planetstack/openstack_observer/steps/sync_controller_users.py

   1 import os
   2 import base64
   3 import hashlib
   4 from collections import defaultdict
   5 from django.db.models import F, Q
   6 from planetstack.config import Config
   7 from observer.openstacksyncstep import OpenStackSyncStep
   8 from core.models.site import Controller, SiteDeployments, ControllerSiteDeployments
   9 from core.models.user import User
  10 from core.models.controllerusers import ControllerUsers
  11 from util.logger import Logger, logging
  12
  13 from observer.ansible import *
  14
  15 logger = Logger(level=logging.INFO)
  16
  17 class SyncControllerUsers(OpenStackSyncStep):
  18     provides=[ControllerUsers, User]
  19     requested_interval=0
  20
  21     def fetch_pending(self, deleted):
  22
  23         if (deleted):
  24             return ControllerUsers.deleted_objects.all()
  25         else:
  26             return ControllerUsers.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
  27
  28     def sync_record(self, controller_user):
  29         logger.info("sync'ing user %s at controller %s" % (controller_user.user, controller_user.controller))
  30
  31         if not controller_user.controller.admin_user:
  32             logger.info("controller %r has no admin_user, skipping" % controller_user.controller)
  33             return
  34
  35         template = os_template_env.get_template('sync_controller_users.yaml')
  36
  37         name = controller_user.user.email[:controller_user.user.email.find('@')]
  38
  39         import pdb
  40         pdb.set_trace()
  41         roles = ['user']
  42         if controller_user.user.is_admin:
  43             roles.append('admin')
  44         else:
  45             raise Exception('Internal error. Missing controller for user %s'%controller_user.user.email)
  46
  47         # setup user home site roles at controller
  48         if not controller_user.user.site:
  49             raise Exception('Siteless user %s'%controller_user.user.email)
  50         else:
  51             # look up tenant id for the user's site at the controller
  52             ctrl_site_deployments = ControllerSiteDeployments.objects.filter(
  53               site_deployment__site=controller_user.user.site,
  54               controller=controller_user.controller)
  55
  56             if ctrl_site_deployments:
  57                 # need the correct tenant id for site at the controller
  58                 tenant_id = ctrl_site_deployments[0].tenant_id
  59                 tenant_name = ctrl_site_deployments[0].site_deployment.site.login_base
  60
  61                 user_fields = {'endpoint':controller_user.controller.auth_url,
  62                        'name': controller_user.user.email,
  63                        'email': controller_user.user.email,
  64                        'password': hashlib.md5(controller_user.user.password).hexdigest()[:6],
  65                        'admin_user': controller_user.controller.admin_user,
  66                        'admin_password': controller_user.controller.admin_password,
  67                        'ansible_tag':'%s@%s'%(controller_user.user.email.replace('@','-at-'),controller_user.controller.name),
  68                        'admin_tenant': 'admin',
  69                        'roles':roles,
  70                        'tenant':tenant_name}
  71
  72                 rendered = template.render(user_fields)
  73                 res = run_template('sync_controller_users.yaml', user_fields,path='controller_users')
  74
  75                 # results is an array in which each element corresponds to an
  76                 # "ok" string received per operation. If we get as many oks as
  77                 # the number of operations we issued, that means a grand success.
  78                 # Otherwise, the number of oks tell us which operation failed.
  79                 expected_length = len(roles) + 1
  80                 if (len(res)==expected_length):
  81                     controller_user.kuser_id = res[0]['id']
  82                     controller_user.save()
  83                 elif (len(res)):
  84                     raise Exception('Could not assign roles for user %s'%user_fields['name'])
  85                 else:
  86                     raise Exception('Could not create or update user %s'%user_fields['name'])
  87
  88     def delete_record(self, controller_user):
  89         if controller_user.kuser_id:
  90             driver = self.driver.admin_driver(controller=controller_user.controller)
  91             driver.delete_user(controller_user.kuser_id)