async def remove_ssh_key(ssh_keys, username):
try:
current_keys = datastore.get_ssh_keys(username)
new_keys = ast.literal_eval(ssh_keys)
user = datastore.get_user(username)
token = JuJu_Token()
for con in user['controllers']:
for mod in con['models']:
if mod['access'] == 'write' or mod['access'] == 'admin':
logger.info('Setting up Modelconnection for model: %s',
mod['name'])
model = juju.Model_Connection(token, con['name'],
mod['name'])
async with model.connect(token) as mod_con:
for a_key in current_keys:
logger.info('removing key: %s', a_key)
await mod_con.remove_ssh_key(username, a_key)
for r_key in new_keys:
logger.info('adding key: %s', r_key)
await mod_con.add_ssh_key(username, r_key)
datastore.update_ssh_keys(username, new_keys)
except Exception as e:
exc_type, exc_value, exc_traceback = sys.exc_info()
lines = traceback.format_exception(exc_type, exc_value, exc_traceback)
for l in lines:
logger.error(l)
def get_users_info(token):
if token.is_admin:
result = []
for user in get_all_users():
u_info = get_user_info(user)
if u_info['state'] == 'ready':
result.append(u_info)
return result
else:
return datastore.get_user(token.username)
async def set_controller_acc(c_name, access, user):
try:
token = JuJu_Token()
con = datastore.get_controller(c_name)
usr = datastore.get_user(user)
logger.info('Connecting to controller %s', c_name)
controller = juju.Controller_Connection(token, c_name)
async with controller.connect(token) as con_juju:
logger.info('Connected to controller %s ', c_name)
await con_juju.grant(user, acl=access)
datastore.set_controller_access(c_name, user, access)
logger.info('Controller access set for %s ', c_name)
if access == 'superuser':
for mod in con['models']:
model = juju.Model_Connection(token, con['name'], mod['name'])
async with model.connect(token) as mod_con:
logger.info('Setting up connection for model: %s',
mod['name'])
current_access = datastore.get_model_access(
c_name, mod['name'], user)
logger.info('Current Access level: %s', current_access)
if current_access:
await mod_con.revoke(user)
await mod_con.grant(user, acl='admin')
datastore.set_model_access(c_name, mod['name'], user,
'admin')
logger.info('Admin Access granted for for %s:%s', c_name,
mod['name'])
for key in usr['ssh-keys']:
logger.info('SSh key found... adding SSH key %s', key)
await mod_con.add_ssh_key(user, key)
except Exception:
exc_type, exc_value, exc_traceback = sys.exc_info()
lines = traceback.format_exception(exc_type, exc_value, exc_traceback)
for l in lines:
logger.error(l)
def get_user_info(username):
return datastore.get_user(username)
async def bootstrap_azure_controller(c_name, region, cred_name, username,
password):
try:
tengu_username = settings.JUJU_ADMIN_USER
tengu_password = settings.JUJU_ADMIN_PASSWORD
juju_cred_name = 't{}'.format(
hashlib.md5(cred_name.encode('utf')).hexdigest())
credential = juju.get_credential(username, cred_name)
# Check if the credential is valid.
juju.get_controller_types()['azure'].check_valid_credentials(
credential)
temp_cred = create_temporary_cred_file(juju_cred_name, credential)
logger.info('Adding credential to JuJu...')
check_call(
['juju', 'add-credential', 'azure', '-f', temp_cred, '--replace'])
logger.info('Bootstrapping controller in Azure cloud...')
check_call([
'juju', 'bootstrap', '--agent-version=2.3.0', 'azure', c_name,
'--credential', juju_cred_name
])
# Remove temporary credentials.
os.remove(temp_cred)
logger.info('Setting admin password...')
check_output(['juju', 'change-user-password', 'admin', '-c', c_name],
input=bytes(
'{}\n{}\n'.format(tengu_password, tengu_password),
'utf-8'))
logger.info('Updating controller in database...')
con_data = update_controller_database(c_name)
logger.info('Connecting to controller...')
controller = Controller()
await controller.connect(
con_data['controllers'][c_name]['api-endpoints'][0],
tengu_username, tengu_password,
con_data['controllers'][c_name]['ca-cert'])
user_info = datastore.get_user(username)
juju_username = user_info["juju_username"]
user = tag.user(juju_username)
logger.info('Adding existing credentials to new controller...')
await update_credentials_new_controller(controller, username,
juju_username, cred_name)
model_facade = client.ModelManagerFacade.from_connection(
controller.connection)
controller_facade = client.ControllerFacade.from_connection(
controller.connection)
if username != tengu_username:
user_facade = client.UserManagerFacade.from_connection(
controller.connection)
users = [
client.AddUser(display_name=juju_username,
username=juju_username,
password=password)
]
await user_facade.AddUser(users)
changes = client.ModifyControllerAccess('superuser', 'grant', user)
await controller_facade.ModifyControllerAccess([changes])
logger.info('Adding default models to database...')
await add_default_models_to_database(c_name, cred_name, username,
juju_username, controller,
user_info)
logger.info('Controller succesfully created!')
except Exception:
exc_type, exc_value, exc_traceback = sys.exc_info()
lines = traceback.format_exception(exc_type, exc_value, exc_traceback)
for l in lines:
logger.error(l)
datastore.set_controller_state(c_name, 'error')
finally:
if 'controller' in locals():
await juju.disconnect(controller)
async def bootstrap_aws_controller(c_name, region, cred_name, username,
password): #pylint: disable=E0001
try:
# Check if the credential is valid.
tengu_username = settings.JUJU_ADMIN_USER
tengu_password = settings.JUJU_ADMIN_PASSWORD
valid_cred_name = 't{}'.format(
hashlib.md5(cred_name.encode('utf')).hexdigest())
credential = juju.get_credential(username, cred_name)
logger.info(credential)
juju.get_controller_types()['aws'].check_valid_credentials(credential)
# Create credential file that can be used to bootstrap controller.
cred_path = '/home/{}/credentials'.format(settings.SOJOBO_USER)
if not os.path.exists(cred_path):
os.mkdir(cred_path)
filepath = '{}/aws-{}.json'.format(cred_path, valid_cred_name)
with open(filepath, 'w+') as credfile:
json.dump(credential['credential'], credfile)
path = '/tmp/credentials.yaml'
data = {
'credentials': {
'aws': {
valid_cred_name: {
'auth-type': 'access-key',
'access-key': credential['credential']['access-key'],
'secret-key': credential['credential']['secret-key']
}
}
}
}
with open(path, 'w') as dest:
yaml.dump(data, dest, default_flow_style=True)
logger.info(valid_cred_name)
logger.info(data)
check_call(['juju', 'add-credential', 'aws', '-f', path, '--replace'])
logger.info(path)
check_call([
'juju', 'bootstrap', '--agent-version=2.3.0',
'aws/{}'.format(region), c_name, '--credential', valid_cred_name
])
os.remove(path)
logger.info('Setting admin password')
check_output(['juju', 'change-user-password', 'admin', '-c', c_name],
input=bytes(
'{}\n{}\n'.format(tengu_password, tengu_password),
'utf-8'))
con_data = {}
logger.info('Updating controller in database')
with open(
os.path.join(str(Path.home()), '.local', 'share', 'juju',
'controllers.yaml'), 'r') as data:
con_data = yaml.load(data)
datastore.set_controller_state(
c_name,
'ready',
endpoints=con_data['controllers'][c_name]['api-endpoints'],
uuid=con_data['controllers'][c_name]['uuid'],
ca_cert=con_data['controllers'][c_name]['ca-cert'])
logger.info('Connecting to controller')
controller = Controller()
logger.info(
'Adding existing credentials and default models to database...')
credentials = datastore.get_cloud_credentials('aws', username)
logger.info(credentials)
await controller.connect(
endpoint=con_data['controllers'][c_name]['api-endpoints'][0],
username=tengu_username,
password=tengu_password,
cacert=con_data['controllers'][c_name]['ca-cert'])
user_info = datastore.get_user(username)
juju_username = user_info["juju_username"]
for cred in credentials:
if username != tengu_username:
await juju.update_cloud(controller, 'aws', cred['name'],
juju_username, username)
logger.info('Added credential %s to controller %s',
cred['name'], c_name)
elif cred['name'] != cred_name:
await juju.update_cloud(controller, 'aws', cred['name'],
juju_username, username)
user = tag.user(juju_username)
model_facade = client.ModelManagerFacade.from_connection(
controller.connection)
controller_facade = client.ControllerFacade.from_connection(
controller.connection)
if username != tengu_username:
user_facade = client.UserManagerFacade.from_connection(
controller.connection)
users = [
client.AddUser(display_name=juju_username,
username=juju_username,
password=password)
]
await user_facade.AddUser(users)
changes = client.ModifyControllerAccess('superuser', 'grant', user)
await controller_facade.ModifyControllerAccess([changes])
c_info = datastore.get_controller(c_name)
models = await controller_facade.AllModels()
for model in models.user_models:
if model:
m_key = juju.construct_model_key(c_info['name'],
model.model.name)
logger.info(model.model.name)
if username != tengu_username:
model_tag = tag.model(model.model.uuid)
changes = client.ModifyModelAccess('admin', 'grant',
model_tag, user)
await model_facade.ModifyModelAccess([changes])
datastore.create_model(m_key,
model.model.name,
state='Model is being deployed',
uuid='')
datastore.add_model_to_controller(c_name, m_key)
datastore.set_model_state(m_key,
'ready',
credential=cred_name,
uuid=model.model.uuid)
datastore.set_model_access(m_key, username, 'admin')
ssh_keys = user_info["ssh_keys"]
if len(ssh_keys) > 0:
juju.update_ssh_keys_model(username, ssh_keys, c_name,
m_key)
logger.info('Controller succesfully created!')
except Exception: #pylint: disable=W0703
exc_type, exc_value, exc_traceback = sys.exc_info()
lines = traceback.format_exception(exc_type, exc_value, exc_traceback)
for l in lines:
logger.error(l)
datastore.set_controller_state(c_name, 'error')
finally:
if 'controller' in locals():
await juju.disconnect(controller)