Gitiles
Code Review Sign In
gerrit.opencord.org / openstack / c808c6760c5bcdc8c851ac36d4e33c26c00ed9cd / . / xos / synchronizer / steps / sync_controller_site_privileges.py
blob: bfe436dd3f375fe95a1c2983a457b220deac9bf2 [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -0700[diff] [blame]1
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]17import os
18import base64
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]19import json
Scott Bakerc808c672019-02-04 11:38:20 -0800[diff] [blame^]20from openstacksyncstep import OpenStackSyncStep
21from xossynchronizer.modelaccessor import *
22from xosconfig import Config
23from multistructlog import create_logger
24
25log = create_logger(Config().get('logging'))
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]26
27class SyncControllerSitePrivileges(OpenStackSyncStep):
28 provides=[SitePrivilege]
29 requested_interval=0
30 observes=ControllerSitePrivilege
31 playbook='sync_controller_users.yaml'
32
33 def map_sync_inputs(self, controller_site_privilege):
34 controller_register = json.loads(controller_site_privilege.controller.backend_register)
35 if not controller_site_privilege.controller.admin_user:
36 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
37 return
38
39 roles = [controller_site_privilege.site_privilege.role.role]
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]40 # setup user home site roles at controller
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]41 if not controller_site_privilege.site_privilege.user.site:
42 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
43 else:
44 # look up tenant id for the user's site at the controller
45 #ctrl_site_deployments = SiteDeployment.objects.filter(
46 # site_deployment__site=controller_site_privilege.user.site,
47 # controller=controller_site_privilege.controller)
48
49 #if ctrl_site_deployments:
50 # # need the correct tenant id for site at the controller
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]51 # tenant_id = ctrl_site_deployments[0].tenant_id
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]52 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
53 user_fields = {
54 'endpoint':controller_site_privilege.controller.auth_url,
55 'endpoint_v3': controller_site_privilege.controller.auth_url_v3,
56 'domain': controller_site_privilege.controller.domain,
57 'name': controller_site_privilege.site_privilege.user.email,
58 'email': controller_site_privilege.site_privilege.user.email,
59 'password': controller_site_privilege.site_privilege.user.remote_password,
60 'admin_user': controller_site_privilege.controller.admin_user,
61 'admin_password': controller_site_privilege.controller.admin_password,
62 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
63 'admin_tenant': controller_site_privilege.controller.admin_tenant,
64 'roles':roles,
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]65 'tenant':controller_site_privilege.site_privilege.site.login_base}
66
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]67 return user_fields
68
69 def map_sync_outputs(self, controller_site_privilege, res):
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]70 # results is an array in which each element corresponds to an
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]71 # "ok" string received per operation. If we get as many oks as
72 # the number of operations we issued, that means a grand success.
73 # Otherwise, the number of oks tell us which operation failed.
74 controller_site_privilege.role_id = res[0]['id']
75 controller_site_privilege.save()
76
77 def delete_record(self, controller_site_privilege):
78 controller_register = json.loads(controller_site_privilege.controller.backend_register)
79 if (controller_register.get('disabled',False)):
80 raise InnocuousException('Controller %s is disabled'%controller_site_privilege.controller.name)
81
82 if controller_site_privilege.role_id:
83 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
84 user = ControllerUser.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]85 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]86 user=controller_site_privilege.site_privilege.user
87 )
88 site = ControllerSite.objects.get(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]89 controller=controller_site_privilege.controller,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]90 user=controller_site_privilege.site_privilege.user
91 )
92 driver.delete_user_role(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]93 user.kuser_id,
94 site.tenant_id,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]95 controller_site_privilege.site_prvilege.role.role
96 )