def execute(cmd, die=False, echo=False):
""" Executes a command
if die=True, script will exit(1) if command does not return 0
if echo=True, output of command will be printed to stdout
returns a tuple: (stdout, stderr, return code)
"""
p = subprocess.Popen(cmd.split(" "),
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE)
stdout = ""
stderr = ""
def print_line(l):
if echo:
print l.strip('\n')
sys.stdout.flush()
for l in iter(p.stdout.readline, ''):
print_line(l)
stdout += l
for l in iter(p.stderr.readline, ''):
print_line(l)
stderr += l
p.communicate()
rc = p.returncode
if die and rc != 0:
error_out("ERROR: command %s return non-zero.\n" % cmd)
return (stdout, stderr, rc)
def create_role(name, user=None, tenant=None):
""" creates a role if it doesn't already exist. grants role to user """
import manager
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
token=get_admin_token())
roles = [r._info for r in manager.api.roles.list()]
if not roles or name not in [r['name'] for r in roles]:
manager.api.roles.create(name=name)
utils.juju_log('INFO', "Created new role '%s'" % name)
else:
utils.juju_log('INFO', "A role named '%s' already exists" % name)
if not user and not tenant:
return
# NOTE(adam_g): Keystone client requires id's for add_user_role, not names
user_id = manager.resolve_user_id(user)
role_id = manager.resolve_role_id(name)
tenant_id = manager.resolve_tenant_id(tenant)
if None in [user_id, role_id, tenant_id]:
error_out("Could not resolve [%s, %s, %s]" %
(user_id, role_id, tenant_id))
grant_role(user, name, tenant)
def update_user_password(username, password):
import manager
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
token=get_admin_token())
utils.juju_log('INFO', "Updating password for user '%s'" % username)
user_id = manager.resolve_user_id(username)
if user_id is None:
error_out("Could not resolve user id for '%s'" % username)
manager.api.users.update_password(user=user_id, password=password)
utils.juju_log('INFO', "Successfully updated password for user '%s'" % \
username)
def get_admin_token():
"""Temporary utility to grab the admin token as configured in
keystone.conf
"""
with open(keystone_conf, 'r') as f:
for l in f.readlines():
if l.split(' ')[0] == 'admin_token':
try:
return l.split('=')[1].strip()
except:
error_out('Could not parse admin_token line from %s' %
keystone_conf)
error_out('Could not find admin_token line in %s' % keystone_conf)
def config_get():
""" Obtain the units config via 'config-get'
Returns a dict representing current config.
private-address and IP of the unit is also tacked on for
convienence
"""
output = execute("config-get --format json")[0]
config = json.loads(output)
# make sure no config element is blank after config-get
for c in config.keys():
if not config[c]:
error_out("ERROR: Config option has no paramter: %s" % c)
# tack on our private address and ip
config["hostname"] = utils.unit_get('private-address')
return config
def create_user(name, password, tenant):
""" creates a user if it doesn't already exist, as a member of tenant """
import manager
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
token=get_admin_token())
users = [u._info for u in manager.api.users.list()]
if not users or name not in [u['name'] for u in users]:
tenant_id = manager.resolve_tenant_id(tenant)
if not tenant_id:
error_out('Could not resolve tenant_id for tenant %s' % tenant)
manager.api.users.create(name=name,
password=password,
email='juju@localhost',
tenant_id=tenant_id)
utils.juju_log('INFO', "Created new user '%s' tenant: %s" % \
(name, tenant_id))
return
utils.juju_log('INFO', "A user named '%s' already exists" % name)