x
/
group-based-policy-ui
Code Issues Proposed changes
group-based-policy-ui/gbpui/panels/policytargets/workflows.py

572 lines
23 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import logging
from django.core.urlresolvers import reverse
from django import shortcuts
from django.utils import html
from django.utils.text import normalize_newlines # noqa
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.debug import sensitive_variables # noqa
from horizon import exceptions
from horizon import forms
from horizon.utils import validators
from horizon import workflows
from openstack_dashboard import api
from openstack_dashboard.dashboards.project.instances \
import utils as instance_utils
from openstack_dashboard.dashboards.project.instances.workflows \
import create_instance as workflows_create_instance
from gbpui import client
from gbpui import fields
LOG = logging.getLogger(__name__)
POLICY_RULE_SET_URL = "horizon:project:application_policy:addpolicy_rule_set"
ADD_EXTERNAL_CONNECTIVITY = \
"horizon:project:network_policy:create_external_connectivity"
class SelectPolicyRuleSetAction(workflows.Action):
provided_policy_rule_set = fields.DynamicMultiChoiceField(
label=_("Provided Policy Rule Set"),
help_text=_("Choose a policy rule set for an Group."),
add_item_link=POLICY_RULE_SET_URL,
required=False)
consumed_policy_rule_set = fields.DynamicMultiChoiceField(
label=_("Consumed Policy Rule Set"),
help_text=_("Select consumed policy rule set for Group."),
add_item_link=POLICY_RULE_SET_URL,
required=False)
class Meta(object):
name = _("Application Policy")
help_text = _("Select Policy Rule Set for Group.")
def _policy_rule_set_list(self, request):
policy_rule_sets = client.policy_rule_set_list(request,
tenant_id=request.user.tenant_id)
for c in policy_rule_sets:
c.set_id_as_name_if_empty()
policy_rule_sets = sorted(policy_rule_sets,
key=lambda rule: rule.name)
return [(c.id, c.name) for c in policy_rule_sets]
def populate_provided_policy_rule_set_choices(self, request, context):
policy_rule_set_list = []
try:
rsets = self._policy_rule_set_list(request)
if len(rsets) == 0:
rsets.extend([('None', 'No Provided Policy Rule Sets')])
policy_rule_set_list = rsets
except Exception as e:
policy_rule_set_list = []
msg = _('Unable to retrieve policy rule set. %s.') % (str(e))
exceptions.handle(request, msg)
return policy_rule_set_list
def populate_consumed_policy_rule_set_choices(self, request, context):
policy_rule_set_list = []
try:
policy_rule_set_list = [('None', 'No Consumed Policy Rule Sets')]
policy_rule_set_list =\
self._policy_rule_set_list(request)
except Exception as e:
msg = _('Unable to retrieve policy rule set. %s.') % (str(e))
exceptions.handle(request, msg)
return policy_rule_set_list
class SelectL2policyAction(workflows.Action):
l2policy_id = forms.ChoiceField(
label=_("Network Policy"),
help_text=_("Select network policy for Group."))
network_service_policy_id = forms.ChoiceField(
label=_("Network Services Policy"),
help_text=_("Select network services policy for Group."),
required=False)
class Meta(object):
name = _("Network Policy")
help_text = _(
"Select network policy for Group."
"Selecting default will create an Network Policy implicitly.")
def populate_l2policy_id_choices(self, request, context):
policies = []
try:
policies = client.l2policy_list(request,
tenant_id=request.user.tenant_id)
for p in policies:
p.set_id_as_name_if_empty()
policies = sorted(policies, key=lambda rule: rule.name)
policies = [(p.id, p.name + ":" + p.id) for p in policies]
policies.insert(0, ('default', 'Default'))
except Exception as e:
exceptions.handle(request,
_("Unable to retrieve policies (%(error)s).")
% {'error': str(e)})
return policies
def populate_network_service_policy_id_choices(self, request, context):
policies = []
try:
policies = client.networkservicepolicy_list(request,
tenant_id=request.user.tenant_id)
for p in policies:
p.set_id_as_name_if_empty()
policies = [(p.id, p.name + ":" + p.id) for p in policies]
policies.insert(0, ('None', 'No Network Service Policy'))
except Exception as e:
msg = _("Unable to retrieve service policies. %s).") % (str(e))
exceptions.handle(request, msg)
return policies
class SelectL2policyStep(workflows.Step):
action_class = SelectL2policyAction
name = _("L2 Policy")
contributes = ("l2policy_id", "network_services_policy_id",)
def contribute(self, data, context):
if data['l2policy_id'] != 'default':
context['l2_policy_id'] = data['l2policy_id']
if data['network_service_policy_id'] != 'None':
context['network_service_policy_id'] = \
data['network_service_policy_id']
return context
class SelectPolicyRuleSetStep(workflows.Step):
action_class = SelectPolicyRuleSetAction
name = _("Provided Policy Rule Set")
contributes = ("provided_policy_rule_sets", "consumed_policy_rule_sets",)
def contribute(self, data, context):
if data:
policy_rule_sets = self.workflow.request.POST.getlist(
"provided_policy_rule_set")
if policy_rule_sets:
policy_rule_set_dict = {}
for policy_rule_set in policy_rule_sets:
if policy_rule_set != 'None':
policy_rule_set_dict[policy_rule_set] = None
context['provided_policy_rule_sets'] = policy_rule_set_dict
policy_rule_sets = self.workflow.request.POST.getlist(
"consumed_policy_rule_set")
if policy_rule_sets:
policy_rule_set_dict = {}
for policy_rule_set in policy_rule_sets:
if policy_rule_set != 'None':
policy_rule_set_dict[policy_rule_set] = None
context['consumed_policy_rule_sets'] = policy_rule_set_dict
return context
class AddPTGAction(workflows.Action):
name = forms.CharField(max_length=80,
label=_("Name"))
description = forms.CharField(max_length=80,
label=_("Description"),
required=False)
shared = forms.BooleanField(label=_("Shared"),
initial=False, required=False)
def __init__(self, request, *args, **kwargs):
super(AddPTGAction, self).__init__(request, *args, **kwargs)
class Meta(object):
name = _("Group")
help_text = _("Create Internal Group")
class AddPTGStep(workflows.Step):
action_class = AddPTGAction
contributes = ("name", "description", "shared")
def contribute(self, data, context):
context = super(AddPTGStep, self).contribute(data, context)
return context
class AddPTG(workflows.Workflow):
slug = "addpolicy_target"
name = _("Create Internal Group")
finalize_button_name = _("Create")
success_message = _('Create Group "%s".')
failure_message = _('Unable to create Group "%s".')
success_url = "horizon:project:policytargets:index"
default_steps = (AddPTGStep,
SelectPolicyRuleSetStep,
SelectL2policyStep,)
wizard = True
def format_status_message(self, message):
return message % self.context.get('name')
def handle(self, request, context):
try:
if context.get('name'):
context['name'] = html.escape(context['name'])
if context.get('description'):
context['description'] = html.escape(context['description'])
group = client.policy_target_create(request, **context)
return group
except Exception as e:
msg = self.format_status_message(self.failure_message) + str(e)
exceptions.handle(request, msg)
return False
class ExternalConnectivityAction(workflows.Action):
external_segments = fields.DynamicMultiChoiceField(
label=_("External Connectivity"),
required=True,
add_item_link=ADD_EXTERNAL_CONNECTIVITY,
help_text=_("Select external segment(s) for Group."))
class Meta(object):
name = _("External Connectivity")
help_text = _(
"Select External Connectivity for Group.")
def populate_external_segments_choices(self, request, context):
external_connectivities = []
try:
external_connectivities = client.externalconnectivity_list(
request, tenant_id=request.user.tenant_id)
for p in external_connectivities:
p.set_id_as_name_if_empty()
ext_conn_list = sorted(external_connectivities,
key=lambda segment: segment.name)
ext_conn_list = \
[(p.id, p.name + ":" + p.id) for p in ext_conn_list]
except Exception as e:
exceptions.handle(request,
_("Unable to retrieve policies (%(error)s).")
% {'error': str(e)})
return ext_conn_list
class ExternalConnectivityStep(workflows.Step):
action_class = ExternalConnectivityAction
name = _("External Connectivity")
contributes = ("external_segments",)
def contribute(self, data, context):
context['external_segments'] = data.get('external_segments', [])
return context
class ExtAddPTGAction(workflows.Action):
name = forms.CharField(max_length=80,
label=_("Name"))
description = forms.CharField(max_length=80,
label=_("Description"),
required=False)
shared = forms.BooleanField(label=_("Shared"),
initial=False, required=False)
def __init__(self, request, *args, **kwargs):
super(ExtAddPTGAction, self).__init__(request, *args, **kwargs)
class Meta(object):
name = _("Group")
help_text = _("Create External Group")
class ExtAddPTGStep(workflows.Step):
action_class = ExtAddPTGAction
contributes = ("name", "description", "shared")
def contribute(self, data, context):
context = super(ExtAddPTGStep, self).contribute(data, context)
return context
class AddExternalPTG(workflows.Workflow):
slug = "addexternal_policy_target"
name = _("Create External Group")
finalize_button_name = _("Create")
success_message = _('Create External Group "%s".')
failure_message = _('Unable to create External Group "%s".')
success_url = "horizon:project:policytargets:index"
default_steps = (ExtAddPTGStep,
SelectPolicyRuleSetStep,
ExternalConnectivityStep,)
wizard = True
def format_status_message(self, message):
return message % self.context.get('name')
def handle(self, request, context):
try:
if context.get('name'):
context['name'] = html.escape(context['name'])
if context.get('description'):
context['description'] = html.escape(context['description'])
group = client.ext_policy_target_create(request, **context)
return group
except Exception as e:
msg = self.format_status_message(self.failure_message) + str(e)
exceptions.handle(request, msg)
return False
KEYPAIR_IMPORT_URL = "horizon:project:access_and_security:keypairs:import"
class SetAccessControlsAction(workflows.Action):
keypair = forms.DynamicChoiceField(label=_("Key Pair"),
required=False,
help_text=_("Key pair to use for "
"authentication."),
add_item_link=KEYPAIR_IMPORT_URL)
admin_pass = forms.RegexField(
label=_("Admin Password"),
required=False,
widget=forms.PasswordInput(render_value=False),
regex=validators.password_validator(),
error_messages={'invalid': validators.password_validator_msg()})
confirm_admin_pass = forms.CharField(
label=_("Confirm Admin Password"),
required=False,
widget=forms.PasswordInput(render_value=False))
class Meta(object):
name = _("Access & Security")
help_text = _("Control access to your instance via key pairs "
"and other mechanisms.")
def __init__(self, request, *args, **kwargs):
super(SetAccessControlsAction, self).__init__(request, *args, **kwargs)
if not api.nova.can_set_server_password():
del self.fields['admin_pass']
del self.fields['confirm_admin_pass']
def populate_keypair_choices(self, request, context):
keypairs = instance_utils.keypair_field_data(request, True)
if len(keypairs) == 2:
self.fields['keypair'].initial = keypairs[1][0]
return keypairs
def clean(self):
'''Check to make sure password fields match.'''
cleaned_data = super(SetAccessControlsAction, self).clean()
if 'admin_pass' in cleaned_data:
if cleaned_data['admin_pass'] != cleaned_data.get(
'confirm_admin_pass', None):
raise forms.ValidationError(_('Passwords do not match.'))
return cleaned_data
class SetAccessControls(workflows.Step):
action_class = SetAccessControlsAction
depends_on = ("project_id", "user_id")
contributes = ("keypair_id", "security_group_ids",
"admin_pass", "confirm_admin_pass")
def contribute(self, data, context):
if data:
post = self.workflow.request.POST
context['security_group_ids'] = post.getlist("groups")
context['keypair_id'] = data.get("keypair", "")
context['admin_pass'] = data.get("admin_pass", "")
context['confirm_admin_pass'] = data.get("confirm_admin_pass", "")
return context
class SetGroupAction(workflows.Action):
# To reuse horizon instance launch code related to Networking,
# form filed must be 'network' only
network = forms.MultipleChoiceField(label=_("Groups"),
widget=forms.CheckboxSelectMultiple(),
error_messages={
'required': _(
"At least one group must"
" be specified.")},
help_text=_("Launch member instance in"
" these groups"))
widget = forms.HiddenInput()
def __init__(self, request, *args, **kwargs):
super(SetGroupAction, self).__init__(request, *args, **kwargs)
policy_targetid = self.request.path.split("/")[-2]
self.fields['network'].initial = [policy_targetid]
class Meta(object):
name = _("Groups")
help_text = _("Select groups for launching the member instance in.")
def populate_network_choices(self, request, context):
try:
pt_list = []
pts = client.policy_target_list(request,
tenant_id=request.user.tenant_id)
for pt in pts:
pt.set_id_as_name_if_empty()
pt_list.append((pt.id, pt.name))
return sorted(pt_list, key=lambda obj: obj[1])
except Exception:
msg = _("Failed to retrieve groups")
LOG.error(msg)
exceptions.handle(request, msg, redirect=shortcuts.redirect)
class SetGroup(workflows.Step):
action_class = SetGroupAction
template_name = "project/policytargets/_update_groups.html"
contributes = ("group_id",)
def contribute(self, data, context):
if data:
groups = self.workflow.request.POST.getlist("network")
groups = [n for n in groups if n != '']
if groups:
context['group_id'] = groups
return context
class LaunchInstance(workflows.Workflow):
slug = "create_member"
name = _("Create Member")
finalize_button_name = _("Launch")
success_message = _('Launched %(count)s.')
multipart = True
default_steps = (workflows_create_instance.SelectProjectUser,
workflows_create_instance.SetInstanceDetails,
SetAccessControls,
SetGroup,
workflows_create_instance.PostCreationStep,
workflows_create_instance.SetAdvanced)
def format_status_message(self, message):
count = self.context.get('count', 1)
if int(count) > 1:
return message % {"count": _("%s members") % count}
else:
return message % {"count": _("member")}
def get_success_url(self):
policy_targetid = self.request.path.split("/")[-2]
u = "horizon:project:policytargets:policy_targetdetails"
success_url = reverse(u, kwargs={'policy_target_id': policy_targetid})
return success_url
@sensitive_variables('context')
def handle(self, request, context):
custom_script = context.get('script_data', '')
dev_mapping_1 = None
dev_mapping_2 = None
image_id = ''
# Determine volume mapping options
source_type = context.get('source_type', None)
if source_type in ['image_id', 'instance_snapshot_id']:
image_id = context['source_id']
elif source_type in ['volume_id', 'volume_snapshot_id']:
try:
if api.nova.extension_supported("BlockDeviceMappingV2Boot",
request):
# Volume source id is extracted from the source
volume_source_id = context['source_id'].split(':')[0]
device_name = context.get('device_name', '') \
.strip() or None
dev_source_type_mapping = {
'volume_id': 'volume',
'volume_snapshot_id': 'snapshot'
}
dev_mapping_2 = [
{'device_name': device_name,
'source_type': dev_source_type_mapping[source_type],
'destination_type': 'volume',
'delete_on_termination':
int(bool(context['delete_on_terminate'])),
'uuid': volume_source_id,
'boot_index': '0',
'volume_size': context['volume_size']
}
]
else:
dev_mapping_1 = {context['device_name']: '%s::%s' %
(context['source_id'],
int(bool(context['delete_on_terminate'])))
}
except Exception:
msg = _('Unable to retrieve extensions information')
exceptions.handle(request, msg)
elif source_type == 'volume_image_id':
device_name = context.get('device_name', '').strip() or None
dev_mapping_2 = [
{'device_name': device_name, # None auto-selects device
'source_type': 'image',
'destination_type': 'volume',
'delete_on_termination':
int(bool(context['delete_on_terminate'])),
'uuid': context['source_id'],
'boot_index': '0',
'volume_size': context['volume_size']
}
]
avail_zone = context.get('availability_zone', None)
try:
instance_count = int(context['count'])
count = 1
while count <= instance_count:
if instance_count == 1:
instance_name = context['name']
else:
instance_name = context['name'] + str(count)
nics = []
for ptg_id in context['group_id']:
ep = client.pt_create(
request, policy_target_group_id=ptg_id,
name=instance_name[:41] + "_gbpui")
nics.append({'port-id': ep.port_id})
api.nova.server_create(request,
instance_name,
image_id,
context['flavor'],
context['keypair_id'],
normalize_newlines(custom_script),
security_groups=None,
block_device_mapping=dev_mapping_1,
block_device_mapping_v2=dev_mapping_2,
nics=nics,
availability_zone=avail_zone,
instance_count=1,
admin_pass=context['admin_pass'],
disk_config=context.get('disk_config'),
config_drive=context.get('config_drive'))
count += 1
return True
except Exception:
error = _("Unable to launch member %(count)s with name %(name)s")
msg = error % {'count': count, 'name': instance_name}
LOG.error(msg)
u = "horizon:project:policytargets:policy_targetdetails"
policy_target_id = self.request.path.split("/")[-2]
redirect = reverse(u, kwargs={'policy_target_id':
policy_target_id})
exceptions.handle(request, msg, redirect=redirect)
return False
View Git Blame Copy Permalink