Пример #1
0
def check_host_editable(
    host, user=None,
    check_in_installing=False
):
    """Check host is editable.

    If we try to set reinstall_os or check the host is not in installing
    state, we should set check_in_installing to True.
    Otherwise we will check the host is not in installing or installed.
    We also make sure the user is admin or the owner of the host to avoid
    unauthorized user to update host attributes.
    """
    if check_in_installing:
        if host.state.state == 'INSTALLING':
            raise exception.Forbidden(
                'host %s is not editable '
                'when state is in installing' % host.name
            )
    elif not host.reinstall_os:
        raise exception.Forbidden(
            'host %s is not editable '
            'when not to be reinstalled' % host.name
        )
    if user and not user.is_admin and host.creator_id != user.id:
        raise exception.Forbidden(
            'host %s is not editable '
            'when user is not admin or the owner of the host' % host.name
        )
Пример #2
0
def start_check_cluster_health(cluster_id,
                               send_report_url,
                               user=None,
                               session=None,
                               check_health={}):
    """Start to check cluster health."""
    cluster = cluster_api.get_cluster_internal(cluster_id, session=session)

    if cluster.state.state != 'SUCCESSFUL':
        logging.debug("state is %s" % cluster.state.state)
        err_msg = "Healthcheck starts only after cluster finished deployment!"
        raise exception.Forbidden(err_msg)

    reports = utils.list_db_objects(session,
                                    models.HealthCheckReport,
                                    cluster_id=cluster.id,
                                    state='verifying')
    if reports:
        err_msg = 'Healthcheck in progress, please wait for it to complete!'
        raise exception.Forbidden(err_msg)

    # Clear all preivous report
    # TODO(grace): the delete should be moved into celery task.
    # We should consider the case that celery task is down.
    utils.del_db_objects(session,
                         models.HealthCheckReport,
                         cluster_id=cluster.id)

    from compass.tasks import client as celery_client
    celery_client.celery.send_task('compass.tasks.cluster_health',
                                   (cluster.id, send_report_url, user.email))
    return {
        "cluster_id": cluster.id,
        "status": "start to check cluster health."
    }
Пример #3
0
def check_ip_available(subnet, ip):
    if not subnet.reserved_range:
       return
    ip_int = int(ipaddress.IPv4Address(ip.decode()))
    reserved_ranges = []
    reserved_ips = []
    for item in subnet.reserved_range.split(','):
        ip_ends = item.split('-')
        if len(ip_ends) == 2:
            reserved_ranges.append(item)
        elif len(ip_ends) == 1:
            reserved_ips.append(item)
    for item in reserved_ranges:
        ends = item.split('-')
        check_1 = int(ipaddress.IPv4Address(ends[0].decode())) - ip_int
        check_2 = int(ipaddress.IPv4Address(ends[1].decode())) - ip_int
        if (check_1 > 0) ^ (check_2 > 0):
            raise exception.Forbidden(
                'IP %s is reserved, reserved range: %s'
                % (ip, subnet.reserved_range)
                )
    for item in reserved_ips:
        if ip_int == int(ipaddress.IPv4Address(item.decode())):
            raise exception.Forbidden(
                'IP %s is reserved, reserved range: %s'
                % (ip, subnet.reserved_range)
                )
Пример #4
0
def update_report(cluster_id, name, session=None, **kwargs):
    """Update health check report."""
    report = _get_report(cluster_id, name, session=session)
    if report.state == 'finished':
        err_msg = 'Report cannot be updated if state is in "finished"'
        raise exception.Forbidden(err_msg)

    return utils.update_db_object(session, report, **kwargs)
Пример #5
0
 def wrapper(*args, **kwargs):
     user = kwargs.get('user')
     if user is not None:
         if not user.is_admin:
             raise exception.Forbidden('User %s is not admin.' %
                                       (user.email))
         return func(*args, **kwargs)
     else:
         return func(*args, **kwargs)
Пример #6
0
def _check_user_permission(user, permission, session=None):
    """Check user has permission."""
    if not user:
        logging.info('empty user means the call is from internal')
        return
    if user.is_admin:
        return

    user_permission = utils.get_db_object(session,
                                          models.UserPermission,
                                          False,
                                          user_id=user.id,
                                          name=permission.name)
    if not user_permission:
        raise exception.Forbidden('user %s does not have permission %s' %
                                  (user.email, permission.name))
Пример #7
0
        def wrapper(user_id, *args, **kwargs):
            user = kwargs.get('user')
            if user is not None:
                session = kwargs.get('session')
                if session is None:
                    raise exception.DatabaseException(
                        'wrapper check_user_admin_or_owner is '
                        'not called in session')
                check_user = _get_user(user_id, session=session)
                if not user.is_admin and user.id != check_user.id:
                    raise exception.Forbidden(
                        'User %s is not admin or the owner of user %s.' %
                        (user.email, check_user.email))

                return func(user_id, *args, **kwargs)
            else:
                return func(user_id, *args, **kwargs)
Пример #8
0
def update_user(user_id, user=None, session=None, **kwargs):
    """Update a user and return the updated user object."""
    update_user = _get_user(
        user_id,
        session=session,
    )
    allowed_fields = set()
    if user.is_admin:
        allowed_fields |= set(ADMIN_UPDATED_FIELDS)
    if user.id == update_user.id:
        allowed_fields |= set(SELF_UPDATED_FIELDS)
    unsupported_fields = set(kwargs) - allowed_fields
    if unsupported_fields:
        # The user is not allowed to update a user.
        raise exception.Forbidden(
            'User %s has no permission to update user %s fields %s.' %
            (user.email, user.email, unsupported_fields))
    return utils.update_db_object(session, update_user, **kwargs)
Пример #9
0
def check_host_validated(host):
    """Check host is validated."""
    if not host.config_validated:
        raise exception.Forbidden('host %s is not validated' % host.name)