def delete(self, request, obj_id):
with transaction.atomic():
critic_prjs = list()
for e_item in Expiration.objects.filter(registration__userid=obj_id):
prj_man_ids = get_prjman_ids(request, e_item.project.projectid)
if len(prj_man_ids) == 1 and prj_man_ids[0] == obj_id:
critic_prjs.append(e_item.project.projectname)
if len(critic_prjs) > 0:
msg = _("User is the unique admin for %s") % ", ".join(critic_prjs)
messages.error(request, msg)
raise Exception(msg)
tmpres = EMail.objects.filter(registration__userid=obj_id)
user_email = tmpres[0].email if tmpres else None
user_name = tmpres[0].registration.username if tmpres else None
Registration.objects.filter(userid=obj_id).delete()
super(DeleteUsersAction, self).delete(request, obj_id)
noti_params = {
'username' : user_name
}
notifyUser(request=request, rcpt=user_email, action=USER_PURGED_TYPE,
context=noti_params, dst_user_id=obj_id)
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_exp = Expiration.objects.filter(**q_args)
prj_exp.update(expdate=data['expiration'])
#
# Update the max expiration per user
#
user_reg = Registration.objects.get(regid=int(data['regid']))
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
tmpres = EMail.objects.filter(registration=user_reg)
user_mail = tmpres[0].email if len(tmpres) > 0 else None
#
# Clear requests
#
prj_reqs.delete()
#
# send notification to the user and cloud admin
#
noti_params = {
'username' : user_reg.username,
'project' : request.user.tenant_name,
'expiration' : data['expiration'].strftime("%d %B %Y")
}
notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=user_reg.userid)
notifyAdmin(request=request, action=USER_RENEWED_TYPE, context=noti_params)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_exp = Expiration.objects.filter(**q_args)
prj_exp.update(expdate=data['expiration'])
#
# Update the max expiration per user
#
user_reg = Registration.objects.get(regid=int(data['regid']))
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
tmpres = EMail.objects.filter(registration=user_reg)
user_mail = tmpres[0].email if len(tmpres) > 0 else None
#
# Clear requests
#
prj_reqs.delete()
#
# send notification to the user and cloud admin
#
noti_params = {
'username' : user_reg.username,
'project' : request.user.tenant_name,
'expiration' : data['expiration'].strftime("%d %B %Y")
}
notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=user_reg.userid)
notifyAdmin(request=request, action=USER_RENEWED_TYPE, context=noti_params)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
usr_and_prj = REQID_REGEX.search(data['requestid'])
regid = int(usr_and_prj.group(1))
prj_reqs = PrjRequest.objects.filter(
registration__regid=regid,
project__projectname=usr_and_prj.group(2),
flowstatus__in=[PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB])
if len(prj_reqs) == 0:
return True
prj_exp = Expiration.objects.filter(
registration__regid=regid,
project__projectname=usr_and_prj.group(2))
prj_exp.update(expdate=data['expiration'])
#
# Update the max expiration per user
#
user_reg = Registration.objects.get(regid=regid)
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
tmpres = EMail.objects.filter(registration=user_reg)
user_mail = tmpres[0].email if len(tmpres) > 0 else None
#
# Clear requests
#
prj_reqs.delete()
#
# send notification to the project admin
#
noti_params = {
'username': user_reg.username,
'project': usr_and_prj.group(2),
'expiration': data['expiration'].strftime("%d %B %Y")
}
notifyUser(request=request,
rcpt=user_mail,
action=USER_RENEWED_TYPE,
context=noti_params,
dst_user_id=user_reg.userid)
except:
LOG.error("Cannot renew project admin", exc_info=True)
messages.error(request, _("Cannot renew project admin"))
return False
return True
def handle(self, request, data):
mail_table = dict()
exp_table = dict()
for d_item in data:
if d_item.startswith('prj_'):
exp_table[d_item[4:]] = data[d_item]
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
with transaction.atomic():
q_args = {
'registration__userid' : data['userid'],
'project__projectname__in' : exp_table.keys()
}
for exp_item in Expiration.objects.filter(**q_args):
user_name = exp_item.registration.username
prj_name = exp_item.project.projectname
c_exp = exp_table.get(prj_name, None)
if not c_exp or exp_item.expdate == c_exp:
continue
q_args = {
'registration__userid' : data['userid'],
'project__projectname' : prj_name
}
Expiration.objects.filter(**q_args).update(expdate=c_exp)
q_args['flowstatus__in'] = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ]
PrjRequest.objects.filter(**q_args).delete()
if not mail_table.has_key(user_name):
tmpobj = EMail.objects.filter(registration__userid=data['userid'])
mail_table[user_name] = tmpobj[0].email if len(tmpobj) else None
try:
noti_params = {
'username' : user_name,
'project' : prj_name,
'expiration' : c_exp.strftime("%d %B %Y")
}
notifyUser(request=request, rcpt=mail_table[user_name],
action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=data['userid'])
except:
LOG.error("Cannot notify %s" % user_name, exc_info=True)
all_exp = Expiration.objects.filter(registration__userid=data['userid'])
if len(all_exp):
new_exp = max([ x.expdate for x in all_exp ])
all_exp[0].registration.expdate = new_exp
all_exp[0].registration.save()
return True
def handle(self, request, data):
try:
with transaction.atomic():
usr_and_prj = REQID_REGEX.search(data['requestid'])
regid = int(usr_and_prj.group(1))
prj_reqs = PrjRequest.objects.filter(
registration__regid = regid,
project__projectname = usr_and_prj.group(2),
flowstatus__in = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ]
)
if len(prj_reqs) == 0:
return True
prj_exp = Expiration.objects.filter(
registration__regid = regid,
project__projectname = usr_and_prj.group(2)
)
prj_exp.update(expdate=data['expiration'])
#
# Update the max expiration per user
#
user_reg = Registration.objects.get(regid=regid)
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
tmpres = EMail.objects.filter(registration=user_reg)
user_mail = tmpres[0].email if len(tmpres) > 0 else None
#
# Clear requests
#
prj_reqs.delete()
#
# send notification to the project admin
#
noti_params = {
'username' : user_reg.username,
'project' : usr_and_prj.group(2),
'expiration' : data['expiration'].strftime("%d %B %Y")
}
notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=user_reg.userid)
except:
LOG.error("Cannot renew project admin", exc_info=True)
messages.error(request, _("Cannot renew project admin"))
return False
return True
def handle(self, *args, **options):
super(Command, self).handle(options)
admin_table = dict()
mail_table = dict()
req_table = dict()
try:
with transaction.atomic():
for prj_req in PrjRequest.objects.filter(
flowstatus=PSTATUS_PENDING):
prjname = prj_req.project.projectname
if not req_table.has_key(prjname):
req_table[prjname] = list()
req_table[prjname].append(prj_req.registration.username)
for prjname in req_table.keys():
for p_role in PrjRole.objects.filter(
project__projectname=prjname):
user_name = p_role.registration.username
user_id = p_role.registration.userid
user_tuple = (user_name, user_id)
if not admin_table.has_key(user_tuple):
admin_table[user_tuple] = list()
admin_table[user_tuple].append(
p_role.project.projectname)
if not mail_table.has_key(user_name):
tmpres = EMail.objects.filter(
registration__username=user_name)
if len(tmpres):
mail_table[user_name] = tmpres[0].email
for user_tuple in admin_table:
for prj_name in admin_table[user_tuple]:
try:
noti_params = {
'pendingreqs': req_table[prj_name],
'project': prj_name
}
notifyUser(mail_table[user_tuple[0]],
SUBSCR_REMINDER,
noti_params,
dst_user_id=user_tuple[1])
except:
LOG.error("Cannot notify pending subscription: %s" %
user_tuple[0],
exc_info=True)
except:
LOG.error("Cannot notify pending subscritions: system error",
exc_info=True)
raise CommandError("Cannot notify pending subscritions")
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': user_name,
'project': project_name,
'notes': data['reason']
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_NO_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_NO_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
mail_table = dict()
exp_table = dict()
for d_item in data:
if d_item.startswith('prj_'):
exp_table[d_item[4:]] = data[d_item]
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
with transaction.atomic():
q_args = {
'registration__userid' : data['userid'],
'project__projectname__in' : exp_table.keys()
}
for exp_item in Expiration.objects.filter(**q_args):
user_name = exp_item.registration.username
prj_name = exp_item.project.projectname
c_exp = exp_table.get(prj_name, None)
if not c_exp or exp_item.expdate == c_exp:
continue
q_args = {
'registration__userid' : data['userid'],
'project__projectname' : prj_name
}
Expiration.objects.filter(**q_args).update(expdate=c_exp)
q_args['flowstatus__in'] = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ]
PrjRequest.objects.filter(**q_args).delete()
if not mail_table.has_key(user_name):
tmpobj = EMail.objects.filter(registration__userid=data['userid'])
mail_table[user_name] = tmpobj[0].email if len(tmpobj) else None
try:
noti_params = {
'username' : user_name,
'project' : prj_name,
'expiration' : c_exp.strftime("%d %B %Y")
}
notifyUser(request=request, rcpt=mail_table[user_name],
action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=data['userid'])
except:
LOG.error("Cannot notify %s" % user_name, exc_info=True)
set_last_exp(data['userid'])
return True
def handle(self, request, data):
try:
with transaction.atomic():
registration = Registration.objects.get(
regid=int(data['regid']))
prjReqList = PrjRequest.objects.filter(
registration=registration)
regReqList = RegRequest.objects.filter(
registration=registration, flowstatus=RSTATUS_PENDING)
#
# Delete request for projects to be created
#
newprj_list = list()
for prj_req in prjReqList:
if not prj_req.project.projectid:
newprj_list.append(prj_req.project.projectname)
if len(newprj_list):
Project.objects.filter(
projectname__in=newprj_list).delete()
#
# First registration request, remove all (using cascaded foreign key)
#
user_email = regReqList[0].email
user_name = registration.username
registration.delete()
noti_params = {
'username': user_name,
'projects':
list(p.project.projectname for p in prjReqList),
'project_creation': (len(newprj_list) != 0),
'notes': data['reason']
}
notifyUser(request=self.request,
rcpt=user_email,
action=FIRST_REG_NO_TYPE,
context=noti_params)
except:
LOG.error("Error rejecting request", exc_info=True)
messages.error(request, _("Cannot reject request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj.group(1)),
'project__projectname' : usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : user_name,
'project' : project_name,
'notes' : data['reason']
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params,
dst_project_id=project_id, dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, *args, **options):
super(Command, self).handle(options)
admin_table = dict()
mail_table = dict()
req_table = dict()
try:
with transaction.atomic():
for prj_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
prjname = prj_req.project.projectname
if not req_table.has_key(prjname):
req_table[prjname] = list()
req_table[prjname].append(prj_req.registration.username)
for prjname in req_table.keys():
for p_role in PrjRole.objects.filter(project__projectname=prjname):
user_name = p_role.registration.username
user_id = p_role.registration.userid
user_tuple = (user_name, user_id)
if not admin_table.has_key(user_tuple):
admin_table[user_tuple] = list()
admin_table[user_tuple].append(p_role.project.projectname)
if not mail_table.has_key(user_name):
tmpres = EMail.objects.filter(registration__username=user_name)
if len(tmpres):
mail_table[user_name] = tmpres[0].email
for user_tuple in admin_table:
for prj_name in admin_table[user_tuple]:
try:
noti_params = {
'pendingreqs' : req_table[prj_name],
'project' : prj_name
}
notifyUser(mail_table[user_tuple[0]], SUBSCR_REMINDER, noti_params,
dst_user_id=user_tuple[1])
except:
LOG.error("Cannot notify pending subscription: %s" % user_tuple[0],
exc_info=True)
except:
LOG.error("Cannot notify pending subscritions: system error", exc_info=True)
raise CommandError("Cannot notify pending subscritions")
def handle(self, request, data):
try:
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
prjReqList = PrjRequest.objects.filter(registration=registration)
regReqList = RegRequest.objects.filter(
registration=registration,
flowstatus=RSTATUS_PENDING
)
#
# Delete request for projects to be created
#
newprj_list = list()
for prj_req in prjReqList:
if not prj_req.project.projectid:
newprj_list.append(prj_req.project.projectname)
if len(newprj_list):
Project.objects.filter(projectname__in=newprj_list).delete()
#
# First registration request, remove all (using cascaded foreign key)
#
user_email = regReqList[0].email
user_name = registration.username
registration.delete()
noti_params = {
'username': user_name,
'projects': list(p.project.projectname for p in prjReqList),
'project_creation': (len(newprj_list) != 0),
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_NO_TYPE, context=noti_params)
except:
LOG.error("Error rejecting request", exc_info=True)
messages.error(request, _("Cannot reject request"))
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_NO_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_NO_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid' : int(usr_and_prj.group(1)),
'project__projectname' : usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {
'project' : project_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=user_email, action=PRJ_REJ_TYPE, context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {'project': project_name, 'notes': data['reason']}
notifyUser(request=self.request,
rcpt=user_email,
action=PRJ_REJ_TYPE,
context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_NO_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_NO_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def delete(self, request, obj_id):
try:
with transaction.atomic():
q_args = {
'registration__userid': obj_id,
'project__projectname': request.user.tenant_name
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {'project': request.user.tenant_id, 'user': obj_id}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username': member_name,
'admin_address': admin_email,
'project': request.user.tenant_name
}
notifyUser(request=request,
rcpt=member_email,
action=MEMBER_REMOVED,
context=noti_params,
dst_user_id=obj_id)
notifyAdmin(request=request,
action=MEMBER_REMOVED_ADM,
context=noti_params)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def delete(self, request, obj_id):
try:
with transaction.atomic():
q_args = {
'registration__userid' : obj_id,
'project__projectname' : request.user.tenant_name
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name
}
notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=obj_id)
notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data):
try:
with transaction.atomic():
q_args = {
'registration__userid' : data['userid'],
'project__projectid' : request.user.tenant_id
}
Expiration.objects.filter(**q_args).update(expdate=data['expiration'])
all_exp = Expiration.objects.filter(registration__userid=data['userid'])
if len(all_exp):
new_exp = max([ x.expdate for x in all_exp ])
all_exp[0].registration.expdate = new_exp
all_exp[0].registration.save()
PrjRequest.objects.filter(**q_args).delete()
tmpres = EMail.objects.filter(registration__userid=data['userid'])
if len(tmpres) == 0:
return True
user_name = tmpres[0].registration.username
user_mail = tmpres[0].email
noti_params = {
'username' : user_name,
'project' : request.user.tenant_name,
'expiration' : data['expiration'].strftime("%d %B %Y")
}
try:
notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE,
context=noti_params, dst_user_id=data['userid'])
notifyAdmin(request=request, action=USER_RENEWED_TYPE, context=noti_params)
except:
LOG.error("Cannot notify %s" % user_name, exc_info=True)
except:
exceptions.handle(request)
return False
return True
def handle(self, *args, **options):
super(Command, self).handle(options)
try:
now = datetime.now()
noti_table = dict()
user_set = set()
prj_set = set()
for days_to_exp in self._get_days_to_exp(self.config.cron_plan):
tframe = now + timedelta(days=days_to_exp)
noti_table[days_to_exp] = list()
q_args = {
'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0),
'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999)
}
for exp_item in Expiration.objects.filter(**q_args):
username = exp_item.registration.username
userid = exp_item.registration.userid
prjname = exp_item.project.projectname
prjid = exp_item.project.projectid
noti_table[days_to_exp].append((username, userid, prjname, prjid))
user_set.add(userid)
prj_set.add(prjname)
admin_table = dict()
for p_role in PrjRole.objects.filter(project__projectname__in=prj_set):
prjname = p_role.project.projectname
if not admin_table.has_key(prjname):
admin_table[prjname] = list()
admin_table[prjname].append(p_role.registration.userid)
user_set.add(p_role.registration.userid)
mail_table = dict()
for email_item in EMail.objects.filter(registration__userid__in=user_set):
mail_table[email_item.registration.userid] = email_item.email
contact_table = dict()
for prjname, uid_list in admin_table.items():
contact_table[prjname] = list()
for userid in uid_list:
if mail_table.has_key(userid):
contact_table[prjname].append(mail_table[userid])
for days_to_exp, noti_list in noti_table.items():
for username, userid, prjname, prjid in noti_list:
try:
noti_params = {
'username' : username,
'project' : prjname,
'days' : days_to_exp,
'contacts' : contact_table[prjname]
}
notifyUser(mail_table[userid], USER_EXP_TYPE, noti_params,
user_id=userid, project_id=prjid, dst_user_id=userid)
except:
LOG.error("Cannot notify %s" % username, exc_info=True)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration,
flowstatus=RSTATUS_PENDING
)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(
project__projectid__isnull = True,
flowstatus = PSTATUS_REG
)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request, newreq_prj.projectname,
newreq_prj.description, True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname, data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
if is_local:
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request, p_item.project.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params,
dst_project_id=p_item.project.projectid, dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname
}
notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Clear requests
#
prj_reqs.delete()
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
Expiration.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if member_email else 'unknown'
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2),
data['newname'], None,
data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid=regid, project__projectname=prjname)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description,
True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {'project': project_name}
notifyUser(request=self.request,
rcpt=user_email,
action=PRJ_CREATE_TYPE,
context=noti_params,
dst_project_id=kprj.id,
dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
with transaction.atomic():
PrjRole.objects.filter(
registration__userid=obj_id,
project__projectname=request.user.tenant_name
).delete()
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address' : admin_email,
'project' : request.user.tenant_name,
's_role' : _('Project manager'),
'd_role' : _('Project user')
}
notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
dst_project_id=request.user.project_id, dst_user_id=obj_id)
else:
with transaction.atomic():
prjRole = PrjRole()
prjRole.registration = Registration.objects.filter(userid=obj_id)[0]
prjRole.project = Project.objects.get(projectname=request.user.tenant_name)
prjRole.roleid = t_role_id
prjRole.save()
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address' : admin_email,
'project' : request.user.tenant_name,
's_role' : _('Project user'),
'd_role' : _('Project manager')
}
notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
dst_project_id=request.user.project_id, dst_user_id=obj_id)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {'project': request.user.tenant_id, 'user': obj_id}
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
with transaction.atomic():
PrjRole.objects.filter(registration__userid=obj_id,
project__projectname=request.user.
tenant_name).delete()
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address': admin_email,
'project': request.user.tenant_name,
's_role': _('Project manager'),
'd_role': _('Project user')
}
notifyUser(request=request,
rcpt=member_email,
action=CHANGED_MEMBER_ROLE,
context=noti_params,
dst_project_id=request.user.project_id,
dst_user_id=obj_id)
else:
with transaction.atomic():
prjRole = PrjRole()
prjRole.registration = Registration.objects.filter(
userid=obj_id)[0]
prjRole.project = Project.objects.get(
projectname=request.user.tenant_name)
prjRole.roleid = t_role_id
prjRole.save()
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address': admin_email,
'project': request.user.tenant_name,
's_role': _('Project user'),
'd_role': _('Project manager')
}
notifyUser(request=request,
rcpt=member_email,
action=CHANGED_MEMBER_ROLE,
context=noti_params,
dst_project_id=request.user.project_id,
dst_user_id=obj_id)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(
reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data):
if not data['username']:
messages.error(request,
_("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(
regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration, flowstatus=RSTATUS_PENDING)[0]
prjReqList = PrjRequest.objects.filter(
registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(
globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" %
reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull': False,
'flowstatus': PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(project__projectid__isnull=True,
flowstatus=PSTATUS_REG)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request,
newreq_prj.projectname,
newreq_prj.description,
True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname,
data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
if is_local:
registration.username = data['username']
kuser = keystone_api.user_create(
request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_item.projectid,
registration.userid,
tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request,
p_item.project.projectid)
tmpres = EMail.objects.filter(
registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': data['username'],
'project': p_item.project.projectname
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_WAIT_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname,
'prjadmins': m_emails
}
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_ONGOING,
context=n2_params,
dst_project_id=p_item.project.projectid,
dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname
}
notifyUser(request=self.request,
rcpt=user_email,
action=FIRST_REG_OK_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid,
dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def _update_project_members(self, request, data, project_id):
member_ids = set()
prjadm_ids = set()
prjrole_id = None
result = None
for role in self._get_available_roles(request):
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
for tmpid in data[field_name]:
member_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjadm_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjrole_id = role.id
with transaction.atomic():
ep_qset = Expiration.objects.filter(project=self.this_project)
disposable_exps = ep_qset.exclude(registration__userid__in=member_ids)
changed_regs = [ x.registration for x in disposable_exps ]
rm_email_list = EMail.objects.filter(registration__in=changed_regs)
for item in ep_qset:
if item.registration.userid in member_ids:
member_ids.remove(item.registration.userid)
added_regs = Registration.objects.filter(userid__in=member_ids)
add_email_list = EMail.objects.filter(registration__in=added_regs)
#
# Use per-user expiration date as a fall back
# for expiration date per tenant
#
for item in added_regs:
def_expdate = item.expdate if item.expdate else datetime.now() + timedelta(365)
c_args = {
'registration' : item,
'project' : self.this_project,
'expdate' : item.expdate
}
Expiration(**c_args).save()
changed_regs.append(item)
#
# Delete expiration for manually removed users
#
disposable_exps.delete()
#
# Remove subscription request for manually added or removed members
#
PrjRequest.objects.filter(
registration__in = changed_regs,
project = self.this_project
).delete()
#
# Delete and re-create the project admin cache
#
PrjRole.objects.filter(project=self.this_project).delete()
for item in Registration.objects.filter(userid__in=prjadm_ids):
new_prjrole = PrjRole()
new_prjrole.registration = item
new_prjrole.project = self.this_project
new_prjrole.roleid = prjrole_id
new_prjrole.save()
LOG.debug("Re-created prj admin: %s" % item.username)
result = super(ExtUpdateProject, self)._update_project_members(request, data, project_id)
#
# Notify users, both new and removed
#
for e_item in rm_email_list:
noti_params = {
'username' : e_item.registration.username,
'project' : self.this_project.projectname
}
notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_RM, context=noti_params,
dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid)
for e_item in add_email_list:
noti_params = {
'username' : e_item.registration.username,
'project' : self.this_project.projectname,
'isadmin' : e_item.registration.userid in prjadm_ids
}
notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params,
dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid)
if len(prjadm_ids) == 0:
messages.warning(request, _("Missing project admin for this project"))
return result
def _update_project_members(self, request, data, project_id):
admin_role_id = None
available_roles = baseWorkflows.api.keystone.role_list(request)
member_ids = set()
prjadm_ids = set()
result = None
with transaction.atomic():
#
# Create project in the database
#
newprj_id = self.object.id
qargs = {
'projectname' : data['name'],
'projectid' : newprj_id,
'description' : data['description'],
'status' : PRJ_PUBLIC
}
newprj = Project(**qargs)
newprj.save()
self.this_project = newprj
#
# Setup members
#
for role in available_roles:
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
if role.name == TENANTADMIN_ROLE:
admin_role_id = role.id
for tmpid in data[field_name]:
prjadm_ids.add(tmpid)
for user_id in data[field_name]:
member_ids.add(user_id)
#
# Import expiration per tenant, use per-user expiration date as a fall back
# Create the project admin cache
#
for u_item in Registration.objects.filter(userid__in=member_ids):
new_p_exp = Expiration()
new_p_exp.registration = u_item
new_p_exp.project = self.this_project
new_p_exp.expdate = u_item.expdate
new_p_exp.save()
if u_item.userid in prjadm_ids:
new_prjrole = PrjRole()
new_prjrole.registration = u_item
new_prjrole.project = self.this_project
new_prjrole.roleid = admin_role_id
new_prjrole.save()
LOG.debug("Created prj admin: %s" % u_item.username)
#
# Insert cloud admin as project_manager if missing
#
if len(prjadm_ids) == 0:
baseWorkflows.api.keystone.add_tenant_user_role(request, project_id,
request.user.id, admin_role_id)
result = super(ExtCreateProject, self)._update_project_members(request, data, project_id)
#
# Notify users
#
for e_item in EMail.objects.filter(registration__userid__in=member_ids):
noti_params = {
'username' : e_item.registration.username,
'project' : self.this_project.projectname,
'isadmin' : e_item.registration.userid in prjadm_ids
}
notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params,
dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid)
#
# Notify all cloud admins
#
notifyAdmin(request=request, action=NEWPRJ_BY_ADM,
context={'project' : self.this_project.projectname})
return result
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Clear requests
#
prj_reqs.delete()
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
Expiration.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if member_email else 'unknown'
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(
registration = prj_req.registration,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
#
# Enable reminder for cloud admin if present
#
RegRequest.objects.filter(
registration = reg_user,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id, user_id,
default_roleid)
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(registration=prj_req.registration,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {'username': user_name, 'project': project_name}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_OK_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
regid, prjname = chk_repl_project(int(usr_and_prj.group(1)),
usr_and_prj.group(2), data['newname'],
None, data['newdescr'])
#
# Creation of new tenant
#
prj_req = PrjRequest.objects.filter(
registration__regid = regid,
project__projectname = prjname
)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
prjRole = PrjRole()
prjRole.registration = prj_req.registration
prjRole.project = prj_req.project
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
setup_new_project(request, kprj.id, project_name, data)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
noti_params = {
'project' : project_name
}
notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params,
dst_project_id=kprj.id, dst_user_id=user_id)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def _update_project_members(self, request, data, project_id):
member_ids = set()
prjadm_ids = set()
prjrole_id = None
result = None
for role in self._get_available_roles(request):
tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
for tmpid in data[field_name]:
member_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjadm_ids.add(tmpid)
if role.name == TENANTADMIN_ROLE:
prjrole_id = role.id
with transaction.atomic():
ep_qset = Expiration.objects.filter(project=self.this_project)
disposable_exps = ep_qset.exclude(
registration__userid__in=member_ids)
changed_regs = [x.registration for x in disposable_exps]
rm_email_list = EMail.objects.filter(registration__in=changed_regs)
for item in ep_qset:
if item.registration.userid in member_ids:
member_ids.remove(item.registration.userid)
added_regs = Registration.objects.filter(userid__in=member_ids)
add_email_list = EMail.objects.filter(registration__in=added_regs)
#
# Use per-user expiration date as a fall back
# for expiration date per tenant
#
for item in added_regs:
def_expdate = item.expdate if item.expdate else datetime.now(
) + timedelta(365)
c_args = {
'registration': item,
'project': self.this_project,
'expdate': item.expdate
}
Expiration(**c_args).save()
changed_regs.append(item)
#
# Enable reminders to cloud admin for manually added users
#
RegRequest.objects.filter(registration__in=added_regs,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# Delete expiration for manually removed users
#
disposable_exps.delete()
#
# Remove subscription request for manually added or removed members
#
PrjRequest.objects.filter(registration__in=changed_regs,
project=self.this_project).delete()
#
# Delete and re-create the project admin cache
#
PrjRole.objects.filter(project=self.this_project).delete()
for item in Registration.objects.filter(userid__in=prjadm_ids):
new_prjrole = PrjRole()
new_prjrole.registration = item
new_prjrole.project = self.this_project
new_prjrole.roleid = prjrole_id
new_prjrole.save()
LOG.debug("Re-created prj admin: %s" % item.username)
result = super(ExtUpdateProject, self)._update_project_members(
request, data, project_id)
#
# Notify users, both new and removed
#
for e_item in rm_email_list:
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_RM,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
for e_item in add_email_list:
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname,
'isadmin': e_item.registration.userid in prjadm_ids
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_ADD,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
if len(prjadm_ids) == 0:
messages.warning(request,
_("Missing project admin for this project"))
return result
def handle(self, *args, **options):
super(Command, self).handle(options)
LOG.info("Checking expired users")
try:
keystone_client = client.Client(
username=self.config.cron_user,
password=self.config.cron_pwd,
project_name=self.config.cron_prj,
user_domain_name=self.config.cron_domain,
project_domain_name=self.config.cron_domain,
cacert=self.config.cron_ca,
auth_url=self.config.cron_kurl)
prjman_roleid = get_prjman_roleid(keystone_client)
cloud_adminid = keystone_client.auth_ref.user_id
except:
LOG.error("Check expiration failed", exc_info=True)
raise CommandError("Check expiration failed")
updated_prjs = set()
exp_date = datetime.now() - timedelta(self.config.cron_defer)
for mem_item in Expiration.objects.filter(expdate__lt=exp_date):
username = mem_item.registration.username
userid = mem_item.registration.userid
prjname = mem_item.project.projectname
prjid = mem_item.project.projectid
updated_prjs.add(prjid)
try:
with transaction.atomic():
tmpres = EMail.objects.filter(
registration=mem_item.registration)
user_mail = tmpres[0].email if len(tmpres) else None
q_args = {
'registration': mem_item.registration,
'project': mem_item.project
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
arg_dict = {'project': prjid, 'user': userid}
for r_item in keystone_client.role_assignments.list(
**arg_dict):
keystone_client.roles.revoke(r_item.role['id'],
**arg_dict)
LOG.info("Removed %s from %s" % (username, prjid))
noti_params = {'username': username, 'project': prjname}
notifyUser(user_mail,
USER_EXPIRED_TYPE,
noti_params,
project_id=prjid,
dst_user_id=userid)
#
# TODO notify project admins
#
except:
LOG.error("Check expiration failed for %s" % username,
exc_info=True)
#
# Check for tenants without admin (use cloud admin if missing)
#
for prj_id in updated_prjs:
if PrjRole.objects.filter(project__projectid=prj_id).count() == 0:
try:
keystone_client.roles.grant(prjman_roleid,
user=cloud_adminid,
project=prj_id)
LOG.info("Cloud Administrator as admin for %s" % prj_id)
noti_params = {
'project': prj_id,
's_role': 'None',
'd_role': 'project_manager'
}
notifyAdmin(CHANGED_MEMBER_ROLE,
noti_params,
dst_user_id=prj_id)
except:
LOG.error("Cannot set super admin for %s" % username,
exc_info=True)
def _update_project_members(self, request, data, project_id):
admin_role_id = None
available_roles = baseWorkflows.api.keystone.role_list(request)
member_ids = set()
prjadm_ids = set()
result = None
with transaction.atomic():
#
# Create project in the database
#
newprj_id = self.object.id
qargs = {
'projectname': data['name'],
'projectid': newprj_id,
'description': data['description'],
'status': PRJ_PUBLIC
}
newprj = Project(**qargs)
newprj.save()
self.this_project = newprj
#
# Setup members
#
for role in available_roles:
tmp_step = self.get_step(
baseWorkflows.PROJECT_USER_MEMBER_SLUG)
field_name = tmp_step.get_member_field_name(role.id)
if role.name == TENANTADMIN_ROLE:
admin_role_id = role.id
for tmpid in data[field_name]:
prjadm_ids.add(tmpid)
for user_id in data[field_name]:
member_ids.add(user_id)
#
# Import expiration per tenant, use per-user expiration date as a fall back
# Create the project admin cache
#
for u_item in Registration.objects.filter(userid__in=member_ids):
new_p_exp = Expiration()
new_p_exp.registration = u_item
new_p_exp.project = self.this_project
new_p_exp.expdate = u_item.expdate
new_p_exp.save()
if u_item.userid in prjadm_ids:
new_prjrole = PrjRole()
new_prjrole.registration = u_item
new_prjrole.project = self.this_project
new_prjrole.roleid = admin_role_id
new_prjrole.save()
LOG.debug("Created prj admin: %s" % u_item.username)
#
# Insert cloud admin as project_manager if missing
#
if len(prjadm_ids) == 0:
baseWorkflows.api.keystone.add_tenant_user_role(
request, project_id, request.user.id, admin_role_id)
result = super(ExtCreateProject, self)._update_project_members(
request, data, project_id)
#
# Notify users
#
for e_item in EMail.objects.filter(
registration__userid__in=member_ids):
noti_params = {
'username': e_item.registration.username,
'project': self.this_project.projectname,
'isadmin': e_item.registration.userid in prjadm_ids
}
notifyUser(request=request,
rcpt=e_item.email,
action=MEMBER_FORCED_ADD,
context=noti_params,
dst_project_id=self.this_project.projectid,
dst_user_id=e_item.registration.userid)
#
# Notify all cloud admins
#
notifyAdmin(request=request,
action=NEWPRJ_BY_ADM,
context={'project': self.this_project.projectname})
return result
