Browse Source

Add correct deleting of admin roles

Rufus Deponian 3 years ago
parent
commit
383691ec42
2 changed files with 26 additions and 12 deletions
  1. 15 8
      main.go
  2. 11 4
      utils.go

+ 15 - 8
main.go

@@ -73,6 +73,8 @@ func (osclient OpenstackIdentityClient) syncRoleAssignments() {
 		projectID := openstackProjects[*unit.PersNumber].ID
 
 		person := people[role.PersonId]
+
+		// Find user ID by login
 		var userID string
 		for _, login := range person.Logins {
 			user := openstackUsers[login]
@@ -104,9 +106,7 @@ func (osclient OpenstackIdentityClient) syncRoleAssignments() {
 }
 
 func (osclient OpenstackIdentityClient) deleteAllRoleAssignments() {
-	listAssignmentsOpts := roles.ListAssignmentsOpts{
-		RoleID: osclient.userRoleID,
-	}
+	listAssignmentsOpts := roles.ListAssignmentsOpts{}
 
 	allPages, err := roles.ListAssignments(osclient.client, listAssignmentsOpts).AllPages()
 	checkErr(err)
@@ -114,16 +114,23 @@ func (osclient OpenstackIdentityClient) deleteAllRoleAssignments() {
 	allRoleAssignments, err := roles.ExtractRoleAssignments(allPages)
 	checkErr(err)
 
-	index := 1
-	amount := len(allRoleAssignments)
+	// Get all mephi-users
+	openstackUsers := osclient.getOpenstackUsersMapByID()
+
 	for _, roleAssignment := range allRoleAssignments {
+		user := openstackUsers[roleAssignment.User.ID]
+		// Check that role assignment belongs to mephi-user
+		// This is necessary in order to not remove internal service openstack-users (like cinder, neutron, etc).
+		if user.ID == "" {
+			continue
+		}
+
 		unassignOpts := roles.UnassignOpts{
 			UserID:    roleAssignment.User.ID,
 			ProjectID: roleAssignment.Scope.Project.ID,
 		}
-		unassignmentResult := roles.Unassign(osclient.client, osclient.userRoleID, unassignOpts)
+		unassignmentResult := roles.Unassign(osclient.client, roleAssignment.Role.ID, unassignOpts)
 		checkErr(unassignmentResult.ExtractErr())
-		fmt.Printf("[%v/%v] Role of user %s on project %s deleted\n", index, amount, roleAssignment.User.ID, roleAssignment.Scope.Project.ID)
-		index++
+		fmt.Printf("Role of user %s on project %s deleted\n", user.Name, roleAssignment.Scope.Project.ID)
 	}
 }

+ 11 - 4
utils.go

@@ -137,10 +137,6 @@ func (osclient OpenstackIdentityClient) getOpenstackUsers() []users.User {
 
 func (osclient OpenstackIdentityClient) getOpenstackUsersMap() map[string]users.User {
 	allUsers := osclient.getOpenstackUsers()
-	return openstackUsersToMap(allUsers)
-}
-
-func openstackUsersToMap(allUsers []users.User) map[string]users.User {
 	openstackUsersMap := map[string]users.User{}
 
 	for _, user := range allUsers {
@@ -150,6 +146,17 @@ func openstackUsersToMap(allUsers []users.User) map[string]users.User {
 	return openstackUsersMap
 }
 
+func (osclient OpenstackIdentityClient) getOpenstackUsersMapByID() map[string]users.User {
+	allUsers := osclient.getOpenstackUsers()
+	openstackUsersMapByID := map[string]users.User{}
+
+	for _, user := range allUsers {
+		openstackUsersMapByID[user.ID] = user
+	}
+
+	return openstackUsersMapByID
+}
+
 func makeUpdateOpts(unit asuModels.Unit, domainID string) projects.UpdateOpts {
 	updateOpts := projects.UpdateOpts{
 		DomainID:    domainID,