def _update_project_members(self, request, data, project_id): # # Use per-user expiration date as a fall back # for expiration date per tenant # # Remove subscription request for this project # for role in self._get_available_roles(request): tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) with transaction.atomic(): ep_qset = Expiration.objects.filter(project=self.this_project) tmp_set = set() for item in ep_qset.filter( registration__userid__in=data[field_name]): tmp_set.add(item.registration.userid) new_memids = list() for item in data[field_name]: if not item in tmp_set: new_memids.append(item) q_args = {'userid__in': new_memids, 'expdate__isnull': False} nreg_qset = Registration.objects.filter(**q_args) for item in nreg_qset: c_args = { 'registration': item, 'project': self.this_project, 'expdate': item.expdate } Expiration(**c_args).save() # # Remove subscription request for manually added members # q_args = { 'registration__in': nreg_qset, 'project': self.this_project, 'flowstatus': PSTATUS_PENDING } PrjRequest.objects.filter(**q_args).delete() # # Delete expiration for removed users # ep_qset.exclude( registration__userid__in=data[field_name]).delete() return super(ExtUpdateProject, self)._update_project_members(request, data, project_id)
def _update_project_members(self, request, data, project_id): # # Use per-user expiration date as a fall back # for expiration date per tenant # admin_role_id = None missing_admin = True available_roles = baseWorkflows.api.keystone.role_list(request) with transaction.atomic(): for role in available_roles: tmp_step = self.get_step( baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id missing_admin = (len(data[field_name]) == 0) for user_id in data[field_name]: q_args = {'userid': user_id, 'expdate__isnull': False} tmp_list = Registration.objects.filter(**q_args) if len(tmp_list): q_args = { 'registration': tmp_list[0], 'project': self.this_project } if not Expiration.objects.filter(**q_args).count(): c_args = { 'registration': tmp_list[0], 'project': self.this_project, 'expdate': tmp_list[0].expdate } Expiration(**c_args).save() # # Insert cloud admin as project_manager if missing # No tenant admin for guest # if missing_admin and not data.get('guest', False): baseWorkflows.api.keystone.add_tenant_user_role( request, project_id, request.user.id, admin_role_id) # # TODO if this is the guest project don't define any tenant admin # return super(ExtCreateProject, self)._update_project_members(request, data, project_id)
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client( username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list( user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list( reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname' : data['name'], 'projectid' : newprj_id, 'description' : data['description'], 'status' : PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role(request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members(request, data, project_id) # # Notify users # for e_item in EMail.objects.filter(registration__userid__in=member_ids): noti_params = { 'username' : e_item.registration.username, 'project' : self.this_project.projectname, 'isadmin' : e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project' : self.this_project.projectname}) return result
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client(username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list(user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj ).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list(reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # user_email = keystone_api.user_get(request, user_id).email prjman_list = get_project_managers(request, project_id) noti_params = { 'username' : user_name, 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params) notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body) noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : user_name, 'project' : project_name } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid=regid, project__projectname=prjname)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = {'project': project_name} notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def handle(self, request, data): new_name = data['name'] new_desc = data['description'] project_id = data['project_id'] with transaction.atomic(): pr_list = Project.objects.filter(projectid=project_id) if len(pr_list) == 0: LOG.error("Missing project %s in database" % project_id) return False else: self.this_project = pr_list[0] if new_name == self.this_project.projectname: # # Change project description # self.this_project.description = new_desc self.this_project.save() else: # # Change project name and description # newpr = Project() newpr.projectname = new_name newpr.projectid = project_id newpr.description = new_desc newpr.status = self.this_project.status newpr.save() old_reqs = PrjRequest.objects.filter(project=self.this_project) for item in old_reqs: PrjRequest(registration=item.registration, project=newpr, flowstatus=item.flowstatus, notes=item.notes).save() old_reqs.delete() old_exps = Expiration.objects.filter(project=self.this_project) for item in old_exps: Expiration(registration=item.registration, project=newpr, expdate=item.expdate).save() old_exps.delete() old_rules = PrjRole.objects.filter(project=self.this_project) for item in old_rules: PrjRole(registration=item.registration, project=newpr, roleid=item.roleid, status=item.status).save() old_rules.delete() self.this_project.delete() self.this_project = newpr if not super(ExtUpdateProject, self).handle(request, data): raise IntegrityError('Cannot complete update on Keystone') return True
def _update_project_members(self, request, data, project_id): member_ids = set() prjadm_ids = set() prjrole_id = None result = None for role in self._get_available_roles(request): tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) for tmpid in data[field_name]: member_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjadm_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjrole_id = role.id with transaction.atomic(): ep_qset = Expiration.objects.filter(project=self.this_project) disposable_exps = ep_qset.exclude( registration__userid__in=member_ids) changed_regs = [x.registration for x in disposable_exps] rm_email_list = EMail.objects.filter(registration__in=changed_regs) for item in ep_qset: if item.registration.userid in member_ids: member_ids.remove(item.registration.userid) added_regs = Registration.objects.filter(userid__in=member_ids) add_email_list = EMail.objects.filter(registration__in=added_regs) # # Use per-user expiration date as a fall back # for expiration date per tenant # for item in added_regs: def_expdate = item.expdate if item.expdate else datetime.now( ) + timedelta(365) c_args = { 'registration': item, 'project': self.this_project, 'expdate': item.expdate } Expiration(**c_args).save() changed_regs.append(item) # # Enable reminders to cloud admin for manually added users # RegRequest.objects.filter(registration__in=added_regs, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # Delete expiration for manually removed users # disposable_exps.delete() # # Remove subscription request for manually added or removed members # PrjRequest.objects.filter(registration__in=changed_regs, project=self.this_project).delete() # # Delete and re-create the project admin cache # PrjRole.objects.filter(project=self.this_project).delete() for item in Registration.objects.filter(userid__in=prjadm_ids): new_prjrole = PrjRole() new_prjrole.registration = item new_prjrole.project = self.this_project new_prjrole.roleid = prjrole_id new_prjrole.save() LOG.debug("Re-created prj admin: %s" % item.username) result = super(ExtUpdateProject, self)._update_project_members( request, data, project_id) # # Notify users, both new and removed # for e_item in rm_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_RM, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) for e_item in add_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) if len(prjadm_ids) == 0: messages.warning(request, _("Missing project admin for this project")) return result
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname': data['name'], 'projectid': newprj_id, 'description': data['description'], 'status': PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step( baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role( request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members( request, data, project_id) # # Notify users # for e_item in EMail.objects.filter( registration__userid__in=member_ids): noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project': self.this_project.projectname}) return result
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] q_args = { 'registration' : registration, 'project__status' : PRJ_GUEST } prj_reqs = PrjRequest.objects.filter(**q_args) project_id = prj_reqs[0].project.projectid project_name = prj_reqs[0].project.projectname password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_reqs[0].registration expiration.project = prj_reqs[0].project expiration.expdate = data['expiration'] expiration.save() # # clear requests # prj_reqs.delete() reg_request.delete() # # User creation # kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = data['expiration'] registration.userid = kuser.id registration.save() LOG.info("Created guest user %s" % registration.username) keystone_api.add_tenant_user_role(request, project_id, registration.userid, default_roleid) # # Send notification to the user # noti_params = { 'username' : registration.username, 'project' : project_name, 'guestmode' : True } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() # # Send notification to the user # user_email = keystone_api.user_get(request, user_id).email noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING)[0] prjReqList = PrjRequest.objects.filter( registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping( globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull': False, 'flowstatus': PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter(project__projectid__isnull=True, flowstatus=PSTATUS_REG) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: if is_local: registration.username = data['username'] kuser = keystone_api.user_create( request, name=registration.username, password=password, email=user_email, enabled=True) registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter( registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': data['username'], 'project': p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname, 'prjadmins': m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # Enable reminder for cloud admin # RegRequest.objects.filter(registration=prj_req.registration, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = {'username': user_name, 'project': project_name} notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # Enable reminder for cloud admin # RegRequest.objects.filter( registration = prj_req.registration, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING )[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter( project__projectid__isnull = True, flowstatus = PSTATUS_REG ) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) if is_local: registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'prjadmins' : m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() # # Enable reminder for cloud admin if present # RegRequest.objects.filter( registration = reg_user, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid = regid, project__projectname = prjname )[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = { 'project' : project_name } notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # new_prj_list = list() q_args = { 'project__projectid__isnull' : True, 'flowstatus' : PSTATUS_REG } for p_reqs in prjReqList.filter(**q_args): kprj = keystone_api.tenant_create(request, p_reqs.project.projectname, p_reqs.project.description, True) p_reqs.project.projectid = kprj.id p_reqs.project.save() new_prj_list.append(p_reqs.project) LOG.info("Created tenant %s" % p_reqs.project.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_users = get_project_managers(request, p_item.project.projectid) m_emails = [ usr.email for usr in m_users ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params) notifyUsers(m_emails, noti_sbj, noti_body) n2_params = { 'project' : p_item.project.projectname, 'prjadmins' : m_emails } noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params) notifyUsers(user_email, noti_sbj, noti_body) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'guestmode' : False } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) # # cache cleanup # newprj_reqs.delete() reg_request.delete() except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True