planetstack/openstack_observer/steps/sync_site_privileges.py

   1 import os
   2 import base64
   3 from django.db.models import F, Q
   4 from planetstack.config import Config
   5 from observer.openstacksyncstep import OpenStackSyncStep
   6 from core.models import User, UserDeployments, SitePrivilege, SiteDeployments
   7
   8 class SyncSitePrivileges(OpenStackSyncStep):
   9     requested_interval=0
  10     provides=[SitePrivilege]
  11
  12     def fetch_pending(self, deleted):
  13         # Deleting site privileges is not supported yet
  14         if (deleted):
  15             return []
  16
  17         return SitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
  18
  19     def sync_record(self, site_priv):
  20         if site_priv.user.kuser_id and site_priv.site.tenant_id:
  21             self.driver.add_user_role(site_priv.user.kuser_id,
  22                                       site_priv.site.tenant_id,
  23                                       site_priv.role.role)
  24
  25         # sync site privileges at all site deployments
  26         site_deployments = SiteDeployments.objects.filter(site=site_priv.site)
  27         for site_deployment in site_deployments:
  28             user_deployments = UserDeployments.objects.filter(deployment=site_deployment.deployment)
  29             if user_deployments:
  30                 kuser_id  = user_deployments[0].kuser_id
  31                 driver = self.driver.admin_driver(deployment=site_deployment.deployment.name)
  32                 driver.add_user_role(kuser_id,
  33                                      site_deployment.tenant_id,
  34                                      site_priv.role.role)