def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : user_name, 'project' : project_name } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid = regid, project__projectname = prjname )[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = { 'project' : project_name } notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid=regid, project__projectname=prjname)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = {'project': project_name} notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING )[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter( project__projectid__isnull = True, flowstatus = PSTATUS_REG ) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) if is_local: registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'prjadmins' : m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING)[0] prjReqList = PrjRequest.objects.filter( registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping( globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull': False, 'flowstatus': PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter(project__projectid__isnull=True, flowstatus=PSTATUS_REG) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: if is_local: registration.username = data['username'] kuser = keystone_api.user_create( request, name=registration.username, password=password, email=user_email, enabled=True) registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter( registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': data['username'], 'project': p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname, 'prjadmins': m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # Enable reminder for cloud admin # RegRequest.objects.filter(registration=prj_req.registration, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = {'username': user_name, 'project': project_name} notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() # # Enable reminder for cloud admin if present # RegRequest.objects.filter( registration = reg_user, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def setup_new_project(request, project_id, project_name, data): try: acct_table = getattr(settings, 'ACCOUNTING', None) if acct_table: uid = acct_table.get('user_id', None) roleid = acct_table.get('role_id', None) if uid and roleid: keystone_api.add_tenant_user_role(request, project_id, uid, roleid) except: LOG.error("Cannot add user for accounting", exc_info=True) messages.error(request, _("Cannot add user for accounting")) unit_id = data.get('unit', None) cloud_table = get_unit_table() if not unit_id or not unit_id in cloud_table: return unit_data = cloud_table[unit_id] prj_cname = re.sub(r'\s+', "-", project_name) flow_step = 0 try: cinder_params = dict() for pkey, pvalue in unit_data.items(): if pkey == 'quota_total': cinder_params['gigabytes'] = pvalue elif pkey == 'quota_per_volume': cinder_params['per_volume_gigabytes'] = pvalue elif pkey.startswith('quota_'): cinder_params['gigabytes_' + pkey[6:]] = pvalue if len(cinder_params): cinder_api.tenant_quota_update(request, project_id, **cinder_params) except: LOG.error("Cannot setup project quota", exc_info=True) messages.error(request, _("Cannot setup project quota")) try: hyper_list = unit_data.get('hypervisors', []) if len(hyper_list): agg_prj_cname = "%s-%s" % (unit_data.get('aggregate_prefix', unit_id), prj_cname) avail_zone = unit_data.get('availability_zone', 'nova') new_aggr = nova_api.aggregate_create(request, agg_prj_cname, avail_zone) flow_step += 1 for h_item in hyper_list: nova_api.add_host_to_aggregate(request, new_aggr.id, h_item) flow_step += 1 all_md = { 'filter_tenant_id' : project_id } all_md.update(unit_data.get('metadata', {})) nova_api.aggregate_set_metadata(request, new_aggr.id, all_md) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create host aggregate") elif flow_step == 1: err_msg = _("Cannot insert hypervisor in aggregate") else: err_msg = _("Cannot set metadata for aggregate") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] prj_lan_name = "%s-lan" % prj_cname prj_net = neutron_api.network_create(request, tenant_id=project_id, name=prj_lan_name) flow_step += 1 net_args = { 'cidr' : subnet_cidr, 'ip_version' : 4, 'dns_nameservers' : unit_data.get('nameservers', []), 'enable_dhcp' : True, 'tenant_id' : project_id, 'name' : "sub-%s-lan" % prj_cname } prj_sub = neutron_api.subnet_create(request, prj_net['id'], **net_args) flow_step += 1 if 'lan_router' in unit_data: f_ips = [{ "ip_address" : subnet_cidr.replace('0/24', '1'), "subnet_id" : prj_sub['id'] }] r_port = neutron_api.port_create(request, prj_net['id'], tenant_id=project_id, project_id=project_id, fixed_ips=f_ips) neutron_api.router_add_interface(request, unit_data['lan_router'], port_id=r_port['id']) flow_step = 0 except: if flow_step == 0: err_msg = _("Cannot create network") elif flow_step == 1: err_msg = _("Cannot create sub-network") else: err_msg = _("Cannot add interface to router") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: subnet_cidr = data['%s-net' % unit_id] def_sec_group = None for sg_item in neutron_api.security_group_list(request, tenant_id=project_id): if sg_item['name'].lower() == 'default': def_sec_group = sg_item['id'] LOG.info("Found default security group %s" % def_sec_group) break flow_step += 1 sg_client = neutron_api.SecurityGroupManager(request).client if not def_sec_group: sg_params = { 'name': 'default', 'description': 'Default Security Group for ' + project_name, 'tenant_id': project_id } secgroup = sg_client.create_security_group({ 'security_group' : sg_params }) def_sec_group = SecurityGroup(secgroup.get('security_group')) flow_step += 1 # # Workaround: the tenant_id cannot be specified through high level API # port22_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'tcp', 'port_range_min': 22, 'port_range_max': 22, 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } icmp_params = { 'security_group_id': def_sec_group, 'direction': 'ingress', 'ethertype': 'IPv4', 'protocol': 'icmp', 'remote_ip_prefix': "0.0.0.0/0", 'tenant_id' : project_id } sg_client.create_security_group_rule({'security_group_rule': port22_params}) sg_client.create_security_group_rule({'security_group_rule': icmp_params}) except: if flow_step == 0: err_msg = _("Cannot retrieve default security group") elif flow_step == 1: err_msg = _("Cannot create default security group") else: err_msg = _("Cannot insert basic rules") LOG.error(err_msg, exc_info=True) messages.error(request, err_msg) try: new_tags = list() new_tags.append(ORG_TAG_FMT % unit_data.get('organization', 'other')) for ou_id in data.get('%s-ou' % unit_id, []): if ou_id.strip(): new_tags.append(OU_TAG_FMT % ou_id.strip()) kclient = keystone_api.keystoneclient(request) kclient.projects.update_tags(project_id, new_tags) except: LOG.error("Cannot add organization tags", exc_info=True) messages.error(request, _("Cannot add organization tags"))
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] q_args = { 'registration' : registration, 'project__status' : PRJ_GUEST } prj_reqs = PrjRequest.objects.filter(**q_args) project_id = prj_reqs[0].project.projectid project_name = prj_reqs[0].project.projectname password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_reqs[0].registration expiration.project = prj_reqs[0].project expiration.expdate = data['expiration'] expiration.save() # # clear requests # prj_reqs.delete() reg_request.delete() # # User creation # kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = data['expiration'] registration.userid = kuser.id registration.save() LOG.info("Created guest user %s" % registration.username) keystone_api.add_tenant_user_role(request, project_id, registration.userid, default_roleid) # # Send notification to the user # noti_params = { 'username' : registration.username, 'project' : project_name, 'guestmode' : True } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() # # Send notification to the user # user_email = keystone_api.user_get(request, user_id).email noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = data['requestid'].split(':') with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj[0]), 'project__projectname' : usr_and_prj[1] } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # clear request # prj_req.delete() # # send notification to project managers and users # user_email = keystone_api.user_get(request, user_id).email prjman_list = get_project_managers(request, project_id) noti_params = { 'username' : user_name, 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_FORCED_OK_TYPE, noti_params) notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body) noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter(registration=registration)[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # new_prj_list = list() q_args = { 'project__projectid__isnull' : True, 'flowstatus' : PSTATUS_REG } for p_reqs in prjReqList.filter(**q_args): kprj = keystone_api.tenant_create(request, p_reqs.project.projectname, p_reqs.project.description, True) p_reqs.project.projectid = kprj.id p_reqs.project.save() new_prj_list.append(p_reqs.project) LOG.info("Created tenant %s" % p_reqs.project.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_users = get_project_managers(request, p_item.project.projectid) m_emails = [ usr.email for usr in m_users ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params) notifyUsers(m_emails, noti_sbj, noti_body) n2_params = { 'project' : p_item.project.projectname, 'prjadmins' : m_emails } noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params) notifyUsers(user_email, noti_sbj, noti_body) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'guestmode' : False } noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params) notifyUsers(user_email, noti_sbj, noti_body) # # cache cleanup # newprj_reqs.delete() reg_request.delete() except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True