blob: 72e5b0492177f36094f707f86dc493fb86f01f85 [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -070017import os
18import base64
Scott Bakeraf599eb2017-03-21 12:43:26 -070019import json
Scott Baker8b75e852016-08-16 15:04:59 -070020from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep
Scott Bakeraf599eb2017-03-21 12:43:26 -070021from synchronizers.new_base.syncstep import *
Scott Bakerb63ea792016-08-11 10:24:48 -070022from xos.logger import observer_logger as logger
Scott Bakeraf599eb2017-03-21 12:43:26 -070023from synchronizers.new_base.ansible_helper import *
24from synchronizers.new_base.modelaccessor import *
Scott Bakerb63ea792016-08-11 10:24:48 -070025
26class SyncControllerSitePrivileges(OpenStackSyncStep):
27 provides=[SitePrivilege]
28 requested_interval=0
29 observes=ControllerSitePrivilege
30 playbook='sync_controller_users.yaml'
31
32 def map_sync_inputs(self, controller_site_privilege):
33 controller_register = json.loads(controller_site_privilege.controller.backend_register)
34 if not controller_site_privilege.controller.admin_user:
35 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
36 return
37
38 roles = [controller_site_privilege.site_privilege.role.role]
Andy Bavier66f9f342018-04-12 16:16:03 -070039 # setup user home site roles at controller
Scott Bakerb63ea792016-08-11 10:24:48 -070040 if not controller_site_privilege.site_privilege.user.site:
41 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
42 else:
43 # look up tenant id for the user's site at the controller
44 #ctrl_site_deployments = SiteDeployment.objects.filter(
45 # site_deployment__site=controller_site_privilege.user.site,
46 # controller=controller_site_privilege.controller)
47
48 #if ctrl_site_deployments:
49 # # need the correct tenant id for site at the controller
Andy Bavier66f9f342018-04-12 16:16:03 -070050 # tenant_id = ctrl_site_deployments[0].tenant_id
Scott Bakerb63ea792016-08-11 10:24:48 -070051 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
52 user_fields = {
53 'endpoint':controller_site_privilege.controller.auth_url,
54 'endpoint_v3': controller_site_privilege.controller.auth_url_v3,
55 'domain': controller_site_privilege.controller.domain,
56 'name': controller_site_privilege.site_privilege.user.email,
57 'email': controller_site_privilege.site_privilege.user.email,
58 'password': controller_site_privilege.site_privilege.user.remote_password,
59 'admin_user': controller_site_privilege.controller.admin_user,
60 'admin_password': controller_site_privilege.controller.admin_password,
61 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
62 'admin_tenant': controller_site_privilege.controller.admin_tenant,
63 'roles':roles,
Andy Bavier66f9f342018-04-12 16:16:03 -070064 'tenant':controller_site_privilege.site_privilege.site.login_base}
65
Scott Bakerb63ea792016-08-11 10:24:48 -070066 return user_fields
67
68 def map_sync_outputs(self, controller_site_privilege, res):
Andy Bavier66f9f342018-04-12 16:16:03 -070069 # results is an array in which each element corresponds to an
Scott Bakerb63ea792016-08-11 10:24:48 -070070 # "ok" string received per operation. If we get as many oks as
71 # the number of operations we issued, that means a grand success.
72 # Otherwise, the number of oks tell us which operation failed.
73 controller_site_privilege.role_id = res[0]['id']
74 controller_site_privilege.save()
75
76 def delete_record(self, controller_site_privilege):
77 controller_register = json.loads(controller_site_privilege.controller.backend_register)
78 if (controller_register.get('disabled',False)):
79 raise InnocuousException('Controller %s is disabled'%controller_site_privilege.controller.name)
80
81 if controller_site_privilege.role_id:
82 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
83 user = ControllerUser.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -070084 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -070085 user=controller_site_privilege.site_privilege.user
86 )
87 site = ControllerSite.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -070088 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -070089 user=controller_site_privilege.site_privilege.user
90 )
91 driver.delete_user_role(
Andy Bavier66f9f342018-04-12 16:16:03 -070092 user.kuser_id,
93 site.tenant_id,
Scott Bakerb63ea792016-08-11 10:24:48 -070094 controller_site_privilege.site_prvilege.role.role
95 )