Gitiles
Code Review Sign In
gerrit.opencord.org / xos / b3048aa6a2864d29bf34bbb2999f9a14c0d356b5 / . / planetstack / openstack_observer / steps / sync_controller_slice_privileges.py
blob: 35d1b99a31ab8c45056719009327246c9754198d [file] [log] [blame]
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]1import os
2import base64
3from collections import defaultdict
4from django.db.models import F, Q
5from planetstack.config import Config
6from observer.openstacksyncstep import OpenStackSyncStep
7from core.models.slice import Controller, SlicePrivilege
8from core.models.user import User
9from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
10from util.logger import Logger, logging
11
12from observer.ansible import *
13
14logger = Logger(level=logging.INFO)
15
16class SyncControllerSlicePrivileges(OpenStackSyncStep):
Sapan Bhatiab3048aa2015-01-27 03:52:19 +0000[diff] [blame^]17 provides=[SlicePrivilege]
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]18 requested_interval=0
19
20 def fetch_pending(self, deleted):
21
22 if (deleted):
23 return ControllerSlicePrivilege.deleted_objects.all()
24 else:
25 return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
26
27 def sync_record(self, controller_slice_privilege):
28 logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))
29
30 if not controller_slice_privilege.controller.admin_user:
31 logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
32 return
33
34 template = os_template_env.get_template('sync_controller_users.yaml')
35 roles = [controller_slice_privilege.slice_privilege.role.role]
36 # setup user home slice roles at controller
37 if not controller_slice_privilege.slice_privilege.user.site:
38 raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
39 else:
40 # look up tenant id for the user's slice at the controller
41 #ctrl_slice_deployments = SliceDeployment.objects.filter(
42 # slice_deployment__slice=controller_slice_privilege.user.slice,
43 # controller=controller_slice_privilege.controller)
44
45 #if ctrl_slice_deployments:
46 # # need the correct tenant id for slice at the controller
47 # tenant_id = ctrl_slice_deployments[0].tenant_id
48 # tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
49 user_fields = {
50 'endpoint':controller_slice_privilege.controller.auth_url,
51 'name': controller_slice_privilege.slice_privilege.user.email,
52 'email': controller_slice_privilege.slice_privilege.user.email,
53 'password': controller_slice_privilege.slice_privilege.user.remote_password,
54 'admin_user': controller_slice_privilege.controller.admin_user,
55 'admin_password': controller_slice_privilege.controller.admin_password,
56 'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),
57 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
58 'roles':roles,
59 'tenant':controller_slice_privilege.slice_privilege.slice.name}
60
61 rendered = template.render(user_fields)
Sapan Bhatiab0464ba2015-01-23 16:21:57 +0000[diff] [blame]62 expected_length = len(roles) + 1
63 res = run_template('sync_controller_users.yaml', user_fields, path='controller_slice_privileges', expected_num=expected_length)
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]64
65 # results is an array in which each element corresponds to an
66 # "ok" string received per operation. If we get as many oks as
67 # the number of operations we issued, that means a grand success.
68 # Otherwise, the number of oks tell us which operation failed.
Sapan Bhatiab0464ba2015-01-23 16:21:57 +0000[diff] [blame]69 controller_slice_privilege.role_id = res[0]['id']
70 controller_slice_privilege.save()
Tony Mackffe6d8b2015-01-06 23:48:02 -0500[diff] [blame]71
72 def delete_record(self, controller_slice_privilege):
73 if controller_slice_privilege.role_id:
74 driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
75 user = ControllerUser.objects.get(
76 controller=controller_slice_privilege.controller,
77 user=controller_slice_privilege.slice_privilege.user
78 )
79 slice = ControllerSlice.objects.get(
80 controller=controller_slice_privilege.controller,
81 user=controller_slice_privilege.slice_privilege.user
82 )
83 driver.delete_user_role(
84 user.kuser_id,
85 slice.tenant_id,
86 controller_slice_privilege.slice_prvilege.role.role
87 )