Gitiles
Code Review Sign In
gerrit.opencord.org / openstack / c808c6760c5bcdc8c851ac36d4e33c26c00ed9cd / . / xos / synchronizer / steps / sync_controller_slice_privileges.py
blob: 5e8466efcb61273d35268d89407669e3f8fb5dde [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -0700[diff] [blame]1
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]17import os
18import base64
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]19import json
Scott Bakerc808c672019-02-04 11:38:20 -0800[diff] [blame^]20from openstacksyncstep import OpenStackSyncStep
21from xossynchronizer.modelaccessor import *
22from xosconfig import Config
23from multistructlog import create_logger
24
25log = create_logger(Config().get('logging'))
26
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]27
28class SyncControllerSlicePrivileges(OpenStackSyncStep):
29 provides=[SlicePrivilege]
30 requested_interval=0
31 observes=ControllerSlicePrivilege
32 playbook = 'sync_controller_users.yaml'
33
34 def map_sync_inputs(self, controller_slice_privilege):
35 if not controller_slice_privilege.controller.admin_user:
Scott Bakerc808c672019-02-04 11:38:20 -0800[diff] [blame^]36 log.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]37 return
38
39 template = os_template_env.get_template('sync_controller_users.yaml')
40 roles = [controller_slice_privilege.slice_privilege.role.role]
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]41 # setup user home slice roles at controller
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]42 if not controller_slice_privilege.slice_privilege.user.site:
43 raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
44 else:
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]45 user_fields = {
46 'endpoint':controller_slice_privilege.controller.auth_url,
47 'endpoint_v3': controller_slice_privilege.controller.auth_url_v3,
48 'domain': controller_slice_privilege.controller.domain,
49 'name': controller_slice_privilege.slice_privilege.user.email,
50 'email': controller_slice_privilege.slice_privilege.user.email,
51 'password': controller_slice_privilege.slice_privilege.user.remote_password,
52 'admin_user': controller_slice_privilege.controller.admin_user,
53 'admin_password': controller_slice_privilege.controller.admin_password,
54 'ansible_tag':'%s@%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.slice_privilege.slice.name,controller_slice_privilege.controller.name),
55 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
56 'roles':roles,
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]57 'tenant':controller_slice_privilege.slice_privilege.slice.name}
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]58 return user_fields
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]59
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]60 def map_sync_outputs(self, controller_slice_privilege, res):
61 controller_slice_privilege.role_id = res[0]['id']
62 controller_slice_privilege.save()
63
64 def delete_record(self, controller_slice_privilege):
65 controller_register = json.loads(controller_slice_privilege.controller.backend_register)
66 if (controller_register.get('disabled',False)):
67 raise InnocuousException('Controller %s is disabled'%controller_slice_privilege.controller.name)
68
69 if controller_slice_privilege.role_id:
70 driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]71 user = ControllerUser.objects.filter(
72 controller_id=controller_slice_privilege.controller.id,
73 user_id=controller_slice_privilege.slice_privilege.user.id
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]74 )
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]75 user = user[0]
76 slice = ControllerSlice.objects.filter(
77 controller_id=controller_slice_privilege.controller.id,
78 user_id=controller_slice_privilege.slice_privilege.user.id
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]79 )
Scott Bakeraf599eb2017-03-21 12:43:26 -0700[diff] [blame]80 slice = slice[0]
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]81 driver.delete_user_role(
Andy Bavier66f9f342018-04-12 16:16:03 -0700[diff] [blame]82 user.kuser_id,
83 slice.tenant_id,
Scott Bakerb63ea792016-08-11 10:24:48 -0700[diff] [blame]84 controller_slice_privilege.slice_prvilege.role.role
85 )