keystone/common/sql/nova.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

# vim: tabstop=4 shiftwidth=4 softtabstop=4

"""Export data from Nova database and import through Identity Service."""

import logging
import uuid

from keystone.contrib.ec2.backends import sql as ec2_sql
from keystone.identity.backends import sql as identity_sql


logger = logging.getLogger('keystone.common.sql.nova')


def import_auth(data):
    identity_api = identity_sql.Identity()
    tenant_map = _create_tenants(identity_api, data['tenants'])
    user_map = _create_users(identity_api, data['users'])
    _create_memberships(identity_api, data['user_tenant_list'],
                        user_map, tenant_map)
    role_map = _create_roles(identity_api, data['roles'])
    _assign_roles(identity_api, data['role_user_tenant_list'],
                  role_map, user_map, tenant_map)

    ec2_api = ec2_sql.Ec2()
    ec2_creds = data['ec2_credentials']
    _create_ec2_creds(ec2_api, identity_api, ec2_creds, user_map)


def _generate_uuid():
    return uuid.uuid4().hex


def _create_tenants(api, tenants):
    tenant_map = {}
    for tenant in tenants:
        tenant_dict = {
            'id': _generate_uuid(),
            'name': tenant['id'],
            'description': tenant['description'],
            'enabled': True,
        }
        tenant_map[tenant['id']] = tenant_dict['id']
        logger.debug('Create tenant %s' % tenant_dict)
        api.create_tenant(tenant_dict['id'], tenant_dict)
    return tenant_map


def _create_users(api, users):
    user_map = {}
    for user in users:
        user_dict = {
            'id': _generate_uuid(),
            'name': user['id'],
            'email': '',
            'password': user['password'],
            'enabled': True,
        }
        user_map[user['id']] = user_dict['id']
        logger.debug('Create user %s' % user_dict)
        api.create_user(user_dict['id'], user_dict)
    return user_map


def _create_memberships(api, memberships, user_map, tenant_map):
    for membership in memberships:
        user_id = user_map[membership['user_id']]
        tenant_id = tenant_map[membership['tenant_id']]
        logger.debug('Add user %s to tenant %s' % (user_id, tenant_id))
        api.add_user_to_tenant(tenant_id, user_id)


def _create_roles(api, roles):
    role_map = {}
    for role in roles:
        role_dict = {
            'id': _generate_uuid(),
            'name': role,
        }
        role_map[role] = role_dict['id']
        logger.debug('Create role %s' % role_dict)
        api.create_role(role_dict['id'], role_dict)
    return role_map


def _assign_roles(api, assignments, role_map, user_map, tenant_map):
    for assignment in assignments:
        role_id = role_map[assignment['role']]
        user_id = user_map[assignment['user_id']]
        tenant_id = tenant_map[assignment['tenant_id']]
        logger.debug('Assign role %s to user %s on tenant %s' %
                     (role_id, user_id, tenant_id))
        api.add_role_to_user_and_tenant(user_id, tenant_id, role_id)


def _create_ec2_creds(ec2_api, identity_api, ec2_creds, user_map):
    for ec2_cred in ec2_creds:
        user_id = user_map[ec2_cred['user_id']]
        for tenant_id in identity_api.get_tenants_for_user(user_id):
            cred_dict = {
                'access': '%s:%s' % (tenant_id, ec2_cred['access_key']),
                'secret': ec2_cred['secret_key'],
                'user_id': user_id,
                'tenant_id': tenant_id,
            }
            logger.debug('Creating ec2 cred for user %s and tenant %s' %
                          (user_id, tenant_id))
            ec2_api.create_credential(None, cred_dict)