def _get_identity(cls, user, group, provider, quota, credentials):
"""
# 1. Make sure that an Identity exists for the user/group+provider
# 2. Make sure that all kwargs exist as credentials for the identity
"""
credentials_match_query = (
contains_credential('key', credentials['key']) &
contains_credential(
'ex_project_name', credentials['ex_project_name']
)
)
identity_qs = Identity.objects\
.filter(created_by=user, provider=provider)\
.filter(credentials_match_query)
# This shouldn't happen..
if identity_qs.count() > 1:
raise Exception("Could not uniquely identify the identity")
identity = identity_qs.first()
if not identity:
identity = cls._create_identity(
user, group, provider, quota, credentials
)
# 2. Make sure that all kwargs exist as credentials
# NOTE: Because we assume a matching username and
# project name, we can update the remaining
# credentials (for any new or updated future-values)
for (c_key, c_value) in credentials.items():
Identity.update_credential(identity, c_key, c_value)
return identity
def _get_identity(cls, user, group, provider, quota, credentials):
"""
# 1. Make sure that an Identity exists for the user/group+provider
# 2. Make sure that all kwargs exist as credentials for the identity
"""
credentials_match_query = (contains_credential(
'key', credentials['key']) & contains_credential(
'ex_project_name', credentials['ex_project_name']))
identity_qs = Identity.objects\
.filter(created_by=user, provider=provider)\
.filter(credentials_match_query)
# This shouldn't happen..
if identity_qs.count() > 1:
raise Exception("Could not uniquely identify the identity")
identity = identity_qs.first()
if not identity:
identity = cls._create_identity(user, group, provider, quota,
credentials)
# 2. Make sure that all kwargs exist as credentials
# NOTE: Because we assume a matching username and
# project name, we can update the remaining
# credentials (for any new or updated future-values)
for (c_key, c_value) in credentials.items():
Identity.update_credential(identity, c_key, c_value)
return identity
def _get_identity(cls, user, group, provider, quota, credentials):
"""
# 1. Make sure that an Identity exists for the user/group+provider
# 2. Make sure that all kwargs exist as credentials for the identity
"""
identity_qs = Identity.objects.filter(created_by=user,
provider=provider)
if 'ex_project_name' in credentials:
project_name = credentials['ex_project_name']
elif 'ex_tenant_name' in credentials:
project_name = credentials['ex_tenant_name']
if project_name:
identity_qs = identity_qs.filter(
contains_credential('ex_project_name', project_name)
| contains_credential('ex_tenant_name', project_name))
#FIXME: To make this *more* iron-clad, we should probably
# include the username `key/value` pair, and looks *explicitly* for that pairing in an identity they have created..
if identity_qs.count() > 1:
raise Exception("Could not uniquely identify the identity")
identity = identity_qs.first()
if identity:
# In the future, we will only update the credentials *once*
# during self._create_identity().
for (c_key, c_value) in credentials.items():
Identity.update_credential(identity, c_key, c_value)
else:
identity = cls._create_identity(user, group, provider, quota,
credentials)
return identity
def find_accounts(self, provider, account_user, group_name, username,
project_name, **kwargs):
from core.models import GroupMembership, Identity
from core.query import contains_credential
member = GroupMembership.objects.filter(user__username=account_user,
group__name=group_name)
if not member:
return Identity.objects.none()
group = member.first().group
return group.identities.filter(
contains_credential('ex_project_name', project_name),
provider=provider).filter(contains_credential('key', username))
def _find_identity_match(self, provider_uuid, username, project_name):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError("Provider %s is invalid" % provider)
request_user = self._get_request_user()
ident = Identity.objects\
.filter(
contains_credential('key', username),
created_by=request_user, provider=provider)\
.filter(
contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\
.first()
return ident
def _lookup_image_owner_identity(account_driver, glance_image):
owner = account_driver.get_project_by_id(glance_image.get('owner'))
if not owner:
return None
matches = Identity.objects.filter(contains_credential('ex_project_name', owner.name))
if matches.count() > 1:
logger.warn("Project %s is ambiguous -- exists on more than one Identity." % owner.name)
return None
return matches.first()
def _find_identity_match(self, provider_uuid, username, project_name):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError("Provider %s is invalid" % provider)
request_user = self._get_request_user()
ident = Identity.objects\
.filter(
contains_credential('key', username),
created_by=request_user, provider=provider)\
.filter(
contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\
.first()
membership_exists = IdentityMembership.objects.filter(identity=ident).first()
if not membership_exists:
# Account creation _did not run to completion_. Re-do it.
return None
return ident
def monitor_volumes_for(provider_id, print_logs=False):
"""
Run the set of tasks related to monitoring sizes for a provider.
Optionally, provide a list of usernames to monitor
While debugging, print_logs=True can be very helpful.
start_date and end_date allow you to search a 'non-standard' window of time.
"""
from service.driver import get_account_driver
from core.models import Identity
if print_logs:
console_handler = _init_stdout_logging()
provider = Provider.objects.get(id=provider_id)
account_driver = get_account_driver(provider)
# Non-End dated volumes on this provider
db_volumes = Volume.objects.filter(only_current_source(), instance_source__provider=provider)
all_volumes = account_driver.admin_driver.list_all_volumes(timeout=30)
seen_volumes = []
for cloud_volume in all_volumes:
try:
core_volume = convert_esh_volume(cloud_volume, provider_uuid=provider.uuid)
seen_volumes.append(core_volume)
except ObjectDoesNotExist:
tenant_id = cloud_volume.extra['object']['os-vol-tenant-attr:tenant_id']
tenant = account_driver.get_project_by_id(tenant_id)
tenant_name = tenant.name if tenant else tenant_id
try:
if not tenant:
celery_logger.warn("Warning: tenant_id %s found on volume %s, but did not exist from the account driver perspective.", tenant_id, cloud_volume)
raise ObjectDoesNotExist()
identity = Identity.objects.filter(
contains_credential('ex_project_name', tenant_name), provider=provider
).first()
if not identity:
raise ObjectDoesNotExist()
core_volume = convert_esh_volume(
cloud_volume,
provider.uuid, identity.uuid,
identity.created_by)
except ObjectDoesNotExist:
celery_logger.info("Skipping Volume %s - No Identity for: Provider:%s + Project Name:%s" % (cloud_volume.id, provider, tenant_name))
pass
now_time = timezone.now()
needs_end_date = [volume for volume in db_volumes if volume not in seen_volumes]
for volume in needs_end_date:
celery_logger.debug("End dating inactive volume: %s" % volume)
volume.end_date = now_time
volume.save()
if print_logs:
_exit_stdout_logging(console_handler)
for vol in seen_volumes:
vol.esh = None
return [vol.instance_source.identifier for vol in seen_volumes]
def monitor_volumes_for(provider_id, print_logs=False):
"""
Run the set of tasks related to monitoring sizes for a provider.
Optionally, provide a list of usernames to monitor
While debugging, print_logs=True can be very helpful.
start_date and end_date allow you to search a 'non-standard' window of time.
"""
from service.driver import get_account_driver
from core.models import Identity
if print_logs:
console_handler = _init_stdout_logging()
provider = Provider.objects.get(id=provider_id)
account_driver = get_account_driver(provider)
# Non-End dated volumes on this provider
db_volumes = Volume.objects.filter(only_current_source(), instance_source__provider=provider)
all_volumes = account_driver.admin_driver.list_all_volumes(timeout=30)
seen_volumes = []
for cloud_volume in all_volumes:
try:
core_volume = convert_esh_volume(cloud_volume, provider_uuid=provider.uuid)
seen_volumes.append(core_volume)
except ObjectDoesNotExist:
tenant_id = cloud_volume.extra['object']['os-vol-tenant-attr:tenant_id']
tenant = account_driver.get_project_by_id(tenant_id)
tenant_name = tenant.name if tenant else tenant_id
try:
if not tenant:
celery_logger.warn("Warning: tenant_id %s found on volume %s, but did not exist from the account driver perspective.", tenant_id, cloud_volume)
raise ObjectDoesNotExist()
identity = Identity.objects.filter(
contains_credential('ex_project_name', tenant_name), provider=provider
).first()
if not identity:
raise ObjectDoesNotExist()
core_volume = convert_esh_volume(
cloud_volume,
provider.uuid, identity.uuid,
identity.created_by)
except ObjectDoesNotExist:
celery_logger.info("Skipping Volume %s - No Identity for: Provider:%s + Project Name:%s" % (cloud_volume.id, provider, tenant_name))
pass
now_time = timezone.now()
needs_end_date = [volume for volume in db_volumes if volume not in seen_volumes]
for volume in needs_end_date:
celery_logger.debug("End dating inactive volume: %s" % volume)
volume.end_date = now_time
volume.save()
if print_logs:
_exit_stdout_logging(console_handler)
for vol in seen_volumes:
vol.esh = None
return [vol.instance_source.identifier for vol in seen_volumes]
def _lookup_image_owner_identity(account_driver, glance_image):
owner = account_driver.get_project_by_id(glance_image.get('owner'))
if not owner:
return None
matches = Identity.objects.filter(
contains_credential('ex_project_name', owner.name))
if matches.count() > 1:
logger.warn(
"Project %s is ambiguous -- exists on more than one Identity." %
owner.name)
return None
return matches.first()
def _find_identity_match(self, provider_uuid, username, project_name):
try:
provider = Provider.objects.get(uuid=provider_uuid)
except Provider.DoesNotExist:
raise serializers.ValidationError(
"Provider %s is invalid" % provider
)
request_user = self._get_request_user()
ident = Identity.objects\
.filter(
contains_credential('key', username),
created_by=request_user, provider=provider)\
.filter(
contains_credential('ex_project_name', project_name) | contains_credential('ex_tenant_name', project_name))\
.first()
membership_exists = IdentityMembership.objects.filter(identity=ident
).first()
if not membership_exists:
# Account creation _did not run to completion_. Re-do it.
return None
return ident
def _get_or_create_identity(self, user, provider, quota):
try:
identity = Identity.objects.get(contains_credential(
'key', 'username'),
created_by=user,
provider=provider)
if identity.quota != quota:
identity.quota = quota
identity.save()
except Identity.DoesNotExist:
identity = Identity.objects.create(created_by=user,
provider=provider,
quota=quota)
return identity
def _get_or_create_identity(self, user, provider, quota):
try:
identity = Identity.objects.get(
contains_credential('key', 'username'),
created_by=user,
provider=provider
)
if identity.quota != quota:
identity.quota = quota
identity.save()
except Identity.DoesNotExist:
identity = Identity.objects.create(
created_by=user, provider=provider, quota=quota
)
return identity
