Merge "Fix checking of roles"

This commit is contained in:
Zuul 2019-05-29 00:25:41 +00:00 committed by Gerrit Code Review
commit 1e62b12ef3
2 changed files with 81 additions and 11 deletions

View File

@ -28,7 +28,7 @@ class TestUsers(BaseConfigTempestTest):
# Story 2003388
super(TestUsers, self).setUp()
self.conf = self._get_conf("v2.0", "v3")
self.conf.set("auth", "tempest_roles", "_member_")
self.conf.set("auth", "tempest_roles", "fake_role")
projects_client = self._get_clients(self.conf).projects
users_client = self._get_clients(self.conf).users
roles_client = self._get_clients(self.conf).roles
@ -285,3 +285,53 @@ class TestUsers(BaseConfigTempestTest):
self.Service.give_role_to_user(
username=self.username,
role_name=self.role_name)
def _check_user_roles(self, user_roles, system_roles):
self.Service._conf.set('auth', 'tempest_roles', user_roles)
return self.Service.check_user_roles(system_roles)
@mock.patch('logging.Logger.debug')
def _check_user_role_does_not_exist(self, system_roles, LOG_mock,
default_role='member'):
roles = self._check_user_roles('doesNotExist', system_roles)
# check if it fell down to member
conf = self.Service._conf
self.assertEqual(conf.get('auth', 'tempest_roles'), default_role)
self.assertEqual(roles, [])
self.assertEqual(len(LOG_mock.mock_calls), 3)
def test_check_user_role_exists(self):
system_roles = {'roles': [{'name': 'role1'}, {'name': 'role2'}]}
roles = self._check_user_roles('role1', system_roles)
self.assertEqual(roles[0], 'role1')
@mock.patch('logging.Logger.debug')
def test_check_user_roles_one_exists(self, LOG_mock):
system_roles = {'roles': [{'name': 'role1'}, {'name': 'role2'}]}
roles = self._check_user_roles('role1, doesNotExist', system_roles)
self.assertEqual(roles[0], 'role1')
self.assertEqual(len(LOG_mock.mock_calls), 2)
@mock.patch('logging.Logger.debug')
def test_check_user_roles_two_exist(self, LOG_mock):
system_roles = {'roles': [{'name': 'role1'}, {'name': 'role2'}]}
roles = self._check_user_roles('role1,role2', system_roles)
self.assertEqual(roles[0], 'role1')
self.assertEqual(roles[1], 'role2')
self.assertEqual(len(LOG_mock.mock_calls), 1)
def test_check_user_role_does_not_exist_fall_to_member(self):
system_roles = {'roles': [{'name': 'role1'}, {'name': 'member'}]}
self._check_user_role_does_not_exist(system_roles)
def test_check_user_role_does_not_exist_fall_to_Member(self):
system_roles = {'roles': [{'name': 'role1'}, {'name': 'Member'}]}
self._check_user_role_does_not_exist(system_roles,
default_role='Member')
@mock.patch('logging.Logger.debug')
def test_check_user_role_does_not_exist_no_member(self, LOG_mock):
system_roles = {'roles': [{'name': 'role1'}]}
roles = self._check_user_roles('doesNotExist', system_roles)
self.assertEqual(roles, [])
self.assertEqual(len(LOG_mock.mock_calls), 4)

View File

@ -62,16 +62,7 @@ class Users(object):
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
user_id = user_ids[0]
roles = self.roles_client.list_roles()
# check auth.tempest_roles
roles_names = [r['name'] for r in roles['roles']]
if self._conf.get('auth', 'tempest_roles') not in roles_names:
# try 'member', usually it's present in a system
if 'member' in roles_names:
self._conf.set('auth', 'tempest_roles', 'member')
else:
# the default role/role given by user or 'member' role are not
# present in the system, remove the option completely
self._conf.remove_option('auth', 'tempest_roles')
self.check_user_roles(roles)
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
if not role_ids:
if role_required:
@ -88,6 +79,35 @@ class Users(object):
LOG.debug("(no change) User '%s' already has the '%s' role in"
" project '%s'", username, role_name, project_name)
def check_user_roles(self, roles):
"""Check if roles provided by user (or the default one) exist.
:param roles: value returned by roles_client.list_roles
:type roles: dict
:return: List of the existing roles given by user (or by defaults)
:rtype: list
"""
roles_names = [r['name'] for r in roles['roles']]
user_roles = self._conf.get('auth', 'tempest_roles').split(',')
available_roles = []
for r in user_roles:
if r in roles_names:
available_roles.append(r)
else:
LOG.debug("Provided %s role is not present in the system.", r)
if len(available_roles) == 0:
# try 'member' or 'Member', they might present in a system
if 'member' in roles_names:
self._conf.set('auth', 'tempest_roles', 'member')
elif 'Member' in roles_names:
self._conf.set('auth', 'tempest_roles', 'Member')
else:
LOG.debug("Setting auth.tempest_roles to an empty list "
"because none of the provided roles exists.")
self._conf.set('auth', 'tempest_roles', "")
return available_roles
def create_user_with_project(self, username, password, project_name):
"""Create a user and a project if it doesn't exist.