planetstack/observer/steps/sync_site_privileges.py

   1 import os
   2 import base64
   3 from django.db.models import F, Q
   4 from planetstack.config import Config
   5 from observer.openstacksyncstep import OpenStackSyncStep
   6 from core.models.site import *
   7 from core.models.user import User, UserDeployments
   8
   9 class SyncSitePrivileges(OpenStackSyncStep):
  10     requested_interval=0
  11     provides=[SitePrivilege]
  12
  13     def fetch_pending(self):
  14         return SitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
  15
  16     def sync_record(self, site_priv):
  17         if site_priv.user.kuser_id and site_priv.site.tenant_id:
  18             self.driver.add_user_role(site_priv.user.kuser_id,
  19                                       site_priv.site.tenant_id,
  20                                       site_priv.role.role)
  21
  22         # sync site privileges at all site deployments
  23         site_deployments = SiteDeployments.objects.filter(site=site_priv.site)
  24         for site_deployment in site_deployments:
  25             user_deployments = UserDeployments.objects.filter(deployment=site_deployment.deployment)
  26             if user_deployments:
  27                 kuser_id  = user_deployments[0].kuser_id
  28                 driver = self.driver.admin_driver(deployment=site_deployment.deployment.name)
  29                 driver.add_user_role(kuser_id,
  30                                      site_deployment.tenant_id,
  31                                      site_priv.role.role)