def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) req_table = dict() prj_res_table = dict() for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): if not p_req.project.projectid in req_table: req_table[p_req.project.projectid] = list() uname = p_req.registration.username email = self.get_email(None, None, p_req.registration) req_table[p_req.project.projectid].append((uname, email)) prj_res_table[ p_req.project.projectid] = p_req.project.projectname admin_table = dict() prjman_roleid = get_prjman_roleid(keystone_client) for prj_id in req_table: q_args = {'scope.project.id': prj_id, 'role.id': prjman_roleid} for assign in super( RoleAssignmentManager, keystone_client.role_assignments).list(**q_args): email = self.get_email(keystone_client, assign.user['id'], None) if not email in admin_table: admin_table[email] = list() admin_table[email].append(prj_id) for email in admin_table: for prj_id in admin_table[email]: noti_params = { 'pendingreqs': req_table[prj_id], 'project': prj_res_table[prj_id] } noti_sbj, noti_body = notification_render( SUBSCR_REMINDER, noti_params) notifyUsers(email, noti_sbj, noti_body) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) req_table = dict() prj_res_table = dict() for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): if not p_req.project.projectid in req_table: req_table[p_req.project.projectid] = list() uname = p_req.registration.username email = self.get_email(None, None, p_req.registration) req_table[p_req.project.projectid].append((uname, email)) prj_res_table[p_req.project.projectid] = p_req.project.projectname admin_table = dict() prjman_roleid = get_prjman_roleid(keystone_client) for prj_id in req_table: q_args = { 'scope.project.id' : prj_id, 'role.id' : prjman_roleid } for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args): email = self.get_email(keystone_client, assign.user['id'], None) if not email in admin_table: admin_table[email] = list() admin_table[email].append(prj_id) for email in admin_table: for prj_id in admin_table[email]: noti_params = { 'pendingreqs' : req_table[prj_id], 'project' : prj_res_table[prj_id] } noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params) notifyUsers(email, noti_sbj, noti_body) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() exp_date = now + timedelta(config.cron_renewd) LOG.info("Checking for renewal after %s" % str(exp_date)) keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) q_args = { 'expdate__lte' : exp_date, 'expdate__gt' : now } exp_members = Expiration.objects.filter(**q_args) prjman_roleid = get_prjman_roleid(keystone_client) except: LOG.error("Request for renewal failed", exc_info=True) raise CommandError("Request for renewal failed") with transaction.atomic(): for e_item in exp_members: # # TODO check API # try: is_prj_admin = keystone_client.roles.check(prjman_roleid, e_item.registration.userid, None, None, e_item.project.projectid) except: is_prj_admin = False try: q_args = { 'registration' : e_item.registration, 'project' : e_item.project, 'flowstatus__in' : [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ] } if len(PrjRequest.objects.filter(**q_args)) == 0: reqArgs = { 'registration' : e_item.registration, 'project' : e_item.project, 'flowstatus' : PSTATUS_RENEW_ADMIN if is_prj_admin else PSTATUS_RENEW_MEMB } PrjRequest(**reqArgs).save() LOG.info("Issued renewal for %s" % e_item.registration.username) except: LOG.error("Check expiration failed for", exc_info=True) raise CommandError("Check expiration failed")
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client( username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list( user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list( reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client(username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list(user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj ).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list(reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() exp_date = now + timedelta(config.cron_renewd) LOG.info("Checking for renewal after %s" % str(exp_date)) keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) q_args = {'expdate__lte': exp_date, 'expdate__gt': now} exp_members = Expiration.objects.filter(**q_args) prjman_roleid = get_prjman_roleid(keystone_client) except: LOG.error("Request for renewal failed", exc_info=True) raise CommandError("Request for renewal failed") with transaction.atomic(): for e_item in exp_members: # # TODO check API # try: is_prj_admin = keystone_client.roles.check( prjman_roleid, e_item.registration.userid, None, None, e_item.project.projectid) except: is_prj_admin = False try: q_args = { 'registration': e_item.registration, 'project': e_item.project, 'flowstatus__in': [PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB] } if len(PrjRequest.objects.filter(**q_args)) == 0: reqArgs = { 'registration': e_item.registration, 'project': e_item.project, 'flowstatus': PSTATUS_RENEW_ADMIN if is_prj_admin else PSTATUS_RENEW_MEMB } PrjRequest(**reqArgs).save() LOG.info("Issued renewal for %s" % e_item.registration.username) except: LOG.error("Check expiration failed for", exc_info=True) raise CommandError("Check expiration failed")
def handle(self, *args, **options): super(Command, self).handle(options) LOG.info("Checking expired users") try: keystone_client = client.Client( username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, cacert=self.config.cron_ca, auth_url=self.config.cron_kurl) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() exp_date = datetime.now() - timedelta(self.config.cron_defer) for mem_item in Expiration.objects.filter(expdate__lt=exp_date): username = mem_item.registration.username userid = mem_item.registration.userid prjname = mem_item.project.projectname prjid = mem_item.project.projectid updated_prjs.add(prjid) try: with transaction.atomic(): tmpres = EMail.objects.filter( registration=mem_item.registration) user_mail = tmpres[0].email if len(tmpres) else None q_args = { 'registration': mem_item.registration, 'project': mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() arg_dict = {'project': prjid, 'user': userid} for r_item in keystone_client.role_assignments.list( **arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (username, prjid)) noti_params = {'username': username, 'project': prjname} notifyUser(user_mail, USER_EXPIRED_TYPE, noti_params, project_id=prjid, dst_user_id=userid) # # TODO notify project admins # except: LOG.error("Check expiration failed for %s" % username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: if PrjRole.objects.filter(project__projectid=prj_id).count() == 0: try: keystone_client.roles.grant(prjman_roleid, user=cloud_adminid, project=prj_id) LOG.info("Cloud Administrator as admin for %s" % prj_id) noti_params = { 'project': prj_id, 's_role': 'None', 'd_role': 'project_manager' } notifyAdmin(CHANGED_MEMBER_ROLE, noti_params, dst_user_id=prj_id) except: LOG.error("Cannot set super admin for %s" % username, exc_info=True)
def handle(self, *args, **options): configure_log(options) config = configure_app(options) LOG.info("Checking expired users") try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) exp_date = datetime.now() - timedelta(config.cron_defer) exp_members = Expiration.objects.filter(expdate__lt=exp_date) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() for mem_item in exp_members: updated_prjs.add(mem_item.project.projectid) LOG.debug("Expired %s for %s" % \ (mem_item.registration.username, mem_item.project.projectname)) try: with transaction.atomic(): q_args = { 'registration' : mem_item.registration, 'project' : mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() arg_dict = { 'project' : mem_item.project.projectid, 'user' : mem_item.registration.userid } for r_item in keystone_client.role_assignments.list(**arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (mem_item.registration.username, mem_item.project.projectid)) # # TODO missing notification # except: LOG.error("Check expiration failed for %s" % mem_item.registration.username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: try: url = '/role_assignments?scope.project.id=%s&role.id=%s' resp, body = keystone_client.get(url % (prj_id, prjman_roleid)) if len(body['role_assignments']) == 0: keystone_client.roles.grant(prjman_roleid, user = cloud_adminid, project = prj_id ) LOG.info("Cloud Administrator as admin for %s" % prj_id) except: # # TODO notify error to cloud admin # LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
def handle(self, *args, **options): configure_log(options) config = configure_app(options) LOG.info("Checking expired users") try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) exp_date = datetime.now() - timedelta(config.cron_defer) exp_members = Expiration.objects.filter(expdate__lt=exp_date) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() for mem_item in exp_members: updated_prjs.add(mem_item.project.projectid) LOG.debug("Expired %s for %s" % \ (mem_item.registration.username, mem_item.project.projectname)) try: with transaction.atomic(): q_args = { 'registration': mem_item.registration, 'project': mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() arg_dict = { 'project': mem_item.project.projectid, 'user': mem_item.registration.userid } for r_item in keystone_client.role_assignments.list( **arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (mem_item.registration.username, mem_item.project.projectid)) # # TODO missing notification # except: LOG.error("Check expiration failed for %s" % mem_item.registration.username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: try: url = '/role_assignments?scope.project.id=%s&role.id=%s' resp, body = keystone_client.get(url % (prj_id, prjman_roleid)) if len(body['role_assignments']) == 0: keystone_client.roles.grant(prjman_roleid, user=cloud_adminid, project=prj_id) LOG.info("Cloud Administrator as admin for %s" % prj_id) except: # # TODO notify error to cloud admin # LOG.error("No tenant admin for %s" % prj_id, exc_info=True)