blob: 5d6ce2d06acfe571e03697133cd2038c99a04d29 [file] [log] [blame]
Tony Macke4be32f2014-03-11 20:45:25 -04001import os
2import base64
Tony Mack69f1bc32014-03-12 13:20:34 -04003import hashlib
Tony Macke4be32f2014-03-11 20:45:25 -04004from collections import defaultdict
5from django.db.models import F, Q
6from planetstack.config import Config
7from observer.openstacksyncstep import OpenStackSyncStep
Tony Mack69f1bc32014-03-12 13:20:34 -04008from core.models.site import SiteDeployments, Deployment
Tony Mack91463d92014-06-19 20:42:03 -04009from core.models.user import User
10from core.models.userdeployments import UserDeployments
Tony Macke4be32f2014-03-11 20:45:25 -040011from util.logger import Logger, logging
12
13logger = Logger(level=logging.INFO)
14
15class SyncUserDeployments(OpenStackSyncStep):
Sapan Bhatiaef3ae352014-07-23 09:43:20 -040016 provides=[UserDeployments, User]
Tony Macke4be32f2014-03-11 20:45:25 -040017 requested_interval=0
18
Sapan Bhatiaef3ae352014-07-23 09:43:20 -040019 def fetch_pending(self, deleted):
20
21 if (deleted):
22 return UserDeployments.deleted_objects.all()
23
Tony Macke4be32f2014-03-11 20:45:25 -040024 # user deployments are not visible to users. We must ensure
25 # user are deployed at all deploymets available to their sites.
Sapan Bhatiaef3ae352014-07-23 09:43:20 -040026 else:
27 deployments = Deployment.objects.all()
28 site_deployments = SiteDeployments.objects.all()
29 site_deploy_lookup = defaultdict(list)
30 for site_deployment in site_deployments:
31 site_deploy_lookup[site_deployment.site].append(site_deployment.deployment)
Tony Mack69f1bc32014-03-12 13:20:34 -040032
Sapan Bhatiaef3ae352014-07-23 09:43:20 -040033 user_deploy_lookup = defaultdict(list)
34 for user_deployment in UserDeployments.objects.all():
35 user_deploy_lookup[user_deployment.user].append(user_deployment.deployment)
36
37 all_deployments = Deployment.objects.filter()
38 for user in User.objects.all():
39 if user.is_admin:
40 # admins should have an account at all deployments
41 expected_deployments = deployments
42 else:
43 # normal users should have an account at their site's deployments
44 #expected_deployments = site_deploy_lookup[user.site]
45 # users are added to all deployments for now
46 expected_deployments = deployments
47 for expected_deployment in expected_deployments:
48 if not user in user_deploy_lookup or \
49 expected_deployment not in user_deploy_lookup[user]:
50 # add new record
51 ud = UserDeployments(user=user, deployment=expected_deployment)
52 ud.save()
53 #user_deployments.append(ud)
54 #else:
55 # # update existing record
56 # ud = UserDeployments.objects.get(user=user, deployment=expected_deployment)
57 # user_deployments.append(ud)
Tony Mack07f49762014-04-07 19:47:28 -040058
Sapan Bhatiaef3ae352014-07-23 09:43:20 -040059 return UserDeployments.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
Tony Macke4be32f2014-03-11 20:45:25 -040060
61 def sync_record(self, user_deployment):
Tony Mack69f1bc32014-03-12 13:20:34 -040062 logger.info("sync'ing user %s at deployment %s" % (user_deployment.user, user_deployment.deployment.name))
Tony Macke4be32f2014-03-11 20:45:25 -040063 name = user_deployment.user.email[:user_deployment.user.email.find('@')]
Tony Mackf37bcfd2014-03-12 13:43:53 -040064 user_fields = {'name': user_deployment.user.email,
Tony Macke4be32f2014-03-11 20:45:25 -040065 'email': user_deployment.user.email,
66 'password': hashlib.md5(user_deployment.user.password).hexdigest()[:6],
67 'enabled': True}
68 driver = self.driver.admin_driver(deployment=user_deployment.deployment.name)
69 if not user_deployment.kuser_id:
Tony Mack69f1bc32014-03-12 13:20:34 -040070 keystone_user = driver.create_user(**user_fields)
Tony Macke4be32f2014-03-11 20:45:25 -040071 user_deployment.kuser_id = keystone_user.id
72 else:
73 driver.update_user(user_deployment.kuser_id, user_fields)
74
Tony Mackd1a17e12014-03-19 15:18:15 -040075 # setup user deployment home site roles
Tony Macke4be32f2014-03-11 20:45:25 -040076 if user_deployment.user.site:
77 site_deployments = SiteDeployments.objects.filter(site=user_deployment.user.site,
78 deployment=user_deployment.deployment)
79 if site_deployments:
80 # need the correct tenant id for site at the deployment
81 tenant_id = site_deployments[0].tenant_id
82 driver.add_user_role(user_deployment.kuser_id,
83 tenant_id, 'user')
84 if user_deployment.user.is_admin:
85 driver.add_user_role(user_deployment.kuser_id, tenant_id, 'admin')
86 else:
87 # may have admin role so attempt to remove it
88 driver.delete_user_role(user_deployment.kuser_id, tenant_id, 'admin')
89
Tony Mackd1a17e12014-03-19 15:18:15 -040090 #if user_deployment.user.public_key:
91 # if not user_deployment.user.keyname:
92 # keyname = user_deployment.user.email.lower().replace('@', 'AT').replace('.', '')
93 # user_deployment.user.keyname = keyname
94 # user_deployment.user.save()
95 #
96 # user_driver = driver.client_driver(caller=user_deployment.user,
97 # tenant=user_deployment.user.site.login_base,
98 # deployment=user_deployment.deployment.name)
99 # key_fields = {'name': user_deployment.user.keyname,
100 # 'public_key': user_deployment.user.public_key}
101 # user_driver.create_keypair(**key_fields)
Tony Macke4be32f2014-03-11 20:45:25 -0400102
103 user_deployment.save()
Sapan Bhatiaef3ae352014-07-23 09:43:20 -0400104
105 def delete_record(self, user_deployment):
106 if user_deployment.user.kuser_id:
107 driver = self.driver.admin_driver(deployment=user_deployment.deployment.name)
108 driver.delete_user(user_deployment.user.kuser_id)
109