Пример #1
0
 def delete(self, request, obj_id):
 
     try:
         
         roles_obj = client_factory(request).roles
         role_assign_obj = client_factory(request).role_assignments
         users_obj = client_factory(request).users
         
         arg_dict = {
             'project' : request.user.tenant_id,
             'user' : obj_id
         }
         for r_item in role_assign_obj.list(**arg_dict):
             roles_obj.revoke(r_item.role['id'], **arg_dict)
         
         member = users_obj.get(obj_id)
         noti_params = {
             'username' : member.name,
             'admin_address' : users_obj.get(request.user.id).email,
             'project' : request.user.tenant_name
         }
         noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
         notifyUsers(member.email, noti_sbj, noti_body)
         
         noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params)
         notifyManagers(noti_sbj, noti_body)
         
     except:
         LOG.error("Grant revoke error", exc_info=True)
         messages.error(request, _('Unable to delete member from tenant.'))
Пример #2
0
    def handle(self, request, data):

        try:
        
            with transaction.atomic():

                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname,
                    'flowstatus' : PSTATUS_RENEW_MEMB
                }                
                prj_reqs = PrjRequest.objects.filter(**q_args)
                
                if len(prj_reqs) == 0:
                    return True

                user_id = prj_reqs[0].registration.userid
                #
                # Remove member from project
                #
                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments
        
                arg_dict = {
                    'project' : request.user.tenant_id,
                    'user' : user_id
                }
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)
        
                #
                # Clear requests
                #
                prj_reqs.delete()

            #
            # Send notification to the user
            #
            users_obj = client_factory(request).users
            member = users_obj.get(user_id)
            noti_params = {
                'username' : member.name,
                'admin_address' : users_obj.get(request.user.id).email,
                'project' : request.user.tenant_name,
                'notes' : data['reason']
            }
            noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
                
        except:
            LOG.error("Cannot renew user", exc_info=True)
            exceptions.handle(request)
            return False
        
        return True
Пример #3
0
 def handle(self, *args, **options):
 
     configure_log(options)
     
     config = configure_app(options)
         
     try:
         
         keystone_client = client.Client(username=config.cron_user,
                                         password=config.cron_pwd,
                                         project_name=config.cron_prj,
                                         cacert=config.cron_ca,
                                         auth_url=config.cron_kurl)
         
         req_table = dict()
         prj_res_table = dict()
         for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
             if not p_req.project.projectid in req_table:
                 req_table[p_req.project.projectid] = list()
             uname = p_req.registration.username
             email = self.get_email(None, None, p_req.registration)
             req_table[p_req.project.projectid].append((uname, email))
             prj_res_table[p_req.project.projectid] = p_req.project.projectname
         
         admin_table = dict()
         prjman_roleid = get_prjman_roleid(keystone_client)
         for prj_id in req_table:
             q_args = {
                 'scope.project.id' : prj_id,
                 'role.id' : prjman_roleid
             }
             
             for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args):
             
                 email = self.get_email(keystone_client, assign.user['id'], None)
                 
                 if not email in admin_table:
                     admin_table[email] = list()
                 admin_table[email].append(prj_id)
                 
         for email in admin_table:
             for prj_id in admin_table[email]:
                 noti_params = {
                     'pendingreqs' : req_table[prj_id],
                     'project' : prj_res_table[prj_id]
                 }
                 noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params)
                 notifyUsers(email, noti_sbj, noti_body)
             
     except:
         LOG.error("Notification failed", exc_info=True)
         raise CommandError("Notification failed")
Пример #4
0
 def handle(self, *args, **options):
 
     configure_log(options)
     
     config = configure_app(options)
                 
     try:
         
         now = datetime.now()
         contact_list = build_contact_list()
         
         for days_to_exp in self._get_days_to_exp(config.cron_plan):
             
             tframe = now + timedelta(days=days_to_exp)
             
             q_args = {
                 'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0),
                 'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999)
             }
         
             for exp_item in Expiration.objects.filter(**q_args):
                 try:
                     
                     keystone = client.Client(username=config.cron_user,
                                              password=config.cron_pwd,
                                              project_name=config.cron_prj,
                                              cacert=config.cron_ca,
                                              auth_url=config.cron_kurl)
                     
                     tmpuser = keystone.users.get(exp_item.registration.userid)
                     
                     
                     noti_params = {
                         'username' : exp_item.registration.username,
                         'days' : days_to_exp,
                         'contacts' : contact_list
                     }
                     noti_sbj, noti_body = notification_render(USER_EXP_TYPE, noti_params)
                     notifyUsers(tmpuser.email, noti_sbj, noti_body)
                     
                     #
                     # TODO send notification to project admins
                     #
                     
                 except:
                     LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True)
             
     except:
         LOG.error("Notification failed", exc_info=True)
         raise CommandError("Notification failed")
Пример #5
0
    def handle(self, request, data):
    
        try:
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = data['requestid'].split(':')

            with transaction.atomic():
                q_args = {
                    'registration__regid' : int(usr_and_prj[0]),
                    'project__projectname' : usr_and_prj[1]
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                

                project_name = prj_req.project.projectname
                project_id = prj_req.project.projectid
                user_name = prj_req.registration.username
                user_id = prj_req.registration.userid
                
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to project managers and users
            #
            user_email = keystone_api.user_get(request, user_id).email
            
            prjman_list = get_project_managers(request, project_id)
            noti_params = {
                'username' : user_name,
                'project' : project_name,
                'notes' : data['reason']
            }

            noti_sbj, noti_body = notification_render(SUBSCR_FORCED_NO_TYPE, noti_params)
            notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body)
            
            noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
            notifyUsers(user_email, noti_sbj, noti_body)
                
        except:
            LOG.error("Error forced-checking request", exc_info=True)
            messages.error(request, _("Cannot forced check request"))
            return False

        return True
Пример #6
0
    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = data['requestid'].split(':')

            with transaction.atomic():

                #
                # Creation of new tenant
                #
                q_args = {
                    'registration__regid' : int(usr_and_prj[0]),
                    'project__projectname' : usr_and_prj[1]
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                project_name = prj_req.project.projectname
                user_id = prj_req.registration.userid
                
                #
                # Clear request
                #
                prj_req.delete()
                
            #
            # Send notification to the user
            #
            user_email = keystone_api.user_get(request, user_id).email
            noti_params = {
                'project' : project_name,
                'notes' : data['reason']
            }

            noti_sbj, noti_body = notification_render(PRJ_REJ_TYPE, noti_params)
            notifyUsers(user_email, noti_sbj, noti_body)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True
Пример #7
0
    def handle(self, request, data):
    
        try:

            with transaction.atomic():
                
                registration = Registration.objects.get(regid=int(data['regid']))
                prjReqList = PrjRequest.objects.filter(registration=registration)
                regReqList = RegRequest.objects.filter(registration=registration)
                    
                #
                # Delete request for projects to be created
                #
                newprj_list = list()
                for prj_req in prjReqList:
                    if not prj_req.project.projectid:
                        newprj_list.append(prj_req.project.projectname)
                    
                if len(newprj_list):
                    Project.objects.filter(projectname__in=newprj_list).delete()
                    
                #
                # First registration request, remove all (using cascaded foreign key)
                #
            
                user_email = regReqList[0].email
                
                registration.delete()
            
                noti_params = {
                    'notes' : data['reason']
                }
                noti_sbj, noti_body = notification_render(FIRST_REG_NO_TYPE, noti_params)
                notifyUsers(user_email, noti_sbj, noti_body)
            

        except:
            LOG.error("Error rejecting request", exc_info=True)
            messages.error(request, _("Cannot reject request"))
            return False

        return True
Пример #8
0
    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member = client_factory(request).users.get(prj_req.registration.userid)
                project_name = prj_req.project.projectname
                
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
        
        except:
            exceptions.handle(request)
            return False
            
        return True
Пример #9
0
    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member = client_factory(request).users.get(prj_req.registration.userid)
                project_name = prj_req.project.projectname
                
                LOG.debug("Approving subscription for %s" % prj_req.registration.username)
            
                default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
                
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()
                
                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                roles_obj = client_factory(request).roles
                arg_dict = {
                    'project' : prj_req.project.projectid,
                    'user' : prj_req.registration.userid
                }
                
                missing_default = True
                for item in roles_obj.list():
                    if item.name == default_role:
                        roles_obj.grant(item.id, **arg_dict)
                        missing_default = False
                if missing_default:
                    raise Exception("Default role is undefined")
                    
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
        
        except:
            exceptions.handle(request)
            return False
            
        return True
Пример #10
0
    def single(self, data_table, request, obj_id):
        
        try:
        
            t_role_id = ''
            for role in request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(request)
            
            roles_obj = client_factory(request).roles
            arg_dict = {
                'project' : request.user.tenant_id,
                'user' : obj_id
            }
            
            users_obj = client_factory(request).users
            member = users_obj.get(obj_id)
                        
            datum = data_table.get_object_by_id(obj_id)
            if datum.is_t_admin:
            
                if datum.num_of_roles == 1:
                    missing_default = True
                    for item in roles_obj.list():
                        if item.name == DEFAULT_ROLE:
                            roles_obj.grant(item.id, **arg_dict)
                            missing_default = False
                    if missing_default:
                        raise Exception('Cannot swith to member role')
                        
                roles_obj.revoke(t_role_id, **arg_dict)
                
                noti_params = {
                    'admin_address' : users_obj.get(request.user.id).email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project manager'),
                    'd_role' : _('Project user')
                }
                noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
                notifyUsers(member.email, noti_sbj, noti_body)
            
            else:
                roles_obj.grant(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address' : users_obj.get(request.user.id).email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project user'),
                    'd_role' : _('Project manager')
                }
                noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
                notifyUsers(member.email, noti_sbj, noti_body)

        except:
            LOG.error("Toggle role error", exc_info=True)
            messages.error(request, _('Unable to toggle the role.'))
           
        if obj_id == request.user.id:
            response = shortcuts.redirect(reverse_lazy('logout'))
            msg = _("Roles changed. Please log in again to continue.")
            utils.add_logout_reason(request, response, msg)
            return response
            
        return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
Пример #11
0
    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():
            
                registration = Registration.objects.get(regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(registration=registration)[0]
                
                q_args = {
                    'registration' : registration,
                    'project__status' : PRJ_GUEST
                }
                prj_reqs = PrjRequest.objects.filter(**q_args)
                project_id = prj_reqs[0].project.projectid
                project_name = prj_reqs[0].project.projectname

                password = reg_request.password
                if not password:
                    password = generate_pwd()
                
                user_email = reg_request.email

                #
                # Mapping of external accounts
                #                
                if reg_request.externalid:
                    mapping = UserMapping(globaluser=reg_request.externalid,
                                    registration=reg_request.registration)
                    mapping.save()
                    LOG.info("Registered external account %s" % reg_request.externalid)

                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_reqs[0].registration
                expiration.project = prj_reqs[0].project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # clear requests
                #
                prj_reqs.delete()
                reg_request.delete()

                #
                # User creation
                # 
                kuser = keystone_api.user_create(request, 
                                                name=registration.username,
                                                password=password,
                                                email=user_email,
                                                enabled=True)
                    
                registration.username = data['username']
                registration.expdate = data['expiration']
                registration.userid = kuser.id
                registration.save()
                LOG.info("Created guest user %s" % registration.username)

                keystone_api.add_tenant_user_role(request, project_id,
                                            registration.userid, default_roleid)

                #
                # Send notification to the user
                #
                noti_params = {
                    'username' : registration.username,
                    'project' : project_name,
                    'guestmode' : True
                }
                noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
                notifyUsers(user_email, noti_sbj, noti_body)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True
Пример #12
0
    def handle(self, request, data):
    
        try:

            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
            usr_and_prj = data['requestid'].split(':')

            with transaction.atomic():

                #
                # Creation of new tenant
                #
                q_args = {
                    'registration__regid' : int(usr_and_prj[0]),
                    'project__projectname' : usr_and_prj[1]
                }
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                project_name = prj_req.project.projectname
                user_id = prj_req.registration.userid
                
                kprj = keystone_api.tenant_create(request, project_name,
                                                    prj_req.project.description, True)
                prj_req.project.projectid = kprj.id
                prj_req.project.save()
                LOG.info("Created tenant %s" % project_name)
                
                #
                # The new user is the project manager of its tenant
                #
                keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
                                                user_id, tenantadmin_roleid)


                #
                # Insert expiration date per tenant
                #
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()

                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                #
                # Clear request
                #
                prj_req.delete()
                
            #
            # Send notification to the user
            #
            user_email = keystone_api.user_get(request, user_id).email
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params)
            notifyUsers(user_email, noti_sbj, noti_body)

        except:
            LOG.error("Error pre-checking project", exc_info=True)
            messages.error(request, _("Cannot pre-check project"))
            return False

        return True
Пример #13
0
    def handle(self, request, data):

        if not data['username']:
            messages.error(request, _("Cannot process request: missing username"))
            return False
        
        try:
                
            tenantadmin_roleid, default_roleid = check_and_get_roleids(request)

            with transaction.atomic():

                registration = Registration.objects.get(regid=int(data['regid']))

                reg_request = RegRequest.objects.filter(registration=registration)[0]
                    
                prjReqList = PrjRequest.objects.filter(registration=registration)

                password = reg_request.password
                if not password:
                    password = generate_pwd()
                
                user_email = reg_request.email

                #
                # Mapping of external accounts
                #                
                if reg_request.externalid:
                    mapping = UserMapping(globaluser=reg_request.externalid,
                                    registration=reg_request.registration)
                    mapping.save()
                    LOG.info("Registered external account %s" % reg_request.externalid)
                    
                #
                # Forward request to project administrators
                #
                q_args = {
                    'project__projectid__isnull' : False,
                    'flowstatus' : PSTATUS_REG
                }
                prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)

                #
                # Creation of new tenants
                #
                new_prj_list = list()
                q_args = {
                    'project__projectid__isnull' : True,
                    'flowstatus' : PSTATUS_REG
                }
                
                for p_reqs in prjReqList.filter(**q_args):
                    kprj = keystone_api.tenant_create(request, p_reqs.project.projectname,
                                                        p_reqs.project.description, True)
                    p_reqs.project.projectid = kprj.id
                    p_reqs.project.save()
                    new_prj_list.append(p_reqs.project)
                    LOG.info("Created tenant %s" % p_reqs.project.projectname)
                
                #
                # User creation
                #
                if not registration.userid:
                    
                    kuser = keystone_api.user_create(request, 
                                                    name=registration.username,
                                                    password=password,
                                                    email=user_email,
                                                    enabled=True)
                        
                    registration.username = data['username']
                    registration.expdate = self.expiration
                    registration.userid = kuser.id
                    registration.save()
                    LOG.info("Created user %s" % registration.username)

                #
                # The new user is the project manager of its tenant
                # register the expiration date per tenant
                #
                for prj_item in new_prj_list:

                    expiration = Expiration()
                    expiration.registration = registration
                    expiration.project = prj_item
                    expiration.expdate = self.expiration
                    expiration.save()

                    keystone_api.add_tenant_user_role(request, prj_item.projectid,
                                            registration.userid, tenantadmin_roleid)

                #
                # Send notifications to project administrators and users
                #
                for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
                
                    m_users = get_project_managers(request, p_item.project.projectid)
                    m_emails = [ usr.email for usr in m_users ]
                    
                    noti_params = {
                        'username' : data['username'],
                        'project' : p_item.project.projectname
                    }
                    noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params)
                    notifyUsers(m_emails, noti_sbj, noti_body)
                    
                    n2_params = {
                        'project' : p_item.project.projectname,
                        'prjadmins' : m_emails
                    }
                    noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params)
                    notifyUsers(user_email, noti_sbj, noti_body)

                newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
                for p_item in newprj_reqs:
                    noti_params = {
                        'username' : p_item.registration.username,
                        'project' : p_item.project.projectname,
                        'guestmode' : False
                    }
                    noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
                    notifyUsers(user_email, noti_sbj, noti_body)

                #
                # cache cleanup
                #
                newprj_reqs.delete()
                reg_request.delete()

        except:
            LOG.error("Error pre-checking request", exc_info=True)
            messages.error(request, _("Cannot pre-check request"))
            return False

        return True