commit bba67b67188497c6d4a974723ca89489c0cd7c47
author Scott Baker <smbaker@gmail.com> Mon Jan 28 17:38:21 2019 -0800
committer Scott Baker <smbaker@gmail.com> Wed Jan 30 09:42:55 2019 -0800
tree 87a6d8ca65ef5a65491673445a768a1bd342d621
parent b459b20c786636effc1438aed6d9428827d49780

SEBA-405 Convert synchronizer framework to library

Change-Id: If8562f23dc15c7d18d7a8b040b33756708b3c5ec

lib/xos-synchronizer/tests/steps/sync_controller_site_privileges.py

diff --git a/lib/xos-synchronizer/tests/steps/sync_controller_site_privileges.py b/lib/xos-synchronizer/tests/steps/sync_controller_site_privileges.py
new file mode 100644
index 0000000..65d3985
--- /dev/null
+++ b/lib/xos-synchronizer/tests/steps/sync_controller_site_privileges.py
@@ -0,0 +1,107 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import base64
+import json
+from xossynchronizer.steps.syncstep import SyncStep
+from xossynchronizer.mock_modelaccessor import *
+
+class SyncControllerSitePrivileges(SyncStep):
+    provides = [SitePrivilege]
+    requested_interval = 0
+    observes = ControllerSitePrivilege
+    playbook = "sync_controller_users.yaml"
+
+    def map_sync_inputs(self, controller_site_privilege):
+        controller_register = json.loads(
+            controller_site_privilege.controller.backend_register
+        )
+        if not controller_site_privilege.controller.admin_user:
+            return
+
+        roles = [controller_site_privilege.site_privilege.role.role]
+        # setup user home site roles at controller
+        if not controller_site_privilege.site_privilege.user.site:
+            raise Exception(
+                "Siteless user %s" % controller_site_privilege.site_privilege.user.email
+            )
+        else:
+            # look up tenant id for the user's site at the controller
+            # ctrl_site_deployments = SiteDeployment.objects.filter(
+            #  site_deployment__site=controller_site_privilege.user.site,
+            #  controller=controller_site_privilege.controller)
+
+            # if ctrl_site_deployments:
+            #    # need the correct tenant id for site at the controller
+            #    tenant_id = ctrl_site_deployments[0].tenant_id
+            #    tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
+            user_fields = {
+                "endpoint": controller_site_privilege.controller.auth_url,
+                "endpoint_v3": controller_site_privilege.controller.auth_url_v3,
+                "domain": controller_site_privilege.controller.domain,
+                "name": controller_site_privilege.site_privilege.user.email,
+                "email": controller_site_privilege.site_privilege.user.email,
+                "password": controller_site_privilege.site_privilege.user.remote_password,
+                "admin_user": controller_site_privilege.controller.admin_user,
+                "admin_password": controller_site_privilege.controller.admin_password,
+                "ansible_tag": "%s@%s"
+                % (
+                    controller_site_privilege.site_privilege.user.email.replace(
+                        "@", "-at-"
+                    ),
+                    controller_site_privilege.controller.name,
+                ),
+                "admin_tenant": controller_site_privilege.controller.admin_tenant,
+                "roles": roles,
+                "tenant": controller_site_privilege.site_privilege.site.login_base,
+            }
+
+            return user_fields
+
+    def map_sync_outputs(self, controller_site_privilege, res):
+        # results is an array in which each element corresponds to an
+        # "ok" string received per operation. If we get as many oks as
+        # the number of operations we issued, that means a grand success.
+        # Otherwise, the number of oks tell us which operation failed.
+        controller_site_privilege.role_id = res[0]["id"]
+        controller_site_privilege.save()
+
+    def delete_record(self, controller_site_privilege):
+        controller_register = json.loads(
+            controller_site_privilege.controller.backend_register
+        )
+        if controller_register.get("disabled", False):
+            raise InnocuousException(
+                "Controller %s is disabled" % controller_site_privilege.controller.name
+            )
+
+        if controller_site_privilege.role_id:
+            driver = self.driver.admin_driver(
+                controller=controller_site_privilege.controller
+            )
+            user = ControllerUser.objects.get(
+                controller=controller_site_privilege.controller,
+                user=controller_site_privilege.site_privilege.user,
+            )
+            site = ControllerSite.objects.get(
+                controller=controller_site_privilege.controller,
+                user=controller_site_privilege.site_privilege.user,
+            )
+            driver.delete_user_role(
+                user.kuser_id,
+                site.tenant_id,
+                controller_site_privilege.site_prvilege.role.role,
+            )