Use a list for the tenant mapping

We were using single strings to hold the tenant informatio, so it was
not possible to map several tenants inside a VO. This change uses lists
to that we are able to do such a mapping, using a new element in the
JSON file (i.e. "tenants"). Log a warning about the old format, so that
users can be aware of this.

Author: alvarolopez

caso/extract/base.py

@@ -19,6 +19,7 @@
 
 import keystoneclient.v2_0.client
 from oslo_config import cfg
+from oslo_log import log
 import six
 
 opts = [
@@ -45,6 +46,8 @@
 CONF = cfg.CONF
 CONF.register_opts(opts, group="extractor")
 
+LOG = log.getLogger(__name__)
+
 openstack_vm_statuses = {
     'active': 'started',
     'build': 'started',
@@ -81,7 +84,16 @@ def __init__(self):
         else:
             self.voms_map = {}
             for vo, vomap in mapping.iteritems():
-                self.voms_map[vomap["tenant"]] = vo
+                tenant = vomap.get("tenant", None)
+                tenants = vomap.get("tenants", [])
+                if tenant is not None:
+                    LOG.warning("Using deprecated 'tenant' mapping, please "
+                                "use 'tenants' instead")
+                tenants.append(tenant)
+                if not tenants:
+                    LOG.warning("No tenant mapping found for VO %s" % tenant)
+                for tenant in tenants:
+                    self.voms_map[tenant] = vo
 
     def _get_keystone_client(self, tenant):
         client = keystoneclient.v2_0.client.Client(

doc/source/configuration.rst

@@ -52,9 +52,13 @@ credentials to connect to the API). Check the following:
 * ``password`` (default: None), password of the user.
 * ``endpoint`` (default: None), keystone endpoint to authenticate with.
 * ``mapping_file`` (default: ``/etc/caso/voms.json``). File containing the
-  mapping from VOs to local tenants as configured in Keystone-VOMS. If
-  you are running ``cASO`` on keystone host, it likely
-  is ``/etc/keystone/voms.json``. Otherwise, you have to sync this file.
+  mapping from VOs to local tenants as configured in Keystone-VOMS, in the
+  form::
+    {
+        "VO": {
+            "tenants": ["foo", "bar"],
+        }
+    }
 * ``insecure`` (default: ``False``), wether to check or not the server's
   certificate.
 

etc/caso/voms.json.sample

@@ -1,9 +1,9 @@
 {
         "VO FQAN": {
-            "tenant": "local tenant"
+            "tenants": ["local tenant 1", "local tenant 2"]
         },
         "VO NAME": {
-            "tenant": "local tenant"
+            "tenant": ["local tenant 3"]
         }
 }