class TenantFactory(factory.DjangoModelFactory): class Meta: model = models.Tenant name = factory.Sequence(lambda n: 'tenant%s' % n) service_settings = factory.SubFactory(OpenStackServiceSettingsFactory) project = factory.SubFactory(ProjectFactory) state = models.Tenant.States.OK external_network_id = factory.LazyAttribute(lambda _: uuid.uuid4()) backend_id = factory.Sequence(lambda n: 'backend_id_%s' % n) user_username = factory.Sequence(lambda n: 'tenant user%d' % n) user_password = core_utils.pwgen() @classmethod def get_url(cls, tenant=None, action=None): if tenant is None: tenant = TenantFactory() url = 'http://testserver' + reverse('openstack-tenant-detail', kwargs={'uuid': tenant.uuid.hex}) return url if action is None else url + action + '/' @classmethod def get_list_url(cls, action=None): url = 'http://testserver' + reverse('openstack-tenant-list') return url if action is None else url + action + '/'
def create(self, validated_data): service_project_link = validated_data['service_project_link'] backend = service_project_link.service.get_backend() backend_id = validated_data['backend_id'] if models.Tenant.objects.filter( service_project_link__service__settings=service_project_link. service.settings, backend_id=backend_id).exists(): raise serializers.ValidationError( _('Tenant with ID "%s" is already registered.') % backend_id) try: tenant = backend.import_tenant(backend_id, service_project_link) except OpenStackBackendError as e: raise serializers.ValidationError({ 'backend_id': _('Can\'t import tenant with ID %(backend_id)s. Reason: %(reason)s' ) % { 'backend_id': backend_id, 'reason': e, } }) tenant.user_username = models.Tenant.generate_username(tenant.name) tenant.user_password = core_utils.pwgen() tenant.save() return tenant
def generate_safe_username(username): username = generate_username(username) # Maximum length for FreeIPA username is 32 chars if len(username) > 32: prefix_length = len(settings.WALDUR_FREEIPA['USERNAME_PREFIX']) username = generate_username(pwgen(32 - prefix_length)) return username
def generate_username(cls, name): """ Generates random valid tenant user name based on tenant name :param name: tenant name :return: username """ return slugify(name)[:25] + '-user-%s' % core_utils.pwgen(4)
def get_or_create_user(invitation_uuid, sender): invitation = models.Invitation.objects.get(uuid=invitation_uuid) user, created = utils.get_or_create_user(invitation) username = generate_safe_username(user.username) password = pwgen() try: profile, created = utils.get_or_create_profile(user, username, password) except (freeipa_exceptions.FreeIPAError, requests.RequestException) as e: logger.exception( 'Unable to create FreeIPA profile for user with ID: %s', user.id) invitation.error_message = str(e) invitation.save(update_fields=['error_message']) raise if created: sender = invitation.created_by.full_name or invitation.created_by.username context = utils.get_invitation_context(invitation, sender) context['username'] = username context['password'] = password context['link'] = invitation.link_template.format(uuid=invitation_uuid) broadcast_mail('users', 'invitation_approved', context, [invitation.email]) else: send_invitation_created(invitation_uuid, sender)
def create(self, validated_data): spl = validated_data['service_project_link'] # get availability zone from service settings if it is not defined if not validated_data.get('availability_zone'): validated_data['availability_zone'] = spl.service.settings.get_option('availability_zone') or '' # init tenant user username(if not defined) and password slugified_name = slugify(validated_data['name'])[:25] if not validated_data.get('user_username'): validated_data['user_username'] = models.Tenant.generate_username(validated_data['name']) validated_data['user_password'] = core_utils.pwgen() subnet_cidr = validated_data.pop('subnet_cidr') with transaction.atomic(): tenant = super(TenantSerializer, self).create(validated_data) network = models.Network.objects.create( name=slugified_name + '-int-net', description=_('Internal network for tenant %s') % tenant.name, tenant=tenant, service_project_link=tenant.service_project_link, ) models.SubNet.objects.create( name=slugified_name + '-sub-net', description=_('SubNet for tenant %s internal network') % tenant.name, network=network, service_project_link=tenant.service_project_link, cidr=subnet_cidr, allocation_pools=_generate_subnet_allocation_pool(subnet_cidr), dns_nameservers=spl.service.settings.options.get('dns_nameservers', []) ) nc_settings = getattr(settings, 'WALDUR_OPENSTACK', {}) config_groups = copy.deepcopy(nc_settings.get('DEFAULT_SECURITY_GROUPS', [])) for group in config_groups: sg_name = group.get('name') sg_description = group.get('description', None) sg = models.SecurityGroup.objects.get_or_create( service_project_link=tenant.service_project_link, tenant=tenant, description=sg_description, name=sg_name)[0] for rule in group.get('rules'): if 'icmp_type' in rule: rule['from_port'] = rule.pop('icmp_type') if 'icmp_code' in rule: rule['to_port'] = rule.pop('icmp_code') try: rule = models.SecurityGroupRule(security_group=sg, **rule) rule.full_clean() except serializers.ValidationError as e: logger.error('Failed to create rule for security group %s: %s.' % (sg_name, e)) else: rule.save() return tenant
def password(self, request, uuid): user = self.get_object() user.password = pwgen() user.save() executors.UserUpdateExecutor.execute(user, updated_fields=['password']) return response.Response( { 'detail': 'password update was scheduled successfully', 'password': user.password }, status=status.HTTP_200_OK)
def credentials(self, request, uuid): """ On GET request - return superadmin user data. On POST - reset superuser password and return new one. """ service = self.get_object() if request.method == 'GET': user = models.User.objects.get(settings=service.settings, alias=service.settings.username) serializer_class = self.get_serializer_class() serializer = serializer_class( user, context=self.get_serializer_context()) return Response(serializer.data) else: password = pwgen() executors.ServiceSettingsPasswordResetExecutor.execute( service.settings, password=password) return Response({'password': password})
def generate_username(): return 'user{}'.format(core_utils.pwgen(4))
def generate_api_secret_code(self): self.api_secret_code = core_utils.pwgen()
def create(self, attrs): groups = attrs.pop('groups', []) attrs['password'] = pwgen() user = super(UserSerializer, self).create(attrs) user.groups.add(*groups) return user