blob: 0ea86e1064f22864baef0d3d64d86978c7761f95 [file] [log] [blame]
Tony Mackffe6d8b2015-01-06 23:48:02 -05001import os
2import base64
3from collections import defaultdict
4from django.db.models import F, Q
5from planetstack.config import Config
6from observer.openstacksyncstep import OpenStackSyncStep
7from core.models.site import Controller, SitePrivilege
8from core.models.user import User
9from core.models.controlleruser import ControllerUser, ControllerSitePrivilege
10from util.logger import Logger, logging
11
12from observer.ansible import *
13
14logger = Logger(level=logging.INFO)
15
16class SyncControllerSitePrivileges(OpenStackSyncStep):
Sapan Bhatiab3048aa2015-01-27 03:52:19 +000017 provides=[SitePrivilege]
Tony Mackffe6d8b2015-01-06 23:48:02 -050018 requested_interval=0
Sapan Bhatia99f49682015-01-29 20:58:25 +000019 observes=ControllerSitePrivilege
Tony Mackffe6d8b2015-01-06 23:48:02 -050020
21 def fetch_pending(self, deleted):
22
23 if (deleted):
24 return ControllerSitePrivilege.deleted_objects.all()
25 else:
26 return ControllerSitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
27
28 def sync_record(self, controller_site_privilege):
29 logger.info("sync'ing controler_site_privilege %s at controller %s" % (controller_site_privilege, controller_site_privilege.controller))
30
31 if not controller_site_privilege.controller.admin_user:
32 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
33 return
34
35 template = os_template_env.get_template('sync_controller_users.yaml')
36 roles = [controller_site_privilege.site_privilege.role.role]
37 # setup user home site roles at controller
38 if not controller_site_privilege.site_privilege.user.site:
39 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
40 else:
41 # look up tenant id for the user's site at the controller
42 #ctrl_site_deployments = SiteDeployment.objects.filter(
43 # site_deployment__site=controller_site_privilege.user.site,
44 # controller=controller_site_privilege.controller)
45
46 #if ctrl_site_deployments:
47 # # need the correct tenant id for site at the controller
48 # tenant_id = ctrl_site_deployments[0].tenant_id
49 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
50 user_fields = {
51 'endpoint':controller_site_privilege.controller.auth_url,
52 'name': controller_site_privilege.site_privilege.user.email,
53 'email': controller_site_privilege.site_privilege.user.email,
54 'password': controller_site_privilege.site_privilege.user.remote_password,
55 'admin_user': controller_site_privilege.controller.admin_user,
56 'admin_password': controller_site_privilege.controller.admin_password,
57 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
58 'admin_tenant': controller_site_privilege.controller.admin_tenant,
59 'roles':roles,
60 'tenant':controller_site_privilege.site_privilege.site.login_base}
61
62 rendered = template.render(user_fields)
Sapan Bhatiab0464ba2015-01-23 16:21:57 +000063 expected_length = len(roles) + 1
64 res = run_template('sync_controller_users.yaml', user_fields,path='controller_site_privileges', expected_num=expected_length)
Tony Mackffe6d8b2015-01-06 23:48:02 -050065
66 # results is an array in which each element corresponds to an
67 # "ok" string received per operation. If we get as many oks as
68 # the number of operations we issued, that means a grand success.
69 # Otherwise, the number of oks tell us which operation failed.
Sapan Bhatiab0464ba2015-01-23 16:21:57 +000070 controller_site_privilege.role_id = res[0]['id']
71 controller_site_privilege.save()
Tony Mackffe6d8b2015-01-06 23:48:02 -050072
73 def delete_record(self, controller_site_privilege):
74 if controller_site_privilege.role_id:
75 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
76 user = ControllerUser.objects.get(
77 controller=controller_site_privilege.controller,
78 user=controller_site_privilege.site_privilege.user
79 )
80 site = ControllerSite.objects.get(
81 controller=controller_site_privilege.controller,
82 user=controller_site_privilege.site_privilege.user
83 )
84 driver.delete_user_role(
85 user.kuser_id,
86 site.tenant_id,
87 controller_site_privilege.site_prvilege.role.role
88 )