예제 #1
0
    def create(self, validated_data):
        username = validated_data['atmo_user']
        groupname = validated_data['atmo_group']
        atmo_user, atmo_group = Group.create_usergroup(username, groupname)

        provider = validated_data['provider']
        provider_type = provider.get_type_name().lower()
        if provider_type == 'openstack':
            new_identity = self.create_openstack_identity(
                atmo_user, provider, validated_data
            )
        else:
            raise Exception(
                "Cannot create accounts for provider of type %s" % provider_type
            )

        # Always share identity with group (To enable Troposphere access)
        new_identity.share(atmo_group)

        admin_account = validated_data['admin_account']
        if admin_account:
            AccountProvider.objects.get_or_create(
                provider=new_identity.provider, identity=new_identity
            )

        # TODO: When the refactor of rtwo/get_esh_driver is complete,
        # validate_identity should be call-able without the django model (to
        # avoid create-then-delete)
        validate_identity(new_identity)
        return new_identity
예제 #2
0
def create_admin(provider):
    print "What is the username of the provider admin?"
    username_select = raw_input("username of provider admin: ")
    print "What is the password of the provider admin?"
    password_select = raw_input("password of provider admin: ")
    print "What is the tenant_name of the provider admin?"
    tenant_name_select = raw_input("tenant_name of provider admin: ")

    (user, group) = Group.create_usergroup(username_select)

    new_identity = Identity.objects.get_or_create(provider=provider,
                                                  created_by=user)[0]
    new_identity.credential_set.get_or_create(key='key', value=username_select)
    new_identity.credential_set.get_or_create(key='secret',
                                              value=password_select)
    new_identity.credential_set.get_or_create(key='ex_tenant_name',
                                              value=tenant_name_select)
    new_identity.credential_set.get_or_create(key='ex_project_name',
                                              value=tenant_name_select)

    prov_membership = ProviderMembership.objects.get_or_create(
        provider=provider, member=group)[0]
    #TODO: Create quota if none exists
    quota = Quota.objects.all()[0]
    #Necessary for save hooks -- Default project, select an identity
    user.save()

    admin = AccountProvider.objects.get_or_create(provider=provider,
                                                  identity=new_identity)[0]
    id_membership = IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group, quota=quota)[0]
    return new_identity
예제 #3
0
def create_admin(provider):
    print "What is the username of the provider admin?"
    username_select = raw_input("username of provider admin: ")
    print "What is the password of the provider admin?"
    password_select = raw_input("password of provider admin: ")
    print "What is the tenant_name of the provider admin?"
    tenant_name_select = raw_input("tenant_name of provider admin: ")


    (user, group) = Group.create_usergroup(username_select)

    new_identity = Identity.objects.get_or_create(provider=provider,
                                                  created_by=user)[0]
    new_identity.credential_set.get_or_create(key='key',
                                              value=username_select)
    new_identity.credential_set.get_or_create(key='secret',
                                              value=password_select)
    new_identity.credential_set.get_or_create(key='ex_tenant_name',
                                              value=tenant_name_select)
    new_identity.credential_set.get_or_create(key='ex_project_name',
                                              value=tenant_name_select)

    prov_membership = ProviderMembership.objects.get_or_create(
        provider=provider, member=group)[0]
    #TODO: Create quota if none exists
    quota = Quota.objects.all()[0]
    #Necessary for save hooks -- Default project, select an identity
    user.save()

    admin = AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity)[0]
    id_membership = IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group, quota=quota)[0]
    return new_identity
예제 #4
0
    def create(self, validated_data):
        username = validated_data['atmo_user']
        groupname = validated_data['atmo_group']
        atmo_user, atmo_group = Group.create_usergroup(
            username, groupname)

        provider = validated_data['provider']
        provider_type = provider.get_type_name().lower()
        if provider_type == 'openstack':
            new_identity = self.create_openstack_identity(atmo_user, provider, validated_data)
        else:
            raise Exception("Cannot create accounts for provider of type %s" % provider_type)

        # Always share identity with group (To enable Troposphere access)
        new_identity.share(atmo_group)

        admin_account = validated_data['admin_account']
        if admin_account:
            AccountProvider.objects.get_or_create(
                provider=new_identity.provider,
                identity=new_identity)

        # TODO: When the refactor of rtwo/get_esh_driver is complete, validate_identity should be call-able without the django model (to avoid create-then-delete)
        validate_identity(new_identity)
        return new_identity
예제 #5
0
    def build_account(
        cls,
        account_user,
        group_name,
        username,
        provider_location,
        quota=None,
        allocation=None,
        is_leader=False,
        max_quota=False,
        account_admin=False,
        **kwarg_creds
    ):
        """
        DEPRECATED: POST to v2/identities API to create an identity.
        """
        # Do not move up. ImportError.
        from core.models import Group, Quota, Provider, AccountProvider

        provider = Provider.objects.get(location__iexact=provider_location)
        credentials = cls._kwargs_to_credentials(kwarg_creds)

        if not quota:
            quota = Quota.default_quota()
        #DEV NOTE: 'New' identities are expected to have a router name directly assigned
        # upon creation. If the value is not passed in, we can ask the provider to select
        # the router with the least 'usage' to ensure an "eventually consistent" distribution
        # of users->routers.
        topologyClsName = provider.get_config(
            'network', 'topology', raise_exc=False
        )
        if topologyClsName == 'External Router Topology' and 'router_name' not in credentials:
            credentials['router_name'] = provider.select_router()

        (user,
         group) = Group.create_usergroup(account_user, group_name, is_leader)

        identity = cls._get_identity(user, group, provider, quota, credentials)
        # NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = identity.share(group, allocation=allocation)
        # ID_Membership exists.

        # 3. Assign admin account, if requested
        if account_admin:
            AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity
            )[0]

        # 4. Save the user to activate profile on first-time use
        # FIXME: only call .save() if 'no profile' test is True.
        # TODO: write a 'no profile' test f()
        user.save()

        # Return the identity
        return identity
예제 #6
0
    def build_account(cls,
                      account_user,
                      group_name,
                      username,
                      provider_location,
                      quota=None,
                      allocation=None,
                      is_leader=False,
                      max_quota=False,
                      account_admin=False,
                      **kwarg_creds):
        """
        DEPRECATED: POST to v2/identities API to create an identity.
        """
        # Do not move up. ImportError.
        from core.models import Group, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)
        credentials = cls._kwargs_to_credentials(kwarg_creds)

        if not quota:
            quota = Quota.default_quota()
        #DEV NOTE: 'New' identities are expected to have a router name directly assigned
        # upon creation. If the value is not passed in, we can ask the provider to select
        # the router with the least 'usage' to ensure an "eventually consistent" distribution
        # of users->routers.
        topologyClsName = provider.get_config('network',
                                              'topology',
                                              raise_exc=False)
        if topologyClsName == 'External Router Topology' and 'router_name' not in credentials:
            credentials['router_name'] = provider.select_router()

        (user, group) = Group.create_usergroup(account_user, group_name,
                                               is_leader)

        identity = cls._get_identity(user, group, provider, quota, credentials)
        # NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = identity.share(group, allocation=allocation)
        # ID_Membership exists.

        # 3. Assign admin account, if requested
        if account_admin:
            AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        # 4. Save the user to activate profile on first-time use
        # FIXME: only call .save() if 'no profile' test is True.
        # TODO: write a 'no profile' test f()
        user.save()

        # Return the identity
        return identity
예제 #7
0
    def create_identity(cls, username, provider_location,
                        quota=None, allocation=None,
                        max_quota=False, account_admin=False, **kwarg_creds):
        """
        Create new User/Group & Identity for given provider_location
        NOTES:
        * kwargs prefixed with 'cred_' will be collected as credentials
        * Can assign optional flags:
          + max_quota - Assign the highest quota available, rather than
            default.
          + account_admin - Private Clouds only - This user should have ALL
            permissions including:
              * Image creation (Glance)
              * Account creation (Keystone)
              * Access to ALL instances launched over ALL users

          Atmosphere will run fine without an account_admin, but the above
          features will be disabled.
        """
        # Do not move up. ImportError.
        from core.models import Group, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)
        credentials = cls._kwargs_to_credentials(kwarg_creds)

        #DEV NOTE: 'New' identities are expected to have a router name directly assigned
        # upon creation. If the value is not passed in, we can ask the provider to select
        # the router with the least 'usage' to ensure an "eventually consistent" distribution
        # of users->routers.
        if 'router_name' not in credentials:
            credentials['router_name'] = provider.select_router()

        (user, group) = Group.create_usergroup(username)

        identity = cls._get_identity(user, group, provider, credentials)
        # NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = identity.share(group, quota=quota, allocation=allocation)
        # ID_Membership exists.

        # 3. Assign admin account, if requested
        if account_admin:
            AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        # 4. Save the user to activate profile on first-time use
        # FIXME: only call .save() if 'no profile' test is True.
        # TODO: write a 'no profile' test f()
        user.save()

        # Return the identity
        return identity
예제 #8
0
def create_admin(provider):
    print "What is the username of the provider admin?"
    username_select = raw_input("username of provider admin: ")
    print "What is the password of the provider admin?"
    password_select = raw_input("password of provider admin: ")
    print "What is the tenant_name of the provider admin?"
    tenant_name_select = raw_input("tenant_name of provider admin: ")

    print "What is the admin_url of the provider admin?"
    admin_url_select = raw_input("admin_url of provider admin: ")
    print "What is the auth_url of the provider admin?"
    auth_url_select = raw_input("auth_url of provider admin: ")
    print "What is the router_name of the provider admin?"
    router_name_select = raw_input("router_name of provider admin: ")
    print "What is the region_name of the provider admin?"
    region_name_select = raw_input("region_name of provider admin: ")

    (user, group) = Group.create_usergroup(username_select)

    new_identity = Identity.objects.get_or_create(provider=provider,
                                                  created_by=user)[0]
    new_identity.credential_set.get_or_create(key='key',
                                              value=username_select)
    new_identity.credential_set.get_or_create(key='secret',
                                              value=password_select)
    new_identity.credential_set.get_or_create(key='ex_tenant_name',
                                              value=tenant_name_select)
    new_identity.credential_set.get_or_create(key='ex_project_name',
                                              value=tenant_name_select)
    provider.providercredential_set.get_or_create(key='admin_url',
                                                  value=admin_url_select)
    provider.providercredential_set.get_or_create(key='auth_url',
                                                  value=auth_url_select)
    provider.providercredential_set.get_or_create(key='router_name',
                                                  value=router_name_select)
    provider.providercredential_set.get_or_create(key='region_name',
                                                  value=region_name_select)

    prov_membership = ProviderMembership.objects.get_or_create(
        provider=provider, member=group)[0]
    quota = Quota.objects.all()[0]
    user.save()
    admin = AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity)[0]
    id_membership = IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group, quota=quota)[0]
    return new_identity
예제 #9
0
def create_admin(provider, admin_info):

    REQUIRED_FIELDS = ["username", "password", "tenant"]

    if not has_fields(admin_info, REQUIRED_FIELDS):
        print "Please add missing admin information."
        sys.exit(1)

    username = admin_info["username"]
    password = admin_info["password"]
    tenant = admin_info["tenant"]

    (user, group) = Group.create_usergroup(username)

    try:
        new_identity = Identity.objects.get(
            provider=provider, created_by=user
        )    # FIXME: This will need to be more explicit, look for AccountProvider?
    except Identity.DoesNotExist:
        new_identity = Identity.objects.create(
            provider=provider, created_by=user, quota=Quota.default_quota()
        )
    new_identity.credential_set.get_or_create(key='key', value=username)
    new_identity.credential_set.get_or_create(key='secret', value=password)
    new_identity.credential_set.get_or_create(
        key='ex_tenant_name', value=tenant
    )
    new_identity.credential_set.get_or_create(
        key='ex_project_name', value=tenant
    )

    quota = Quota.objects.filter(**Quota.default_dict()).first()
    if not quota:
        quota = Quota.default_quota()
    # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
    # Necessary for save hooks -- Default project, select an identity
    user.save()

    AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity
    )
    IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group
    )

    return new_identity
예제 #10
0
def create_admin(provider, admin_info):
    REQUIRED_FIELDS = ["username", "password", "tenant"]

    if not has_fields(admin_info, REQUIRED_FIELDS):
        print "Please add missing admin information."
        sys.exit(1)

    username = admin_info["username"]
    password = admin_info["password"]
    tenant = admin_info["tenant"]

    (user, group) = Group.create_usergroup(username)

    new_identity = Identity.objects.get_or_create(provider=provider,
                                                  created_by=user)[0]
    new_identity.credential_set.get_or_create(key='key',
                                              value=username)
    new_identity.credential_set.get_or_create(key='secret',
                                              value=password)
    new_identity.credential_set.get_or_create(key='ex_tenant_name',
                                              value=tenant)
    new_identity.credential_set.get_or_create(key='ex_project_name',
                                              value=tenant)

    quota = Quota.objects.filter(**Quota.default_dict()).first()
    if not quota:
        quota = Quota.default_quota()
    # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
    # Necessary for save hooks -- Default project, select an identity
    user.save()

    AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity)
    IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group, quota=quota)

    return new_identity
예제 #11
0
    def create_identity(cls, username, provider_location,
                        quota=None,
                        max_quota=False, account_admin=False, **kwarg_creds):
        """
        Create new User/Group & Identity for given provider_location
        NOTES:
        * kwargs prefixed with 'cred_' will be collected as credentials
        * Can assign optional flags:
          + max_quota - Assign the highest quota available, rather than
            default.
          + account_admin - Private Clouds only - This user should have ALL
            permissions including:
              * Image creation (Glance)
              * Account creation (Keystone)
              * Access to ALL instances launched over ALL users

          Atmosphere will run fine without an account_admin, but the above
          features will be disabled.
        """
        # Do not move up. ImportError.
        from core.models import Group, Credential, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)

        credentials = {}
        for (c_key, c_value) in kwarg_creds.items():
            if 'cred_' not in c_key.lower():
                continue
            c_key = c_key.replace('cred_', '')
            credentials[c_key] = c_value

        (user, group) = Group.create_usergroup(username)

        # NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = IdentityMembership.objects.filter(
            member__name=user.username,
            identity__provider=provider,
            identity__created_by__username=user.username)
        if not id_membership:
            default_allocation = Allocation.default_allocation()
            # 1. Create an Identity Membership
            # DEV NOTE: I have a feeling that THIS line will mean
            #          creating a secondary identity for a user on a given
            #          provider will be difficult. We need to find a better
            #          workflow here..
            try:
                identity = Identity.objects.get(created_by=user,
                                                provider=provider)
            except Identity.DoesNotExist:
                new_uuid = uuid4()
                identity = Identity.objects.create(
                    created_by=user,
                    provider=provider,
                    uuid=str(new_uuid))
            id_membership = IdentityMembership.objects.get_or_create(
                identity=identity,
                member=group,
                allocation=default_allocation,
                quota=Quota.default_quota())
        # Either first in list OR object from two-tuple.. Its what we need.
        id_membership = id_membership[0]

        # ID_Membership exists.

        # 2. Make sure that all kwargs exist as credentials
        # NOTE: Because we assume only one identity per provider
        #       We can add new credentials to
        #       existing identities if missing..
        # In the future it will be hard to determine when we want to
        # update values on an identity Vs. create a second, new
        # identity.
        for (c_key, c_value) in credentials.items():
            test_key_exists = Credential.objects.filter(
                identity=id_membership.identity,
                key=c_key)
            if test_key_exists:
                logger.info("Conflicting Key Error: Key:%s Value:%s "
                            "Replacement:%s" %
                            (c_key, c_value, test_key_exists[0].value))
                # No Dupes... But should we really throw an Exception here?
                continue
            Credential.objects.get_or_create(
                identity=id_membership.identity,
                key=c_key,
                value=c_value)[0]
        # 3. Assign a different quota, if requested
        if quota:
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        elif max_quota:
            quota = Quota.max_quota()
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        if account_admin:
            admin = AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        # 5. Save the user to activate profile on first-time use
        user.save()
        # Return the identity
        return id_membership.identity
예제 #12
0
    def create_identity(cls,
                        username,
                        provider_location,
                        quota=None,
                        max_quota=False,
                        account_admin=False,
                        **kwarg_creds):
        """
        Create new User/Group & Identity for given provider_location
        NOTES:
        * kwargs prefixed with 'cred_' will be collected as credentials
        * Can assign optional flags:
          + max_quota - Assign the highest quota available, rather than
            default.
          + account_admin - Private Clouds only - This user should have ALL
            permissions including:
              * Image creation (Glance)
              * Account creation (Keystone)
              * Access to ALL instances launched over ALL users

          Atmosphere will run fine without an account_admin, but the above
          features will be disabled.
        """
        #Do not move up. ImportError.
        from core.models import Group, Credential, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)

        credentials = {}
        for (c_key, c_value) in kwarg_creds.items():
            if 'cred_' not in c_key.lower():
                continue
            c_key = c_key.replace('cred_', '')
            credentials[c_key] = c_value

        (user, group) = Group.create_usergroup(username)

        #NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = IdentityMembership.objects.filter(
            member__name=user.username,
            identity__provider=provider,
            identity__created_by__username=user.username)
        if not id_membership:
            default_allocation = Allocation.default_allocation()
            #1. Create an Identity Membership
            #DEV NOTE: I have a feeling that THIS line will mean
            #          creating a secondary identity for a user on a given
            #          provider will be difficult. We need to find a better
            #          workflow here..
            try:
                identity = Identity.objects.get(created_by=user,
                                                provider=provider)
            except Identity.DoesNotExist:
                new_uuid = uuid4()
                identity = Identity.objects.create(created_by=user,
                                                   provider=provider,
                                                   uuid=str(new_uuid))
            #Two-tuple, (Object, created)
            id_membership = IdentityMembership.objects.get_or_create(
                identity=identity,
                member=group,
                allocation=default_allocation,
                quota=Quota.default_quota())
        #Either first in list OR object from two-tuple.. Its what we need.
        id_membership = id_membership[0]

        #ID_Membership exists.

        #2. Make sure that all kwargs exist as credentials
        # NOTE: Because we assume only one identity per provider
        #       We can add new credentials to
        #       existing identities if missing..
        # In the future it will be hard to determine when we want to
        # update values on an identity Vs. create a second, new
        # identity.
        for (c_key, c_value) in credentials.items():
            test_key_exists = Credential.objects.filter(
                identity=id_membership.identity, key=c_key)
            if test_key_exists:
                logger.info("Conflicting Key Error: Key:%s Value:%s "
                            "Replacement:%s" %
                            (c_key, c_value, test_key_exists[0].value))
                #No Dupes... But should we really throw an Exception here?
                continue
            Credential.objects.get_or_create(identity=id_membership.identity,
                                             key=c_key,
                                             value=c_value)[0]
        #3. Assign a different quota, if requested
        if quota:
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        elif max_quota:
            quota = Quota.max_quota()
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        if account_admin:
            admin = AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        #5. Save the user to activate profile on first-time use
        user.save()
        #Return the identity
        return id_membership.identity