def create(self, validated_data): username = validated_data['atmo_user'] groupname = validated_data['atmo_group'] atmo_user, atmo_group = Group.create_usergroup(username, groupname) provider = validated_data['provider'] provider_type = provider.get_type_name().lower() if provider_type == 'openstack': new_identity = self.create_openstack_identity( atmo_user, provider, validated_data ) else: raise Exception( "Cannot create accounts for provider of type %s" % provider_type ) # Always share identity with group (To enable Troposphere access) new_identity.share(atmo_group) admin_account = validated_data['admin_account'] if admin_account: AccountProvider.objects.get_or_create( provider=new_identity.provider, identity=new_identity ) # TODO: When the refactor of rtwo/get_esh_driver is complete, # validate_identity should be call-able without the django model (to # avoid create-then-delete) validate_identity(new_identity) return new_identity
def create_admin(provider): print "What is the username of the provider admin?" username_select = raw_input("username of provider admin: ") print "What is the password of the provider admin?" password_select = raw_input("password of provider admin: ") print "What is the tenant_name of the provider admin?" tenant_name_select = raw_input("tenant_name of provider admin: ") (user, group) = Group.create_usergroup(username_select) new_identity = Identity.objects.get_or_create(provider=provider, created_by=user)[0] new_identity.credential_set.get_or_create(key='key', value=username_select) new_identity.credential_set.get_or_create(key='secret', value=password_select) new_identity.credential_set.get_or_create(key='ex_tenant_name', value=tenant_name_select) new_identity.credential_set.get_or_create(key='ex_project_name', value=tenant_name_select) prov_membership = ProviderMembership.objects.get_or_create( provider=provider, member=group)[0] #TODO: Create quota if none exists quota = Quota.objects.all()[0] #Necessary for save hooks -- Default project, select an identity user.save() admin = AccountProvider.objects.get_or_create(provider=provider, identity=new_identity)[0] id_membership = IdentityMembership.objects.get_or_create( identity=new_identity, member=group, quota=quota)[0] return new_identity
def create_admin(provider): print "What is the username of the provider admin?" username_select = raw_input("username of provider admin: ") print "What is the password of the provider admin?" password_select = raw_input("password of provider admin: ") print "What is the tenant_name of the provider admin?" tenant_name_select = raw_input("tenant_name of provider admin: ") (user, group) = Group.create_usergroup(username_select) new_identity = Identity.objects.get_or_create(provider=provider, created_by=user)[0] new_identity.credential_set.get_or_create(key='key', value=username_select) new_identity.credential_set.get_or_create(key='secret', value=password_select) new_identity.credential_set.get_or_create(key='ex_tenant_name', value=tenant_name_select) new_identity.credential_set.get_or_create(key='ex_project_name', value=tenant_name_select) prov_membership = ProviderMembership.objects.get_or_create( provider=provider, member=group)[0] #TODO: Create quota if none exists quota = Quota.objects.all()[0] #Necessary for save hooks -- Default project, select an identity user.save() admin = AccountProvider.objects.get_or_create( provider=provider, identity=new_identity)[0] id_membership = IdentityMembership.objects.get_or_create( identity=new_identity, member=group, quota=quota)[0] return new_identity
def create(self, validated_data): username = validated_data['atmo_user'] groupname = validated_data['atmo_group'] atmo_user, atmo_group = Group.create_usergroup( username, groupname) provider = validated_data['provider'] provider_type = provider.get_type_name().lower() if provider_type == 'openstack': new_identity = self.create_openstack_identity(atmo_user, provider, validated_data) else: raise Exception("Cannot create accounts for provider of type %s" % provider_type) # Always share identity with group (To enable Troposphere access) new_identity.share(atmo_group) admin_account = validated_data['admin_account'] if admin_account: AccountProvider.objects.get_or_create( provider=new_identity.provider, identity=new_identity) # TODO: When the refactor of rtwo/get_esh_driver is complete, validate_identity should be call-able without the django model (to avoid create-then-delete) validate_identity(new_identity) return new_identity
def build_account( cls, account_user, group_name, username, provider_location, quota=None, allocation=None, is_leader=False, max_quota=False, account_admin=False, **kwarg_creds ): """ DEPRECATED: POST to v2/identities API to create an identity. """ # Do not move up. ImportError. from core.models import Group, Quota, Provider, AccountProvider provider = Provider.objects.get(location__iexact=provider_location) credentials = cls._kwargs_to_credentials(kwarg_creds) if not quota: quota = Quota.default_quota() #DEV NOTE: 'New' identities are expected to have a router name directly assigned # upon creation. If the value is not passed in, we can ask the provider to select # the router with the least 'usage' to ensure an "eventually consistent" distribution # of users->routers. topologyClsName = provider.get_config( 'network', 'topology', raise_exc=False ) if topologyClsName == 'External Router Topology' and 'router_name' not in credentials: credentials['router_name'] = provider.select_router() (user, group) = Group.create_usergroup(account_user, group_name, is_leader) identity = cls._get_identity(user, group, provider, quota, credentials) # NOTE: This specific query will need to be modified if we want # 2+ Identities on a single provider id_membership = identity.share(group, allocation=allocation) # ID_Membership exists. # 3. Assign admin account, if requested if account_admin: AccountProvider.objects.get_or_create( provider=id_membership.identity.provider, identity=id_membership.identity )[0] # 4. Save the user to activate profile on first-time use # FIXME: only call .save() if 'no profile' test is True. # TODO: write a 'no profile' test f() user.save() # Return the identity return identity
def build_account(cls, account_user, group_name, username, provider_location, quota=None, allocation=None, is_leader=False, max_quota=False, account_admin=False, **kwarg_creds): """ DEPRECATED: POST to v2/identities API to create an identity. """ # Do not move up. ImportError. from core.models import Group, Quota,\ Provider, AccountProvider, Allocation,\ IdentityMembership provider = Provider.objects.get(location__iexact=provider_location) credentials = cls._kwargs_to_credentials(kwarg_creds) if not quota: quota = Quota.default_quota() #DEV NOTE: 'New' identities are expected to have a router name directly assigned # upon creation. If the value is not passed in, we can ask the provider to select # the router with the least 'usage' to ensure an "eventually consistent" distribution # of users->routers. topologyClsName = provider.get_config('network', 'topology', raise_exc=False) if topologyClsName == 'External Router Topology' and 'router_name' not in credentials: credentials['router_name'] = provider.select_router() (user, group) = Group.create_usergroup(account_user, group_name, is_leader) identity = cls._get_identity(user, group, provider, quota, credentials) # NOTE: This specific query will need to be modified if we want # 2+ Identities on a single provider id_membership = identity.share(group, allocation=allocation) # ID_Membership exists. # 3. Assign admin account, if requested if account_admin: AccountProvider.objects.get_or_create( provider=id_membership.identity.provider, identity=id_membership.identity)[0] # 4. Save the user to activate profile on first-time use # FIXME: only call .save() if 'no profile' test is True. # TODO: write a 'no profile' test f() user.save() # Return the identity return identity
def create_identity(cls, username, provider_location, quota=None, allocation=None, max_quota=False, account_admin=False, **kwarg_creds): """ Create new User/Group & Identity for given provider_location NOTES: * kwargs prefixed with 'cred_' will be collected as credentials * Can assign optional flags: + max_quota - Assign the highest quota available, rather than default. + account_admin - Private Clouds only - This user should have ALL permissions including: * Image creation (Glance) * Account creation (Keystone) * Access to ALL instances launched over ALL users Atmosphere will run fine without an account_admin, but the above features will be disabled. """ # Do not move up. ImportError. from core.models import Group, Quota,\ Provider, AccountProvider, Allocation,\ IdentityMembership provider = Provider.objects.get(location__iexact=provider_location) credentials = cls._kwargs_to_credentials(kwarg_creds) #DEV NOTE: 'New' identities are expected to have a router name directly assigned # upon creation. If the value is not passed in, we can ask the provider to select # the router with the least 'usage' to ensure an "eventually consistent" distribution # of users->routers. if 'router_name' not in credentials: credentials['router_name'] = provider.select_router() (user, group) = Group.create_usergroup(username) identity = cls._get_identity(user, group, provider, credentials) # NOTE: This specific query will need to be modified if we want # 2+ Identities on a single provider id_membership = identity.share(group, quota=quota, allocation=allocation) # ID_Membership exists. # 3. Assign admin account, if requested if account_admin: AccountProvider.objects.get_or_create( provider=id_membership.identity.provider, identity=id_membership.identity)[0] # 4. Save the user to activate profile on first-time use # FIXME: only call .save() if 'no profile' test is True. # TODO: write a 'no profile' test f() user.save() # Return the identity return identity
def create_admin(provider): print "What is the username of the provider admin?" username_select = raw_input("username of provider admin: ") print "What is the password of the provider admin?" password_select = raw_input("password of provider admin: ") print "What is the tenant_name of the provider admin?" tenant_name_select = raw_input("tenant_name of provider admin: ") print "What is the admin_url of the provider admin?" admin_url_select = raw_input("admin_url of provider admin: ") print "What is the auth_url of the provider admin?" auth_url_select = raw_input("auth_url of provider admin: ") print "What is the router_name of the provider admin?" router_name_select = raw_input("router_name of provider admin: ") print "What is the region_name of the provider admin?" region_name_select = raw_input("region_name of provider admin: ") (user, group) = Group.create_usergroup(username_select) new_identity = Identity.objects.get_or_create(provider=provider, created_by=user)[0] new_identity.credential_set.get_or_create(key='key', value=username_select) new_identity.credential_set.get_or_create(key='secret', value=password_select) new_identity.credential_set.get_or_create(key='ex_tenant_name', value=tenant_name_select) new_identity.credential_set.get_or_create(key='ex_project_name', value=tenant_name_select) provider.providercredential_set.get_or_create(key='admin_url', value=admin_url_select) provider.providercredential_set.get_or_create(key='auth_url', value=auth_url_select) provider.providercredential_set.get_or_create(key='router_name', value=router_name_select) provider.providercredential_set.get_or_create(key='region_name', value=region_name_select) prov_membership = ProviderMembership.objects.get_or_create( provider=provider, member=group)[0] quota = Quota.objects.all()[0] user.save() admin = AccountProvider.objects.get_or_create( provider=provider, identity=new_identity)[0] id_membership = IdentityMembership.objects.get_or_create( identity=new_identity, member=group, quota=quota)[0] return new_identity
def create_admin(provider, admin_info): REQUIRED_FIELDS = ["username", "password", "tenant"] if not has_fields(admin_info, REQUIRED_FIELDS): print "Please add missing admin information." sys.exit(1) username = admin_info["username"] password = admin_info["password"] tenant = admin_info["tenant"] (user, group) = Group.create_usergroup(username) try: new_identity = Identity.objects.get( provider=provider, created_by=user ) # FIXME: This will need to be more explicit, look for AccountProvider? except Identity.DoesNotExist: new_identity = Identity.objects.create( provider=provider, created_by=user, quota=Quota.default_quota() ) new_identity.credential_set.get_or_create(key='key', value=username) new_identity.credential_set.get_or_create(key='secret', value=password) new_identity.credential_set.get_or_create( key='ex_tenant_name', value=tenant ) new_identity.credential_set.get_or_create( key='ex_project_name', value=tenant ) quota = Quota.objects.filter(**Quota.default_dict()).first() if not quota: quota = Quota.default_quota() # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale. # Necessary for save hooks -- Default project, select an identity user.save() AccountProvider.objects.get_or_create( provider=provider, identity=new_identity ) IdentityMembership.objects.get_or_create( identity=new_identity, member=group ) return new_identity
def create_admin(provider, admin_info): REQUIRED_FIELDS = ["username", "password", "tenant"] if not has_fields(admin_info, REQUIRED_FIELDS): print "Please add missing admin information." sys.exit(1) username = admin_info["username"] password = admin_info["password"] tenant = admin_info["tenant"] (user, group) = Group.create_usergroup(username) new_identity = Identity.objects.get_or_create(provider=provider, created_by=user)[0] new_identity.credential_set.get_or_create(key='key', value=username) new_identity.credential_set.get_or_create(key='secret', value=password) new_identity.credential_set.get_or_create(key='ex_tenant_name', value=tenant) new_identity.credential_set.get_or_create(key='ex_project_name', value=tenant) quota = Quota.objects.filter(**Quota.default_dict()).first() if not quota: quota = Quota.default_quota() # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale. # Necessary for save hooks -- Default project, select an identity user.save() AccountProvider.objects.get_or_create( provider=provider, identity=new_identity) IdentityMembership.objects.get_or_create( identity=new_identity, member=group, quota=quota) return new_identity
def create_identity(cls, username, provider_location, quota=None, max_quota=False, account_admin=False, **kwarg_creds): """ Create new User/Group & Identity for given provider_location NOTES: * kwargs prefixed with 'cred_' will be collected as credentials * Can assign optional flags: + max_quota - Assign the highest quota available, rather than default. + account_admin - Private Clouds only - This user should have ALL permissions including: * Image creation (Glance) * Account creation (Keystone) * Access to ALL instances launched over ALL users Atmosphere will run fine without an account_admin, but the above features will be disabled. """ # Do not move up. ImportError. from core.models import Group, Credential, Quota,\ Provider, AccountProvider, Allocation,\ IdentityMembership provider = Provider.objects.get(location__iexact=provider_location) credentials = {} for (c_key, c_value) in kwarg_creds.items(): if 'cred_' not in c_key.lower(): continue c_key = c_key.replace('cred_', '') credentials[c_key] = c_value (user, group) = Group.create_usergroup(username) # NOTE: This specific query will need to be modified if we want # 2+ Identities on a single provider id_membership = IdentityMembership.objects.filter( member__name=user.username, identity__provider=provider, identity__created_by__username=user.username) if not id_membership: default_allocation = Allocation.default_allocation() # 1. Create an Identity Membership # DEV NOTE: I have a feeling that THIS line will mean # creating a secondary identity for a user on a given # provider will be difficult. We need to find a better # workflow here.. try: identity = Identity.objects.get(created_by=user, provider=provider) except Identity.DoesNotExist: new_uuid = uuid4() identity = Identity.objects.create( created_by=user, provider=provider, uuid=str(new_uuid)) id_membership = IdentityMembership.objects.get_or_create( identity=identity, member=group, allocation=default_allocation, quota=Quota.default_quota()) # Either first in list OR object from two-tuple.. Its what we need. id_membership = id_membership[0] # ID_Membership exists. # 2. Make sure that all kwargs exist as credentials # NOTE: Because we assume only one identity per provider # We can add new credentials to # existing identities if missing.. # In the future it will be hard to determine when we want to # update values on an identity Vs. create a second, new # identity. for (c_key, c_value) in credentials.items(): test_key_exists = Credential.objects.filter( identity=id_membership.identity, key=c_key) if test_key_exists: logger.info("Conflicting Key Error: Key:%s Value:%s " "Replacement:%s" % (c_key, c_value, test_key_exists[0].value)) # No Dupes... But should we really throw an Exception here? continue Credential.objects.get_or_create( identity=id_membership.identity, key=c_key, value=c_value)[0] # 3. Assign a different quota, if requested if quota: id_membership.quota = quota id_membership.allocation = None id_membership.save() elif max_quota: quota = Quota.max_quota() id_membership.quota = quota id_membership.allocation = None id_membership.save() if account_admin: admin = AccountProvider.objects.get_or_create( provider=id_membership.identity.provider, identity=id_membership.identity)[0] # 5. Save the user to activate profile on first-time use user.save() # Return the identity return id_membership.identity
def create_identity(cls, username, provider_location, quota=None, max_quota=False, account_admin=False, **kwarg_creds): """ Create new User/Group & Identity for given provider_location NOTES: * kwargs prefixed with 'cred_' will be collected as credentials * Can assign optional flags: + max_quota - Assign the highest quota available, rather than default. + account_admin - Private Clouds only - This user should have ALL permissions including: * Image creation (Glance) * Account creation (Keystone) * Access to ALL instances launched over ALL users Atmosphere will run fine without an account_admin, but the above features will be disabled. """ #Do not move up. ImportError. from core.models import Group, Credential, Quota,\ Provider, AccountProvider, Allocation,\ IdentityMembership provider = Provider.objects.get(location__iexact=provider_location) credentials = {} for (c_key, c_value) in kwarg_creds.items(): if 'cred_' not in c_key.lower(): continue c_key = c_key.replace('cred_', '') credentials[c_key] = c_value (user, group) = Group.create_usergroup(username) #NOTE: This specific query will need to be modified if we want # 2+ Identities on a single provider id_membership = IdentityMembership.objects.filter( member__name=user.username, identity__provider=provider, identity__created_by__username=user.username) if not id_membership: default_allocation = Allocation.default_allocation() #1. Create an Identity Membership #DEV NOTE: I have a feeling that THIS line will mean # creating a secondary identity for a user on a given # provider will be difficult. We need to find a better # workflow here.. try: identity = Identity.objects.get(created_by=user, provider=provider) except Identity.DoesNotExist: new_uuid = uuid4() identity = Identity.objects.create(created_by=user, provider=provider, uuid=str(new_uuid)) #Two-tuple, (Object, created) id_membership = IdentityMembership.objects.get_or_create( identity=identity, member=group, allocation=default_allocation, quota=Quota.default_quota()) #Either first in list OR object from two-tuple.. Its what we need. id_membership = id_membership[0] #ID_Membership exists. #2. Make sure that all kwargs exist as credentials # NOTE: Because we assume only one identity per provider # We can add new credentials to # existing identities if missing.. # In the future it will be hard to determine when we want to # update values on an identity Vs. create a second, new # identity. for (c_key, c_value) in credentials.items(): test_key_exists = Credential.objects.filter( identity=id_membership.identity, key=c_key) if test_key_exists: logger.info("Conflicting Key Error: Key:%s Value:%s " "Replacement:%s" % (c_key, c_value, test_key_exists[0].value)) #No Dupes... But should we really throw an Exception here? continue Credential.objects.get_or_create(identity=id_membership.identity, key=c_key, value=c_value)[0] #3. Assign a different quota, if requested if quota: id_membership.quota = quota id_membership.allocation = None id_membership.save() elif max_quota: quota = Quota.max_quota() id_membership.quota = quota id_membership.allocation = None id_membership.save() if account_admin: admin = AccountProvider.objects.get_or_create( provider=id_membership.identity.provider, identity=id_membership.identity)[0] #5. Save the user to activate profile on first-time use user.save() #Return the identity return id_membership.identity