From 358d70570ac7f44c401c82a15ff1b512c97f386d Mon Sep 17 00:00:00 2001 From: Modulos Date: Thu, 11 May 2017 12:45:09 +0200 Subject: [PATCH] Add authentication --- .../migrations/0002_auto_20170511_0246.py | 20 ++++++ .../migrations/0003_virtualmachine_owner.py | 24 +++++++ opennebula_api/models.py | 63 +++++++++++-------- opennebula_api/permissions.py | 10 +++ opennebula_api/serializers.py | 22 ++++++- opennebula_api/urls.py | 18 ++++++ opennebula_api/views.py | 22 ++++++- 7 files changed, 149 insertions(+), 30 deletions(-) create mode 100644 opennebula_api/migrations/0002_auto_20170511_0246.py create mode 100644 opennebula_api/migrations/0003_virtualmachine_owner.py create mode 100644 opennebula_api/permissions.py create mode 100644 opennebula_api/urls.py diff --git a/opennebula_api/migrations/0002_auto_20170511_0246.py b/opennebula_api/migrations/0002_auto_20170511_0246.py new file mode 100644 index 00000000..0d6b7287 --- /dev/null +++ b/opennebula_api/migrations/0002_auto_20170511_0246.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.9.4 on 2017-05-11 02:46 +from __future__ import unicode_literals + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('opennebula_api', '0001_initial'), + ] + + operations = [ + migrations.RenameField( + model_name='virtualmachine', + old_name='template', + new_name='vm_template', + ), + ] diff --git a/opennebula_api/migrations/0003_virtualmachine_owner.py b/opennebula_api/migrations/0003_virtualmachine_owner.py new file mode 100644 index 00000000..415ddb9b --- /dev/null +++ b/opennebula_api/migrations/0003_virtualmachine_owner.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.9.4 on 2017-05-11 09:06 +from __future__ import unicode_literals + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('opennebula_api', '0002_auto_20170511_0246'), + ] + + operations = [ + migrations.AddField( + model_name='virtualmachine', + name='owner', + field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, related_name='virtual_machines', to=settings.AUTH_USER_MODEL), + preserve_default=False, + ), + ] diff --git a/opennebula_api/models.py b/opennebula_api/models.py index 6a7ba2fc..babec433 100644 --- a/opennebula_api/models.py +++ b/opennebula_api/models.py @@ -3,6 +3,9 @@ import socket from django.db import models from django.conf import settings +from django.utils.functional import cached_property + +from membership.models import CustomUser from oca.pool import WrongNameError @@ -14,8 +17,13 @@ class VirtualMachineTemplate(models.Model): core_price = models.FloatField() disk_size_price = models.FloatField() + @cached_property + def template(self): + template = OpenNebulaManager()._get_template(self.opennebula_id) + return template + def calculate_price(self): - template = OpenNebulaManager()._get_template(self.opennebula_id).template + template = self.template.template price = int(template.vcpu) * self.core_price price += int(template.memory) / 1024 * self.memory_price @@ -28,17 +36,17 @@ class VirtualMachineTemplate(models.Model): def get_name(self): - template = OpenNebulaManager()._get_template(template_id=self.opennebula_id) + template = self.template return template.name def get_cores(self): - template = OpenNebulaManager()._get_template(template_id=self.opennebula_id).template + template = self.template.template return int(template.vcpu) def get_disk_size(self): - template = OpenNebulaManager()._get_template(template_id=self.opennebula_id).template + template = self.template.template disk_size = 0 for disk in template.disks: disk_size += int(disk.size) @@ -46,12 +54,13 @@ class VirtualMachineTemplate(models.Model): def get_memory(self): - template = OpenNebulaManager()._get_template(template_id=self.opennebula_id).template + template = self.template.template return int(template.memory) / 1024 class VirtualMachine(models.Model): """This class represents an opennebula virtual machine.""" opennebula_id = models.IntegerField() + owner = models.ForeignKey(CustomUser, related_name='virtual_machines') vm_template = models.ForeignKey(VirtualMachineTemplate) VM_STATE = { @@ -68,10 +77,17 @@ class VirtualMachine(models.Model): '11': 'CLONING_FAILURE', } + @cached_property + def vm(self): + manager = OpenNebulaManager(email=self.owner.email, + password=self.owner.password[0:20], + create_user=True) + vm = manager._get_vm(self.opennebula_id) + return vm + def get_name(self): - vm = OpenNebulaManager()._get_vm(vm_id=self.opennebula_id) - return vm.name + return self.vm.name def get_cores(self): @@ -87,21 +103,18 @@ class VirtualMachine(models.Model): def get_id(self): - vm = OpenNebulaManager()._get_vm(vm_id=self.opennebula_id) - return vm.id + return self.vm.id def get_ip(self): - vm = OpenNebulaManager()._get_vm(vm_id=self.opennebula_id) try: - return vm.user_template.ungleich_public_ip + return self.vm.user_template.ungleich_public_ip except AttributeError: return '-' def get_state(self): - vm = OpenNebulaManager()._get_vm(vm_id=self.opennebula_id) - return self.VM_STATE.get(str(vm.state)) + return self.VM_STATE.get(str(self.vm.state)) def get_price(self): return self.vm_template.calculate_price() @@ -175,8 +188,13 @@ class OpenNebulaManager(): def _get_vm_pool(self): try: - vm_pool = oca.VirtualMachinePool(self.oneadmin_client) - vm_pool.info() + vm_pool = oca.VirtualMachinePool(self.client) + vm_pool.info() + except AttributeError: + print('Could not connect via client, using oneadmin instead') + vm_pool = oca.VirtualMachinePool(self.oneadmin_client) + vm_pool.info(filter=-2) + #TODO: Replace with logger except ConnectionRefusedError: print('Could not connect to host: {host} via protocol {protocol}'.format( @@ -189,16 +207,13 @@ class OpenNebulaManager(): def _get_vm(self, vm_id): vm_pool = self._get_vm_pool() - # Get virtual machines from all users - vm_pool.info(filter=-2) return vm_pool.get_by_id(vm_id) def create_vm(self, template_id): - template_pool = self._get_template_pool() - - template = template_pool.get_by_id(template_id) - - vm_id = template.instantiate() + vm_id = self.oneadmin_client.call( + oca.VmTemplate.METHODS['instantiate'], + template_id, + ) try: self.oneadmin_client.call( oca.VirtualMachine.METHODS['chown'], @@ -207,7 +222,7 @@ class OpenNebulaManager(): self.opennebula_user.group_ids[0] ) except AttributeError: - pass + print('Could not change owner, opennebula_user is not set.') return vm_id def delete_vm(self, vm_id): @@ -269,5 +284,3 @@ class OpenNebulaManager(): def delete_template(self, template_id): self.oneadmin_client.call(oca.VmTemplate.METHODS['delete'], template_id, False) - - diff --git a/opennebula_api/permissions.py b/opennebula_api/permissions.py new file mode 100644 index 00000000..aebdabc3 --- /dev/null +++ b/opennebula_api/permissions.py @@ -0,0 +1,10 @@ +from rest_framework.permissions import BasePermission + +from .models import VirtualMachine + +class IsOwner(BasePermission): + + def has_object_permission(self, request, view, obj): + if isinstance(obj, VirtualMachine): + return obj.owner == request.user + return obj.owner == request.user diff --git a/opennebula_api/serializers.py b/opennebula_api/serializers.py index e8ff33bd..376bf471 100644 --- a/opennebula_api/serializers.py +++ b/opennebula_api/serializers.py @@ -60,6 +60,8 @@ class VirtualMachineSerializer(serializers.ModelSerializer): state = serializers.CharField(read_only=True, source='get_state') price = serializers.FloatField(read_only=True, source='get_price') + owner = serializers.ReadOnlyField(source='owner.name') + vm_template = VirtualMachineTemplateSerializer(read_only=True) vm_template_id = TemplatePrimaryKeyRelatedField( @@ -71,15 +73,18 @@ class VirtualMachineSerializer(serializers.ModelSerializer): model = VirtualMachine fields = ('id', 'opennebula_id', 'vm_template', 'vm_template_id', 'cores', 'name', 'disk_size', 'memory', 'ip', 'deploy_id', 'state', 'vm_id', - 'price') + 'price', 'owner') read_only_fields = ('opennebula_id', ) def validate(self, data): # Create the opennebula model - manager = OpenNebulaManager(create_user = False) try: template_id = data['vm_template'].opennebula_id + owner = self.context.get('request').user + manager = OpenNebulaManager(email=owner.email, + password=owner.password[0:20], + create_user = True) opennebula_id = manager.create_vm(template_id) data.update({'opennebula_id':opennebula_id}) except OpenNebulaException as err: @@ -90,4 +95,17 @@ class VirtualMachineSerializer(serializers.ModelSerializer): def create(self, validated_data): return VirtualMachine.objects.create(**validated_data) + def update(self, instance, validated_data): + pass + + def delete(self, instance, validated_data): + try: + owner = instance.owner + manager = OpenNebulaManager(email=owner.email, + password=owner.password[0:20], + create_user = True) + manager.delete_vm(template_id) + except OpenNebulaException as err: + raise serializers.ValidationError("OpenNebulaException occured. {0}".format(err)) + diff --git a/opennebula_api/urls.py b/opennebula_api/urls.py new file mode 100644 index 00000000..be5bdbf2 --- /dev/null +++ b/opennebula_api/urls.py @@ -0,0 +1,18 @@ +from django.conf.urls import url, include +from rest_framework.urlpatterns import format_suffix_patterns +from .views import TemplateCreateView, TemplateDetailsView,\ + VmCreateView, VmDetailsView + +urlpatterns = { + url(r'^auth/', include('rest_framework.urls', namespace='rest_framework')), + + url(r'^templates/$', TemplateCreateView.as_view(), name="template_create"), + url(r'^templates/(?P[0-9]+)/$', TemplateDetailsView.as_view(), + name="templates_details"), + + url(r'^vms/$', VmCreateView.as_view(), name="vm_create"), + url(r'^vms/(?P[0-9]+)/$', VmDetailsView.as_view(), + name="vm_details"), +} + +urlpatterns = format_suffix_patterns(urlpatterns) diff --git a/opennebula_api/views.py b/opennebula_api/views.py index 4cd237ae..ee6f487a 100644 --- a/opennebula_api/views.py +++ b/opennebula_api/views.py @@ -1,13 +1,26 @@ from rest_framework import generics +from rest_framework import permissions + +from django.contrib.auth.mixins import LoginRequiredMixin +from django.contrib.auth import authenticate, login + + +from utils.views import LoginViewMixin +from membership.models import CustomUser, StripeCustomer +from guardian.mixins import PermissionRequiredMixin from .serializers import VirtualMachineTemplateSerializer, \ VirtualMachineSerializer from .models import VirtualMachineTemplate, VirtualMachine, OpenNebulaManager +from .permissions import IsOwner + class TemplateCreateView(generics.ListCreateAPIView): - """This class defines the create behavior of our rest api.""" + """This class handles the GET and POST requests.""" + queryset = VirtualMachineTemplate.objects.all() serializer_class = VirtualMachineTemplateSerializer + permission_classes = (permissions.IsAuthenticated, permissions.IsAdminUser) def perform_create(self, serializer): """Save the post data when creating a new template.""" @@ -18,18 +31,21 @@ class TemplateDetailsView(generics.RetrieveUpdateDestroyAPIView): queryset = VirtualMachineTemplate.objects.all() serializer_class = VirtualMachineTemplateSerializer + permission_classes = (permissions.IsAuthenticated) class VmCreateView(generics.ListCreateAPIView): - """This class defines the create behavior of our rest api.""" + """This class handles the GET and POST requests.""" queryset = VirtualMachine.objects.all() serializer_class = VirtualMachineSerializer + permission_classes = (permissions.IsAuthenticated, IsOwner) def perform_create(self, serializer): """Save the post data when creating a new template.""" - serializer.save() + serializer.save(owner=self.request.user) class VmDetailsView(generics.RetrieveUpdateDestroyAPIView): """This class handles the http GET, PUT and DELETE requests.""" + permission_classes = (permissions.IsAuthenticated, IsOwner) queryset = VirtualMachine.objects.all() serializer_class = VirtualMachineSerializer