def get_fw_rule_set(fw_rule_set_id):
try:
sg = g.client_set.compute.security_groups.get(fw_rule_set_id)
except osc_exc.NotFound:
abort(404)
assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
return make_json_response(_sg_to_view(sg))
def fetch_instance(instance_id):
try:
instance = admin_client_set().compute.servers.get(instance_id)
except osc_exc.NotFound:
abort(404)
assert_admin_or_project_user(instance.tenant_id, eperm_status=404)
return instance
def get_fw_rule_set(fw_rule_set_id):
try:
sg = g.client_set.compute.security_groups.get(fw_rule_set_id)
except osc_exc.NotFound:
abort(404)
assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
return make_json_response(_sg_to_view(sg))
def _project_users_list(project_id):
assert_admin_or_project_user(project_id, eperm_status=404)
if project_id == default_tenant_id():
abort(404)
try:
return admin_client_set().identity_admin.tenants.list_users(project_id)
except osc_exc.NotFound:
abort(404)
def _get_security_group(sg_id):
try:
sg = auth.admin_client_set().compute.security_groups.get(sg_id)
except osc_exc.NotFound:
abort(404)
auth.assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
# TODO(imelnikov): do we need to check if group belongs to systenant?
return sg
def _project_users_list(project_id):
assert_admin_or_project_user(project_id, eperm_status=404)
if project_id == default_tenant_id():
abort(404)
try:
return admin_client_set().identity_admin.tenants.list_users(project_id)
except osc_exc.NotFound:
abort(404)
def _get_security_group(sg_id):
try:
sg = auth.admin_client_set().compute.security_groups.get(sg_id)
except osc_exc.NotFound:
abort(404)
auth.assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
# TODO(imelnikov): do we need to check if group belongs to systenant?
return sg
def delete_fw_rule_set(fw_rule_set_id):
try:
sg = admin_client_set().compute.security_groups.get(fw_rule_set_id)
assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
sg.delete()
except osc_exc.NotFound:
abort(404)
set_audit_resource_id(sg)
return make_json_response(None, status_code=204)
def delete_fw_rule_set(fw_rule_set_id):
try:
sg = admin_client_set().compute.security_groups.get(fw_rule_set_id)
assert_admin_or_project_user(sg.tenant_id, eperm_status=404)
sg.delete()
except osc_exc.NotFound:
abort(404)
set_audit_resource_id(sg)
return make_json_response(None, status_code=204)
def _security_groups_for_server(instance_id):
try:
result = admin_client_set().compute.security_groups._list(
'/servers/%s/os-security-groups' % instance_id, 'security_groups')
except osc_exc.HttpException:
fetch_instance(instance_id) # check that server exists and is visible
raise # if server exists, re-raise: it was other error
if not result:
fetch_instance(instance_id) # check that server exists and is visible
else:
assert_admin_or_project_user(result[0].tenant_id, eperm_status=404)
return result
def _security_groups_for_server(instance_id):
try:
result = admin_client_set().compute.security_groups._list(
'/servers/%s/os-security-groups' % instance_id,
'security_groups')
except osc_exc.HttpException:
fetch_instance(instance_id) # check that server exists and is visible
raise # if server exists, re-raise: it was other error
if not result:
fetch_instance(instance_id) # check that server exists and is visible
else:
assert_admin_or_project_user(result[0].tenant_id, eperm_status=404)
return result
def _fetch_image(image_id, to_modify):
try:
image = auth.admin_client_set().image.images.get(image_id)
except osc_exc.NotFound:
abort(404)
# NOTE(imelnikov): yes, glance may return False as string
if image.deleted and image.deleted != 'False':
abort(404)
if image.owner == auth.default_tenant_id():
if to_modify:
auth.assert_admin()
else:
auth.assert_admin_or_project_user(image.owner)
return image
def _fetch_image(image_id, to_modify):
try:
image = auth.admin_client_set().image.images.get(image_id)
except osc_exc.NotFound:
abort(404)
# NOTE(imelnikov): yes, glance may return False as string
if image.deleted and image.deleted != 'False':
abort(404)
if image.owner == auth.default_tenant_id():
if to_modify:
auth.assert_admin()
else:
auth.assert_admin_or_project_user(image.owner)
return image
