def register_authority(self, sfa_record, hrn): aggregate = OSAggregate(self) auth_name = OSXrn(xrn=hrn, type='authority').get_tenant_name() description = sfa_record.get('description', None) # Create a authority tenant auth_tenant = aggregate.create_tenant(tenant_name=auth_name, description=description) return auth_tenant
def register_slice(self, sfa_record, hrn): aggregate = OSAggregate(self) # Get the user names (SFA client names) users = [] researchers = sfa_record.get('reg-researchers', []) pi = sfa_record.get('pi') if len(researchers): for researcher in researchers: name = OSXrn(xrn=researcher, type='user').get_hrn() users.append(name) elif pi: name = OSXrn(xrn=pi, type='user').get_hrn() users.append(name) else: logger.warnning("You should input options with researcher(s) or pi.") users = list(set(users)) # Check if this is username-slicename or not # TODO: for now, we just support 1 user to make tenant if sfa_record.get('hrn').find('-') == -1: tenant_name = ( OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_authority_hrn() + '.' \ + OSXrn(xrn=users[0], type='user').get_leaf() + '-' \ + OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_leaf() ) else: tenant_name = ( OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_authority_hrn() + '.' \ + OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_leaf() ) description = sfa_record.get('description', None) tenant = aggregate.create_tenant(tenant_name, description) # Add suitable roles to the user admin_role = self.shell.auth_manager.roles.find(name='admin') member_role = self.shell.auth_manager.roles.find(name='_member_') if len(researchers): for researcher in researchers: researcher_name = OSXrn(xrn=researcher, type='user').get_hrn() user = self.shell.auth_manager.users.find(name=researcher_name) if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(member_role) == 0: self.shell.auth_manager.roles.add_user_role(user, member_role, tenant) elif pi: pi_name = OSXrn(xrn=pi, type='user').get_hrn() user = self.shell.auth_manager.users.find(name=pi_name) if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(admin_role) == 0: self.shell.auth_manager.roles.add_user_role(user, admin_role, tenant) else: logger.warnning("You should input options with researcher(s) or pi.") return tenant
def register_federation(self, user_hrn, slice_hrn, keys, email=None): aggregate = OSAggregate(self) # Create a slice of the federation user tenant = aggregate.create_tenant(tenant_name=slice_hrn, description=user_hrn) # Create a user of the federation user user = aggregate.create_user(user_name=user_hrn, password=user_hrn, \ tenant_id=tenant.id, email=email, enabled=True) # Check if the user has roles or not member_role = self.shell.auth_manager.roles.find(name='Member') if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(member_role) == 0: self.shell.auth_manager.roles.add_user_role(user, member_role, tenant) # Check if keys exist or not if keys is not None: # Check if the user has keys or not if len(keys) < 1: key = None else: key = keys[0] keyname = OSXrn(xrn=user_hrn, type='user').get_slicename() # Update connection for the current client self.shell.compute_manager.connect(username=user.name, tenant=tenant.name, password=user_hrn) keypair_list = self.shell.compute_manager.keypairs.list() for keypair in keypair_list: if keyname == keypair.name: break else: self.shell.compute_manager.keypairs.create(name=keyname, public_key=key) # Update initial connection info self.init_compute_manager_conn() logger.info( "The federation user[%s] has the slice[%s] as member role." % \ (user.name, tenant.name) ) return user