Merge "Auto-populate lessee for deployments"

4 files changed, 48 insertions, 1 deletions

diff --git a/ironic/conductor/deployments.py b/ironic/conductor/deployments.py
index 3b72dcb03..7e2c4e489 100644
--- a/ironic/conductor/deployments.py
+++ b/ironic/conductor/deployments.py
@@ -83,6 +83,26 @@ def start_deploy(task, manager, configdrive=None, event='deploy',
             instance_info.pop('kernel', None)
             instance_info.pop('ramdisk', None)
             node.instance_info = instance_info
+    elif CONF.conductor.automatic_lessee:
+        # This should only be on deploy...
+        project = utils.get_token_project_from_request(task.context)
+        if (project and node.lessee is None):
+            LOG.debug('Adding lessee $(project)s to node %(uuid)s.',
+                      {'project': project,
+                       'uuid': node.uuid})
+            node.set_driver_internal_info('automatic_lessee', True)
+            node.lessee = project
+        elif project and node.lessee is not None:
+            # Since the model is a bit of a matrix and we're largely
+            # just empowering operators, lets at least log a warning
+            # since they may need to remedy something here. Or maybe
+            # not.
+            LOG.warning('Could not automatically save lessee '
+                        '$(project)s to node %(uuid)s. Node already '
+                        'has a defined lessee of %(lessee)s.',
+                        {'project': project,
+                         'uuid': node.uuid,
+                         'lessee': node.lessee})
 
     # Infer the image type to make sure the deploy driver
     # validates only the necessary variables for different
diff --git a/ironic/conductor/manager.py b/ironic/conductor/manager.py
index 7f6470e38..1b15f7856 100644
--- a/ironic/conductor/manager.py
+++ b/ironic/conductor/manager.py
@@ -1097,6 +1097,10 @@ class ConductorManager(base_manager.BaseConductorManager):
             node.del_driver_internal_info('root_uuid_or_disk_id')
             node.del_driver_internal_info('is_whole_disk_image')
             node.del_driver_internal_info('deploy_boot_mode')
+            if node.driver_internal_info.get('automatic_lessee'):
+                # Remove lessee, as it was automatically added
+                node.lessee = None
+                node.del_driver_internal_info('automatic_lessee')
             network.remove_vifs_from_node(task)
             node.save()
             if node.allocation_id:
diff --git a/ironic/conductor/rpcapi.py b/ironic/conductor/rpcapi.py
index 21139e60d..47ef4c6c9 100644
--- a/ironic/conductor/rpcapi.py
+++ b/ironic/conductor/rpcapi.py
@@ -547,7 +547,6 @@ class ConductorAPI(object):
         if deploy_steps:
             version = '1.52'
             new_kws['deploy_steps'] = deploy_steps
-
         cctxt = self._prepare_call(topic=topic, version=version)
         return cctxt.call(context, 'do_node_deploy', node_id=node_id,
                           rebuild=rebuild, configdrive=configdrive, **new_kws)
diff --git a/ironic/conductor/utils.py b/ironic/conductor/utils.py
index aeb067a7a..d3da64f0e 100644
--- a/ironic/conductor/utils.py
+++ b/ironic/conductor/utils.py
@@ -1692,3 +1692,27 @@ def exclude_current_conductor(current_conductor, offline_conductors):
                     current_conductor)
 
     return [x for x in offline_conductors if x != current_conductor]
+
+
+def get_token_project_from_request(ctx):
+    """Identifies the request originator project via keystone token details.
+
+    This method evaluates the ``auth_token_info`` field, which is used to
+    pass information returned from keystone as a token's
+    verification. This information is based upon the actual, original
+    requestor context provided ``auth_token``.
+
+    When a service, such as Nova proxies a request, the request provided
+    auth token value is intended to be from the original user.
+
+    :returns: The project ID value.
+    """
+
+    try:
+        if ctx.auth_token_info:
+            project = ctx.auth_token_info.get('token', {}).get('project', {})
+            if project:
+                return project.get('id')
+    except AttributeError:
+        LOG.warning('Attempted to identify requestor project ID value, '
+                    'however we were unable to do so. Possible older API?')