1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
# This software is distributed under the terms and conditions of the 'Apache-2.0'
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
from uuid import uuid4
from moon_utilities import exceptions
from moon_db.api.managers import Managers
from moon_utilities.security_functions import filter_input, enforce
from oslo_log import log as logging
LOG = logging.getLogger(__name__)
class TenantManager(Managers):
def __init__(self, connector=None):
self.driver = connector.driver
Managers.TenantManager = self
@filter_input
@enforce("read", "tenants")
def get_tenants_dict(self, user_id):
"""
Return a dictionary with all tenants
:return: {
tenant_id1: {
name: xxx,
description: yyy,
intra_authz_extension_id: zzz,
intra_admin_extension_id: zzz,
},
tenant_id2: {...},
...
}
"""
return self.driver.get_tenants_dict()
def __get_keystone_tenant_dict(self, tenant_id="", tenant_name=""):
tenants = Managers.KeystoneManager.list_projects()
for tenant in tenants:
if tenant_id and tenant_id == tenant['id']:
return tenant
if tenant_name and tenant_name == tenant['name']:
return tenant
if not tenant_id:
tenant_id = uuid4().hex
if not tenant_name:
tenant_name = tenant_id
tenant = {
"id": tenant_id,
"name": tenant_name,
"description": "Auto generated tenant from Moon platform",
"enabled": True,
"domain_id": "default"
}
keystone_tenant = Managers.KeystoneManager.create_project(tenant["id"], tenant)
return keystone_tenant
@filter_input
@enforce(("read", "write"), "tenants")
def add_tenant_dict(self, user_id, tenant_id, tenant_dict):
tenants_dict = self.driver.get_tenants_dict()
for tenant_id in tenants_dict:
if tenants_dict[tenant_id]['name'] == tenant_dict['name']:
raise exceptions.TenantAddedNameExisting()
# Check (and eventually sync) Keystone tenant
if 'id' not in tenant_dict:
tenant_dict['id'] = None
keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
for att in keystone_tenant:
if keystone_tenant[att]:
tenant_dict[att] = keystone_tenant[att]
# Sync users between intra_authz_extension and intra_admin_extension
LOG.debug("add_tenant_dict {}".format(tenant_dict))
if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']:
if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']:
authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
for _subject_id in authz_subjects_dict:
if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
Managers.IntraExtensionAdminManager.add_subject_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
for _subject_id in admin_subjects_dict:
if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
Managers.IntraExtensionAdminManager.add_subject_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
@filter_input
@enforce("read", "tenants")
def get_tenant_dict(self, user_id, tenant_id):
tenants_dict = self.driver.get_tenants_dict()
if tenant_id not in tenants_dict:
raise exceptions.TenantUnknown()
return tenants_dict[tenant_id]
@filter_input
@enforce(("read", "write"), "tenants")
def del_tenant(self, user_id, tenant_id):
if tenant_id not in self.driver.get_tenants_dict():
raise exceptions.TenantUnknown()
self.driver.del_tenant(tenant_id)
@filter_input
@enforce(("read", "write"), "tenants")
def set_tenant_dict(self, user_id, tenant_id, tenant_dict):
tenants_dict = self.driver.get_tenants_dict()
if tenant_id not in tenants_dict:
raise exceptions.TenantUnknown()
# Sync users between intra_authz_extension and intra_admin_extension
if 'intra_admin_extension_id' in tenant_dict:
if 'intra_authz_extension_id' in tenant_dict:
authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
for _subject_id in authz_subjects_dict:
if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
Managers.IntraExtensionAdminManager.add_subject_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
for _subject_id in admin_subjects_dict:
if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
Managers.IntraExtensionAdminManager.add_subject_dict(
Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
return self.driver.set_tenant_dict(tenant_id, tenant_dict)
|
