def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() contact_list = build_contact_list() for days_to_exp in self._get_days_to_exp(config.cron_plan): tframe = now + timedelta(days=days_to_exp) q_args = { 'expdate__gte': tframe.replace(hour=0, minute=0, second=0, microsecond=0), 'expdate__lte': tframe.replace(hour=23, minute=59, second=59, microsecond=999999) } for exp_item in Expiration.objects.filter(**q_args): try: keystone = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) tmpuser = keystone.users.get( exp_item.registration.userid) noti_params = { 'username': exp_item.registration.username, 'days': days_to_exp, 'contacts': contact_list } noti_sbj, noti_body = notification_render( USER_EXP_TYPE, noti_params) notifyUsers(tmpuser.email, noti_sbj, noti_body) # # TODO send notification to project admins # except: LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) req_table = dict() prj_res_table = dict() for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): if not p_req.project.projectid in req_table: req_table[p_req.project.projectid] = list() uname = p_req.registration.username email = self.get_email(None, None, p_req.registration) req_table[p_req.project.projectid].append((uname, email)) prj_res_table[ p_req.project.projectid] = p_req.project.projectname admin_table = dict() prjman_roleid = get_prjman_roleid(keystone_client) for prj_id in req_table: q_args = {'scope.project.id': prj_id, 'role.id': prjman_roleid} for assign in super( RoleAssignmentManager, keystone_client.role_assignments).list(**q_args): email = self.get_email(keystone_client, assign.user['id'], None) if not email in admin_table: admin_table[email] = list() admin_table[email].append(prj_id) for email in admin_table: for prj_id in admin_table[email]: noti_params = { 'pendingreqs': req_table[prj_id], 'project': prj_res_table[prj_id] } noti_sbj, noti_body = notification_render( SUBSCR_REMINDER, noti_params) notifyUsers(email, noti_sbj, noti_body) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) req_table = dict() prj_res_table = dict() for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): if not p_req.project.projectid in req_table: req_table[p_req.project.projectid] = list() uname = p_req.registration.username email = self.get_email(None, None, p_req.registration) req_table[p_req.project.projectid].append((uname, email)) prj_res_table[p_req.project.projectid] = p_req.project.projectname admin_table = dict() prjman_roleid = get_prjman_roleid(keystone_client) for prj_id in req_table: q_args = { 'scope.project.id' : prj_id, 'role.id' : prjman_roleid } for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args): email = self.get_email(keystone_client, assign.user['id'], None) if not email in admin_table: admin_table[email] = list() admin_table[email].append(prj_id) for email in admin_table: for prj_id in admin_table[email]: noti_params = { 'pendingreqs' : req_table[prj_id], 'project' : prj_res_table[prj_id] } noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params) notifyUsers(email, noti_sbj, noti_body) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() contact_list = build_contact_list() for days_to_exp in self._get_days_to_exp(config.cron_plan): tframe = now + timedelta(days=days_to_exp) q_args = { 'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0), 'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999) } for exp_item in Expiration.objects.filter(**q_args): try: keystone = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) tmpuser = keystone.users.get(exp_item.registration.userid) noti_params = { 'username' : exp_item.registration.username, 'days' : days_to_exp, 'contacts' : contact_list } noti_sbj, noti_body = notification_render(USER_EXP_TYPE, noti_params) notifyUsers(tmpuser.email, noti_sbj, noti_body) # # TODO send notification to project admins # except: LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() exp_date = now + timedelta(config.cron_renewd) LOG.info("Checking for renewal after %s" % str(exp_date)) keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) q_args = { 'expdate__lte' : exp_date, 'expdate__gt' : now } exp_members = Expiration.objects.filter(**q_args) prjman_roleid = get_prjman_roleid(keystone_client) except: LOG.error("Request for renewal failed", exc_info=True) raise CommandError("Request for renewal failed") with transaction.atomic(): for e_item in exp_members: # # TODO check API # try: is_prj_admin = keystone_client.roles.check(prjman_roleid, e_item.registration.userid, None, None, e_item.project.projectid) except: is_prj_admin = False try: q_args = { 'registration' : e_item.registration, 'project' : e_item.project, 'flowstatus__in' : [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ] } if len(PrjRequest.objects.filter(**q_args)) == 0: reqArgs = { 'registration' : e_item.registration, 'project' : e_item.project, 'flowstatus' : PSTATUS_RENEW_ADMIN if is_prj_admin else PSTATUS_RENEW_MEMB } PrjRequest(**reqArgs).save() LOG.info("Issued renewal for %s" % e_item.registration.username) except: LOG.error("Check expiration failed for", exc_info=True) raise CommandError("Check expiration failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() exp_date = now + timedelta(config.cron_renewd) LOG.info("Checking for renewal after %s" % str(exp_date)) keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) q_args = {'expdate__lte': exp_date, 'expdate__gt': now} exp_members = Expiration.objects.filter(**q_args) prjman_roleid = get_prjman_roleid(keystone_client) except: LOG.error("Request for renewal failed", exc_info=True) raise CommandError("Request for renewal failed") with transaction.atomic(): for e_item in exp_members: # # TODO check API # try: is_prj_admin = keystone_client.roles.check( prjman_roleid, e_item.registration.userid, None, None, e_item.project.projectid) except: is_prj_admin = False try: q_args = { 'registration': e_item.registration, 'project': e_item.project, 'flowstatus__in': [PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB] } if len(PrjRequest.objects.filter(**q_args)) == 0: reqArgs = { 'registration': e_item.registration, 'project': e_item.project, 'flowstatus': PSTATUS_RENEW_ADMIN if is_prj_admin else PSTATUS_RENEW_MEMB } PrjRequest(**reqArgs).save() LOG.info("Issued renewal for %s" % e_item.registration.username) except: LOG.error("Check expiration failed for", exc_info=True) raise CommandError("Check expiration failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) LOG.info("Checking expired users") try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) exp_date = datetime.now() - timedelta(config.cron_defer) exp_members = Expiration.objects.filter(expdate__lt=exp_date) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() for mem_item in exp_members: updated_prjs.add(mem_item.project.projectid) LOG.debug("Expired %s for %s" % \ (mem_item.registration.username, mem_item.project.projectname)) try: with transaction.atomic(): q_args = { 'registration' : mem_item.registration, 'project' : mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() arg_dict = { 'project' : mem_item.project.projectid, 'user' : mem_item.registration.userid } for r_item in keystone_client.role_assignments.list(**arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (mem_item.registration.username, mem_item.project.projectid)) # # TODO missing notification # except: LOG.error("Check expiration failed for %s" % mem_item.registration.username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: try: url = '/role_assignments?scope.project.id=%s&role.id=%s' resp, body = keystone_client.get(url % (prj_id, prjman_roleid)) if len(body['role_assignments']) == 0: keystone_client.roles.grant(prjman_roleid, user = cloud_adminid, project = prj_id ) LOG.info("Cloud Administrator as admin for %s" % prj_id) except: # # TODO notify error to cloud admin # LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
def handle(self, *args, **options): configure_log(options) config = configure_app(options) prj_id_list = list() for item in os.listdir(CACHE_DIR): if not item.endswith('.tmp'): prj_id_list.append(item) if len(prj_id_list) == 0: return LOG.info("Detected booked notifications") try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) prjman_roleid = None for role in keystone_client.roles.list(): if role.name == TENANTADMIN_ROLE: prjman_roleid = role.id except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed: cannot contact Keystone") if not prjman_roleid: raise CommandError( "Notification failed: project administrator undefined") for prj_id in prj_id_list: prj_emails = list() url = '/role_assignments?scope.project.id=%s&role.id=%s' resp, body = keystone_client.get(url % (prj_id, prjman_roleid)) for item in body['role_assignments']: tntadmin = keystone_client.users.get(item['user']['id']) prj_emails.append(tntadmin.email) tmpprj = keystone_client.projects.get(prj_id) try: f_name = os.path.join(CACHE_DIR, prj_id) with open(f_name) as n_file: for line in n_file.readlines(): rres = D_PATTERN.search(line) if rres: noti_params = { 'username': rres.group(1), 'project': tmpprj.name } noti_sbj, noti_body = notification_render( rres.group(2), noti_params) for prj_email in prj_emails: notifyUsers(prj_email, noti_sbj, noti_body) os.remove(f_name) except: LOG.error("Error reading %s" % f_name, exc_info=True)
def handle(self, *args, **options): configure_log(options) config = configure_app(options) LOG.info("Checking expired users") try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) exp_date = datetime.now() - timedelta(config.cron_defer) exp_members = Expiration.objects.filter(expdate__lt=exp_date) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() for mem_item in exp_members: updated_prjs.add(mem_item.project.projectid) LOG.debug("Expired %s for %s" % \ (mem_item.registration.username, mem_item.project.projectname)) try: with transaction.atomic(): q_args = { 'registration': mem_item.registration, 'project': mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() arg_dict = { 'project': mem_item.project.projectid, 'user': mem_item.registration.userid } for r_item in keystone_client.role_assignments.list( **arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (mem_item.registration.username, mem_item.project.projectid)) # # TODO missing notification # except: LOG.error("Check expiration failed for %s" % mem_item.registration.username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: try: url = '/role_assignments?scope.project.id=%s&role.id=%s' resp, body = keystone_client.get(url % (prj_id, prjman_roleid)) if len(body['role_assignments']) == 0: keystone_client.roles.grant(prjman_roleid, user=cloud_adminid, project=prj_id) LOG.info("Cloud Administrator as admin for %s" % prj_id) except: # # TODO notify error to cloud admin # LOG.error("No tenant admin for %s" % prj_id, exc_info=True)