예제 #1
0
 def make_superuser(cls, core_group, quota=None):
     from core.models import Quota
     if not quota:
         quota = Quota.max_quota()
     account_providers = AccountProvider.objects.distinct('provider')
     for acct in account_providers:
         acct.share_with(core_group)
예제 #2
0
 def make_superuser(cls, core_group, quota=None):
     from core.models import Quota
     if not quota:
         quota = Quota.max_quota()
     account_providers = AccountProvider.objects.distinct('provider')
     for acct in account_providers:
         acct.share_with(core_group)
예제 #3
0
    def share(self, core_group, quota=None):
        """
        """
        from core.models import IdentityMembership, ProviderMembership, Quota, Allocation
        existing_membership = IdentityMembership.objects.filter(
            member=core_group, identity=self)
        if existing_membership:
            return existing_membership[0]

        #User does not already have membership - Check for provider membership
        prov_membership = ProviderMembership.objects.filter(
            member=core_group, provider=self.provider)
        if not prov_membership:
            raise Exception("Cannot share identity membership before the"
                            " provider is shared")

        #Ready to create new membership for this group
        if not quota:
            quota = Quota.default_quota()
        allocation = Allocation.default_allocation()
        new_membership = IdentityMembership.objects.get_or_create(
            member=core_group,
            identity=self,
            quota=quota,
            allocation=allocation)[0]
        return new_membership
예제 #4
0
def create_admin(provider, admin_info):

    REQUIRED_FIELDS = ["username", "password", "tenant"]

    if not has_fields(admin_info, REQUIRED_FIELDS):
        print "Please add missing admin information."
        sys.exit(1)

    username = admin_info["username"]
    password = admin_info["password"]
    tenant = admin_info["tenant"]

    (user, group) = Group.create_usergroup(username)

    try:
        new_identity = Identity.objects.get(
            provider=provider, created_by=user
        )    # FIXME: This will need to be more explicit, look for AccountProvider?
    except Identity.DoesNotExist:
        new_identity = Identity.objects.create(
            provider=provider, created_by=user, quota=Quota.default_quota()
        )
    new_identity.credential_set.get_or_create(key='key', value=username)
    new_identity.credential_set.get_or_create(key='secret', value=password)
    new_identity.credential_set.get_or_create(
        key='ex_tenant_name', value=tenant
    )
    new_identity.credential_set.get_or_create(
        key='ex_project_name', value=tenant
    )

    quota = Quota.objects.filter(**Quota.default_dict()).first()
    if not quota:
        quota = Quota.default_quota()
    # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
    # Necessary for save hooks -- Default project, select an identity
    user.save()

    AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity
    )
    IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group
    )

    return new_identity
예제 #5
0
    def _validate_quota(self, data):
        quota_uuid = data.get('quota', '')
        if not quota_uuid:
            return Quota.default_quota()

        quota = Quota.objects.filter(uuid=quota_uuid).first()
        if not quota:
            raise serializers.ValidationError(
                "Quota '%s' not found" % quota_uuid)
        return quota
예제 #6
0
def _new_mock_identity_member(username, provider):
    # Mock a user and an identity..
    mock_user = AtmosphereUser.objects.get_or_create(username=username)[0]
    mock_group = Group.objects.get_or_create(name=username)[0]
    mock_quota = Quota.default_quota()
    mock_identity = Identity.objects.get_or_create(
        created_by=mock_user, quota=mock_quota, provider=provider
    )[0]
    mock_identity_member = IdentityMembership.objects.get_or_create(
        identity=mock_identity, member=mock_group
    )[0]
    return mock_identity_member
예제 #7
0
def create_admin(provider, admin_info):
    REQUIRED_FIELDS = ["username", "password", "tenant"]

    if not has_fields(admin_info, REQUIRED_FIELDS):
        print "Please add missing admin information."
        sys.exit(1)

    username = admin_info["username"]
    password = admin_info["password"]
    tenant = admin_info["tenant"]

    (user, group) = Group.create_usergroup(username)

    new_identity = Identity.objects.get_or_create(provider=provider,
                                                  created_by=user)[0]
    new_identity.credential_set.get_or_create(key='key',
                                              value=username)
    new_identity.credential_set.get_or_create(key='secret',
                                              value=password)
    new_identity.credential_set.get_or_create(key='ex_tenant_name',
                                              value=tenant)
    new_identity.credential_set.get_or_create(key='ex_project_name',
                                              value=tenant)

    quota = Quota.objects.filter(**Quota.default_dict()).first()
    if not quota:
        quota = Quota.default_quota()
    # TODO: Test why we do this here and not AFTER creating AccountProvider/IdentityMembership -- Then label the rationale.
    # Necessary for save hooks -- Default project, select an identity
    user.save()

    AccountProvider.objects.get_or_create(
        provider=provider, identity=new_identity)
    IdentityMembership.objects.get_or_create(
        identity=new_identity, member=group, quota=quota)

    return new_identity
예제 #8
0
    def share(self, core_group, quota=None):
        """
        """
        from core.models import IdentityMembership, Quota, Allocation
        existing_membership = IdentityMembership.objects.filter(
            member=core_group, identity=self)
        if existing_membership:
            return existing_membership[0]


        #Ready to create new membership for this group
        if not quota:
            quota = Quota.default_quota()
        allocation = Allocation.default_allocation()
        new_membership = IdentityMembership.objects.get_or_create(
            member=core_group, identity=self, quota=quota, allocation=allocation)[0]
        return new_membership
예제 #9
0
    def share(self, core_group, quota=None):
        """
        """
        from core.models import IdentityMembership, Quota, Allocation
        existing_membership = IdentityMembership.objects.filter(
            member=core_group, identity=self)
        if existing_membership:
            return existing_membership[0]

        #Ready to create new membership for this group
        if not quota:
            quota = Quota.default_quota()
        allocation = Allocation.default_allocation()
        new_membership = IdentityMembership.objects.get_or_create(
            member=core_group,
            identity=self,
            quota=quota,
            allocation=allocation)[0]
        return new_membership
예제 #10
0
    def share(self, core_group, quota=None):
        """
        """
        from core.models import IdentityMembership, ProviderMembership, Quota, Allocation

        existing_membership = IdentityMembership.objects.filter(member=core_group, identity=self)
        if existing_membership:
            return existing_membership[0]

        # User does not already have membership - Check for provider membership
        prov_membership = ProviderMembership.objects.filter(member=core_group, provider=self.provider)
        if not prov_membership:
            raise Exception("Cannot share identity membership before the" " provider is shared")

        # Ready to create new membership for this group
        if not quota:
            quota = Quota.default_quota()
        allocation = Allocation.default_allocation()
        new_membership = IdentityMembership.objects.get_or_create(
            member=core_group, identity=self, quota=quota, allocation=allocation
        )[0]
        return new_membership
예제 #11
0
    def create_identity(cls, username, provider_location,
                        quota=None,
                        max_quota=False, account_admin=False, **kwarg_creds):
        """
        Create new User/Group & Identity for given provider_location
        NOTES:
        * kwargs prefixed with 'cred_' will be collected as credentials
        * Can assign optional flags:
          + max_quota - Assign the highest quota available, rather than
            default.
          + account_admin - Private Clouds only - This user should have ALL
            permissions including:
              * Image creation (Glance)
              * Account creation (Keystone)
              * Access to ALL instances launched over ALL users

          Atmosphere will run fine without an account_admin, but the above
          features will be disabled.
        """
        # Do not move up. ImportError.
        from core.models import Group, Credential, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)

        credentials = {}
        for (c_key, c_value) in kwarg_creds.items():
            if 'cred_' not in c_key.lower():
                continue
            c_key = c_key.replace('cred_', '')
            credentials[c_key] = c_value

        (user, group) = Group.create_usergroup(username)

        # NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = IdentityMembership.objects.filter(
            member__name=user.username,
            identity__provider=provider,
            identity__created_by__username=user.username)
        if not id_membership:
            default_allocation = Allocation.default_allocation()
            # 1. Create an Identity Membership
            # DEV NOTE: I have a feeling that THIS line will mean
            #          creating a secondary identity for a user on a given
            #          provider will be difficult. We need to find a better
            #          workflow here..
            try:
                identity = Identity.objects.get(created_by=user,
                                                provider=provider)
            except Identity.DoesNotExist:
                new_uuid = uuid4()
                identity = Identity.objects.create(
                    created_by=user,
                    provider=provider,
                    uuid=str(new_uuid))
            id_membership = IdentityMembership.objects.get_or_create(
                identity=identity,
                member=group,
                allocation=default_allocation,
                quota=Quota.default_quota())
        # Either first in list OR object from two-tuple.. Its what we need.
        id_membership = id_membership[0]

        # ID_Membership exists.

        # 2. Make sure that all kwargs exist as credentials
        # NOTE: Because we assume only one identity per provider
        #       We can add new credentials to
        #       existing identities if missing..
        # In the future it will be hard to determine when we want to
        # update values on an identity Vs. create a second, new
        # identity.
        for (c_key, c_value) in credentials.items():
            test_key_exists = Credential.objects.filter(
                identity=id_membership.identity,
                key=c_key)
            if test_key_exists:
                logger.info("Conflicting Key Error: Key:%s Value:%s "
                            "Replacement:%s" %
                            (c_key, c_value, test_key_exists[0].value))
                # No Dupes... But should we really throw an Exception here?
                continue
            Credential.objects.get_or_create(
                identity=id_membership.identity,
                key=c_key,
                value=c_value)[0]
        # 3. Assign a different quota, if requested
        if quota:
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        elif max_quota:
            quota = Quota.max_quota()
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        if account_admin:
            admin = AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        # 5. Save the user to activate profile on first-time use
        user.save()
        # Return the identity
        return id_membership.identity
예제 #12
0
    def create_identity(cls,
                        username,
                        provider_location,
                        quota=None,
                        max_quota=False,
                        account_admin=False,
                        **kwarg_creds):
        """
        Create new User/Group & Identity for given provider_location
        NOTES:
        * kwargs prefixed with 'cred_' will be collected as credentials
        * Can assign optional flags:
          + max_quota - Assign the highest quota available, rather than
            default.
          + account_admin - Private Clouds only - This user should have ALL
            permissions including:
              * Image creation (Glance)
              * Account creation (Keystone)
              * Access to ALL instances launched over ALL users

          Atmosphere will run fine without an account_admin, but the above
          features will be disabled.
        """
        #Do not move up. ImportError.
        from core.models import Group, Credential, Quota,\
            Provider, AccountProvider, Allocation,\
            IdentityMembership

        provider = Provider.objects.get(location__iexact=provider_location)

        credentials = {}
        for (c_key, c_value) in kwarg_creds.items():
            if 'cred_' not in c_key.lower():
                continue
            c_key = c_key.replace('cred_', '')
            credentials[c_key] = c_value

        (user, group) = Group.create_usergroup(username)

        #NOTE: This specific query will need to be modified if we want
        # 2+ Identities on a single provider

        id_membership = IdentityMembership.objects.filter(
            member__name=user.username,
            identity__provider=provider,
            identity__created_by__username=user.username)
        if not id_membership:
            default_allocation = Allocation.default_allocation()
            #1. Create an Identity Membership
            #DEV NOTE: I have a feeling that THIS line will mean
            #          creating a secondary identity for a user on a given
            #          provider will be difficult. We need to find a better
            #          workflow here..
            try:
                identity = Identity.objects.get(created_by=user,
                                                provider=provider)
            except Identity.DoesNotExist:
                new_uuid = uuid4()
                identity = Identity.objects.create(created_by=user,
                                                   provider=provider,
                                                   uuid=str(new_uuid))
            #Two-tuple, (Object, created)
            id_membership = IdentityMembership.objects.get_or_create(
                identity=identity,
                member=group,
                allocation=default_allocation,
                quota=Quota.default_quota())
        #Either first in list OR object from two-tuple.. Its what we need.
        id_membership = id_membership[0]

        #ID_Membership exists.

        #2. Make sure that all kwargs exist as credentials
        # NOTE: Because we assume only one identity per provider
        #       We can add new credentials to
        #       existing identities if missing..
        # In the future it will be hard to determine when we want to
        # update values on an identity Vs. create a second, new
        # identity.
        for (c_key, c_value) in credentials.items():
            test_key_exists = Credential.objects.filter(
                identity=id_membership.identity, key=c_key)
            if test_key_exists:
                logger.info("Conflicting Key Error: Key:%s Value:%s "
                            "Replacement:%s" %
                            (c_key, c_value, test_key_exists[0].value))
                #No Dupes... But should we really throw an Exception here?
                continue
            Credential.objects.get_or_create(identity=id_membership.identity,
                                             key=c_key,
                                             value=c_value)[0]
        #3. Assign a different quota, if requested
        if quota:
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        elif max_quota:
            quota = Quota.max_quota()
            id_membership.quota = quota
            id_membership.allocation = None
            id_membership.save()
        if account_admin:
            admin = AccountProvider.objects.get_or_create(
                provider=id_membership.identity.provider,
                identity=id_membership.identity)[0]

        #5. Save the user to activate profile on first-time use
        user.save()
        #Return the identity
        return id_membership.identity