def register_authority(self, sfa_record, hrn):
aggregate = OSAggregate(self)
auth_name = OSXrn(xrn=hrn, type='authority').get_tenant_name()
description = sfa_record.get('description', None)
# Create a authority tenant
auth_tenant = aggregate.create_tenant(tenant_name=auth_name, description=description)
return auth_tenant
def register_slice(self, sfa_record, hrn):
aggregate = OSAggregate(self)
# Get the user names (SFA client names)
users = []
researchers = sfa_record.get('reg-researchers', [])
pi = sfa_record.get('pi')
if len(researchers):
for researcher in researchers:
name = OSXrn(xrn=researcher, type='user').get_hrn()
users.append(name)
elif pi:
name = OSXrn(xrn=pi, type='user').get_hrn()
users.append(name)
else:
logger.warnning("You should input options with researcher(s) or pi.")
users = list(set(users))
# Check if this is username-slicename or not
# TODO: for now, we just support 1 user to make tenant
if sfa_record.get('hrn').find('-') == -1:
tenant_name = ( OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_authority_hrn() + '.' \
+ OSXrn(xrn=users[0], type='user').get_leaf() + '-' \
+ OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_leaf() )
else:
tenant_name = ( OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_authority_hrn() + '.' \
+ OSXrn(xrn=sfa_record.get('hrn'), type='slice').get_leaf() )
description = sfa_record.get('description', None)
tenant = aggregate.create_tenant(tenant_name, description)
# Add suitable roles to the user
admin_role = self.shell.auth_manager.roles.find(name='admin')
member_role = self.shell.auth_manager.roles.find(name='_member_')
if len(researchers):
for researcher in researchers:
researcher_name = OSXrn(xrn=researcher, type='user').get_hrn()
user = self.shell.auth_manager.users.find(name=researcher_name)
if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(member_role) == 0:
self.shell.auth_manager.roles.add_user_role(user, member_role, tenant)
elif pi:
pi_name = OSXrn(xrn=pi, type='user').get_hrn()
user = self.shell.auth_manager.users.find(name=pi_name)
if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(admin_role) == 0:
self.shell.auth_manager.roles.add_user_role(user, admin_role, tenant)
else:
logger.warnning("You should input options with researcher(s) or pi.")
return tenant
def register_federation(self, user_hrn, slice_hrn, keys, email=None):
aggregate = OSAggregate(self)
# Create a slice of the federation user
tenant = aggregate.create_tenant(tenant_name=slice_hrn, description=user_hrn)
# Create a user of the federation user
user = aggregate.create_user(user_name=user_hrn, password=user_hrn, \
tenant_id=tenant.id, email=email, enabled=True)
# Check if the user has roles or not
member_role = self.shell.auth_manager.roles.find(name='Member')
if self.shell.auth_manager.roles.roles_for_user(user, tenant).count(member_role) == 0:
self.shell.auth_manager.roles.add_user_role(user, member_role, tenant)
# Check if keys exist or not
if keys is not None:
# Check if the user has keys or not
if len(keys) < 1:
key = None
else:
key = keys[0]
keyname = OSXrn(xrn=user_hrn, type='user').get_slicename()
# Update connection for the current client
self.shell.compute_manager.connect(username=user.name, tenant=tenant.name, password=user_hrn)
keypair_list = self.shell.compute_manager.keypairs.list()
for keypair in keypair_list:
if keyname == keypair.name:
break
else:
self.shell.compute_manager.keypairs.create(name=keyname, public_key=key)
# Update initial connection info
self.init_compute_manager_conn()
logger.info( "The federation user[%s] has the slice[%s] as member role." % \
(user.name, tenant.name) )
return user
