def collector_operation(request): LOG.info("*** get data is ***" + str(request.GET)) user = request.GET['user'] LOG.info('1') resource = request.GET['resource'] resource_name = request.GET['resource_name'] LOG.info('1') action= request.GET['action'] LOG.info('1') result = request.GET['result'] LOG.info('1') operation_type = request.GET['operation_type'] LOG.info('1') message = request.GET['message'] LOG.info('1') # Pending issue: user_id, udc_id, resource_id try: operation = Operation(user_id=1, resource=resource, resource_name=resource_name, action=action, operation_type=operation_type, message=message, udc_id=1, resource_id=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({"success": True, "msg": _("Success.")})
def activate_user(request): pk = request.data['id'] user = User.objects.get(pk=pk) user.is_active = True user.save() try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource=user.username, resource_id=1, resource_name='用户',action="启用用户", result=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({"success": True, "msg": _('User has been activated!')}, status=status.HTTP_200_OK)
def devicepolicyupdate(request): policies = {"usb": 0} LOG.info("*** request.data is ***" + str(request.data)) role = request.data['role'] instance_id = request.data['id'] role_str = str(role) role_list = role_str.split(",") device_id = request.data['device_id'] LOG.info("********** role_list is **********" + str(role_list)) LOG.info("********** instance_id is **********" + str(instance_id)) instance = Instance.objects.get(pk=instance_id) instance_uuid = instance.uuid refered_instance = Instance.objects.filter(uuid=instance_uuid) for role in policies: LOG.info("*** role is ****" + str(role)) for ins in refered_instance: if role in role_list: ins.policy |= 1 << policies[role] else: ins.policy &= 0 << policies[role] for ins in refered_instance: ins.device_id = device_id ins.save() d = { 'vm_id': instance.uuid, 'storage': instance.policy, 'devices': device_id } LOG.info(">>>>>>> request update policy: {}".format(d)) res = requests.post('{}/policy'.format(settings.MGR_HTTP_ADDR), json=d, timeout=5) LOG.info(">>>>>>> response: {}".format(res)) try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='虚拟机', resource_id=1, resource_name='权限', action="usbrole", result=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({"success": True, "msg": _('Sucess.')})
def resetuserpassword(request): LOG.info("*** start to change password") new_password = request.data['new_password'] LOG.info("*** new_password is ****" + str(new_password)) user_id = request.data['user_id'] LOG.info("*** user_id is ****" + str(user_id)) confirm_password = request.data['confirm_password'] LOG.info("*** confirm_password is ****" + str(confirm_password)) if new_password != confirm_password: return Response({"success": False, "msg": _( "The new password doesn't match confirm password!")}) user = User.objects.get(pk=user_id) user.set_password(new_password) user.save() LOG.info("************* CHANGE PASSWORD !!!!!!!!!!!!!!!!!!") try: user_id = user.id user_keystone = UserDataCenter.objects.get(user_id=user_id) LOG.info("**** user_keystone is ***" + str(user_keystone)) username = user_keystone.keystone_user tenant_id = user_keystone.tenant_uuid change_user_keystone_passwd(user_id, username, tenant_id, new_password) except: raise try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='用户', resource_id=1, resource_name='重置密码',action="resetpassword", result=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({"success": True, "msg": _( "Password has been changed! Please login in again.")})
def deactivate_user(request): pk = request.data['id'] LOG.info(str(pk)) LOG.info(str(request.user.id)) if str(pk) == str(request.user.id): LOG.info("*** aaaaa ****") return Response({"success": False, "msg": _('不能禁止已登陆用户!')}, status=status.HTTP_400_BAD_REQUEST) user = User.objects.get(pk=pk) user.is_active = False user.save() try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource=user.username, resource_id=1, resource_name='用户',action="禁用用户", result=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({"success": True, "msg": _('User has been deactivated!')}, status=status.HTTP_200_OK)
def assignrole(request): LOG.info("******** datat is **********" + str(request.data)) username = request.data.get('username') roles = request.data.get('roles') if not roles: return Response({'success': False, "msg": _('请选择')}) roles_split = roles.split(",") roles_name = [] for r in roles_split: r_ = r.split(":") roles_name.append(r_[1]) # system managers need admin role to create/delete encrypted disks if "system" in roles_name: roles_name.append("admin") LOG.info("******** roles are ******" + str(roles_name)) # Check user has instances or not. if "system" in roles or "security" in roles or "audit" in roles: user_id = request.data.get('id') LOG.info("ccc") user = User.objects.get(pk=user_id) LOG.info("ccc") has_instances = user_has_instance(request, user) LOG.info("ccc") if has_instances: LOG.info("has instances") return Response({ 'success': False, "msg": _('User has instances!') }) udc = UserDataCenter.objects.filter(keystone_user__contains=username) LOG.info("******** udc are ********" + str(udc)) user_tenant_id = None keystone_user = None keystone_user_id = None for u in udc: user_tenant_id = u.tenant_uuid LOG.info("******* user_tenant_id is *********" + str(user_tenant_id)) keystone_user = u.keystone_user keystone_user_id = u.keystone_user_id LOG.info("******* keystone_user is *********" + str(keystone_user)) # Before assign role remove the current roles first. rc = create_rc_by_dc(DataCenter.objects.all()[0]) current_user_roles = keystone.roles_for_user(rc, keystone_user_id, user_tenant_id) current_user_roles_list = [] for c_role in current_user_roles: # Do not remove member role and SwiftOperator current_user_roles_list.append(c_role.name) LOG.info("*** c_role is ***" + str(c_role.name)) LOG.info("*** c_role id is ***" + str(c_role.id)) if c_role.name != "_member_" and c_role.name != "SwiftOperator": LOG.info("member swift no") keystone.remove_tenant_user_role(rc, project=user_tenant_id, user=keystone_user_id, role=c_role.id) for role in roles_name: LOG.info("******** role is *********" + str(role)) if role not in current_user_roles_list: add_user_role(keystone_user, role, user_tenant_id) user = User.objects.get(pk=user_id) user.last_name = role user.save() #user_ = request.user #Operation.log(user_, obj_name=user_.name, action="分配权限", result=1) try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='用户', resource_id=1, resource_name='权限', action="asignrole", result=1) operation.save() except Exception as e: LOG.info(str(e)) return Response({ 'success': True, "msg": _('User role assigned successfully!') })
def create_user(request): LOG.info("****** start to create user *****") LOG.info("******* data is ******" + str(request.data)) LOG.info("****** username is ******" + str(request.data['username'])) posted_username = request.data['username'] if str(posted_username) in ['neutron', 'cinder', 'keystone', 'nova', 'glance', 'heat', 'swift', 'admin', 'ceilometer']: return Response({"success": False, "msg": _("Service user must not be created.")}) LOG.info("****** password is ******" + str(request.data['password1'])) user = User() LOG.info("ccccccccccccc") form = CloudUserCreateFormWithoutCapatcha(data=request.POST, instance=user) LOG.info("ddddddddddddd") if not form.is_valid(): LOG.info("form is not valid") return Response({"success": False, "msg": _("Data is not valid")}) user = form.save() #update start if settings.TRI_ENABLED and request.data['is_system_user'] == 'true': LOG.info("******** I am systemuser ***************") #user = User.objects.create_superuser(username=username, email=email, password=password1) UserProxy.grant_system_user(user) LOG.info("fffffffffff") #return Response({"success": True, # "msg": _("User is created successfully!")}) if settings.TRI_ENABLED and request.data['is_safety_user'] == 'true': LOG.info("******** I am safetyuser ***************") #user = User.objects.create_superuser(username=username, email=email, password=password1) LOG.info("******** SUPERUSER CREATE SUCCESS **********") UserProxy.grant_safety_user(user) LOG.info("fffffffffff") #return Response({"success": True, # "msg": _("User is created successfully!")}) if settings.TRI_ENABLED and request.data['is_audit_user'] == 'true': LOG.info("******** I am audituser ***************") #user = User.objects.create_superuser(username=username, email=email, password=password1) LOG.info("******** SUPERUSER CREATE SUCCESS **********") UserProxy.grant_audit_user(user) LOG.info("fffffffffff") #return Response({"success": True, # "msg": _("User is created successfully!")}) # If workflow is disabled, then only resrouce user can be created, # otherwise admin can create resource user and workflow approver user. if not settings.WORKFLOW_ENABLED: tenant_id = request.data['tenant'] LOG.info("tennat_id is " + str(tenant_id)) password = request.data['password1'] link_user_to_dc_task.delay(user, DataCenter.get_default(), tenant_id, password) try: operation = Operation(user=request.user, udc_id=request.session['UDC_ID'], resource='用户', resource_id=1, resource_name='用户',action="创建用户", result=1) operation.save() except Exception as e: LOG.info(str(e)) else: if 'is_resource_user' in request.data and \ request.data['is_resource_user'] == 'true': tenant_id = request.data['tenant'] link_user_to_dc_task(user, DataCenter.get_default(), tenant_id, password) if 'is_approver' in request.data and \ request.data['is_approver'] == 'true': UserProxy.grant_workflow_approve(user) return Response({"success": True, "msg": _("User is created successfully!")})