x
/
ranger
Code Issues Proposed changes

Merge "Ranger Keystone Group Users RDS and group_logic fix"

This commit is contained in:
Zuul 2019-05-28 20:31:33 +00:00 committed by Gerrit Code Review
parent 3c59adebd2 1d0ba6e970
commit 0dcc39c72f
5 changed files with 96 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -84,6 +84,10 @@ class Groups(Base, CMSBaseModel):
proxy_dict["regions"] = [
group_region.get_proxy_dict() for group_region in group_regions]
existing_group_regions = self.get_group_regions()
proxy_dict["regions"] = [
group_region.get_proxy_dict() for group_region in existing_group_regions]
proxy_dict["groups_roles"] = [
group_role.get_proxy_dict() for group_role in self.groups_roles]
@ -95,10 +99,6 @@ class Groups(Base, CMSBaseModel):
group_domain_role.get_proxy_dict()
for group_domain_role in self.groups_domain_roles]
proxy_dict["groups_users"] = [
groups_user.get_proxy_dict()
for groups_user in self.groups_users]
return proxy_dict
def get_default_region(self):
@ -191,13 +191,28 @@ class GroupsRegion(Base, CMSBaseModel):
)
def get_proxy_dict(self):
return {
proxy_dict = {
"name": self.region.name,
"group_id": self.group_id,
"region_id": self.region_id,
"action": "modify"
}
proxy_dict["users"] = []
user = None
for region_user in self.group_region_users:
if user and user["domain"] != region_user.domain_name:
proxy_dict["users"].append(user)
user = {"domain": region_user.domain_name, "id": [region_user.user.name]}
elif user is None:
user = {"domain": region_user.domain_name, "id": [region_user.user.name]}
else:
user["id"].append(region_user.user.name)
if user:
proxy_dict["users"].append(user)
return proxy_dict
def to_wsme(self):
name = self.region.name
type = self.region.type
@ -353,15 +368,15 @@ class GroupsUser(Base, CMSBaseModel):
group_id = Column(String(64), ForeignKey('groups.uuid'),
primary_key=True, nullable=False, index=True)
user_id = Column(Integer, ForeignKey('cms_user.id'),
primary_key=True, nullable=False, index=True)
region_id = Column(Integer, ForeignKey('groups_region.region_id'),
primary_key=True, nullable=False, index=True)
domain_name = Column(String(64), ForeignKey('cms_domain.name'),
primary_key=True, nullable=False)
user_id = Column(Integer, ForeignKey('cms_user.id'),
primary_key=True, nullable=False, index=True)
user = relationship("CmsUser", viewonly=True)
groups = relationship("Groups", viewonly=True)
groups_regions = relationship("GroupsRegion", viewonly=True)

78
orm/services/customer_manager/cms_rest/logic/group_logic.py
View File

@ -1,4 +1,3 @@
from pecan import request
from pecan import conf, request
import requests
@ -41,9 +40,13 @@ class GroupLogic(object):
sql_group_id = sql_group.uuid
datamanager.add_group_region(sql_group_id, -1)
# add group users as needed
default_users_requested = group.users
default_region_users =\
self.add_default_user_db(datamanager, default_users_requested, [], sql_group_id)
self.add_regions_to_db(group.regions, sql_group_id, datamanager)
self.add_default_user_db(datamanager, group.users, [], uuid)
return sql_group
def add_default_users_to_region(self, datamanager, group_uuid, region_id):
@ -81,10 +84,6 @@ class GroupLogic(object):
self.add_user_db(datamanager, region.users,
default_users, sql_group_id, sql_region.id)
# create region users from default users
self.add_default_users_to_region(datamanager, sql_group_id,
sql_region.id)
def add_default_user_db(self, datamanager, default_users_requested,
existing_default_users, group_uuid):
default_region_users = []
@ -113,7 +112,6 @@ class GroupLogic(object):
def add_user_db(self, datamanager, region_users_requested,
all_existing_users, group_uuid, region_id):
# region_users = []
for user_info in region_users_requested:
domain_value = user_info.domain
@ -133,8 +131,6 @@ class GroupLogic(object):
sql_groups_user = \
datamanager.add_groups_user(group_uuid, sql_user.id,
region_id, domain_value)
# region_users.append(sql_groups_user)
# return region_users
def assign_roles(self,
group_uuid,
@ -226,7 +222,6 @@ class GroupLogic(object):
group = group_record.read_group_by_uuid(group_uuid)
defaultRegion = group.get_default_region()
existing_default_users =\
defaultRegion.group_region_users if defaultRegion else []
@ -246,12 +241,10 @@ class GroupLogic(object):
timestamp = utils.get_time_human()
datamanager.flush()
'''
# if len(customer.customer_customer_regions) > 1:
# call rds logic
# if regions:
# RdsProxy.send_group_dict(group, transaction_id, "PUT")
'''
group_dict = group.get_proxy_dict()
if len(group.group_regions) > 1:
# RdsProxy.send_group(group, transaction_id, "PUT")
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
if p_datamanager is None:
users_result = [{'id': user.id,
@ -316,25 +309,23 @@ class GroupLogic(object):
region_users_list, group_uuid, region_id)
timestamp = utils.get_time_human()
datamanager.flush()
group_dict = group.get_proxy_dict()
'''
# if len(customer.customer_customer_regions) > 1:
# call rds logic
# if regions:
# RdsProxy.send_customer(customer, transaction_id, "PUT")
'''
if len(group.group_regions) > 1:
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
if p_datamanager is None:
users_result =\
[{'id': user.id,
'domain': user.domain} for user in region_users_requested]
region_user_result_wrapper =\
build_response(group_uuid, transaction_id,
'add_group_region_users',
users=users_result)
datamanager.commit()
return region_user_result_wrapper
users_result =\
[{'id': user.id,
'domain': user.domain} for user in region_users_requested]
region_user_result_wrapper =\
build_response(group_uuid, transaction_id,
'add_group_region_users',
users=users_result)
return region_user_result_wrapper
except Exception as exception:
datamanager.rollback()
@ -365,12 +356,15 @@ class GroupLogic(object):
raise NotFound("user {}@{} domain".format(user, domain))
datamanager.flush()
# if len(customer.customer_customer_regions) > 1:
# RdsProxy.send_customer(customer, transaction_id, "PUT")
group_record = datamanager.get_record('group')
group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict()
if len(group.group_regions) > 1:
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
datamanager.commit()
# following log info does not yet include user_domain
LOG.info("User {0} from region {1} in group {2} deleted".
format(user, 'DEFAULT', group_uuid))
@ -415,7 +409,11 @@ class GroupLogic(object):
"instead." % (user, user_domain, group_uuid)
raise ErrorStatus(400, message)
# RdsProxy.send_customer(customer, transaction_id, "PUT")
group_record = datamanager.get_record('group')
group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict()
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
datamanager.commit()
LOG.info("User {0} with user domain {1} from region {2} "
@ -579,10 +577,19 @@ class GroupLogic(object):
self.add_regions_to_db(regions, group_id, datamanager,
default_users)
# create additional region users from default group users
for region in regions:
sql_region = datamanager.add_region(region)
self.add_default_users_to_region(datamanager, group_id,
sql_region.id)
datamanager.commit()
datamanager.session.expire(sql_group)
sql_group = datamanager.get_group_by_uuid_or_name(group_id)
group_dict = sql_group.get_proxy_dict()
for region in group_dict["regions"]:
new_region = next((r for r in regions
if r.name == region["name"]), None)
@ -590,6 +597,7 @@ class GroupLogic(object):
region["action"] = "create"
else:
region["action"] = "modify"
timestamp = utils.get_time_human()
RdsProxy.send_group_dict(group_dict, transaction_id, "POST")
base_link = '{0}{1}/'.format(conf.server.host_ip,

4
orm/services/customer_manager/scripts/db_scripts/ranger_cms_create_db.sql
View File

@ -141,14 +141,14 @@ create table if not exists groups_user
region_id integer not null,
user_id integer not null,
domain_name varchar(64) not null,
primary key (group_id, region_id, user_id, domain_name),
primary key (group_id, region_id, domain_name, user_id),
foreign key (`user_id`) references `cms_user` (`id`) ON DELETE CASCADE,
foreign key (`group_id`) references `groups` (`uuid`) ON DELETE CASCADE ON UPDATE NO ACTION,
foreign key (`group_id`,`region_id`) references `groups_region` (`group_id`,`region_id`) ON DELETE CASCADE ON UPDATE NO ACTION,
foreign key (`domain_name`) references `cms_domain` (`name`) ON DELETE CASCADE ON UPDATE NO ACTION,
index group_id (group_id),
index region_id (region_id),
index user_id (user_id));
index domain_name (domain_name));
create table if not exists groups_customer_role
(

24
orm/services/resource_distributor/rds/services/yaml_group_builder.py
View File

@ -38,24 +38,32 @@ def yamlbuilder(alldata, region):
}
}
if "groups_users" in jsondata and len(jsondata["groups_users"]) > 0:
template_name = '{}_user_assignments'.format(group_name)
users = []
template_name = '{}_user_assignments'.format(group_name)
users = []
for user in jsondata['groups_users']:
users.append({
"name": user["user_name"],
"user_domain": user["domain_name"]
})
if region['users']:
for user in region['users']:
domain_name = user['domain']
for id in user['id']:
users.append({
"name": id,
"user_domain": domain_name})
resources["resources"][template_name] = {
'type': 'OS::Keystone::GroupUserAssignment\n',
'properties': {
'users': users,
'group': "{get_resource: %s}" % group_name,
'group_domain': "%s" % jsondata['domain_name'],
}
}
outputs["outputs"]["%s_user_assignments_id" % group_name] = {
"value": {
"get_resource": "%s_user_assignments" % group_name
}
}
if "groups_roles" in jsondata and len(jsondata["groups_roles"]) > 0:
template_name = "{}_role_assignments".format(group_name)
roles = []

18
orm/tests/unit/rds/services/test_group_yaml.py
View File

@ -7,12 +7,15 @@ from orm.services.resource_distributor.rds.services import\
yaml_group_builder as GroupBuild
alldata = {
'domain_name': 'nc',
'description': 'this is a description', 'enabled': 1,
'regions': [{'name': 'regionname'}],
'domain_name': 'nc',
"regions": [{
"action": "modify",
"name": "local",
"users": []}],
'name': 'test_group'}
yaml_group = \
yaml_group_nousers = \
'heat_template_version: 2015-1-1\n\ndescription: yaml file for region - ' \
'regionname\n\nresources:\n'\
' test_group:\n properties:\n'\
@ -20,12 +23,11 @@ yaml_group = \
' domain: nc\n'\
' name: test_group\n'\
' type: OS::Keystone::Group\n\n\n'\
'outputs:\n'\
' test_group_id:\n'\
' value: {get_resource: test_group}\n'
'outputs:\n test_group_id:\n value: {get_resource: test_group}\n' \
region = {'name': 'regionname',
'rangerAgentVersion': 1.0}
'rangerAgentVersion': 1.0,
'users': []}
class CreateResource(unittest.TestCase):
@ -39,4 +41,4 @@ class CreateResource(unittest.TestCase):
yamlfile = GroupBuild.yamlbuilder(alldata, region)
yamlfile_as_json = yaml.safe_load(yamlfile)
self.assertEqual(yamlfile_as_json['heat_template_version'], ver)
self.assertEqual(yaml.safe_load(yamlfile), yaml.safe_load(yaml_group))
self.assertEqual(yaml.safe_load(yamlfile), yaml.safe_load(yaml_group_nousers))