# Copyright 2012 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from contextlib import closing # noqa
import logging
import tempfile
import zipfile
from django.core.urlresolvers import reverse_lazy
from django import http
from django import shortcuts
from django.template.loader import render_to_string
from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
from horizon import exceptions
from horizon import forms
from horizon import messages
from horizon import views
from openstack_dashboard import api
from openstack_dashboard.dashboards.project.access_and_security.api_access \
import forms as project_forms
LOG = logging.getLogger(__name__)
def _get_ec2_credentials(request):
tenant_id = request.user.tenant_id
all_keys = api.keystone.list_ec2_credentials(request,
request.user.id)
key = next((x for x in all_keys if x.tenant_id == tenant_id), None)
if not key:
key = api.keystone.create_ec2_credentials(request,
request.user.id,
tenant_id)
try:
s3_endpoint = api.base.url_for(request,
's3',
endpoint_type='publicURL')
except exceptions.ServiceCatalogException:
s3_endpoint = None
try:
ec2_endpoint = api.base.url_for(request,
'ec2',
endpoint_type='publicURL')
except exceptions.ServiceCatalogException:
ec2_endpoint = None
return {'ec2_access_key': key.access,
'ec2_secret_key': key.secret,
'ec2_endpoint': ec2_endpoint,
's3_endpoint': s3_endpoint}
def _get_openrc_credentials(request):
keystone_url = api.base.url_for(request,
'identity',
endpoint_type='publicURL')
credentials = dict(tenant_id=request.user.tenant_id,
tenant_name=request.user.tenant_name,
auth_url=keystone_url,
user=request.user,
interface='public',
os_endpoint_type='publicURL',
region=getattr(request.user, 'services_region') or "")
return credentials
[docs]def download_ec2_bundle(request):
tenant_name = request.user.tenant_name
# Gather or create our EC2 credentials
try:
credentials = api.nova.get_x509_credentials(request)
cacert = api.nova.get_x509_root_certificate(request)
context = _get_ec2_credentials(request)
except Exception:
exceptions.handle(request,
_('Unable to fetch EC2 credentials.'),
redirect=request.build_absolute_uri())
# Create our file bundle
template = 'project/access_and_security/api_access/ec2rc.sh.template'
try:
temp_zip = tempfile.NamedTemporaryFile(delete=True)
with closing(zipfile.ZipFile(temp_zip.name, mode='w')) as archive:
archive.writestr('pk.pem', credentials.private_key)
archive.writestr('cert.pem', credentials.data)
archive.writestr('cacert.pem', cacert.data)
archive.writestr('ec2rc.sh', render_to_string(template, context))
except Exception:
exceptions.handle(request,
_('Error writing zipfile: %(exc)s'),
redirect=request.build_absolute_uri())
# Send it back
response = http.HttpResponse(content_type='application/zip')
response.write(temp_zip.read())
response['Content-Disposition'] = ('attachment; '
'filename="%s-x509.zip"'
% tenant_name)
response['Content-Length'] = temp_zip.tell()
return response
[docs]def download_rc_file_v2(request):
template = 'project/access_and_security/api_access/openrc_v2.sh.template'
context = _get_openrc_credentials(request)
context['os_identity_api_version'] = 2
context['os_auth_version'] = 2
return _download_rc_file_for_template(request, context, template)
[docs]def download_rc_file(request):
template = 'project/access_and_security/api_access/openrc.sh.template'
context = _get_openrc_credentials(request)
# make v3 specific changes
context['user_domain_name'] = request.user.user_domain_name
# sanity fix for removing v2.0 from the url if present
context['auth_url'] = utils.fix_auth_url_version(context['auth_url'])
context['os_identity_api_version'] = 3
context['os_auth_version'] = 3
return _download_rc_file_for_template(request, context, template)
def _download_rc_file_for_template(request, context, template):
try:
response = shortcuts.render(request,
template,
context,
content_type="text/plain")
tenant_name = context['tenant_name']
disposition = 'attachment; filename="%s-openrc.sh"' % tenant_name
response['Content-Disposition'] = disposition.encode('utf-8')
response['Content-Length'] = str(len(response.content))
return response
except Exception as e:
LOG.exception("Exception in DownloadOpenRCForm.")
messages.error(request, _('Error Downloading RC File: %s') % e)
return shortcuts.redirect(request.build_absolute_uri())
[docs]class CredentialsView(forms.ModalFormMixin, views.HorizonTemplateView):
template_name = 'project/access_and_security/api_access/credentials.html'
page_title = _("User Credentials Details")
[docs] def get_context_data(self, **kwargs):
context = super(CredentialsView, self).get_context_data(**kwargs)
try:
context['openrc_creds'] = _get_openrc_credentials(self.request)
except Exception:
exceptions.handle(self.request,
_('Unable to get openrc credentials'))
if api.base.is_service_enabled(self.request, 'ec2'):
try:
context['ec2_creds'] = _get_ec2_credentials(self.request)
except Exception:
exceptions.handle(self.request,
_('Unable to get EC2 credentials'))
return context
[docs]class RecreateCredentialsView(forms.ModalFormView):
form_class = project_forms.RecreateCredentials
form_id = "recreate_credentials"
modal_header = _("Recreate EC2 Credentials")
template_name = \
'project/access_and_security/api_access/recreate_credentials.html'
submit_label = _("Recreate EC2 Credentials")
submit_url = reverse_lazy(
"horizon:project:access_and_security:api_access:recreate_credentials")
success_url = reverse_lazy('horizon:project:access_and_security:index')