def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(
request, 'community_network_topology')
if public_region:
return False
return True
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request,
'easystack_overview')
if public_region:
return False
return True
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request,
'Instance_Snapshots')
if public_region:
return False
return True
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'EasyStack_Admin')
if public_region:
return False
is_access = super(EasyStack_Admin, self).can_access(context)
cloud_admin = keystone.is_cloud_admin(request)
v3, project_admin = keystone.is_project_admin(request)
if v3:
return is_access and cloud_admin and project_admin
return is_access
def volume_snapshot_list(request, search_opts=None):
c_client = cinderclient(request)
if c_client is None:
return []
if keystone.is_public_region(request):
return []
else:
return [
VolumeSnapshot(s)
for s in c_client.volume_snapshots.list(search_opts=search_opts)
]
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Identity')
if public_region:
return False
v3, domain_admin = keystone.is_domain_admin(request)
v3, project_admin = keystone.is_project_admin(request)
if v3:
return super(Identity, self).can_access(context)\
and (domain_admin or project_admin)
return super(Identity, self).can_access(context)
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Billing')
if public_region:
return False
billing_enable = getattr(settings, 'ENABLE_BILLING', False)
if not billing_enable or \
keystone.is_cloud_admin(request) or \
keystone.is_dedicated_context(request) or \
keystone.is_default_domain_member(request)[1]:
return False
return True
def ensure_volume_snapshots(request, volumes):
if keystone.is_public_region(request):
return volumes
volumes_map = SortedDict([(i['id'], i) for i in volumes])
snapshot_list = api.cinder.volume_snapshot_list(request)
for snapshot in snapshot_list:
if snapshot.volume_id in volumes_map:
volume = volumes_map[snapshot.volume_id]
volume.setdefault('snapshots', [])
volume['snapshots'].append(snapshot.to_dict())
return volumes
def openstack(request):
"""Context processor necessary for OpenStack Dashboard functionality.
The following variables are added to the request context:
``authorized_tenants``
A list of tenant objects which the current user has access to.
``regions``
A dictionary containing information about region support, the current
region, and available regions.
"""
context = {}
# Auth/Keystone context
context.setdefault('authorized_tenants', [])
if request.user.is_authenticated():
context['authorized_tenants'] = [
tenant for tenant in
request.user.authorized_tenants if tenant.enabled]
context['ISPUBLICREGION'] = keystone.is_public_region(request)
# Region context/support
available_regions = getattr(settings, 'AVAILABLE_REGIONS', [])
regions = {'support': len(available_regions) > 1,
'current': {'endpoint': request.session.get('region_endpoint'),
'name': request.session.get('region_name')},
'available': [{'endpoint': region[0], 'name':region[1]} for
region in available_regions]}
context['regions'] = regions
# Adding webroot access
context['WEBROOT'] = getattr(settings, "WEBROOT", "/")
context['DEBUG_TOAST_ENABLED'] = getattr(settings,
"DEBUG_TOAST_ENABLED",
False)
context['LDAP_EDITABLE'] = getattr(settings, "LDAP_EDITABLE", True)
context['MANA_BILLING_ENABLE'] = getattr(
settings, "MANA_BILLING_ENABLE", False)
context['LOADBALANCER_ENABLE'] = getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {}).get('enable_lb', False)
context['MANA_ENABLE'] = getattr(settings, "MANA_ENABLE", False)
context['MANILA_ENABLED'] = getattr(settings, "MANILA_ENABLED", False)
context['TICKET_ENABLED'] = getattr(settings, "TICKET_ENABLED", False)
context['DOMAIN_QUOTA_ENABLED'] = getattr(settings, "DOMAIN_QUOTA_ENABLED", False)
notice_enable = getattr(settings, 'NOTICE_ENABLE', False)
context['NOTICE_ENABLE'] = notice_enable
context['EMAIL_ACTIVATION'] = getattr(settings, "EMAIL_ACTIVATION", True)
context['RELEASE_NUM'] = getattr(settings, "RELEASE_NUM", '4.0.1')
if notice_enable:
context.update(notice.get_notice())
return context
def get(self, request):
"""Get a detailed list of volume snapshots associated with the current
user's project.
The listing result is an object with property "items".
"""
if keystone.is_public_region(request):
return {'items':[]}
result = api.cinder.volume_snapshot_list(
request,
search_opts=rest_utils.parse_filters_kwargs(request)[0]
)
return {'items': [u.to_dict() for u in result]}
def get_disabled_quotas(request):
disabled_quotas = []
# if aws_region disable network quotas, keypair quotas, snapshot quotas
if keystone.is_public_region(request):
disabled_quotas.extend(NEUTRON_QUOTA_FIELDS)
disabled_quotas.extend([
'key_pairs', 'snapshots', 'loadbalancer', 'pool', 'listener',
'backups'
])
# Cinder
if not base.is_service_enabled(request, 'volume'):
disabled_quotas.extend(CINDER_QUOTA_FIELDS)
# Neutron
if not getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {}).get(
'enable_lb', False):
disabled_quotas.extend(LOADBALANCER_QUOTA_FIELDS)
if not base.is_service_enabled(request, 'network'):
disabled_quotas.extend(NEUTRON_QUOTA_FIELDS)
else:
# Remove the nova network quotas
disabled_quotas.extend(['floating_ips', 'fixed_ips'])
if neutron.is_extension_supported(request, 'security-group'):
# If Neutron security group is supported, disable Nova quotas
disabled_quotas.extend(['security_groups', 'security_group_rules'])
else:
# If Nova security group is used, disable Neutron quotas
disabled_quotas.extend(['security_group', 'security_group_rule'])
try:
if not neutron.is_quotas_extension_supported(request):
disabled_quotas.extend(NEUTRON_QUOTA_FIELDS)
except Exception:
LOG.exception("There was an error checking if the Neutron "
"quotas extension is enabled.")
return disabled_quotas
def can_access(self, context):
# todo temporarily enabling panel for any user
# request = context['request']
# if not request.user.has_perms(self.permissions):
# return False
# try:
# if not neutron.is_service_enabled(request,`
# config_name='enable_lb',
# ext_name='lbaas'):
# return False
# except Exception:
# LOG.error("Call to list enabled services failed. This is likely "
# "due to a problem communicating with the Neutron "
# "endpoint. Load Balancers panel will not be displayed")
# return False
# if not super(LoadBalancer, self).allowed(context):
# return False
request = context['request']
public_region = keystone.is_public_region(request, 'loadbalancersv2')
if public_region:
return False
network_settings = getattr(settings, "OPENSTACK_NEUTRON_NETWORK", {})
return network_settings.get('enable_lb', False)
def inner(request, *args, **kwargs):
need_billing = enable_billing \
and not policy.check((("identity", "cloud_admin"),), request) \
and not keystone.is_dedicated_context(request) \
and not request.user.user_domain_id == 'default' \
and not keystone.is_public_region(request)
# if we enable billing
if need_billing:
balance = get_balance(request)
if balance <= 0:
LOG.error("Account Balance is less than 0")
raise exceptions.NotAuthenticated(
"Account Balance is less than 0")
# make sure product time be earlier than resource create time
create_time = datetime.datetime.utcnow()\
.strftime("%Y-%m-%d %H:%M:%S")
# do request
result = func(request, *args, **kwargs)
# if we enable billing, create a product
if need_billing:
try:
if 'unit' in request.DATA:
kwargs['unit'] = request.DATA['unit']
if (kwargs['unit'] == 'H'):
kwargs['payment_type'] = 'post_paid'
elif (kwargs['unit'] == 'M'):
kwargs['payment_type'] = 'pre_paid'
else:
kwargs['payment_type'] = 'pre_paid'
elif 'metadata' in request.DATA:
if 'unit' in kwargs['metadata']:
kwargs['unit'] = kwargs['metadata']['unit']
if (kwargs['unit'] == 'H'):
kwargs['payment_type'] = 'post_paid'
elif (kwargs['unit'] == 'M'):
kwargs['payment_type'] = 'pre_paid'
else:
kwargs['payment_type'] = 'pre_paid'
else:
kwargs['unit'] = 'H'
kwargs['payment_type'] = 'post_paid'
elif 'loadbalancer' in request.DATA:
if 'unit' in request.DATA['loadbalancer']:
kwargs['unit'] = request.DATA['loadbalancer'][
'unit']
if (kwargs['unit'] == 'H'):
kwargs['payment_type'] = 'post_paid'
elif (kwargs['unit'] == 'M'):
kwargs['payment_type'] = 'pre_paid'
else:
kwargs['payment_type'] = 'pre_paid'
else:
kwargs['unit'] = 'H'
kwargs['payment_type'] = 'post_paid'
else:
kwargs['unit'] = 'H'
kwargs['payment_type'] = 'post_paid'
_create_product(request, result, create_time, *args,
**kwargs)
except Exception as e:
LOG.error(e)
# TODO(need to fix):
# raise exception to Servers post() in rest/nova.py
raise e
return result
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Alerts')
if public_region:
return False
return False
def get_tenant_quota_data(request, disabled_quotas=None, tenant_id=None):
qs = _get_quota_data(request,
"tenant_quota_get",
disabled_quotas=disabled_quotas,
tenant_id=tenant_id)
# TODO(jpichon): There is no API to get the default system quotas
# in Neutron (cf. LP#1204956), so for now handle tenant quotas here.
# This should be handled in _get_quota_data() eventually.
if not disabled_quotas:
return qs
# Check if neutron is enabled by looking for network and router
if 'network' not in disabled_quotas and 'router' not in disabled_quotas:
tenant_id = tenant_id or request.user.tenant_id
neutron_quotas = neutron.tenant_quota_get(request, tenant_id)
if 'floating_ips' in disabled_quotas:
# Neutron with quota extension disabled
if 'floatingip' in disabled_quotas:
qs.add(base.QuotaSet({'floating_ips': -1}))
# Neutron with quota extension enabled
else:
# Rename floatingip to floating_ips since that's how it's
# expected in some places (e.g. Security & Access' Floating IPs)
fips_quota = neutron_quotas.get('floatingip').limit
qs.add(base.QuotaSet({'floating_ips': fips_quota}))
if 'security_groups' in disabled_quotas:
if 'security_group' in disabled_quotas:
qs.add(base.QuotaSet({'security_groups': -1}))
# Neutron with quota extension enabled
else:
# Rename security_group to security_groups since that's how it's
# expected in some places (e.g. Security & Access' Security Groups)
sec_quota = neutron_quotas.get('security_group').limit
qs.add(base.QuotaSet({'security_groups': sec_quota}))
if 'network' in disabled_quotas:
for item in qs.items:
if item.name == 'networks':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('network').limit
qs.add(base.QuotaSet({'networks': net_quota}))
if 'subnet' in disabled_quotas:
for item in qs.items:
if item.name == 'subnets':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('subnet').limit
qs.add(base.QuotaSet({'subnets': net_quota}))
if 'router' in disabled_quotas:
for item in qs.items:
if item.name == 'routers':
qs.items.remove(item)
break
else:
router_quota = neutron_quotas.get('router').limit
qs.add(base.QuotaSet({'routers': router_quota}))
if not keystone.is_public_region(request):
if 'loadbalancer' in disabled_quotas:
for item in qs.items:
if item.name == 'loadbalancers':
qs.items.remove(item)
break
else:
loadbalancer_quota = neutron_quotas.get('loadbalancer').limit
qs.add(base.QuotaSet({'loadbalancers': loadbalancer_quota}))
if 'listener' in disabled_quotas:
for item in qs.items:
if item.name == 'listeners':
qs.items.remove(item)
break
else:
listener_quota = neutron_quotas.get('listener').limit
qs.add(base.QuotaSet({'listeners': listener_quota}))
if 'healthmonitor' in disabled_quotas:
for item in qs.items:
if item.name == 'healthmonitors':
qs.items.remove(item)
break
else:
healthmonitor_quota = neutron_quotas.get('healthmonitor').limit
qs.add(base.QuotaSet({'healthmonitors': healthmonitor_quota}))
if 'pool' in disabled_quotas:
for item in qs.items:
if item.name == 'pools':
qs.items.remove(item)
break
else:
pool_quota = neutron_quotas.get('pool').limit
qs.add(base.QuotaSet({'pools': pool_quota}))
if 'port' in disabled_quotas:
for item in qs.items:
if item.name == 'ports':
qs.items.remove(item)
break
else:
port_quota = neutron_quotas.get('port').limit
qs.add(base.QuotaSet({'ports': port_quota}))
return qs
def _get_neutron_quota(request, tenant_id, disabled_quotas):
quotasets = []
qs = base.QuotaSet()
# Check if neutron is enabled by looking for network and router
if 'network' not in disabled_quotas and 'router' not in disabled_quotas:
tenant_id = tenant_id or request.user.tenant_id
neutron_quotas = neutron.tenant_quota_get(request, tenant_id)
if 'floating_ips' in disabled_quotas:
# Neutron with quota extension disabled
if 'floatingip' in disabled_quotas:
qs.add(base.QuotaSet({'floating_ips': -1}))
# Neutron with quota extension enabled
else:
# Rename floatingip to floating_ips since that's how it's
# expected in some places (e.g. Security & Access' Floating IPs)
fips_quota = neutron_quotas.get('floatingip').limit
qs.add(base.QuotaSet({'floating_ips': fips_quota}))
if 'security_groups' in disabled_quotas:
if 'security_group' in disabled_quotas:
qs.add(base.QuotaSet({'security_groups': -1}))
# Neutron with quota extension enabled
else:
# Rename security_group to security_groups since that's how it's
# expected in some places (e.g. Security & Access' Security Groups)
sec_quota = neutron_quotas.get('security_group').limit
qs.add(base.QuotaSet({'security_groups': sec_quota}))
if 'network' in disabled_quotas:
for item in qs.items:
if item.name == 'networks':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('network').limit
qs.add(base.QuotaSet({'networks': net_quota}))
if 'subnet' in disabled_quotas:
for item in qs.items:
if item.name == 'subnets':
qs.items.remove(item)
break
else:
net_quota = neutron_quotas.get('subnet').limit
qs.add(base.QuotaSet({'subnets': net_quota}))
if 'router' in disabled_quotas:
for item in qs.items:
if item.name == 'routers':
qs.items.remove(item)
break
else:
router_quota = neutron_quotas.get('router').limit
qs.add(base.QuotaSet({'routers': router_quota}))
if not keystone.is_public_region(request):
if 'loadbalancer' in disabled_quotas:
for item in qs.items:
if item.name == 'loadbalancers':
qs.items.remove(item)
break
else:
loadbalancer_quota = neutron_quotas.get('loadbalancer').limit
qs.add(base.QuotaSet({'loadbalancers': loadbalancer_quota}))
if 'listener' in disabled_quotas:
for item in qs.items:
if item.name == 'listeners':
qs.items.remove(item)
break
else:
listener_quota = neutron_quotas.get('listener').limit
qs.add(base.QuotaSet({'listeners': listener_quota}))
if 'healthmonitor' in disabled_quotas:
for item in qs.items:
if item.name == 'healthmonitors':
qs.items.remove(item)
break
else:
healthmonitor_quota = neutron_quotas.get('healthmonitor').limit
qs.add(base.QuotaSet({'healthmonitors': healthmonitor_quota}))
if 'pool' in disabled_quotas:
for item in qs.items:
if item.name == 'pools':
qs.items.remove(item)
break
else:
pool_quota = neutron_quotas.get('pool').limit
qs.add(base.QuotaSet({'pools': pool_quota}))
if 'port' in disabled_quotas:
for item in qs.items:
if item.name == 'ports':
qs.items.remove(item)
break
else:
port_quota = neutron_quotas.get('port').limit
qs.add(base.QuotaSet({'ports': port_quota}))
return qs
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Security_Groups')
if public_region:
return False
return True
def get(self, request):
enable_billing = False
if not keystone.is_public_region(request):
if not keystone.is_dedicated_context(request):
enable_billing = getattr(settings, 'ENABLE_BILLING', True)
return rest_utils.JSONResponse(enable_billing, 200)
def get(self, request):
if not keystone.is_public_region(request):
fixing = billing.get_active_pricefixing(request)
if fixing is None:
return rest_utils.JSONResponse(False, 200)
return rest_utils.JSONResponse(True, 200)
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Volume Backups')
if public_region:
return False
return True
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'FloatingIP')
if public_region:
return False
return True
def can_access(self, context):
request = context['request']
public_region = keystone.is_public_region(request, 'Tickets')
if public_region:
return False
return getattr(settings, "TICKET_ENABLED", False)
