1 files changed, 150 insertions, 0 deletions
diff --git a/aria/multivim-plugin/keystone_plugin/project.py b/aria/multivim-plugin/keystone_plugin/project.py
new file mode 100644
index 0000000000..223ffbbb5c
--- /dev/null
+++ b/aria/multivim-plugin/keystone_plugin/project.py
@@ -0,0 +1,150 @@
+#########
+# Copyright (c) 2015 GigaSpaces Technologies Ltd. All rights reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+#  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  * See the License for the specific language governing permissions and
+#  * limitations under the License.
+
+from cloudify import ctx
+from cloudify.decorators import operation
+from cloudify.exceptions import NonRecoverableError
+
+from openstack_plugin_common import (with_keystone_client,
+                                     with_nova_client,
+                                     with_cinder_client,
+                                     with_neutron_client,
+                                     get_resource_id,
+                                     use_external_resource,
+                                     delete_resource_and_runtime_properties,
+                                     validate_resource,
+                                     COMMON_RUNTIME_PROPERTIES_KEYS,
+                                     OPENSTACK_ID_PROPERTY,
+                                     OPENSTACK_TYPE_PROPERTY,
+                                     OPENSTACK_NAME_PROPERTY)
+
+
+PROJECT_OPENSTACK_TYPE = 'project'
+
+TENANT_QUOTA_TYPE = 'quota'
+
+RUNTIME_PROPERTIES_KEYS = COMMON_RUNTIME_PROPERTIES_KEYS
+
+
+@operation
+@with_keystone_client
+def create(keystone_client, **kwargs):
+    if use_external_resource(ctx, keystone_client, PROJECT_OPENSTACK_TYPE):
+        return
+
+    project_dict = {
+        'name': get_resource_id(ctx, PROJECT_OPENSTACK_TYPE),
+        'domain': 'default'
+    }
+
+    project_dict.update(ctx.node.properties['project'])
+    project = keystone_client.projects.create(**project_dict)
+
+    ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = project.id
+    ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
+        PROJECT_OPENSTACK_TYPE
+    ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = project.name
+
+
+@operation
+@with_keystone_client
+@with_nova_client
+@with_cinder_client
+@with_neutron_client
+def start(keystone_client, nova_client, cinder_client, neutron_client,
+          **kwargs):
+    project_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY]
+    users = ctx.node.properties['users']
+    validate_users(users, keystone_client)
+
+    assign_users(project_id, users, keystone_client)
+
+    quota = ctx.node.properties[TENANT_QUOTA_TYPE]
+    update_quota(project_id, quota, nova_client, 'nova')
+    update_quota(project_id, quota, neutron_client, 'neutron')
+    update_quota(project_id, quota, cinder_client, 'cinder')
+
+
+@operation
+@with_keystone_client
+@with_nova_client
+@with_cinder_client
+@with_neutron_client
+def delete(keystone_client, nova_client, cinder_client,
+           neutron_client, **kwargs):
+    tenant_id = ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY]
+    quota = ctx.node.properties[TENANT_QUOTA_TYPE]
+    delete_quota(tenant_id, quota, nova_client, 'nova')
+    delete_quota(tenant_id, quota, neutron_client, 'neutron')
+    delete_quota(tenant_id, quota, cinder_client, 'cinder')
+    delete_resource_and_runtime_properties(ctx, keystone_client,
+                                           RUNTIME_PROPERTIES_KEYS)
+
+
+@operation
+@with_keystone_client
+def creation_validation(keystone_client, **kwargs):
+    validate_resource(ctx, keystone_client, PROJECT_OPENSTACK_TYPE)
+
+
+def assign_users(project_id, users, keystone_client):
+    for user in users:
+        roles = user['roles']
+        u = keystone_client.users.find(name=user['name'])
+        for role in roles:
+            r = keystone_client.roles.find(name=role)
+            keystone_client.roles.grant(user=u.id,
+                                        project=project_id,
+                                        role=r.id)
+
+
+def validate_users(users, keystone_client):
+    user_names = [user['name'] for user in users]
+    if len(user_names) > len(set(user_names)):
+        raise NonRecoverableError('Users are not unique')
+
+    for user_name in user_names:
+        keystone_client.users.find(name=user_name)
+
+    for user in users:
+        if len(user['roles']) > len(set(user['roles'])):
+            msg = 'Roles for user {} are not unique'
+            raise NonRecoverableError(msg.format(user['name']))
+
+    role_names = {role for user in users for role in user['roles']}
+    for role_name in role_names:
+        keystone_client.roles.find(name=role_name)
+
+
+def update_quota(tenant_id, quota, client, what_quota):
+    updated_quota = quota.get(what_quota)
+    if updated_quota:
+        if what_quota == 'neutron':
+            new_quota = client.update_quota(tenant_id=tenant_id,
+                                            body={'quota': updated_quota})
+        else:
+            new_quota = client.quotas.update(tenant_id=tenant_id,
+                                             **updated_quota)
+        ctx.logger.info(
+            'Updated {0} quota: {1}'.format(what_quota, str(new_quota)))
+
+
+def delete_quota(project_id, quota, client, what_quota):
+    deleting_quota = quota.get(what_quota)
+    if deleting_quota:
+        if what_quota == 'neutron':
+            client.delete_quota(tenant_id=project_id)
+        else:
+            client.quotas.delete(tenant_id=project_id)