def _update_project_members(self, request, data, project_id):
#
# Use per-user expiration date as a fall back
# for expiration date per tenant
#
# Remove subscription request for this project
#
for role in self._get_available_roles(request):
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
with transaction.atomic():
ep_qset = Expiration.objects.filter(project=self.this_project)
tmp_set = set()
for item in ep_qset.filter(
registration__userid__in=data[field_name]):
tmp_set.add(item.registration.userid)
new_memids = list()
for item in data[field_name]:
if not item in tmp_set:
new_memids.append(item)
q_args = {'userid__in': new_memids, 'expdate__isnull': False}
nreg_qset = Registration.objects.filter(**q_args)
for item in nreg_qset:
c_args = {
'registration': item,
'project': self.this_project,
'expdate': item.expdate
}
Expiration(**c_args).save()
#
# Remove subscription request for manually added members
#
q_args = {
'registration__in': nreg_qset,
'project': self.this_project,
'flowstatus': PSTATUS_PENDING
}
PrjRequest.objects.filter(**q_args).delete()
#
# Delete expiration for removed users
#
ep_qset.exclude(
registration__userid__in=data[field_name]).delete()
return super(ExtUpdateProject,
self)._update_project_members(request, data, project_id)
def _update_project_members(self, request, data, project_id):
#
# Use per-user expiration date as a fall back
# for expiration date per tenant
#
admin_role_id = None
missing_admin = True
available_roles = baseWorkflows.api.keystone.role_list(request)
with transaction.atomic():
for role in available_roles:
tmp_step = self.get_step(
baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
if role.name == TENANTADMIN_ROLE:
admin_role_id = role.id
missing_admin = (len(data[field_name]) == 0)
for user_id in data[field_name]:
q_args = {'userid': user_id, 'expdate__isnull': False}
tmp_list = Registration.objects.filter(**q_args)
if len(tmp_list):
q_args = {
'registration': tmp_list[0],
'project': self.this_project
}
if not Expiration.objects.filter(**q_args).count():
c_args = {
'registration': tmp_list[0],
'project': self.this_project,
'expdate': tmp_list[0].expdate
}
Expiration(**c_args).save()
#
# Insert cloud admin as project_manager if missing
# No tenant admin for guest
#
if missing_admin and not data.get('guest', False):
baseWorkflows.api.keystone.add_tenant_user_role(
request, project_id, request.user.id, admin_role_id)
#
# TODO if this is the guest project don't define any tenant admin
#
return super(ExtCreateProject,
self)._update_project_members(request, data, project_id)
def handle(self, *args, **options):
super(Command, self).handle(options)
try:
prj_dict = dict()
for prj_item in Project.objects.all():
if prj_item.projectid:
prj_dict[prj_item.projectid] = prj_item
#
# TODO define the user_domain_name and project_domain_name
#
keystone_client = client.Client(
username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
cacert=self.config.cron_ca,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
auth_url=self.config.cron_kurl)
LOG.info("Populating the expiration table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
for r_item in keystone_client.role_assignments.list(
user=reg_user.userid):
if not r_item.scope['project']['id'] in prj_dict:
LOG.info("Skipped unregistered project %s for %s" % \
(r_item.scope['project']['id'], reg_user.username))
curr_prj = prj_dict[r_item.scope['project']['id']]
if Expiration.objects.filter(
registration=reg_user,
project=curr_prj).count() > 0:
continue
prj_exp = Expiration()
prj_exp.registration = reg_user
prj_exp.project = curr_prj
prj_exp.expdate = reg_user.expdate
prj_exp.save()
LOG.info("Imported expiration for %s in %s: %s" % \
(reg_user.username, curr_prj.projectname, \
reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))
LOG.info("Populating the email table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
tmpres = keystone_client.users.get(reg_user.userid)
if not tmpres:
continue
if EMail.objects.filter(registration=reg_user).count() > 0:
continue
mail_obj = EMail()
mail_obj.registration = reg_user
mail_obj.email = tmpres.email
mail_obj.save()
LOG.info("Imported email for %s: %s" %
(reg_user.username, tmpres.email))
LOG.info("Populating the project roles table")
tnt_admin_roleid = get_prjman_roleid(keystone_client)
with transaction.atomic():
PrjRole.objects.all().delete()
prj_dict = dict()
for prj_obj in Project.objects.all():
prj_dict[prj_obj.projectid] = prj_obj
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" %
reg_user.username)
continue
for role_obj in keystone_client.role_assignments.list(
reg_user.userid):
if role_obj.role['id'] == tnt_admin_roleid:
tmpprjid = role_obj.scope['project']['id']
prjRole = PrjRole()
prjRole.registration = reg_user
prjRole.project = prj_dict[tmpprjid]
prjRole.roleid = role_obj.role['id']
prjRole.save()
LOG.info("Imported admin %s for %s" %
(reg_user.username,
prj_dict[tmpprjid].projectname))
except:
LOG.error("Import failed", exc_info=True)
raise CommandError("Import failed")
def _update_project_members(self, request, data, project_id):
admin_role_id = None
available_roles = baseWorkflows.api.keystone.role_list(request)
member_ids = set()
prjadm_ids = set()
result = None
with transaction.atomic():
#
# Create project in the database
#
newprj_id = self.object.id
qargs = {
'projectname' : data['name'],
'projectid' : newprj_id,
'description' : data['description'],
'status' : PRJ_PUBLIC
}
newprj = Project(**qargs)
newprj.save()
self.this_project = newprj
#
# Setup members
#
for role in available_roles:
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
if role.name == TENANTADMIN_ROLE:
admin_role_id = role.id
for tmpid in data[field_name]:
prjadm_ids.add(tmpid)
for user_id in data[field_name]:
member_ids.add(user_id)
#
# Import expiration per tenant, use per-user expiration date as a fall back
# Create the project admin cache
#
for u_item in Registration.objects.filter(userid__in=member_ids):
new_p_exp = Expiration()
new_p_exp.registration = u_item
new_p_exp.project = self.this_project
new_p_exp.expdate = u_item.expdate
new_p_exp.save()
if u_item.userid in prjadm_ids:
new_prjrole = PrjRole()
new_prjrole.registration = u_item
new_prjrole.project = self.this_project
new_prjrole.roleid = admin_role_id
new_prjrole.save()
LOG.debug("Created prj admin: %s" % u_item.username)
#
# Insert cloud admin as project_manager if missing
#
if len(prjadm_ids) == 0:
baseWorkflows.api.keystone.add_tenant_user_role(request, project_id,
request.user.id, admin_role_id)
result = super(ExtCreateProject, self)._update_project_members(request, data, project_id)
#
# Notify users
#
for e_item in EMail.objects.filter(registration__userid__in=member_ids):
noti_params = {
'username' : e_item.registration.username,
'project' : self.this_project.projectname,
'isadmin' : e_item.registration.userid in prjadm_ids
}
notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params,
dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid)
#
# Notify all cloud admins
#
notifyAdmin(request=request, action=NEWPRJ_BY_ADM,
context={'project' : self.this_project.projectname})
return result
def handle(self, *args, **options):
super(Command, self).handle(options)
try:
prj_dict = dict()
for prj_item in Project.objects.all():
if prj_item.projectid:
prj_dict[prj_item.projectid] = prj_item
#
# TODO define the user_domain_name and project_domain_name
#
keystone_client = client.Client(username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
cacert=self.config.cron_ca,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
auth_url=self.config.cron_kurl)
LOG.info("Populating the expiration table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
for r_item in keystone_client.role_assignments.list(user=reg_user.userid):
if not r_item.scope['project']['id'] in prj_dict:
LOG.info("Skipped unregistered project %s for %s" % \
(r_item.scope['project']['id'], reg_user.username))
curr_prj = prj_dict[r_item.scope['project']['id']]
if Expiration.objects.filter(
registration=reg_user,
project=curr_prj
).count() > 0:
continue
prj_exp = Expiration()
prj_exp.registration = reg_user
prj_exp.project = curr_prj
prj_exp.expdate = reg_user.expdate
prj_exp.save()
LOG.info("Imported expiration for %s in %s: %s" % \
(reg_user.username, curr_prj.projectname, \
reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p")))
LOG.info("Populating the email table")
with transaction.atomic():
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
tmpres = keystone_client.users.get(reg_user.userid)
if not tmpres:
continue
if EMail.objects.filter(registration=reg_user).count() > 0:
continue
mail_obj = EMail()
mail_obj.registration = reg_user
mail_obj.email = tmpres.email
mail_obj.save()
LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email))
LOG.info("Populating the project roles table")
tnt_admin_roleid = get_prjman_roleid(keystone_client)
with transaction.atomic():
PrjRole.objects.all().delete()
prj_dict = dict()
for prj_obj in Project.objects.all():
prj_dict[prj_obj.projectid] = prj_obj
for reg_user in Registration.objects.all():
if not reg_user.userid:
LOG.info("Skipped unregistered user %s" % reg_user.username)
continue
for role_obj in keystone_client.role_assignments.list(reg_user.userid):
if role_obj.role['id'] == tnt_admin_roleid:
tmpprjid = role_obj.scope['project']['id']
prjRole = PrjRole()
prjRole.registration = reg_user
prjRole.project = prj_dict[tmpprjid]
prjRole.roleid = role_obj.role['id']
prjRole.save()
LOG.info("Imported admin %s for %s" % (reg_user.username,
prj_dict[tmpprjid].projectname))
except:
LOG.error("Import failed", exc_info=True)
raise CommandError("Import failed")
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id,
user_id, default_roleid)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
user_email = keystone_api.user_get(request, user_id).email
prjman_list = get_project_managers(request, project_id)
noti_params = {
'username' : user_name,
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params)
notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body)
noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj.group(1)),
'project__projectname' : usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id,
user_id, default_roleid)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : user_name,
'project' : project_name
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=project_id, dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2),
data['newname'], None,
data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid=regid, project__projectname=prjname)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description,
True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {'project': project_name}
notifyUser(request=self.request,
rcpt=user_email,
action=PRJ_CREATE_TYPE,
context=noti_params,
dst_project_id=kprj.id,
dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member = client_factory(request).users.get(prj_req.registration.userid)
project_name = prj_req.project.projectname
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
new_name = data['name']
new_desc = data['description']
project_id = data['project_id']
with transaction.atomic():
pr_list = Project.objects.filter(projectid=project_id)
if len(pr_list) == 0:
LOG.error("Missing project %s in database" % project_id)
return False
else:
self.this_project = pr_list[0]
if new_name == self.this_project.projectname:
#
# Change project description
#
self.this_project.description = new_desc
self.this_project.save()
else:
#
# Change project name and description
#
newpr = Project()
newpr.projectname = new_name
newpr.projectid = project_id
newpr.description = new_desc
newpr.status = self.this_project.status
newpr.save()
old_reqs = PrjRequest.objects.filter(project=self.this_project)
for item in old_reqs:
PrjRequest(registration=item.registration,
project=newpr,
flowstatus=item.flowstatus,
notes=item.notes).save()
old_reqs.delete()
old_exps = Expiration.objects.filter(project=self.this_project)
for item in old_exps:
Expiration(registration=item.registration,
project=newpr,
expdate=item.expdate).save()
old_exps.delete()
old_rules = PrjRole.objects.filter(project=self.this_project)
for item in old_rules:
PrjRole(registration=item.registration,
project=newpr,
roleid=item.roleid,
status=item.status).save()
old_rules.delete()
self.this_project.delete()
self.this_project = newpr
if not super(ExtUpdateProject, self).handle(request, data):
raise IntegrityError('Cannot complete update on Keystone')
return True
def _update_project_members(self, request, data, project_id):
member_ids = set()
prjadm_ids = set()
prjrole_id = None
result = None
for role in self._get_available_roles(request):
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
for tmpid in data[field_name]:
member_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjadm_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjrole_id = role.id
with transaction.atomic():
ep_qset = Expiration.objects.filter(project=self.this_project)
disposable_exps = ep_qset.exclude(
registration__userid__in=member_ids)
changed_regs = [x.registration for x in disposable_exps]
rm_email_list = EMail.objects.filter(registration__in=changed_regs)
for item in ep_qset:
if item.registration.userid in member_ids:
member_ids.remove(item.registration.userid)
added_regs = Registration.objects.filter(userid__in=member_ids)
add_email_list = EMail.objects.filter(registration__in=added_regs)
#
# Use per-user expiration date as a fall back
# for expiration date per tenant
#
for item in added_regs:
def_expdate = item.expdate if item.expdate else datetime.now(
) + timedelta(365)
c_args = {
'registration': item,
'project': self.this_project,
'expdate': item.expdate
}
Expiration(**c_args).save()
changed_regs.append(item)
#
# Enable reminders to cloud admin for manually added users
#
RegRequest.objects.filter(registration__in=added_regs,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# Delete expiration for manually removed users
#
disposable_exps.delete()
#
# Remove subscription request for manually added or removed members
#
PrjRequest.objects.filter(registration__in=changed_regs,
project=self.this_project).delete()
#
# Delete and re-create the project admin cache
#
PrjRole.objects.filter(project=self.this_project).delete()
for item in Registration.objects.filter(userid__in=prjadm_ids):
new_prjrole = PrjRole()
new_prjrole.registration = item
new_prjrole.project = self.this_project
new_prjrole.roleid = prjrole_id
new_prjrole.save()
LOG.debug("Re-created prj admin: %s" % item.username)
result = super(ExtUpdateProject, self)._update_project_members(
request, data, project_id)
#
# Notify users, both new and removed
#
for e_item in rm_email_list:
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_RM,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
for e_item in add_email_list:
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname,
'isadmin': e_item.registration.userid in prjadm_ids
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_ADD,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
if len(prjadm_ids) == 0:
messages.warning(request,
_("Missing project admin for this project"))
return result
def _update_project_members(self, request, data, project_id):
admin_role_id = None
available_roles = baseWorkflows.api.keystone.role_list(request)
member_ids = set()
prjadm_ids = set()
result = None
with transaction.atomic():
#
# Create project in the database
#
newprj_id = self.object.id
qargs = {
'projectname': data['name'],
'projectid': newprj_id,
'description': data['description'],
'status': PRJ_PUBLIC
}
newprj = Project(**qargs)
newprj.save()
self.this_project = newprj
#
# Setup members
#
for role in available_roles:
tmp_step = self.get_step(
baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
if role.name == TENANTADMIN_ROLE:
admin_role_id = role.id
for tmpid in data[field_name]:
prjadm_ids.add(tmpid)
for user_id in data[field_name]:
member_ids.add(user_id)
#
# Import expiration per tenant, use per-user expiration date as a fall back
# Create the project admin cache
#
for u_item in Registration.objects.filter(userid__in=member_ids):
new_p_exp = Expiration()
new_p_exp.registration = u_item
new_p_exp.project = self.this_project
new_p_exp.expdate = u_item.expdate
new_p_exp.save()
if u_item.userid in prjadm_ids:
new_prjrole = PrjRole()
new_prjrole.registration = u_item
new_prjrole.project = self.this_project
new_prjrole.roleid = admin_role_id
new_prjrole.save()
LOG.debug("Created prj admin: %s" % u_item.username)
#
# Insert cloud admin as project_manager if missing
#
if len(prjadm_ids) == 0:
baseWorkflows.api.keystone.add_tenant_user_role(
request, project_id, request.user.id, admin_role_id)
result = super(ExtCreateProject, self)._update_project_members(
request, data, project_id)
#
# Notify users
#
for e_item in EMail.objects.filter(
registration__userid__in=member_ids):
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname,
'isadmin': e_item.registration.userid in prjadm_ids
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_ADD,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
#
# Notify all cloud admins
#
notifyAdmin(request=request,
action=NEWPRJ_BY_ADM,
context={'project': self.this_project.projectname})
return result
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
q_args = {
'registration' : registration,
'project__status' : PRJ_GUEST
}
prj_reqs = PrjRequest.objects.filter(**q_args)
project_id = prj_reqs[0].project.projectid
project_name = prj_reqs[0].project.projectname
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_reqs[0].registration
expiration.project = prj_reqs[0].project
expiration.expdate = data['expiration']
expiration.save()
#
# clear requests
#
prj_reqs.delete()
reg_request.delete()
#
# User creation
#
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = data['expiration']
registration.userid = kuser.id
registration.save()
LOG.info("Created guest user %s" % registration.username)
keystone_api.add_tenant_user_role(request, project_id,
registration.userid, default_roleid)
#
# Send notification to the user
#
noti_params = {
'username' : registration.username,
'project' : project_name,
'guestmode' : True
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
user_email = keystone_api.user_get(request, user_id).email
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request,
_("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(
regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration, flowstatus=RSTATUS_PENDING)[0]
prjReqList = PrjRequest.objects.filter(
registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(
globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" %
reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull': False,
'flowstatus': PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(project__projectid__isnull=True,
flowstatus=PSTATUS_REG)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request,
newreq_prj.projectname,
newreq_prj.description,
True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname,
data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
if is_local:
registration.username = data['username']
kuser = keystone_api.user_create(
request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_item.projectid,
registration.userid,
tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request,
p_item.project.projectid)
tmpres = EMail.objects.filter(
registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': data['username'],
'project': p_item.project.projectname
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_WAIT_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname,
'prjadmins': m_emails
}
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_ONGOING,
context=n2_params,
dst_project_id=p_item.project.projectid,
dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname
}
notifyUser(request=self.request,
rcpt=user_email,
action=FIRST_REG_OK_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid,
dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id, user_id,
default_roleid)
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(registration=prj_req.registration,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {'username': user_name, 'project': project_name}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_OK_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(
registration = prj_req.registration,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration,
flowstatus=RSTATUS_PENDING
)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(
project__projectid__isnull = True,
flowstatus = PSTATUS_REG
)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request, newreq_prj.projectname,
newreq_prj.description, True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname, data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
if is_local:
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request, p_item.project.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params,
dst_project_id=p_item.project.projectid, dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname
}
notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
#
# Enable reminder for cloud admin if present
#
RegRequest.objects.filter(
registration = reg_user,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2), data['newname'],
None, data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid = regid,
project__projectname = prjname
)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {
'project' : project_name
}
notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params,
dst_project_id=kprj.id, dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
new_prj_list = list()
q_args = {
'project__projectid__isnull' : True,
'flowstatus' : PSTATUS_REG
}
for p_reqs in prjReqList.filter(**q_args):
kprj = keystone_api.tenant_create(request, p_reqs.project.projectname,
p_reqs.project.description, True)
p_reqs.project.projectid = kprj.id
p_reqs.project.save()
new_prj_list.append(p_reqs.project)
LOG.info("Created tenant %s" % p_reqs.project.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_users = get_project_managers(request, p_item.project.projectid)
m_emails = [ usr.email for usr in m_users ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params)
notifyUsers(m_emails, noti_sbj, noti_body)
n2_params = {
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params)
notifyUsers(user_email, noti_sbj, noti_body)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'guestmode' : False
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
