def _on_project_create(self, project_id): LOG.warning("Beginning wmf hooks for project creation: %s" % project_id) roledict = self._get_role_dict() if CONF.wmfhooks.observer_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.observer_role_name) raise exception.NotImplemented() if CONF.wmfhooks.admin_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.admin_role_name) raise exception.NotImplemented() if CONF.wmfhooks.user_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.user_role_name) raise exception.NotImplemented() self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.admin_role_name]) self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.user_role_name]) self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.observer_user, project_id, roledict[CONF.wmfhooks.observer_role_name]) # Use the nova api to set up security groups for the new project auth = generic.Password( auth_url=CONF.wmfhooks.auth_url, username=CONF.wmfhooks.admin_user, password=CONF.wmfhooks.admin_pass, user_domain_name='Default', project_domain_name='Default', project_name=project_id) session = keystone_session.Session(auth=auth) client = nova_client.Client('2', session=session, connect_retries=5) allgroups = client.security_groups.list() defaultgroup = filter(lambda group: group.name == 'default', allgroups) if defaultgroup: groupid = defaultgroup[0].id try: client.security_group_rules.create(groupid, ip_protocol='icmp', from_port='-1', to_port='-1', cidr='0.0.0.0/0') except (exceptions.ClientException): LOG.warning("icmp security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='22', to_port='22', cidr='10.0.0.0/8') except (exceptions.ClientException): LOG.warning("Port 22 security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='5666', to_port='5666', cidr='10.0.0.0/8') except (exceptions.ClientException): LOG.warning("Port 5666 security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for TCP already exists.") try: client.security_group_rules.create(groupid, ip_protocol='udp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for UDP already exists.") try: client.security_group_rules.create(groupid, ip_protocol='icmp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for ICMP already exists.") else: LOG.warning("Failed to find default security group in new project.") assignments = self._get_current_assignments(project_id) ldapgroups.sync_ldap_project_group(project_id, assignments) # Set up default sudoers in ldap ldapgroups.create_sudo_defaults(project_id)
def _on_member_update(self, project_id): assignments = self._get_current_assignments(project_id) ldapgroups.sync_ldap_project_group(project_id, assignments)
def _on_member_update(self, project_id, assignments=None): if not assignments: assignments = self._get_current_assignments(project_id) ldapgroups.sync_ldap_project_group(project_id, assignments)
def _on_project_create(self, project_id): LOG.warning("Beginning wmf hooks for project creation: %s" % project_id) roledict = self._get_role_dict() if CONF.wmfhooks.observer_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.observer_role_name) raise exception.NotImplemented() if CONF.wmfhooks.admin_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.admin_role_name) raise exception.NotImplemented() if CONF.wmfhooks.user_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.user_role_name) raise exception.NotImplemented() self.assignment_api.add_role_to_user_and_project( CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.admin_role_name]) self.assignment_api.add_role_to_user_and_project( CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.user_role_name]) self.assignment_api.add_role_to_user_and_project( CONF.wmfhooks.observer_user, project_id, roledict[CONF.wmfhooks.observer_role_name]) # Use the nova api to set up security groups for the new project auth = generic.Password(auth_url=CONF.wmfhooks.auth_url, username=CONF.wmfhooks.admin_user, password=CONF.wmfhooks.admin_pass, user_domain_name='Default', project_domain_name='Default', project_name=project_id) session = keystone_session.Session(auth=auth) client = nova_client.Client('2', session=session, connect_retries=5) allgroups = client.security_groups.list() defaultgroup = filter(lambda group: group.name == 'default', allgroups) if defaultgroup: groupid = defaultgroup[0].id try: client.security_group_rules.create(groupid, ip_protocol='icmp', from_port='-1', to_port='-1', cidr='0.0.0.0/0') except (exceptions.ClientException): LOG.warning("icmp security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='22', to_port='22', cidr='10.0.0.0/8') except (exceptions.ClientException): LOG.warning("Port 22 security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='5666', to_port='5666', cidr='10.0.0.0/8') except (exceptions.ClientException): LOG.warning("Port 5666 security rule already exists.") try: client.security_group_rules.create(groupid, ip_protocol='tcp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for TCP already exists.") try: client.security_group_rules.create(groupid, ip_protocol='udp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for UDP already exists.") try: client.security_group_rules.create(groupid, ip_protocol='icmp', from_port='1', to_port='65535', cidr='', group_id=groupid) except (exceptions.ClientException): LOG.warning("Project security rule for ICMP already exists.") else: LOG.warning( "Failed to find default security group in new project.") assignments = self._get_current_assignments(project_id) ldapgroups.sync_ldap_project_group(project_id, assignments) # Set up default sudoers in ldap ldapgroups.create_sudo_defaults(project_id) self._create_project_page(project_id)
def _on_project_create(self, project_id): LOG.warning("Beginning wmf hooks for project creation: %s" % project_id) roledict = self._get_role_dict() if CONF.wmfhooks.observer_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.observer_role_name) raise exception.NotImplemented() if CONF.wmfhooks.admin_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.admin_role_name) raise exception.NotImplemented() if CONF.wmfhooks.user_role_name not in roledict.keys(): LOG.error("Failed to find id for role %s" % CONF.wmfhooks.user_role_name) raise exception.NotImplemented() LOG.warning("Adding default users to project %s" % project_id) self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.admin_role_name]) self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.admin_user, project_id, roledict[CONF.wmfhooks.user_role_name]) self.assignment_api.add_role_to_user_and_project(CONF.wmfhooks.observer_user, project_id, roledict[CONF.wmfhooks.observer_role_name]) LOG.warning("Adding security groups to project %s" % project_id) # Use the neutron api to set up security groups for the new project auth = v3.Password( auth_url=CONF.wmfhooks.auth_url, username=CONF.wmfhooks.admin_user, password=CONF.wmfhooks.admin_pass, user_domain_name='Default', project_domain_name='Default', project_name=project_id) session = keystone_session.Session(auth=auth) client = neutron_client.Client(session=session, connect_retries=5) allgroups = client.list_security_groups()['security_groups'] defaultgroup = filter(lambda group: group['name'] == 'default', allgroups) if defaultgroup: groupid = defaultgroup[0]["id"] try: client.create_security_group_rule( KeystoneHooks._security_group_dict(groupid, 'icmp', -1, -1, cidr='0.0.0.0/0')) except (exceptions.NeutronClientException): LOG.warning("icmp security rule already exists.") try: client.create_security_group_rule( KeystoneHooks._security_group_dict(groupid, 'tcp', 22, 22, cidr='172.16.0.0/21')) except (exceptions.NeutronClientException): LOG.warning("Port 22 security rule already exists.") try: client.create_security_group_rule( KeystoneHooks._security_group_dict(groupid, 'tcp', 22, 22, group=groupid)) except (exceptions.NeutronClientException): LOG.warning("Project security rule for TCP already exists.") try: client.create_security_group_rule( KeystoneHooks._security_group_dict(groupid, 'udp', 1, 65535, group=groupid)) except (exceptions.NeutronClientException): LOG.warning("Project security rule for UDP already exists.") try: client.create_security_group_rule( KeystoneHooks._security_group_dict(groupid, 'icmp', -1, -1, group=groupid)) except (exceptions.NeutronClientException): LOG.warning("Project security rule for ICMP already exists.") else: LOG.warning("Failed to find default security group in new project.") LOG.warning("Syncing membership with ldap for project %s" % project_id) assignments = self._get_current_assignments(project_id) ldapgroups.sync_ldap_project_group(project_id, assignments) LOG.warning("Setting up default sudoers in ldap for project %s" % project_id) # Set up default sudoers in ldap ldapgroups.create_sudo_defaults(project_id) self._create_project_page(project_id) # This bit will take a while: LOG.warning("Creating default designate domain for project %s" % project_id) designatemakedomain.createDomain( CONF.wmfhooks.auth_url, CONF.wmfhooks.admin_user, CONF.wmfhooks.admin_pass, project_id, '{}.wmflabs.org.'.format(project_id), 'wmflabsdotorg' ) LOG.warning("Completed wmf hooks for project creation: %s" % project_id)