Blame - xos/openstack_observer/steps/sync_controller_users.py - xos

blob: 505ba877e94b8a25043d1f34f213b967475337e1 [file] [log] [blame]

Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	1	import os
				2	import base64
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	3	from collections import defaultdict
				4	from django.db.models import F, Q
Scott Baker	76a840e	2015-02-11 21:38:09 -0800	[diff] [blame]	5	from xos.config import Config
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	6	from observer.openstacksyncstep import OpenStackSyncStep
Sapan Bhatia	e6376de	2015-05-13 15:51:03 +0200	[diff] [blame]	7	from observer.syncstep import *
Tony Mack	a7dbd42	2015-01-05 22:48:11 -0500	[diff] [blame]	8	from core.models.site import Controller, SiteDeployment, SiteDeployment
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	9	from core.models.user import User
Tony Mack	2656436	2015-01-06 17:49:25 -0500	[diff] [blame]	10	from core.models.controlleruser import ControllerUser
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	11	from observer.ansible import *
Tony Mack	08f8288	2015-03-29 08:32:21 -0400	[diff] [blame]	12	from util.logger import observer_logger as logger
Sapan Bhatia	9028c9a	2015-05-09 18:14:40 +0200	[diff] [blame]	13	import json
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	14
Tony Mack	2656436	2015-01-06 17:49:25 -0500	[diff] [blame]	15	class SyncControllerUsers(OpenStackSyncStep):
Sapan Bhatia	b3048aa	2015-01-27 03:52:19 +0000	[diff] [blame]	16	provides=[User]
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	17	requested_interval=0
Sapan Bhatia	99f4968	2015-01-29 20:58:25 +0000	[diff] [blame]	18	observes=ControllerUser
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	19
				20	def fetch_pending(self, deleted):
				21
				22	if (deleted):
Tony Mack	a7dbd42	2015-01-05 22:48:11 -0500	[diff] [blame]	23	return ControllerUser.deleted_objects.all()
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	24	else:
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	25	return ControllerUser.objects.filter(Q(enacted__lt=F('updated')) \| Q(enacted=None))
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	26
				27	def sync_record(self, controller_user):
				28	logger.info("sync'ing user %s at controller %s" % (controller_user.user, controller_user.controller))
				29
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	30	controller_register = json.loads(controller_user.controller.backend_register)
Sapan Bhatia	9028c9a	2015-05-09 18:14:40 +0200	[diff] [blame]	31	if (controller_register.get('disabled',False)):
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	32	raise InnocuousException('Controller %s is disabled'%controller_user.controller.name)
Sapan Bhatia	9028c9a	2015-05-09 18:14:40 +0200	[diff] [blame]	33
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	34	if not controller_user.controller.admin_user:
				35	logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
				36	return
				37
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	38	template = os_template_env.get_template('sync_controller_users.yaml')
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	39
Tony Mack	cd5fded	2015-01-03 15:21:50 -0500	[diff] [blame]	40	# All users will have at least the 'user' role at their home site/tenant.
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	41	# We must also check if the user should have the admin role
				42	roles = ['user']
Tony Mack	528d422	2014-12-05 17:13:08 -0500	[diff] [blame]	43	if controller_user.user.is_admin:
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	44	roles.append('admin')
				45
				46	# setup user home site roles at controller
Tony Mack	528d422	2014-12-05 17:13:08 -0500	[diff] [blame]	47	if not controller_user.user.site:
Tony Mack	cd5fded	2015-01-03 15:21:50 -0500	[diff] [blame]	48	raise Exception('Siteless user %s'%controller_user.user.email)
Tony Mack	528d422	2014-12-05 17:13:08 -0500	[diff] [blame]	49	else:
				50	# look up tenant id for the user's site at the controller
Tony Mack	a7dbd42	2015-01-05 22:48:11 -0500	[diff] [blame]	51	#ctrl_site_deployments = SiteDeployment.objects.filter(
Tony Mack	cd5fded	2015-01-03 15:21:50 -0500	[diff] [blame]	52	# site_deployment__site=controller_user.user.site,
				53	# controller=controller_user.controller)
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	54
Tony Mack	cd5fded	2015-01-03 15:21:50 -0500	[diff] [blame]	55	#if ctrl_site_deployments:
				56	# # need the correct tenant id for site at the controller
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	57	# tenant_id = ctrl_site_deployments[0].tenant_id
Tony Mack	cd5fded	2015-01-03 15:21:50 -0500	[diff] [blame]	58	# tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
				59	user_fields = {
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	60	'endpoint':controller_user.controller.auth_url,
Tony Mack	09a2f07	2015-09-14 00:53:39 +0000	[diff] [blame]	61	'endpoint_v3': controller_user.controller.auth_url_v3,
				62	'domain': controller_user.controller.domain,
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	63	'name': controller_user.user.email,
				64	'email': controller_user.user.email,
				65	'password': controller_user.user.remote_password,
				66	'admin_user': controller_user.controller.admin_user,
				67	'admin_password': controller_user.controller.admin_password,
				68	'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
				69	'admin_tenant': controller_user.controller.admin_tenant,
				70	'roles':roles,
				71	'tenant':controller_user.user.site.login_base
				72	}
Sapan Bhatia	b0464ba	2015-01-23 16:21:57 +0000	[diff] [blame]	73
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	74	rendered = template.render(user_fields)
				75	expected_length = len(roles) + 1
				76
				77	res = run_template('sync_controller_users.yaml', user_fields,path='controller_users', expected_num=expected_length)
Sapan Bhatia	b0464ba	2015-01-23 16:21:57 +0000	[diff] [blame]	78
				79	controller_user.kuser_id = res[0]['id']
Sapan Bhatia	5851db4	2015-01-27 03:52:43 +0000	[diff] [blame]	80	controller_user.backend_status = '1 - OK'
Sapan Bhatia	b0464ba	2015-01-23 16:21:57 +0000	[diff] [blame]	81	controller_user.save()
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	82
				83	def delete_record(self, controller_user):
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	84	controller_register = json.loads(controller_user.controller.backend_register)
Sapan Bhatia	9028c9a	2015-05-09 18:14:40 +0200	[diff] [blame]	85	if (controller_register.get('disabled',False)):
Andy Bavier	6eb12a4	2015-08-03 15:55:16 -0400	[diff] [blame]	86	raise InnocuousException('Controller %s is disabled'%controller_user.controller.name)
Sapan Bhatia	9028c9a	2015-05-09 18:14:40 +0200	[diff] [blame]	87
Tony Mack	336e0f9	2014-11-30 15:53:08 -0500	[diff] [blame]	88	if controller_user.kuser_id:
				89	driver = self.driver.admin_driver(controller=controller_user.controller)
				90	driver.delete_user(controller_user.kuser_id)