function execute() { $this->params = $this->extractRequestParams(); $this->userLDAP = new OpenStackNovaUser(); switch ($this->params['subaction']) { case 'getall': if (isset($this->params['project'])) { $projects = array(OpenStackNovaProject::getProjectByName($this->params['project'])); } else { $projects = OpenStackNovaProject::getAllProjects(); } $data = array(); foreach ($projects as $project) { $project->fetchProjectInfo(); if (!$project->loaded) { continue; } $projectName = $project->getProjectName(); $data[$projectName]['members'] = $project->getMembers(); $data[$projectName]['roles'] = array(); foreach ($project->getRoles() as $role) { $roleName = $role->getRoleName(); $data[$projectName]['roles'][$roleName] = array('members' => $role->getMembers()); $this->getResult()->setIndexedTagName($data[$projectName]['roles'][$roleName]['members'], 'member'); } $this->getResult()->setIndexedTagName($data[$projectName]['members'], 'member'); $this->getResult()->setIndexedTagName($data[$projectName]['roles'], 'roles'); } $this->getResult()->addValue(null, $this->getModuleName(), $data); break; case 'getuser': $data = array(); if ($this->params['username']) { $user = new OpenStackNovaUser($this->params['username']); } else { $user = $this->userLDAP; } $projectNames = $user->getProjects(); foreach ($projectNames as $projectName) { $project = OpenStackNovaProject::getProjectByName($projectName); $project->fetchProjectInfo(); if (!$project->loaded) { continue; } $projectName = $project->getProjectName(); $data[$projectName] = array(); $data[$projectName]['roles'] = array(); foreach ($project->getRoles() as $role) { if ($role->userInRole($user)) { $data[$projectName]['roles'][] = $role->getRoleName(); } } $this->getResult()->setIndexedTagName($data[$projectName]['roles'], 'role'); } $this->getResult()->setIndexedTagName($data, 'project'); $this->getResult()->addValue(null, $this->getModuleName(), $data); break; } }
function execute($par) { if (!$this->getUser()->isLoggedIn()) { $this->notLoggedIn(); return; } $this->userLDAP = new OpenStackNovaUser(); if (!$this->userLDAP->exists()) { $this->noCredentials(); return; } $this->checkTwoFactor(); $action = $this->getRequest()->getVal('action'); $this->projectName = $this->getRequest()->getText('project'); $this->project = OpenStackNovaProject::getProjectByName($this->projectName); $region = $this->getRequest()->getVal('region'); $this->userNova = OpenStackNovaController::newFromUser($this->userLDAP); $this->userNova->setProject($this->projectName); $this->userNova->setRegion($region); if ($action === "create") { if (!$this->userLDAP->inProject($this->projectName)) { $this->notInProject($this->projectName); return; } $this->createProxy(); } elseif ($action === "delete") { if (!$this->userLDAP->inProject($this->projectName)) { $this->notInProject($this->project); return; } $this->deleteProxy(); } elseif ($action === "modify") { if (!$this->userLDAP->inProject($this->projectName)) { $this->notInProject($this->project); return; } $this->modifyProxy(); } else { $this->listProxies(); } }
public function run() { global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; global $wgMemc; $params = $this->extractRequestParams(); $project = OpenStackNovaProject::getProjectByName($params['project']); if (!$project) { // This shouldn't be possible since the API should enforce valid names $this->dieUsage('Invalid project specified.', 'badproject'); } $key = wfMemcKey('openstackmanager', 'apilistnovainstances', $params['region'], $params['project']); $instancesInfo = $wgMemc->get($key); if ($instancesInfo === false) { $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $userNova = OpenStackNovaController::newFromUser($user); $userNova->authenticate($wgOpenStackManagerLDAPUsername, $wgOpenStackManagerLDAPUserPassword); $userNova->setProject($project->getName()); $userNova->setRegion($params['region']); // validated by API $instances = $userNova->getInstances(); $instancesInfo = array(); foreach ($instances as $instance) { $instancesInfo[] = array('name' => $instance->getInstanceName(), 'state' => $instance->getInstanceState(), 'ip' => $instance->getInstancePrivateIPs(), 'id' => $instance->getInstanceId(), 'floatingip' => $instance->getInstancePublicIPs(), 'securitygroups' => $instance->getSecurityGroups(), 'imageid' => $instance->getImageId()); } } // Cache info for 1 minute, not caching for longer since we do not invalidate $wgMemc->set($key, $instancesInfo, 1 * 60); foreach ($instancesInfo as $info) { // UGH I hate XML $this->getResult()->setIndexedTagName($info['securitygroups'], 'group'); $this->getResult()->setIndexedTagName($info['ip'], 'ip'); $this->getResult()->setIndexedTagName($info['floatingip'], 'floatingip'); $this->getResult()->addValue(array('query', $this->getModuleName()), null, $info); } if (defined('ApiResult::META_CONTENT')) { $this->getResult()->addIndexedTagName(array('query', $this->getModuleName()), 'instance'); } else { $this->getResult()->setIndexedTagName_internal(array('query', $this->getModuleName()), 'instance'); } }
function execute() { $this->params = $this->extractRequestParams(); switch ($this->params['subaction']) { case 'getservicegroups': $project = OpenStackNovaProject::getProjectByName($this->params['project']); $project->fetchServiceGroups(); $serviceGroups = $project->getServiceGroups(); $data = array(); foreach ($serviceGroups as $serviceGroup) { $serviceGroupName = $serviceGroup->getGroupName(); if ($this->params['shellmembers']) { $data[$serviceGroupName]['members'] = $serviceGroup->getUidMembers(); } else { $data[$serviceGroupName]['members'] = $serviceGroup->getMembers(); } $this->getResult()->setIndexedTagName($data[$serviceGroupName]['members'], 'member'); } $this->getResult()->addValue(null, $this->getModuleName(), $data); break; } }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryDeleteMemberSubmit( $formData, $entryPoint = 'internal' ) { $projectname = $formData['projectname']; if ( $projectname ) { $project = OpenStackNovaProject::getProjectByName( $projectname ); if ( ! $project ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentproject' ); return true; } $role = OpenStackNovaRole::getProjectRoleByName( $formData['rolename'], $project ); } else { $role = OpenStackNovaRole::getGlobalRoleByName( $formData['rolename'] ); } if ( ! $role ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentrole' ); return true; } foreach ( $formData['members'] as $member ) { $success = $role->deleteMember( $member ); if ( $success ) { $this->getOutput()->addWikiMsg( 'openstackmanager-removedfrom', $member, $formData['rolename'] ); } else { $this->getOutput()->addWikiMsg( 'openstackmanager-failedtoremove', $member, $formData['rolename'] ); } } $out = '<br />'; $returnto = Title::newFromText( $formData['returnto'] ); $out .= Linker::link( $returnto, wfMsgHtml( 'openstackmanager-backprojectlist' ) ); $this->getOutput()->addHTML( $out ); return true; }
/** * Define who gets notifications for an event. * * @param $event EchoEvent to get implicitly subscribed users for * @param &$users array to append implicitly subscribed users to. * @return bool true in all cases */ function efOpenStackGetDefaultNotifiedUsers($event, &$users) { if ($event->getType() == 'osm-instance-build-completed' || $event->getType() == 'osm-instance-deleted') { $extra = $event->getExtra(); foreach (OpenStackNovaProject::getProjectByName($extra['projectName'])->getRoles() as $role) { if ($role->getRoleName() == 'projectadmin') { foreach ($role->getMembers() as $roleMember) { $roleMemberUser = User::newFromName($roleMember); $users[$roleMemberUser->getId()] = $roleMemberUser; } } } } elseif ($event->getType() == 'osm-instance-reboot-completed') { // Only notify the person who initiated the reboot. $users[$event->getAgent()->getId()] = $event->getAgent(); } elseif ($event->getType() == 'osm-projectmembers-add') { $extra = $event->getExtra(); $users[$extra['userAdded']] = User::newFromId($extra['userAdded']); } unset($users[0]); return true; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryConfigureProjectSubmit($formData, $entryPoint = 'internal') { $project = OpenStackNovaProject::getProjectByName($formData['projectname']); if (!$project) { $this->getOutput()->addWikiMsg('openstackmanager-nonexistentproject'); return true; } $vols = array(); if ($formData['homedirs']) { $vols[] = "home"; } if ($formData['storage']) { $vols[] = "project"; } $homedirPattern = $formData['serviceuserhome']; if ($project->setVolumeSettings($vols) && $project->setServiceGroupHomedirPattern($homedirPattern)) { $this->getOutput()->addWikiMsg('openstackmanager-configureproject-success'); } else { $this->getOutput()->addWikiMsg('openstackmanager-configureproject-failed'); } $out = Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backprojectlist')->escaped()); $this->getOutput()->addHTML($out); return true; }
/** * Deletes a sudo policy based on the policy name. * * @static * @param $sudoername * @param $projectName * @return bool */ static function deleteSudoer($sudoername, $projectName) { global $wgAuth; global $wgMemc; OpenStackNovaLdapConnection::connect(); $project = OpenStackNovaProject::getProjectByName($projectName); $sudoer = new OpenStackNovaSudoer($sudoername, $project); if (!$sudoer) { $wgAuth->printDebug("Sudoer {$sudoername} does not exist", NONSENSITIVE); return false; } $dn = $sudoer->sudoerDN; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted sudoer {$sudoername}", NONSENSITIVE); $key = wfMemcKey('openstackmanager', 'sudoerinfo', $projectName . $sudoername); $wgMemc->delete($key); return true; } else { $wgAuth->printDebug("Failed to delete sudoer {$sudoername}", NONSENSITIVE); return false; } }
/** * @param $role * @param string $projectname * @return bool */ function inRole( $role, $projectname='', $strict=false ) { global $wgAuth; global $wgOpenStackManagerLDAPRolesIntersect; if ( $this->inGlobalRole( $role ) ) { # If roles intersect, or we wish to explicitly check # project role, we can't return here. if ( !$wgOpenStackManagerLDAPRolesIntersect && !$strict ) { return true; } } else { if ( $wgOpenStackManagerLDAPRolesIntersect ) { return false; } } if ( $projectname ) { # Check project specific role $project = OpenStackNovaProject::getProjectByName( $projectname ); if ( ! $project ) { return false; } $filter = "(&(cn=$role)(member=$this->userDN))"; $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $project->projectDN, $filter ); if ( $result ) { $entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); if ( $entries ) { if ( $entries['count'] == "0" ) { $wgAuth->printDebug( "Couldn't find the user in role: $role", NONSENSITIVE ); return false; } else { return true; } } else { return false; } } else { return false; } } return false; }
/** * @param $role * @param string $projectname * @return bool */ function inRole($role, $projectname) { global $wgAuth; global $wgMemc; if (!$projectname) { return false; } $key = wfMemcKey('openstackmanager', "projectrole-{$projectname}-{$role}", $this->userDN); $cacheLength = 3600; $inRole = $wgMemc->get($key); if (is_int($inRole)) { return (bool) $inRole; } $ret = false; # Check project specific role $project = OpenStackNovaProject::getProjectByName($projectname); if (!$project) { $wgMemc->set($key, 0, $cacheLength); return false; } $filter = "(&(cn={$role})(roleoccupant={$this->userDN}))"; $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $project->projectDN, $filter); if ($result) { $entries = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); if ($entries) { if ($entries['count'] == "0") { $wgAuth->printDebug("Couldn't find the user in role: {$role}", NONSENSITIVE); } else { $ret = true; } } } $wgMemc->set($key, (int) $ret, $cacheLength); return $ret; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryDeleteMemberSubmit( $formData, $entryPoint = 'internal' ) { $project = OpenStackNovaProject::getProjectByName( $formData['projectname'] ); if ( ! $project ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentproject' ); return true; } foreach ( $formData['members'] as $member ) { $success = $project->deleteMember( $member ); if ( $success ) { $project->editArticle(); $this->getOutput()->addWikiMsg( 'openstackmanager-removedfrom', $member, $formData['projectname'] ); } else { $this->getOutput()->addWikiMsg( 'openstackmanager-failedtoremove', $member, $formData['projectname'] ); } } $out = '<br />'; $out .= Linker::link( $this->getTitle(), wfMsgHtml( 'openstackmanager-backprojectlist' ) ); $this->getOutput()->addHTML( $out ); return true; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryModifySubmit($formData, $entryPoint = 'internal') { $sudoer = OpenStackNovaSudoer::getSudoerByName($formData['sudoername'], $formData['project']); if ($sudoer) { if ($formData['commands']) { $commands = explode("\n", $formData['commands']); } else { $commands = array(); } if ($formData['options']) { $options = explode("\n", $formData['options']); } else { $options = array(); } if ($formData['requirepassword']) { $options[] = 'authenticate'; } else { $options[] = '!authenticate'; } $projectName = $formData['project']; $project = OpenStackNovaProject::getProjectByName($projectName); $projectuids = $project->getMemberUids(); $projectserviceusers = $project->getServiceUsers(); $projectGroup = "%" . $project->getProjectGroup()->getProjectGroupName(); $users = $this->removeALLFromUserKeys($formData['users']); $formerusers = $sudoer->getSudoerUsers(); foreach ($formerusers as $candidate) { # Anything in this list that isn't a user or ALL # wasn't exposed to user selection so needs to stay. if ($candidate != $projectGroup) { if (!in_array($candidate, $projectuids) && !in_array($candidate, $projectserviceusers)) { $users[] = $candidate; } } } $runasusers = $this->removeALLFromRunAsUserKeys($formData['runas']); foreach ($sudoer->getSudoerRunAsUsers() as $candidate) { if ($candidate != $projectGroup && $candidate != 'ALL') { if (!in_array($candidate, $projectuids) && !in_array($candidate, $projectserviceusers)) { $runasusers[] = $candidate; } } } $success = $sudoer->modifySudoer($users, $runasusers, $commands, $options); if (!$success) { $this->getOutput()->addWikiMsg('openstackmanager-modifysudoerfailed'); return true; } $this->getOutput()->addWikiMsg('openstackmanager-modifiedsudoer'); } else { $this->getOutput()->addWikiMsg('openstackmanager-nonexistantsudoer'); } $out = '<br />'; $out .= Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backsudoerlist')->escaped()); $this->getOutput()->addHTML($out); return true; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryRemoveServiceGroupSubmit($formData, $entryPoint = 'internal') { $project = OpenStackNovaProject::getProjectByName($formData['projectname']); $success = $project->deleteServiceGroup($formData['groupname'], $project); if ($success) { $this->getOutput()->addWikiMsg('openstackmanager-removedservicegroup'); } else { $this->getOutput()->addWikiMsg('openstackmanager-removeservicegroupfailed'); } $out = '<br />'; $out .= Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backservicegrouplist')->escaped()); $this->getOutput()->addHTML($out); return true; }