Blame - planetstack/openstack_observer/steps/sync_controller_slice_privileges.py - xos

Tony Mack

ffe6d8b

2015-01-06 23:48:02 -0500

[diff] [blame]

1

import os

2

import base64

3

from collections import defaultdict

4

from django.db.models import F, Q

5

from planetstack.config import Config

6

from observer.openstacksyncstep import OpenStackSyncStep

7

from core.models.slice import Controller, SlicePrivilege

8

from core.models.user import User

9

from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege

10

from util.logger import Logger, logging

11

12

from observer.ansible import *

13

14

logger = Logger(level=logging.INFO)

15

16

class SyncControllerSlicePrivileges(OpenStackSyncStep):

Sapan Bhatia

b3048aa

2015-01-27 03:52:19 +0000

[diff] [blame]

17

provides=[SlicePrivilege]

Tony Mack

ffe6d8b

2015-01-06 23:48:02 -0500

[diff] [blame]

18

requested_interval=0

Sapan Bhatia

99f4968

2015-01-29 20:58:25 +0000

[diff] [blame]

19

observes=ControllerSlicePrivilege

Tony Mack

ffe6d8b

2015-01-06 23:48:02 -0500

[diff] [blame]

20

21

def fetch_pending(self, deleted):

22

23

if (deleted):

24

return ControllerSlicePrivilege.deleted_objects.all()

25

else:

26

return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))

27

28

def sync_record(self, controller_slice_privilege):

29

logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))

30

31

if not controller_slice_privilege.controller.admin_user:

32

logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)

33

return

34

35

template = os_template_env.get_template('sync_controller_users.yaml')

36

roles = [controller_slice_privilege.slice_privilege.role.role]

37

# setup user home slice roles at controller

38

if not controller_slice_privilege.slice_privilege.user.site:

39

raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)

40

else:

41

# look up tenant id for the user's slice at the controller

42

#ctrl_slice_deployments = SliceDeployment.objects.filter(

43

# slice_deployment__slice=controller_slice_privilege.user.slice,

44

# controller=controller_slice_privilege.controller)

45

46

#if ctrl_slice_deployments:

47

# # need the correct tenant id for slice at the controller

48

# tenant_id = ctrl_slice_deployments[0].tenant_id

49

# tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base

50

user_fields = {

51

'endpoint':controller_slice_privilege.controller.auth_url,

52

'name': controller_slice_privilege.slice_privilege.user.email,

53

'email': controller_slice_privilege.slice_privilege.user.email,

54

'password': controller_slice_privilege.slice_privilege.user.remote_password,

55

'admin_user': controller_slice_privilege.controller.admin_user,

56

'admin_password': controller_slice_privilege.controller.admin_password,

57

'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),

58

'admin_tenant': controller_slice_privilege.controller.admin_tenant,

59

'roles':roles,

60

'tenant':controller_slice_privilege.slice_privilege.slice.name}

61

62

rendered = template.render(user_fields)

Sapan Bhatia

b0464ba

2015-01-23 16:21:57 +0000

[diff] [blame]

63

expected_length = len(roles) + 1

64

res = run_template('sync_controller_users.yaml', user_fields, path='controller_slice_privileges', expected_num=expected_length)

Tony Mack

ffe6d8b

2015-01-06 23:48:02 -0500

[diff] [blame]

65

66

# results is an array in which each element corresponds to an

67

# "ok" string received per operation. If we get as many oks as

68

# the number of operations we issued, that means a grand success.

69

# Otherwise, the number of oks tell us which operation failed.

Sapan Bhatia

b0464ba

2015-01-23 16:21:57 +0000

[diff] [blame]

70

controller_slice_privilege.role_id = res[0]['id']

71

controller_slice_privilege.save()

Tony Mack

ffe6d8b

2015-01-06 23:48:02 -0500

[diff] [blame]

72

73

def delete_record(self, controller_slice_privilege):

74

if controller_slice_privilege.role_id:

75

driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)

76

user = ControllerUser.objects.get(

77

controller=controller_slice_privilege.controller,

78

user=controller_slice_privilege.slice_privilege.user

79

)

80

slice = ControllerSlice.objects.get(

81

controller=controller_slice_privilege.controller,

82

user=controller_slice_privilege.slice_privilege.user

83

)

84

driver.delete_user_role(

85

user.kuser_id,

86

slice.tenant_id,

87

controller_slice_privilege.slice_prvilege.role.role

88

)