3 from collections import defaultdict
4 from django.db.models import F, Q
5 from planetstack.config import Config
6 from observer.openstacksyncstep import OpenStackSyncStep
7 from core.models.site import Controller, SitePrivilege
8 from core.models.user import User
9 from core.models.controlleruser import ControllerUser, ControllerSitePrivilege
10 from util.logger import Logger, logging
12 from observer.ansible import *
14 logger = Logger(level=logging.INFO)
16 class SyncControllerSitePrivileges(OpenStackSyncStep):
17 provides=[ControllerSitePrivilege, SitePrivilege]
20 def fetch_pending(self, deleted):
23 return ControllerSitePrivilege.deleted_objects.all()
25 return ControllerSitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
27 def sync_record(self, controller_site_privilege):
28 logger.info("sync'ing controler_site_privilege %s at controller %s" % (controller_site_privilege, controller_site_privilege.controller))
30 if not controller_site_privilege.controller.admin_user:
31 logger.info("controller %r has no admin_user, skipping" % controller_site_privilege.controller)
34 template = os_template_env.get_template('sync_controller_users.yaml')
35 roles = [controller_site_privilege.site_privilege.role.role]
36 # setup user home site roles at controller
37 if not controller_site_privilege.site_privilege.user.site:
38 raise Exception('Siteless user %s'%controller_site_privilege.site_privilege.user.email)
40 # look up tenant id for the user's site at the controller
41 #ctrl_site_deployments = SiteDeployment.objects.filter(
42 # site_deployment__site=controller_site_privilege.user.site,
43 # controller=controller_site_privilege.controller)
45 #if ctrl_site_deployments:
46 # # need the correct tenant id for site at the controller
47 # tenant_id = ctrl_site_deployments[0].tenant_id
48 # tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
50 'endpoint':controller_site_privilege.controller.auth_url,
51 'name': controller_site_privilege.site_privilege.user.email,
52 'email': controller_site_privilege.site_privilege.user.email,
53 'password': controller_site_privilege.site_privilege.user.remote_password,
54 'admin_user': controller_site_privilege.controller.admin_user,
55 'admin_password': controller_site_privilege.controller.admin_password,
56 'ansible_tag':'%s@%s'%(controller_site_privilege.site_privilege.user.email.replace('@','-at-'),controller_site_privilege.controller.name),
57 'admin_tenant': controller_site_privilege.controller.admin_tenant,
59 'tenant':controller_site_privilege.site_privilege.site.login_base}
61 rendered = template.render(user_fields)
62 res = run_template('sync_controller_users.yaml', user_fields,path='controller_site_privileges')
64 # results is an array in which each element corresponds to an
65 # "ok" string received per operation. If we get as many oks as
66 # the number of operations we issued, that means a grand success.
67 # Otherwise, the number of oks tell us which operation failed.
68 expected_length = len(roles) + 1
69 if (len(res)==expected_length):
70 controller_site_privilege.role_id = res[0]['id']
71 controller_site_privilege.save()
73 raise Exception('Could not assign roles for user %s'%user_fields['name'])
75 raise Exception('Could not create or update user %s'%user_fields['name'])
77 def delete_record(self, controller_site_privilege):
78 if controller_site_privilege.role_id:
79 driver = self.driver.admin_driver(controller=controller_site_privilege.controller)
80 user = ControllerUser.objects.get(
81 controller=controller_site_privilege.controller,
82 user=controller_site_privilege.site_privilege.user
84 site = ControllerSite.objects.get(
85 controller=controller_site_privilege.controller,
86 user=controller_site_privilege.site_privilege.user
88 driver.delete_user_role(
91 controller_site_privilege.site_prvilege.role.role