Gitiles
Code Review Sign In
gerrit.opencord.org / xos / bba67b67188497c6d4a974723ca89489c0cd7c47 / . / lib / xos-synchronizer / tests / steps / sync_controller_slice_privileges.py
blob: ec0667cbdf36a21353da4bd92d037eb2b39f2f2e [file] [log] [blame]
Scott Bakerbba67b62019-01-28 17:38:21 -0800[diff] [blame^]1# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15
16import os
17import base64
18import json
19from xossynchronizer.steps.syncstep import SyncStep
20from xossynchronizer.mock_modelaccessor import *
21
22class SyncControllerSlicePrivileges(SyncStep):
23 provides = [SlicePrivilege]
24 requested_interval = 0
25 observes = ControllerSlicePrivilege
26 playbook = "sync_controller_users.yaml"
27
28 def map_sync_inputs(self, controller_slice_privilege):
29 if not controller_slice_privilege.controller.admin_user:
30 return
31
32 template = os_template_env.get_template("sync_controller_users.yaml")
33 roles = [controller_slice_privilege.slice_privilege.role.role]
34 # setup user home slice roles at controller
35 if not controller_slice_privilege.slice_privilege.user.site:
36 raise Exception(
37 "Sliceless user %s"
38 % controller_slice_privilege.slice_privilege.user.email
39 )
40 else:
41 user_fields = {
42 "endpoint": controller_slice_privilege.controller.auth_url,
43 "endpoint_v3": controller_slice_privilege.controller.auth_url_v3,
44 "domain": controller_slice_privilege.controller.domain,
45 "name": controller_slice_privilege.slice_privilege.user.email,
46 "email": controller_slice_privilege.slice_privilege.user.email,
47 "password": controller_slice_privilege.slice_privilege.user.remote_password,
48 "admin_user": controller_slice_privilege.controller.admin_user,
49 "admin_password": controller_slice_privilege.controller.admin_password,
50 "ansible_tag": "%s@%s@%s"
51 % (
52 controller_slice_privilege.slice_privilege.user.email.replace(
53 "@", "-at-"
54 ),
55 controller_slice_privilege.slice_privilege.slice.name,
56 controller_slice_privilege.controller.name,
57 ),
58 "admin_tenant": controller_slice_privilege.controller.admin_tenant,
59 "roles": roles,
60 "tenant": controller_slice_privilege.slice_privilege.slice.name,
61 }
62 return user_fields
63
64 def map_sync_outputs(self, controller_slice_privilege, res):
65 controller_slice_privilege.role_id = res[0]["id"]
66 controller_slice_privilege.save()
67
68 def delete_record(self, controller_slice_privilege):
69 controller_register = json.loads(
70 controller_slice_privilege.controller.backend_register
71 )
72 if controller_register.get("disabled", False):
73 raise InnocuousException(
74 "Controller %s is disabled" % controller_slice_privilege.controller.name
75 )
76
77 if controller_slice_privilege.role_id:
78 driver = self.driver.admin_driver(
79 controller=controller_slice_privilege.controller
80 )
81 user = ControllerUser.objects.filter(
82 controller_id=controller_slice_privilege.controller.id,
83 user_id=controller_slice_privilege.slice_privilege.user.id,
84 )
85 user = user[0]
86 slice = ControllerSlice.objects.filter(
87 controller_id=controller_slice_privilege.controller.id,
88 user_id=controller_slice_privilege.slice_privilege.user.id,
89 )
90 slice = slice[0]
91 driver.delete_user_role(
92 user.kuser_id,
93 slice.tenant_id,
94 controller_slice_privilege.slice_prvilege.role.role,
95 )