class TenantFactory(factory.DjangoModelFactory):
class Meta:
model = models.Tenant
name = factory.Sequence(lambda n: 'tenant%s' % n)
service_settings = factory.SubFactory(OpenStackServiceSettingsFactory)
project = factory.SubFactory(ProjectFactory)
state = models.Tenant.States.OK
external_network_id = factory.LazyAttribute(lambda _: uuid.uuid4())
backend_id = factory.Sequence(lambda n: 'backend_id_%s' % n)
user_username = factory.Sequence(lambda n: 'tenant user%d' % n)
user_password = core_utils.pwgen()
@classmethod
def get_url(cls, tenant=None, action=None):
if tenant is None:
tenant = TenantFactory()
url = 'http://testserver' + reverse('openstack-tenant-detail',
kwargs={'uuid': tenant.uuid.hex})
return url if action is None else url + action + '/'
@classmethod
def get_list_url(cls, action=None):
url = 'http://testserver' + reverse('openstack-tenant-list')
return url if action is None else url + action + '/'
def create(self, validated_data):
service_project_link = validated_data['service_project_link']
backend = service_project_link.service.get_backend()
backend_id = validated_data['backend_id']
if models.Tenant.objects.filter(
service_project_link__service__settings=service_project_link.
service.settings,
backend_id=backend_id).exists():
raise serializers.ValidationError(
_('Tenant with ID "%s" is already registered.') % backend_id)
try:
tenant = backend.import_tenant(backend_id, service_project_link)
except OpenStackBackendError as e:
raise serializers.ValidationError({
'backend_id':
_('Can\'t import tenant with ID %(backend_id)s. Reason: %(reason)s'
) % {
'backend_id': backend_id,
'reason': e,
}
})
tenant.user_username = models.Tenant.generate_username(tenant.name)
tenant.user_password = core_utils.pwgen()
tenant.save()
return tenant
def generate_safe_username(username):
username = generate_username(username)
# Maximum length for FreeIPA username is 32 chars
if len(username) > 32:
prefix_length = len(settings.WALDUR_FREEIPA['USERNAME_PREFIX'])
username = generate_username(pwgen(32 - prefix_length))
return username
def generate_username(cls, name):
"""
Generates random valid tenant user name based on tenant name
:param name: tenant name
:return: username
"""
return slugify(name)[:25] + '-user-%s' % core_utils.pwgen(4)
def get_or_create_user(invitation_uuid, sender):
invitation = models.Invitation.objects.get(uuid=invitation_uuid)
user, created = utils.get_or_create_user(invitation)
username = generate_safe_username(user.username)
password = pwgen()
try:
profile, created = utils.get_or_create_profile(user, username,
password)
except (freeipa_exceptions.FreeIPAError, requests.RequestException) as e:
logger.exception(
'Unable to create FreeIPA profile for user with ID: %s', user.id)
invitation.error_message = str(e)
invitation.save(update_fields=['error_message'])
raise
if created:
sender = invitation.created_by.full_name or invitation.created_by.username
context = utils.get_invitation_context(invitation, sender)
context['username'] = username
context['password'] = password
context['link'] = invitation.link_template.format(uuid=invitation_uuid)
broadcast_mail('users', 'invitation_approved', context,
[invitation.email])
else:
send_invitation_created(invitation_uuid, sender)
def create(self, validated_data):
spl = validated_data['service_project_link']
# get availability zone from service settings if it is not defined
if not validated_data.get('availability_zone'):
validated_data['availability_zone'] = spl.service.settings.get_option('availability_zone') or ''
# init tenant user username(if not defined) and password
slugified_name = slugify(validated_data['name'])[:25]
if not validated_data.get('user_username'):
validated_data['user_username'] = models.Tenant.generate_username(validated_data['name'])
validated_data['user_password'] = core_utils.pwgen()
subnet_cidr = validated_data.pop('subnet_cidr')
with transaction.atomic():
tenant = super(TenantSerializer, self).create(validated_data)
network = models.Network.objects.create(
name=slugified_name + '-int-net',
description=_('Internal network for tenant %s') % tenant.name,
tenant=tenant,
service_project_link=tenant.service_project_link,
)
models.SubNet.objects.create(
name=slugified_name + '-sub-net',
description=_('SubNet for tenant %s internal network') % tenant.name,
network=network,
service_project_link=tenant.service_project_link,
cidr=subnet_cidr,
allocation_pools=_generate_subnet_allocation_pool(subnet_cidr),
dns_nameservers=spl.service.settings.options.get('dns_nameservers', [])
)
nc_settings = getattr(settings, 'WALDUR_OPENSTACK', {})
config_groups = copy.deepcopy(nc_settings.get('DEFAULT_SECURITY_GROUPS', []))
for group in config_groups:
sg_name = group.get('name')
sg_description = group.get('description', None)
sg = models.SecurityGroup.objects.get_or_create(
service_project_link=tenant.service_project_link,
tenant=tenant,
description=sg_description,
name=sg_name)[0]
for rule in group.get('rules'):
if 'icmp_type' in rule:
rule['from_port'] = rule.pop('icmp_type')
if 'icmp_code' in rule:
rule['to_port'] = rule.pop('icmp_code')
try:
rule = models.SecurityGroupRule(security_group=sg, **rule)
rule.full_clean()
except serializers.ValidationError as e:
logger.error('Failed to create rule for security group %s: %s.' % (sg_name, e))
else:
rule.save()
return tenant
def password(self, request, uuid):
user = self.get_object()
user.password = pwgen()
user.save()
executors.UserUpdateExecutor.execute(user, updated_fields=['password'])
return response.Response(
{
'detail': 'password update was scheduled successfully',
'password': user.password
},
status=status.HTTP_200_OK)
def credentials(self, request, uuid):
""" On GET request - return superadmin user data.
On POST - reset superuser password and return new one.
"""
service = self.get_object()
if request.method == 'GET':
user = models.User.objects.get(settings=service.settings,
alias=service.settings.username)
serializer_class = self.get_serializer_class()
serializer = serializer_class(
user, context=self.get_serializer_context())
return Response(serializer.data)
else:
password = pwgen()
executors.ServiceSettingsPasswordResetExecutor.execute(
service.settings, password=password)
return Response({'password': password})
def generate_username():
return 'user{}'.format(core_utils.pwgen(4))
def generate_api_secret_code(self):
self.api_secret_code = core_utils.pwgen()
def create(self, attrs):
groups = attrs.pop('groups', [])
attrs['password'] = pwgen()
user = super(UserSerializer, self).create(attrs)
user.groups.add(*groups)
return user
