X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fopenstack_observer%2Fsteps%2Fsync_user_deployments.py;h=f7e41a0500fde16e7896613f56e6f29ecaae022c;hb=abf0babac755535c7d0e027e6a7031823dc14dfc;hp=5d6ce2d06acfe571e03697133cd2038c99a04d29;hpb=ef3ae35afe674ee096a46ada49cab94ec702cf73;p=plstackapi.git

diff --git a/planetstack/openstack_observer/steps/sync_user_deployments.py b/planetstack/openstack_observer/steps/sync_user_deployments.py
index 5d6ce2d..f7e41a0 100644
--- a/planetstack/openstack_observer/steps/sync_user_deployments.py
+++ b/planetstack/openstack_observer/steps/sync_user_deployments.py
@@ -10,6 +10,8 @@ from core.models.user import User
 from core.models.userdeployments import UserDeployments
 from util.logger import Logger, logging
 
+from observer.ansible import *
+
 logger = Logger(level=logging.INFO)
 
 class SyncUserDeployments(OpenStackSyncStep):
@@ -20,90 +22,65 @@ class SyncUserDeployments(OpenStackSyncStep):
 
         if (deleted):
             return UserDeployments.deleted_objects.all()
-
-        # user deployments are not visible to users. We must ensure
-        # user are deployed at all deploymets available to their sites.
         else:
-            deployments = Deployment.objects.all()
-            site_deployments = SiteDeployments.objects.all()
-            site_deploy_lookup = defaultdict(list)
-            for site_deployment in site_deployments:
-                site_deploy_lookup[site_deployment.site].append(site_deployment.deployment)
-
-            user_deploy_lookup = defaultdict(list)
-            for user_deployment in UserDeployments.objects.all():
-                user_deploy_lookup[user_deployment.user].append(user_deployment.deployment)
-           
-            all_deployments = Deployment.objects.filter() 
-            for user in User.objects.all():
-                if user.is_admin:
-                    # admins should have an account at all deployments
-                    expected_deployments = deployments
-                else:
-                    # normal users should have an account at their site's deployments
-                    #expected_deployments = site_deploy_lookup[user.site]
-                    # users are added to all deployments for now
-                    expected_deployments = deployments        
-                for expected_deployment in expected_deployments:
-                    if not user in user_deploy_lookup or \
-                      expected_deployment not in user_deploy_lookup[user]: 
-                        # add new record
-                        ud = UserDeployments(user=user, deployment=expected_deployment)
-                        ud.save()
-                        #user_deployments.append(ud)
-                    #else:
-                    #    # update existing record
-                    #    ud = UserDeployments.objects.get(user=user, deployment=expected_deployment)
-                    #    user_deployments.append(ud)
-
             return UserDeployments.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None)) 
 
     def sync_record(self, user_deployment):
         logger.info("sync'ing user %s at deployment %s" % (user_deployment.user, user_deployment.deployment.name))
+
+        if not user_deployment.deployment.admin_user:
+            logger.info("deployment %r has no admin_user, skipping" % user_deployment.deployment)
+            return
+
+	template = os_template_env.get_template('sync_user_deployments.yaml')
+	
         name = user_deployment.user.email[:user_deployment.user.email.find('@')]
-        user_fields = {'name': user_deployment.user.email,
-                       'email': user_deployment.user.email,
-                       'password': hashlib.md5(user_deployment.user.password).hexdigest()[:6],
-                       'enabled': True}    
-        driver = self.driver.admin_driver(deployment=user_deployment.deployment.name)
-        if not user_deployment.kuser_id:
-            keystone_user = driver.create_user(**user_fields)
-            user_deployment.kuser_id = keystone_user.id
-        else:
-            driver.update_user(user_deployment.kuser_id, user_fields)
 
-        # setup user deployment home site roles  
+	roles = []
+	# setup user deployment home site roles  
         if user_deployment.user.site:
             site_deployments = SiteDeployments.objects.filter(site=user_deployment.user.site,
                                                               deployment=user_deployment.deployment)
             if site_deployments:
                 # need the correct tenant id for site at the deployment
                 tenant_id = site_deployments[0].tenant_id  
-                driver.add_user_role(user_deployment.kuser_id, 
-                                     tenant_id, 'user')
+		tenant_name = site_deployments[0].site.login_base
+
+		roles.append('user')
                 if user_deployment.user.is_admin:
-                    driver.add_user_role(user_deployment.kuser_id, tenant_id, 'admin')
-                else:
-                    # may have admin role so attempt to remove it
-                    driver.delete_user_role(user_deployment.kuser_id, tenant_id, 'admin')
+                    roles.append('admin')
+	    else:
+		raise Exception('Internal error. Missing SiteDeployment for user %s'%user_deployment.user.email)
+	else:
+	    raise Exception('Siteless user %s'%user_deployment.user.email)
 
-        #if user_deployment.user.public_key:
-        #    if not user_deployment.user.keyname:
-        #        keyname = user_deployment.user.email.lower().replace('@', 'AT').replace('.', '')
-        #        user_deployment.user.keyname = keyname
-        #        user_deployment.user.save()
-        #    
-        #    user_driver = driver.client_driver(caller=user_deployment.user, 
-        #                                       tenant=user_deployment.user.site.login_base, 
-        #                                       deployment=user_deployment.deployment.name)
-        #    key_fields =  {'name': user_deployment.user.keyname,
-        #                   'public_key': user_deployment.user.public_key}
-        #    user_driver.create_keypair(**key_fields)
 
-        user_deployment.save()
+        user_fields = {'endpoint':user_deployment.deployment.auth_url,
+		       'name': user_deployment.user.email,
+                       'email': user_deployment.user.email,
+                       'password': hashlib.md5(user_deployment.user.password).hexdigest()[:6],
+                       'admin_user': user_deployment.deployment.admin_user,
+		       'admin_password': user_deployment.deployment.admin_password,
+		       'admin_tenant': 'admin',
+		       'roles':roles,
+		       'tenant':tenant_name}    
+	
+	rendered = template.render(user_fields)
+	res = run_template('sync_user_deployments.yaml', user_fields)
+
+	# results is an array in which each element corresponds to an 
+	# "ok" string received per operation. If we get as many oks as
+	# the number of operations we issued, that means a grand success.
+	# Otherwise, the number of oks tell us which operation failed.
+	expected_length = len(roles) + 1
+	if (len(res)==expected_length):
+        	user_deployment.save()
+	elif (len(res)):
+		raise Exception('Could not assign roles for user %s'%user_fields['name'])
+	else:
+		raise Exception('Could not create or update user %s'%user_fields['name'])
 
     def delete_record(self, user_deployment):
-        if user_deployment.user.kuser_id:
+        if user_deployment.kuser_id:
             driver = self.driver.admin_driver(deployment=user_deployment.deployment.name)
-            driver.delete_user(user_deployment.user.kuser_id)
-
+            driver.delete_user(user_deployment.kuser_id)