Exemplo n.º 1
0
def get_images_list():
    """Return list of images visible for given condigions.

    If g.tenant_id is not set it is admin blueprint.
    We have to show only images owned by systenant, which are also
    public (can be protected as well (we set it so, but other tools can
    change this attribute or set it to a wrong value from the beginning).

    If g.tenant_id is set it is project blueprint.
    We have to show the same images as for admin blueprint _and_
    images owned by current project (attribute "owner" must be equal to
    g.tenant_id) no matter if image is public/protected.
    NOTE(apugachev):
    Currently for some reason Glance does not return list of images owned
    by tenant with id '1' even if they are public - if they are requested
    through token issued for some other project then '1'.

    That's why we combine image lists here in case if list is for project.
    """
    admin_id = clients.get_systenant_id()
    is_global = lambda x: x.owner == admin_id and x.is_public
    result = filter(
        is_global,
        clients.admin_clients().glance.images.list())
    if getattr(flask.g, 'tenant_id', None):
        result.extend(filter(
            lambda x: x.owner == flask.g.tenant_id and x not in result,
            clients.user_clients(flask.g.tenant_id).glance.images.list()))
    result = sorted(result, key=lambda x: x.name)
    return result
Exemplo n.º 2
0
def index():
    """List users.

    TODO(apugachev): find way to count users without fetching all users.
    This would allow to use marker and limit to fetch one page only.
    """
    identity_admin = clients.admin_clients().identity_admin
    users = sorted(
        identity_admin.users.list(limit=1000000),
        key=lambda x: x.name)
    p = pagination.Pagination(users)
    data = p.slice(users)
    potential_admins = set([
        user.id
        for user in (identity_admin.users.list(clients.get_systenant_id()))])
    for user in data:
        # TODO(apugachev) modify to work with form.DeleteUser
        form = forms.DeleteUserForm()
        form.user_id.data = user.id
        user.delete_form = form
        if user.id in potential_admins:
            for role in (identity_admin.roles.
                         roles_for_user(user.id)):
                if clients.role_tenant_is_admin(role):
                    user.is_global_admin = True
                    break
    return {
        'pagination': p,
        'data': data,
        'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
        'subtitle': 'List of users'
    }
Exemplo n.º 3
0
def index():
    """List users.

    TODO(apugachev): find way to count users without fetching all users.
    This would allow to use marker and limit to fetch one page only.
    """
    identity_admin = clients.admin_clients().identity_admin
    users = sorted(identity_admin.users.list(limit=1000000),
                   key=lambda x: x.name)
    p = pagination.Pagination(users)
    data = p.slice(users)
    potential_admins = set([
        user.id
        for user in (identity_admin.users.list(clients.get_systenant_id()))
    ])
    for user in data:
        # TODO(apugachev) modify to work with form.DeleteUser
        form = forms.DeleteUserForm()
        form.user_id.data = user.id
        user.delete_form = form
        if user.id in potential_admins:
            for role in (identity_admin.roles.roles_for_user(user.id)):
                if clients.role_tenant_is_admin(role):
                    user.is_global_admin = True
                    break
    return {
        'pagination': p,
        'data': data,
        'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
        'subtitle': 'List of users'
    }
Exemplo n.º 4
0
def get_images_list():
    """Return list of images visible for given condigions.

    If g.tenant_id is not set it is admin blueprint.
    We have to show only images owned by systenant, which are also
    public (can be protected as well (we set it so, but other tools can
    change this attribute or set it to a wrong value from the beginning).

    If g.tenant_id is set it is project blueprint.
    We have to show the same images as for admin blueprint _and_
    images owned by current project (attribute "owner" must be equal to
    g.tenant_id) no matter if image is public/protected.
    NOTE(apugachev):
    Currently for some reason Glance does not return list of images owned
    by tenant with id '1' even if they are public - if they are requested
    through token issued for some other project then '1'.

    That's why we combine image lists here in case if list is for project.
    """
    admin_id = clients.get_systenant_id()
    is_global = lambda x: x.owner == admin_id and x.is_public
    result = filter(is_global, clients.admin_clients().glance.images.list())
    if getattr(flask.g, 'tenant_id', None):
        result.extend(
            filter(
                lambda x: x.owner == flask.g.tenant_id and x not in result,
                clients.user_clients(flask.g.tenant_id).glance.images.list()))
    result = sorted(result, key=lambda x: x.name)
    return result
Exemplo n.º 5
0
Arquivo: utils.py Projeto: altai/focus
def get_visible_tenants():
    """Return visible tenants.

    Exclude systenants and tenants which are not enabled.
    """
    systenant_id = clients.get_systenant_id()
    return filter(lambda x: x.enabled and x.id != systenant_id,
                  clients.admin_clients().keystone.tenants.list())
Exemplo n.º 6
0
Arquivo: utils.py Projeto: altai/focus
def get_visible_tenants():
    """Return visible tenants.

    Exclude systenants and tenants which are not enabled.
    """
    systenant_id = clients.get_systenant_id()
    return filter(
        lambda x: x.enabled and x.id != systenant_id,
        clients.admin_clients().keystone.tenants.list())
Exemplo n.º 7
0
def revoke_admin(user_id):
    """Revoke admin permission.

    Remove admin role in admin tenant (aka systenant).

    TODO(apugachev): convert to POST
    TODO(apugachev): add form to plug in the CSRF protection
    """
    clients.admin_clients().keystone.roles.remove_user_role(
        user_id, clients.get_role_id("admin"), clients.get_systenant_id())
    flask.flash('Admin role removed', 'success')
    return flask.redirect(flask.url_for('.index'))
Exemplo n.º 8
0
def billing_details(tenant_id):
    '''
    Present billing info for tenant.
    '''
    tenant_list = clients.user_clients(
        clients.get_systenant_id()).identity_admin.tenants.list()
    tenant = filter(lambda x: x.id == tenant_id, tenant_list)
    if not tenant:
        flask.abort(404)
    tenant = tenant[0]
    return generic_billing.generic_billing(
        tenant, flask.g.user, tenant_list)
Exemplo n.º 9
0
 def delete(image_id):
     image = clients.admin_clients().glance.images.get(image_id)
     owner = getattr(image, 'owner')
     if owner == clients.get_systenant_id():
         principal.Permission(('role', 'admin')).test()
     else:
         principal.Permission(('role', 'member', owner)).test()
     form = forms.DeleteForm()
     if form.validate_on_submit():
         image.delete()
         flask.flash('Image successfully deleted', 'success')
     else:
         flask.flash('Invalid form', 'error')
     return flask.redirect(flask.url_for('.index'))
Exemplo n.º 10
0
def revoke_admin(user_id):
    """Revoke admin permission.

    Remove admin role in admin tenant (aka systenant).

    TODO(apugachev): convert to POST
    TODO(apugachev): add form to plug in the CSRF protection
    """
    clients.admin_clients().keystone.roles.remove_user_role(
        user_id,
        clients.get_role_id("admin"),
        clients.get_systenant_id())
    flask.flash('Admin role removed', 'success')
    return flask.redirect(flask.url_for('.index'))
Exemplo n.º 11
0
 def delete(image_id):
     image = clients.admin_clients().glance.images.get(image_id)
     owner = getattr(image, 'owner')
     if owner == clients.get_systenant_id():
         principal.Permission(('role', 'admin')).test()
     else:
         principal.Permission(('role', 'member', owner)).test()
     form = forms.DeleteForm()
     if form.validate_on_submit():
         image.delete()
         flask.flash('Image successfully deleted', 'success')
     else:
         flask.flash('Invalid form', 'error')
     return flask.redirect(flask.url_for('.index'))
Exemplo n.º 12
0
def billing():
    '''
    Define tenant to show and redirect there.

    Not every billing account points to an existing tenants.
    '''
    def out(tenant_id):
        return flask.redirect(
            flask.url_for(
                '.billing_details',
                tenant_id=tenant_id))
    billing_accounts = clients.admin_clients().billing.account.list()
    tenants = clients.admin_clients().keystone.tenants.list()
    for n in billing_accounts:
        for k in tenants:
            if n['name'] == k.id:
                return out(k.id)
    return out(clients.get_systenant_id())
Exemplo n.º 13
0
    def register_in_keystone():
        """
        """
        try:
            new_keystone_user = clients.admin_clients().keystone.users.create(
                username, password, email)

            if role != 'user':
                all_roles = clients.admin_clients().keystone.roles.list()
                for r in all_roles:
                    if r.name.lower() == role.lower():
                        clients.admin_clients().keystone.roles.add_user_role(
                            new_keystone_user, r,
                            tenant=clients.get_systenant_id()
                        )
                        break
                else:
                    flask.current_app.logger(
                        'Matching Keystone role for %s nto found.' % role.lower(), 
                        'error')
            return new_keystone_user
        except Exception, e:
            raise Exception("Registration fail", e.message)
Exemplo n.º 14
0
    def register_in_keystone():
        """
        """
        try:
            new_keystone_user = clients.admin_clients().keystone.users.create(
                username, password, email)

            if role != 'user':
                all_roles = clients.admin_clients().keystone.roles.list()
                for r in all_roles:
                    if r.name.lower() == role.lower():
                        clients.admin_clients().keystone.roles.add_user_role(
                            new_keystone_user,
                            r,
                            tenant=clients.get_systenant_id())
                        break
                else:
                    flask.current_app.logger(
                        'Matching Keystone role for %s nto found.' %
                        role.lower(), 'error')
            return new_keystone_user
        except Exception, e:
            raise Exception("Registration fail", e.message)
Exemplo n.º 15
0
 def get_tenant_id():
     return getattr(flask.g, 'tenant_id', clients.get_systenant_id())
Exemplo n.º 16
0
 def get_tenant_id():
     return getattr(flask.g, 'tenant_id', clients.get_systenant_id())
Exemplo n.º 17
0
 def is_non_admin(tenant):
     return tenant.id != \
         clients.get_systenant_id()
Exemplo n.º 18
0
 def is_non_admin(tenant):
     return tenant.id != \
         clients.get_systenant_id()