Exemplo n.º 1
0
def o_callback_authorize(request):
    logger.info(request.__dict__)
    if 'code' not in request.GET:
        logger.info(request.__dict__)
        #TODO - Maybe: Redirect into a login
        return HttpResponse("")
    oauth_client = get_cas_oauth_client()
    oauth_code = request.GET['code']
    #Exchange code for ticket
    access_token, expiry_date = oauth_client.get_access_token(oauth_code)
    if not access_token:
        logger.info(
            "The Code %s is invalid/expired. Attempting another login." %
            oauth_code)
        return o_login_redirect(request)
    #Exchange token for profile
    user_profile = oauth_client.get_profile(access_token)
    if not user_profile or "id" not in user_profile:
        logger.error("AccessToken is producing an INVALID profile!"
                     " Check the CAS server and caslib.py for more"
                     " information.")
        #NOTE: Make sure this redirects the user OUT of the loop!
        return login(request)
    #ASSERT: A valid OAuth token gave us the Users Profile.
    # Now create an AuthToken and return it
    username = user_profile["id"]
    auth_token = obtainOAuthToken(username, access_token, expiry_date)
    #Set the username to the user to be emulated
    #to whom the token also belongs
    request.session['username'] = username
    request.session['token'] = auth_token.key
    logger.info("Returning user - %s - to application " % username)
    logger.info(request.session.__dict__)
    logger.info(request.user)
    return HttpResponseRedirect(settings.REDIRECT_URL + "/application/")
def _get_cached(key, data_method, scrub_method, force=False):
    try:
        r = redis_connection()
        if force:
            _invalidate(key)
        data = r.get(key)
    except redis.exceptions.ConnectionError:
        logger.error(
            "EXTERNAL SERVICE redis-server IS NOT RUNNING! "
            "Somebody should turn it on!"
        )
        data = None
    if not data:
        data = data_method()
        scrub_method(data)
        logger.debug(
            "Updated redis({0}) using {1} and {2}".format(
                key, data_method, scrub_method
            )
        )
        r.set(key, pickle.dumps(data))
        r.expire(key, 30)
        return data
    logger.debug("Actual type {0}".format(type(data)))
    return pickle.loads(data)
Exemplo n.º 3
0
    def put(self, request, provider_id, identity_id, machine_id):
        """
        TODO: Determine who is allowed to edit machines besides
            core_machine.owner
        """
        user = request.user
        data = request.DATA
        esh_driver = prepare_driver(request, provider_id, identity_id)
        if not esh_driver:
            return invalid_creds(provider_id, identity_id)
        esh_machine = esh_driver.get_machine(machine_id)
        core_machine = convert_esh_machine(esh_driver, esh_machine,
                                           provider_id)

        if not user.is_staff\
           and user is not core_machine.application.created_by:
            logger.error('Non-staff/non-owner trying to update a machine')
            return failure_response(
                status.HTTP_401_UNAUTHORIZED,
                'Only Staff and the machine Owner ' +
                'are allowed to change machine info.')
        core_machine.application.update(data)
        serializer = ProviderMachineSerializer(core_machine,
                                               data=data,
                                               partial=True)
        if serializer.is_valid():
            logger.info('metadata = %s' % data)
            update_machine_metadata(esh_driver, esh_machine, data)
            serializer.save()
            logger.info(serializer.data)
            return Response(serializer.data)
        return failure_response(status.HTTP_400_BAD_REQUEST, serializer.errors)
Exemplo n.º 4
0
def deploy_failed(task_uuid, driverCls, provider, identity, instance_id,
                  **celery_task_args):
    from core.models.instance import Instance
    from core.email import send_deploy_failed_email
    try:
        logger.debug("deploy_failed task started at %s." % datetime.now())
        logger.info("task_uuid=%s" % task_uuid)
        result = app.AsyncResult(task_uuid)
        with allow_join_result():
            exc = result.get(propagate=False)
        err_str = "DEPLOYERROR::%s" % (result.traceback, )
        logger.error(err_str)
        driver = get_driver(driverCls, provider, identity)
        instance = driver.get_instance(instance_id)
        update_instance_metadata(driver,
                                 instance,
                                 data={'tmp_status': 'deploy_error'},
                                 replace=False)
        #Send deploy email
        core_instance = Instance.objects.get(provider_alias=instance_id)
        send_deploy_failed_email(core_instance, err_str)
        logger.debug("deploy_failed task finished at %s." % datetime.now())
    except Exception as exc:
        logger.warn(exc)
        deploy_failed.retry(exc=exc)
Exemplo n.º 5
0
def get_default_identity(username, provider=None):
    """
    Return the default identity given to the user-group for provider.
    """
    try:
        filter_query = {}
        if provider:
            filter_query['provider'] = provider
        from core.models.group import GroupMembership
        memberships = GroupMembership.objects.filter(
            user__username=username).prefetch_related('group')
        for membership in memberships:
            group = membership.group
            identities = group.current_identities.filter(**filter_query)
            if group and identities.count() > 0:
                default_identity = identities.first()
                logger.debug("default_identity set to %s " % default_identity)
                return default_identity
        # No identities found for any group
        if settings.AUTO_CREATE_NEW_ACCOUNTS:
            new_identities = create_new_accounts(username,
                                                 selected_provider=provider)
            if new_identities:
                return new_identities[0]
            logger.error(
                "%s has no identities. Functionality will be severely limited."
                % username)
            return None
    except Exception as e:
        logger.exception(e)
        return None
Exemplo n.º 6
0
def o_callback_authorize(request):
    logger.info(request.__dict__)
    if 'code' not in request.GET:
        logger.info(request.__dict__)
        #TODO - Maybe: Redirect into a login
        return HttpResponse("")
    oauth_client = get_cas_oauth_client()
    oauth_code = request.GET['code']
    #Exchange code for ticket
    access_token, expiry_date = oauth_client.get_access_token(oauth_code)
    if not access_token:
        logger.info("The Code %s is invalid/expired. Attempting another login."
                    % oauth_code)
        return o_login_redirect(request)
    #Exchange token for profile
    user_profile = oauth_client.get_profile(access_token)
    if not user_profile or "id" not in user_profile:
        logger.error("AccessToken is producing an INVALID profile!"
                     " Check the CAS server and caslib.py for more"
                     " information.")
        #NOTE: Make sure this redirects the user OUT of the loop!
        return login(request)
    #ASSERT: A valid OAuth token gave us the Users Profile.
    # Now create an AuthToken and return it
    username = user_profile["id"]
    auth_token = obtainOAuthToken(username, access_token, expiry_date)
    #Set the username to the user to be emulated
    #to whom the token also belongs
    request.session['username'] = username
    request.session['token'] = auth_token.key
    logger.info("Returning user - %s - to application "
                % username)
    logger.info(request.session.__dict__)
    logger.info(request.user)
    return HttpResponseRedirect(settings.REDIRECT_URL+"/application/")
Exemplo n.º 7
0
def get_default_provider(username):
    """
    Return default provider given 
    """
    try:
        from core.models.group import get_user_group
        group = get_user_group(username)
        provider = group.providers.filter(Q(end_date=None)
                                          | Q(end_date__gt=timezone.now()),
                                          active=True,
                                          type__name="OpenStack")
        if provider:
            provider = provider[0]
        else:
            logger.error("get_default_provider could not find "
                         "a valid Provider")
            return None
        logger.debug("default provider is %s " % provider)
        return provider
    except IndexError:
        logger.info("No provider found for %s" % username)
        return None
    except Exception, e:
        logger.exception(e)
        return None
Exemplo n.º 8
0
def get_default_provider(username):
    """
    Return default provider given
    """
    try:
        from core.models.group import get_user_group
        from core.models.provider import Provider
        group = get_user_group(username)
        provider_ids = group.current_identities.values_list(
            'provider',
            flat=True)
        provider = Provider.objects.filter(
            id__in=provider_ids,
            type__name="OpenStack")
        if provider:
            logger.debug("get_default_provider selected a new "
                         "Provider for %s: %s" % (username, provider))
            provider = provider[0]
        else:
            logger.error("get_default_provider could not find a new "
                         "Provider for %s" % (username,))
            return None
        return provider
    except Exception as e:
        logger.exception("get_default_provider encountered an error "
                         "for %s" % (username,))
        return None
Exemplo n.º 9
0
    def put(self, request, provider_id, identity_id, machine_id):
        """
        TODO: Determine who is allowed to edit machines besides
            core_machine.owner
        """
        user = request.user
        data = request.DATA
        esh_driver = prepare_driver(request, provider_id, identity_id)
        if not esh_driver:
            return invalid_creds(provider_id, identity_id)
        esh_machine = esh_driver.get_machine(machine_id)
        core_machine = convert_esh_machine(esh_driver, esh_machine, provider_id)

        if not user.is_staff\
           and user is not core_machine.application.created_by:
            logger.error('Non-staff/non-owner trying to update a machine')
            return failure_response(
                status.HTTP_401_UNAUTHORIZED,
                'Only Staff and the machine Owner '
                + 'are allowed to change machine info.')
        core_machine.application.update(data)
        serializer = ProviderMachineSerializer(core_machine,
                                               data=data, partial=True)
        if serializer.is_valid():
            logger.info('metadata = %s' % data)
            update_machine_metadata(esh_driver, esh_machine, data)
            serializer.save()
            logger.info(serializer.data)
            return Response(serializer.data)
        return failure_response(
            status.HTTP_400_BAD_REQUEST,
            serializer.errors)
Exemplo n.º 10
0
def get_default_identity(username, provider=None):
    """
    Return the default identity given to the user-group for provider.
    """
    try:
        from core.models.group import get_user_group
        group = get_user_group(username)
        identities = group.identities.all()
        if provider:
            if provider.is_active():
                identities = identities.filter(provider=provider)
                return identities[0]
            else:
                logger.error("Provider provided for "
                             "get_default_identity is inactive.")
                raise "Inactive Provider provided for get_default_identity "
        else:
            default_provider = get_default_provider(username)
            default_identity = group.identities.filter(
                provider=default_provider)
            if not default_identity:
                logger.error("User %s has no identities on Provider %s" % (username, default_provider))
                raise "No Identities on Provider %s for %s" % (default_provider,username)
            #Passing
            default_identity = default_identity[0]
            logger.debug(
                "default_identity set to %s " %
                default_identity)
            return default_identity
    except Exception as e:
        logger.exception(e)
        return None
Exemplo n.º 11
0
    def get(self, request, username):
        """
        Create a new token in the database on behalf of 'username'
        Returns success 201 Created - Body is JSON and contains
        """
        user = request.user
        if not username:
            return Response("Username was not provided",
                            status=status.HTTP_400_BAD_REQUEST)
        if user.username is not 'admin' and not user.is_superuser:
            logger.error("URGENT! User: %s is attempting to emulate a user!"
                         % user.username)
            return Response("Only admin and superusers can emulate accounts. "
                            "This offense has been reported",
                            status=status.HTTP_401_UNAUTHORIZED)
        if not AtmosphereUser.objects.filter(username=username):
            return Response("Username %s does not exist as an AtmosphereUser"
                            % username, status=status.HTTP_404_NOT_FOUND)

        # User is authenticated, username exists. Make a token for them.
        user_to_emulate = AtmosphereUser.objects.get_by_natural_key(username)
        token = get_or_create_token(user_to_emulate, issuer="DRF-EmulatedUser")
        expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
        auth_json = {
            # Extra data passed only on emulation..
            "emulator": request.user.username,
            # Normal token data..
            "token": token.key,
            "username": token.user.username,
            "expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
        }
        return Response(auth_json, status=status.HTTP_201_CREATED)
Exemplo n.º 12
0
def deploy_init_to(driverCls, provider, identity, instance_id,
                   username=None, password=None, redeploy=False,
                   *args, **kwargs):
    try:
        logger.debug("deploy_init_to task started at %s." % datetime.now())
        driver = get_driver(driverCls, provider, identity)
        instance = driver.get_instance(instance_id)
        if not instance:
            logger.debug("Instance has been teminated: %s." % instance_id)
            return
        image_metadata = driver._connection\
                               .ex_get_image_metadata(instance.machine)
        deploy_chain = get_deploy_chain(driverCls, provider, identity,
                                        instance, username, password, redeploy)
        deploy_chain.apply_async()
        #Can be really useful when testing.
        #if kwargs.get('delay'):
        #    async.get()
        logger.debug("deploy_init_to task finished at %s." % datetime.now())
    except SystemExit:
        logger.exception("System Exits are BAD! Find this and get rid of it!")
        raise Exception("System Exit called")
    except NonZeroDeploymentException as non_zero:
        logger.error(str(non_zero))
        logger.error(non_zero.__dict__)
        raise
    except Exception as exc:
        logger.warn(exc)
        deploy_init_to.retry(exc=exc)
Exemplo n.º 13
0
def get_default_identity(username, provider=None):
    """
    Return the default identity given to the user-group for provider.
    """
    try:
        from core.models.group import get_user_group
        group = get_user_group(username)
        identities = group.identities.all()
        if provider:
            if provider.is_active():
                identities = identities.filter(provider=provider)
                return identities[0]
            else:
                logger.error("Provider provided for "
                             "get_default_identity is inactive.")
                raise("Provider provided for get_default_identity "
                      "is inactive.")
        else:
            default_provider = get_default_provider(username)
            default_identity = group.identities.filter(
                provider=default_provider)[0]
            logger.debug(
                "default_identity set to %s " %
                default_identity)
            return default_identity
    except Exception, e:
        logger.exception(e)
        return None
Exemplo n.º 14
0
 def delete(self,
            request,
            provider_id,
            identity_id,
            group_name,
            format=None):
     """
     Unshare the identity
     """
     try:
         identity = Identity.objects.get(id=identity_id)
     except Identity.DoesNotExist:
         return failure_response(status.HTTP_404_NOT_FOUND,
                                 "Identity does not exist.")
     if not identity.can_share(user):
         logger.error("User %s cannot remove sharing from identity %s. " +
                      "This incident will be reported" %
                      (user, identity_id))
         return failure_response(
             status.HTTP_401_UNAUTHORIZED,
             "User %s cannot remove sharing from identity %s. " +
             "This incident will be reported" % (user, identity_id))
     group = Group.objects.get(name=group_name)
     id_member = identity.unshare(group)
     serializer = IdentitySerializer(id_member.identity)
     serialized_data = serializer.data
     return Response(serialized_data)
Exemplo n.º 15
0
def get_default_provider(username):
    """
    Return default provider given
    """
    try:
        from core.models.group import get_user_group
        from core.models.provider import Provider
        group = get_user_group(username)
        provider_ids = group.current_identities.values_list('provider',
                                                            flat=True)
        provider = Provider.objects.filter(id__in=provider_ids,
                                           type__name="OpenStack")
        if provider:
            logger.debug("get_default_provider selected a new "
                         "Provider for %s: %s" % (username, provider))
            provider = provider[0]
        else:
            logger.error("get_default_provider could not find a new "
                         "Provider for %s" % (username, ))
            return None
        return provider
    except Exception as e:
        logger.exception("get_default_provider encountered an error "
                         "for %s" % (username, ))
        return None
Exemplo n.º 16
0
    def validate_input(self, user, data):
        error_map = {}

        name = data.get('name')
        identity_uuid = data.get('identity')
        source_alias = data.get('source_alias')
        size_alias = data.get('size_alias')
        if not name:
            error_map['name'] = "This field is required."
        if not identity_uuid:
            error_map['identity'] = "This field is required."
        if not source_alias:
            error_map['source_alias'] = "This field is required."
        if not size_alias:
            error_map['size_alias'] = "This field is required."

        if error_map:
            raise Exception(error_map)

        try:
            identity = Identity.objects.get(uuid=identity_uuid)
            # Staff or owner ONLY
            if not user.is_staff and identity.created_by != user:
                logger.error(
                    "User %s does not have permission to use identity %s" %
                    (user, identity))
                raise Identity.DoesNotExist("You are not the owner")
        except Identity.DoesNotExist:
            error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
            raise Exception(error_map)
        return
Exemplo n.º 17
0
def send_email(subject,
               body,
               from_email,
               to,
               cc=None,
               fail_silently=False,
               html=False):
    """ Use django.core.mail.EmailMessage to send and log an Atmosphere email.
    """
    try:
        msg = EmailMessage(subject=subject,
                           body=body,
                           from_email=from_email,
                           to=to,
                           cc=cc)
        if html:
            msg.content_subtype = 'html'
        msg.send(fail_silently=fail_silently)
        email_logger.info("Email Sent." +
                          "From:%s\nTo:%sCc:%s\nSubject:%s\nBody:\n%s" %
                          (from_email, to, cc, subject, body))
        return True
    except Exception as e:
        logger.error(e)
        return False
Exemplo n.º 18
0
 def delete(self, request, provider_id,
            identity_id, group_name, format=None):
     """
     Unshare the identity
     """
     try:
         identity = Identity.objects.get(id=identity_id)
     except Identity.DoesNotExist:
         return failure_response(
             status.HTTP_404_NOT_FOUND,
             "Identity does not exist.")
     if not identity.can_share(user):
         logger.error("User %s cannot remove sharing from identity %s. "
                      + "This incident will be reported"
                      % (user, identity_id))
         return failure_response(
             status.HTTP_401_UNAUTHORIZED,
             "User %s cannot remove sharing from identity %s. "
             + "This incident will be reported"
             % (user, identity_id))
     group = Group.objects.get(name=group_name)
     id_member = identity.unshare(group)
     serializer = IdentitySerializer(id_member.identity)
     serialized_data = serializer.data
     return Response(serialized_data)
Exemplo n.º 19
0
 def post(self, request, provider_id, identity_id, format=None):
     """
     Create a new identity member (ADMINS & OWNERS GROUP LEADERS ONLY)
     """
     user = request.user
     data = request.DATA
     try:
         identity = Identity.objects.get(id=identity_id)
         group_name = data['group']
         group = Group.objects.get(name=group_name)
         prov_member = identity.provider.share(group)
         id_member = identity.share(group)
     except ObjectDoesNotExist as odne:
         return failure_response(
             status.HTTP_404_NOT_FOUND,
             '%s does not exist.' % odne.message.split()[0])
     if not identity.can_share(user):
         logger.error("User %s cannot share identity %s. "
                      + "This incident will be reported")
         return failure_response(
             status.HTTP_401_UNAUTHORIZED,
             "User %s cannot remove sharing from identity %s. "
             + "This incident will be reported"
             % (user, identity_id))
     serializer = IdentitySerializer(id_member.identity)
     serialized_data = serializer.data
     return Response(serialized_data)
Exemplo n.º 20
0
    def get(self, request, username):
        """
        Create a new token in the database on behalf of 'username'
        Returns success 201 Created - Body is JSON and contains
        """
        params = request.DATA
        user = request.user
        if user.username is not 'admin' and not user.is_superuser:
            logger.error("URGENT! User: %s is attempting to emulate a user!"
                         % user.username)
            return Response('Only admin and superusers can emulate accounts. '
                            'This offense has been reported',
                            status=status.HTTP_401_UNAUTHORIZED)
        if not AtmosphereUser.objects.filter(username=username):
            return Response("Username %s does not exist as an AtmosphereUser"
                            % username, status=status.HTTP_404_NOT_FOUND)

        #User is authenticated, username exists. Make a token for them.
        token = createAuthToken(username)
        expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
        auth_json = {
            #Extra data passed only on emulation..
            'emulated_by': request.user.username,
            #Normal token data..
            'token': token.key,
            'username': token.user.username,
            'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
        }
        return Response(auth_json, status=status.HTTP_201_CREATED)
Exemplo n.º 21
0
def get_default_provider(username):
    """
    Return default provider given 
    """
    try:
        from core.models.group import get_user_group
        group = get_user_group(username)
        provider = group.providers.filter(
            Q(end_date=None) | Q(end_date__gt=timezone.now()),
            active=True, type__name="OpenStack")
        if provider:
            provider = provider[0]
        else:
            logger.error("get_default_provider could not find "
                         "a valid Provider")
            return None
        logger.debug(
            "default provider is %s " % provider)
        return provider
    except IndexError:
        logger.info("No provider found for %s" % username)
        return None
    except Exception, e:
        logger.exception(e)
        return None
Exemplo n.º 22
0
    def validate_input(self, user, data):
        error_map = {}

        name = data.get('name')
        identity_uuid = data.get('identity')
        source_alias = data.get('source_alias')
        size_alias = data.get('size_alias')
        if not name:
            error_map['name'] = "This field is required."
        if not identity_uuid:
            error_map['identity'] = "This field is required."
        if not source_alias:
            error_map['source_alias'] = "This field is required."
        if not size_alias:
            error_map['size_alias'] = "This field is required."

        if error_map:
            raise Exception(error_map)

        try:
            identity = Identity.objects.get(uuid=identity_uuid)
            # Staff or owner ONLY
            if not user.is_staff and identity.created_by != user:
                logger.error("User %s does not have permission to use identity %s" % (user, identity))
                raise Identity.DoesNotExist("You are not the owner")
        except Identity.DoesNotExist:
            error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
            raise Exception(error_map)
        return
Exemplo n.º 23
0
def deploy_init_to(driverCls, provider, identity, instance_id,
                   username=None, password=None, redeploy=False,
                   *args, **kwargs):
    try:
        logger.debug("deploy_init_to task started at %s." % datetime.now())
        driver = get_driver(driverCls, provider, identity)
        instance = driver.get_instance(instance_id)
        if not instance:
            logger.debug("Instance has been teminated: %s." % instance_id)
            return
        image_metadata = driver._connection\
                               .ex_get_image_metadata(instance.machine)
        deploy_chain = get_deploy_chain(driverCls, provider, identity,
                                        instance, password, redeploy)
        logger.debug("Starting deploy chain for: %s." % instance_id)
        deploy_chain.apply_async()
        #Can be really useful when testing.
        #if kwargs.get('delay'):
        #    async.get()
        logger.debug("deploy_init_to task finished at %s." % datetime.now())
    except SystemExit:
        logger.exception("System Exits are BAD! Find this and get rid of it!")
        raise Exception("System Exit called")
    except NonZeroDeploymentException as non_zero:
        logger.error(str(non_zero))
        logger.error(non_zero.__dict__)
        raise
    except Exception as exc:
        logger.warn(exc)
        deploy_init_to.retry(exc=exc)
Exemplo n.º 24
0
def lookupEmail(userid):
    """
    Grabs email for the user based on LDAP attrs
    """
    try:
        logger.debug(type(userid))
        if isinstance(userid, WSGIRequest):
            raise Exception("WSGIRequest invalid.")
        attr = _search_ldap(userid)
        emailaddr = attr[0][1]["mail"][0]
        return emailaddr
    except Exception as e:
        logger.warn("Error occurred looking up email for user: %s" % userid)
        logger.exception(e)
        import traceback
        import sys
        import inspect

        s = inspect.stack()
        for i in range(0, 4):
            logger.debug(s[i])
        etype, value, tb = sys.exc_info()
        logger.error("TB = %s" % traceback.format_tb(tb))

        return None
Exemplo n.º 25
0
def mount_failed(task_uuid,
                 driverCls,
                 provider,
                 identity,
                 volume_id,
                 unmount=False,
                 **celery_task_args):
    try:
        logger.debug("mount_failed task started at %s." % datetime.now())
        logger.info("task_uuid=%s" % task_uuid)
        result = app.AsyncResult(task_uuid)
        with allow_join_result():
            exc = result.get(propagate=False)
        err_str = "Mount Error Traceback:%s" % (result.traceback, )
        logger.error(err_str)
        driver = get_driver(driverCls, provider, identity)
        volume = driver.get_volume(volume_id)
        if unmount:
            tmp_status = 'umount_error'
        else:
            tmp_status = 'mount_error'
        return volume_service.update_volume_metadata(
            driver, volume, metadata={'tmp_status': tmp_status})
        logger.debug("mount_failed task finished at %s." % datetime.now())
    except Exception as exc:
        logger.warn(exc)
        mount_failed.retry(exc=exc)
Exemplo n.º 26
0
    def get(self, request, username):
        """
        Create a new token in the database on behalf of 'username'
        Returns success 201 Created - Body is JSON and contains
        """
        params = request.data
        user = request.user
        if not username:
            return Response("Username was not provided",
                            status=status.HTTP_400_BAD_REQUEST)
        if user.username is not 'admin' and not user.is_superuser:
            logger.error("URGENT! User: %s is attempting to emulate a user!" %
                         user.username)
            return Response(
                "Only admin and superusers can emulate accounts. "
                "This offense has been reported",
                status=status.HTTP_401_UNAUTHORIZED)
        if not AtmosphereUser.objects.filter(username=username):
            return Response("Username %s does not exist as an AtmosphereUser" %
                            username,
                            status=status.HTTP_404_NOT_FOUND)

        # User is authenticated, username exists. Make a token for them.
        token = create_token(username, issuer="DRF-EmulatedUser")
        expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME
        auth_json = {
            # Extra data passed only on emulation..
            "emulator": request.user.username,
            # Normal token data..
            "token": token.key,
            "username": token.user.username,
            "expires": expireTime.strftime("%b %d, %Y %H:%M:%S")
        }
        return Response(auth_json, status=status.HTTP_201_CREATED)
Exemplo n.º 27
0
def get_default_identity(username, provider=None):
    """
    Return the default identity given to the user-group for provider.
    """
    try:
        from core.models.group import get_user_group
        group = get_user_group(username)
        identities = group.identities.all()
        if provider:
            if provider.is_active():
                identities = identities.filter(provider=provider)
                return identities[0]
            else:
                logger.error("Provider provided for "
                             "get_default_identity is inactive.")
                raise ("Provider provided for get_default_identity "
                       "is inactive.")
        else:
            default_provider = get_default_provider(username)
            default_identity = group.identities.filter(
                provider=default_provider)[0]
            logger.debug("default_identity set to %s " % default_identity)
            return default_identity
    except Exception, e:
        logger.exception(e)
        return None
Exemplo n.º 28
0
 def post(self, request, provider_id, identity_id, format=None):
     """
     Create a new identity member (ADMINS & OWNERS GROUP LEADERS ONLY)
     """
     user = request.user
     data = request.DATA
     try:
         identity = Identity.objects.get(id=identity_id)
         group_name = data['group']
         group = Group.objects.get(name=group_name)
         prov_member = identity.provider.share(group)
         id_member = identity.share(group)
     except ObjectDoesNotExist as odne:
         return failure_response(
             status.HTTP_404_NOT_FOUND,
             '%s does not exist.' % odne.message.split()[0])
     if not identity.can_share(user):
         logger.error("User %s cannot share identity %s. " +
                      "This incident will be reported")
         return failure_response(
             status.HTTP_401_UNAUTHORIZED,
             "User %s cannot remove sharing from identity %s. " +
             "This incident will be reported" % (user, identity_id))
     serializer = IdentitySerializer(id_member.identity)
     serialized_data = serializer.data
     return Response(serialized_data)
Exemplo n.º 29
0
def build_host_name(ip):
    """
    Build host name from the configuration in settings
    See:
    * INSTANCE_HOSTNAMING_FORMAT
    * INSTANCE_HOSTNAMING_DOMAIN (Required if you use `%(domain)s`)
    """
    # NOTE: This is a hack until we address 'provider specific' hostnaming
    if "114.5" in ip:
        return raw_hostname(ip)

    if not hasattr(settings, "INSTANCE_HOSTNAMING_FORMAT"):
        return raw_hostname(ip)
    if all((str_val not in settings.INSTANCE_HOSTNAMING_FORMAT) for str_val in ["one", "two", "three", "four"]):
        logger.error(
            "Invalid INSTANCE_HOSTNAMING_FORMAT: Expected string containing "
            "at least one of the IP octets. "
            "(ex:'vm%(three)s-%(four)s.%(domain)s')"
        )
    # IP --> octet_tuple (127,0,0,1)
    hostnaming_format_map = create_hostnaming_map(ip)
    try:
        return settings.INSTANCE_HOSTNAMING_FORMAT % hostnaming_format_map
    except (KeyError, TypeError) as exc:
        logger.error("Invalid INSTANCE_HOSTNAMING_FORMAT: %s" % exc)
Exemplo n.º 30
0
 def delete_subnet(self, neutron, subnet_name):
     subnet_id = self.get_subnet_id(neutron, subnet_name)
     if subnet_id:
         try:
             return neutron.delete_subnet(subnet_id)
         except:
             logger.error("Problem deleting subnet: %s" % subnet_id)
             raise
Exemplo n.º 31
0
 def delete_subnet(self, neutron, subnet_name):
     subnet_id = self.get_subnet_id(neutron, subnet_name)
     if subnet_id:
         try:
             return neutron.delete_subnet(subnet_id)
         except:
             logger.error("Problem deleting subnet: %s" % subnet_id)
             raise
Exemplo n.º 32
0
 def delete_network(self, neutron, network_name):
     network_id = self.get_network_id(neutron, network_name)
     if network_id:
         try:
             return neutron.delete_network(network_id)
         except:
             logger.error("Problem deleting network: %s" % network_id)
             raise
Exemplo n.º 33
0
 def delete_router(self, neutron, router_name):
     router_id = self.get_router_id(neutron, router_name)
     if router_id:
         try:
             return neutron.delete_router(router_id)
         except:
             logger.error("Problem deleting router: %s" % router_id)
             raise
Exemplo n.º 34
0
 def delete_network(self, neutron, network_name):
     network_id = self.get_network_id(neutron, network_name)
     if network_id:
         try:
             return neutron.delete_network(network_id)
         except:
             logger.error("Problem deleting network: %s" % network_id)
             raise
Exemplo n.º 35
0
 def delete_router(self, neutron, router_name):
     router_id = self.get_router_id(neutron, router_name)
     if router_id:
         try:
             return neutron.delete_router(router_id)
         except:
             logger.error("Problem deleting router: %s" % router_id)
             raise
Exemplo n.º 36
0
 def get_project(self, project_id):
     filtered_list = [
         p for p in self.get_all_projects()
         if str(p['id']) == str(project_id)]
     if len(filtered_list) > 1:
         logger.error(">1 value found for project %s" % project_id)
     if filtered_list:
         return filtered_list[0]
     return None
Exemplo n.º 37
0
 def get_config(self, section, config_key, default_value=None, raise_exc=True):
     try:
         value = self.cloud_config[section][config_key]
     except (KeyError, TypeError):
         logger.error("Cloud config ['%s']['%s'] is missing -- using default value (%s)" % (section, config_key, default_value))
         if not default_value and raise_exc:
             raise Exception("Cloud config ['%s']['%s'] is missing -- no default value provided" % (section, config_key))
         value = default_value
     return value
Exemplo n.º 38
0
 def get_allocation(self, allocation_name):
     filtered_list = [
         a for a in self.get_all_allocations()
         if str(a['project']) == str(allocation_name)]
     if len(filtered_list) > 1:
         logger.error(">1 value found for allocation %s" % allocation_name)
     if filtered_list:
         return filtered_list[0]
     return None
 def get_allocation(self, allocation_name):
     filtered_list = [
         a for a in self.get_all_allocations()
         if str(a['project']) == str(allocation_name)
     ]
     if len(filtered_list) > 1:
         logger.error(">1 value found for allocation %s" % allocation_name)
     if filtered_list:
         return filtered_list[0]
     return None
 def get_project(self, project_id):
     filtered_list = [
         p
         for p in self.get_all_projects() if str(p['id']) == str(project_id)
     ]
     if len(filtered_list) > 1:
         logger.error(">1 value found for project %s" % project_id)
     if filtered_list:
         return filtered_list[0]
     return None
Exemplo n.º 41
0
 def find_allocations_for(self, tacc_username):
     api_projects = self.find_projects_for(tacc_username)
     allocations = []
     for api_project in api_projects:
         api_allocation = select_valid_allocation(api_project['allocations'])
         if not api_allocation:
             logger.error("API shows no valid allocation exists for project %s" % api_project)
             continue
         allocations.append(api_allocation)
     return allocations
Exemplo n.º 42
0
def export_request_error(task_uuid, export_request_id):
    logger.info("export_request_id=%s" % export_request_id)
    logger.info("task_uuid=%s" % task_uuid)

    result = app.AsyncResult(task_uuid)
    with allow_join_result():
        exc = result.get(propagate=False)
    err_str = "ERROR - %r Exception:%r" % (result.result, result.traceback,)
    logger.error(err_str)
    export_request = ExportRequest.objects.get(id=export_request_id)
    export_request.status = err_str
    export_request.save()
Exemplo n.º 43
0
def get_application(identifier, app_uuid=None):
    if not app_uuid:
        app_uuid = uuid5(settings.ATMOSPHERE_NAMESPACE_UUID, str(identifier))
        app_uuid = str(app_uuid)
    try:
        app = Application.objects.get(uuid=app_uuid)
        return app
    except Application.DoesNotExist:
        return None
    except Exception, e:
        logger.error(e)
        logger.error(type(e))
 def find_allocations_for(self, tacc_username):
     api_projects = self.find_projects_for(tacc_username)
     allocations = []
     for api_project in api_projects:
         api_allocation = select_valid_allocation(api_project['allocations'])
         if not api_allocation:
             logger.error(
                 "API shows no valid allocation exists for project %s" %
                 api_project
             )
             continue
         allocations.append(api_allocation)
     return allocations
Exemplo n.º 45
0
def machine_request_error(task_uuid, machine_request_id):
    logger.info("machine_request_id=%s" % machine_request_id)
    logger.info("task_uuid=%s" % task_uuid)

    result = app.AsyncResult(task_uuid)
    with allow_join_result():
        exc = result.get(propagate=False)
    err_str = "ERROR - %r Exception:%r" % (result.result, result.traceback)
    logger.error(err_str)
    send_image_request_failed_email(machine_request, err_str)
    machine_request = MachineRequest.objects.get(id=machine_request_id)
    machine_request.status = err_str
    machine_request.save()
Exemplo n.º 46
0
def machine_request_error(task_uuid, machine_request_id):
    logger.info("machine_request_id=%s" % machine_request_id)
    logger.info("task_uuid=%s" % task_uuid)

    result = app.AsyncResult(task_uuid)
    exc = result.get(propagate=False)
    err_str = "ERROR - Exception:%r" % (result.traceback,)
    logger.error(err_str)
    max_len = MachineRequest._meta.get_field("status").max_length
    if len(err_str) > max_len:
        err_str = err_str[: max_len - 3] + "..."
    machine_request = MachineRequest.objects.get(id=machine_request_id)
    machine_request.status = err_str
    machine_request.save()
Exemplo n.º 47
0
    def _multi_create(
        self, user, identity_uuid, size_alias, source_alias, name, deploy,
        allocation_source, project, boot_scripts, extra
    ):
        """
        1. Launch multiple instances
        2. Serialize the launched instances
        3. Return a list of serialized instances
        """

        core_instances = launch_instance(
            user,
            identity_uuid,
            size_alias,
            source_alias,
            name,
            deploy,
            allocation_source=allocation_source,
            **extra
        )

        serialized_data = []

        # Serialize all instances launched
        for core_instance in core_instances:
            # Faking a 'partial update of nothing' to allow call to 'is_valid'
            serialized_instance = InstanceSerializer(
                core_instance,
                context={'request': self.request},
                data={},
                partial=True
            )
            if not serialized_instance.is_valid():
                logger.error(
                    "multi-instance-launch, serialized instance is invalid, {}".
                    format(serialized_instance)
                )
            instance = serialized_instance.save()
            instance.project = project
            instance.save()
            if boot_scripts:
                _save_scripts_to_instance(instance, boot_scripts)
            instance.change_allocation_source(allocation_source)

            # append to result
            serialized_data.append(serialized_instance.data)

        # return a list of instances in the response
        return Response(serialized_data, status=status.HTTP_201_CREATED)
Exemplo n.º 48
0
def export_request_error(task_uuid, export_request_id):
    logger.info("export_request_id=%s" % export_request_id)
    logger.info("task_uuid=%s" % task_uuid)

    result = app.AsyncResult(task_uuid)
    with allow_join_result():
        exc = result.get(propagate=False)
    err_str = "ERROR - %r Exception:%r" % (
        result.result,
        result.traceback,
    )
    logger.error(err_str)
    export_request = ExportRequest.objects.get(id=export_request_id)
    export_request.status = err_str
    export_request.save()
Exemplo n.º 49
0
def machine_request_error(task_uuid, machine_request_id):
    logger.info("machine_request_id=%s" % machine_request_id)
    logger.info("task_uuid=%s" % task_uuid)

    result = app.AsyncResult(task_uuid)
    with allow_join_result():
        exc = result.get(propagate=False)
    err_str = "ERROR - %r Exception:%r" % (
        result.result,
        result.traceback,
    )
    logger.error(err_str)
    machine_request = MachineRequest.objects.get(id=machine_request_id)
    machine_request.status = err_str
    machine_request.save()
Exemplo n.º 50
0
 def is_expired(self, user):
     ldap_user = lookupUser(user.username)
     if not ldap_user:
         logger.warn("Cannot contact LDAP -- Assume user is expired?")
         return True
     expiry_dict = ldap_user.get('expiry')
     if not expiry_dict:
         logger.error("LDAP password expiration map is missing --"
                      " check django_cyverse_auth: %s" % ldap_user)
         return True
     expiry_date = expiry_dict.get('expires_on')
     if not expiry_date:
         logger.error("LDAP password expiration date is missing -- "
                      "check django_cyverse_auth: %s" % ldap_user)
         return True
     _is_expired = expiry_date.replace(tzinfo=pytz.UTC) < timezone.now()
     return _is_expired
Exemplo n.º 51
0
def updateUserProxy(user, pgtIou, max_try=3):
    attempts = 0
    while attempts < max_try:
        try:
            # If PGTIOU exists, a UserProxy object was created
            # match the user to this ticket.
            userProxy = UserProxy.objects.get(proxyIOU=pgtIou)
            userProxy.username = user
            userProxy.expiresOn = timezone.now() + PROXY_TICKET_EXPIRY
            logger.debug("Found a matching proxy IOU for %s" % userProxy.username)
            userProxy.save()
            return True
        except UserProxy.DoesNotExist:
            logger.error("Could not find UserProxy object!" "ProxyIOU & ID was not saved " "at proxy url endpoint.")
            time.sleep(min(2 ** attempts, 8))
            attempts += 1
    return False
    def get_euca_node_info(self, euca_managerCls, euca_creds):
        node_dict = {'hostname': '', 'port': '', 'private_key': ''}
        instance_id = self.instance.provider_alias
        # Prepare and use the manager
        euca_manager = euca_managerCls(**euca_creds)
        node_ip = euca_manager.get_instance_node(instance_id)

        # Find the matching node
        try:
            core_node = NodeController.objects.get(alias=node_ip)
            node_dict['hostname'] = core_node.hostname
            node_dict['port'] = core_node.port
            node_dict['private_key'] = core_node.private_ssh_key
        except NodeController.DoesNotExist:
            logger.error("Must create a nodecontroller for IP: %s" % node_ip)
        # Return a dict containing information on how to SCP to the node
        return node_dict
Exemplo n.º 53
0
    def get_euca_node_info(self, euca_managerCls, euca_creds):
        node_dict = {'hostname': '', 'port': '', 'private_key': ''}
        instance_id = self.instance.provider_alias
        # Prepare and use the manager
        euca_manager = euca_managerCls(**euca_creds)
        node_ip = euca_manager.get_instance_node(instance_id)

        # Find the matching node
        try:
            core_node = NodeController.objects.get(alias=node_ip)
            node_dict['hostname'] = core_node.hostname
            node_dict['port'] = core_node.port
            node_dict['private_key'] = core_node.private_ssh_key
        except NodeController.DoesNotExist:
            logger.error("Must create a nodecontroller for IP: %s" % node_ip)
        # Return a dict containing information on how to SCP to the node
        return node_dict
Exemplo n.º 54
0
def create_new_accounts(username, selected_provider=None):
    user = AtmosphereUser.objects.get(username=username)
    if not user.is_valid():
        raise InvalidUser("The account %s is not yet valid." % username)

    providers = get_available_providers()
    identities = []
    if not providers:
        logger.error("No currently active providers")
        return identities
    if selected_provider and selected_provider not in providers:
        logger.error("The provider %s is NOT in the list of currently active providers. Account will not be created" % selected_provider)
        return identities
    for provider in providers:
        new_identity = create_new_account_for(provider, user)
        if new_identity:
            identities.append(new_identity)
    return identities
Exemplo n.º 55
0
def deploy_failed(task_uuid, driverCls, provider, identity, instance_id, **celery_task_args):
    from core.models.instance import Instance
    from core.email import send_deploy_failed_email

    try:
        logger.debug("deploy_failed task started at %s." % datetime.now())
        logger.info("task_uuid=%s" % task_uuid)
        result = app.AsyncResult(task_uuid)
        with allow_join_result():
            exc = result.get(propagate=False)
        err_str = "DEPLOYERROR::%s" % (result.traceback,)
        logger.error(err_str)
        driver = get_driver(driverCls, provider, identity)
        instance = driver.get_instance(instance_id)
        update_instance_metadata(driver, instance, data={"tmp_status": "deploy_error"}, replace=False)
        logger.debug("deploy_failed task finished at %s." % datetime.now())
    except Exception as exc:
        logger.warn(exc)
        deploy_failed.retry(exc=exc)
    def validate_input(self, user, data):
        error_map = {}

        name = data.get('name')
        identity_uuid = data.get('identity')
        source_alias = data.get('source_alias')
        size_alias = data.get('size_alias')
        allocation_source_id = data.get('allocation_source_id')
        project_uuid = data.get('project')
        if not name:
            error_map['name'] = "This field is required."
        if not project_uuid:
            error_map['project'] = "This field is required."
            try:
                user.all_projects().filter(uuid=project_uuid)
            except ValueError:
                error_map['project'
                         ] = "Properly formed hexadecimal UUID string required."
        if not identity_uuid:
            error_map['identity'] = "This field is required."
        if not source_alias:
            error_map['source_alias'] = "This field is required."
        if not size_alias:
            error_map['size_alias'] = "This field is required."
        if not allocation_source_id:
            error_map['allocation_source_id'] = "This field is required."

        if error_map:
            raise Exception(error_map)

        try:
            identity = Identity.objects.get(uuid=identity_uuid)
            # Staff or owner ONLY
            if not user.is_staff and identity.created_by != user:
                logger.error(
                    "User %s does not have permission to use identity %s" %
                    (user, identity)
                )
                raise Identity.DoesNotExist("You are not the owner")
        except Identity.DoesNotExist:
            error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
            raise Exception(error_map)
        return
Exemplo n.º 57
0
def _get_providers(username, selected_provider=None):
    from core.models import Provider
    user = AtmosphereUser.objects.get(username=username)
    public_providers = Provider.objects.filter(only_current(),
                                               active=True,
                                               public=True)

    providers = user.current_providers.filter(only_current(), active=True)
    if not providers:
        providers = public_providers
    else:
        providers |= public_providers
    if selected_provider and providers and selected_provider not in providers:
        logger.error(
            "The provider %s is NOT in the list of currently active providers. Account will not be created"
            % selected_provider)
        return (user, providers.none())

    return (user, providers)
Exemplo n.º 58
0
    def validate_input(self, user, data):
        error_map = {}

        name = data.get('name')
        identity_uuid = data.get('identity')
        source_alias = data.get('source_alias')
        size_alias = data.get('size_alias')
        allocation_source_id = data.get('allocation_source_id')
        project_uuid = data.get('project')
        if not name:
            error_map['name'] = "This field is required."
        if not project_uuid:
            error_map['project'] = "This field is required."
            try:
                user.all_projects().filter(uuid=project_uuid)
            except ValueError:
                error_map['project'
                         ] = "Properly formed hexadecimal UUID string required."
        if not identity_uuid:
            error_map['identity'] = "This field is required."
        if not source_alias:
            error_map['source_alias'] = "This field is required."
        if not size_alias:
            error_map['size_alias'] = "This field is required."
        if not allocation_source_id:
            error_map['allocation_source_id'] = "This field is required."

        if error_map:
            raise Exception(error_map)

        try:
            identity = Identity.objects.get(uuid=identity_uuid)
            # Staff or owner ONLY
            if not user.is_staff and identity.created_by != user:
                logger.error(
                    "User %s does not have permission to use identity %s" %
                    (user, identity)
                )
                raise Identity.DoesNotExist("You are not the owner")
        except Identity.DoesNotExist:
            error_map["identity"] = "The uuid (%s) is invalid." % identity_uuid
            raise Exception(error_map)
        return