def _assign_users(project_resource, users):
"""
Assign users to project
:param project_resource: project resource instance (OpenstackProject)
:param users: List of users that need to be assigned to project with roles
"""
# Create user resource to be able to get info about user
user_resource = OpenstackUser(client_config=project_resource.client_config,
logger=ctx.logger)
# Create user role resource to be able to get info about role
role_resource = OpenstackRole(client_config=project_resource.client_config,
logger=ctx.logger)
for user in users:
user_roles = user.get(IDENTITY_ROLES, [])
user_item = user_resource.find_user(user.get('name'))
if not user_item:
raise NonRecoverableError('User {0} is not found'
''.format(user['name']))
for role in user_roles:
user_role = role_resource.find_role(role)
if not user_role:
raise NonRecoverableError('Role {0} is not found'.format(role))
# Assign project role to user
role_resource.assign_project_role_to_user(
project_id=project_resource.resource_id,
user_id=user_item.id,
role_id=user_role.id)
ctx.logger.info(
'Assigned user {0} to project {1} with role {2}'.format(
user_item.id, project_resource.resource_id, user_role.id))
def _validate_users(client_config, users):
"""
This method will validate if the users are already exists before doing
any role assignment. Morever, it will check if the roles also exist or not
:param list users: List of users (dict) that contains user names and
roles associated
:param client_config: Openstack configuration in order to connect to
openstack
"""
# Create user resource to be able to get info about user
user_resource = OpenstackUser(client_config=client_config,
logger=ctx.logger)
# Create user role resource to be able to get info about role
role_resource = OpenstackRole(client_config=client_config,
logger=ctx.logger)
user_names = [user.get('name') for user in users]
if len(user_names) > len(set(user_names)):
raise NonRecoverableError(' Provided users are not unique')
for user_name in user_names:
user = user_resource.find_user(user_name)
if not user:
raise NonRecoverableError(
'User {0} is not found'.format(user_name))
for user in users:
if user.get(IDENTITY_ROLES):
if len(user[IDENTITY_ROLES]) > len(set(user[IDENTITY_ROLES])):
msg = 'Roles for user {0} are not unique'
raise NonRecoverableError(msg.format(user.get('name')))
role_names = {
role
for user in users for role in user.get(IDENTITY_ROLES, [])
}
for role_name in role_names:
user_role = role_resource.find_role(role_name)
if not user_role:
raise NonRecoverableError(
'Role {0} is not found'.format(role_name))
def _validate_groups(client_config, groups):
"""
This method will validate if the groups are already exists before doing
any role assignment. Morever, it will check if the roles also exist or not
:param list groups: List of groups (dict) that contains group names and
roles associated
:param client_config: Openstack configuration in order to connect to
openstack
"""
# Create group resource to be able to get info about group
group_resource = OpenstackGroup(client_config=client_config,
logger=ctx.logger)
# Create group role resource to be able to get info about role
role_resource = OpenstackRole(client_config=client_config,
logger=ctx.logger)
group_names = [group.get('name') for group in groups]
if len(group_names) > len(set(group_names)):
raise NonRecoverableError(' Provided groups are not unique')
for group_name in group_names:
group = group_resource.find_group(group_name)
if not group:
raise NonRecoverableError(
'Group {0} is not found'.format(group_name))
for group in groups:
if group.get(IDENTITY_ROLES):
if len(group[IDENTITY_ROLES]) > len(set(group[IDENTITY_ROLES])):
msg = 'Roles for group {0} are not unique'
raise NonRecoverableError(msg.format(group.get('name')))
role_names = {
role for group in groups for role in group.get(IDENTITY_ROLES, [])
}
for role_name in role_names:
group_role = role_resource.find_role(role_name)
if not group_role:
raise NonRecoverableError(
'Role {0} is not found'.format(role_name))
def _assign_groups(project_resource, groups):
"""
Assign groups to project
:param project_resource: project resource instance (OpenstackProject)
:param groups: List of groups that need to be assigned to project with
roles
"""
# Create group resource to be able to get info about group
group_resource = OpenstackGroup(
client_config=project_resource.client_config,
logger=ctx.logger
)
# Create group role resource to be able to get info about role
role_resource = OpenstackRole(
client_config=project_resource.client_config,
logger=ctx.logger
)
for group in groups:
group_roles = group.get(IDENTITY_ROLES, [])
group_item = group_resource.find_group(group.get('name'))
if not group_item:
raise NonRecoverableError('Group {0} is not found'
''.format(group['name']))
for role in group_roles:
group_role = role_resource.find_role(role)
if not group_role:
raise NonRecoverableError('Role {0} is not found'.format(role))
# Assign project role to group
role_resource.assign_project_role_to_group(
project_id=project_resource.resource_id,
group_id=group_item.id,
role_id=group_role.id)
ctx.logger.info(
'Assigned group {0} to project {1} with role {2}'.format(
group_item.id, project_resource.resource_id,
group_role.id))