Gitiles
Code Review Sign In
gerrit.opencord.org / openstack / 32f4ffc3484880d2b148bdea395dc953004cc203 / . / xos / synchronizer / steps / sync_controller_site_privileges.py
blob: 72e5b0492177f36094f707f86dc493fb86f01f85 [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -0700[diff] [blame]1
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]17import os
18import base64
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]19import json
Scott Baker8b75e852016-08-16 15:04:59 -0700[diff] [blame]20from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]21from synchronizers.new_base.syncstep import *
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]22from xos.logger import observer_logger as logger
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]23from synchronizers.new_base.ansible_helper import *
24from synchronizers.new_base.modelaccessor import *
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]25
26class SyncControllerSitePrivileges(OpenStackSyncStep):
27 provides=[SitePrivilege]
28 requested_interval=0
29 observes=ControllerSitePrivilege
30 playbook='sync_controller_users.yaml'
31
32 def map_sync_inputs(self, controller_site_privilege):
33 controller_register = json.loads(controller_site_privilege.controller.backend_register)
34 if not controller_site_privilege.controller.admin_user:
35 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
36 return
37
38 roles = [controller_site_privilege.site_privilege.role.role]
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]39 # setup user home site roles at controller
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]40 if not controller_site_privilege.site_privilege.user.site:
41 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
42 else:
43 # look up tenant id for the user's site at the controller
44 #ctrl_site_deployments = SiteDeployment.objects.filter(
45 # site_deployment__site=controller_site_privilege.user.site,
46 # controller=controller_site_privilege.controller)
47
48 #if ctrl_site_deployments:
49 # # need the correct tenant id for site at the controller
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]50 # tenant_id = ctrl_site_deployments[0].tenant_id
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]51 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
52 user_fields = {
53 'endpoint':controller_site_privilege.controller.auth_url,
54 'endpoint_v3': controller_site_privilege.controller.auth_url_v3,
55 'domain': controller_site_privilege.controller.domain,
56 'name': controller_site_privilege.site_privilege.user.email,
57 'email': controller_site_privilege.site_privilege.user.email,
58 'password': controller_site_privilege.site_privilege.user.remote_password,
59 'admin_user': controller_site_privilege.controller.admin_user,
60 'admin_password': controller_site_privilege.controller.admin_password,
61 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
62 'admin_tenant': controller_site_privilege.controller.admin_tenant,
63 'roles':roles,
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]64 'tenant':controller_site_privilege.site_privilege.site.login_base}
65
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]66 return user_fields
67
68 def map_sync_outputs(self, controller_site_privilege, res):
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]69 # results is an array in which each element corresponds to an
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]70 # "ok" string received per operation. If we get as many oks as
71 # the number of operations we issued, that means a grand success.
72 # Otherwise, the number of oks tell us which operation failed.
73 controller_site_privilege.role_id = res[0]['id']
74 controller_site_privilege.save()
75
76 def delete_record(self, controller_site_privilege):
77 controller_register = json.loads(controller_site_privilege.controller.backend_register)
78 if (controller_register.get('disabled',False)):
79 raise InnocuousException('Controller %s is disabled'%controller_site_privilege.controller.name)
80
81 if controller_site_privilege.role_id:
82 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
83 user = ControllerUser.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]84 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]85 user=controller_site_privilege.site_privilege.user
86 )
87 site = ControllerSite.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]88 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]89 user=controller_site_privilege.site_privilege.user
90 )
91 driver.delete_user_role(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]92 user.kuser_id,
93 site.tenant_id,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]94 controller_site_privilege.site_prvilege.role.role
95 )