def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[
p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {'scope.project.id': prj_id, 'role.id': prjman_roleid}
for assign in super(
RoleAssignmentManager,
keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'],
None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs': req_table[prj_id],
'project': prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(
SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {
'scope.project.id' : prj_id,
'role.id' : prjman_roleid
}
for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'], None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs' : req_table[prj_id],
'project' : prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
exp_date = now + timedelta(config.cron_renewd)
LOG.info("Checking for renewal after %s" % str(exp_date))
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
q_args = {
'expdate__lte' : exp_date,
'expdate__gt' : now
}
exp_members = Expiration.objects.filter(**q_args)
prjman_roleid = get_prjman_roleid(keystone_client)
except:
LOG.error("Request for renewal failed", exc_info=True)
raise CommandError("Request for renewal failed")
with transaction.atomic():
for e_item in exp_members:
#
# TODO check API
#
try:
is_prj_admin = keystone_client.roles.check(prjman_roleid,
e_item.registration.userid,
None, None,
e_item.project.projectid)
except:
is_prj_admin = False
try:
q_args = {
'registration' : e_item.registration,
'project' : e_item.project,
'flowstatus__in' : [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ]
}
if len(PrjRequest.objects.filter(**q_args)) == 0:
reqArgs = {
'registration' : e_item.registration,
'project' : e_item.project,
'flowstatus' : PSTATUS_RENEW_ADMIN if is_prj_admin
else PSTATUS_RENEW_MEMB
}
PrjRequest(**reqArgs).save()
LOG.info("Issued renewal for %s" % e_item.registration.username)
except:
LOG.error("Check expiration failed for", exc_info=True)
raise CommandError("Check expiration failed")
def handle(self, *args, **options):
super(Command, self).handle(options)
try:
prj_dict = dict()
for prj_item in Project.objects.all():
if prj_item.projectid:
prj_dict[prj_item.projectid] = prj_item
#
# TODO define the user_domain_name and project_domain_name
#
keystone_client = client.Client(
username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
cacert=self.config.cron_ca,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
auth_url=self.config.cron_kurl)
LOG.info("Populating the expiration table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
for r_item in keystone_client.role_assignments.list(
user=reg_user.userid):
if not r_item.scope['project']['id'] in prj_dict:
LOG.info("Skipped unregistered project %s for %s" % \
(r_item.scope['project']['id'], reg_user.username))
curr_prj = prj_dict[r_item.scope['project']['id']]
if Expiration.objects.filter(
registration=reg_user,
project=curr_prj).count() > 0:
continue
prj_exp = Expiration()
prj_exp.registration = reg_user
prj_exp.project = curr_prj
prj_exp.expdate = reg_user.expdate
prj_exp.save()
LOG.info("Imported expiration for %s in %s: %s" % \
(reg_user.username, curr_prj.projectname, \
reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))
LOG.info("Populating the email table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
tmpres = keystone_client.users.get(reg_user.userid)
if not tmpres:
continue
if EMail.objects.filter(registration=reg_user).count() > 0:
continue
mail_obj = EMail()
mail_obj.registration = reg_user
mail_obj.email = tmpres.email
mail_obj.save()
LOG.info("Imported email for %s: %s" %
(reg_user.username, tmpres.email))
LOG.info("Populating the project roles table")
tnt_admin_roleid = get_prjman_roleid(keystone_client)
with transaction.atomic():
PrjRole.objects.all().delete()
prj_dict = dict()
for prj_obj in Project.objects.all():
prj_dict[prj_obj.projectid] = prj_obj
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
for role_obj in keystone_client.role_assignments.list(
reg_user.userid):
if role_obj.role['id'] == tnt_admin_roleid:
tmpprjid = role_obj.scope['project']['id']
prjRole = PrjRole()
prjRole.registration = reg_user
prjRole.project = prj_dict[tmpprjid]
prjRole.roleid = role_obj.role['id']
prjRole.save()
LOG.info("Imported admin %s for %s" %
(reg_user.username,
prj_dict[tmpprjid].projectname))
except:
LOG.error("Import failed", exc_info=True)
raise CommandError("Import failed")
def handle(self, *args, **options):
super(Command, self).handle(options)
try:
prj_dict = dict()
for prj_item in Project.objects.all():
if prj_item.projectid:
prj_dict[prj_item.projectid] = prj_item
#
# TODO define the user_domain_name and project_domain_name
#
keystone_client = client.Client(username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
cacert=self.config.cron_ca,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
auth_url=self.config.cron_kurl)
LOG.info("Populating the expiration table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
for r_item in keystone_client.role_assignments.list(user=reg_user.userid):
if not r_item.scope['project']['id'] in prj_dict:
LOG.info("Skipped unregistered project %s for %s" % \
(r_item.scope['project']['id'], reg_user.username))
curr_prj = prj_dict[r_item.scope['project']['id']]
if Expiration.objects.filter(
registration=reg_user,
project=curr_prj
).count() > 0:
continue
prj_exp = Expiration()
prj_exp.registration = reg_user
prj_exp.project = curr_prj
prj_exp.expdate = reg_user.expdate
prj_exp.save()
LOG.info("Imported expiration for %s in %s: %s" % \
(reg_user.username, curr_prj.projectname, \
reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))
LOG.info("Populating the email table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
tmpres = keystone_client.users.get(reg_user.userid)
if not tmpres:
continue
if EMail.objects.filter(registration=reg_user).count() > 0:
continue
mail_obj = EMail()
mail_obj.registration = reg_user
mail_obj.email = tmpres.email
mail_obj.save()
LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email))
LOG.info("Populating the project roles table")
tnt_admin_roleid = get_prjman_roleid(keystone_client)
with transaction.atomic():
PrjRole.objects.all().delete()
prj_dict = dict()
for prj_obj in Project.objects.all():
prj_dict[prj_obj.projectid] = prj_obj
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
for role_obj in keystone_client.role_assignments.list(reg_user.userid):
if role_obj.role['id'] == tnt_admin_roleid:
tmpprjid = role_obj.scope['project']['id']
prjRole = PrjRole()
prjRole.registration = reg_user
prjRole.project = prj_dict[tmpprjid]
prjRole.roleid = role_obj.role['id']
prjRole.save()
LOG.info("Imported admin %s for %s" % (reg_user.username,
prj_dict[tmpprjid].projectname))
except:
LOG.error("Import failed", exc_info=True)
raise CommandError("Import failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
exp_date = now + timedelta(config.cron_renewd)
LOG.info("Checking for renewal after %s" % str(exp_date))
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
q_args = {'expdate__lte': exp_date, 'expdate__gt': now}
exp_members = Expiration.objects.filter(**q_args)
prjman_roleid = get_prjman_roleid(keystone_client)
except:
LOG.error("Request for renewal failed", exc_info=True)
raise CommandError("Request for renewal failed")
with transaction.atomic():
for e_item in exp_members:
#
# TODO check API
#
try:
is_prj_admin = keystone_client.roles.check(
prjman_roleid, e_item.registration.userid, None, None,
e_item.project.projectid)
except:
is_prj_admin = False
try:
q_args = {
'registration': e_item.registration,
'project': e_item.project,
'flowstatus__in':
[PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB]
}
if len(PrjRequest.objects.filter(**q_args)) == 0:
reqArgs = {
'registration':
e_item.registration,
'project':
e_item.project,
'flowstatus':
PSTATUS_RENEW_ADMIN
if is_prj_admin else PSTATUS_RENEW_MEMB
}
PrjRequest(**reqArgs).save()
LOG.info("Issued renewal for %s" %
e_item.registration.username)
except:
LOG.error("Check expiration failed for", exc_info=True)
raise CommandError("Check expiration failed")
def handle(self, *args, **options):
super(Command, self).handle(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(
username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
cacert=self.config.cron_ca,
auth_url=self.config.cron_kurl)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
exp_date = datetime.now() - timedelta(self.config.cron_defer)
for mem_item in Expiration.objects.filter(expdate__lt=exp_date):
username = mem_item.registration.username
userid = mem_item.registration.userid
prjname = mem_item.project.projectname
prjid = mem_item.project.projectid
updated_prjs.add(prjid)
try:
with transaction.atomic():
tmpres = EMail.objects.filter(
registration=mem_item.registration)
user_mail = tmpres[0].email if len(tmpres) else None
q_args = {
'registration': mem_item.registration,
'project': mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
arg_dict = {'project': prjid, 'user': userid}
for r_item in keystone_client.role_assignments.list(
**arg_dict):
keystone_client.roles.revoke(r_item.role['id'],
**arg_dict)
LOG.info("Removed %s from %s" % (username, prjid))
noti_params = {'username': username, 'project': prjname}
notifyUser(user_mail,
USER_EXPIRED_TYPE,
noti_params,
project_id=prjid,
dst_user_id=userid)
#
# TODO notify project admins
#
except:
LOG.error("Check expiration failed for %s" % username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
if PrjRole.objects.filter(project__projectid=prj_id).count() == 0:
try:
keystone_client.roles.grant(prjman_roleid,
user=cloud_adminid,
project=prj_id)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
noti_params = {
'project': prj_id,
's_role': 'None',
'd_role': 'project_manager'
}
notifyAdmin(CHANGED_MEMBER_ROLE,
noti_params,
dst_user_id=prj_id)
except:
LOG.error("Cannot set super admin for %s" % username,
exc_info=True)
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
exp_date = datetime.now() - timedelta(config.cron_defer)
exp_members = Expiration.objects.filter(expdate__lt=exp_date)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
for mem_item in exp_members:
updated_prjs.add(mem_item.project.projectid)
LOG.debug("Expired %s for %s" % \
(mem_item.registration.username, mem_item.project.projectname))
try:
with transaction.atomic():
q_args = {
'registration' : mem_item.registration,
'project' : mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
arg_dict = {
'project' : mem_item.project.projectid,
'user' : mem_item.registration.userid
}
for r_item in keystone_client.role_assignments.list(**arg_dict):
keystone_client.roles.revoke(r_item.role['id'], **arg_dict)
LOG.info("Removed %s from %s" %
(mem_item.registration.username, mem_item.project.projectid))
#
# TODO missing notification
#
except:
LOG.error("Check expiration failed for %s" % mem_item.registration.username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
try:
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
if len(body['role_assignments']) == 0:
keystone_client.roles.grant(prjman_roleid,
user = cloud_adminid,
project = prj_id
)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
except:
#
# TODO notify error to cloud admin
#
LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
exp_date = datetime.now() - timedelta(config.cron_defer)
exp_members = Expiration.objects.filter(expdate__lt=exp_date)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
for mem_item in exp_members:
updated_prjs.add(mem_item.project.projectid)
LOG.debug("Expired %s for %s" % \
(mem_item.registration.username, mem_item.project.projectname))
try:
with transaction.atomic():
q_args = {
'registration': mem_item.registration,
'project': mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
arg_dict = {
'project': mem_item.project.projectid,
'user': mem_item.registration.userid
}
for r_item in keystone_client.role_assignments.list(
**arg_dict):
keystone_client.roles.revoke(r_item.role['id'],
**arg_dict)
LOG.info("Removed %s from %s" %
(mem_item.registration.username,
mem_item.project.projectid))
#
# TODO missing notification
#
except:
LOG.error("Check expiration failed for %s" %
mem_item.registration.username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
try:
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
if len(body['role_assignments']) == 0:
keystone_client.roles.grant(prjman_roleid,
user=cloud_adminid,
project=prj_id)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
except:
#
# TODO notify error to cloud admin
#
LOG.error("No tenant admin for %s" % prj_id, exc_info=True)
