main.go 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
  1. package main
  2. import (
  3. "fmt"
  4. "devel.mephi.ru/iacherepanov/openstack-gophercloud/openstack/identity/v3/projects"
  5. "devel.mephi.ru/iacherepanov/openstack-gophercloud/openstack/identity/v3/roles"
  6. )
  7. func main() {
  8. osclient := initIdentityClient()
  9. fmt.Println("Syncing projects...")
  10. osclient.syncProjects()
  11. // fmt.Println("Deleting projects...")
  12. // osclient.deleteAllProjects()
  13. fmt.Println("Syncing role assignments...")
  14. osclient.syncRoleAssignments()
  15. // fmt.Println("Deleting role assignments...")
  16. // osclient.deleteAllRoleAssignments()
  17. }
  18. func (osclient OpenstackIdentityClient) syncProjects() {
  19. allUnits := getCleanUnitsPersNumberMap(osclient.config)
  20. allProjects := osclient.getProjectsMap()
  21. for persNumber, unit := range allUnits {
  22. if _, ok := allProjects[persNumber]; ok {
  23. updateOpts := makeUpdateOpts(unit, osclient.domainID)
  24. projectID := allProjects[persNumber].ID
  25. updateResult := projects.Update(osclient.client, projectID, updateOpts)
  26. checkErr(updateResult.Err)
  27. fmt.Printf("Project \"%s\" updated\n", *unit.BriefName)
  28. } else {
  29. createOpts := makeCreateOpts(unit, osclient.domainID)
  30. createResult := projects.Create(osclient.client, createOpts)
  31. checkErr(createResult.Err)
  32. fmt.Printf("Project \"%s\" created\n", *unit.BriefName)
  33. }
  34. // Add cloud_admin user as admin to project
  35. projectID := allProjects[persNumber].ID
  36. assignOpts := roles.AssignOpts{
  37. UserID: osclient.cloudAdminID,
  38. ProjectID: projectID,
  39. }
  40. assignmentResult := roles.Assign(osclient.client, osclient.adminRoleID, assignOpts)
  41. checkErr(assignmentResult.ExtractErr())
  42. fmt.Printf("Admin role on project %s assigned to cloud_admin\n", projectID)
  43. }
  44. }
  45. func (osclient OpenstackIdentityClient) deleteAllProjects() {
  46. allProjects := osclient.getProjectsMap()
  47. index := 1
  48. amount := len(allProjects)
  49. for _, project := range allProjects {
  50. deleteResult := projects.Delete(osclient.client, project.ID)
  51. checkErr(deleteResult.ExtractErr())
  52. fmt.Printf("[%v/%v] Project \"%s\" deleted\n", index, amount, project.Name)
  53. index++
  54. }
  55. }
  56. func (osclient OpenstackIdentityClient) syncRoleAssignments() {
  57. osclient.deleteAllRoleAssignments()
  58. openstackProjects := osclient.getProjectsMap()
  59. openstackUsers := osclient.getOpenstackUsersMap()
  60. units := getCleanUnitsCodeMap(osclient.config)
  61. people := getPeopleMap(osclient.config)
  62. roleList := getRoles(osclient.config)
  63. for _, role := range roleList {
  64. // Get project ID from unit code
  65. unitCode := unitCodeToInt(role.Extra)
  66. unit := units[unitCode]
  67. // Check if unit doesn't exist in units map
  68. if unit.Id == 0 {
  69. continue
  70. }
  71. projectID := openstackProjects[*unit.PersNumber].ID
  72. person := people[role.PersonId]
  73. // Find user ID by login
  74. var userID string
  75. for _, login := range person.Logins {
  76. user := openstackUsers[login]
  77. if user.ID != "" {
  78. userID = user.ID
  79. break
  80. }
  81. }
  82. // Check if user doesn't exist in Openstack
  83. if userID == "" {
  84. continue
  85. }
  86. assignOpts := roles.AssignOpts{
  87. UserID: userID,
  88. ProjectID: projectID,
  89. }
  90. var roleID string
  91. if role.RoleName == "openstack_admin" {
  92. roleID = osclient.adminRoleID
  93. } else {
  94. roleID = osclient.userRoleID
  95. }
  96. assignmentResult := roles.Assign(osclient.client, roleID, assignOpts)
  97. checkErr(assignmentResult.ExtractErr())
  98. fmt.Printf("Role %s on project %s assigned to %s\n", roleID, projectID, userID)
  99. }
  100. }
  101. func (osclient OpenstackIdentityClient) deleteAllRoleAssignments() {
  102. listAssignmentsOpts := roles.ListAssignmentsOpts{}
  103. allPages, err := roles.ListAssignments(osclient.client, listAssignmentsOpts).AllPages()
  104. checkErr(err)
  105. allRoleAssignments, err := roles.ExtractRoleAssignments(allPages)
  106. checkErr(err)
  107. // Get all mephi-users
  108. openstackUsers := osclient.getOpenstackUsersMapByID()
  109. for _, roleAssignment := range allRoleAssignments {
  110. user := openstackUsers[roleAssignment.User.ID]
  111. // Check that role assignment belongs to mephi-user
  112. // This is necessary in order to not remove internal service openstack-users (like cinder, neutron, etc).
  113. if user.ID == "" {
  114. continue
  115. }
  116. unassignOpts := roles.UnassignOpts{
  117. UserID: roleAssignment.User.ID,
  118. ProjectID: roleAssignment.Scope.Project.ID,
  119. }
  120. unassignmentResult := roles.Unassign(osclient.client, roleAssignment.Role.ID, unassignOpts)
  121. checkErr(unassignmentResult.ExtractErr())
  122. fmt.Printf("Role of user %s on project %s deleted\n", user.Name, roleAssignment.Scope.Project.ID)
  123. }
  124. }