x/ranger
Code Issues Proposed changes

Add user and Delete User functionality

Browse Source 
Added the following Keystone Group functonality:
add default user
delete default user
add region user
delete region user

Change-Id: Ifac26366393ce04afbbadef89cb03d23f3b8ab64
This commit is contained in:
stewie925 2019-05-10 11:23:09 -07:00 committed by Hari
parent 52684ee36a
commit d641a3f850
14 changed files with 714 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
orm/orm_client/ormcli/cmscli.py
View File

@ -270,7 +270,7 @@ def add_to_parser(service_sub):
parser_list_customer.add_argument('--metadata', action='append', nargs="+", parser_list_customer.add_argument('--metadata', action='append', nargs="+",
type=str, help='<key:value>') type=str, help='<key:value>')
# group # create group
parser_create_group = subparsers.add_parser('create_group', parser_create_group = subparsers.add_parser('create_group',
help='[<"X-RANGER-Client" ' help='[<"X-RANGER-Client" '
'header>] <data file ' 'header>] <data file '
@ -282,6 +282,7 @@ def add_to_parser(service_sub):
type=argparse.FileType('r'), type=argparse.FileType('r'),
help='<data file with new group ' help='<data file with new group '
'JSON>') 'JSON>')
# delete group
parser_delete_group = subparsers.add_parser('delete_group', parser_delete_group = subparsers.add_parser('delete_group',
help='[<"X-RANGER-Client" ' help='[<"X-RANGER-Client" '
'header>] <group id>') 'header>] <group id>')
@ -367,7 +368,7 @@ def add_to_parser(service_sub):
parser_unassign_group_role.add_argument( parser_unassign_group_role.add_argument(
'--domain', type=str, help='domain name') '--domain', type=str, help='domain name')
# groups - add default users # groups - add group default users
parser_add_group_default_users = subparsers.add_parser( parser_add_group_default_users = subparsers.add_parser(
'add_group_default_users', 'add_group_default_users',
help='[<"X-RANGER-Client" ' help='[<"X-RANGER-Client" '
@ -381,7 +382,7 @@ def add_to_parser(service_sub):
'datafile', type=argparse.FileType('r'), 'datafile', type=argparse.FileType('r'),
help='<data file with group user(s) to be added JSON>') help='<data file with group user(s) to be added JSON>')
# groups - delete default user # groups - delete group default user
parser_delete_group_default_user = \ parser_delete_group_default_user = \
subparsers.add_parser('delete_group_default_user', subparsers.add_parser('delete_group_default_user',
help='[<"X-RANGER-Client" header>] <group ' help='[<"X-RANGER-Client" header>] <group '
@ -392,6 +393,39 @@ def add_to_parser(service_sub):
'groupid', type=str, help='<group id>') 'groupid', type=str, help='<group id>')
parser_delete_group_default_user.add_argument( parser_delete_group_default_user.add_argument(
'userid', type=str, help='<user id>') 'userid', type=str, help='<user id>')
parser_delete_group_default_user.add_argument('userdomain', type=str,
help='<user domain>')
# groups - add_group_region_users
parser_add_group_region_user = subparsers.add_parser(
'add_group_region_users',
help='[<"X-RANGER-Client" header>] <group id> '
'<region id> <data file with user(s) JSON>')
parser_add_group_region_user.add_argument(
'client', **cli_common.ORM_CLIENT_KWARGS)
parser_add_group_region_user.add_argument(
'groupid', type=str, help='<group id>')
parser_add_group_region_user.add_argument(
'regionid', type=str, help='<region id>')
parser_add_group_region_user.add_argument(
'datafile', type=argparse.FileType('r'),
help='<data file with user(s) JSON>')
# groups - delete group region user
parser_delete_group_region_user = subparsers.add_parser(
'delete_group_region_user',
help='[<"X-RANGER-Client" header>] '
'<group id> <region id> <user id> <user domain>')
parser_delete_group_region_user.add_argument(
'client', **cli_common.ORM_CLIENT_KWARGS)
parser_delete_group_region_user.add_argument('groupid', type=str,
help='<group id>')
parser_delete_group_region_user.add_argument('regionid', type=str,
help='<region id>')
parser_delete_group_region_user.add_argument('userid', type=str,
help='<user id>')
parser_delete_group_region_user.add_argument('userdomain', type=str,
help='<user domain>')
return parser return parser
@ -457,6 +491,8 @@ def cmd_details(args):
for meta in args.metadata: for meta in args.metadata:
param += '%smetadata=%s' % (preparm(param), meta[0]) param += '%smetadata=%s' % (preparm(param), meta[0])
return requests.get, 'customers/%s' % param return requests.get, 'customers/%s' % param
# following are groups CLIs
elif args.subcmd == 'create_group': elif args.subcmd == 'create_group':
return requests.post, 'groups/' return requests.post, 'groups/'
elif args.subcmd == 'delete_group': elif args.subcmd == 'delete_group':
@ -501,9 +537,19 @@ def cmd_details(args):
elif args.subcmd == 'add_group_default_users': elif args.subcmd == 'add_group_default_users':
return requests.post, 'groups/%s/users' % args.groupid return requests.post, 'groups/%s/users' % args.groupid
elif args.subcmd == 'delete_group_default_user': elif args.subcmd == 'delete_group_default_user':
return requests.delete, 'groups/%s/users/%s' % ( return requests.delete, 'groups/%s/users/%s/%s' % (
args.groupid, args.groupid,
args.userid) args.userid,
args.userdomain)
elif args.subcmd == 'add_group_region_users':
return requests.post, 'groups/%s/regions/%s/users' % (
args.groupid, args.regionid)
elif args.subcmd == 'delete_group_region_user':
return requests.delete, 'groups/%s/regions/%s/users/%s/%s' % (
args.groupid,
args.regionid,
args.userid,
args.userdomain)
def get_token(timeout, args, host): def get_token(timeout, args, host):

116
orm/services/customer_manager/cms_rest/controllers/v1/orm/group/region_users.py Normal file
View File

@ -0,0 +1,116 @@
from oslo_db.exception import DBDuplicateEntry
from pecan import request, rest
from wsmeext.pecan import wsexpose
from orm.common.orm_common.utils import api_error_utils as err_utils
from orm.common.orm_common.utils import utils
from orm.services.customer_manager.cms_rest.logger import get_logger
from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus, NotFound
from orm.services.customer_manager.cms_rest.logic.group_logic import GroupLogic
from orm.services.customer_manager.cms_rest.model.GroupModels import \
RegionUser, RegionUserResultWrapper
from orm.services.customer_manager.cms_rest.utils import authentication
LOG = get_logger(__name__)
class RegionUserController(rest.RestController):
@wsexpose([str], str, str, str, rest_content_types='json')
def get(self, group_id, region_id, user_id):
return ["This is groups region user controller for group id: " + group_id]
@wsexpose([RegionUserResultWrapper], str, str, body=[RegionUser],
rest_content_types='json', status_code=200)
def post(self, group_id, region_id, users):
LOG.info("RegionUserController - Add users to group id {0} "
"region_id : {1}".format(group_id, region_id))
authentication.authorize(request, 'groups:add_group_region_users')
try:
group_logic = GroupLogic()
result = group_logic.add_group_region_users(group_id,
region_id,
users,
request.transaction_id)
LOG.info("RegionUserController - Users added: " + str(result))
event_details = 'Group {} - users assigned.'.format(group_id)
utils.audit_trail('added group users',
request.transaction_id,
request.headers,
group_id,
event_details=event_details)
except DBDuplicateEntry as exception:
LOG.log_exception(
"DBDuplicateEntry - Group users already assigned.", exception)
print exception.message
raise err_utils.get_error(
request.transaction_id,
status_code=409,
message='Duplicate Entry - Group users already assigned.',
error_details=exception.message)
except ErrorStatus as exception:
LOG.log_exception(
"ErrorStatus - Failed to add users", exception)
raise err_utils.get_error(request.transaction_id,
message=exception.message,
status_code=exception.status_code)
except Exception as exception:
LOG.log_exception(
"Exception - Failed in add region users", exception)
raise err_utils.get_error(request.transaction_id,
status_code=500,
error_details=str(exception))
return result
@wsexpose(None, str, str, str, str, status_code=204)
def delete(self, group_id, region_id, user, user_domain):
requester = request.headers.get('X-RANGER-Requester')
is_rds_client_request = requester == 'rds_resource_service_proxy'
LOG.info("Remove users from group id: {0} user: {1} ".format(
group_id, user))
authentication.authorize(request, 'groups:delete_group_region_user')
try:
group_logic = GroupLogic()
group_logic.delete_group_region_user(group_id,
region_id,
user,
user_domain,
request.transaction_id)
LOG.info("UserController - Remove user from group finished")
event_details = 'Group {} users unassigned'.format(group_id)
utils.audit_trail('delete group user',
request.transaction_id,
request.headers,
group_id,
event_details=event_details)
except ValueError as exception:
raise err_utils.get_error(request.transaction_id,
message=exception.message,
status_code=404)
except ErrorStatus as exception:
LOG.log_exception("ErrorStatus - Failed to delete user from group",
exception)
raise err_utils.get_error(request.transaction_id,
message=exception.message,
status_code=exception.status_code)
except NotFound as e:
raise err_utils.get_error(request.transaction_id,
message=e.message,
status_code=404)
except Exception as exception:
LOG.log_exception("Exception - Failed in delete default user",
exception)
raise err_utils.get_error(request.transaction_id,
status_code=500,
error_details=str(exception))

4
orm/services/customer_manager/cms_rest/controllers/v1/orm/group/regions.py
View File

@ -4,6 +4,8 @@ from wsmeext.pecan import wsexpose
from orm.common.orm_common.utils import api_error_utils as err_utils from orm.common.orm_common.utils import api_error_utils as err_utils
from orm.common.orm_common.utils import utils from orm.common.orm_common.utils import utils
from orm.services.customer_manager.cms_rest.controllers.v1.orm.group.region_users \
import RegionUserController
from orm.services.customer_manager.cms_rest.logger import get_logger from orm.services.customer_manager.cms_rest.logger import get_logger
from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus
from orm.services.customer_manager.cms_rest.logic.group_logic import GroupLogic from orm.services.customer_manager.cms_rest.logic.group_logic import GroupLogic
@ -16,6 +18,8 @@ LOG = get_logger(__name__)
class RegionController(rest.RestController): class RegionController(rest.RestController):
users = RegionUserController()
@wsexpose([str], str, str, rest_content_types='json') @wsexpose([str], str, str, rest_content_types='json')
def get(self, group_id, region_id): def get(self, group_id, region_id):
return ["This is groups region controller ", "group id: " + group_id] return ["This is groups region controller ", "group id: " + group_id]

28
orm/services/customer_manager/cms_rest/controllers/v1/orm/group/users.py
View File

@ -5,7 +5,7 @@ from wsmeext.pecan import wsexpose
from orm.common.orm_common.utils import api_error_utils as err_utils from orm.common.orm_common.utils import api_error_utils as err_utils
from orm.common.orm_common.utils import utils from orm.common.orm_common.utils import utils
from orm.services.customer_manager.cms_rest.logger import get_logger from orm.services.customer_manager.cms_rest.logger import get_logger
from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus from orm.services.customer_manager.cms_rest.logic.error_base import ErrorStatus, NotFound
from orm.services.customer_manager.cms_rest.logic.group_logic import GroupLogic from orm.services.customer_manager.cms_rest.logic.group_logic import GroupLogic
from orm.services.customer_manager.cms_rest.model.GroupModels import \ from orm.services.customer_manager.cms_rest.model.GroupModels import \
User, UserResultWrapper User, UserResultWrapper
@ -23,12 +23,13 @@ class UserController(rest.RestController):
@wsexpose(UserResultWrapper, str, body=[User], @wsexpose(UserResultWrapper, str, body=[User],
rest_content_types='json', status_code=200) rest_content_types='json', status_code=200)
def post(self, group_id, users): def post(self, group_id, users):
LOG.info("UserController - Add users to group id {0} " LOG.info("UserController - Add Default users to group id {0} "
"users: {1}".format(group_id, users)) "users: {1}".format(group_id, str(users)))
authentication.authorize(request, 'groups:add_default_user') authentication.authorize(request, 'groups:add_group_default_users')
try: try:
group_logic = GroupLogic() group_logic = GroupLogic()
result = group_logic.add_default_users(group_id, result = \
group_logic.add_group_default_users(group_id,
users, users,
request.transaction_id) request.transaction_id)
@ -66,19 +67,18 @@ class UserController(rest.RestController):
return result return result
@wsexpose(None, str, str, status_code=204) @wsexpose(None, str, str, str, status_code=204)
def delete(self, group_id, user): def delete(self, group_id, user, user_domain):
requester = request.headers.get('X-RANGER-Requester') requester = request.headers.get('X-RANGER-Requester')
is_rds_client_request = requester == 'rds_resource_service_proxy' is_rds_client_request = requester == 'rds_resource_service_proxy'
LOG.info("Remove users from group id: {0} user: {1} ".format(
group_id, user))
authentication.authorize(request, 'groups:delete_default_user') authentication.authorize(request, 'groups:delete_group_default_user')
try: try:
group_logic = GroupLogic() group_logic = GroupLogic()
group_logic.delete_default_user(group_id, group_logic.delete_group_default_user(group_id,
user, user,
user_domain,
request.transaction_id) request.transaction_id)
LOG.info("UserController - Remove user from group finished") LOG.info("UserController - Remove user from group finished")
@ -100,6 +100,12 @@ class UserController(rest.RestController):
raise err_utils.get_error(request.transaction_id, raise err_utils.get_error(request.transaction_id,
message=exception.message, message=exception.message,
status_code=exception.status_code) status_code=exception.status_code)
except NotFound as e:
raise err_utils.get_error(request.transaction_id,
message=e.message,
status_code=404)
except Exception as exception: except Exception as exception:
LOG.log_exception("Exception - Failed in delete default user", LOG.log_exception("Exception - Failed in delete default user",
exception) exception)

4
orm/services/customer_manager/cms_rest/data/data_manager.py
View File

@ -196,11 +196,11 @@ class DataManager(object):
def add_user(self, user): def add_user(self, user):
db_user = self.session.query(CmsUser).filter( db_user = self.session.query(CmsUser).filter(
CmsUser.name == user.id).first() CmsUser.name == user).first()
if not (db_user is None): if not (db_user is None):
return db_user return db_user
db_user = CmsUser(name=user.id) db_user = CmsUser(name=user)
self.session.add(db_user) self.session.add(db_user)
self.flush() self.flush()

75
orm/services/customer_manager/cms_rest/data/sql_alchemy/groups_user_record.py
View File

@ -5,6 +5,7 @@ from orm.services.customer_manager.cms_rest.data.sql_alchemy.models \
from orm.services.customer_manager.cms_rest.data.sql_alchemy.region_record \ from orm.services.customer_manager.cms_rest.data.sql_alchemy.region_record \
import RegionRecord import RegionRecord
from orm.services.customer_manager.cms_rest.logger import get_logger from orm.services.customer_manager.cms_rest.logger import get_logger
from orm.services.customer_manager.cms_rest.logic.error_base import NotFound
LOG = get_logger(__name__) LOG = get_logger(__name__)
@ -94,27 +95,65 @@ class GroupsUserRecord:
def remove_user_from_group(self, def remove_user_from_group(self,
group_uuid, group_uuid,
region_id, region_id,
domain_name, domain,
user_name): user_id):
user_record = CmsUserRecord(self.session) # Check if 'region_id' is a string - if so, get corresponding
user_id = user_record.get_cms_user_id_from_name(user_name) # cms_region id value for use later to query/delete the
# corresponding group user record
if isinstance(region_id, basestring):
region_query = region_id
region_record = RegionRecord(self.session)
region_id = region_record.get_region_id_from_name(region_id)
if region_id is None:
raise NotFound("region {} ".format(region_query))
cmd = 'DELETE FROM groups_user WHERE group_id = %s and \ # get cms_user id value for user_id (contains user name)
region_id = %s and domain_name = %s and user_id = %s' # to query/delete the corresponding group user record
result = self.session.connection().execute(cmd, user_name = user_id
(group_uuid, cms_user_record = CmsUserRecord(self.session)
user_id = cms_user_record.get_cms_user_id_from_name(user_id)
if user_id is None:
raise NotFound("user {} ".format(user_name))
# when deleting user from a specific region, verify that user
# is associated with the group and region in the delete request
if region_id > -1:
user_check = 'SELECT DISTINCT user_id from groups_user \
WHERE group_id =%s AND region_id =%s \
AND user_id =%s AND domain_name =%s'
result = self.session.connection().execute(user_check,
group_uuid,
region_id, region_id,
domain_name, user_id, domain)
user_id))
self.session.flush()
if result.rowcount == 0: if result.rowcount == 0:
LOG.warn('user with user name {0} not found'.format( raise NotFound("user {}@{} domain".format(user_name, domain))
user_name))
raise ValueError(
'user with user name {0} not found'.format(
user_name))
LOG.debug("num records deleted: " + str(result.rowcount)) if region_id == -1:
cmd = "DELETE ur FROM groups_user ur,groups_user u \
WHERE ur.user_id=u.user_id AND ur.domain_name=%s \
AND ur.group_id = u.group_id AND u.region_id =-1 \
AND ur.group_id = %s AND ur.user_id= %s"
result = self.session.connection().execute(cmd,
domain,
group_uuid, user_id)
else:
# DELETE command to identify whether or not the provided region
# user/user_domain combo is also a default user/user_domain for
# the group; if it is, NO group_user record(s) will be deleted
del_cmd = "DELETE ur FROM groups_user as ur \
LEFT JOIN groups_user AS u \
ON ur.group_id = u.group_id AND u.user_id=ur.user_id \
AND u.region_id =-1 AND ur.domain_name = u.domain_name \
WHERE ur.group_id = %s AND ur.region_id= %s \
AND ur.user_id= %s AND ur.domain_name = %s \
AND u.user_id IS NULL"
result = self.session.connection().execute(del_cmd,
group_uuid,
region_id,
user_id,
domain)
return result return result

62
orm/services/customer_manager/cms_rest/data/sql_alchemy/models.py
View File

@ -101,6 +101,12 @@ class Groups(Base, CMSBaseModel):
return proxy_dict return proxy_dict
def get_default_region(self):
for region in self.group_regions:
if region.region_id == -1:
return region
return None
def get_group_regions(self): def get_group_regions(self):
group_regions = [] group_regions = []
for group_region in self.group_regions: for group_region in self.group_regions:
@ -108,6 +114,12 @@ class Groups(Base, CMSBaseModel):
group_regions.append(group_region) group_regions.append(group_region)
return group_regions return group_regions
def get_region(self, region_id):
for region in self.group_regions:
if region.region_id == region_id:
return region
return None
def to_wsme(self): def to_wsme(self):
uuid = self.uuid uuid = self.uuid
name = self.name name = self.name
@ -116,6 +128,9 @@ class Groups(Base, CMSBaseModel):
enabled = True if self.enabled else False enabled = True if self.enabled else False
regions = [group_region.to_wsme() for group_region in self.group_regions if regions = [group_region.to_wsme() for group_region in self.group_regions if
group_region.region_id != -1] group_region.region_id != -1]
# users = [groups_user.to_wsme() for groups_user in self.groups_users if
# groups_user.region_id == -1]
result = GroupWsmeModels.Group(description=description, result = GroupWsmeModels.Group(description=description,
name=name, name=name,
uuid=uuid, uuid=uuid,
@ -136,12 +151,22 @@ class GroupsRegion(Base, CMSBaseModel):
group_id = Column(String(64), ForeignKey('groups.uuid'), primary_key=True, nullable=False, index=True) group_id = Column(String(64), ForeignKey('groups.uuid'), primary_key=True, nullable=False, index=True)
region_id = Column(Integer, ForeignKey('cms_region.id'), primary_key=True, nullable=False, index=True) region_id = Column(Integer, ForeignKey('cms_region.id'), primary_key=True, nullable=False, index=True)
group_region_users = relationship("GroupsUser",
uselist=True,
order_by="GroupsUser.user_id",
primaryjoin="and_(GroupsRegion.group_id==GroupsUser.group_id,"
"GroupsRegion.region_id==GroupsUser.region_id)")
region = relationship("Region", viewonly=True) region = relationship("Region", viewonly=True)
groups_users = relationship(
"GroupsUser", cascade="all, delete, delete-orphan")
def __json__(self): def __json__(self):
return dict( return dict(
group_id=self.group_id, group_id=self.group_id,
region_id=self.region_id region_id=self.region_id,
group_region_users=[groups_user.__json__() for groups_user in self.group_region_users]
) )
def get_proxy_dict(self): def get_proxy_dict(self):
@ -155,8 +180,25 @@ class GroupsRegion(Base, CMSBaseModel):
def to_wsme(self): def to_wsme(self):
name = self.region.name name = self.region.name
type = self.region.type type = self.region.type
# users = [groups_user.to_wsme() for groups_user in self.group_region_users if
# groups_user.region_id > -1]
users = []
user = None
for user_role in self.group_region_users:
if user and user.id != user_role.user.name:
users.append(user)
user = GroupWsmeModels.User(id=[user_role.user.name], domain=user_role.domain_name)
elif user is None:
user = GroupWsmeModels.User(id=[user_role.user.name], domain=user_role.domain_name)
else:
user.role.append(user_role.user.name)
if user:
users.append(user)
region = GroupWsmeModels.Region(name=name, region = GroupWsmeModels.Region(name=name,
type=type) type=type,
users=users)
return region return region
@ -207,7 +249,8 @@ class GroupsCustomerRole(Base, CMSBaseModel):
group_id = Column(String(64), ForeignKey('groups.uuid'), group_id = Column(String(64), ForeignKey('groups.uuid'),
primary_key=True, nullable=False) primary_key=True, nullable=False)
region_id = Column(Integer, ForeignKey('cms_region.id')) region_id = Column(Integer, ForeignKey('cms_region.id'),
primary_key=True)
customer_id = Column(Integer, ForeignKey('customer.id'), customer_id = Column(Integer, ForeignKey('customer.id'),
primary_key=True, nullable=False, index=True) primary_key=True, nullable=False, index=True)
@ -256,7 +299,8 @@ class GroupsDomainRole(Base, CMSBaseModel):
group_id = Column(String(64), ForeignKey('groups.uuid'), group_id = Column(String(64), ForeignKey('groups.uuid'),
primary_key=True, nullable=False) primary_key=True, nullable=False)
region_id = Column(Integer, ForeignKey('cms_region.id')) region_id = Column(Integer, ForeignKey('cms_region.id'),
primary_key=True)
domain_name = Column(String(64), ForeignKey('cms_domain.name'), domain_name = Column(String(64), ForeignKey('cms_domain.name'),
primary_key=True, nullable=False) primary_key=True, nullable=False)
@ -286,7 +330,7 @@ class GroupsDomainRole(Base, CMSBaseModel):
''' '''
' GroupRole is a DataObject and contains all the fields defined in GroupRole ' GroupsUser is a DataObject and contains all the fields defined in GroupRole
' table record, defined as SqlAlchemy model map to a table ' table record, defined as SqlAlchemy model map to a table
''' '''
@ -304,7 +348,7 @@ class GroupsUser(Base, CMSBaseModel):
primary_key=True, nullable=False, index=True) primary_key=True, nullable=False, index=True)
domain_name = Column(String(64), ForeignKey('cms_domain.name'), domain_name = Column(String(64), ForeignKey('cms_domain.name'),
nullable=False) primary_key=True, nullable=False)
user = relationship("CmsUser", viewonly=True) user = relationship("CmsUser", viewonly=True)
groups = relationship("Groups", viewonly=True) groups = relationship("Groups", viewonly=True)
@ -329,6 +373,12 @@ class GroupsUser(Base, CMSBaseModel):
"domain_name": self.domain_name "domain_name": self.domain_name
} }
def to_wsme(self):
id = []
domain = ""
user = GroupWsmeModels.User(id=id, domain=domain)
return user
''' '''
' CmsRole is a DataObject and contains all the fields defined in CmsRole ' CmsRole is a DataObject and contains all the fields defined in CmsRole

7
orm/services/customer_manager/cms_rest/etc/policy.json
View File

@ -46,6 +46,9 @@
"groups:delete_region": "rule:admin_or_creator", "groups:delete_region": "rule:admin_or_creator",
"groups:assign_role": "rule:admin_or_support_or_creator", "groups:assign_role": "rule:admin_or_support_or_creator",
"groups:unassign_role": "rule:admin_or_creator", "groups:unassign_role": "rule:admin_or_creator",
"groups:add_default_user": "rule:admin_or_support", "groups:add_group_default_users": "rule:admin_or_support",
"groups:delete_default_user": "rule:admin" "groups:delete_group_default_user": "rule:admin",
"groups:add_group_region_users": "rule:admin_or_support",
"groups:delete_group_region_user": "rule:admin"
} }

5
orm/services/customer_manager/cms_rest/logic/customer_logic.py
View File

@ -82,11 +82,10 @@ class CustomerLogic(object):
for sql_user in existing_default_users_roles: for sql_user in existing_default_users_roles:
default_users_dic[sql_user.name] = sql_user default_users_dic[sql_user.name] = sql_user
for user in default_users_requested: for user in default_users_requested:
is_default_user_exist = user.id in default_users_dic.keys() is_default_user_exist = user.id in default_users_dic.keys()
if not is_default_user_exist: if not is_default_user_exist:
sql_user = datamanager.add_user(user) sql_user = datamanager.add_user(user.id)
default_region_users.append(sql_user) default_region_users.append(sql_user)
sql_user.sql_roles = [] sql_user.sql_roles = []
for role in user.role: for role in user.role:
@ -127,7 +126,7 @@ class CustomerLogic(object):
for user in users: for user in users:
is_default_user_in_region = user.id in default_users_dic.keys() is_default_user_in_region = user.id in default_users_dic.keys()
if not is_default_user_in_region: if not is_default_user_in_region:
sql_user = datamanager.add_user(user) sql_user = datamanager.add_user(user.id)
for role in user.role: for role in user.role:
sql_role = datamanager.add_role(role) sql_role = datamanager.add_role(role)
users_roles.append((sql_user, sql_role)) users_roles.append((sql_user, sql_role))

309
orm/services/customer_manager/cms_rest/logic/group_logic.py
View File

@ -17,7 +17,8 @@ from orm.services.customer_manager.cms_rest.model.GroupModels import (
GroupSummaryResponse, GroupSummaryResponse,
RegionResultWrapper, RegionResultWrapper,
RoleResultWrapper, RoleResultWrapper,
UserResultWrapper) UserResultWrapper,
RegionUserResultWrapper)
from orm.services.customer_manager.cms_rest.rds_proxy import RdsProxy from orm.services.customer_manager.cms_rest.rds_proxy import RdsProxy
@ -57,27 +58,33 @@ class GroupLogic(object):
' already associated with group') ' already associated with group')
raise ex raise ex
def add_default_users(self, def add_default_user_db(self, datamanager, default_users_requested, existing_default_users, group_uuid):
group_uuid, default_region_users = []
users,
transaction_id):
LOG.info("Add default users: group: {} user: {} ".format(
group_uuid, users))
users_result = [{'id': user.id, for user_info in default_users_requested:
'domain': user.domain} for user in users] domain_value = user_info.domain
user_result_wrapper = build_response(group_uuid, for username in user_info.id:
transaction_id, default_user_exists = []
'add_default_users', if existing_default_users:
users=users_result) # check if there is user/user_domain match
return user_result_wrapper # in existing_default_users list
def delete_default_user(self, # note: check with Hari or James on how to do
group_uuid, # an efficient search within a dictionary
user, default_user_exists =\
transaction_id): [username for exist_user in existing_default_users
LOG.info("Delete default user: group: {} user: {} ".format( if exist_user.user.name == username and
group_uuid, user)) exist_user.domain_name == domain_value]
if not default_user_exists:
# add user to cms_user table and group_users
sql_user = datamanager.add_user(username)
sql_groups_user = \
datamanager.add_groups_user(group_uuid, sql_user.id,
-1, domain_value)
default_region_users.append(sql_groups_user)
return default_region_users
def assign_roles(self, def assign_roles(self,
group_uuid, group_uuid,
@ -136,6 +143,255 @@ class GroupLogic(object):
datamanager.rollback() datamanager.rollback()
raise raise
def add_group_default_users(self, group_uuid, users, transaction_id,
p_datamanager=None):
LOG.info("Add default users: group: {} user: {} ".format(
group_uuid, users))
datamanager = None
try:
# p_datamanager is passed by replace_default_users
if p_datamanager is None:
datamanager = DataManager()
datamanager.begin_transaction()
# else:
# datamanager = p_datamanager
group_id = datamanager.get_group_by_uuid_or_name(group_uuid)
if group_id is None:
raise ErrorStatus(404, "group {} does not exist".format(
group_uuid))
group_record = datamanager.get_record('group')
group = group_record.read_group_by_uuid(group_uuid)
defaultRegion = group.get_default_region()
# get all existing default region users with their respective user domain
existing_default_users = defaultRegion.group_region_users if defaultRegion else []
default_users = []
for default_user in existing_default_users:
if default_user.user not in default_users:
default_users.append(default_user)
default_region_users =\
self.add_default_user_db(datamanager, users, default_users,
group_uuid)
# add default user(s) to all regions where group is assigned to
regions = group.get_group_regions()
for region in regions:
for user in default_region_users:
datamanager.add_groups_user(group_uuid, user.user_id,
region.region_id, user.domain_name)
timestamp = utils.get_time_human()
datamanager.flush() # i want to get any exception created by this insert
'''
# if len(customer.customer_customer_regions) > 1:
# call rds logic
# if regions:
# RdsProxy.send_group_dict(group, transaction_id, "PUT")
'''
if p_datamanager is None:
users_result = [{'id': user.id,
'domain': user.domain} for user in users]
user_result_wrapper = build_response(group_uuid,
transaction_id,
'add_group_default_users',
users=users_result)
datamanager.commit()
return user_result_wrapper
except Exception as exception:
datamanager.rollback()
if 'Duplicate' in exception.message:
raise ErrorStatus(409, exception.message)
LOG.log_exception("Failed to add_group_default_users", exception)
raise
# this function is used to assign users to a specific region
def add_group_region_users(self, group_uuid, region_id,
region_users_requested,
transaction_id, p_datamanager=None):
LOG.info("Add user under group region: group: {} "
"region: {}".format(group_uuid, region_id))
datamanager = None
try:
# p_datamanager is passed by replace_default_users
if p_datamanager is None:
datamanager = DataManager()
datamanager.begin_transaction()
# else:
# datamanager = p_datamanager
group_id = datamanager.get_group_by_uuid_or_name(group_uuid)
region_id = datamanager.get_region_id_by_name(region_id)
if group_id is None:
raise ErrorStatus(404, "group {} does not exist".format(group_uuid))
if region_id is None:
raise ErrorStatus(404, "region {} does not exist".format(region_uuid))
group_record = datamanager.get_record('group')
group = group_record.read_group_by_uuid(group_uuid)
groupRegion = group.get_region(region_id)
# get all users already assigned to the group region
current_region_users = groupRegion.group_region_users if groupRegion else []
# build the existing_users_list from current region users result
existing_users_list = []
for rgn_user in current_region_users:
if rgn_user.user not in existing_users_list:
existing_users_list.append(rgn_user)
# This section determines when to add region user to database.
# Only requested users that are not in the existing user list shall be
# added to the database
for user_info in region_users_requested:
domain_value = user_info.domain
for username in user_info.id:
region_user_exists = []
if existing_users_list:
# check if there is user/user_domain match
# in existing_default_users list
region_user_exists =\
[username for exist_user in existing_users_list
if exist_user.user.name == username and
exist_user.domain_name == domain_value]
if not region_user_exists:
# add user to cms_user table and group_users
sql_user = datamanager.add_user(username)
sql_groups_user = \
datamanager.add_groups_user(group_uuid, sql_user.id,
region_id, domain_value)
timestamp = utils.get_time_human()
datamanager.flush() # i want to get any exception created by this insert
'''
# if len(customer.customer_customer_regions) > 1:
# call rds logic
# if regions:
# RdsProxy.send_customer(customer, transaction_id, "PUT")
'''
if p_datamanager is None:
users_result = [{'id': user.id,
'domain': user.domain} for user in region_users_requested]
region_user_result_wrapper = build_response(group_uuid,
transaction_id,
'add_group_region_users',
users=users_result)
datamanager.commit()
return region_user_result_wrapper
except Exception as exception:
datamanager.rollback()
if 'Duplicate' in exception.message:
raise ErrorStatus(409, exception.message)
LOG.log_exception("Failed to add_group_region_users", exception)
raise
def delete_group_default_user(self, group_uuid, user, domain,
transaction_id):
LOG.info("Delete default user: group: {0} user: {1} "
" user domain: {2}".format(group_uuid, user, domain))
datamanager = DataManager()
try:
group = datamanager.get_group_by_uuid_or_name(group_uuid)
if group is None:
raise ErrorStatus(404, "group {} does not exist".format(
group_uuid))
user_record = datamanager.get_record('groups_user')
result = user_record.remove_user_from_group(group_uuid, -1,
domain, user)
if result.rowcount == 0:
raise NotFound("user {}@{} domain".format(user, domain))
datamanager.flush()
# if len(customer.customer_customer_regions) > 1:
# RdsProxy.send_customer(customer, transaction_id, "PUT")
datamanager.commit()
# following log info does not yet include user_domain
LOG.info("User {0} from region {1} in group {2} deleted".
format(user, 'DEFAULT', group_uuid))
except NotFound as e:
datamanager.rollback()
LOG.log_exception("Failed to delete default user, user not found",
e.message)
raise NotFound("Failed to delete default user, default %s not found" %
e.message)
raise
except Exception as exp:
datamanager.rollback()
raise exp
def delete_group_region_user(self, group_uuid, region_id, user,
user_domain, transaction_id):
LOG.info("Delete user: group: {0} region: {1} user: {2} user "
"domain: {3}".format(group_uuid, region_id, user, user_domain))
datamanager = DataManager()
try:
group = datamanager.get_group_by_uuid_or_name(group_uuid)
if group is None:
raise ErrorStatus(404, "group {} does not exist".format(
group_uuid))
user_record = datamanager.get_record('groups_user')
result = user_record.remove_user_from_group(group_uuid, region_id,
user_domain, user)
if result.rowcount == 0:
'''result.rowcount = 0 indicates that the region user
requested for deletion is identified as default user for the
group. Since default user supersedes region user, use
'delete_group_default_user' command instead to delete the user.
'''
message = "Cannot use 'delete_group_region_user' as user " \
"%s@%s domain is a default user for "\
"group %s. Use 'delete_group_default_user' "\
"instead." % (user, user_domain, group_uuid)
raise ErrorStatus(400, message)
# RdsProxy.send_customer(customer, transaction_id, "PUT")
datamanager.commit()
LOG.info("User {0} with user domain {1} from region {2} "
"in group {3} deleted".format(user, user_domain,
region_id, group_uuid))
except NotFound as e:
datamanager.rollback()
LOG.log_exception("Failed to delete region user, user not found",
e.message)
raise NotFound("Failed to delete region user, region %s not found" %
e.message)
except Exception as exception:
datamanager.rollback()
LOG.log_exception("Failed to delete region user", exception)
raise exception
def unassign_roles(self, def unassign_roles(self,
group_uuid, group_uuid,
role_name, role_name,
@ -388,7 +644,6 @@ class GroupLogic(object):
resp = requests.get(conf.api.rds_server.base + resp = requests.get(conf.api.rds_server.base +
conf.api.rds_server.status + conf.api.rds_server.status +
sql_group.uuid, verify=conf.verify).json() sql_group.uuid, verify=conf.verify).json()
for item in ret_group.regions: for item in ret_group.regions:
for status in resp['regions']: for status in resp['regions']:
if status['region'] == item.name: if status['region'] == item.name:
@ -520,12 +775,12 @@ class GroupLogic(object):
raise raise
def build_response(group_uuid, transaction_id, context, roles=[], users=[]): def build_response(group_uuid, transaction_id, context, users=[]):
"""this function generate th group action response JSON """this function generate th group action response JSON
:param group_uuid: :param group_uuid:
:param transaction_id: :param transaction_id:
:param context: :param context:
:param roles: :param users:
:return: :return:
""" """
timestamp = utils.get_time_human() timestamp = utils.get_time_human()
@ -548,10 +803,16 @@ def build_response(group_uuid, transaction_id, context, roles=[], users=[]):
links={'self': base_link}, links={'self': base_link},
created=timestamp) created=timestamp)
elif context == 'add_default_users': elif context == 'add_group_default_users':
return UserResultWrapper(transaction_id=transaction_id, return UserResultWrapper(transaction_id=transaction_id,
users=users, users=users,
links={'self': base_link}, links={'self': base_link},
created=timestamp) created=timestamp)
elif context == 'add_group_region_users':
return RegionUserResultWrapper(transaction_id=transaction_id,
users=users,
links={'self': base_link},
created=timestamp)
else: else:
return None return None

142
orm/services/customer_manager/cms_rest/model/GroupModels.py
View File

@ -7,34 +7,6 @@ import wsme
from wsme import types as wtypes from wsme import types as wtypes
class Region(Model):
"""network model the region
"""
name = wsme.wsattr(wsme.types.text, mandatory=True)
type = wsme.wsattr(wsme.types.text, default="single", mandatory=False)
status = wsme.wsattr(wsme.types.text, mandatory=False)
error_message = wsme.wsattr(wsme.types.text, mandatory=False)
def __init__(self, name="", type="single", users=[], status="",
error_message=""):
"""Create a new region.
:param name: region name
:param type: region type
:param quotas: quotas ( array of Quota)
:param users: array of users of specific region
:param status: status of creation
:param error_message: error message if status is error
"""
self.name = name
self.type = type
self.users = users
self.status = status
if error_message:
self.error_message = error_message
class RoleAssignment(Model): class RoleAssignment(Model):
roles = wsme.wsattr([str], mandatory=True) roles = wsme.wsattr([str], mandatory=True)
customer = wsme.wsattr(wsme.types.text, mandatory=False) customer = wsme.wsattr(wsme.types.text, mandatory=False)
@ -57,10 +29,16 @@ class RoleAssignment(Model):
class User(Model): class User(Model):
id = wsme.wsattr(wsme.types.text, mandatory=True) # id = wsme.wsattr(wsme.types.text, mandatory=True)
id = wsme.wsattr([str])
domain = wsme.wsattr(wsme.types.text, mandatory=True) domain = wsme.wsattr(wsme.types.text, mandatory=True)
def __init__(self, id="", domain=""): def __init__(self, id=[], domain=""):
"""Create a new user
:param id: list of users
:param domain: user domain
"""
self.id = id self.id = id
self.domain = domain self.domain = domain
@ -76,41 +54,68 @@ class UserUsers(Model):
# if len(set(self.users)) != len(self.users) and # if len(set(self.users)) != len(self.users) and
# len(set(self.domain)) != len(self.users): # len(set(self.domain)) != len(self.users):
# raise ErrorStatus(400, "Duplicate regions found") # raise ErrorStatus(400, "Duplicate regions found")
pass
# Remove the below return once implementation is done # Remove the below return once implementation is done
return None return None
class UserRegions(Model): class RegionUser(Model):
name = wsme.wsattr(wsme.types.text, mandatory=False) id = wsme.wsattr([str])
type = wsme.wsattr(wsme.types.text, default="single", mandatory=False) domain = wsme.wsattr(wsme.types.text, mandatory=True)
users = wsme.wsattr([UserUsers], mandatory=False)
def __init__(self, name="", type="", users=[]): def __init__(self, id=[], domain=""):
self.name = name self.id = id
self.type = type self.domain = domain
self.users = users
class UserAssignment(Model): # class UserAssignment(Model):
userUsers = wsme.wsattr([UserUsers], mandatory=True) # userUsers = wsme.wsattr([UserUsers], mandatory=True)
userRegions = wsme.wsattr([UserRegions], mandatory=True) # userRegions = wsme.wsattr([UserRegions], mandatory=True)
#
def __init__(self, status="", userUsers=None, userRegions=""): # def __init__(self, status="", userUsers=None, userRegions=""):
self.userUsers = userUsers # self.userUsers = userUsers
self.userRegions = userRegions # self.userRegions = userRegions
#
def validate_model(self): # def validate_model(self):
#
if not userUsers and not userRegions: # if not userUsers and not userRegions:
raise ErrorStatus(400, "Either regions or users" # raise ErrorStatus(400, "Either regions or users"
"is required. ") # "is required. ")
# check no duplicate users in dictonary list # check no duplicate users in dictonary list
# for userRegion in userRegions: # for userRegion in userRegions:
# if dups found issue 400 duplicate region error # if dups found issue 400 duplicate region error
class Region(Model):
"""network model the region
"""
name = wsme.wsattr(wsme.types.text, mandatory=True)
type = wsme.wsattr(wsme.types.text, default="single", mandatory=False)
users = wsme.wsattr([User], mandatory=False)
status = wsme.wsattr(wsme.types.text, mandatory=False)
error_message = wsme.wsattr(wsme.types.text, mandatory=False)
def __init__(self, name="", type="single", users=[], status="",
error_message=""):
"""Create a new region.
:param name: region name
:param type: region type
:param users: array of users of specific region
:param status: status of creation
:param error_message: error message if status is error
"""
self.name = name
self.type = type
self.users = users
self.status = status
if error_message:
self.error_message = error_message
class Group(Model): class Group(Model):
"""group entity with all it's related data """group entity with all it's related data
""" """
@ -121,9 +126,11 @@ class Group(Model):
uuid = wsme.wsattr(wsme.types.text, mandatory=False) uuid = wsme.wsattr(wsme.types.text, mandatory=False)
enabled = wsme.wsattr(bool, mandatory=True) enabled = wsme.wsattr(bool, mandatory=True)
regions = wsme.wsattr([Region], mandatory=False) regions = wsme.wsattr([Region], mandatory=False)
users = wsme.wsattr([User], mandatory=False)
def __init__(self, description="", name="", enabled=False, def __init__(self, description="", name="", enabled=False,
regions=[], status="", domain='default', uuid=None): regions=[], users=[], status="", domain='default',
uuid=None):
"""Create a new Group. """Create a new Group.
:param description: Server name :param description: Server name
@ -135,6 +142,7 @@ class Group(Model):
self.domain = domain self.domain = domain
self.enabled = enabled self.enabled = enabled
self.regions = regions self.regions = regions
self.users = users
if uuid is not None: if uuid is not None:
self.uuid = uuid self.uuid = uuid
@ -299,10 +307,11 @@ class RoleResultWrapper(Model):
class UserResult(Model): class UserResult(Model):
id = wsme.wsattr(wsme.types.text, mandatory=True) id = wsme.wsattr([str], mandatory=True)
domain = wsme.wsattr(wsme.types.text, mandatory=True) domain = wsme.wsattr(wsme.types.text, mandatory=True)
def __init__(self, id="", domain=""): # def __init__(self, id="", domain=""):
def __init__(self, id=[], domain=""):
Model.__init__(self) Model.__init__(self)
self.id = id self.id = id
self.domain = domain self.domain = domain
@ -321,3 +330,28 @@ class UserResultWrapper(Model):
self.transaction_id = transaction_id self.transaction_id = transaction_id
self.links = links self.links = links
self.created = created self.created = created
class RegionUserResult(Model):
id = wsme.wsattr([str], mandatory=True)
domain = wsme.wsattr(wsme.types.text, mandatory=True)
def __init__(self, id=[], domain=""):
Model.__init__(self)
self.id = id
self.domain = domain
class RegionUserResultWrapper(Model):
transaction_id = wsme.wsattr(wsme.types.text, mandatory=True)
users = wsme.wsattr([RegionUserResult], mandatory=True)
links = wsme.wsattr({str: str}, mandatory=True)
created = wsme.wsattr(wsme.types.text, mandatory=True)
def __init__(self, transaction_id, users, links, created):
users_result = [RegionUserResult(id=user['id'],
domain=user['domain']) for user in users]
self.users = users_result
self.transaction_id = transaction_id
self.links = links
self.created = created

22
orm/tests/unit/cms/test_groups_users.py
View File

@ -38,7 +38,7 @@ class TestGroupsUserController(FunctionalTest):
# assert # assert
self.assertEqual(response.status_int, 200) self.assertEqual(response.status_int, 200)
self.assertTrue(group_logic_mock.add_default_users.called) self.assertTrue(group_logic_mock.add_group_default_users.called)
def test_add_default_users_fail(self): def test_add_default_users_fail(self):
# given # given
@ -74,13 +74,13 @@ class TestGroupsUserController(FunctionalTest):
requests.delete = mock.MagicMock(return_value=ResponseMock(200)) requests.delete = mock.MagicMock(return_value=ResponseMock(200))
# when # when
response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}') response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}/{domain}')
# assert # assert
self.assertEqual(response.status_int, 204) self.assertEqual(response.status_int, 204)
# uncomment below line when delete_default_user is implemented # uncomment below line when delete_default_user is implemented
# self.assertTrue(users.utils.audit_trail.called) # self.assertTrue(users.utils.audit_trail.called)
self.assertTrue(group_logic_mock.delete_default_user.called) self.assertTrue(group_logic_mock.delete_group_default_user.called)
def test_delete_default_user_fail(self): def test_delete_default_user_fail(self):
# given # given
@ -91,7 +91,7 @@ class TestGroupsUserController(FunctionalTest):
return_value=ClientSideError("blabla", 500)) return_value=ClientSideError("blabla", 500))
# when # when
response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}', response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}/{domain}',
expect_errors=True) expect_errors=True)
# assert # assert
@ -106,7 +106,7 @@ class TestGroupsUserController(FunctionalTest):
return_value=ClientSideError("blabla", 404)) return_value=ClientSideError("blabla", 404))
# when # when
response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}', response = self.app.delete('/v1/orm/groups/{group id}/users/{user_id}/{domain}',
expect_errors=True) expect_errors=True)
# assert # assert
@ -123,16 +123,16 @@ def get_mock_group_logic():
links={}, links={},
created='1') created='1')
group_logic_mock.add_default_users.return_value = res group_logic_mock.add_group_default_users.return_value = res
elif users.GroupLogic.return_error == 1: elif users.GroupLogic.return_error == 1:
group_logic_mock.add_default_users.side_effect = SystemError() group_logic_mock.add_group_default_users.side_effect = SystemError()
group_logic_mock.delete_default_user.side_effect = SystemError() group_logic_mock.delete_group_default_user.side_effect = SystemError()
else: else:
group_logic_mock.add_default_users.side_effect = ErrorStatus( group_logic_mock.add_group_default_users.side_effect = ErrorStatus(
status_code=404) status_code=404)
group_logic_mock.delete_default_user.side_effect = ErrorStatus( group_logic_mock.delete_group_default_user.side_effect = ErrorStatus(
status_code=404) status_code=404)
return group_logic_mock return group_logic_mock
@ -145,7 +145,7 @@ class ResponseMock:
GROUPS_USER_JSON = [ GROUPS_USER_JSON = [
{ {
"id": "attuser1", "id": ["attuser1"],
"domain": "nc" "domain": "nc"
} }
] ]

16
orm/tests/unit/ormcli/test_cmscli.py
View File

@ -36,6 +36,7 @@ class CmsTests(TestCase):
args.groupid = 'test_groupid' args.groupid = 'test_groupid'
args.regionid = 'test_region' args.regionid = 'test_region'
args.userid = 'test_userid' args.userid = 'test_userid'
args.userdomain = 'test_userdomain'
args.region = 'test_region' args.region = 'test_region'
args.user = 'test_user' args.user = 'test_user'
args.starts_with = 'test_startswith' args.starts_with = 'test_startswith'
@ -99,8 +100,19 @@ class CmsTests(TestCase):
'add_group_default_users': ( 'add_group_default_users': (
requests.post, 'groups/%s/users' % args.groupid,), requests.post, 'groups/%s/users' % args.groupid,),
'delete_group_default_user': ( 'delete_group_default_user': (
requests.delete, 'groups/%s/users/%s' % ( requests.delete, 'groups/%s/users/%s/%s' % (
args.groupid, args.userid),), args.groupid, args.userid, args.userdomain),),
'add_group_region_users': (
requests.post,
'groups/%s/regions/%s/users' % (args.groupid,
args.regionid,)),
'delete_group_region_user': (
requests.delete,
'groups/%s/regions/%s/users/%s/%s' % (args.groupid,
args.regionid,
args.userid,
args.userdomain,)),
'assign_group_roles': ( 'assign_group_roles': (
requests.post, 'groups/%s/roles' % args.groupid,) requests.post, 'groups/%s/roles' % args.groupid,)
} }