Exemplos de Expiration.registration em Python

Exemplo n.º 1

Arquivo: forms.py Projeto: CloudPadovana/openstack-security-integrations

    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = REQID_REGEX.search(data['requestid'])

            with transaction.atomic():

                regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
                                                  usr_and_prj.group(2), data['newname'],
                                                  None, data['newdescr'])

                #
                # Creation of new tenant
                #
                prj_req = PrjRequest.objects.filter(
                    registration__regid = regid,
                    project__projectname = prjname
                )[0]
                
                project_name = prj_req.project.projectname
                user_id = prj_req.registration.userid
                
                kprj = keystone_api.tenant_create(request, project_name,
                                                    prj_req.project.description, True)
                prj_req.project.projectid = kprj.id
                prj_req.project.save()
                LOG.info("Created tenant %s" % project_name)
                
                #
                # The new user is the project manager of its tenant
                #
                prjRole = PrjRole()
                prjRole.registration = prj_req.registration
                prjRole.project = prj_req.project
                prjRole.roleid = tenantadmin_roleid
                prjRole.save()

                keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
                                                user_id, tenantadmin_roleid)


                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                #
                # Clear request
                #
                prj_req.delete()
                
                setup_new_project(request, kprj.id, project_name, data)

            #
            # Send notification to the user
            #
            tmpres = EMail.objects.filter(registration__userid=user_id)
            user_email = tmpres[0].email if tmpres else None

            noti_params = {
                'project' : project_name
            }

            notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params,
                       dst_project_id=kprj.id, dst_user_id=user_id)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True

Exemplo n.º 2

Arquivo: forms.py Projeto: CloudPadovana/openstack-security-integrations

    def handle(self, request, data):

        if not data['username']:
            messages.error(request, _("Cannot process request: missing username"))
            return False
        
        try:
                
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():

                registration = Registration.objects.get(regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(
                    registration=registration,
                    flowstatus=RSTATUS_PENDING
                )[0]
                    
                prjReqList = PrjRequest.objects.filter(registration=registration)

                password = reg_request.password
                if not password:
                    password = generate_pwd()
                
                user_email = reg_request.email

                #
                # Mapping of external accounts
                #
                is_local = True
                if reg_request.externalid:
                    mapping = UserMapping(globaluser=reg_request.externalid,
                                    registration=reg_request.registration)
                    mapping.save()
                    is_local = False
                    LOG.info("Registered external account %s" % reg_request.externalid)
                    
                #
                # Forward request to project administrators
                #
                q_args = {
                    'project__projectid__isnull' : False,
                    'flowstatus' : PSTATUS_REG
                }
                prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)

                #
                # Creation of new tenants
                #

                self.preprocess_prj(registration, data)

                new_prj_list = list()

                p_reqs = prjReqList.filter(
                    project__projectid__isnull = True,
                    flowstatus = PSTATUS_REG
                )
                if len(p_reqs):
                    newreq_prj = p_reqs[0].project
                    kprj = keystone_api.tenant_create(request, newreq_prj.projectname,
                                                        newreq_prj.description, True)
                    newreq_prj.projectid = kprj.id
                    newreq_prj.save()
                    new_prj_list.append(newreq_prj)

                    setup_new_project(request, kprj.id, newreq_prj.projectname, data)

                    LOG.info("Created tenant %s" % newreq_prj.projectname)
                
                #
                # User creation
                #
                if not registration.userid:
                    
                    kuser = keystone_api.user_create(request, 
                                                    name=registration.username,
                                                    password=password,
                                                    email=user_email,
                                                    enabled=True)
                        
                    if is_local:
                        registration.username = data['username']
                    registration.expdate = self.expiration
                    registration.userid = kuser.id
                    registration.save()
                    LOG.info("Created user %s" % registration.username)

                    mail_obj = EMail()
                    mail_obj.registration = registration
                    mail_obj.email = user_email
                    mail_obj.save()

                #
                # The new user is the project manager of its tenant
                # register the expiration date per tenant
                #
                for prj_item in new_prj_list:

                    expiration = Expiration()
                    expiration.registration = registration
                    expiration.project = prj_item
                    expiration.expdate = self.expiration
                    expiration.save()

                    prjRole = PrjRole()
                    prjRole.registration = registration
                    prjRole.project = prj_item
                    prjRole.roleid = tenantadmin_roleid
                    prjRole.save()

                    keystone_api.add_tenant_user_role(request, prj_item.projectid,
                                            registration.userid, tenantadmin_roleid)

                #
                # Send notifications to project administrators and users
                #
                for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
                
                    m_userids = get_prjman_ids(request, p_item.project.projectid)
                    tmpres = EMail.objects.filter(registration__userid__in=m_userids)
                    m_emails = [ x.email for x in tmpres ]                    

                    noti_params = {
                        'username' : data['username'],
                        'project' : p_item.project.projectname
                    }
                    notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params,
                                  dst_project_id=p_item.project.projectid)
                    
                    n2_params = {
                        'username' : p_item.registration.username,
                        'project' : p_item.project.projectname,
                        'prjadmins' : m_emails
                    }

                    notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params,
                               dst_project_id=p_item.project.projectid, dst_user_id=registration.userid)

                newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
                for p_item in newprj_reqs:
                    noti_params = {
                        'username' : p_item.registration.username,
                        'project' : p_item.project.projectname
                    }
                    notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params,
                               dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid)

                #
                # cache cleanup
                #
                newprj_reqs.delete()
                reg_request.delete()

                self.post_reminder(registration, user_email)

        except:
            LOG.error("Error pre-checking request", exc_info=True)
            messages.error(request, _("Cannot pre-check request"))
            return False

        return True

Exemplo n.º 3

Arquivo: forms.py Projeto: CloudPadovana/openstack-security-integrations

    def handle(self, request, data):
    
        try:
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = REQID_REGEX.search(data['requestid'])

            with transaction.atomic():
                q_args = {
                    'registration__regid' : int(usr_and_prj.group(1)),
                    'project__projectname' : usr_and_prj.group(2)
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                project_name = prj_req.project.projectname
                project_id = prj_req.project.projectid
                user_name = prj_req.registration.username
                user_id = prj_req.registration.userid
                
                keystone_api.add_tenant_user_role(request, project_id,
                                                user_id, default_roleid)

                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to project managers and users
            #
            tmpres = EMail.objects.filter(registration__userid=user_id)
            user_email = tmpres[0].email if tmpres else None
            
            m_userids = get_prjman_ids(request, project_id)
            tmpres = EMail.objects.filter(registration__userid__in=m_userids)
            m_emails = [ x.email for x in tmpres ]

            noti_params = {
                'username' : user_name,
                'project' : project_name
            }

            notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
                          dst_project_id=project_id)
            notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params,
                       dst_project_id=project_id, dst_user_id=user_id)
                
        except:
            LOG.error("Error forced-checking request", exc_info=True)
            messages.error(request, _("Cannot forced check request"))
            return False

        return True

Exemplo n.º 4

    def handle(self, request, data):

        try:
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = REQID_REGEX.search(data['requestid'])

            with transaction.atomic():
                q_args = {
                    'registration__regid': int(usr_and_prj.group(1)),
                    'project__projectname': usr_and_prj.group(2)
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]

                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                project_name = prj_req.project.projectname
                project_id = prj_req.project.projectid
                user_name = prj_req.registration.username
                user_id = prj_req.registration.userid

                keystone_api.add_tenant_user_role(request, project_id, user_id,
                                                  default_roleid)

                #
                # Enable reminder for cloud admin
                #
                RegRequest.objects.filter(registration=prj_req.registration,
                                          flowstatus=RSTATUS_REMINDER).update(
                                              flowstatus=RSTATUS_REMINDACK)

                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to project managers and users
            #
            tmpres = EMail.objects.filter(registration__userid=user_id)
            user_email = tmpres[0].email if tmpres else None

            m_userids = get_prjman_ids(request, project_id)
            tmpres = EMail.objects.filter(registration__userid__in=m_userids)
            m_emails = [x.email for x in tmpres]

            noti_params = {'username': user_name, 'project': project_name}

            notifyProject(request=self.request,
                          rcpt=m_emails,
                          action=SUBSCR_FORCED_OK_TYPE,
                          context=noti_params,
                          dst_project_id=project_id)
            notifyUser(request=self.request,
                       rcpt=user_email,
                       action=SUBSCR_OK_TYPE,
                       context=noti_params,
                       dst_project_id=project_id,
                       dst_user_id=user_id)

        except:
            LOG.error("Error forced-checking request", exc_info=True)
            messages.error(request, _("Cannot forced check request"))
            return False

        return True

Exemplo n.º 5

    def handle(self, request, data):

        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = REQID_REGEX.search(data['requestid'])

            with transaction.atomic():

                regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
                                                  usr_and_prj.group(2),
                                                  data['newname'], None,
                                                  data['newdescr'])

                #
                # Creation of new tenant
                #
                prj_req = PrjRequest.objects.filter(
                    registration__regid=regid, project__projectname=prjname)[0]

                project_name = prj_req.project.projectname
                user_id = prj_req.registration.userid

                kprj = keystone_api.tenant_create(request, project_name,
                                                  prj_req.project.description,
                                                  True)
                prj_req.project.projectid = kprj.id
                prj_req.project.save()
                LOG.info("Created tenant %s" % project_name)

                #
                # The new user is the project manager of its tenant
                #
                prjRole = PrjRole()
                prjRole.registration = prj_req.registration
                prjRole.project = prj_req.project
                prjRole.roleid = tenantadmin_roleid
                prjRole.save()

                keystone_api.add_tenant_user_role(request,
                                                  prj_req.project.projectid,
                                                  user_id, tenantadmin_roleid)

                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                #
                # Clear request
                #
                prj_req.delete()

                setup_new_project(request, kprj.id, project_name, data)

            #
            # Send notification to the user
            #
            tmpres = EMail.objects.filter(registration__userid=user_id)
            user_email = tmpres[0].email if tmpres else None

            noti_params = {'project': project_name}

            notifyUser(request=self.request,
                       rcpt=user_email,
                       action=PRJ_CREATE_TYPE,
                       context=noti_params,
                       dst_project_id=kprj.id,
                       dst_user_id=user_id)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True

Exemplo n.º 6

    def handle(self, *args, **options):

        super(Command, self).handle(options)

        try:

            prj_dict = dict()

            for prj_item in Project.objects.all():
                if prj_item.projectid:
                    prj_dict[prj_item.projectid] = prj_item

            #
            # TODO define the user_domain_name and project_domain_name
            #
            keystone_client = client.Client(
                username=self.config.cron_user,
                password=self.config.cron_pwd,
                project_name=self.config.cron_prj,
                cacert=self.config.cron_ca,
                user_domain_name=self.config.cron_domain,
                project_domain_name=self.config.cron_domain,
                auth_url=self.config.cron_kurl)

            LOG.info("Populating the expiration table")

            with transaction.atomic():
                for reg_user in Registration.objects.all():

                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" %
                                 reg_user.username)
                        continue

                    for r_item in keystone_client.role_assignments.list(
                            user=reg_user.userid):
                        if not r_item.scope['project']['id'] in prj_dict:
                            LOG.info("Skipped unregistered project %s for %s" % \
                            (r_item.scope['project']['id'], reg_user.username))
                        curr_prj = prj_dict[r_item.scope['project']['id']]

                        if Expiration.objects.filter(
                                registration=reg_user,
                                project=curr_prj).count() > 0:
                            continue

                        prj_exp = Expiration()
                        prj_exp.registration = reg_user
                        prj_exp.project = curr_prj
                        prj_exp.expdate = reg_user.expdate
                        prj_exp.save()

                        LOG.info("Imported expiration for %s in %s: %s" % \
                        (reg_user.username, curr_prj.projectname, \
                        reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))

            LOG.info("Populating the email table")

            with transaction.atomic():
                for reg_user in Registration.objects.all():

                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" %
                                 reg_user.username)
                        continue

                    tmpres = keystone_client.users.get(reg_user.userid)
                    if not tmpres:
                        continue

                    if EMail.objects.filter(registration=reg_user).count() > 0:
                        continue

                    mail_obj = EMail()
                    mail_obj.registration = reg_user
                    mail_obj.email = tmpres.email
                    mail_obj.save()

                    LOG.info("Imported email for %s: %s" %
                             (reg_user.username, tmpres.email))

            LOG.info("Populating the project roles table")

            tnt_admin_roleid = get_prjman_roleid(keystone_client)

            with transaction.atomic():

                PrjRole.objects.all().delete()

                prj_dict = dict()
                for prj_obj in Project.objects.all():
                    prj_dict[prj_obj.projectid] = prj_obj

                for reg_user in Registration.objects.all():

                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" %
                                 reg_user.username)
                        continue

                    for role_obj in keystone_client.role_assignments.list(
                            reg_user.userid):
                        if role_obj.role['id'] == tnt_admin_roleid:
                            tmpprjid = role_obj.scope['project']['id']
                            prjRole = PrjRole()
                            prjRole.registration = reg_user
                            prjRole.project = prj_dict[tmpprjid]
                            prjRole.roleid = role_obj.role['id']
                            prjRole.save()

                            LOG.info("Imported admin %s for %s" %
                                     (reg_user.username,
                                      prj_dict[tmpprjid].projectname))

        except:
            LOG.error("Import failed", exc_info=True)
            raise CommandError("Import failed")

Exemplo n.º 7

    def handle(self, request, data):

        if not data['username']:
            messages.error(request,
                           _("Cannot process request: missing username"))
            return False

        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():

                registration = Registration.objects.get(
                    regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(
                    registration=registration, flowstatus=RSTATUS_PENDING)[0]

                prjReqList = PrjRequest.objects.filter(
                    registration=registration)

                password = reg_request.password
                if not password:
                    password = generate_pwd()

                user_email = reg_request.email

                #
                # Mapping of external accounts
                #
                is_local = True
                if reg_request.externalid:
                    mapping = UserMapping(
                        globaluser=reg_request.externalid,
                        registration=reg_request.registration)
                    mapping.save()
                    is_local = False
                    LOG.info("Registered external account %s" %
                             reg_request.externalid)

                #
                # Forward request to project administrators
                #
                q_args = {
                    'project__projectid__isnull': False,
                    'flowstatus': PSTATUS_REG
                }
                prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)

                #
                # Creation of new tenants
                #

                self.preprocess_prj(registration, data)

                new_prj_list = list()

                p_reqs = prjReqList.filter(project__projectid__isnull=True,
                                           flowstatus=PSTATUS_REG)
                if len(p_reqs):
                    newreq_prj = p_reqs[0].project
                    kprj = keystone_api.tenant_create(request,
                                                      newreq_prj.projectname,
                                                      newreq_prj.description,
                                                      True)
                    newreq_prj.projectid = kprj.id
                    newreq_prj.save()
                    new_prj_list.append(newreq_prj)

                    setup_new_project(request, kprj.id, newreq_prj.projectname,
                                      data)

                    LOG.info("Created tenant %s" % newreq_prj.projectname)

                #
                # User creation
                #
                if not registration.userid:

                    if is_local:
                        registration.username = data['username']

                    kuser = keystone_api.user_create(
                        request,
                        name=registration.username,
                        password=password,
                        email=user_email,
                        enabled=True)

                    registration.expdate = self.expiration
                    registration.userid = kuser.id
                    registration.save()
                    LOG.info("Created user %s" % registration.username)

                    mail_obj = EMail()
                    mail_obj.registration = registration
                    mail_obj.email = user_email
                    mail_obj.save()

                #
                # The new user is the project manager of its tenant
                # register the expiration date per tenant
                #
                for prj_item in new_prj_list:

                    expiration = Expiration()
                    expiration.registration = registration
                    expiration.project = prj_item
                    expiration.expdate = self.expiration
                    expiration.save()

                    prjRole = PrjRole()
                    prjRole.registration = registration
                    prjRole.project = prj_item
                    prjRole.roleid = tenantadmin_roleid
                    prjRole.save()

                    keystone_api.add_tenant_user_role(request,
                                                      prj_item.projectid,
                                                      registration.userid,
                                                      tenantadmin_roleid)

                #
                # Send notifications to project administrators and users
                #
                for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):

                    m_userids = get_prjman_ids(request,
                                               p_item.project.projectid)
                    tmpres = EMail.objects.filter(
                        registration__userid__in=m_userids)
                    m_emails = [x.email for x in tmpres]

                    noti_params = {
                        'username': data['username'],
                        'project': p_item.project.projectname
                    }
                    notifyProject(request=self.request,
                                  rcpt=m_emails,
                                  action=SUBSCR_WAIT_TYPE,
                                  context=noti_params,
                                  dst_project_id=p_item.project.projectid)

                    n2_params = {
                        'username': p_item.registration.username,
                        'project': p_item.project.projectname,
                        'prjadmins': m_emails
                    }

                    notifyUser(request=self.request,
                               rcpt=user_email,
                               action=SUBSCR_ONGOING,
                               context=n2_params,
                               dst_project_id=p_item.project.projectid,
                               dst_user_id=registration.userid)

                newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
                for p_item in newprj_reqs:
                    noti_params = {
                        'username': p_item.registration.username,
                        'project': p_item.project.projectname
                    }
                    notifyUser(request=self.request,
                               rcpt=user_email,
                               action=FIRST_REG_OK_TYPE,
                               context=noti_params,
                               dst_project_id=p_item.project.projectid,
                               dst_user_id=p_item.registration.userid)

                #
                # cache cleanup
                #
                newprj_reqs.delete()
                reg_request.delete()

                self.post_reminder(registration, user_email)

        except:
            LOG.error("Error pre-checking request", exc_info=True)
            messages.error(request, _("Cannot pre-check request"))
            return False

        return True

Exemplo n.º 8

Arquivo: populatexpiration.py Projeto: CloudPadovana/openstack-security-integrations

    def handle(self, *args, **options):

        super(Command, self).handle(options)

        try:

            prj_dict = dict()
            
            for prj_item in Project.objects.all():
                if prj_item.projectid:
                    prj_dict[prj_item.projectid] = prj_item

            #
            # TODO define the user_domain_name and project_domain_name
            #
            keystone_client = client.Client(username=self.config.cron_user,
                                            password=self.config.cron_pwd,
                                            project_name=self.config.cron_prj,
                                            cacert=self.config.cron_ca,
                                            user_domain_name=self.config.cron_domain,
                                            project_domain_name=self.config.cron_domain,
                                            auth_url=self.config.cron_kurl)

            LOG.info("Populating the expiration table")

            with transaction.atomic():
                for reg_user in Registration.objects.all():
                
                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" % reg_user.username)
                        continue
                    
                    for r_item in keystone_client.role_assignments.list(user=reg_user.userid):
                        if not r_item.scope['project']['id'] in prj_dict:
                            LOG.info("Skipped unregistered project %s for %s" % \
                            (r_item.scope['project']['id'], reg_user.username))
                        curr_prj = prj_dict[r_item.scope['project']['id']]
                        
                        if Expiration.objects.filter(
                            registration=reg_user,
                            project=curr_prj
                        ).count() > 0:
                            continue

                        prj_exp = Expiration()
                        prj_exp.registration = reg_user
                        prj_exp.project = curr_prj
                        prj_exp.expdate = reg_user.expdate
                        prj_exp.save()
                        
                        LOG.info("Imported expiration for %s in %s: %s" % \
                        (reg_user.username, curr_prj.projectname, \
                        reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))

            LOG.info("Populating the email table")

            with transaction.atomic():
                for reg_user in Registration.objects.all():

                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" % reg_user.username)
                        continue

                    tmpres = keystone_client.users.get(reg_user.userid)
                    if not tmpres:
                        continue

                    if EMail.objects.filter(registration=reg_user).count() > 0:
                        continue

                    mail_obj = EMail()
                    mail_obj.registration = reg_user
                    mail_obj.email = tmpres.email
                    mail_obj.save()

                    LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email))

            LOG.info("Populating the project roles table")

            tnt_admin_roleid = get_prjman_roleid(keystone_client)

            with transaction.atomic():

                PrjRole.objects.all().delete()

                prj_dict = dict()
                for prj_obj in Project.objects.all():
                    prj_dict[prj_obj.projectid] = prj_obj

                for reg_user in Registration.objects.all():

                    if not reg_user.userid:
                        LOG.info("Skipped unregistered user %s" % reg_user.username)
                        continue

                    for role_obj in keystone_client.role_assignments.list(reg_user.userid):
                        if role_obj.role['id'] == tnt_admin_roleid:
                            tmpprjid = role_obj.scope['project']['id']
                            prjRole = PrjRole()
                            prjRole.registration = reg_user
                            prjRole.project = prj_dict[tmpprjid]
                            prjRole.roleid = role_obj.role['id']
                            prjRole.save()

                            LOG.info("Imported admin %s for %s" % (reg_user.username, 
                                     prj_dict[tmpprjid].projectname))

        except:
            LOG.error("Import failed", exc_info=True)
            raise CommandError("Import failed")

Exemplo n.º 9

Arquivo: workflows.py Projeto: CloudPadovana/openstack-security-integrations

    def _update_project_members(self, request, data, project_id):
        
        admin_role_id = None
        available_roles = baseWorkflows.api.keystone.role_list(request)
        member_ids = set()
        prjadm_ids = set()
        result = None
        
        with transaction.atomic():

            #
            # Create project in the database
            #
            newprj_id = self.object.id

            qargs = {
                'projectname' : data['name'],
                'projectid' : newprj_id,
                'description' : data['description'],
                'status' : PRJ_PUBLIC
            }
            newprj = Project(**qargs)
            newprj.save()
            self.this_project = newprj

            #
            # Setup members
            #
            for role in available_roles:
            
                tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
                field_name = tmp_step.get_member_field_name(role.id)

                if role.name == TENANTADMIN_ROLE:
                    admin_role_id = role.id
                    for tmpid in data[field_name]:
                        prjadm_ids.add(tmpid)

                for user_id in data[field_name]:
                    member_ids.add(user_id)


            #
            # Import expiration per tenant, use per-user expiration date as a fall back
            # Create the project admin cache
            #
            for u_item in Registration.objects.filter(userid__in=member_ids):

                new_p_exp = Expiration()
                new_p_exp.registration = u_item
                new_p_exp.project = self.this_project
                new_p_exp.expdate = u_item.expdate
                new_p_exp.save()

                if u_item.userid in prjadm_ids:
                    new_prjrole = PrjRole()
                    new_prjrole.registration = u_item
                    new_prjrole.project = self.this_project
                    new_prjrole.roleid = admin_role_id
                    new_prjrole.save()
                    LOG.debug("Created prj admin: %s" % u_item.username)

            #
            # Insert cloud admin as project_manager if missing
            #
            if len(prjadm_ids) == 0:
                baseWorkflows.api.keystone.add_tenant_user_role(request, project_id,
                                                    request.user.id, admin_role_id)

            result = super(ExtCreateProject, self)._update_project_members(request, data, project_id)

        #
        # Notify users
        #
        for e_item in EMail.objects.filter(registration__userid__in=member_ids):
            noti_params = {
                'username' : e_item.registration.username,
                'project' : self.this_project.projectname,
                'isadmin' : e_item.registration.userid in prjadm_ids
            }
            notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params,
                       dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid)

        #
        # Notify all cloud admins
        #
        notifyAdmin(request=request, action=NEWPRJ_BY_ADM,
                    context={'project' : self.this_project.projectname})        

        return result

Exemplo n.º 10

    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member = client_factory(request).users.get(prj_req.registration.userid)
                project_name = prj_req.project.projectname
                
                LOG.debug("Approving subscription for %s" % prj_req.registration.username)
            
                default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
                
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()
                
                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                roles_obj = client_factory(request).roles
                arg_dict = {
                    'project' : prj_req.project.projectid,
                    'user' : prj_req.registration.userid
                }
                
                missing_default = True
                for item in roles_obj.list():
                    if item.name == default_role:
                        roles_obj.grant(item.id, **arg_dict)
                        missing_default = False
                if missing_default:
                    raise Exception("Default role is undefined")
                    
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
        
        except:
            exceptions.handle(request)
            return False
            
        return True

Exemplo n.º 11

    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member_id = prj_req.registration.userid
                tmpres = EMail.objects.filter(registration__userid=member_id)
                member_email = tmpres[0].email if tmpres else None
                project_name = prj_req.project.projectname
                user_name = prj_req.registration.username
                
                LOG.debug("Approving subscription for %s" % prj_req.registration.username)
            
                default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
                
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()
                
                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                roles_obj = client_factory(request).roles
                arg_dict = {
                    'project' : prj_req.project.projectid,
                    'user' : prj_req.registration.userid
                }
                
                missing_default = True
                for item in roles_obj.list():
                    if item.name == default_role:
                        roles_obj.grant(item.id, **arg_dict)
                        missing_default = False
                if missing_default:
                    raise Exception("Default role is undefined")
                #
                # Enable reminder for cloud admin
                #
                RegRequest.objects.filter(
                    registration = prj_req.registration,
                    flowstatus = RSTATUS_REMINDER
                ).update(flowstatus = RSTATUS_REMINDACK)
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'username': user_name,
                'project' : project_name
            }

            notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
                       dst_user_id=member_id)
            notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)

        except:
            exceptions.handle(request)
            return False
            
        return True

Exemplo n.º 12

Arquivo: workflows.py Projeto: caifti/openstack-security-integrations

    def _update_project_members(self, request, data, project_id):

        admin_role_id = None
        available_roles = baseWorkflows.api.keystone.role_list(request)
        member_ids = set()
        prjadm_ids = set()
        result = None

        with transaction.atomic():

            #
            # Create project in the database
            #
            newprj_id = self.object.id

            qargs = {
                'projectname': data['name'],
                'projectid': newprj_id,
                'description': data['description'],
                'status': PRJ_PUBLIC
            }
            newprj = Project(**qargs)
            newprj.save()
            self.this_project = newprj

            #
            # Setup members
            #
            for role in available_roles:

                tmp_step = self.get_step(
                    baseWorkflows.PROJECT_USER_MEMBER_SLUG)
                field_name = tmp_step.get_member_field_name(role.id)

                if role.name == TENANTADMIN_ROLE:
                    admin_role_id = role.id
                    for tmpid in data[field_name]:
                        prjadm_ids.add(tmpid)

                for user_id in data[field_name]:
                    member_ids.add(user_id)

            #
            # Import expiration per tenant, use per-user expiration date as a fall back
            # Create the project admin cache
            #
            for u_item in Registration.objects.filter(userid__in=member_ids):

                new_p_exp = Expiration()
                new_p_exp.registration = u_item
                new_p_exp.project = self.this_project
                new_p_exp.expdate = u_item.expdate
                new_p_exp.save()

                if u_item.userid in prjadm_ids:
                    new_prjrole = PrjRole()
                    new_prjrole.registration = u_item
                    new_prjrole.project = self.this_project
                    new_prjrole.roleid = admin_role_id
                    new_prjrole.save()
                    LOG.debug("Created prj admin: %s" % u_item.username)

            #
            # Insert cloud admin as project_manager if missing
            #
            if len(prjadm_ids) == 0:
                baseWorkflows.api.keystone.add_tenant_user_role(
                    request, project_id, request.user.id, admin_role_id)

            result = super(ExtCreateProject, self)._update_project_members(
                request, data, project_id)

        #
        # Notify users
        #
        for e_item in EMail.objects.filter(
                registration__userid__in=member_ids):
            noti_params = {
                'username': e_item.registration.username,
                'project': self.this_project.projectname,
                'isadmin': e_item.registration.userid in prjadm_ids
            }
            notifyUser(request=request,
                       rcpt=e_item.email,
                       action=MEMBER_FORCED_ADD,
                       context=noti_params,
                       dst_project_id=self.this_project.projectid,
                       dst_user_id=e_item.registration.userid)

        #
        # Notify all cloud admins
        #
        notifyAdmin(request=request,
                    action=NEWPRJ_BY_ADM,
                    context={'project': self.this_project.projectname})

        return result

Exemplo n.º 13

    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():
            
                registration = Registration.objects.get(regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(registration=registration)[0]
                
                q_args = {
                    'registration' : registration,
                    'project__status' : PRJ_GUEST
                }
                prj_reqs = PrjRequest.objects.filter(**q_args)
                project_id = prj_reqs[0].project.projectid
                project_name = prj_reqs[0].project.projectname

                password = reg_request.password
                if not password:
                    password = generate_pwd()
                
                user_email = reg_request.email

                #
                # Mapping of external accounts
                #                
                if reg_request.externalid:
                    mapping = UserMapping(globaluser=reg_request.externalid,
                                    registration=reg_request.registration)
                    mapping.save()
                    LOG.info("Registered external account %s" % reg_request.externalid)

                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_reqs[0].registration
                expiration.project = prj_reqs[0].project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # clear requests
                #
                prj_reqs.delete()
                reg_request.delete()

                #
                # User creation
                # 
                kuser = keystone_api.user_create(request, 
                                                name=registration.username,
                                                password=password,
                                                email=user_email,
                                                enabled=True)
                    
                registration.username = data['username']
                registration.expdate = data['expiration']
                registration.userid = kuser.id
                registration.save()
                LOG.info("Created guest user %s" % registration.username)

                keystone_api.add_tenant_user_role(request, project_id,
                                            registration.userid, default_roleid)

                #
                # Send notification to the user
                #
                noti_params = {
                    'username' : registration.username,
                    'project' : project_name,
                    'guestmode' : True
                }
                noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
                notifyUsers(user_email, noti_sbj, noti_body)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True

Exemplo n.º 14

    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = data['requestid'].split(':')

            with transaction.atomic():

                #
                # Creation of new tenant
                #
                q_args = {
                    'registration__regid' : int(usr_and_prj[0]),
                    'project__projectname' : usr_and_prj[1]
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                project_name = prj_req.project.projectname
                user_id = prj_req.registration.userid
                
                kprj = keystone_api.tenant_create(request, project_name,
                                                    prj_req.project.description, True)
                prj_req.project.projectid = kprj.id
                prj_req.project.save()
                LOG.info("Created tenant %s" % project_name)
                
                #
                # The new user is the project manager of its tenant
                #
                keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
                                                user_id, tenantadmin_roleid)


                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                #
                # Clear request
                #
                prj_req.delete()
                
            #
            # Send notification to the user
            #
            user_email = keystone_api.user_get(request, user_id).email
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params)
            notifyUsers(user_email, noti_sbj, noti_body)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True

Exemplo n.º 15

    def handle(self, request, data):
    
        try:
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = data['requestid'].split(':')

            with transaction.atomic():
                q_args = {
                    'registration__regid' : int(usr_and_prj[0]),
                    'project__projectname' : usr_and_prj[1]
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                project_name = prj_req.project.projectname
                project_id = prj_req.project.projectid
                user_name = prj_req.registration.username
                user_id = prj_req.registration.userid
                
                keystone_api.add_tenant_user_role(request, project_id,
                                                user_id, default_roleid)

                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to project managers and users
            #
            user_email = keystone_api.user_get(request, user_id).email
            
            prjman_list = get_project_managers(request, project_id)
            noti_params = {
                'username' : user_name,
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params)
            notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body)
            
            noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
            notifyUsers(user_email, noti_sbj, noti_body)
                
        except:
            LOG.error("Error forced-checking request", exc_info=True)
            messages.error(request, _("Cannot forced check request"))
            return False

        return True

Exemplo n.º 16

    def handle(self, request, data):

        if not data['username']:
            messages.error(request, _("Cannot process request: missing username"))
            return False
        
        try:
                
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():

                registration = Registration.objects.get(regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(registration=registration)[0]
                    
                prjReqList = PrjRequest.objects.filter(registration=registration)

                password = reg_request.password
                if not password:
                    password = generate_pwd()
                
                user_email = reg_request.email

                #
                # Mapping of external accounts
                #                
                if reg_request.externalid:
                    mapping = UserMapping(globaluser=reg_request.externalid,
                                    registration=reg_request.registration)
                    mapping.save()
                    LOG.info("Registered external account %s" % reg_request.externalid)
                    
                #
                # Forward request to project administrators
                #
                q_args = {
                    'project__projectid__isnull' : False,
                    'flowstatus' : PSTATUS_REG
                }
                prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)

                #
                # Creation of new tenants
                #
                new_prj_list = list()
                q_args = {
                    'project__projectid__isnull' : True,
                    'flowstatus' : PSTATUS_REG
                }
                
                for p_reqs in prjReqList.filter(**q_args):
                    kprj = keystone_api.tenant_create(request, p_reqs.project.projectname,
                                                        p_reqs.project.description, True)
                    p_reqs.project.projectid = kprj.id
                    p_reqs.project.save()
                    new_prj_list.append(p_reqs.project)
                    LOG.info("Created tenant %s" % p_reqs.project.projectname)
                
                #
                # User creation
                #
                if not registration.userid:
                    
                    kuser = keystone_api.user_create(request, 
                                                    name=registration.username,
                                                    password=password,
                                                    email=user_email,
                                                    enabled=True)
                        
                    registration.username = data['username']
                    registration.expdate = self.expiration
                    registration.userid = kuser.id
                    registration.save()
                    LOG.info("Created user %s" % registration.username)

                #
                # The new user is the project manager of its tenant
                # register the expiration date per tenant
                #
                for prj_item in new_prj_list:

                    expiration = Expiration()
                    expiration.registration = registration
                    expiration.project = prj_item
                    expiration.expdate = self.expiration
                    expiration.save()

                    keystone_api.add_tenant_user_role(request, prj_item.projectid,
                                            registration.userid, tenantadmin_roleid)

                #
                # Send notifications to project administrators and users
                #
                for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
                
                    m_users = get_project_managers(request, p_item.project.projectid)
                    m_emails = [ usr.email for usr in m_users ]
                    
                    noti_params = {
                        'username' : data['username'],
                        'project' : p_item.project.projectname
                    }
                    noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params)
                    notifyUsers(m_emails, noti_sbj, noti_body)
                    
                    n2_params = {
                        'project' : p_item.project.projectname,
                        'prjadmins' : m_emails
                    }
                    noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params)
                    notifyUsers(user_email, noti_sbj, noti_body)

                newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
                for p_item in newprj_reqs:
                    noti_params = {
                        'username' : p_item.registration.username,
                        'project' : p_item.project.projectname,
                        'guestmode' : False
                    }
                    noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
                    notifyUsers(user_email, noti_sbj, noti_body)

                #
                # cache cleanup
                #
                newprj_reqs.delete()
                reg_request.delete()

        except:
            LOG.error("Error pre-checking request", exc_info=True)
            messages.error(request, _("Cannot pre-check request"))
            return False

        return True