def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj.group(1)),
'project__projectname' : usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id,
user_id, default_roleid)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : user_name,
'project' : project_name
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=project_id, dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2), data['newname'],
None, data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid = regid,
project__projectname = prjname
)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {
'project' : project_name
}
notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params,
dst_project_id=kprj.id, dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2),
data['newname'], None,
data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid=regid, project__projectname=prjname)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description,
True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {'project': project_name}
notifyUser(request=self.request,
rcpt=user_email,
action=PRJ_CREATE_TYPE,
context=noti_params,
dst_project_id=kprj.id,
dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration,
flowstatus=RSTATUS_PENDING
)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(
project__projectid__isnull = True,
flowstatus = PSTATUS_REG
)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request, newreq_prj.projectname,
newreq_prj.description, True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname, data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
if is_local:
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request, p_item.project.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params,
dst_project_id=p_item.project.projectid, dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname
}
notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request,
_("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(
regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration, flowstatus=RSTATUS_PENDING)[0]
prjReqList = PrjRequest.objects.filter(
registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(
globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" %
reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull': False,
'flowstatus': PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(project__projectid__isnull=True,
flowstatus=PSTATUS_REG)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request,
newreq_prj.projectname,
newreq_prj.description,
True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname,
data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
if is_local:
registration.username = data['username']
kuser = keystone_api.user_create(
request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_item.projectid,
registration.userid,
tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request,
p_item.project.projectid)
tmpres = EMail.objects.filter(
registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': data['username'],
'project': p_item.project.projectname
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_WAIT_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname,
'prjadmins': m_emails
}
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_ONGOING,
context=n2_params,
dst_project_id=p_item.project.projectid,
dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname
}
notifyUser(request=self.request,
rcpt=user_email,
action=FIRST_REG_OK_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid,
dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id, user_id,
default_roleid)
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(registration=prj_req.registration,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {'username': user_name, 'project': project_name}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_OK_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
#
# Enable reminder for cloud admin if present
#
RegRequest.objects.filter(
registration = reg_user,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def setup_new_project(request, project_id, project_name, data):
try:
acct_table = getattr(settings, 'ACCOUNTING', None)
if acct_table:
uid = acct_table.get('user_id', None)
roleid = acct_table.get('role_id', None)
if uid and roleid:
keystone_api.add_tenant_user_role(request, project_id, uid, roleid)
except:
LOG.error("Cannot add user for accounting", exc_info=True)
messages.error(request, _("Cannot add user for accounting"))
unit_id = data.get('unit', None)
cloud_table = get_unit_table()
if not unit_id or not unit_id in cloud_table:
return
unit_data = cloud_table[unit_id]
prj_cname = re.sub(r'\s+', "-", project_name)
flow_step = 0
try:
cinder_params = dict()
for pkey, pvalue in unit_data.items():
if pkey == 'quota_total':
cinder_params['gigabytes'] = pvalue
elif pkey == 'quota_per_volume':
cinder_params['per_volume_gigabytes'] = pvalue
elif pkey.startswith('quota_'):
cinder_params['gigabytes_' + pkey[6:]] = pvalue
if len(cinder_params):
cinder_api.tenant_quota_update(request, project_id, **cinder_params)
except:
LOG.error("Cannot setup project quota", exc_info=True)
messages.error(request, _("Cannot setup project quota"))
try:
hyper_list = unit_data.get('hypervisors', [])
if len(hyper_list):
agg_prj_cname = "%s-%s" % (unit_data.get('aggregate_prefix', unit_id), prj_cname)
avail_zone = unit_data.get('availability_zone', 'nova')
new_aggr = nova_api.aggregate_create(request, agg_prj_cname, avail_zone)
flow_step += 1
for h_item in hyper_list:
nova_api.add_host_to_aggregate(request, new_aggr.id, h_item)
flow_step += 1
all_md = { 'filter_tenant_id' : project_id }
all_md.update(unit_data.get('metadata', {}))
nova_api.aggregate_set_metadata(request, new_aggr.id, all_md)
flow_step = 0
except:
if flow_step == 0:
err_msg = _("Cannot create host aggregate")
elif flow_step == 1:
err_msg = _("Cannot insert hypervisor in aggregate")
else:
err_msg = _("Cannot set metadata for aggregate")
LOG.error(err_msg, exc_info=True)
messages.error(request, err_msg)
try:
subnet_cidr = data['%s-net' % unit_id]
prj_lan_name = "%s-lan" % prj_cname
prj_net = neutron_api.network_create(request, tenant_id=project_id, name=prj_lan_name)
flow_step += 1
net_args = {
'cidr' : subnet_cidr,
'ip_version' : 4,
'dns_nameservers' : unit_data.get('nameservers', []),
'enable_dhcp' : True,
'tenant_id' : project_id,
'name' : "sub-%s-lan" % prj_cname
}
prj_sub = neutron_api.subnet_create(request, prj_net['id'], **net_args)
flow_step += 1
if 'lan_router' in unit_data:
f_ips = [{
"ip_address" : subnet_cidr.replace('0/24', '1'),
"subnet_id" : prj_sub['id']
}]
r_port = neutron_api.port_create(request, prj_net['id'],
tenant_id=project_id,
project_id=project_id,
fixed_ips=f_ips)
neutron_api.router_add_interface(request, unit_data['lan_router'],
port_id=r_port['id'])
flow_step = 0
except:
if flow_step == 0:
err_msg = _("Cannot create network")
elif flow_step == 1:
err_msg = _("Cannot create sub-network")
else:
err_msg = _("Cannot add interface to router")
LOG.error(err_msg, exc_info=True)
messages.error(request, err_msg)
try:
subnet_cidr = data['%s-net' % unit_id]
def_sec_group = None
for sg_item in neutron_api.security_group_list(request, tenant_id=project_id):
if sg_item['name'].lower() == 'default':
def_sec_group = sg_item['id']
LOG.info("Found default security group %s" % def_sec_group)
break
flow_step += 1
sg_client = neutron_api.SecurityGroupManager(request).client
if not def_sec_group:
sg_params = {
'name': 'default',
'description': 'Default Security Group for ' + project_name,
'tenant_id': project_id
}
secgroup = sg_client.create_security_group({ 'security_group' : sg_params })
def_sec_group = SecurityGroup(secgroup.get('security_group'))
flow_step += 1
#
# Workaround: the tenant_id cannot be specified through high level API
#
port22_params = {
'security_group_id': def_sec_group,
'direction': 'ingress',
'ethertype': 'IPv4',
'protocol': 'tcp',
'port_range_min': 22,
'port_range_max': 22,
'remote_ip_prefix': "0.0.0.0/0",
'tenant_id' : project_id
}
icmp_params = {
'security_group_id': def_sec_group,
'direction': 'ingress',
'ethertype': 'IPv4',
'protocol': 'icmp',
'remote_ip_prefix': "0.0.0.0/0",
'tenant_id' : project_id
}
sg_client.create_security_group_rule({'security_group_rule': port22_params})
sg_client.create_security_group_rule({'security_group_rule': icmp_params})
except:
if flow_step == 0:
err_msg = _("Cannot retrieve default security group")
elif flow_step == 1:
err_msg = _("Cannot create default security group")
else:
err_msg = _("Cannot insert basic rules")
LOG.error(err_msg, exc_info=True)
messages.error(request, err_msg)
try:
new_tags = list()
new_tags.append(ORG_TAG_FMT % unit_data.get('organization', 'other'))
for ou_id in data.get('%s-ou' % unit_id, []):
if ou_id.strip():
new_tags.append(OU_TAG_FMT % ou_id.strip())
kclient = keystone_api.keystoneclient(request)
kclient.projects.update_tags(project_id, new_tags)
except:
LOG.error("Cannot add organization tags", exc_info=True)
messages.error(request, _("Cannot add organization tags"))
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
q_args = {
'registration' : registration,
'project__status' : PRJ_GUEST
}
prj_reqs = PrjRequest.objects.filter(**q_args)
project_id = prj_reqs[0].project.projectid
project_name = prj_reqs[0].project.projectname
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_reqs[0].registration
expiration.project = prj_reqs[0].project
expiration.expdate = data['expiration']
expiration.save()
#
# clear requests
#
prj_reqs.delete()
reg_request.delete()
#
# User creation
#
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = data['expiration']
registration.userid = kuser.id
registration.save()
LOG.info("Created guest user %s" % registration.username)
keystone_api.add_tenant_user_role(request, project_id,
registration.userid, default_roleid)
#
# Send notification to the user
#
noti_params = {
'username' : registration.username,
'project' : project_name,
'guestmode' : True
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
user_email = keystone_api.user_get(request, user_id).email
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id,
user_id, default_roleid)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
user_email = keystone_api.user_get(request, user_id).email
prjman_list = get_project_managers(request, project_id)
noti_params = {
'username' : user_name,
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params)
notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body)
noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
new_prj_list = list()
q_args = {
'project__projectid__isnull' : True,
'flowstatus' : PSTATUS_REG
}
for p_reqs in prjReqList.filter(**q_args):
kprj = keystone_api.tenant_create(request, p_reqs.project.projectname,
p_reqs.project.description, True)
p_reqs.project.projectid = kprj.id
p_reqs.project.save()
new_prj_list.append(p_reqs.project)
LOG.info("Created tenant %s" % p_reqs.project.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_users = get_project_managers(request, p_item.project.projectid)
m_emails = [ usr.email for usr in m_users ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params)
notifyUsers(m_emails, noti_sbj, noti_body)
n2_params = {
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params)
notifyUsers(user_email, noti_sbj, noti_body)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'guestmode' : False
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
