Gitiles
Code Review Sign In
gerrit.opencord.org / xos / 18dc11d66026290407ca6f35ae63fcf160dea1e3 / . / xos / openstack_observer / steps / sync_controller_site_privileges.py
blob: d2575365cdb4143383fdc6e61d9942a837469b2c [file] [log] [blame]
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]1import os
2import base64
3from collections import defaultdict
4from django.db.models import F, Q
Scott Baker76a840e2015-02-11 21:38:09 -0800[diff] [blame]5from xos.config import Config
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]6from observer.openstacksyncstep import OpenStackSyncStep
Sapan Bhatiae6376de2015-05-13 15:51:03 +0200[diff] [blame]7from observer.syncstep import *
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]8from core.models.site import Controller, SitePrivilege
9from core.models.user import User
10from core.models.controlleruser import ControllerUser, ControllerSitePrivilege
Tony Mack08f82882015-03-29 08:32:21 -0400[diff] [blame]11from util.logger import observer_logger as logger
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]12from observer.ansible import *
Sapan Bhatia9028c9a2015-05-09 18:14:40 +0200[diff] [blame]13import json
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]14
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]15class SyncControllerSitePrivileges(OpenStackSyncStep):
Sapan Bhatiab3048aa2015-01-27 03:52:19 +0000[diff] [blame]16 provides=[SitePrivilege]
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]17 requested_interval=0
Sapan Bhatia99f49682015-01-29 20:58:25 +0000[diff] [blame]18 observes=ControllerSitePrivilege
Sapan Bhatia321b70e2015-08-19 12:20:47 -0400[diff] [blame]19 playbook='sync_controller_users.yaml'
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]20
Sapan Bhatia321b70e2015-08-19 12:20:47 -0400[diff] [blame]21 def map_sync_inputs(self, controller_site_privilege):
Sapan Bhatia9028c9a2015-05-09 18:14:40 +0200[diff] [blame]22 controller_register = json.loads(controller_site_privilege.controller.backend_register)
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]23 if not controller_site_privilege.controller.admin_user:
24 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
25 return
26
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]27 roles = [controller_site_privilege.site_privilege.role.role]
28 # setup user home site roles at controller
29 if not controller_site_privilege.site_privilege.user.site:
30 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
31 else:
32 # look up tenant id for the user's site at the controller
33 #ctrl_site_deployments = SiteDeployment.objects.filter(
34 # site_deployment__site=controller_site_privilege.user.site,
35 # controller=controller_site_privilege.controller)
36
37 #if ctrl_site_deployments:
38 # # need the correct tenant id for site at the controller
39 # tenant_id = ctrl_site_deployments[0].tenant_id
40 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
41 user_fields = {
Tony Mack09a2f072015-09-14 00:53:39 +0000[diff] [blame]42 'endpoint':controller_site_privilege.controller.auth_url,
43 'endpoint_v3': controller_site_privilege.controller.auth_url_v3,
44 'domain': controller_site_privilege.controller.domain,
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]45 'name': controller_site_privilege.site_privilege.user.email,
Tony Mack09a2f072015-09-14 00:53:39 +0000[diff] [blame]46 'email': controller_site_privilege.site_privilege.user.email,
47 'password': controller_site_privilege.site_privilege.user.remote_password,
48 'admin_user': controller_site_privilege.controller.admin_user,
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]49 'admin_password': controller_site_privilege.controller.admin_password,
Tony Mack09a2f072015-09-14 00:53:39 +0000[diff] [blame]50 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]51 'admin_tenant': controller_site_privilege.controller.admin_tenant,
52 'roles':roles,
53 'tenant':controller_site_privilege.site_privilege.site.login_base}
54
Sapan Bhatia321b70e2015-08-19 12:20:47 -0400[diff] [blame]55 return user_fields
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]56
Sapan Bhatia321b70e2015-08-19 12:20:47 -0400[diff] [blame]57 def map_sync_outputs(self, controller_site_privilege, res):
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]58 # results is an array in which each element corresponds to an
59 # "ok" string received per operation. If we get as many oks as
60 # the number of operations we issued, that means a grand success.
61 # Otherwise, the number of oks tell us which operation failed.
Tony Mackf3c17e12015-10-01 00:05:56 +0000[diff] [blame]62 controller_site_privilege.role_id = res[0]['id']
Sapan Bhatiab0464ba2015-01-23 16:21:57 +0000[diff] [blame]63 controller_site_privilege.save()
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]64
65 def delete_record(self, controller_site_privilege):
Sapan Bhatia9028c9a2015-05-09 18:14:40 +0200[diff] [blame]66 controller_register = json.loads(controller_site_privilege.controller.backend_register)
67 if (controller_register.get('disabled',False)):
Sapan Bhatiae6376de2015-05-13 15:51:03 +0200[diff] [blame]68 raise InnocuousException('Controller %s is disabled'%controller_site_privilege.controller.name)
Sapan Bhatia9028c9a2015-05-09 18:14:40 +0200[diff] [blame]69
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]70 if controller_site_privilege.role_id:
71 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
72 user = ControllerUser.objects.get(
73 controller=controller_site_privilege.controller,
74 user=controller_site_privilege.site_privilege.user
75 )
76 site = ControllerSite.objects.get(
77 controller=controller_site_privilege.controller,
78 user=controller_site_privilege.site_privilege.user
79 )
80 driver.delete_user_role(
81 user.kuser_id,
82 site.tenant_id,
83 controller_site_privilege.site_prvilege.role.role
84 )