def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
contact_list = build_contact_list()
for days_to_exp in self._get_days_to_exp(config.cron_plan):
tframe = now + timedelta(days=days_to_exp)
q_args = {
'expdate__gte':
tframe.replace(hour=0, minute=0, second=0, microsecond=0),
'expdate__lte':
tframe.replace(hour=23,
minute=59,
second=59,
microsecond=999999)
}
for exp_item in Expiration.objects.filter(**q_args):
try:
keystone = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
tmpuser = keystone.users.get(
exp_item.registration.userid)
noti_params = {
'username': exp_item.registration.username,
'days': days_to_exp,
'contacts': contact_list
}
noti_sbj, noti_body = notification_render(
USER_EXP_TYPE, noti_params)
notifyUsers(tmpuser.email, noti_sbj, noti_body)
#
# TODO send notification to project admins
#
except:
LOG.warning("Cannot notify %s" %
exp_item.registration.username,
exc_info=True)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[
p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {'scope.project.id': prj_id, 'role.id': prjman_roleid}
for assign in super(
RoleAssignmentManager,
keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'],
None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs': req_table[prj_id],
'project': prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(
SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {
'scope.project.id' : prj_id,
'role.id' : prjman_roleid
}
for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'], None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs' : req_table[prj_id],
'project' : prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
contact_list = build_contact_list()
for days_to_exp in self._get_days_to_exp(config.cron_plan):
tframe = now + timedelta(days=days_to_exp)
q_args = {
'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0),
'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999)
}
for exp_item in Expiration.objects.filter(**q_args):
try:
keystone = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
tmpuser = keystone.users.get(exp_item.registration.userid)
noti_params = {
'username' : exp_item.registration.username,
'days' : days_to_exp,
'contacts' : contact_list
}
noti_sbj, noti_body = notification_render(USER_EXP_TYPE, noti_params)
notifyUsers(tmpuser.email, noti_sbj, noti_body)
#
# TODO send notification to project admins
#
except:
LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
exp_date = now + timedelta(config.cron_renewd)
LOG.info("Checking for renewal after %s" % str(exp_date))
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
q_args = {
'expdate__lte' : exp_date,
'expdate__gt' : now
}
exp_members = Expiration.objects.filter(**q_args)
prjman_roleid = get_prjman_roleid(keystone_client)
except:
LOG.error("Request for renewal failed", exc_info=True)
raise CommandError("Request for renewal failed")
with transaction.atomic():
for e_item in exp_members:
#
# TODO check API
#
try:
is_prj_admin = keystone_client.roles.check(prjman_roleid,
e_item.registration.userid,
None, None,
e_item.project.projectid)
except:
is_prj_admin = False
try:
q_args = {
'registration' : e_item.registration,
'project' : e_item.project,
'flowstatus__in' : [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ]
}
if len(PrjRequest.objects.filter(**q_args)) == 0:
reqArgs = {
'registration' : e_item.registration,
'project' : e_item.project,
'flowstatus' : PSTATUS_RENEW_ADMIN if is_prj_admin
else PSTATUS_RENEW_MEMB
}
PrjRequest(**reqArgs).save()
LOG.info("Issued renewal for %s" % e_item.registration.username)
except:
LOG.error("Check expiration failed for", exc_info=True)
raise CommandError("Check expiration failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
exp_date = now + timedelta(config.cron_renewd)
LOG.info("Checking for renewal after %s" % str(exp_date))
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
q_args = {'expdate__lte': exp_date, 'expdate__gt': now}
exp_members = Expiration.objects.filter(**q_args)
prjman_roleid = get_prjman_roleid(keystone_client)
except:
LOG.error("Request for renewal failed", exc_info=True)
raise CommandError("Request for renewal failed")
with transaction.atomic():
for e_item in exp_members:
#
# TODO check API
#
try:
is_prj_admin = keystone_client.roles.check(
prjman_roleid, e_item.registration.userid, None, None,
e_item.project.projectid)
except:
is_prj_admin = False
try:
q_args = {
'registration': e_item.registration,
'project': e_item.project,
'flowstatus__in':
[PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB]
}
if len(PrjRequest.objects.filter(**q_args)) == 0:
reqArgs = {
'registration':
e_item.registration,
'project':
e_item.project,
'flowstatus':
PSTATUS_RENEW_ADMIN
if is_prj_admin else PSTATUS_RENEW_MEMB
}
PrjRequest(**reqArgs).save()
LOG.info("Issued renewal for %s" %
e_item.registration.username)
except:
LOG.error("Check expiration failed for", exc_info=True)
raise CommandError("Check expiration failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
exp_date = datetime.now() - timedelta(config.cron_defer)
exp_members = Expiration.objects.filter(expdate__lt=exp_date)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
for mem_item in exp_members:
updated_prjs.add(mem_item.project.projectid)
LOG.debug("Expired %s for %s" % \
(mem_item.registration.username, mem_item.project.projectname))
try:
with transaction.atomic():
q_args = {
'registration' : mem_item.registration,
'project' : mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
arg_dict = {
'project' : mem_item.project.projectid,
'user' : mem_item.registration.userid
}
for r_item in keystone_client.role_assignments.list(**arg_dict):
keystone_client.roles.revoke(r_item.role['id'], **arg_dict)
LOG.info("Removed %s from %s" %
(mem_item.registration.username, mem_item.project.projectid))
#
# TODO missing notification
#
except:
LOG.error("Check expiration failed for %s" % mem_item.registration.username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
try:
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
if len(body['role_assignments']) == 0:
keystone_client.roles.grant(prjman_roleid,
user = cloud_adminid,
project = prj_id
)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
except:
#
# TODO notify error to cloud admin
#
LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
prj_id_list = list()
for item in os.listdir(CACHE_DIR):
if not item.endswith('.tmp'):
prj_id_list.append(item)
if len(prj_id_list) == 0:
return
LOG.info("Detected booked notifications")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
prjman_roleid = None
for role in keystone_client.roles.list():
if role.name == TENANTADMIN_ROLE:
prjman_roleid = role.id
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed: cannot contact Keystone")
if not prjman_roleid:
raise CommandError(
"Notification failed: project administrator undefined")
for prj_id in prj_id_list:
prj_emails = list()
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
for item in body['role_assignments']:
tntadmin = keystone_client.users.get(item['user']['id'])
prj_emails.append(tntadmin.email)
tmpprj = keystone_client.projects.get(prj_id)
try:
f_name = os.path.join(CACHE_DIR, prj_id)
with open(f_name) as n_file:
for line in n_file.readlines():
rres = D_PATTERN.search(line)
if rres:
noti_params = {
'username': rres.group(1),
'project': tmpprj.name
}
noti_sbj, noti_body = notification_render(
rres.group(2), noti_params)
for prj_email in prj_emails:
notifyUsers(prj_email, noti_sbj, noti_body)
os.remove(f_name)
except:
LOG.error("Error reading %s" % f_name, exc_info=True)
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
exp_date = datetime.now() - timedelta(config.cron_defer)
exp_members = Expiration.objects.filter(expdate__lt=exp_date)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
for mem_item in exp_members:
updated_prjs.add(mem_item.project.projectid)
LOG.debug("Expired %s for %s" % \
(mem_item.registration.username, mem_item.project.projectname))
try:
with transaction.atomic():
q_args = {
'registration': mem_item.registration,
'project': mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
arg_dict = {
'project': mem_item.project.projectid,
'user': mem_item.registration.userid
}
for r_item in keystone_client.role_assignments.list(
**arg_dict):
keystone_client.roles.revoke(r_item.role['id'],
**arg_dict)
LOG.info("Removed %s from %s" %
(mem_item.registration.username,
mem_item.project.projectid))
#
# TODO missing notification
#
except:
LOG.error("Check expiration failed for %s" %
mem_item.registration.username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
try:
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
if len(body['role_assignments']) == 0:
keystone_client.roles.grant(prjman_roleid,
user=cloud_adminid,
project=prj_id)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
except:
#
# TODO notify error to cloud admin
#
LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
