def confirm_requests(request): """Confirm the approval of the permission requests.""" approved_req_ids = request.session.setdefault("approved_req_ids", []) delegatable_req_ids = request.session.setdefault("delegatable_req_ids", []) denied_req_ids = request.session.setdefault("denied_req_ids", []) approved_reqs = [] for req_id in approved_req_ids: req = get_object_or_404(PermissionRequest, id=req_id) delegatable = req_id in delegatable_req_ids approved_reqs.append((req, delegatable)) denied_reqs = [] for req_id in denied_req_ids: denied_reqs.append(get_object_or_404(PermissionRequest, id=req_id)) if request.method == "POST": # check if confirmed and then do actions. if request.POST.get("post", "no") == "yes": for req in denied_reqs: req.deny() # DatedMessage.objects.post_message_to_user( # "Request for permission %s for object %s denied." # % (req.requested_permission.permission.name, # req.requested_permission.target), # user=req.requesting_user, # sender=req.permission_owner, # msg_type=DatedMessage.TYPE_WARNING) post_message = "Request for %s denied." % str( req.requested_permission.target).capitalize() if req.requested_permission.permission.name == "can_create_project": # Removes "* Project name: " try: project_name = req.message.split("||")[0].strip()[16:] post_message = "Request for project %s creation denied." % project_name # Notify requesting user try: send_mail( settings.EMAIL_SUBJECT_PREFIX + "Denied project request for '%s'" % (project_name), "Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details." % project_name, from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[req.requesting_user.email], ) except Exception as e: print "[WARNING] User e-mail notification could not be sent. Details: %s" % str( e) except: pass # ------------------------------------------- # It is not about permission granting anymore # ------------------------------------------- # Notify requesting user DatedMessage.objects.post_message_to_user( post_message, user=req.requesting_user, sender=req.permission_owner, msg_type=DatedMessage.TYPE_WARNING) # Notify user with permission (e.g. root) DatedMessage.objects.post_message_to_user( post_message, user=request.user, sender=req.permission_owner, msg_type=DatedMessage.TYPE_WARNING) for req, delegate in approved_reqs: # -------------------------------------------------------- # Do NOT grant permission to create projects in the future # -------------------------------------------------------- # req.allow(can_delegate=delegate) req.deny() # DatedMessage.objects.post_message_to_user( # "Request for permission %s for object %s approved." # % (req.requested_permission.permission.name, # req.requested_permission.target), # user=req.requesting_user, # sender=req.permission_owner, # msg_type=DatedMessage.TYPE_SUCCESS) post_message = "Request for %s approved." % str( req.requested_permission.target).capitalize() permission_user_post = post_message requesting_user_post = post_message email_header = post_message email_body = "%s." % post_message message_type = DatedMessage.TYPE_SUCCESS # --------------------------------------- # Project will be created in a direct way # --------------------------------------- if req.requested_permission.permission.name == "can_create_project": project_name = "" try: project = Project() project.uuid = uuid.uuid4() message = req.message.split("||") # Removes "* Project name: " project.name = message[0].strip()[16:] project_name = project.name # Removes "* Project description: " project.description = message[3].strip()[23:] post_message = "Successfully created project %s" % project.name project.save() create_project_roles(project, req.requesting_user) project.save() email_header = "Approved project request for '%s'" % project_name email_body = "Your request for the creation of project '%s' has been approved." % project_name except Exception as e: # Any error when creating a project results into: # 1. Denying the petition # 2. Notifying user in their Expedient # 3. Notifying user via e-mail post_message = "Project '%s' could not be created" % project_name permission_user_post = post_message requesting_user_post = post_message # Handle exception text for user if "duplicate entry" in str(e).lower(): email_body = "There is already a project with name '%s'. Try using a different name" % project_name requesting_user_post += ". Details: project '%s' already exists" % project_name else: email_body = "There might have been a problem when interpreting the information for project '%s'" % str( project_name) requesting_user_post += ". Contact your Island Manager for further details" # Handle exception text for admin if "Details" not in post_message: permission_user_post = "%s. Details: %s" % ( post_message, str(e)) message_type = DatedMessage.TYPE_ERROR # Email for requesting user email_header = "Denied project request for '%s'" % project_name email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % ( project_name, email_body) # Notify requesting user DatedMessage.objects.post_message_to_user( requesting_user_post, user=req.requesting_user, sender=req.permission_owner, msg_type=message_type) try: send_mail( settings.EMAIL_SUBJECT_PREFIX + email_header, email_body, from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[req.requesting_user.email], ) except Exception as e: print "[WARNING] User e-mail notification could not be sent. Details: %s" % str( e) # Notify user with permission (e.g. root) DatedMessage.objects.post_message_to_user( permission_user_post, user=request.user, sender=req.permission_owner, msg_type=message_type) # After this post we will be done with all this information del request.session["approved_req_ids"] del request.session["delegatable_req_ids"] del request.session["denied_req_ids"] return HttpResponseRedirect(reverse("home")) else: return direct_to_template(request=request, template=TEMPLATE_PATH + "/confirm_requests.html", extra_context={ "approved_reqs": approved_reqs, "denied_reqs": denied_reqs, })
def CreateSliver(slice_urn, rspec, user): (project_name, project_desc, slice_name, slice_desc, slice_expiry, controller_url, firstname, lastname, affiliation, email, password, slivers) = rspec_mod.parse_slice(rspec) logger.debug("Parsed Rspec") slice_expiry = datetime.fromtimestamp(slice_expiry) give_permission_to("can_create_project", Project, user) user.first_name = firstname user.last_name = lastname user.email = email profile = UserProfile.get_or_create_profile(user) profile.affiliation = affiliation user.save() profile.save() # Check if the slice exists try: slice = get_slice(slice_urn) # update the slice info slice.description = slice_desc slice.name = slice_name slice.expiration_date = slice_expiry slice.save() # update the project info slice.project.name = project_name slice.project.description = project_desc slice.project.save() project = slice.project except Slice.DoesNotExist: # Check if the project exists try: project = Project.objects.get(name=project_name) # update the project info logger.debug("Updating project") project.description = project_desc project.save() except Project.DoesNotExist: # create the project logger.debug("Creating project") project = Project.objects.create( name=project_name, description=project_desc, ) create_project_roles(project, user) # create the slice logger.debug("Creating slice") try: slice = Slice.objects.create( name=slice_name, description=slice_desc, project=project, owner=user, expiration_date = slice_expiry, ) except IntegrityError: raise DuplicateSliceNameException(slice_name) logger.debug("Creating/updating slice info") # create openflow slice info for the slice create_or_update( OpenFlowSliceInfo, filter_attrs={"slice": slice}, new_attrs={ "controller_url": controller_url, "password": password, }, ) logger.debug("creating gapislice") # store a pointer to this slice using the slice_urn create_or_update( GENISliceInfo, filter_attrs={ "slice": slice, }, new_attrs={ "slice_urn": slice_urn, }, ) logger.debug("adding resources") sliver_ids = [] # delete all flowspace in the slice FlowSpaceRule.objects.filter(slivers__slice=slice).delete() # add the new flowspace for fs_dict, iface_qs in slivers: # give the user, project, slice permission to use the aggregate aggregate_ids = list(iface_qs.values_list("aggregate", flat=True)) for agg_id in aggregate_ids: aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class() give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) give_permission_to("can_use_aggregate", aggregate, slice) # Create flowspace logger.debug("Creating flowspace %s" % fs_dict) fs = FlowSpaceRule.objects.create(**fs_dict) # make sure all the selected interfaces are added for iface in iface_qs: sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create( slice=slice, resource=iface) sliver_ids.append(sliver.id) fs.slivers.add(sliver) logger.debug("Deleting old resources") # Delete all removed interfaces OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete() logger.debug("Starting the slice %s %s" % (slice, slice.name)) # make the reservation tl = threadlocals.get_thread_locals() tl["project"] = project tl["slice"] = slice slice.start(user) logger.debug("Done creating sliver") return rspec_mod.create_resv_rspec(user, slice)
def confirm_requests(request): """Confirm the approval of the permission requests.""" approved_req_ids = request.session.setdefault("approved_req_ids", []) delegatable_req_ids = request.session.setdefault("delegatable_req_ids", []) denied_req_ids = request.session.setdefault("denied_req_ids", []) approved_reqs = [] for req_id in approved_req_ids: req = get_object_or_404(PermissionRequest, id=req_id) delegatable = req_id in delegatable_req_ids approved_reqs.append((req, delegatable)) denied_reqs = [] for req_id in denied_req_ids: denied_reqs.append( get_object_or_404(PermissionRequest, id=req_id)) if request.method == "POST": # check if confirmed and then do actions. if request.POST.get("post", "no") == "yes": for req in denied_reqs: req.deny() # DatedMessage.objects.post_message_to_user( # "Request for permission %s for object %s denied." # % (req.requested_permission.permission.name, # req.requested_permission.target), # user=req.requesting_user, # sender=req.permission_owner, # msg_type=DatedMessage.TYPE_WARNING) post_message = "Request for %s denied." % str(req.requested_permission.target).capitalize() if req.requested_permission.permission.name == "can_create_project": # Removes "* Project name: " try: project_name = req.message.split("||")[0].strip()[16:] post_message = "Request for project %s creation denied." % project_name # Notify requesting user try: send_mail( settings.EMAIL_SUBJECT_PREFIX + "Denied project request for '%s'" % (project_name), "Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details." % project_name, from_email = settings.DEFAULT_FROM_EMAIL, recipient_list = [req.requesting_user.email], ) except Exception as e: print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e) except: pass # ------------------------------------------- # It is not about permission granting anymore # ------------------------------------------- # Notify requesting user DatedMessage.objects.post_message_to_user( post_message, user = req.requesting_user, sender = req.permission_owner, msg_type = DatedMessage.TYPE_WARNING) # Notify user with permission (e.g. root) DatedMessage.objects.post_message_to_user( post_message, user = request.user, sender = req.permission_owner, msg_type = DatedMessage.TYPE_WARNING) for req, delegate in approved_reqs: # -------------------------------------------------------- # Do NOT grant permission to create projects in the future # -------------------------------------------------------- # req.allow(can_delegate=delegate) req.deny() # DatedMessage.objects.post_message_to_user( # "Request for permission %s for object %s approved." # % (req.requested_permission.permission.name, # req.requested_permission.target), # user=req.requesting_user, # sender=req.permission_owner, # msg_type=DatedMessage.TYPE_SUCCESS) post_message = "Request for %s approved." % str(req.requested_permission.target).capitalize() permission_user_post = post_message requesting_user_post = post_message email_header = post_message email_body = "%s." % post_message message_type = DatedMessage.TYPE_SUCCESS # --------------------------------------- # Project will be created in a direct way # --------------------------------------- if req.requested_permission.permission.name == "can_create_project": project_name = "" try: project = Project() project.uuid = uuid.uuid4() message = req.message.split("||") # Removes "* Project name: " project.name = message[0].strip()[16:] project_name = project.name # Removes "* Project description: " project.description = message[3].strip()[23:] project.urn = 'n/a' #import pdb; pdb.set_trace() if settings.ENABLE_CBAS: user_profile = UserProfile.get_or_create_profile(req.requesting_user) cert = user_profile.certificate creds = user_profile.credentials project_urn = create_project(certificate=cert, credentials=creds, project_name=project.name, project_desc=project.description) if project_urn: project.urn = project_urn post_message = "Successfully created project %s" % project.name project.save() create_project_roles(project, req.requesting_user) project.save() email_header = "Approved project request for '%s'" % project_name email_body = "Your request for the creation of project '%s' has been approved." % project_name except Exception as e: # Any error when creating a project results into: # 1. Denying the petition # 2. Notifying user in their Expedient # 3. Notifying user via e-mail post_message = "Project '%s' could not be created" % project_name permission_user_post = post_message requesting_user_post = post_message # Handle exception text for user if "duplicate entry" in str(e).lower(): email_body = "There is already a project with name '%s'. Try using a different name" % project_name requesting_user_post += ". Details: project '%s' already exists" % project_name else: email_body = "There might have been a problem when interpreting the information for project '%s'" % str(project_name) requesting_user_post += ". Contact your Island Manager for further details" # Handle exception text for admin if "Details" not in post_message: permission_user_post = "%s. Details: %s" % (post_message, str(e)) message_type = DatedMessage.TYPE_ERROR # Email for requesting user email_header = "Denied project request for '%s'" % project_name email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (project_name, email_body) # Notify requesting user DatedMessage.objects.post_message_to_user( requesting_user_post, user = req.requesting_user, sender = req.permission_owner, msg_type = message_type) try: send_mail( settings.EMAIL_SUBJECT_PREFIX + email_header, email_body, from_email = settings.DEFAULT_FROM_EMAIL, recipient_list = [req.requesting_user.email], ) except Exception as e: print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e) # Notify user with permission (e.g. root) DatedMessage.objects.post_message_to_user( permission_user_post, user = request.user, sender = req.permission_owner, msg_type = message_type) # After this post we will be done with all this information del request.session["approved_req_ids"] del request.session["delegatable_req_ids"] del request.session["denied_req_ids"] return HttpResponseRedirect(reverse("home")) else: return direct_to_template( request=request, template=TEMPLATE_PATH+"/confirm_requests.html", extra_context={ "approved_reqs": approved_reqs, "denied_reqs": denied_reqs, } )
def handle_noargs(self, **options): username = options.get("username") password = options.get("password") filename = options.get("filename") do_aggs = options.get("load_aggs") do_slices = options.get("load_slices") start_slices = options.get("start_slices") append = options.get("append") f = open(filename) data = load(f) f.close() client = Client() client.login(username=username, password=password) user = User.objects.get(username=username) threadlocals.get_thread_locals()["user"] = user if do_aggs: for agg_dict in data["aggregates"]: resp = test_get_and_post_form( client, reverse("openflow_aggregate_create"), agg_dict, ) assert(resp.status_code == 302) assert( re.search( r"/openflow/aggregate/\d+/links/$", resp["Location"])) if do_slices: for project_dict in data["projects"]: project, _ = Project.objects.get_or_create( name=project_dict["name"], description=project_dict["description"], ) create_project_roles(project, user) threadlocals.get_thread_locals()["project"] = project # add aggregates to project for aggregate in OpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) for aggregate in GCFOpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) # add slices to project for slice_dict in project_dict["slices"]: slice = Slice.objects.create( name=slice_dict["name"], description=slice_dict["description"], project=project, owner=user, ) OpenFlowSliceInfo.objects.create( slice=slice, controller_url=slice_dict["controller_url"], password=slice_dict["password"], ) info, _ = GENISliceInfo.objects.get_or_create( slice=slice, ) if not info.ssh_private_key or not info.ssh_public_key: info.generate_ssh_keys() info.save() # add aggregates to slices for aggregate in OpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, slice) for aggregate in GCFOpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, slice) # add slivers slivers = [] for dpid, port in slice_dict["ifaces"]: try: sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create( slice=slice, resource=OpenFlowInterface.objects.get( port_num=port, switch__datapath_id=dpid), ) slivers.append(sliver) except OpenFlowInterface.DoesNotExist: continue # add flowspace for sfs_dict in slice_dict["sfs"]: fs_dict = {} for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \ "nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src": fs_dict[attr+"_start"] = sfs_dict[attr] fs_dict[attr+"_end"] = sfs_dict[attr] fs = FlowSpaceRule.objects.create(**fs_dict) for sliver in slivers: fs.slivers.add(sliver) if start_slices: tl = threadlocals.get_thread_locals() tl["project"] = project tl["slice"] = slice slice.start(user)
def handle_noargs(self, **options): username = options.get("username") password = options.get("password") filename = options.get("filename") do_aggs = options.get("load_aggs") do_slices = options.get("load_slices") start_slices = options.get("start_slices") append = options.get("append") f = open(filename) data = load(f) f.close() client = Client() client.login(username=username, password=password) user = User.objects.get(username=username) threadlocals.get_thread_locals()["user"] = user if do_aggs: for agg_dict in data["aggregates"]: resp = test_get_and_post_form( client, reverse("openflow_aggregate_create"), agg_dict, ) assert (resp.status_code == 302) assert (re.search(r"/openflow/aggregate/\d+/links/$", resp["Location"])) if do_slices: for project_dict in data["projects"]: project, _ = Project.objects.get_or_create( name=project_dict["name"], description=project_dict["description"], ) create_project_roles(project, user) threadlocals.get_thread_locals()["project"] = project # add aggregates to project for aggregate in OpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) for aggregate in GCFOpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) # add slices to project for slice_dict in project_dict["slices"]: slice = Slice.objects.create( name=slice_dict["name"], description=slice_dict["description"], project=project, owner=user, ) OpenFlowSliceInfo.objects.create( slice=slice, controller_url=slice_dict["controller_url"], password=slice_dict["password"], ) info, _ = GENISliceInfo.objects.get_or_create( slice=slice, ) if not info.ssh_private_key or not info.ssh_public_key: info.generate_ssh_keys() info.save() # add aggregates to slices for aggregate in OpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, slice) for aggregate in GCFOpenFlowAggregate.objects.all(): give_permission_to("can_use_aggregate", aggregate, slice) # add slivers slivers = [] for dpid, port in slice_dict["ifaces"]: try: sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create( slice=slice, resource=OpenFlowInterface.objects.get( port_num=port, switch__datapath_id=dpid), ) slivers.append(sliver) except OpenFlowInterface.DoesNotExist: continue # add flowspace for sfs_dict in slice_dict["sfs"]: fs_dict = {} for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \ "nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src": fs_dict[attr + "_start"] = sfs_dict[attr] fs_dict[attr + "_end"] = sfs_dict[attr] fs = FlowSpaceRule.objects.create(**fs_dict) for sliver in slivers: fs.slivers.add(sliver) if start_slices: tl = threadlocals.get_thread_locals() tl["project"] = project tl["slice"] = slice slice.start(user)
def CreateSliver(slice_urn, rspec, user): (project_name, project_desc, slice_name, slice_desc, slice_expiry, controller_url, firstname, lastname, affiliation, email, password, slivers) = rspec_mod.parse_slice(rspec) logger.debug("Parsed Rspec") slice_expiry = datetime.fromtimestamp(slice_expiry) give_permission_to("can_create_project", Project, user) user.first_name = firstname user.last_name = lastname user.email = email profile = UserProfile.get_or_create_profile(user) profile.affiliation = affiliation user.save() profile.save() # Check if the slice exists try: slice = get_slice(slice_urn) # update the slice info slice.description = slice_desc slice.name = slice_name slice.expiration_date = slice_expiry slice.save() # update the project info slice.project.name = project_name slice.project.description = project_desc slice.project.save() project = slice.project except Slice.DoesNotExist: # Check if the project exists try: project = Project.objects.get(name=project_name) # update the project info logger.debug("Updating project") project.description = project_desc project.save() except Project.DoesNotExist: # create the project logger.debug("Creating project") project = Project.objects.create( name=project_name, description=project_desc, ) create_project_roles(project, user) # create the slice logger.debug("Creating slice") try: slice = Slice.objects.create( name=slice_name, description=slice_desc, project=project, owner=user, expiration_date=slice_expiry, ) except IntegrityError: raise DuplicateSliceNameException(slice_name) logger.debug("Creating/updating slice info") # create openflow slice info for the slice create_or_update( OpenFlowSliceInfo, filter_attrs={"slice": slice}, new_attrs={ "controller_url": controller_url, "password": password, }, ) logger.debug("creating gapislice") # store a pointer to this slice using the slice_urn create_or_update( GENISliceInfo, filter_attrs={ "slice": slice, }, new_attrs={ "slice_urn": slice_urn, }, ) logger.debug("adding resources") sliver_ids = [] # delete all flowspace in the slice FlowSpaceRule.objects.filter(slivers__slice=slice).delete() # add the new flowspace for fs_dict, iface_qs in slivers: # give the user, project, slice permission to use the aggregate aggregate_ids = list(iface_qs.values_list("aggregate", flat=True)) for agg_id in aggregate_ids: aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class() give_permission_to("can_use_aggregate", aggregate, user) give_permission_to("can_use_aggregate", aggregate, project) give_permission_to("can_use_aggregate", aggregate, slice) # Create flowspace logger.debug("Creating flowspace %s" % fs_dict) fs = FlowSpaceRule.objects.create(**fs_dict) # make sure all the selected interfaces are added for iface in iface_qs: sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create( slice=slice, resource=iface) sliver_ids.append(sliver.id) fs.slivers.add(sliver) logger.debug("Deleting old resources") # Delete all removed interfaces OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete() logger.debug("Starting the slice %s %s" % (slice, slice.name)) # make the reservation tl = threadlocals.get_thread_locals() tl["project"] = project tl["slice"] = slice slice.start(user) logger.debug("Done creating sliver") return rspec_mod.create_resv_rspec(user, slice)