudspace object its status should be checked
        :raise Exception with 404 if destroyed or 403 Forbidden if non-read action cannot be
            performed on cloudspace or one of its machines
        """
        if cloudspace.status == resourcestatus.Cloudspace.DESTROYED:
            raise exceptions.NotFound('Could not find an accessible resource.')
        elif cloudspace.status == resourcestatus.Cloudspace.DELETED and requiredaccessrights != set(
                'D'):
            raise exceptions.NotFound('Could not find an accessible resource.')
        elif requiredaccessrights != set('R') and cloudspace.status not in [
                resourcestatus.Cloudspace.VIRTUAL,
                resourcestatus.Cloudspace.DEPLOYING,
                resourcestatus.Cloudspace.DEPLOYED
        ]:
            raise exceptions.Forbidden(
                'Only READ actions can be executed on cloudspace '
                '(or one of its machines) with status %s.' % cloudspace.status)
Exemplo n.º 2
0
    def updateUser(self, accountId, userId, accesstype, explicit=True, **kwargs):
        """
        Update user access rights

        :param accountId: id of the account
        :param userId: userid/email for registered users or emailaddress for unregistered users
        :param accesstype: 'R' for read only access, 'RCX' for Write and 'ARCXDU' for Admin
        :return True if user access was updated successfully
        """
        accountId = int(accountId)
        if not self.models.account.exists(accountId):
            raise exceptions.NotFound("Account does not exist")

        self.cb.isValidRole(accesstype)
        account = self.models.account.get(accountId)
        for ace in account.acl:
            if ace.userGroupId == userId:
                if not self.cb.isaccountuserdeletable(ace, account.acl):
                    raise exceptions.BadRequest(
                        "User is last admin on the account, cannot change "
                        "user's access rights"
                    )
                break
        else:
            raise exceptions.NotFound("User does not have any access rights to update")

        self.models.account.updateSearch(
            {"id": accountId, "acl.userGroupId": userId},
            {"$set": {"acl.$.right": accesstype, "acl.$.explicit": explicit}},
        )
        return True
Exemplo n.º 3
0
def main(j, args, params, tags, tasklet):
    from jose import jwt as jose_jwt
    from JumpScale.portal.portal import exceptions
    import json

    params.result = (args.doc, args.doc)
    node_id = args.requestContext.params.get("node")
    remote = None
    data = {}
    if node_id:
        node_name, remote = j.apps.cloudbroker.zeroaccess._get_node_info(node_id)
        data["name"] = node_name
    oauth = j.clients.oauth.get(instance="itsyouonline")
    try:
        jwt = oauth.get_active_jwt(session=args.requestContext.env["beaker.session"])
    except:
        raise exceptions.NotFound("Page not found")
    if jwt:
        jwt_data = jose_jwt.get_unverified_claims(jwt)
        jwt_data = json.loads(jwt_data)
        scope = "user:memberof:{}.0-access".format(oauth.id)
        if scope not in jwt_data["scope"]:
            raise exceptions.NotFound("Page not found")
        table_data = j.apps.cloudbroker.zeroaccess.listSessions(
            remote=remote, ctx=args.requestContext
        )
    else:
        table_data = [["No jwt found please logout and login again", "", "", "", ""]]

    if not table_data:
        table_data = [["No sessions found", "", "", "", ""]]

    data["tables"] = table_data
    args.doc.applyTemplate(data, False)
    return params
    def _validate_forward(
        self,
        cloudspaceId,
        publicIp,
        publicPort,
        machineId,
        localPort,
        protocol=None,
        **kwargs
    ):
        machineId = int(machineId)
        cloudspaceId = int(cloudspaceId)
        cloudspace = self.models.cloudspace.get(cloudspaceId)

        fw = self.netmgr.fw_list(cloudspace.gid, cloudspaceId)
        if publicPort > 65535 or publicPort < 1:
            raise exceptions.BadRequest("Public port should be between 1 and 65535")
        if localPort > 65535 or localPort < 1:
            raise exceptions.BadRequest("Local port should be between 1 and 65535")
        if protocol and protocol not in ("tcp", "udp"):
            raise exceptions.BadRequest("Protocol should be either tcp or udp")
        if cloudspace.status != "DEPLOYED":
            raise exceptions.BadRequest(
                "Cannot create a portforwarding during cloudspace deployment."
            )

        if len(fw) == 0:
            raise exceptions.NotFound(
                "Incorrect cloudspace or there is no corresponding gateway"
            )

        try:
            publicIp = str(netaddr.IPNetwork(publicIp).ip)
        except netaddr.AddrFormatError:
            raise exceptions.BadRequest("Invalid public IP %s" % publicIp)

        if cloudspace.externalnetworkip.split("/")[0] != publicIp:
            raise exceptions.BadRequest("Invalid public IP %s" % publicIp)

        machine = j.apps.cloudapi.machines.get(machineId)
        if machine["cloudspaceid"] != cloudspaceId:
            raise exceptions.BadRequest(
                "Machine {} does not belong to cloudspace {}".format(
                    machine["name"], cloudspace.name
                )
            )

        localIp = self._getLocalIp(machine)
        if localIp is None:
            raise exceptions.NotFound(
                "Cannot create portforwarding when Virtual Machine did not acquire an IP Address."
            )
        return cloudspace, machine, fw[0], publicIp
Exemplo n.º 5
0
    def update(self, cloudspaceId, id, publicIp, publicPort, machineId,
               localPort, protocol, **kwargs):
        """
        Update a port forwarding rule

        :param cloudspaceId: id of the cloudspace
        :param id: id of the portforward to edit
        :param publicIp: public ipaddress
        :param publicPort: public port
        :param machineId: id of the virtual machine
        :param localPort: local port
        :param protocol: protocol udp or tcp
        """
        machineId = int(machineId)
        cloudspaceId = int(cloudspaceId)
        cloudspace = self.models.cloudspace.get(cloudspaceId)
        fw = self.netmgr.fw_list(cloudspace.gid, cloudspaceId)
        if len(fw) == 0:
            raise exceptions.NotFound(
                'Incorrect cloudspace or there is no corresponding gateway')
        fw_id = fw[0]['guid']
        if not self.netmgr.fw_check(fw_id, timeout=5):
            raise exceptions.ServiceUnavailable(
                'Can not update PortForward at this time')
        forwards = self.netmgr.fw_forward_list(fw_id, cloudspace.gid)
        id = int(id)
        if not id < len(forwards):
            raise exceptions.NotFound('Cannot find the rule with id %s' %
                                      str(id))
        forward = forwards[id]
        machine = self.models.vmachine.get(machineId)
        if machine.nics:
            if machine.nics[0].ipAddress != 'Undefined':
                localIp = machine.nics[0].ipAddress
            else:
                raise exceptions.NotFound(
                    'No correct ipaddress found for machine with id %s' %
                    machineId)
        self.netmgr.fw_forward_delete(fw_id, cloudspace.gid,
                                      forward['publicIp'],
                                      forward['publicPort'],
                                      forward['localIp'], forward['localPort'],
                                      forward['protocol'])
        forwards = self.netmgr.fw_forward_list(fw_id, cloudspace.gid)
        if self._selfcheckduplicate(forwards, publicIp, publicPort, protocol):
            raise exceptions.Conflict(
                "Forward for %s with port %s already exists" %
                (publicIp, publicPort))
        self.netmgr.fw_forward_create(fw_id, cloudspace.gid, publicIp,
                                      publicPort, localIp, localPort, protocol)
        forwards = self.netmgr.fw_forward_list(fw_id, cloudspace.gid)
        return self._process_list(forwards, cloudspaceId)
Exemplo n.º 6
0
def main(j, args, params, tags, tasklet):
    from jose import jwt as jose_jwt
    from JumpScale.portal.portal import exceptions
    import json

    page = args.page
    modifier = j.html.getPageModifierGridDataTables(page)

    ocl = j.clients.osis.getNamespace("system")
    oauth = j.clients.oauth.get(instance="itsyouonline")
    try:
        jwt = oauth.get_active_jwt(
            session=args.requestContext.env["beaker.session"])
    except:
        raise exceptions.NotFound("Page not found")
    if jwt:
        jwt_data = jose_jwt.get_unverified_claims(jwt)
        jwt_data = json.loads(jwt_data)
        scope = "user:memberof:{}.0-access".format(oauth.id)
        if scope not in jwt_data["scope"]:
            raise exceptions.NotFound("Page not found")

    nodes = []
    for node_id in ocl.node.list():
        node = ocl.node.get(node_id)
        ip = ""
        if "master" in node.roles:
            continue
        else:
            _, ip = j.apps.cloudbroker.zeroaccess._get_node_info(node_id)
            if not ip:
                continue

        name = '<a href="/cbgrid/0-access Node?node={id}">{name}</a>'.format(
            name=node.name, id=node_id)
        nodes.append([node.id, name, ip])
    mgmt_name, mgmt_ip = j.apps.cloudbroker.zeroaccess._get_node_info("0")
    name = '<a href="/cbgrid/0-access Node?node={id}">{name}</a>'.format(
        name=mgmt_name, id="0")
    nodes.append(["0", name, mgmt_ip])

    fieldnames = ["ID", "Name", "IP"]
    if nodes:
        page.addList(nodes, fieldnames)
    else:
        page.addList([["Can not list nodes", "", ""]], fieldnames)

    params.result = page
    return params
Exemplo n.º 7
0
    def _checkMachine(self, machineId):
        vmachines = self.models.vmachine.search({'id': machineId})[1:]
        if not vmachines:
            raise exceptions.NotFound("Machine with id %s does not exists" %
                                      machineId)

        return vmachines[0]
Exemplo n.º 8
0
    def checkAccountStatus(self, requiredaccessrights, account):
        """
        Check if the required action can be executed on an account. If account is 'DISABLED',
        'DESTROYED', 'ERROR' and action requires a permission other than READ, the call should
        fail with 403 Forbidden

        Check if the required action can be executed on an account. If account is
        'DESTROYED' then a 404 NotFound will be returned, else if an action requires a permission
        other than READ, the call will fail with 403 Forbidden if account is not 'CONFIRMED'

        :param requiredaccessrights: the required access rights to access an account or one of
            its cloudspaces or machines
        :param account: the account object its status should be checked
        :raise Exception with 403 Forbidden if action cannot be performed on account or one of
            its cloduspaces or machines

        :raise Exception with 404 if destroyed or 403 Forbidden if non-read action cannot be
            performed on account or one of its cloudspace  or machines
        """
        if account.status == 'DESTROYED':
            raise exceptions.NotFound('Could not find an accessible resource.')
        elif requiredaccessrights != set(
                'R') and account.status != 'CONFIRMED':
            raise exceptions.Forbidden(
                'Only READ actions can be executed on account '
                '(or one of its cloudspace or machines) with status %s.' %
                account.status)
    def list(self, cloudspaceId, machineId=None, **kwargs):
        """
        List all port forwarding rules in a cloudspace or machine

        :param cloudspaceId: id of the cloudspace
        :param machineId: id of the machine, all rules of cloudspace will be listed if set to None
        """
        machine = None
        if machineId:
            machineId = int(machineId)
            machine = self.models.vmachine.get(machineId)

        def getIP():
            if machine:
                for nic in machine.nics:
                    if nic.ipAddress != "Undefined":
                        return nic.ipAddress
            return None

        localip = getIP()
        if machine and not localip:
            return []
        cloudspaceId = int(cloudspaceId)
        cloudspace = self.models.cloudspace.get(cloudspaceId)
        fw = self.netmgr.fw_list(cloudspace.gid, cloudspaceId)
        if len(fw) == 0:
            raise exceptions.NotFound(
                "Incorrect cloudspace or there is no corresponding gateway"
            )
        fw_id = fw[0]["guid"]
        fw_gid = fw[0]["gid"]
        forwards = self.netmgr.fw_forward_list(fw_id, fw_gid, localip)
        return self._process_list(forwards, cloudspaceId)
Exemplo n.º 10
0
    def addUser(self, machineId, username, accesstype, **kwargs):
        """
        Give a user access rights.
        Access rights can be 'R' or 'W'
        param:machineId id of the machine
        param:username id of the user to give access or emailaddress to invite an external user
        param:accesstype 'R' for read only access, 'W' for Write access
        result bool
        """
        machineId = self._checkMachine(machineId)
        machineId = machineId['id']
        user = self.cb.checkUser(username, activeonly=False)

        vmachineacl = authenticator.auth().getVMachineAcl(machineId)
        if username in vmachineacl:
            updated = j.apps.cloudapi.machines.updateUser(
                machineId=machineId, userId=username, accesstype=accesstype)
            if not updated:
                raise exceptions.PreconditionFailed(
                    'User already has same access level to owning '
                    'account or cloudspace')
        if user:
            j.apps.cloudapi.machines.addUser(machineId=machineId,
                                             userId=username,
                                             accesstype=accesstype)
        else:
            raise exceptions.NotFound('User with username %s is not found' %
                                      username)

        return True
Exemplo n.º 11
0
    def getVFW(self, cloudspaceId, **kwargs):
        """
        Get VFW info
        param:cloudspaceId id of the cloudspace
        """
        cloudspaceId = int(cloudspaceId)
        if not self.models.cloudspace.exists(cloudspaceId):
            raise exceptions.NotFound("Cloudspace with id %s not found" %
                                      (cloudspaceId))

        cloudspace = self.models.cloudspace.get(cloudspaceId)
        fwid = "%s_%s" % (cloudspace.gid, cloudspace.networkId)

        if not self.vfwcl.virtualfirewall.exists(fwid):
            raise exceptions.BadRequest("Can't get VFW of %s cloudspace" %
                                        (cloudspace.status))

        network = self.vfwcl.virtualfirewall.get(fwid)
        network_obj = network.dump()

        if self.syscl.node.exists(network.nid):
            network_obj["nodename"] = self.syscl.node.get(network.nid).name
        else:
            network_obj["nodename"] = str(network.nid)

        try:
            if self.cb.netmgr.fw_check(network.guid, timeout=5):
                network_obj["status"] = "RUNNING"
            else:
                network_obj["status"] = "HALTED"
        except:
            network_obj["status"] = "UNKNOWN"

        return network_obj
Exemplo n.º 12
0
    def _addACE(
        self, accountId, userId, accesstype, userstatus="CONFIRMED", explicit=True
    ):
        """
        Add a new ACE to the ACL of the account

        :param accountId: id of the account
        :param userId: userid/email for registered users or emailaddress for unregistered users
        :param accesstype: 'R' for read only access, 'RCX' for Write and 'ARCXDU' for Admin
        :param userstatus: status of the user (CONFIRMED or INVITED)
        :return True if ACE was added successfully
        """
        accountId = int(accountId)
        if not self.models.account.exists(accountId):
            raise exceptions.NotFound("Account does not exist")

        self.cb.isValidRole(accesstype)
        account = self.models.account.get(accountId)
        for ace in account.acl:
            if ace.userGroupId == userId:
                raise exceptions.BadRequest(
                    "User already has access rights to this account"
                )

        acl = account.new_acl()
        acl.userGroupId = userId
        acl.type = "U"
        acl.right = accesstype
        acl.status = userstatus
        acl.explicit = explicit
        self.models.account.updateSearch(
            {"id": accountId}, {"$push": {"acl": acl.obj2dict()}}
        )
        return True
Exemplo n.º 13
0
    def _checkCloudspace(self, cloudspaceId):
        cloudspaces = self.models.cloudspace.search({"id": cloudspaceId})[1:]
        if not cloudspaces:
            raise exceptions.NotFound(
                "Cloud space with id %s does not exists" % cloudspaceId)

        return cloudspaces[0]
    def updateUser(self, username, password, emailaddress, groups, domain=None):
        users = self.osisuser.search({'id': username})[1:]
        if not users:
            raise exceptions.NotFound('Could not find user with the username: %s.' % username)
        else:
            user = self.osisuser.get(users[0]['guid'])

        if password:
            if not self._isValidPassword(password):
                raise exceptions.BadRequest("Password should have at least 8 characters and not "
                                            "more than 60 characters.")
            else:
                user.passwd = j.tools.hash.md5_string(password)

        if emailaddress and emailaddress != ['']:
            if not self._isValidEmailAddress(emailaddress[0]):
                raise exceptions.BadRequest('Email address %s is in an invalid format.'
                                            % emailaddress[0])
            if emailaddress != user.emails and self.osisuser.search({'emails': emailaddress})[1:]:
                raise exceptions.Conflict('Email address %s is already registered in the '
                                          'system with a different username.' % emailaddress[0])
            user.emails = emailaddress

        user.groups = groups

        if domain:
            user.domain = domain

        self.osisuser.set(user)
        return True
Exemplo n.º 15
0
 def limitInternetBandwith(self, cloudspaceId, rate, burst, **kwargs):
     """
     This will put a limit on the outgoing traffic on the public VIF of the VFW on the physical machine
     param:cloudspaceId Id of the cloudspace to limit
     param:reate maximum speeds in kilobytes per second, 0 means unlimited
     param:burst maximum speed in kilobytes per second, 0 means unlimited
     result bool
     """
     cloudspace = self.ccl.cloudspace.get(cloudspaceId)
     vfwid = "%s_%s" % (cloudspace.gid, cloudspace.networkId)
     if not self.vcl.virtualfirewall.exists(vfwid):
         raise exceptions.NotFound("VFW for cloudspace %s does not exists" %
                                   cloudspaceId)
     vfw = self.vcl.virtualfirewall.get(vfwid)
     self.cb.executeJumpscript(
         "cloudscalers",
         "limitpublicnet",
         gid=vfw.gid,
         nid=vfw.nid,
         args={
             "networkId": cloudspace.networkId,
             "rate": rate,
             "burst": burst
         },
     )
Exemplo n.º 16
0
    def resetVFW(self, cloudspaceId, resettype, targetNid=None, **kwargs):
        """
        Restore the virtual firewall of a cloudspace on an available firewall node
        param:cloudspaceId id of the cloudspace
        """
        cloudspaceId = int(cloudspaceId)
        if not self.models.cloudspace.exists(cloudspaceId):
            raise exceptions.NotFound("Cloudspace with id %s not found" %
                                      (cloudspaceId))

        if resettype not in ["factory", "restore"]:
            raise exceptions.BadRequest(
                "Invalid value {} for resettype".format(resettype))

        cloudspace = self.models.cloudspace.get(cloudspaceId)
        if cloudspace.status != resourcestatus.Cloudspace.DEPLOYED:
            raise exceptions.BadRequest(
                "Can not reset VFW which is not deployed please deploy instead."
            )

        self._destroyVFW(cloudspace.gid, cloudspaceId, deletemodel=False)
        fwid = "{}_{}".format(cloudspace.gid, cloudspace.networkId)

        # redeploy vfw
        self.cb.netmgr.fw_start(fwid, resettype, targetNid)
Exemplo n.º 17
0
    def addUser(self, accountId, userId, accesstype, explicit=True, **kwargs):
        """
        Give a registered user access rights

        :param accountId: id of the account
        :param userId: username or emailaddress of the user to grant access
        :param accesstype: 'R' for read only access, 'RCX' for Write and 'ARCXDU' for Admin
        :return True if user was added successfully
        """
        user = self.cb.checkUser(userId, activeonly=False)
        if not user:
            raise exceptions.NotFound("User is not registered on the system")
        else:
            # Replace email address with ID
            userId = user["id"]

        self._addACE(
            accountId, userId, accesstype, userstatus="CONFIRMED", explicit=explicit
        )
        try:
            j.apps.cloudapi.users.sendShareResourceEmail(
                user, "account", accountId, accesstype
            )
            return True
        except:
            self.deleteUser(accountId, userId, recursivedelete=False)
            raise
Exemplo n.º 18
0
 def addExternalIPS(self, externalnetworkId, startip, endip, **kwargs):
     """
     Add public ips to an existing range
     """
     if not self.models.externalnetwork.exists(externalnetworkId):
         raise exceptions.NotFound(
             "Could not find external network with id %s" %
             externalnetworkId)
     pool = self.models.externalnetwork.get(externalnetworkId)
     try:
         net = netaddr.IPNetwork("{}/{}".format(pool.network,
                                                pool.subnetmask))
         if netaddr.IPAddress(startip) not in net:
             raise exceptions.BadRequest(
                 "Start IP Addresses %s is not in subnet %s" %
                 (startip, net))
         if netaddr.IPAddress(endip) not in net:
             raise exceptions.BadRequest(
                 "End IP Addresses %s is not in subnet %s" % (endip, net))
     except netaddr.AddrFormatError as e:
         raise exceptions.BadRequest(e.message)
     ips = set(pool.ips)
     newset = {str(ip) for ip in netaddr.IPRange(startip, endip)}
     usedips = self._getUsedIPS(pool)
     duplicateips = usedips.intersection(newset)
     if duplicateips:
         raise exceptions.Conflict(
             "New range overlaps with existing deployed IP Addresses")
     ips.update(newset)
     pool.ips = list(ips)
     self.models.externalnetwork.set(pool)
     return True
Exemplo n.º 19
0
    def processor_restext(self, env, start_response, path, ctx=False):
        """
        rest processer gen 2 (not used by the original get code)
        """
        if ctx == False:
            raise RuntimeError("ctx cannot be empty")
        if not self.ws.isAdminFromCTX(ctx):
            raise exceptions.NotFound('Not Found')
        try:
            j.logger.log("Routing request to %s" % path, 9)

            def respond(contentType, msg):
                if contentType:
                    start_response('200 OK', [('Content-Type', contentType)])
                return msg

            success, message, params = self.restextPathProcessor(path)

            if not success:
                params["error"] = message
                return self.ws.raiseError(ctx, message)
            requestmethod = ctx.env['REQUEST_METHOD']
            paths = params['paths']
            appname = paths[0]
            model = paths[1]
            objectid = None
            if len(paths) > 2:
                objectid = int(paths[2])
                ctx.params['id'] = objectid

            osiscl = j.clients.osis.getCategory(self.ws.osis, appname, model)
            osismap = {
                'GET': ['get', 'list', 'search'],
                'POST': [''],
                'DELETE': ['delete']
            }

            if requestmethod == 'GET':
                result = self._handle_get(ctx, osiscl, objectid)
            elif requestmethod in ('POST', 'PUT'):
                result = self._handle_post(ctx, osiscl, objectid)
            elif requestmethod == 'DELETE':
                result = self._handle_delete(ctx, osiscl, objectid)
            else:
                start_response('405 Method not allowed',
                               [('Content-Type', 'text/html')])
                return 'Requested method is not allowed'

            ctx.fformat = 'jsonraw'
            contentType, result = self.ws.reformatOutput(ctx, result)
            return respond(contentType, result)
        except Exception as errorObject:
            eco = j.errorconditionhandler.parsePythonErrorObject(errorObject)
            if ctx == False:
                print("NO webserver context yet, serious error")
                eco.process()
                print(eco)
            else:
                return self.ws.raiseError(ctx, errorObject=eco)
Exemplo n.º 20
0
 def _getNode(self, id):
     id = int(id) if isinstance(id, str) else id
     if not isinstance(id, int):
         raise exceptions.BadRequest("Node id should be either string or integer")
     node = self.scl.node.searchOne({"id": id})
     if not node:
         raise exceptions.NotFound("Node with id %s not found" % id)
     return node
Exemplo n.º 21
0
 def restore(self, diskId, reason, **kwargs):
     disk = self.models.disk.searchOne({'id': diskId})
     if not disk or disk['status'] == resourcestatus.Disk.DESTROYED:
         raise exceptions.NotFound("Couldn't find disk with id: %s" % diskId)
     if disk['status'] != resourcestatus.Disk.TOBEDELETED:
         raise exceptions.BadRequest('Cannot restore an attached or non deleted disk')
     self.models.disk.updateSearch({'id': diskId}, {'$set': {'status': resourcestatus.Disk.CREATED, 'deletionTime': 0}})
     return True
Exemplo n.º 22
0
    def _getFirewallId(self, cloudspaceId):
        cloudspace = self.models.cloudspace.get(cloudspaceId)
        fw = self.netmgr.fw_list(cloudspace.gid, cloudspaceId)
        if len(fw) == 0:
            raise exceptions.NotFound(
                'Incorrect cloudspace or there is no corresponding gateway')

        return fw[0]['guid'], fw[0]['gid']
Exemplo n.º 23
0
 def _getStackFromNode(self, nid, gid):
     nid = nid if isinstance(nid, str) else str(nid)
     stack = self.models.stack.searchOne({
         "referenceId": nid,
         "gid": int(gid)
     })
     if not stack:
         raise exceptions.NotFound("ComputeNode with id %s not found" % id)
     return stack
Exemplo n.º 24
0
 def get(self, taskguid, **kwargs):
     task = self.redis.get('tasks.{}'.format(taskguid))
     greenlet = self.rest.tasks.get(taskguid)
     if task is None and greenlet is None:
         raise exceptions.NotFound("Task is not found")
     elif task is None and greenlet is not None:
         raise exceptions.BaseError(202, [], '')
     elif task is not None:
         return json.loads(task)
Exemplo n.º 25
0
    def _checkAccount(self, accountId):
        account = self.models.account.searchOne({"id": accountId})
        if not account:
            raise exceptions.NotFound("Account not found")

        if account["status"] == resourcestatus.Account.DESTROYED:
            raise exceptions.BadRequest("Specified account is destroyed")

        return account
Exemplo n.º 26
0
    def _checkAccount(self, accountId):
        account = self.models.account.searchOne({'id': accountId})
        if not account:
            raise exceptions.NotFound('Account not found')

        if account['status'] == resourcestatus.Account.DESTROYED:
            raise exceptions.BadRequest('Specified account is destroyed')

        return account
Exemplo n.º 27
0
 def rename(self, name, gid, **kwargs):
     location = next(iter(self.models.location.search({"gid": gid})[1:]),
                     None)
     if not location:
         raise exceptions.NotFound("Could not find location with gid %s" %
                                   gid)
     location["name"] = name
     self.models.location.set(location)
     return True
Exemplo n.º 28
0
    def get(self, diskId, **kwargs):
        """
        Get disk details

        :param diskId: id of the disk
        :return: dict with the disk details
        """
        if not self.models.disk.exists(diskId):
            raise exceptions.NotFound("Can not find disk with id %s" % diskId)
        return self.models.disk.get(diskId).dump()
Exemplo n.º 29
0
    def delete(self, username, **kwargs):
        """
        Delete the user from all ACLs and set user status to inactive

        :param username: username of the user to delete
        :return: True if deletion was successful
        """
        user = self.cb.checkUser(username)
        if not user:
            raise exceptions.NotFound("User with name %s does not exists" % username)
        else:
            userobj = self.syscl.user.get(user['id'])

        query = {'acl.userGroupId': username, 'acl.type': 'U'}
        # Delete user from all accounts, if account status is Destoryed then delete without
        # further validation
        accountswiththisuser = self.models.account.search(query)[1:]
        for account in accountswiththisuser:
            if account['status'] in ['DESTROYED', 'DESTROYING']:
                # Delete immediately without further checks
                accountobj = self.models.account.get(account['guid'])
                accountobj.acl = filter(lambda a: a.userGroupId != username, accountobj.acl)
                self.models.account.set(accountobj)
            else:
                try:
                    j.apps.cloudbroker.account.deleteUser(accountId=account['id'], username=username,
                                                                  recursivedelete=True)
                except HTTPError as ex:
                    if ex.status_code == 400 and ex.msg.count('is the last admin on the account'):
                        raise exceptions.BadRequest(ex.msg)
                    else:
                        raise

        # Delete user from cloudspaces
        cloudspaceswiththisuser = self.models.cloudspace.search(query)[1:]
        for cloudspace in cloudspaceswiththisuser:
            j.apps.cloudbroker.cloudspace.deleteUser(cloudspaceId=cloudspace['id'],
                                                     username=username, recursivedelete=True)
        # Delete user from vmachines
        machineswiththisuser = self.models.vmachine.search(query)[1:]
        for machine in machineswiththisuser:
            j.apps.cloudbroker.machine.deleteUser(machineId=machine['id'], username=username)

        # Set the user to inactive
        userobj.active = False
        gid = userobj.gid
        uid = userobj.id
        userobj.id = 'DELETED_%i_%s' % (time.time(), uid)
        userobj.guid = '%s_DELETED_%i_%s' % (gid, time.time(), uid)
        userobj.protected = False
        self.syscl.user.delete(uid)
        self.syscl.user.set(userobj)
        self.syscl.sessioncache.deleteSearch({'user': uid})

        return True
Exemplo n.º 30
0
 def refreshCommand(self, nid, cmd, **kwargs):
     if not self.scl.node.exists(nid):
         raise exceptions.NotFound("Could find not with id %s" % nid)
     node = self.scl.node.get(nid)
     org, name = cmd.split('_', 1)
     self.acl.executeJumpscript(org,
                                name,
                                nid=nid,
                                gid=node.gid,
                                wait=False)
     return "Scheduled reload of command"