blob: 96156f7910d925562ad014b823d79ecd23286cd3 [file] [log] [blame]
Tony Mackce4e2c22015-01-06 23:48:02 -05001import os
2import base64
3from collections import defaultdict
4from django.db.models import F, Q
Scott Baker86e132c2015-02-11 21:38:09 -08005from xos.config import Config
Tony Mackce4e2c22015-01-06 23:48:02 -05006from observer.openstacksyncstep import OpenStackSyncStep
7from core.models.slice import Controller, SlicePrivilege
8from core.models.user import User
9from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
10from util.logger import Logger, logging
11
12from observer.ansible import *
13
14logger = Logger(level=logging.INFO)
15
16class SyncControllerSlicePrivileges(OpenStackSyncStep):
Sapan Bhatia5d662c72015-01-27 03:52:19 +000017 provides=[SlicePrivilege]
Tony Mackce4e2c22015-01-06 23:48:02 -050018 requested_interval=0
Sapan Bhatia39a775f2015-01-29 20:58:25 +000019 observes=ControllerSlicePrivilege
Tony Mackce4e2c22015-01-06 23:48:02 -050020
21 def fetch_pending(self, deleted):
22
23 if (deleted):
24 return ControllerSlicePrivilege.deleted_objects.all()
25 else:
26 return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
27
28 def sync_record(self, controller_slice_privilege):
29 logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))
30
31 if not controller_slice_privilege.controller.admin_user:
32 logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
33 return
34
35 template = os_template_env.get_template('sync_controller_users.yaml')
36 roles = [controller_slice_privilege.slice_privilege.role.role]
37 # setup user home slice roles at controller
38 if not controller_slice_privilege.slice_privilege.user.site:
39 raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
40 else:
41 # look up tenant id for the user's slice at the controller
42 #ctrl_slice_deployments = SliceDeployment.objects.filter(
43 # slice_deployment__slice=controller_slice_privilege.user.slice,
44 # controller=controller_slice_privilege.controller)
45
46 #if ctrl_slice_deployments:
47 # # need the correct tenant id for slice at the controller
48 # tenant_id = ctrl_slice_deployments[0].tenant_id
49 # tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
50 user_fields = {
51 'endpoint':controller_slice_privilege.controller.auth_url,
52 'name': controller_slice_privilege.slice_privilege.user.email,
53 'email': controller_slice_privilege.slice_privilege.user.email,
54 'password': controller_slice_privilege.slice_privilege.user.remote_password,
55 'admin_user': controller_slice_privilege.controller.admin_user,
56 'admin_password': controller_slice_privilege.controller.admin_password,
57 'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),
58 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
59 'roles':roles,
60 'tenant':controller_slice_privilege.slice_privilege.slice.name}
61
62 rendered = template.render(user_fields)
Sapan Bhatia3b3e1e12015-01-23 16:21:57 +000063 expected_length = len(roles) + 1
64 res = run_template('sync_controller_users.yaml', user_fields, path='controller_slice_privileges', expected_num=expected_length)
Tony Mackce4e2c22015-01-06 23:48:02 -050065
66 # results is an array in which each element corresponds to an
67 # "ok" string received per operation. If we get as many oks as
68 # the number of operations we issued, that means a grand success.
69 # Otherwise, the number of oks tell us which operation failed.
Sapan Bhatia3b3e1e12015-01-23 16:21:57 +000070 controller_slice_privilege.role_id = res[0]['id']
71 controller_slice_privilege.save()
Tony Mackce4e2c22015-01-06 23:48:02 -050072
73 def delete_record(self, controller_slice_privilege):
74 if controller_slice_privilege.role_id:
75 driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
76 user = ControllerUser.objects.get(
77 controller=controller_slice_privilege.controller,
78 user=controller_slice_privilege.slice_privilege.user
79 )
80 slice = ControllerSlice.objects.get(
81 controller=controller_slice_privilege.controller,
82 user=controller_slice_privilege.slice_privilege.user
83 )
84 driver.delete_user_role(
85 user.kuser_id,
86 slice.tenant_id,
87 controller_slice_privilege.slice_prvilege.role.role
88 )