def _get_identity(cls, user, group, provider, quota, credentials): """ # 1. Make sure that an Identity exists for the user/group+provider # 2. Make sure that all kwargs exist as credentials for the identity """ credentials_match_query = ( contains_credential('key', credentials['key']) & contains_credential( 'ex_project_name', credentials['ex_project_name'] ) ) identity_qs = Identity.objects\ .filter(created_by=user, provider=provider)\ .filter(credentials_match_query) # This shouldn't happen.. if identity_qs.count() > 1: raise Exception("Could not uniquely identify the identity") identity = identity_qs.first() if not identity: identity = cls._create_identity( user, group, provider, quota, credentials ) # 2. Make sure that all kwargs exist as credentials # NOTE: Because we assume a matching username and # project name, we can update the remaining # credentials (for any new or updated future-values) for (c_key, c_value) in credentials.items(): Identity.update_credential(identity, c_key, c_value) return identity
def _get_identity(cls, user, group, provider, quota, credentials): """ # 1. Make sure that an Identity exists for the user/group+provider # 2. Make sure that all kwargs exist as credentials for the identity """ credentials_match_query = (contains_credential( 'key', credentials['key']) & contains_credential( 'ex_project_name', credentials['ex_project_name'])) identity_qs = Identity.objects\ .filter(created_by=user, provider=provider)\ .filter(credentials_match_query) # This shouldn't happen.. if identity_qs.count() > 1: raise Exception("Could not uniquely identify the identity") identity = identity_qs.first() if not identity: identity = cls._create_identity(user, group, provider, quota, credentials) # 2. Make sure that all kwargs exist as credentials # NOTE: Because we assume a matching username and # project name, we can update the remaining # credentials (for any new or updated future-values) for (c_key, c_value) in credentials.items(): Identity.update_credential(identity, c_key, c_value) return identity
def _get_identity(cls, user, group, provider, quota, credentials): """ # 1. Make sure that an Identity exists for the user/group+provider # 2. Make sure that all kwargs exist as credentials for the identity """ identity_qs = Identity.objects.filter(created_by=user, provider=provider) if 'ex_project_name' in credentials: project_name = credentials['ex_project_name'] elif 'ex_tenant_name' in credentials: project_name = credentials['ex_tenant_name'] if project_name: identity_qs = identity_qs.filter( contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name)) #FIXME: To make this *more* iron-clad, we should probably # include the username `key/value` pair, and looks *explicitly* for that pairing in an identity they have created.. if identity_qs.count() > 1: raise Exception("Could not uniquely identify the identity") identity = identity_qs.first() if identity: # In the future, we will only update the credentials *once* # during self._create_identity(). for (c_key, c_value) in credentials.items(): Identity.update_credential(identity, c_key, c_value) else: identity = cls._create_identity(user, group, provider, quota, credentials) return identity
def find_accounts(self, provider, account_user, group_name, username, project_name, **kwargs): from core.models import GroupMembership, Identity from core.query import contains_credential member = GroupMembership.objects.filter(user__username=account_user, group__name=group_name) if not member: return Identity.objects.none() group = member.first().group return group.identities.filter( contains_credential('ex_project_name', project_name), provider=provider).filter(contains_credential('key', username))
def _find_identity_match(self, provider_uuid, username, project_name): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError("Provider %s is invalid" % provider) request_user = self._get_request_user() ident = Identity.objects\ .filter( contains_credential('key', username), created_by=request_user, provider=provider)\ .filter( contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\ .first() return ident
def _lookup_image_owner_identity(account_driver, glance_image): owner = account_driver.get_project_by_id(glance_image.get('owner')) if not owner: return None matches = Identity.objects.filter(contains_credential('ex_project_name', owner.name)) if matches.count() > 1: logger.warn("Project %s is ambiguous -- exists on more than one Identity." % owner.name) return None return matches.first()
def _find_identity_match(self, provider_uuid, username, project_name): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError("Provider %s is invalid" % provider) request_user = self._get_request_user() ident = Identity.objects\ .filter( contains_credential('key', username), created_by=request_user, provider=provider)\ .filter( contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\ .first() membership_exists = IdentityMembership.objects.filter(identity=ident).first() if not membership_exists: # Account creation _did not run to completion_. Re-do it. return None return ident
def monitor_volumes_for(provider_id, print_logs=False): """ Run the set of tasks related to monitoring sizes for a provider. Optionally, provide a list of usernames to monitor While debugging, print_logs=True can be very helpful. start_date and end_date allow you to search a 'non-standard' window of time. """ from service.driver import get_account_driver from core.models import Identity if print_logs: console_handler = _init_stdout_logging() provider = Provider.objects.get(id=provider_id) account_driver = get_account_driver(provider) # Non-End dated volumes on this provider db_volumes = Volume.objects.filter(only_current_source(), instance_source__provider=provider) all_volumes = account_driver.admin_driver.list_all_volumes(timeout=30) seen_volumes = [] for cloud_volume in all_volumes: try: core_volume = convert_esh_volume(cloud_volume, provider_uuid=provider.uuid) seen_volumes.append(core_volume) except ObjectDoesNotExist: tenant_id = cloud_volume.extra['object']['os-vol-tenant-attr:tenant_id'] tenant = account_driver.get_project_by_id(tenant_id) tenant_name = tenant.name if tenant else tenant_id try: if not tenant: celery_logger.warn("Warning: tenant_id %s found on volume %s, but did not exist from the account driver perspective.", tenant_id, cloud_volume) raise ObjectDoesNotExist() identity = Identity.objects.filter( contains_credential('ex_project_name', tenant_name), provider=provider ).first() if not identity: raise ObjectDoesNotExist() core_volume = convert_esh_volume( cloud_volume, provider.uuid, identity.uuid, identity.created_by) except ObjectDoesNotExist: celery_logger.info("Skipping Volume %s - No Identity for: Provider:%s + Project Name:%s" % (cloud_volume.id, provider, tenant_name)) pass now_time = timezone.now() needs_end_date = [volume for volume in db_volumes if volume not in seen_volumes] for volume in needs_end_date: celery_logger.debug("End dating inactive volume: %s" % volume) volume.end_date = now_time volume.save() if print_logs: _exit_stdout_logging(console_handler) for vol in seen_volumes: vol.esh = None return [vol.instance_source.identifier for vol in seen_volumes]
def _lookup_image_owner_identity(account_driver, glance_image): owner = account_driver.get_project_by_id(glance_image.get('owner')) if not owner: return None matches = Identity.objects.filter( contains_credential('ex_project_name', owner.name)) if matches.count() > 1: logger.warn( "Project %s is ambiguous -- exists on more than one Identity." % owner.name) return None return matches.first()
def _find_identity_match(self, provider_uuid, username, project_name): try: provider = Provider.objects.get(uuid=provider_uuid) except Provider.DoesNotExist: raise serializers.ValidationError( "Provider %s is invalid" % provider ) request_user = self._get_request_user() ident = Identity.objects\ .filter( contains_credential('key', username), created_by=request_user, provider=provider)\ .filter( contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\ .first() membership_exists = IdentityMembership.objects.filter(identity=ident ).first() if not membership_exists: # Account creation _did not run to completion_. Re-do it. return None return ident
def _get_or_create_identity(self, user, provider, quota): try: identity = Identity.objects.get(contains_credential( 'key', 'username'), created_by=user, provider=provider) if identity.quota != quota: identity.quota = quota identity.save() except Identity.DoesNotExist: identity = Identity.objects.create(created_by=user, provider=provider, quota=quota) return identity
def _get_or_create_identity(self, user, provider, quota): try: identity = Identity.objects.get( contains_credential('key', 'username'), created_by=user, provider=provider ) if identity.quota != quota: identity.quota = quota identity.save() except Identity.DoesNotExist: identity = Identity.objects.create( created_by=user, provider=provider, quota=quota ) return identity