blob: 72f67da7f96c8dc1a8bb3351c2fe01ed72b1b011 [file] [log] [blame]
Matteo Scandolof0441032017-08-08 13:05:26 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
Scott Bakerb63ea792016-08-11 10:24:48 -070017import os
18import base64
Scott Baker8b75e852016-08-16 15:04:59 -070019from synchronizers.openstack.openstacksyncstep import OpenStackSyncStep
Scott Bakeraf599eb2017-03-21 12:43:26 -070020from synchronizers.new_base.syncstep import *
21from synchronizers.new_base.ansible_helper import *
Scott Bakerb63ea792016-08-11 10:24:48 -070022from xos.logger import observer_logger as logger
Scott Bakeraf599eb2017-03-21 12:43:26 -070023from synchronizers.new_base.modelaccessor import *
Scott Bakerb63ea792016-08-11 10:24:48 -070024
25class SyncControllerUsers(OpenStackSyncStep):
26 provides=[User]
27 requested_interval=0
28 observes=ControllerUser
29 playbook='sync_controller_users.yaml'
30
31 def map_sync_inputs(self, controller_user):
32 if not controller_user.controller.admin_user:
33 logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
34 return
35
36 # All users will have at least the 'user' role at their home site/tenant.
37 # We must also check if the user should have the admin role
38
39 roles = ['user']
40 if controller_user.user.is_admin:
Scott Baker04a37f52016-08-11 10:52:21 -070041 driver = self.driver.admin_driver(controller=controller_user.controller)
Scott Bakerb63ea792016-08-11 10:24:48 -070042 roles.append(driver.get_admin_role().name)
43
44 # setup user home site roles at controller
45 if not controller_user.user.site:
46 raise Exception('Siteless user %s'%controller_user.user.email)
47 else:
Scott Bakerb63ea792016-08-11 10:24:48 -070048 user_fields = {
49 'endpoint':controller_user.controller.auth_url,
50 'endpoint_v3': controller_user.controller.auth_url_v3,
51 'domain': controller_user.controller.domain,
52 'name': controller_user.user.email,
53 'email': controller_user.user.email,
54 'password': controller_user.user.remote_password,
55 'admin_user': controller_user.controller.admin_user,
56 'admin_password': controller_user.controller.admin_password,
57 'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
58 'admin_project': controller_user.controller.admin_tenant,
59 'roles':roles,
60 'project':controller_user.user.site.login_base
61 }
62 return user_fields
63
64 def map_sync_outputs(self, controller_user, res):
65 controller_user.kuser_id = res[0]['user']['id']
Sapan Bhatia54b0ffe2017-08-29 18:39:53 -040066 controller_user.backend_status = 'OK'
67 controller_user.backend_code = 1
Scott Bakerb63ea792016-08-11 10:24:48 -070068 controller_user.save()
69
70 def delete_record(self, controller_user):
71 if controller_user.kuser_id:
72 driver = self.driver.admin_driver(controller=controller_user.controller)
73 driver.delete_user(controller_user.kuser_id)