3 from collections import defaultdict
4 from django.db.models import F, Q
5 from planetstack.config import Config
6 from observer.openstacksyncstep import OpenStackSyncStep
7 from core.models.slice import Controller, SlicePrivilege
8 from core.models.user import User
9 from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
10 from util.logger import Logger, logging
12 from observer.ansible import *
14 logger = Logger(level=logging.INFO)
16 class SyncControllerSlicePrivileges(OpenStackSyncStep):
17 provides=[SlicePrivilege]
20 def fetch_pending(self, deleted):
23 return ControllerSlicePrivilege.deleted_objects.all()
25 return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
27 def sync_record(self, controller_slice_privilege):
28 logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))
30 if not controller_slice_privilege.controller.admin_user:
31 logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
34 template = os_template_env.get_template('sync_controller_users.yaml')
35 roles = [controller_slice_privilege.slice_privilege.role.role]
36 # setup user home slice roles at controller
37 if not controller_slice_privilege.slice_privilege.user.site:
38 raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
40 # look up tenant id for the user's slice at the controller
41 #ctrl_slice_deployments = SliceDeployment.objects.filter(
42 # slice_deployment__slice=controller_slice_privilege.user.slice,
43 # controller=controller_slice_privilege.controller)
45 #if ctrl_slice_deployments:
46 # # need the correct tenant id for slice at the controller
47 # tenant_id = ctrl_slice_deployments[0].tenant_id
48 # tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
50 'endpoint':controller_slice_privilege.controller.auth_url,
51 'name': controller_slice_privilege.slice_privilege.user.email,
52 'email': controller_slice_privilege.slice_privilege.user.email,
53 'password': controller_slice_privilege.slice_privilege.user.remote_password,
54 'admin_user': controller_slice_privilege.controller.admin_user,
55 'admin_password': controller_slice_privilege.controller.admin_password,
56 'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),
57 'admin_tenant': controller_slice_privilege.controller.admin_tenant,
59 'tenant':controller_slice_privilege.slice_privilege.slice.name}
61 rendered = template.render(user_fields)
62 expected_length = len(roles) + 1
63 res = run_template('sync_controller_users.yaml', user_fields, path='controller_slice_privileges', expected_num=expected_length)
65 # results is an array in which each element corresponds to an
66 # "ok" string received per operation. If we get as many oks as
67 # the number of operations we issued, that means a grand success.
68 # Otherwise, the number of oks tell us which operation failed.
69 controller_slice_privilege.role_id = res[0]['id']
70 controller_slice_privilege.save()
72 def delete_record(self, controller_slice_privilege):
73 if controller_slice_privilege.role_id:
74 driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
75 user = ControllerUser.objects.get(
76 controller=controller_slice_privilege.controller,
77 user=controller_slice_privilege.slice_privilege.user
79 slice = ControllerSlice.objects.get(
80 controller=controller_slice_privilege.controller,
81 user=controller_slice_privilege.slice_privilege.user
83 driver.delete_user_role(
86 controller_slice_privilege.slice_prvilege.role.role