def delete_superuser(self, user_object): """Remove a superuser.""" assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers' ) user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Ensure user to be removed is a superuser if (username not in self.get_superusers()): raise UserNotPresentInGroup('User \'%s\' is not a superuser' % username) mcvirt_config = MCVirtConfig() def update_config(config): config['superusers'].remove(username) mcvirt_config.update_config(update_config, 'Removed \'%s\' from superuser group' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username(user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.delete_superuser(remote_user) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def add_user_permission_group(self, permission_group, user_object, vm_object=None, ignore_duplicate=False): """Add a user to a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance( self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Check if user running script is able to add users to permission group if not (self.is_superuser() or (vm_object and self.assert_permission( PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user')): raise InsufficientPermissionsException( 'VM owners cannot add manager other owners') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object( vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user is already in the group if (vm_object): config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() if (username not in self.get_users_in_permission_group( permission_group, vm_object)): # Add user to permission configuration for VM def add_user_to_config(config): config['permissions'][permission_group].append(username) config_object.update_config( add_user_to_config, 'Added user \'%s\' to group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') vm_name = vm_object.get_name() if vm_object else None cluster_object.run_remote_command( 'auth-add_user_permission_group', { 'permission_group': permission_group, 'username': username, 'vm_name': vm_name }) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' already in group \'%s\'' % (username, permission_group))
def delete_user_permission_group(self, permission_group, user_object, vm_object=None): """Remove user from a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance(self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) # Check if user running script is able to remove users to permission group if not (self.is_superuser() or (self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user') and vm_object): raise InsufficientPermissionsException('Does not have required permission') user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Check if user exists in the group if username not in self.get_users_in_permission_group(permission_group, vm_object): raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' % (username, permission_group)) if vm_object: vm_object = self._convert_remote_object(vm_object) config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() # Remove user from permission configuration for VM def remove_user_from_group(config): config['permissions'][permission_group].remove(username) config_object.update_config(remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' % (username, permission_group)) if self._is_cluster_master: def add_remote_user_to_group(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username() ) connection.annotate_object(remote_user) remote_auth = connection.get_connection('auth') if vm_object: remote_vm_factory = connection.get_connection('virtual_machine_factory') remote_vm = remote_vm_factory.getVirtualMachineByName( vm_object.get_name() ) else: remote_vm = None remote_auth.delete_user_permission_group(permission_group, remote_user, remote_vm) cluster_object = self._get_registered_object('cluster') cluster_object.run_remote_command(add_remote_user_to_group)
def delete_user_permission_group(self, permission_group, user_object, vm_object=None): """Remove user from a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance( self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) # Check if user running script is able to remove users to permission group if not (self.is_superuser() or (self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user') and vm_object): raise InsufficientPermissionsException( 'Does not have required permission') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object( vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user exists in the group if username not in self.get_users_in_permission_group( permission_group, vm_object): raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' % (username, permission_group)) if vm_object: config_object = vm_object.get_config_object() vm_name = vm_object.get_name() else: config_object = MCVirtConfig() vm_name = None # Remove user from permission configuration for VM def remove_user_from_group(config): config['permissions'][permission_group].remove(username) config_object.update_config( remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') cluster_object.run_remote_command( 'auth-delete_user_permission_group', { 'permission_group': permission_group, 'username': username, 'vm_name': vm_name })
def set_cluster_ip_address(self, ip_address): """Update the cluster IP address for the node.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) ArgumentValidator.validate_ip_address(ip_address) # Update global MCVirt configuration def update_config(config): config['cluster']['cluster_ip'] = ip_address mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' % ip_address)
def set_storage_volume_group(self, volume_group): """Update the MCVirt configuration to set the volume group for VM storage.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) ArgumentValidator.validate_vg_name(volume_group) # Update global MCVirt configuration def update_config(config): config['vm_storage_vg'] = volume_group mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set virtual machine storage volume group to %s' % volume_group)
def add_user_permission_group(self, permission_group, user_object, vm_object=None, ignore_duplicate=False): """Add a user to a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance(self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Check if user running script is able to add users to permission group if not (self.is_superuser() or (vm_object and self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user')): raise InsufficientPermissionsException('VM owners cannot add manager other owners') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object(vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user is already in the group if (vm_object): config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() if (username not in self.get_users_in_permission_group(permission_group, vm_object)): # Add user to permission configuration for VM def add_user_to_config(config): config['permissions'][permission_group].append(username) config_object.update_config(add_user_to_config, 'Added user \'%s\' to group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') vm_name = vm_object.get_name() if vm_object else None cluster_object.run_remote_command('auth-add_user_permission_group', {'permission_group': permission_group, 'username': username, 'vm_name': vm_name}) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' already in group \'%s\'' % (username, permission_group) )
def set_cluster_ip_address(self, ip_address): """Update the cluster IP address for the node.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) # Check validity of IP address (mainly to ensure that ) pattern = re.compile(r"^((([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])[ (\[]?(\.|dot)" "[ )\]]?){3}([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]))$") if not pattern.match(ip_address): raise InvalidIPAddressException('%s is not a valid IP address' % ip_address) # Update global MCVirt configuration def update_config(config): config['cluster']['cluster_ip'] = ip_address mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' % ip_address)
def set_storage_volume_group(self, volume_group): """Update the MCVirt configuration to set the volume group for VM storage.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) # Ensure volume_group name is valid pattern = re.compile("^[A-Z0-9a-z_-]+$") if not pattern.match(volume_group): raise InvalidVolumeGroupNameException('%s is not a valid volume group name' % volume_group) # Update global MCVirt configuration def update_config(config): config['vm_storage_vg'] = volume_group mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set virtual machine storage volume group to %s' % volume_group)
def add_superuser(self, user_object, ignore_duplicate=False): """Add a new superuser.""" assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers') user_object = self._convert_remote_object(user_object) username = user_object.get_username() mcvirt_config = MCVirtConfig() # Ensure user is not already a superuser if username not in self.get_superusers(): def update_config(config): config['superusers'].append(username) mcvirt_config.update_config(update_config, 'Added superuser \'%s\'' % username) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' is already a superuser' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.add_superuser(remote_user, ignore_duplicate=ignore_duplicate) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def delete_superuser(self, user_object): """Remove a superuser.""" assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers') user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Ensure user to be removed is a superuser if (username not in self.get_superusers()): raise UserNotPresentInGroup('User \'%s\' is not a superuser' % username) mcvirt_config = MCVirtConfig() def update_config(config): config['superusers'].remove(username) mcvirt_config.update_config( update_config, 'Removed \'%s\' from superuser group' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.delete_superuser(remote_user) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def add_superuser(self, user_object, ignore_duplicate=False): """Add a new superuser.""" assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers' ) user_object = self._convert_remote_object(user_object) username = user_object.get_username() mcvirt_config = MCVirtConfig() # Ensure user is not already a superuser if username not in self.get_superusers(): def update_config(config): config['superusers'].append(username) mcvirt_config.update_config(update_config, 'Added superuser \'%s\'' % username) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' is already a superuser' % username ) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username(user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.add_superuser(remote_user, ignore_duplicate=ignore_duplicate) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def delete_user_permission_group(self, permission_group, user_object, vm_object=None): """Remove user from a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) if vm_object: assert isinstance( self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) # Check if user running script is able to remove users to permission group if not (self.is_superuser() or (self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user') and vm_object): raise InsufficientPermissionsException( 'Does not have required permission') user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Check if user exists in the group if username not in self.get_users_in_permission_group( permission_group, vm_object): raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' % (username, permission_group)) if vm_object: vm_object = self._convert_remote_object(vm_object) config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() # Remove user from permission configuration for VM def remove_user_from_group(config): config['permissions'][permission_group].remove(username) config_object.update_config( remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' % (username, permission_group)) if self._is_cluster_master: def add_remote_user_to_group(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username()) connection.annotate_object(remote_user) remote_auth = connection.get_connection('auth') if vm_object: remote_vm_factory = connection.get_connection( 'virtual_machine_factory') remote_vm = remote_vm_factory.getVirtualMachineByName( vm_object.get_name()) else: remote_vm = None remote_auth.delete_user_permission_group( permission_group, remote_user, remote_vm) cluster_object = self._get_registered_object('cluster') cluster_object.run_remote_command(add_remote_user_to_group)