def _assign_users(project_resource, users):
    """
    Assign users to project
    :param project_resource: project resource instance (OpenstackProject)
    :param users: List of users that need to be assigned to project with roles
    """
    # Create user resource to be able to get info about user
    user_resource = OpenstackUser(client_config=project_resource.client_config,
                                  logger=ctx.logger)

    # Create user role resource to be able to get info about role
    role_resource = OpenstackRole(client_config=project_resource.client_config,
                                  logger=ctx.logger)

    for user in users:
        user_roles = user.get(IDENTITY_ROLES, [])
        user_item = user_resource.find_user(user.get('name'))
        if not user_item:
            raise NonRecoverableError('User {0} is not found'
                                      ''.format(user['name']))

        for role in user_roles:
            user_role = role_resource.find_role(role)
            if not user_role:
                raise NonRecoverableError('Role {0} is not found'.format(role))

            # Assign project role to user
            role_resource.assign_project_role_to_user(
                project_id=project_resource.resource_id,
                user_id=user_item.id,
                role_id=user_role.id)

            ctx.logger.info(
                'Assigned user {0} to project {1} with role {2}'.format(
                    user_item.id, project_resource.resource_id, user_role.id))
def _validate_users(client_config, users):
    """
    This method will validate if the users are already exists before doing
    any role assignment. Morever, it will check if the roles also exist or not
    :param list users: List of users (dict) that contains user names and
    roles associated
    :param client_config: Openstack configuration in order to connect to
    openstack
    """

    # Create user resource to be able to get info about user
    user_resource = OpenstackUser(client_config=client_config,
                                  logger=ctx.logger)

    # Create user role resource to be able to get info about role
    role_resource = OpenstackRole(client_config=client_config,
                                  logger=ctx.logger)

    user_names = [user.get('name') for user in users]
    if len(user_names) > len(set(user_names)):
        raise NonRecoverableError(' Provided users are not unique')

    for user_name in user_names:
        user = user_resource.find_user(user_name)
        if not user:
            raise NonRecoverableError(
                'User {0} is not found'.format(user_name))

    for user in users:
        if user.get(IDENTITY_ROLES):
            if len(user[IDENTITY_ROLES]) > len(set(user[IDENTITY_ROLES])):
                msg = 'Roles for user {0} are not unique'
                raise NonRecoverableError(msg.format(user.get('name')))

    role_names = {
        role
        for user in users for role in user.get(IDENTITY_ROLES, [])
    }
    for role_name in role_names:
        user_role = role_resource.find_role(role_name)
        if not user_role:
            raise NonRecoverableError(
                'Role {0} is not found'.format(role_name))
Exemplo n.º 3
0
def _validate_groups(client_config, groups):
    """
    This method will validate if the groups are already exists before doing
    any role assignment. Morever, it will check if the roles also exist or not
    :param list groups: List of groups (dict) that contains group names and
    roles associated
    :param client_config: Openstack configuration in order to connect to
    openstack
    """

    # Create group resource to be able to get info about group
    group_resource = OpenstackGroup(client_config=client_config,
                                    logger=ctx.logger)

    # Create group role resource to be able to get info about role
    role_resource = OpenstackRole(client_config=client_config,
                                  logger=ctx.logger)

    group_names = [group.get('name') for group in groups]
    if len(group_names) > len(set(group_names)):
        raise NonRecoverableError(' Provided groups are not unique')

    for group_name in group_names:
        group = group_resource.find_group(group_name)
        if not group:
            raise NonRecoverableError(
                'Group {0} is not found'.format(group_name))

    for group in groups:
        if group.get(IDENTITY_ROLES):
            if len(group[IDENTITY_ROLES]) > len(set(group[IDENTITY_ROLES])):
                msg = 'Roles for group {0} are not unique'
                raise NonRecoverableError(msg.format(group.get('name')))

    role_names = {
        role for group in groups for role in group.get(IDENTITY_ROLES, [])
    }
    for role_name in role_names:
        group_role = role_resource.find_role(role_name)
        if not group_role:
            raise NonRecoverableError(
                'Role {0} is not found'.format(role_name))
Exemplo n.º 4
0
def _assign_groups(project_resource, groups):
    """
    Assign groups to project
    :param project_resource: project resource instance (OpenstackProject)
    :param groups: List of groups that need to be assigned to project with
    roles
    """
    # Create group resource to be able to get info about group
    group_resource = OpenstackGroup(
        client_config=project_resource.client_config,
        logger=ctx.logger
    )

    # Create group role resource to be able to get info about role
    role_resource = OpenstackRole(
        client_config=project_resource.client_config,
        logger=ctx.logger
    )

    for group in groups:
        group_roles = group.get(IDENTITY_ROLES, [])
        group_item = group_resource.find_group(group.get('name'))
        if not group_item:
            raise NonRecoverableError('Group {0} is not found'
                                      ''.format(group['name']))

        for role in group_roles:
            group_role = role_resource.find_role(role)
            if not group_role:
                raise NonRecoverableError('Role {0} is not found'.format(role))

            # Assign project role to group
            role_resource.assign_project_role_to_group(
                project_id=project_resource.resource_id,
                group_id=group_item.id,
                role_id=group_role.id)

            ctx.logger.info(
                'Assigned group {0} to project {1} with role {2}'.format(
                    group_item.id, project_resource.resource_id,
                    group_role.id))