x/ranger
Code Issues Proposed changes

Ranger Keystone Group Users RDS and group_logic fix

Browse Source 
Update group dictionary formatting for heat template

Change-Id: Id1a2d961355588960fc3427f640d02b3f7411de9
This commit is contained in:
stewie925 2019-05-24 15:04:14 -07:00 committed by STEW TY
parent a214d88a64
commit 1d0ba6e970
5 changed files with 96 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -84,6 +84,10 @@ class Groups(Base, CMSBaseModel):
proxy_dict["regions"] = [ proxy_dict["regions"] = [
group_region.get_proxy_dict() for group_region in group_regions] group_region.get_proxy_dict() for group_region in group_regions]
existing_group_regions = self.get_group_regions()
proxy_dict["regions"] = [
group_region.get_proxy_dict() for group_region in existing_group_regions]
proxy_dict["groups_roles"] = [ proxy_dict["groups_roles"] = [
group_role.get_proxy_dict() for group_role in self.groups_roles] group_role.get_proxy_dict() for group_role in self.groups_roles]
@ -95,10 +99,6 @@ class Groups(Base, CMSBaseModel):
group_domain_role.get_proxy_dict() group_domain_role.get_proxy_dict()
for group_domain_role in self.groups_domain_roles] for group_domain_role in self.groups_domain_roles]
proxy_dict["groups_users"] = [
groups_user.get_proxy_dict()
for groups_user in self.groups_users]
return proxy_dict return proxy_dict
def get_default_region(self): def get_default_region(self):
@ -195,13 +195,28 @@ class GroupsRegion(Base, CMSBaseModel):
) )
def get_proxy_dict(self): def get_proxy_dict(self):
return {
proxy_dict = {
"name": self.region.name, "name": self.region.name,
"group_id": self.group_id,
"region_id": self.region_id,
"action": "modify" "action": "modify"
} }
proxy_dict["users"] = []
user = None
for region_user in self.group_region_users:
if user and user["domain"] != region_user.domain_name:
proxy_dict["users"].append(user)
user = {"domain": region_user.domain_name, "id": [region_user.user.name]}
elif user is None:
user = {"domain": region_user.domain_name, "id": [region_user.user.name]}
else:
user["id"].append(region_user.user.name)
if user:
proxy_dict["users"].append(user)
return proxy_dict
def to_wsme(self): def to_wsme(self):
name = self.region.name name = self.region.name
type = self.region.type type = self.region.type
@ -360,15 +375,15 @@ class GroupsUser(Base, CMSBaseModel):
group_id = Column(String(64), ForeignKey('groups.uuid'), group_id = Column(String(64), ForeignKey('groups.uuid'),
primary_key=True, nullable=False, index=True) primary_key=True, nullable=False, index=True)
user_id = Column(Integer, ForeignKey('cms_user.id'),
primary_key=True, nullable=False, index=True)
region_id = Column(Integer, ForeignKey('groups_region.region_id'), region_id = Column(Integer, ForeignKey('groups_region.region_id'),
primary_key=True, nullable=False, index=True) primary_key=True, nullable=False, index=True)
domain_name = Column(String(64), ForeignKey('cms_domain.name'), domain_name = Column(String(64), ForeignKey('cms_domain.name'),
primary_key=True, nullable=False) primary_key=True, nullable=False)
user_id = Column(Integer, ForeignKey('cms_user.id'),
primary_key=True, nullable=False, index=True)
user = relationship("CmsUser", viewonly=True) user = relationship("CmsUser", viewonly=True)
groups = relationship("Groups", viewonly=True) groups = relationship("Groups", viewonly=True)
groups_regions = relationship("GroupsRegion", viewonly=True) groups_regions = relationship("GroupsRegion", viewonly=True)

62
orm/services/customer_manager/cms_rest/logic/group_logic.py
View File

@ -1,4 +1,3 @@
from pecan import request
from pecan import conf, request from pecan import conf, request
import requests import requests
@ -41,9 +40,13 @@ class GroupLogic(object):
sql_group_id = sql_group.uuid sql_group_id = sql_group.uuid
datamanager.add_group_region(sql_group_id, -1) datamanager.add_group_region(sql_group_id, -1)
# add group users as needed
default_users_requested = group.users
default_region_users =\
self.add_default_user_db(datamanager, default_users_requested, [], sql_group_id)
self.add_regions_to_db(group.regions, sql_group_id, datamanager) self.add_regions_to_db(group.regions, sql_group_id, datamanager)
self.add_default_user_db(datamanager, group.users, [], uuid)
return sql_group return sql_group
def add_default_users_to_region(self, datamanager, group_uuid, region_id): def add_default_users_to_region(self, datamanager, group_uuid, region_id):
@ -81,10 +84,6 @@ class GroupLogic(object):
self.add_user_db(datamanager, region.users, self.add_user_db(datamanager, region.users,
default_users, sql_group_id, sql_region.id) default_users, sql_group_id, sql_region.id)
# create region users from default users
self.add_default_users_to_region(datamanager, sql_group_id,
sql_region.id)
def add_default_user_db(self, datamanager, default_users_requested, def add_default_user_db(self, datamanager, default_users_requested,
existing_default_users, group_uuid): existing_default_users, group_uuid):
default_region_users = [] default_region_users = []
@ -113,7 +112,6 @@ class GroupLogic(object):
def add_user_db(self, datamanager, region_users_requested, def add_user_db(self, datamanager, region_users_requested,
all_existing_users, group_uuid, region_id): all_existing_users, group_uuid, region_id):
# region_users = []
for user_info in region_users_requested: for user_info in region_users_requested:
domain_value = user_info.domain domain_value = user_info.domain
@ -133,8 +131,6 @@ class GroupLogic(object):
sql_groups_user = \ sql_groups_user = \
datamanager.add_groups_user(group_uuid, sql_user.id, datamanager.add_groups_user(group_uuid, sql_user.id,
region_id, domain_value) region_id, domain_value)
# region_users.append(sql_groups_user)
# return region_users
def assign_roles(self, def assign_roles(self,
group_uuid, group_uuid,
@ -217,7 +213,6 @@ class GroupLogic(object):
group = group_record.read_group_by_uuid(group_uuid) group = group_record.read_group_by_uuid(group_uuid)
defaultRegion = group.get_default_region() defaultRegion = group.get_default_region()
existing_default_users =\ existing_default_users =\
defaultRegion.group_region_users if defaultRegion else [] defaultRegion.group_region_users if defaultRegion else []
@ -237,12 +232,10 @@ class GroupLogic(object):
timestamp = utils.get_time_human() timestamp = utils.get_time_human()
datamanager.flush() datamanager.flush()
''' group_dict = group.get_proxy_dict()
# if len(customer.customer_customer_regions) > 1: if len(group.group_regions) > 1:
# call rds logic # RdsProxy.send_group(group, transaction_id, "PUT")
# if regions: RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
# RdsProxy.send_group_dict(group, transaction_id, "PUT")
'''
if p_datamanager is None: if p_datamanager is None:
users_result = [{'id': user.id, users_result = [{'id': user.id,
@ -307,15 +300,14 @@ class GroupLogic(object):
region_users_list, group_uuid, region_id) region_users_list, group_uuid, region_id)
timestamp = utils.get_time_human() timestamp = utils.get_time_human()
datamanager.flush() datamanager.flush()
group_dict = group.get_proxy_dict()
''' if len(group.group_regions) > 1:
# if len(customer.customer_customer_regions) > 1: RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
# call rds logic
# if regions:
# RdsProxy.send_customer(customer, transaction_id, "PUT")
'''
if p_datamanager is None: if p_datamanager is None:
datamanager.commit()
users_result =\ users_result =\
[{'id': user.id, [{'id': user.id,
'domain': user.domain} for user in region_users_requested] 'domain': user.domain} for user in region_users_requested]
@ -324,7 +316,6 @@ class GroupLogic(object):
'add_group_region_users', 'add_group_region_users',
users=users_result) users=users_result)
datamanager.commit()
return region_user_result_wrapper return region_user_result_wrapper
except Exception as exception: except Exception as exception:
@ -356,12 +347,15 @@ class GroupLogic(object):
raise NotFound("user {}@{} domain".format(user, domain)) raise NotFound("user {}@{} domain".format(user, domain))
datamanager.flush() datamanager.flush()
# if len(customer.customer_customer_regions) > 1: group_record = datamanager.get_record('group')
# RdsProxy.send_customer(customer, transaction_id, "PUT") group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict()
if len(group.group_regions) > 1:
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
datamanager.commit() datamanager.commit()
# following log info does not yet include user_domain
LOG.info("User {0} from region {1} in group {2} deleted". LOG.info("User {0} from region {1} in group {2} deleted".
format(user, 'DEFAULT', group_uuid)) format(user, 'DEFAULT', group_uuid))
@ -406,7 +400,11 @@ class GroupLogic(object):
"instead." % (user, user_domain, group_uuid) "instead." % (user, user_domain, group_uuid)
raise ErrorStatus(400, message) raise ErrorStatus(400, message)
# RdsProxy.send_customer(customer, transaction_id, "PUT") group_record = datamanager.get_record('group')
group = group_record.read_group_by_uuid(group_uuid)
group_dict = group.get_proxy_dict()
RdsProxy.send_group_dict(group_dict, transaction_id, "PUT")
datamanager.commit() datamanager.commit()
LOG.info("User {0} with user domain {1} from region {2} " LOG.info("User {0} with user domain {1} from region {2} "
@ -570,10 +568,19 @@ class GroupLogic(object):
self.add_regions_to_db(regions, group_id, datamanager, self.add_regions_to_db(regions, group_id, datamanager,
default_users) default_users)
# create additional region users from default group users
for region in regions:
sql_region = datamanager.add_region(region)
self.add_default_users_to_region(datamanager, group_id,
sql_region.id)
datamanager.commit() datamanager.commit()
datamanager.session.expire(sql_group) datamanager.session.expire(sql_group)
sql_group = datamanager.get_group_by_uuid_or_name(group_id) sql_group = datamanager.get_group_by_uuid_or_name(group_id)
group_dict = sql_group.get_proxy_dict() group_dict = sql_group.get_proxy_dict()
for region in group_dict["regions"]: for region in group_dict["regions"]:
new_region = next((r for r in regions new_region = next((r for r in regions
if r.name == region["name"]), None) if r.name == region["name"]), None)
@ -581,6 +588,7 @@ class GroupLogic(object):
region["action"] = "create" region["action"] = "create"
else: else:
region["action"] = "modify" region["action"] = "modify"
timestamp = utils.get_time_human() timestamp = utils.get_time_human()
RdsProxy.send_group_dict(group_dict, transaction_id, "POST") RdsProxy.send_group_dict(group_dict, transaction_id, "POST")
base_link = '{0}{1}/'.format(conf.server.host_ip, base_link = '{0}{1}/'.format(conf.server.host_ip,

4
orm/services/customer_manager/scripts/db_scripts/ranger_cms_create_db.sql
View File

@ -141,14 +141,14 @@ create table if not exists groups_user
region_id integer not null, region_id integer not null,
user_id integer not null, user_id integer not null,
domain_name varchar(64) not null, domain_name varchar(64) not null,
primary key (group_id, region_id, user_id, domain_name), primary key (group_id, region_id, domain_name, user_id),
foreign key (`user_id`) references `cms_user` (`id`) ON DELETE CASCADE, foreign key (`user_id`) references `cms_user` (`id`) ON DELETE CASCADE,
foreign key (`group_id`) references `groups` (`uuid`) ON DELETE CASCADE ON UPDATE NO ACTION, foreign key (`group_id`) references `groups` (`uuid`) ON DELETE CASCADE ON UPDATE NO ACTION,
foreign key (`group_id`,`region_id`) references `groups_region` (`group_id`,`region_id`) ON DELETE CASCADE ON UPDATE NO ACTION, foreign key (`group_id`,`region_id`) references `groups_region` (`group_id`,`region_id`) ON DELETE CASCADE ON UPDATE NO ACTION,
foreign key (`domain_name`) references `cms_domain` (`name`) ON DELETE CASCADE ON UPDATE NO ACTION, foreign key (`domain_name`) references `cms_domain` (`name`) ON DELETE CASCADE ON UPDATE NO ACTION,
index group_id (group_id), index group_id (group_id),
index region_id (region_id), index region_id (region_id),
index user_id (user_id)); index domain_name (domain_name));
create table if not exists groups_customer_role create table if not exists groups_customer_role
( (

18
orm/services/resource_distributor/rds/services/yaml_group_builder.py
View File

@ -38,24 +38,32 @@ def yamlbuilder(alldata, region):
} }
} }
if "groups_users" in jsondata and len(jsondata["groups_users"]) > 0:
template_name = '{}_user_assignments'.format(group_name) template_name = '{}_user_assignments'.format(group_name)
users = [] users = []
for user in jsondata['groups_users']: if region['users']:
for user in region['users']:
domain_name = user['domain']
for id in user['id']:
users.append({ users.append({
"name": user["user_name"], "name": id,
"user_domain": user["domain_name"] "user_domain": domain_name})
})
resources["resources"][template_name] = { resources["resources"][template_name] = {
'type': 'OS::Keystone::GroupUserAssignment\n', 'type': 'OS::Keystone::GroupUserAssignment\n',
'properties': { 'properties': {
'users': users,
'group': "{get_resource: %s}" % group_name, 'group': "{get_resource: %s}" % group_name,
'group_domain': "%s" % jsondata['domain_name'], 'group_domain': "%s" % jsondata['domain_name'],
} }
} }
outputs["outputs"]["%s_user_assignments_id" % group_name] = {
"value": {
"get_resource": "%s_user_assignments" % group_name
}
}
if "groups_roles" in jsondata and len(jsondata["groups_roles"]) > 0: if "groups_roles" in jsondata and len(jsondata["groups_roles"]) > 0:
template_name = "{}_role_assignments".format(group_name) template_name = "{}_role_assignments".format(group_name)
roles = [] roles = []

18
orm/tests/unit/rds/services/test_group_yaml.py
View File

@ -7,12 +7,15 @@ from orm.services.resource_distributor.rds.services import\
yaml_group_builder as GroupBuild yaml_group_builder as GroupBuild
alldata = { alldata = {
'domain_name': 'nc',
'description': 'this is a description', 'enabled': 1, 'description': 'this is a description', 'enabled': 1,
'regions': [{'name': 'regionname'}], 'domain_name': 'nc',
"regions": [{
"action": "modify",
"name": "local",
"users": []}],
'name': 'test_group'} 'name': 'test_group'}
yaml_group = \ yaml_group_nousers = \
'heat_template_version: 2015-1-1\n\ndescription: yaml file for region - ' \ 'heat_template_version: 2015-1-1\n\ndescription: yaml file for region - ' \
'regionname\n\nresources:\n'\ 'regionname\n\nresources:\n'\
' test_group:\n properties:\n'\ ' test_group:\n properties:\n'\
@ -20,12 +23,11 @@ yaml_group = \
' domain: nc\n'\ ' domain: nc\n'\
' name: test_group\n'\ ' name: test_group\n'\
' type: OS::Keystone::Group\n\n\n'\ ' type: OS::Keystone::Group\n\n\n'\
'outputs:\n'\ 'outputs:\n test_group_id:\n value: {get_resource: test_group}\n' \
' test_group_id:\n'\
' value: {get_resource: test_group}\n'
region = {'name': 'regionname', region = {'name': 'regionname',
'rangerAgentVersion': 1.0} 'rangerAgentVersion': 1.0,
'users': []}
class CreateResource(unittest.TestCase): class CreateResource(unittest.TestCase):
@ -39,4 +41,4 @@ class CreateResource(unittest.TestCase):
yamlfile = GroupBuild.yamlbuilder(alldata, region) yamlfile = GroupBuild.yamlbuilder(alldata, region)
yamlfile_as_json = yaml.safe_load(yamlfile) yamlfile_as_json = yaml.safe_load(yamlfile)
self.assertEqual(yamlfile_as_json['heat_template_version'], ver) self.assertEqual(yamlfile_as_json['heat_template_version'], ver)
self.assertEqual(yaml.safe_load(yamlfile), yaml.safe_load(yaml_group)) self.assertEqual(yaml.safe_load(yamlfile), yaml.safe_load(yaml_group_nousers))