blob: e598e1cc544d4b92cafcf0524f4da99292f30d67 [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -070017import os
18import base64
Scott Bakeraf599eb2017-03-21 12:43:26 -070019import json
Scott Baker8b75e852016-08-16 15:04:59 -070020from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep
Scott Bakeraf599eb2017-03-21 12:43:26 -070021from synchronizers.new_base.syncstep import *
22from synchronizers.new_base.ansible_helper import *
Scott Bakerb63ea792016-08-11 10:24:48 -070023from xos.logger import observer_logger as logger
Scott Bakeraf599eb2017-03-21 12:43:26 -070024from synchronizers.new_base.modelaccessor import *
Scott Bakerb63ea792016-08-11 10:24:48 -070025
26class SyncControllerSlicePrivileges(OpenStackSyncStep):
27 provides=[SlicePrivilege]
28 requested_interval=0
29 observes=ControllerSlicePrivilege
30 playbook = 'sync_controller_users.yaml'
31
32 def map_sync_inputs(self, controller_slice_privilege):
33 if not controller_slice_privilege.controller.admin_user:
34 logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
35 return
36
37 template = os_template_env.get_template('sync_controller_users.yaml')
38 roles = [controller_slice_privilege.slice_privilege.role.role]
Andy Bavier66f9f342018-04-12 16:16:03 -070039 # setup user home slice roles at controller
Scott Bakerb63ea792016-08-11 10:24:48 -070040 if not controller_slice_privilege.slice_privilege.user.site:
41 raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
42 else:
Scott Bakerb63ea792016-08-11 10:24:48 -070043 user_fields = {
44 'endpoint':controller_slice_privilege.controller.auth_url,
45 'endpoint_v3': controller_slice_privilege.controller.auth_url_v3,
46 'domain': controller_slice_privilege.controller.domain,
47 'name': controller_slice_privilege.slice_privilege.user.email,
48 'email': controller_slice_privilege.slice_privilege.user.email,
49 'password': controller_slice_privilege.slice_privilege.user.remote_password,
50 'admin_user': controller_slice_privilege.controller.admin_user,
51 'admin_password': controller_slice_privilege.controller.admin_password,
52 'ansible_tag':'%s@%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.slice_privilege.slice.name,controller_slice_privilege.controller.name),
53 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
54 'roles':roles,
Andy Bavier66f9f342018-04-12 16:16:03 -070055 'tenant':controller_slice_privilege.slice_privilege.slice.name}
Scott Bakerb63ea792016-08-11 10:24:48 -070056 return user_fields
Andy Bavier66f9f342018-04-12 16:16:03 -070057
Scott Bakerb63ea792016-08-11 10:24:48 -070058 def map_sync_outputs(self, controller_slice_privilege, res):
59 controller_slice_privilege.role_id = res[0]['id']
60 controller_slice_privilege.save()
61
62 def delete_record(self, controller_slice_privilege):
63 controller_register = json.loads(controller_slice_privilege.controller.backend_register)
64 if (controller_register.get('disabled',False)):
65 raise InnocuousException('Controller %s is disabled'%controller_slice_privilege.controller.name)
66
67 if controller_slice_privilege.role_id:
68 driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
Scott Bakeraf599eb2017-03-21 12:43:26 -070069 user = ControllerUser.objects.filter(
70 controller_id=controller_slice_privilege.controller.id,
71 user_id=controller_slice_privilege.slice_privilege.user.id
Scott Bakerb63ea792016-08-11 10:24:48 -070072 )
Scott Bakeraf599eb2017-03-21 12:43:26 -070073 user = user[0]
74 slice = ControllerSlice.objects.filter(
75 controller_id=controller_slice_privilege.controller.id,
76 user_id=controller_slice_privilege.slice_privilege.user.id
Scott Bakerb63ea792016-08-11 10:24:48 -070077 )
Scott Bakeraf599eb2017-03-21 12:43:26 -070078 slice = slice[0]
Scott Bakerb63ea792016-08-11 10:24:48 -070079 driver.delete_user_role(
Andy Bavier66f9f342018-04-12 16:16:03 -070080 user.kuser_id,
81 slice.tenant_id,
Scott Bakerb63ea792016-08-11 10:24:48 -070082 controller_slice_privilege.slice_prvilege.role.role
83 )