def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid = regid, project__projectname = prjname )[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = { 'project' : project_name } notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING )[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter( project__projectid__isnull = True, flowstatus = PSTATUS_REG ) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) if is_local: registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'prjadmins' : m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : user_name, 'project' : project_name } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # Enable reminder for cloud admin # RegRequest.objects.filter(registration=prj_req.registration, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = {'username': user_name, 'project': project_name} notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid=regid, project__projectname=prjname)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = {'project': project_name} notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client( username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list( user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list( reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING)[0] prjReqList = PrjRequest.objects.filter( registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping( globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull': False, 'flowstatus': PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter(project__projectid__isnull=True, flowstatus=PSTATUS_REG) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: if is_local: registration.username = data['username'] kuser = keystone_api.user_create( request, name=registration.username, password=password, email=user_email, enabled=True) registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter( registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': data['username'], 'project': p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname, 'prjadmins': m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, *args, **options): super(Command, self).handle(options) try: prj_dict = dict() for prj_item in Project.objects.all(): if prj_item.projectid: prj_dict[prj_item.projectid] = prj_item # # TODO define the user_domain_name and project_domain_name # keystone_client = client.Client(username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, cacert=self.config.cron_ca, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, auth_url=self.config.cron_kurl) LOG.info("Populating the expiration table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for r_item in keystone_client.role_assignments.list(user=reg_user.userid): if not r_item.scope['project']['id'] in prj_dict: LOG.info("Skipped unregistered project %s for %s" % \ (r_item.scope['project']['id'], reg_user.username)) curr_prj = prj_dict[r_item.scope['project']['id']] if Expiration.objects.filter( registration=reg_user, project=curr_prj ).count() > 0: continue prj_exp = Expiration() prj_exp.registration = reg_user prj_exp.project = curr_prj prj_exp.expdate = reg_user.expdate prj_exp.save() LOG.info("Imported expiration for %s in %s: %s" % \ (reg_user.username, curr_prj.projectname, \ reg_user.expdate.strftime("%A, %d. %B %Y %I:%M%p"))) LOG.info("Populating the email table") with transaction.atomic(): for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue tmpres = keystone_client.users.get(reg_user.userid) if not tmpres: continue if EMail.objects.filter(registration=reg_user).count() > 0: continue mail_obj = EMail() mail_obj.registration = reg_user mail_obj.email = tmpres.email mail_obj.save() LOG.info("Imported email for %s: %s" % (reg_user.username, tmpres.email)) LOG.info("Populating the project roles table") tnt_admin_roleid = get_prjman_roleid(keystone_client) with transaction.atomic(): PrjRole.objects.all().delete() prj_dict = dict() for prj_obj in Project.objects.all(): prj_dict[prj_obj.projectid] = prj_obj for reg_user in Registration.objects.all(): if not reg_user.userid: LOG.info("Skipped unregistered user %s" % reg_user.username) continue for role_obj in keystone_client.role_assignments.list(reg_user.userid): if role_obj.role['id'] == tnt_admin_roleid: tmpprjid = role_obj.scope['project']['id'] prjRole = PrjRole() prjRole.registration = reg_user prjRole.project = prj_dict[tmpprjid] prjRole.roleid = role_obj.role['id'] prjRole.save() LOG.info("Imported admin %s for %s" % (reg_user.username, prj_dict[tmpprjid].projectname)) except: LOG.error("Import failed", exc_info=True) raise CommandError("Import failed")
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname' : data['name'], 'projectid' : newprj_id, 'description' : data['description'], 'status' : PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role(request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members(request, data, project_id) # # Notify users # for e_item in EMail.objects.filter(registration__userid__in=member_ids): noti_params = { 'username' : e_item.registration.username, 'project' : self.this_project.projectname, 'isadmin' : e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project' : self.this_project.projectname}) return result
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # Enable reminder for cloud admin # RegRequest.objects.filter( registration = prj_req.registration, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname': data['name'], 'projectid': newprj_id, 'description': data['description'], 'status': PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step( baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role( request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members( request, data, project_id) # # Notify users # for e_item in EMail.objects.filter( registration__userid__in=member_ids): noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project': self.this_project.projectname}) return result
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] q_args = { 'registration' : registration, 'project__status' : PRJ_GUEST } prj_reqs = PrjRequest.objects.filter(**q_args) project_id = prj_reqs[0].project.projectid project_name = prj_reqs[0].project.projectname password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_reqs[0].registration expiration.project = prj_reqs[0].project expiration.expdate = data['expiration'] expiration.save() # # clear requests # prj_reqs.delete() reg_request.delete() # # User creation # kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = data['expiration'] registration.userid = kuser.id registration.save() LOG.info("Created guest user %s" % registration.username) keystone_api.add_tenant_user_role(request, project_id, registration.userid, default_roleid) # # Send notification to the user # noti_params = { 'username' : registration.username, 'project' : project_name, 'guestmode' : True } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() # # Send notification to the user # user_email = keystone_api.user_get(request, user_id).email noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # user_email = keystone_api.user_get(request, user_id).email prjman_list = get_project_managers(request, project_id) noti_params = { 'username' : user_name, 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params) notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body) noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # new_prj_list = list() q_args = { 'project__projectid__isnull' : True, 'flowstatus' : PSTATUS_REG } for p_reqs in prjReqList.filter(**q_args): kprj = keystone_api.tenant_create(request, p_reqs.project.projectname, p_reqs.project.description, True) p_reqs.project.projectid = kprj.id p_reqs.project.save() new_prj_list.append(p_reqs.project) LOG.info("Created tenant %s" % p_reqs.project.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_users = get_project_managers(request, p_item.project.projectid) m_emails = [ usr.email for usr in m_users ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params) notifyUsers(m_emails, noti_sbj, noti_body) n2_params = { 'project' : p_item.project.projectname, 'prjadmins' : m_emails } noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params) notifyUsers(user_email, noti_sbj, noti_body) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'guestmode' : False } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) # # cache cleanup # newprj_reqs.delete() reg_request.delete() except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True