Gitiles
Code Review Sign In
gerrit.opencord.org / xos / c2fddaa669ad74e6ac0e2b9b22b79bff43e109ec / . / lib / xos-synchronizer / tests / steps / sync_controller_slice_privileges.py
blob: 09b63e6fb8f3a8a3d161822eb6d99ed21b04ef45 [file] [log] [blame]
Scott Bakerbba67b62019-01-28 17:38:21 -0800[diff] [blame]1# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15
16import os
17import base64
18import json
19from xossynchronizer.steps.syncstep import SyncStep
Scott Bakerbba67b62019-01-28 17:38:21 -0800[diff] [blame]20
21class SyncControllerSlicePrivileges(SyncStep):
Scott Bakerbba67b62019-01-28 17:38:21 -0800[diff] [blame]22 requested_interval = 0
Scott Bakerc2fddaa2019-01-30 15:45:03 -0800[diff] [blame^]23 observes = "ControllerSlicePrivilege"
Scott Bakerbba67b62019-01-28 17:38:21 -0800[diff] [blame]24 playbook = "sync_controller_users.yaml"
25
26 def map_sync_inputs(self, controller_slice_privilege):
27 if not controller_slice_privilege.controller.admin_user:
28 return
29
30 template = os_template_env.get_template("sync_controller_users.yaml")
31 roles = [controller_slice_privilege.slice_privilege.role.role]
32 # setup user home slice roles at controller
33 if not controller_slice_privilege.slice_privilege.user.site:
34 raise Exception(
35 "Sliceless user %s"
36 % controller_slice_privilege.slice_privilege.user.email
37 )
38 else:
39 user_fields = {
40 "endpoint": controller_slice_privilege.controller.auth_url,
41 "endpoint_v3": controller_slice_privilege.controller.auth_url_v3,
42 "domain": controller_slice_privilege.controller.domain,
43 "name": controller_slice_privilege.slice_privilege.user.email,
44 "email": controller_slice_privilege.slice_privilege.user.email,
45 "password": controller_slice_privilege.slice_privilege.user.remote_password,
46 "admin_user": controller_slice_privilege.controller.admin_user,
47 "admin_password": controller_slice_privilege.controller.admin_password,
48 "ansible_tag": "%s@%s@%s"
49 % (
50 controller_slice_privilege.slice_privilege.user.email.replace(
51 "@", "-at-"
52 ),
53 controller_slice_privilege.slice_privilege.slice.name,
54 controller_slice_privilege.controller.name,
55 ),
56 "admin_tenant": controller_slice_privilege.controller.admin_tenant,
57 "roles": roles,
58 "tenant": controller_slice_privilege.slice_privilege.slice.name,
59 }
60 return user_fields
61
62 def map_sync_outputs(self, controller_slice_privilege, res):
63 controller_slice_privilege.role_id = res[0]["id"]
64 controller_slice_privilege.save()
65
66 def delete_record(self, controller_slice_privilege):
67 controller_register = json.loads(
68 controller_slice_privilege.controller.backend_register
69 )
70 if controller_register.get("disabled", False):
71 raise InnocuousException(
72 "Controller %s is disabled" % controller_slice_privilege.controller.name
73 )
74
75 if controller_slice_privilege.role_id:
76 driver = self.driver.admin_driver(
77 controller=controller_slice_privilege.controller
78 )
79 user = ControllerUser.objects.filter(
80 controller_id=controller_slice_privilege.controller.id,
81 user_id=controller_slice_privilege.slice_privilege.user.id,
82 )
83 user = user[0]
84 slice = ControllerSlice.objects.filter(
85 controller_id=controller_slice_privilege.controller.id,
86 user_id=controller_slice_privilege.slice_privilege.user.id,
87 )
88 slice = slice[0]
89 driver.delete_user_role(
90 user.kuser_id,
91 slice.tenant_id,
92 controller_slice_privilege.slice_prvilege.role.role,
93 )