Gitiles
Code Review Sign In
gerrit.opencord.org / xos / 7ea40ce3bcf94a0227fb84db63adb36ee2f7a836 / . / xos / openstack_observer / steps / sync_controller_users.py
blob: 7979d82fffe6eb23c84c36efd5b5cd4fdbd3241d [file] [log] [blame]
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]1import os
2import base64
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]3from collections import defaultdict
4from django.db.models import F, Q
Scott Baker86e132c2015-02-11 21:38:09 -0800[diff] [blame]5from xos.config import Config
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]6from observer.openstacksyncstep import OpenStackSyncStep
Sapan Bhatia01298ed2015-05-13 15:51:03 +0200[diff] [blame]7from observer.syncstep import *
Tony Mack3066a952015-01-05 22:48:11 -0500[diff] [blame]8from core.models.site import Controller, SiteDeployment, SiteDeployment
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]9from core.models.user import User
Tony Mack74364932015-01-06 17:49:25 -0500[diff] [blame]10from core.models.controlleruser import ControllerUser
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]11from observer.ansible import *
Tony Mack4d0d75c2015-03-29 08:32:21 -0400[diff] [blame]12from util.logger import observer_logger as logger
Sapan Bhatia06b1a882015-05-09 18:14:40 +0200[diff] [blame]13import json
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]14
Tony Mack74364932015-01-06 17:49:25 -0500[diff] [blame]15class SyncControllerUsers(OpenStackSyncStep):
Sapan Bhatia5d662c72015-01-27 03:52:19 +0000[diff] [blame]16 provides=[User]
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]17 requested_interval=0
Sapan Bhatia39a775f2015-01-29 20:58:25 +0000[diff] [blame]18 observes=ControllerUser
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]19
20 def fetch_pending(self, deleted):
21
22 if (deleted):
Tony Mack3066a952015-01-05 22:48:11 -0500[diff] [blame]23 return ControllerUser.deleted_objects.all()
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]24 else:
Tony Mack3066a952015-01-05 22:48:11 -0500[diff] [blame]25 return ControllerUser.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]26
27 def sync_record(self, controller_user):
28 logger.info("sync'ing user %s at controller %s" % (controller_user.user, controller_user.controller))
29
Sapan Bhatia06b1a882015-05-09 18:14:40 +0200[diff] [blame]30 controller_register = json.loads(controller_user.controller.backend_register)
31 if (controller_register.get('disabled',False)):
Sapan Bhatia01298ed2015-05-13 15:51:03 +0200[diff] [blame]32 raise InnocuousException('Controller %s is disabled'%controller_user.controller.name)
Sapan Bhatia06b1a882015-05-09 18:14:40 +0200[diff] [blame]33
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]34 if not controller_user.controller.admin_user:
35 logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
36 return
37
38 template = os_template_env.get_template('sync_controller_users.yaml')
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]39
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]40 # All users will have at least the 'user' role at their home site/tenant.
41 # We must also check if the user should have the admin role
Tony Mackd14d48f2014-12-05 17:13:08 -0500[diff] [blame]42 roles = ['user']
43 if controller_user.user.is_admin:
Tony Mack74364932015-01-06 17:49:25 -0500[diff] [blame]44 roles.append('Admin')
Tony Mackd14d48f2014-12-05 17:13:08 -0500[diff] [blame]45
46 # setup user home site roles at controller
47 if not controller_user.user.site:
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]48 raise Exception('Siteless user %s'%controller_user.user.email)
Tony Mackd14d48f2014-12-05 17:13:08 -0500[diff] [blame]49 else:
50 # look up tenant id for the user's site at the controller
Tony Mack3066a952015-01-05 22:48:11 -0500[diff] [blame]51 #ctrl_site_deployments = SiteDeployment.objects.filter(
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]52 # site_deployment__site=controller_user.user.site,
53 # controller=controller_user.controller)
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]54
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]55 #if ctrl_site_deployments:
56 # # need the correct tenant id for site at the controller
57 # tenant_id = ctrl_site_deployments[0].tenant_id
58 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
59 user_fields = {
60 'endpoint':controller_user.controller.auth_url,
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]61 'name': controller_user.user.email,
62 'email': controller_user.user.email,
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]63 'password': controller_user.user.remote_password,
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]64 'admin_user': controller_user.controller.admin_user,
65 'admin_password': controller_user.controller.admin_password,
Sapan Bhatia3f3fce12014-12-22 01:45:04 -0500[diff] [blame]66 'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]67 'admin_tenant': controller_user.controller.admin_tenant,
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]68 'roles':roles,
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]69 'tenant':controller_user.user.site.login_base}
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]70
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]71 rendered = template.render(user_fields)
Tony Mackbd6696f2015-01-03 15:21:50 -0500[diff] [blame]72 expected_length = len(roles) + 1
Sapan Bhatia3b3e1e12015-01-23 16:21:57 +0000[diff] [blame]73
74 res = run_template('sync_controller_users.yaml', user_fields,path='controller_users', expected_num=expected_length)
75
76 controller_user.kuser_id = res[0]['id']
Sapan Bhatiac88c9a82015-01-27 03:52:43 +0000[diff] [blame]77 controller_user.backend_status = '1 - OK'
Sapan Bhatia3b3e1e12015-01-23 16:21:57 +0000[diff] [blame]78 controller_user.save()
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]79
80 def delete_record(self, controller_user):
Sapan Bhatia06b1a882015-05-09 18:14:40 +0200[diff] [blame]81 controller_register = json.loads(controller_user.controller.backend_register)
82 if (controller_register.get('disabled',False)):
Sapan Bhatia01298ed2015-05-13 15:51:03 +0200[diff] [blame]83 raise InnocuousException('Controller %s is disabled'%controller_user.controller.name)
Sapan Bhatia06b1a882015-05-09 18:14:40 +0200[diff] [blame]84
Tony Mack06c8e472014-11-30 15:53:08 -0500[diff] [blame]85 if controller_user.kuser_id:
86 driver = self.driver.admin_driver(controller=controller_user.controller)
87 driver.delete_user(controller_user.kuser_id)