git://git.onelab.eu / plstackapi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Defer error checking to ansible layer
[plstackapi.git] / planetstack / openstack_observer / steps / sync_controller_slice_privileges.py
1 import os
2 import base64
3 from collections import defaultdict
4 from django.db.models import F, Q
5 from planetstack.config import Config
6 from observer.openstacksyncstep import OpenStackSyncStep
7 from core.models.slice import Controller, SlicePrivilege 
8 from core.models.user import User
9 from core.models.controlleruser import ControllerUser, ControllerSlicePrivilege
10 from util.logger import Logger, logging
11
12 from observer.ansible import *
13
14 logger = Logger(level=logging.INFO)
15
16 class SyncControllerSlicePrivileges(OpenStackSyncStep):
17     provides=[ControllerSlicePrivilege, SlicePrivilege]
18     requested_interval=0
19
20     def fetch_pending(self, deleted):
21
22         if (deleted):
23             return ControllerSlicePrivilege.deleted_objects.all()
24         else:
25             return ControllerSlicePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None)) 
26
27     def sync_record(self, controller_slice_privilege):
28         logger.info("sync'ing controler_slice_privilege %s at controller %s" % (controller_slice_privilege, controller_slice_privilege.controller))
29
30         if not controller_slice_privilege.controller.admin_user:
31             logger.info("controller %r has no admin_user, skipping" % controller_slice_privilege.controller)
32             return
33
34         template = os_template_env.get_template('sync_controller_users.yaml')
35         roles = [controller_slice_privilege.slice_privilege.role.role]
36         # setup user home slice roles at controller 
37         if not controller_slice_privilege.slice_privilege.user.site:
38             raise Exception('Sliceless user %s'%controller_slice_privilege.slice_privilege.user.email)
39         else:
40             # look up tenant id for the user's slice at the controller
41             #ctrl_slice_deployments = SliceDeployment.objects.filter(
42             #  slice_deployment__slice=controller_slice_privilege.user.slice,
43             #  controller=controller_slice_privilege.controller)
44
45             #if ctrl_slice_deployments:
46             #    # need the correct tenant id for slice at the controller
47             #    tenant_id = ctrl_slice_deployments[0].tenant_id  
48             #    tenant_name = ctrl_slice_deployments[0].slice_deployment.slice.login_base
49             user_fields = {
50                        'endpoint':controller_slice_privilege.controller.auth_url,
51                        'name': controller_slice_privilege.slice_privilege.user.email,
52                        'email': controller_slice_privilege.slice_privilege.user.email,
53                        'password': controller_slice_privilege.slice_privilege.user.remote_password,
54                        'admin_user': controller_slice_privilege.controller.admin_user,
55                        'admin_password': controller_slice_privilege.controller.admin_password,
56                        'ansible_tag':'%s@%s'%(controller_slice_privilege.slice_privilege.user.email.replace('@','-at-'),controller_slice_privilege.controller.name),
57                        'admin_tenant': controller_slice_privilege.controller.admin_tenant,
58                        'roles':roles,
59                        'tenant':controller_slice_privilege.slice_privilege.slice.name}    
60         
61             rendered = template.render(user_fields)
62             expected_length = len(roles) + 1
63             res = run_template('sync_controller_users.yaml', user_fields, path='controller_slice_privileges', expected_num=expected_length)
64
65             # results is an array in which each element corresponds to an 
66             # "ok" string received per operation. If we get as many oks as
67             # the number of operations we issued, that means a grand success.
68             # Otherwise, the number of oks tell us which operation failed.
69             controller_slice_privilege.role_id = res[0]['id']
70             controller_slice_privilege.save()
71
72     def delete_record(self, controller_slice_privilege):
73         if controller_slice_privilege.role_id:
74             driver = self.driver.admin_driver(controller=controller_slice_privilege.controller)
75             user = ControllerUser.objects.get(
76                 controller=controller_slice_privilege.controller, 
77                 user=controller_slice_privilege.slice_privilege.user
78             )
79             slice = ControllerSlice.objects.get(
80                 controller=controller_slice_privilege.controller, 
81                 user=controller_slice_privilege.slice_privilege.user
82             )
83             driver.delete_user_role(
84                 user.kuser_id, 
85                 slice.tenant_id, 
86                 controller_slice_privilege.slice_prvilege.role.role
87             )
plstackapi