736 lines
33 KiB
Python
736 lines
33 KiB
Python
# Copyright 2012 United States Government as represented by the
|
|
# Administrator of the National Aeronautics and Space Administration.
|
|
# All Rights Reserved.
|
|
#
|
|
# Copyright 2012 Nebula, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
from django.conf import settings
|
|
from django.core.urlresolvers import reverse
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
from horizon import exceptions
|
|
from horizon import forms
|
|
from horizon import messages
|
|
from horizon import workflows
|
|
|
|
from openstack_dashboard import api
|
|
from openstack_dashboard.api import base
|
|
from openstack_dashboard.api import cinder
|
|
from openstack_dashboard.api import keystone
|
|
from openstack_dashboard.api import nova
|
|
from openstack_dashboard.usage import quotas
|
|
|
|
INDEX_URL = "horizon:admin:projects:index"
|
|
ADD_USER_URL = "horizon:admin:projects:create_user"
|
|
PROJECT_GROUP_ENABLED = keystone.VERSIONS.active >= 3
|
|
PROJECT_USER_MEMBER_SLUG = "update_members"
|
|
PROJECT_GROUP_MEMBER_SLUG = "update_group_members"
|
|
|
|
|
|
class UpdateProjectQuotaAction(workflows.Action):
|
|
ifcb_label = _("Injected File Content Bytes")
|
|
metadata_items = forms.IntegerField(min_value=-1,
|
|
label=_("Metadata Items"))
|
|
cores = forms.IntegerField(min_value=-1, label=_("VCPUs"))
|
|
instances = forms.IntegerField(min_value=-1, label=_("Instances"))
|
|
injected_files = forms.IntegerField(min_value=-1,
|
|
label=_("Injected Files"))
|
|
injected_file_content_bytes = forms.IntegerField(min_value=-1,
|
|
label=ifcb_label)
|
|
volumes = forms.IntegerField(min_value=-1, label=_("Volumes"))
|
|
snapshots = forms.IntegerField(min_value=-1, label=_("Volume Snapshots"))
|
|
gigabytes = forms.IntegerField(
|
|
min_value=-1, label=_("Total Size of Volumes and Snapshots (GB)"))
|
|
ram = forms.IntegerField(min_value=-1, label=_("RAM (MB)"))
|
|
floating_ips = forms.IntegerField(min_value=-1, label=_("Floating IPs"))
|
|
fixed_ips = forms.IntegerField(min_value=-1, label=_("Fixed IPs"))
|
|
security_groups = forms.IntegerField(min_value=-1,
|
|
label=_("Security Groups"))
|
|
security_group_rules = forms.IntegerField(min_value=-1,
|
|
label=_("Security Group Rules"))
|
|
|
|
# Neutron
|
|
security_group = forms.IntegerField(min_value=-1,
|
|
label=_("Security Groups"))
|
|
security_group_rule = forms.IntegerField(min_value=-1,
|
|
label=_("Security Group Rules"))
|
|
floatingip = forms.IntegerField(min_value=-1, label=_("Floating IPs"))
|
|
network = forms.IntegerField(min_value=-1, label=_("Networks"))
|
|
port = forms.IntegerField(min_value=-1, label=_("Ports"))
|
|
router = forms.IntegerField(min_value=-1, label=_("Routers"))
|
|
subnet = forms.IntegerField(min_value=-1, label=_("Subnets"))
|
|
|
|
def __init__(self, request, *args, **kwargs):
|
|
super(UpdateProjectQuotaAction, self).__init__(request,
|
|
*args,
|
|
**kwargs)
|
|
disabled_quotas = quotas.get_disabled_quotas(request)
|
|
for field in disabled_quotas:
|
|
if field in self.fields:
|
|
self.fields[field].required = False
|
|
self.fields[field].widget = forms.HiddenInput()
|
|
|
|
class Meta:
|
|
name = _("Quota")
|
|
slug = 'update_quotas'
|
|
help_text = _("From here you can set quotas "
|
|
"(max limits) for the project.")
|
|
|
|
|
|
class UpdateProjectQuota(workflows.Step):
|
|
action_class = UpdateProjectQuotaAction
|
|
depends_on = ("project_id",)
|
|
contributes = quotas.QUOTA_FIELDS
|
|
|
|
|
|
class CreateProjectInfoAction(workflows.Action):
|
|
# Hide the domain_id and domain_name by default
|
|
domain_id = forms.CharField(label=_("Domain ID"),
|
|
required=False,
|
|
widget=forms.HiddenInput())
|
|
domain_name = forms.CharField(label=_("Domain Name"),
|
|
required=False,
|
|
widget=forms.HiddenInput())
|
|
name = forms.CharField(label=_("Name"),
|
|
max_length=64)
|
|
description = forms.CharField(widget=forms.widgets.Textarea(),
|
|
label=_("Description"),
|
|
required=False)
|
|
enabled = forms.BooleanField(label=_("Enabled"),
|
|
required=False,
|
|
initial=True)
|
|
|
|
def __init__(self, request, *args, **kwargs):
|
|
super(CreateProjectInfoAction, self).__init__(request,
|
|
*args,
|
|
**kwargs)
|
|
# For keystone V3, display the two fields in read-only
|
|
if keystone.VERSIONS.active >= 3:
|
|
readonlyInput = forms.TextInput(attrs={'readonly': 'readonly'})
|
|
self.fields["domain_id"].widget = readonlyInput
|
|
self.fields["domain_name"].widget = readonlyInput
|
|
|
|
class Meta:
|
|
name = _("Project Info")
|
|
help_text = _("From here you can create a new "
|
|
"project to organize users.")
|
|
|
|
|
|
class CreateProjectInfo(workflows.Step):
|
|
action_class = CreateProjectInfoAction
|
|
contributes = ("domain_id",
|
|
"domain_name",
|
|
"project_id",
|
|
"name",
|
|
"description",
|
|
"enabled")
|
|
|
|
|
|
class UpdateProjectMembersAction(workflows.MembershipAction):
|
|
def __init__(self, request, *args, **kwargs):
|
|
super(UpdateProjectMembersAction, self).__init__(request,
|
|
*args,
|
|
**kwargs)
|
|
err_msg = _('Unable to retrieve user list. Please try again later.')
|
|
# Use the domain_id from the project
|
|
domain_id = self.initial.get("domain_id", None)
|
|
project_id = ''
|
|
if 'project_id' in self.initial:
|
|
project_id = self.initial['project_id']
|
|
|
|
# Get the default role
|
|
try:
|
|
default_role = api.keystone.get_default_role(self.request)
|
|
# Default role is necessary to add members to a project
|
|
if default_role is None:
|
|
default = getattr(settings,
|
|
"OPENSTACK_KEYSTONE_DEFAULT_ROLE", None)
|
|
msg = _('Could not find default role "%s" in Keystone') % \
|
|
default
|
|
raise exceptions.NotFound(msg)
|
|
except Exception:
|
|
exceptions.handle(self.request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
default_role_name = self.get_default_role_field_name()
|
|
self.fields[default_role_name] = forms.CharField(required=False)
|
|
self.fields[default_role_name].initial = default_role.id
|
|
|
|
# Get list of available users
|
|
all_users = []
|
|
try:
|
|
all_users = api.keystone.user_list(request,
|
|
domain=domain_id)
|
|
except Exception:
|
|
exceptions.handle(request, err_msg)
|
|
users_list = [(user.id, user.name) for user in all_users]
|
|
|
|
# Get list of roles
|
|
role_list = []
|
|
try:
|
|
role_list = api.keystone.role_list(request)
|
|
except Exception:
|
|
exceptions.handle(request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
for role in role_list:
|
|
field_name = self.get_member_field_name(role.id)
|
|
label = role.name
|
|
self.fields[field_name] = forms.MultipleChoiceField(required=False,
|
|
label=label)
|
|
self.fields[field_name].choices = users_list
|
|
self.fields[field_name].initial = []
|
|
|
|
# Figure out users & roles
|
|
if project_id:
|
|
try:
|
|
users_roles = api.keystone.get_project_users_roles(request,
|
|
project_id)
|
|
except Exception:
|
|
exceptions.handle(request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
|
|
for user_id in users_roles:
|
|
roles_ids = users_roles[user_id]
|
|
for role_id in roles_ids:
|
|
field_name = self.get_member_field_name(role_id)
|
|
self.fields[field_name].initial.append(user_id)
|
|
|
|
class Meta:
|
|
name = _("Project Members")
|
|
slug = PROJECT_USER_MEMBER_SLUG
|
|
|
|
|
|
class UpdateProjectMembers(workflows.UpdateMembersStep):
|
|
action_class = UpdateProjectMembersAction
|
|
available_list_title = _("All Users")
|
|
members_list_title = _("Project Members")
|
|
no_available_text = _("No users found.")
|
|
no_members_text = _("No users.")
|
|
|
|
def contribute(self, data, context):
|
|
if data:
|
|
try:
|
|
roles = api.keystone.role_list(self.workflow.request)
|
|
except Exception:
|
|
exceptions.handle(self.workflow.request,
|
|
_('Unable to retrieve user list.'))
|
|
|
|
post = self.workflow.request.POST
|
|
for role in roles:
|
|
field = self.get_member_field_name(role.id)
|
|
context[field] = post.getlist(field)
|
|
return context
|
|
|
|
|
|
class UpdateProjectGroupsAction(workflows.MembershipAction):
|
|
def __init__(self, request, *args, **kwargs):
|
|
super(UpdateProjectGroupsAction, self).__init__(request,
|
|
*args,
|
|
**kwargs)
|
|
err_msg = _('Unable to retrieve group list. Please try again later.')
|
|
# Use the domain_id from the project
|
|
domain_id = self.initial.get("domain_id", None)
|
|
project_id = ''
|
|
if 'project_id' in self.initial:
|
|
project_id = self.initial['project_id']
|
|
|
|
# Get the default role
|
|
try:
|
|
default_role = api.keystone.get_default_role(self.request)
|
|
# Default role is necessary to add members to a project
|
|
if default_role is None:
|
|
default = getattr(settings,
|
|
"OPENSTACK_KEYSTONE_DEFAULT_ROLE", None)
|
|
msg = _('Could not find default role "%s" in Keystone') % \
|
|
default
|
|
raise exceptions.NotFound(msg)
|
|
except Exception:
|
|
exceptions.handle(self.request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
default_role_name = self.get_default_role_field_name()
|
|
self.fields[default_role_name] = forms.CharField(required=False)
|
|
self.fields[default_role_name].initial = default_role.id
|
|
|
|
# Get list of available groups
|
|
all_groups = []
|
|
try:
|
|
all_groups = api.keystone.group_list(request,
|
|
domain=domain_id)
|
|
except Exception:
|
|
exceptions.handle(request, err_msg)
|
|
groups_list = [(group.id, group.name) for group in all_groups]
|
|
|
|
# Get list of roles
|
|
role_list = []
|
|
try:
|
|
role_list = api.keystone.role_list(request)
|
|
except Exception:
|
|
exceptions.handle(request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
for role in role_list:
|
|
field_name = self.get_member_field_name(role.id)
|
|
label = role.name
|
|
self.fields[field_name] = forms.MultipleChoiceField(required=False,
|
|
label=label)
|
|
self.fields[field_name].choices = groups_list
|
|
self.fields[field_name].initial = []
|
|
|
|
# Figure out groups & roles
|
|
if project_id:
|
|
for group in all_groups:
|
|
try:
|
|
roles = api.keystone.roles_for_group(self.request,
|
|
group=group.id,
|
|
project=project_id)
|
|
except Exception:
|
|
exceptions.handle(request,
|
|
err_msg,
|
|
redirect=reverse(INDEX_URL))
|
|
for role in roles:
|
|
field_name = self.get_member_field_name(role.id)
|
|
self.fields[field_name].initial.append(group.id)
|
|
|
|
class Meta:
|
|
name = _("Project Groups")
|
|
slug = PROJECT_GROUP_MEMBER_SLUG
|
|
|
|
|
|
class UpdateProjectGroups(workflows.UpdateMembersStep):
|
|
action_class = UpdateProjectGroupsAction
|
|
available_list_title = _("All Groups")
|
|
members_list_title = _("Project Groups")
|
|
no_available_text = _("No groups found.")
|
|
no_members_text = _("No groups.")
|
|
|
|
def contribute(self, data, context):
|
|
if data:
|
|
try:
|
|
roles = api.keystone.role_list(self.workflow.request)
|
|
except Exception:
|
|
exceptions.handle(self.workflow.request,
|
|
_('Unable to retrieve role list.'))
|
|
|
|
post = self.workflow.request.POST
|
|
for role in roles:
|
|
field = self.get_member_field_name(role.id)
|
|
context[field] = post.getlist(field)
|
|
return context
|
|
|
|
|
|
class CreateProject(workflows.Workflow):
|
|
slug = "create_project"
|
|
name = _("Create Project")
|
|
finalize_button_name = _("Create Project")
|
|
success_message = _('Created new project "%s".')
|
|
failure_message = _('Unable to create project "%s".')
|
|
success_url = "horizon:admin:projects:index"
|
|
default_steps = (CreateProjectInfo,
|
|
UpdateProjectMembers,
|
|
UpdateProjectQuota)
|
|
|
|
def __init__(self, request=None, context_seed=None, entry_point=None,
|
|
*args, **kwargs):
|
|
if PROJECT_GROUP_ENABLED:
|
|
self.default_steps = (CreateProjectInfo,
|
|
UpdateProjectMembers,
|
|
UpdateProjectGroups,
|
|
UpdateProjectQuota)
|
|
super(CreateProject, self).__init__(request=request,
|
|
context_seed=context_seed,
|
|
entry_point=entry_point,
|
|
*args,
|
|
**kwargs)
|
|
|
|
def format_status_message(self, message):
|
|
return message % self.context.get('name', 'unknown project')
|
|
|
|
def handle(self, request, data):
|
|
# create the project
|
|
domain_id = data['domain_id']
|
|
try:
|
|
desc = data['description']
|
|
self.object = api.keystone.tenant_create(request,
|
|
name=data['name'],
|
|
description=desc,
|
|
enabled=data['enabled'],
|
|
domain=domain_id)
|
|
except Exception:
|
|
exceptions.handle(request, ignore=True)
|
|
return False
|
|
|
|
project_id = self.object.id
|
|
|
|
# update project members
|
|
users_to_add = 0
|
|
try:
|
|
available_roles = api.keystone.role_list(request)
|
|
member_step = self.get_step(PROJECT_USER_MEMBER_SLUG)
|
|
# count how many users are to be added
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
role_list = data[field_name]
|
|
users_to_add += len(role_list)
|
|
# add new users to project
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
role_list = data[field_name]
|
|
users_added = 0
|
|
for user in role_list:
|
|
api.keystone.add_tenant_user_role(request,
|
|
project=project_id,
|
|
user=user,
|
|
role=role.id)
|
|
users_added += 1
|
|
users_to_add -= users_added
|
|
except Exception:
|
|
if PROJECT_GROUP_ENABLED:
|
|
group_msg = _(", add project groups")
|
|
else:
|
|
group_msg = ""
|
|
exceptions.handle(request, _('Failed to add %(users_to_add)s '
|
|
'project members%(group_msg)s and '
|
|
'set project quotas.')
|
|
% {'users_to_add': users_to_add,
|
|
'group_msg': group_msg})
|
|
|
|
if PROJECT_GROUP_ENABLED:
|
|
# update project groups
|
|
groups_to_add = 0
|
|
try:
|
|
available_roles = api.keystone.role_list(request)
|
|
member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG)
|
|
|
|
# count how many groups are to be added
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
role_list = data[field_name]
|
|
groups_to_add += len(role_list)
|
|
# add new groups to project
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
role_list = data[field_name]
|
|
groups_added = 0
|
|
for group in role_list:
|
|
api.keystone.add_group_role(request,
|
|
role=role.id,
|
|
group=group,
|
|
project=project_id)
|
|
groups_added += 1
|
|
groups_to_add -= groups_added
|
|
except Exception:
|
|
exceptions.handle(request, _('Failed to add %s project groups '
|
|
'and update project quotas.'
|
|
% groups_to_add))
|
|
|
|
# Update the project quota.
|
|
nova_data = dict(
|
|
[(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS])
|
|
try:
|
|
nova.tenant_quota_update(request, project_id, **nova_data)
|
|
|
|
if base.is_service_enabled(request, 'volume'):
|
|
cinder_data = dict([(key, data[key]) for key in
|
|
quotas.CINDER_QUOTA_FIELDS])
|
|
cinder.tenant_quota_update(request,
|
|
project_id,
|
|
**cinder_data)
|
|
|
|
if api.base.is_service_enabled(request, 'network') and \
|
|
api.neutron.is_quotas_extension_supported(request):
|
|
neutron_data = {}
|
|
disabled_quotas = quotas.get_disabled_quotas(request)
|
|
for key in quotas.NEUTRON_QUOTA_FIELDS:
|
|
if key not in disabled_quotas:
|
|
neutron_data[key] = data[key]
|
|
api.neutron.tenant_quota_update(request,
|
|
project_id,
|
|
**neutron_data)
|
|
except Exception:
|
|
exceptions.handle(request, _('Unable to set project quotas.'))
|
|
return True
|
|
|
|
|
|
class UpdateProjectInfoAction(CreateProjectInfoAction):
|
|
enabled = forms.BooleanField(required=False, label=_("Enabled"))
|
|
|
|
class Meta:
|
|
name = _("Project Info")
|
|
slug = 'update_info'
|
|
help_text = _("From here you can edit the project details.")
|
|
|
|
|
|
class UpdateProjectInfo(workflows.Step):
|
|
action_class = UpdateProjectInfoAction
|
|
depends_on = ("project_id",)
|
|
contributes = ("domain_id",
|
|
"domain_name",
|
|
"name",
|
|
"description",
|
|
"enabled")
|
|
|
|
|
|
class UpdateProject(workflows.Workflow):
|
|
slug = "update_project"
|
|
name = _("Edit Project")
|
|
finalize_button_name = _("Save")
|
|
success_message = _('Modified project "%s".')
|
|
failure_message = _('Unable to modify project "%s".')
|
|
success_url = "horizon:admin:projects:index"
|
|
default_steps = (UpdateProjectInfo,
|
|
UpdateProjectMembers,
|
|
UpdateProjectQuota)
|
|
|
|
def __init__(self, request=None, context_seed=None, entry_point=None,
|
|
*args, **kwargs):
|
|
if PROJECT_GROUP_ENABLED:
|
|
self.default_steps = (UpdateProjectInfo,
|
|
UpdateProjectMembers,
|
|
UpdateProjectGroups,
|
|
UpdateProjectQuota)
|
|
|
|
super(UpdateProject, self).__init__(request=request,
|
|
context_seed=context_seed,
|
|
entry_point=entry_point,
|
|
*args,
|
|
**kwargs)
|
|
|
|
def format_status_message(self, message):
|
|
return message % self.context.get('name', 'unknown project')
|
|
|
|
def handle(self, request, data):
|
|
# FIXME(gabriel): This should be refactored to use Python's built-in
|
|
# sets and do this all in a single "roles to add" and "roles to remove"
|
|
# pass instead of the multi-pass thing happening now.
|
|
|
|
project_id = data['project_id']
|
|
domain_id = ''
|
|
# update project info
|
|
try:
|
|
project = api.keystone.tenant_update(
|
|
request,
|
|
project_id,
|
|
name=data['name'],
|
|
description=data['description'],
|
|
enabled=data['enabled'])
|
|
# Use the domain_id from the project if available
|
|
domain_id = getattr(project, "domain_id", None)
|
|
except Exception:
|
|
exceptions.handle(request, ignore=True)
|
|
return False
|
|
|
|
# update project members
|
|
users_to_modify = 0
|
|
# Project-user member step
|
|
member_step = self.get_step(PROJECT_USER_MEMBER_SLUG)
|
|
try:
|
|
# Get our role options
|
|
available_roles = api.keystone.role_list(request)
|
|
# Get the users currently associated with this project so we
|
|
# can diff against it.
|
|
project_members = api.keystone.user_list(request,
|
|
project=project_id)
|
|
users_to_modify = len(project_members)
|
|
|
|
for user in project_members:
|
|
# Check if there have been any changes in the roles of
|
|
# Existing project members.
|
|
current_roles = api.keystone.roles_for_user(self.request,
|
|
user.id,
|
|
project_id)
|
|
current_role_ids = [role.id for role in current_roles]
|
|
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
# Check if the user is in the list of users with this role.
|
|
if user.id in data[field_name]:
|
|
# Add it if necessary
|
|
if role.id not in current_role_ids:
|
|
# user role has changed
|
|
api.keystone.add_tenant_user_role(
|
|
request,
|
|
project=project_id,
|
|
user=user.id,
|
|
role=role.id)
|
|
else:
|
|
# User role is unchanged, so remove it from the
|
|
# remaining roles list to avoid removing it later.
|
|
index = current_role_ids.index(role.id)
|
|
current_role_ids.pop(index)
|
|
|
|
# Prevent admins from doing stupid things to themselves.
|
|
is_current_user = user.id == request.user.id
|
|
is_current_project = project_id == request.user.tenant_id
|
|
admin_roles = [role for role in current_roles
|
|
if role.name.lower() == 'admin']
|
|
if len(admin_roles):
|
|
removing_admin = any([role.id in current_role_ids
|
|
for role in admin_roles])
|
|
else:
|
|
removing_admin = False
|
|
if is_current_user and is_current_project and removing_admin:
|
|
# Cannot remove "admin" role on current(admin) project
|
|
msg = _('You cannot revoke your administrative privileges '
|
|
'from the project you are currently logged into. '
|
|
'Please switch to another project with '
|
|
'administrative privileges or remove the '
|
|
'administrative role manually via the CLI.')
|
|
messages.warning(request, msg)
|
|
|
|
# Otherwise go through and revoke any removed roles.
|
|
else:
|
|
for id_to_delete in current_role_ids:
|
|
api.keystone.remove_tenant_user_role(
|
|
request,
|
|
project=project_id,
|
|
user=user.id,
|
|
role=id_to_delete)
|
|
users_to_modify -= 1
|
|
|
|
# Grant new roles on the project.
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
# Count how many users may be added for exception handling.
|
|
users_to_modify += len(data[field_name])
|
|
for role in available_roles:
|
|
users_added = 0
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
for user_id in data[field_name]:
|
|
if not filter(lambda x: user_id == x.id, project_members):
|
|
api.keystone.add_tenant_user_role(request,
|
|
project=project_id,
|
|
user=user_id,
|
|
role=role.id)
|
|
users_added += 1
|
|
users_to_modify -= users_added
|
|
except Exception:
|
|
if PROJECT_GROUP_ENABLED:
|
|
group_msg = _(", update project groups")
|
|
else:
|
|
group_msg = ""
|
|
exceptions.handle(request, _('Failed to modify %(users_to_modify)s'
|
|
' project members%(group_msg)s and '
|
|
'update project quotas.')
|
|
% {'users_to_modify': users_to_modify,
|
|
'group_msg': group_msg})
|
|
return False
|
|
|
|
if PROJECT_GROUP_ENABLED:
|
|
# update project groups
|
|
groups_to_modify = 0
|
|
member_step = self.get_step(PROJECT_GROUP_MEMBER_SLUG)
|
|
try:
|
|
# Get the groups currently associated with this project so we
|
|
# can diff against it.
|
|
project_groups = api.keystone.group_list(request,
|
|
domain=domain_id,
|
|
project=project_id)
|
|
groups_to_modify = len(project_groups)
|
|
for group in project_groups:
|
|
# Check if there have been any changes in the roles of
|
|
# Existing project members.
|
|
current_roles = api.keystone.roles_for_group(
|
|
self.request,
|
|
group=group.id,
|
|
project=project_id)
|
|
current_role_ids = [role.id for role in current_roles]
|
|
for role in available_roles:
|
|
# Check if the group is in the list of groups with
|
|
# this role.
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
if group.id in data[field_name]:
|
|
# Add it if necessary
|
|
if role.id not in current_role_ids:
|
|
# group role has changed
|
|
api.keystone.add_group_role(
|
|
request,
|
|
role=role.id,
|
|
group=group.id,
|
|
project=project_id)
|
|
else:
|
|
# Group role is unchanged, so remove it from
|
|
# the remaining roles list to avoid removing it
|
|
# later.
|
|
index = current_role_ids.index(role.id)
|
|
current_role_ids.pop(index)
|
|
|
|
# Revoke any removed roles.
|
|
for id_to_delete in current_role_ids:
|
|
api.keystone.remove_group_role(request,
|
|
role=id_to_delete,
|
|
group=group.id,
|
|
project=project_id)
|
|
groups_to_modify -= 1
|
|
|
|
# Grant new roles on the project.
|
|
for role in available_roles:
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
# Count how many groups may be added for error handling.
|
|
groups_to_modify += len(data[field_name])
|
|
for role in available_roles:
|
|
groups_added = 0
|
|
field_name = member_step.get_member_field_name(role.id)
|
|
for group_id in data[field_name]:
|
|
if not filter(lambda x: group_id == x.id,
|
|
project_groups):
|
|
api.keystone.add_group_role(request,
|
|
role=role.id,
|
|
group=group_id,
|
|
project=project_id)
|
|
groups_added += 1
|
|
groups_to_modify -= groups_added
|
|
except Exception:
|
|
exceptions.handle(request, _('Failed to modify %s project '
|
|
'members, update project groups '
|
|
'and update project quotas.'
|
|
% groups_to_modify))
|
|
return False
|
|
|
|
# update the project quota
|
|
nova_data = dict(
|
|
[(key, data[key]) for key in quotas.NOVA_QUOTA_FIELDS])
|
|
try:
|
|
nova.tenant_quota_update(request,
|
|
project_id,
|
|
**nova_data)
|
|
|
|
if base.is_service_enabled(request, 'volume'):
|
|
cinder_data = dict([(key, data[key]) for key in
|
|
quotas.CINDER_QUOTA_FIELDS])
|
|
cinder.tenant_quota_update(request,
|
|
project_id,
|
|
**cinder_data)
|
|
|
|
if api.base.is_service_enabled(request, 'network') and \
|
|
api.neutron.is_quotas_extension_supported(request):
|
|
neutron_data = {}
|
|
disabled_quotas = quotas.get_disabled_quotas(request)
|
|
for key in quotas.NEUTRON_QUOTA_FIELDS:
|
|
if key not in disabled_quotas:
|
|
neutron_data[key] = data[key]
|
|
api.neutron.tenant_quota_update(request,
|
|
project_id,
|
|
**neutron_data)
|
|
return True
|
|
except Exception:
|
|
exceptions.handle(request, _('Modified project information and '
|
|
'members, but unable to modify '
|
|
'project quotas.'))
|
|
return False
|