Blame - xos/synchronizer/steps/sync_controller_slice_privileges.py - openstack - Gitiles

blob: b7c04873ea38ded05bf116fc5703f4aab48bed52 [file] [log] [blame]

Scott Baker	b63ea79	2016-08-11 10:24:48 -0700	[diff] [blame]	1	import os
				2	import base64
				3	from collections import defaultdict
				4	from django.db.models import F, Q
				5	from xos.config import Config
Scott Baker	8b75e85	2016-08-16 15:04:59 -0700	[diff] [blame]	6	from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep
Scott Baker	b63ea79	2016-08-11 10:24:48 -0700	[diff] [blame]	7	from synchronizers.base.syncstep import *
				8	from core.models.slice import Controller, SlicePrivilege
				9	from core.models.user import User
				10	from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
Sapan Bhatia	259205e	2017-01-24 19:32:59 +0100	[diff] [blame^]	11	from synchronizers.base.ansible_helper import *
Scott Baker	b63ea79	2016-08-11 10:24:48 -0700	[diff] [blame]	12	from xos.logger import observer_logger as logger
				13	import json
				14
				15	class SyncControllerSlicePrivileges(OpenStackSyncStep):
				16	provides=[SlicePrivilege]
				17	requested_interval=0
				18	observes=ControllerSlicePrivilege
				19	playbook = 'sync_controller_users.yaml'
				20
				21	def map_sync_inputs(self, controller_slice_privilege):
				22	if not controller_slice_privilege.controller.admin_user:
				23	logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
				24	return
				25
				26	template = os_template_env.get_template('sync_controller_users.yaml')
				27	roles = [controller_slice_privilege.slice_privilege.role.role]
				28	# setup user home slice roles at controller
				29	if not controller_slice_privilege.slice_privilege.user.site:
				30	raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
				31	else:
				32	# look up tenant id for the user's slice at the controller
				33	#ctrl_slice_deployments = SliceDeployment.objects.filter(
				34	# slice_deployment__slice=controller_slice_privilege.user.slice,
				35	# controller=controller_slice_privilege.controller)
				36
				37	#if ctrl_slice_deployments:
				38	# # need the correct tenant id for slice at the controller
				39	# tenant_id = ctrl_slice_deployments[0].tenant_id
				40	# tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
				41	user_fields = {
				42	'endpoint':controller_slice_privilege.controller.auth_url,
				43	'endpoint_v3': controller_slice_privilege.controller.auth_url_v3,
				44	'domain': controller_slice_privilege.controller.domain,
				45	'name': controller_slice_privilege.slice_privilege.user.email,
				46	'email': controller_slice_privilege.slice_privilege.user.email,
				47	'password': controller_slice_privilege.slice_privilege.user.remote_password,
				48	'admin_user': controller_slice_privilege.controller.admin_user,
				49	'admin_password': controller_slice_privilege.controller.admin_password,
				50	'ansible_tag':'%s@%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.slice_privilege.slice.name,controller_slice_privilege.controller.name),
				51	'admin_tenant': controller_slice_privilege.controller.admin_tenant,
				52	'roles':roles,
				53	'tenant':controller_slice_privilege.slice_privilege.slice.name}
				54	return user_fields
				55
				56	def map_sync_outputs(self, controller_slice_privilege, res):
				57	controller_slice_privilege.role_id = res[0]['id']
				58	controller_slice_privilege.save()
				59
				60	def delete_record(self, controller_slice_privilege):
				61	controller_register = json.loads(controller_slice_privilege.controller.backend_register)
				62	if (controller_register.get('disabled',False)):
				63	raise InnocuousException('Controller %s is disabled'%controller_slice_privilege.controller.name)
				64
				65	if controller_slice_privilege.role_id:
				66	driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
				67	user = ControllerUser.objects.get(
				68	controller=controller_slice_privilege.controller,
				69	user=controller_slice_privilege.slice_privilege.user
				70	)
				71	slice = ControllerSlice.objects.get(
				72	controller=controller_slice_privilege.controller,
				73	user=controller_slice_privilege.slice_privilege.user
				74	)
				75	driver.delete_user_role(
				76	user.kuser_id,
				77	slice.tenant_id,
				78	controller_slice_privilege.slice_prvilege.role.role
				79	)