Merge branch 'master' of ssh://git.planet-lab.org/git/plstackapi
diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index 4846a28..c9d3172 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -404,16 +404,6 @@
def queryset(self, request):
return DeploymentPrivilege.select_by_user(request.user)
-class ControllerPrivilegeInline(PlStackTabularInline):
- model = ControllerPrivilege
- extra = 0
- suit_classes = 'suit-tab suit-tab-admin-only'
- fields = ['backend_status_icon', 'user','role','controller']
- readonly_fields = ('backend_status_icon', )
-
- def queryset(self, request):
- return ControllerPrivilege.select_by_user(request.user)
-
class ControllerSiteInline(PlStackTabularInline):
model = ControllerSite
extra = 0
@@ -1217,7 +1207,7 @@
# that reference specific fields on auth.User.
list_display = ('email', 'firstname', 'lastname', 'site', 'last_login')
list_filter = ('site',)
- inlines = [SlicePrivilegeInline,SitePrivilegeInline,ControllerPrivilegeInline,UserDashboardViewInline]
+ inlines = [SlicePrivilegeInline,SitePrivilegeInline,UserDashboardViewInline]
fieldListLoginDetails = ['backend_status_text', 'email','site','password','is_active','is_readonly','is_admin','public_key']
fieldListContactInfo = ['firstname','lastname','phone','timezone']
diff --git a/planetstack/core/models/__init__.py b/planetstack/core/models/__init__.py
index 79c6611..fcb50be 100644
--- a/planetstack/core/models/__init__.py
+++ b/planetstack/core/models/__init__.py
@@ -5,13 +5,13 @@
from .service import ServiceAttribute
from .tag import Tag
from .role import Role
-from .site import Site, Deployment, DeploymentRole, DeploymentPrivilege, Controller, ControllerRole, ControllerPrivilege, ControllerSite, SiteDeployment
+from .site import Site, Deployment, DeploymentRole, DeploymentPrivilege, Controller, ControllerRole, ControllerSite, SiteDeployment
from .dashboard import DashboardView, ControllerDashboardView
from .user import User, UserDashboardView
from .serviceclass import ServiceClass
from .site import ControllerManager, ControllerDeletionManager, ControllerLinkManager,ControllerLinkDeletionManager
from .slice import Slice, ControllerSlice
-from .controlleruser import ControllerUser
+from .controlleruser import ControllerUser, ControllerSitePrivilege, ControllerSlicePrivilege
from .image import Image, ImageDeployments, ControllerImages
from .node import Node
from .serviceresource import ServiceResource
diff --git a/planetstack/core/models/controlleruser.py b/planetstack/core/models/controlleruser.py
index d0fda11..678ab77 100644
--- a/planetstack/core/models/controlleruser.py
+++ b/planetstack/core/models/controlleruser.py
@@ -24,3 +24,66 @@
users = Users.select_by_user(user)
qs = ControllerUser.objects.filter(user__in=users)
return qs
+
+
+class ControllerSitePrivilege(PlCoreBase):
+ objects = ControllerLinkManager()
+ deleted_objects = ControllerLinkDeletionManager()
+
+ controller = models.ForeignKey('Controller', related_name='controllersiteprivileges')
+ site_privilege = models.ForeignKey('SitePrivilege', related_name='controllersiteprivileges')
+ role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+ def __unicode__(self): return u'%s %s' % (self.controller, self.site_privilege)
+
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ cprivs = ControllerSitePrivilege.objects.filter(site_privilege__user=user)
+ for cpriv in dprivs:
+ if cpriv.site_privilege.role.role == ['admin', 'Admin']:
+ return True
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = ControllerSitePrivilege.objects.all()
+ else:
+ cpriv_ids = [cp.id for cp in ControllerSitePrivilege.objects.filter(site_privilege__user=user)]
+ qs = ControllerSitePrivilege.objects.filter(id__in=cpriv_ids)
+ return qs
+
+
+class ControllerSlicePrivilege(PlCoreBase):
+ objects = ControllerLinkManager()
+ deleted_objects = ControllerLinkDeletionManager()
+
+ controller = models.ForeignKey('Controller', related_name='controllersliceprivileges')
+ slice_privilege = models.ForeignKey('SlicePrivilege', related_name='controllersliceprivileges')
+ role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+ def __unicode__(self): return u'%s %s' % (self.controller, self.slice_privilege)
+
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ cprivs = ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)
+ for cpriv in dprivs:
+ if cpriv.role.role == ['admin', 'Admin']:
+ return True
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = ControllerSlicePrivilege.objects.all()
+ else:
+ cpriv_ids = [cp.id for cp in ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)]
+ qs = ControllerSlicePrivilege.objects.filter(id__in=cpriv_ids)
+ return qs
+
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 1d46f4c..881468a 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -263,36 +263,6 @@
def __unicode__(self): return u'%s' % (self.role)
-class ControllerPrivilege(PlCoreBase):
- objects = ControllerLinkManager()
- deleted_objects = ControllerLinkDeletionManager()
-
- user = models.ForeignKey('User', related_name='controllerprivileges')
- controller = models.ForeignKey('Controller', related_name='controllerprivileges')
- role = models.ForeignKey('ControllerRole',related_name='controllerprivileges')
-
- def __unicode__(self): return u'%s %s %s' % (self.controller, self.user, self.role)
-
- def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
- cprivs = ControllerPrivilege.objects.filter(user=user)
- for cpriv in dprivs:
- if cpriv.role.role == 'admin':
- return True
- return False
-
- @staticmethod
- def select_by_user(user):
- if user.is_admin:
- qs = ControllerPrivilege.objects.all()
- else:
- cpriv_ids = [cp.id for cp in ControllerPrivilege.objects.filter(user=user)]
- qs = ControllerPrivilege.objects.filter(id__in=cpriv_ids)
- return qs
-
class Controller(PlCoreBase):
objects = ControllerManager()
diff --git a/planetstack/core/views/stats.py b/planetstack/core/views/stats.py
new file mode 100644
index 0000000..46ebe2e
--- /dev/null
+++ b/planetstack/core/views/stats.py
@@ -0,0 +1,11 @@
+from django.http import HttpResponse
+from monitor import driver
+import json
+
+def Stats(request):
+ model = request.GET['model_name']
+ pk = int(request.GET['pk'])
+ meter = int(request.GET['meter'])
+
+ meters = monitor.get_meters(meter, model, pk)
+ return json.dumps(meters)
diff --git a/planetstack/genapi.py b/planetstack/genapi.py
index c7b189b..2e10d74 100644
--- a/planetstack/genapi.py
+++ b/planetstack/genapi.py
@@ -68,9 +68,6 @@
url(r'plstackapi/planetstackroles/$', PlanetStackRoleList.as_view(), name='planetstackrole-list'),
url(r'plstackapi/planetstackroles/(?P<pk>[a-zA-Z0-9\-]+)/$', PlanetStackRoleDetail.as_view(), name ='planetstackrole-detail'),
- url(r'plstackapi/controllerprivileges/$', ControllerPrivilegeList.as_view(), name='controllerprivilege-list'),
- url(r'plstackapi/controllerprivileges/(?P<pk>[a-zA-Z0-9\-]+)/$', ControllerPrivilegeDetail.as_view(), name ='controllerprivilege-detail'),
-
url(r'plstackapi/networkslivers/$', NetworkSliverList.as_view(), name='networksliver-list'),
url(r'plstackapi/networkslivers/(?P<pk>[a-zA-Z0-9\-]+)/$', NetworkSliverDetail.as_view(), name ='networksliver-detail'),
@@ -725,41 +722,6 @@
-class ControllerPrivilegeSerializer(serializers.HyperlinkedModelSerializer):
- id = IdField()
-
- humanReadableName = serializers.SerializerMethodField("getHumanReadableName")
- validators = serializers.SerializerMethodField("getValidators")
- def getHumanReadableName(self, obj):
- return str(obj)
- def getValidators(self, obj):
- try:
- return obj.getValidators()
- except:
- return None
- class Meta:
- model = ControllerPrivilege
- fields = ('humanReadableName', 'validators', 'id','created','updated','enacted','backend_status','deleted','user','controller','role',)
-
-class ControllerPrivilegeIdSerializer(XOSModelSerializer):
- id = IdField()
-
- humanReadableName = serializers.SerializerMethodField("getHumanReadableName")
- validators = serializers.SerializerMethodField("getValidators")
- def getHumanReadableName(self, obj):
- return str(obj)
- def getValidators(self, obj):
- try:
- return obj.getValidators()
- except:
- return None
- class Meta:
- model = ControllerPrivilege
- fields = ('humanReadableName', 'validators', 'id','created','updated','enacted','backend_status','deleted','user','controller','role',)
-
-
-
-
class NetworkSliverSerializer(serializers.HyperlinkedModelSerializer):
id = IdField()
@@ -2371,8 +2333,6 @@
PlanetStackRole: PlanetStackRoleSerializer,
- ControllerPrivilege: ControllerPrivilegeSerializer,
-
NetworkSliver: NetworkSliverSerializer,
Project: ProjectSerializer,
@@ -3161,65 +3121,6 @@
-class ControllerPrivilegeList(generics.ListCreateAPIView):
- queryset = ControllerPrivilege.objects.select_related().all()
- serializer_class = ControllerPrivilegeSerializer
- id_serializer_class = ControllerPrivilegeIdSerializer
- filter_backends = (filters.DjangoFilterBackend,)
- filter_fields = ('id','created','updated','enacted','backend_status','deleted','user','controller','role',)
-
- def get_serializer_class(self):
- no_hyperlinks = self.request.QUERY_PARAMS.get('no_hyperlinks', False)
- if (no_hyperlinks):
- return self.id_serializer_class
- else:
- return self.serializer_class
-
- def get_queryset(self):
- return ControllerPrivilege.select_by_user(self.request.user)
-
- def create(self, request, *args, **kwargs):
- serializer = self.get_serializer(data=request.DATA, files=request.FILES)
- if not (serializer.is_valid()):
- response = {"error": "validation",
- "specific_error": "not serializer.is_valid()",
- "reasons": serializer.errors}
- return Response(response, status=status.HTTP_400_BAD_REQUEST)
- obj = serializer.object
- obj.caller = request.user
- if obj.can_update(request.user):
- return super(ControllerPrivilegeList, self).create(request, *args, **kwargs)
- else:
- raise Exception("failed obj.can_update")
-
- ret = super(ControllerPrivilegeList, self).create(request, *args, **kwargs)
- if (ret.status_code%100 != 200):
- raise Exception(ret.data)
-
- return ret
-
-
-class ControllerPrivilegeDetail(PlanetStackRetrieveUpdateDestroyAPIView):
- queryset = ControllerPrivilege.objects.select_related().all()
- serializer_class = ControllerPrivilegeSerializer
- id_serializer_class = ControllerPrivilegeIdSerializer
-
- def get_serializer_class(self):
- no_hyperlinks = self.request.QUERY_PARAMS.get('no_hyperlinks', False)
- if (no_hyperlinks):
- return self.id_serializer_class
- else:
- return self.serializer_class
-
- def get_queryset(self):
- return ControllerPrivilege.select_by_user(self.request.user)
-
- # update() is handled by PlanetStackRetrieveUpdateDestroyAPIView
-
- # destroy() is handled by PlanetStackRetrieveUpdateDestroyAPIView
-
-
-
class NetworkSliverList(generics.ListCreateAPIView):
queryset = NetworkSliver.objects.select_related().all()
serializer_class = NetworkSliverSerializer
diff --git a/planetstack/model_policies/__init__.py b/planetstack/model_policies/__init__.py
index ac395a1..f1c8071 100644
--- a/planetstack/model_policies/__init__.py
+++ b/planetstack/model_policies/__init__.py
@@ -2,3 +2,5 @@
from .model_policy_User import *
from .model_policy_Network import *
from .model_policy_Site import *
+from .model_policy_SitePrivilege import *
+from .model_policy_SlicePrivilege import *
diff --git a/planetstack/model_policies/model_policy_SitePrivilege.py b/planetstack/model_policies/model_policy_SitePrivilege.py
new file mode 100644
index 0000000..90280a3
--- /dev/null
+++ b/planetstack/model_policies/model_policy_SitePrivilege.py
@@ -0,0 +1,14 @@
+def handle(site_privilege):
+ from core.models import Controller, SitePrivilege, ControllerSitePrivilege
+
+ # apply site privilage at all controllers
+ controller_site_privileges = ControllerSitePrivilege.objects.filter(
+ site_privilege = site_privilege,
+ )
+ existing_controllers = [csp.controller for sp in controller_site_privileges]
+ all_controllers = Controller.objects.all()
+ for controller in all_controllers:
+ if controller not in existing_controllers:
+ ctrl_site_priv = ControllerSitePrivilege(controller=controller, site_privilege=site_privilege)
+ ctrl_site_priv.save()
+
diff --git a/planetstack/model_policies/model_policy_SlicePrivilege.py b/planetstack/model_policies/model_policy_SlicePrivilege.py
new file mode 100644
index 0000000..0f772cb
--- /dev/null
+++ b/planetstack/model_policies/model_policy_SlicePrivilege.py
@@ -0,0 +1,14 @@
+def handle(slice_privilege):
+ from core.models import Controller, SlicePrivilege, ControllerSlicePrivilege
+
+ # apply slice privilage at all controllers
+ controller_slice_privileges = ControllerSlicePrivilege.objects.filter(
+ slice_privilege = slice_privilege,
+ )
+ existing_controllers = [csp.controller for sp in controller_slice_privileges]
+ all_controllers = Controller.objects.all()
+ for controller in all_controllers:
+ if controller not in existing_controllers:
+ ctrl_slice_priv = ControllerSlicePrivilege(controller=controller, slice_privilege=slice_privilege)
+ ctrl_slice_priv.save()
+
diff --git a/planetstack/monitor/monitordriver.py b/planetstack/monitor/monitordriver.py
index f7eb1b9..77e8bfd 100644
--- a/planetstack/monitor/monitordriver.py
+++ b/planetstack/monitor/monitordriver.py
@@ -15,5 +15,5 @@
def __init__(self):
pass
- def get_meter(self, meter_name, credentials):
+ def get_meter(self, meter_name, obj, pk, credentials=None):
pass
diff --git a/planetstack/openstack_observer/ceilometer.py b/planetstack/openstack_observer/ceilometer.py
index 11e9851..f93dc1a 100644
--- a/planetstack/openstack_observer/ceilometer.py
+++ b/planetstack/openstack_observer/ceilometer.py
@@ -8,7 +8,19 @@
import datetime
import time
from monitor.monitordriver import *
+from core.models import *
+def object_to_filter(model_name, pk):
+ filter_dict = {
+ 'Slice':[Slice, 'tenant_id', 'project_id'],
+ 'Sliver':[Sliver, 'instance_id', 'resource_id'],
+ 'Site':[Site, 'tenant_id', 'project_id']
+ }
+
+ mod,field,tag = filter_dict[model_name]
+ obj = mod.objects.get(pk=pk)
+ return '%s=%s'%(tag,mod[field])
+
def cli_to_array(cli_query):
'''This converts from the cli list of queries to what is required
@@ -70,24 +82,27 @@
class CeilometerDriver(MonitorDriver):
- def get_meter(self, meter, object_filter, keystone):
+ def get_meter(self, meter, obj, pk, keystone=None):
if (not keystone):
keystone = {}
keystone['username']=env['OS_USERNAME']
keystone['password']=env['OS_PASSWORD']
keystone['auth_url']=env['OS_AUTH_URL']
keystone['tenant_name']=env['OS_TENANT_NAME']
+ keystone['os_cacert']=env['OS_CACERT']
ceilometer_client = client._get_ksclient(**keystone)
token = ceilometer_client.auth_token
ceilo_endpoint = client._get_endpoint(ceilometer_client, **keystone)
+ #ceilometer = client.get_client(2, username=keystone['username'], password=keystone['password'], tenant_name=keystone['tenant_name'], auth_url=keystone['auth_url'])
ceilometer = client.Client('2',endpoint = ceilo_endpoint, token = lambda: token)
cur_ts = datetime.datetime.fromtimestamp(time.time()-86400)
str_ts = cur_ts.strftime('%Y-%m-%dT%H:%M:%S')
+ object_filter = object_to_filter(obj, pk)
filter=';'.join([object_filter,'timestamp>%s'%str_ts])
#query = cli_to_array("project_id=124de34266b24f57957345cdb43cc9ff;timestamp>2014-12-11T00:00:00")
query = cli_to_array(filter)
diff --git a/planetstack/openstack_observer/steps/__init__.py b/planetstack/openstack_observer/steps/__init__.py
index b83322a..72b0b12 100644
--- a/planetstack/openstack_observer/steps/__init__.py
+++ b/planetstack/openstack_observer/steps/__init__.py
@@ -1,3 +1,5 @@
from .sync_controller_sites import SyncControllerSites
from .sync_controller_slices import SyncControllerSlices
from .sync_controller_users import SyncControllerUsers
+from .sync_controller_site_privileges import SyncControllerSitePrivileges
+from .sync_controller_slice_privileges import SyncControllerSlicePrivileges
diff --git a/planetstack/openstack_observer/steps/sync_controller_site_privileges.py b/planetstack/openstack_observer/steps/sync_controller_site_privileges.py
new file mode 100644
index 0000000..dd5bf3a
--- /dev/null
+++ b/planetstack/openstack_observer/steps/sync_controller_site_privileges.py
@@ -0,0 +1,92 @@
+import os
+import base64
+from collections import defaultdict
+from django.db.models import F, Q
+from planetstack.config import Config
+from observer.openstacksyncstep import OpenStackSyncStep
+from core.models.site import Controller, SitePrivilege
+from core.models.user import User
+from core.models.controlleruser import ControllerUser, ControllerSitePrivilege
+from util.logger import Logger, logging
+
+from observer.ansible import *
+
+logger = Logger(level=logging.INFO)
+
+class SyncControllerSitePrivileges(OpenStackSyncStep):
+ provides=[ControllerSitePrivilege]
+ requested_interval=0
+
+ def fetch_pending(self, deleted):
+
+ if (deleted):
+ return ControllerSitePrivilege.deleted_objects.all()
+ else:
+ return ControllerSitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
+
+ def sync_record(self, controller_site_privilege):
+ logger.info("sync'ing controler_site_privilege %s at controller %s" % (controller_site_privilege, controller_site_privilege.controller))
+
+ if not controller_site_privilege.controller.admin_user:
+ logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
+ return
+
+ template = os_template_env.get_template('sync_controller_users.yaml')
+ roles = [controller_site_privilege.site_privilege.role.role]
+ # setup user home site roles at controller
+ if not controller_site_privilege.site_privilege.user.site:
+ raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
+ else:
+ # look up tenant id for the user's site at the controller
+ #ctrl_site_deployments = SiteDeployment.objects.filter(
+ # site_deployment__site=controller_site_privilege.user.site,
+ # controller=controller_site_privilege.controller)
+
+ #if ctrl_site_deployments:
+ # # need the correct tenant id for site at the controller
+ # tenant_id = ctrl_site_deployments[0].tenant_id
+ # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
+ user_fields = {
+ 'endpoint':controller_site_privilege.controller.auth_url,
+ 'name': controller_site_privilege.site_privilege.user.email,
+ 'email': controller_site_privilege.site_privilege.user.email,
+ 'password': controller_site_privilege.site_privilege.user.remote_password,
+ 'admin_user': controller_site_privilege.controller.admin_user,
+ 'admin_password': controller_site_privilege.controller.admin_password,
+ 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
+ 'admin_tenant': controller_site_privilege.controller.admin_tenant,
+ 'roles':roles,
+ 'tenant':controller_site_privilege.site_privilege.site.login_base}
+
+ rendered = template.render(user_fields)
+ res = run_template('sync_controller_users.yaml', user_fields,path='controller_site_privileges')
+
+ # results is an array in which each element corresponds to an
+ # "ok" string received per operation. If we get as many oks as
+ # the number of operations we issued, that means a grand success.
+ # Otherwise, the number of oks tell us which operation failed.
+ expected_length = len(roles) + 1
+ if (len(res)==expected_length):
+ controller_site_privilege.role_id = res[0]['id']
+ controller_site_privilege.save()
+ elif (len(res)):
+ raise Exception('Could not assign roles for user %s'%user_fields['name'])
+ else:
+ raise Exception('Could not create or update user %s'%user_fields['name'])
+
+ def delete_record(self, controller_site_privilege):
+ if controller_site_privilege.role_id:
+ driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
+ user = ControllerUser.objects.get(
+ controller=controller_site_privilege.controller,
+ user=controller_site_privilege.site_privilege.user
+ )
+ site = ControllerSite.objects.get(
+ controller=controller_site_privilege.controller,
+ user=controller_site_privilege.site_privilege.user
+ )
+ driver.delete_user_role(
+ user.kuser_id,
+ site.tenant_id,
+ controller_site_privilege.site_prvilege.role.role
+ )
diff --git a/planetstack/openstack_observer/steps/sync_controller_slice_privileges.py b/planetstack/openstack_observer/steps/sync_controller_slice_privileges.py
new file mode 100644
index 0000000..f981f16
--- /dev/null
+++ b/planetstack/openstack_observer/steps/sync_controller_slice_privileges.py
@@ -0,0 +1,92 @@
+import os
+import base64
+from collections import defaultdict
+from django.db.models import F, Q
+from planetstack.config import Config
+from observer.openstacksyncstep import OpenStackSyncStep
+from core.models.slice import Controller, SlicePrivilege
+from core.models.user import User
+from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
+from util.logger import Logger, logging
+
+from observer.ansible import *
+
+logger = Logger(level=logging.INFO)
+
+class SyncControllerSlicePrivileges(OpenStackSyncStep):
+ provides=[ControllerSlicePrivilege]
+ requested_interval=0
+
+ def fetch_pending(self, deleted):
+
+ if (deleted):
+ return ControllerSlicePrivilege.deleted_objects.all()
+ else:
+ return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
+
+ def sync_record(self, controller_slice_privilege):
+ logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))
+
+ if not controller_slice_privilege.controller.admin_user:
+ logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
+ return
+
+ template = os_template_env.get_template('sync_controller_users.yaml')
+ roles = [controller_slice_privilege.slice_privilege.role.role]
+ # setup user home slice roles at controller
+ if not controller_slice_privilege.slice_privilege.user.site:
+ raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
+ else:
+ # look up tenant id for the user's slice at the controller
+ #ctrl_slice_deployments = SliceDeployment.objects.filter(
+ # slice_deployment__slice=controller_slice_privilege.user.slice,
+ # controller=controller_slice_privilege.controller)
+
+ #if ctrl_slice_deployments:
+ # # need the correct tenant id for slice at the controller
+ # tenant_id = ctrl_slice_deployments[0].tenant_id
+ # tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
+ user_fields = {
+ 'endpoint':controller_slice_privilege.controller.auth_url,
+ 'name': controller_slice_privilege.slice_privilege.user.email,
+ 'email': controller_slice_privilege.slice_privilege.user.email,
+ 'password': controller_slice_privilege.slice_privilege.user.remote_password,
+ 'admin_user': controller_slice_privilege.controller.admin_user,
+ 'admin_password': controller_slice_privilege.controller.admin_password,
+ 'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),
+ 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
+ 'roles':roles,
+ 'tenant':controller_slice_privilege.slice_privilege.slice.name}
+
+ rendered = template.render(user_fields)
+ res = run_template('sync_controller_users.yaml', user_fields,path='controller_slice_privileges')
+
+ # results is an array in which each element corresponds to an
+ # "ok" string received per operation. If we get as many oks as
+ # the number of operations we issued, that means a grand success.
+ # Otherwise, the number of oks tell us which operation failed.
+ expected_length = len(roles) + 1
+ if (len(res)==expected_length):
+ controller_slice_privilege.role_id = res[0]['id']
+ controller_slice_privilege.save()
+ elif (len(res)):
+ raise Exception('Could not assign roles for user %s'%user_fields['name'])
+ else:
+ raise Exception('Could not create or update user %s'%user_fields['name'])
+
+ def delete_record(self, controller_slice_privilege):
+ if controller_slice_privilege.role_id:
+ driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
+ user = ControllerUser.objects.get(
+ controller=controller_slice_privilege.controller,
+ user=controller_slice_privilege.slice_privilege.user
+ )
+ slice = ControllerSlice.objects.get(
+ controller=controller_slice_privilege.controller,
+ user=controller_slice_privilege.slice_privilege.user
+ )
+ driver.delete_user_role(
+ user.kuser_id,
+ slice.tenant_id,
+ controller_slice_privilege.slice_prvilege.role.role
+ )
diff --git a/planetstack/openstack_observer/steps/sync_controller_user_site_privileges.py b/planetstack/openstack_observer/steps/sync_controller_user_site_privileges.py
deleted file mode 100644
index 6a62104..0000000
--- a/planetstack/openstack_observer/steps/sync_controller_user_site_privileges.py
+++ /dev/null
@@ -1,86 +0,0 @@
-import os
-import base64
-from collections import defaultdict
-from django.db.models import F, Q
-from planetstack.config import Config
-from observer.openstacksyncstep import OpenStackSyncStep
-from core.models.site import Controller, SitePrivilege
-from core.models.user import User
-from core.models.controlleruser import ControllerUser
-from util.logger import Logger, logging
-
-from observer.ansible import *
-
-logger = Logger(level=logging.INFO)
-
-class SyncControllerUser(OpenStackSyncStep):
- provides=[SitePrivilege]
- requested_interval=0
-
- def fetch_pending(self, deleted):
-
- if (deleted):
- return SitePrivilege.deleted_objects.all()
- else:
- return ControllerUser.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
-
- def sync_record(self, controller_user):
- logger.info("sync'ing user %s at controller %s" % (controller_user.user, controller_user.controller))
-
- if not controller_user.controller.admin_user:
- logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
- return
-
- template = os_template_env.get_template('sync_controller_users.yaml')
-
- # All users will have at least the 'user' role at their home site/tenant.
- # We must also check if the user should have the admin role
- roles = ['user']
- if controller_user.user.is_admin:
- roles.append('admin')
-
- # setup user home site roles at controller
- if not controller_user.user.site:
- raise Exception('Siteless user %s'%controller_user.user.email)
- else:
- # look up tenant id for the user's site at the controller
- #ctrl_site_deployments = SiteDeployment.objects.filter(
- # site_deployment__site=controller_user.user.site,
- # controller=controller_user.controller)
-
- #if ctrl_site_deployments:
- # # need the correct tenant id for site at the controller
- # tenant_id = ctrl_site_deployments[0].tenant_id
- # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
- user_fields = {
- 'endpoint':controller_user.controller.auth_url,
- 'name': controller_user.user.email,
- 'email': controller_user.user.email,
- 'password': controller_user.user.remote_password,
- 'admin_user': controller_user.controller.admin_user,
- 'admin_password': controller_user.controller.admin_password,
- 'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
- 'admin_tenant': controller_user.controller.admin_tenant,
- 'roles':roles,
- 'tenant':controller_user.user.site.login_base}
-
- rendered = template.render(user_fields)
- res = run_template('sync_controller_users.yaml', user_fields,path='controller_users')
-
- # results is an array in which each element corresponds to an
- # "ok" string received per operation. If we get as many oks as
- # the number of operations we issued, that means a grand success.
- # Otherwise, the number of oks tell us which operation failed.
- expected_length = len(roles) + 1
- if (len(res)==expected_length):
- controller_user.kuser_id = res[0]['id']
- controller_user.save()
- elif (len(res)):
- raise Exception('Could not assign roles for user %s'%user_fields['name'])
- else:
- raise Exception('Could not create or update user %s'%user_fields['name'])
-
- def delete_record(self, controller_user):
- if controller_user.kuser_id:
- driver = self.driver.admin_driver(controller=controller_user.controller)
- driver.delete_user(controller_user.kuser_id)
diff --git a/planetstack/openstack_observer/steps/sync_controller_user_slice_privileges.py b/planetstack/openstack_observer/steps/sync_controller_user_slice_privileges.py
deleted file mode 100644
index 4c68a40..0000000
--- a/planetstack/openstack_observer/steps/sync_controller_user_slice_privileges.py
+++ /dev/null
@@ -1,86 +0,0 @@
-import os
-import base64
-from collections import defaultdict
-from django.db.models import F, Q
-from planetstack.config import Config
-from observer.openstacksyncstep import OpenStackSyncStep
-from core.models.site import Controller, SiteDeployment
-from core.models.user import User
-from core.models.controllerusers import ControllerUser
-from util.logger import Logger, logging
-
-from observer.ansible import *
-
-logger = Logger(level=logging.INFO)
-
-class SyncControllerUser(OpenStackSyncStep):
- provides=[ControllerUser, User]
- requested_interval=0
-
- def fetch_pending(self, deleted):
-
- if (deleted):
- return ControllerUser.deleted_objects.all()
- else:
- return ControllerUser.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
-
- def sync_record(self, controller_user):
- logger.info("sync'ing user %s at controller %s" % (controller_user.user, controller_user.controller))
-
- if not controller_user.controller.admin_user:
- logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
- return
-
- template = os_template_env.get_template('sync_controller_users.yaml')
-
- # All users will have at least the 'user' role at their home site/tenant.
- # We must also check if the user should have the admin role
- roles = ['user']
- if controller_user.user.is_admin:
- roles.append('admin')
-
- # setup user home site roles at controller
- if not controller_user.user.site:
- raise Exception('Siteless user %s'%controller_user.user.email)
- else:
- # look up tenant id for the user's site at the controller
- #ctrl_site_deployments = SiteDeployment.objects.filter(
- # site_deployment__site=controller_user.user.site,
- # controller=controller_user.controller)
-
- #if ctrl_site_deployments:
- # # need the correct tenant id for site at the controller
- # tenant_id = ctrl_site_deployments[0].tenant_id
- # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
- user_fields = {
- 'endpoint':controller_user.controller.auth_url,
- 'name': controller_user.user.email,
- 'email': controller_user.user.email,
- 'password': controller_user.user.remote_password,
- 'admin_user': controller_user.controller.admin_user,
- 'admin_password': controller_user.controller.admin_password,
- 'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
- 'admin_tenant': controller_user.controller.admin_tenant,
- 'roles':roles,
- 'tenant':controller_user.user.site.login_base}
-
- rendered = template.render(user_fields)
- res = run_template('sync_controller_users.yaml', user_fields,path='controller_users')
-
- # results is an array in which each element corresponds to an
- # "ok" string received per operation. If we get as many oks as
- # the number of operations we issued, that means a grand success.
- # Otherwise, the number of oks tell us which operation failed.
- expected_length = len(roles) + 1
- if (len(res)==expected_length):
- controller_user.kuser_id = res[0]['id']
- controller_user.save()
- elif (len(res)):
- raise Exception('Could not assign roles for user %s'%user_fields['name'])
- else:
- raise Exception('Could not create or update user %s'%user_fields['name'])
-
- def delete_record(self, controller_user):
- if controller_user.kuser_id:
- driver = self.driver.admin_driver(controller=controller_user.controller)
- driver.delete_user(controller_user.kuser_id)
diff --git a/planetstack/planetstack/urls.py b/planetstack/planetstack/urls.py
index b95e8cd..30ad665 100644
--- a/planetstack/planetstack/urls.py
+++ b/planetstack/planetstack/urls.py
@@ -27,6 +27,8 @@
# url(r'^$', 'planetstack.views.home', name='home'),
# url(r'^planetstack/', include('planetstack.foo.urls')),
+ url(r'^stats', 'core.views.stats.Stats', name='stats'),
+
# Uncomment the admin/doc line below to enable admin documentation:
url(r'^admin/doc/', include('django.contrib.admindocs.urls')),