def delete(self, request, obj_id): try: roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments users_obj = client_factory(request).users arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) member = users_obj.get(obj_id) noti_params = { 'username' : member.name, 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name } noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params) notifyUsers(member.email, noti_sbj, noti_body) noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params) notifyManagers(noti_sbj, noti_body) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data): try: with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname, 'flowstatus' : PSTATUS_RENEW_MEMB } prj_reqs = PrjRequest.objects.filter(**q_args) if len(prj_reqs) == 0: return True user_id = prj_reqs[0].registration.userid # # Remove member from project # roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : user_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) # # Clear requests # prj_reqs.delete() # # Send notification to the user # users_obj = client_factory(request).users member = users_obj.get(user_id) noti_params = { 'username' : member.name, 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 'notes' : data['reason'] } noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: LOG.error("Cannot renew user", exc_info=True) exceptions.handle(request) return False return True
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: keystone_client = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) req_table = dict() prj_res_table = dict() for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): if not p_req.project.projectid in req_table: req_table[p_req.project.projectid] = list() uname = p_req.registration.username email = self.get_email(None, None, p_req.registration) req_table[p_req.project.projectid].append((uname, email)) prj_res_table[p_req.project.projectid] = p_req.project.projectname admin_table = dict() prjman_roleid = get_prjman_roleid(keystone_client) for prj_id in req_table: q_args = { 'scope.project.id' : prj_id, 'role.id' : prjman_roleid } for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args): email = self.get_email(keystone_client, assign.user['id'], None) if not email in admin_table: admin_table[email] = list() admin_table[email].append(prj_id) for email in admin_table: for prj_id in admin_table[email]: noti_params = { 'pendingreqs' : req_table[prj_id], 'project' : prj_res_table[prj_id] } noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params) notifyUsers(email, noti_sbj, noti_body) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, *args, **options): configure_log(options) config = configure_app(options) try: now = datetime.now() contact_list = build_contact_list() for days_to_exp in self._get_days_to_exp(config.cron_plan): tframe = now + timedelta(days=days_to_exp) q_args = { 'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0), 'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999) } for exp_item in Expiration.objects.filter(**q_args): try: keystone = client.Client(username=config.cron_user, password=config.cron_pwd, project_name=config.cron_prj, cacert=config.cron_ca, auth_url=config.cron_kurl) tmpuser = keystone.users.get(exp_item.registration.userid) noti_params = { 'username' : exp_item.registration.username, 'days' : days_to_exp, 'contacts' : contact_list } noti_sbj, noti_body = notification_render(USER_EXP_TYPE, noti_params) notifyUsers(tmpuser.email, noti_sbj, noti_body) # # TODO send notification to project admins # except: LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid # # clear request # prj_req.delete() # # send notification to project managers and users # user_email = keystone_api.user_get(request, user_id).email prjman_list = get_project_managers(request, project_id) noti_params = { 'username' : user_name, 'project' : project_name, 'notes' : data['reason'] } noti_sbj, noti_body = notification_render(SUBSCR_FORCED_NO_TYPE, noti_params) notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body) noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid # # Clear request # prj_req.delete() # # Send notification to the user # user_email = keystone_api.user_get(request, user_id).email noti_params = { 'project' : project_name, 'notes' : data['reason'] } noti_sbj, noti_body = notification_render(PRJ_REJ_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) prjReqList = PrjRequest.objects.filter(registration=registration) regReqList = RegRequest.objects.filter(registration=registration) # # Delete request for projects to be created # newprj_list = list() for prj_req in prjReqList: if not prj_req.project.projectid: newprj_list.append(prj_req.project.projectname) if len(newprj_list): Project.objects.filter(projectname__in=newprj_list).delete() # # First registration request, remove all (using cascaded foreign key) # user_email = regReqList[0].email registration.delete() noti_params = { 'notes' : data['reason'] } noti_sbj, noti_body = notification_render(FIRST_REG_NO_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error rejecting request", exc_info=True) messages.error(request, _("Cannot reject request")) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } users_obj = client_factory(request).users member = users_obj.get(obj_id) datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 's_role' : _('Project manager'), 'd_role' : _('Project user') } noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) else: roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 's_role' : _('Project user'), 'd_role' : _('Project manager') } noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] q_args = { 'registration' : registration, 'project__status' : PRJ_GUEST } prj_reqs = PrjRequest.objects.filter(**q_args) project_id = prj_reqs[0].project.projectid project_name = prj_reqs[0].project.projectname password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_reqs[0].registration expiration.project = prj_reqs[0].project expiration.expdate = data['expiration'] expiration.save() # # clear requests # prj_reqs.delete() reg_request.delete() # # User creation # kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = data['expiration'] registration.userid = kuser.id registration.save() LOG.info("Created guest user %s" % registration.username) keystone_api.add_tenant_user_role(request, project_id, registration.userid, default_roleid) # # Send notification to the user # noti_params = { 'username' : registration.username, 'project' : project_name, 'guestmode' : True } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() # # Send notification to the user # user_email = keystone_api.user_get(request, user_id).email noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # new_prj_list = list() q_args = { 'project__projectid__isnull' : True, 'flowstatus' : PSTATUS_REG } for p_reqs in prjReqList.filter(**q_args): kprj = keystone_api.tenant_create(request, p_reqs.project.projectname, p_reqs.project.description, True) p_reqs.project.projectid = kprj.id p_reqs.project.save() new_prj_list.append(p_reqs.project) LOG.info("Created tenant %s" % p_reqs.project.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_users = get_project_managers(request, p_item.project.projectid) m_emails = [ usr.email for usr in m_users ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params) notifyUsers(m_emails, noti_sbj, noti_body) n2_params = { 'project' : p_item.project.projectname, 'prjadmins' : m_emails } noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params) notifyUsers(user_email, noti_sbj, noti_body) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'guestmode' : False } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) # # cache cleanup # newprj_reqs.delete() reg_request.delete() except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True