openinfra
/
python-tempestconf
Code Issues Proposed changes

Support Admin admin user and role 

We didn't take into account that the admin role and user might be
called on with uppercase first letter - Admin - on some systems.
The patch edits the logic so that we accept this admin name or
role.

Story: #2010880
Task: #48601
Change-Id: Ie027de58f77a58f44b31274e6d75dc830d3b717d
This commit is contained in:
Martin Kopec 2023-08-30 14:34:37 +00:00
parent 58e32bbe5a
commit bd8822c954
2 changed files with 58 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
config_tempest/tests/test_users.py
View File

@ -286,6 +286,38 @@ class TestUsers(BaseConfigTempestTest):
username=self.username,
role_name=self.role_name)
@mock.patch('config_tempest.clients.ProjectsClient'
'.get_project_by_name')
@mock.patch('tempest.lib.services.identity.v2.'
'users_client.UsersClient.list_users')
@mock.patch('tempest.lib.services.identity.v2.'
'users_client.UsersClient.create_user')
@mock.patch('tempest.lib.services.identity.v2.'
'roles_client.RolesClient.list_roles')
@mock.patch('tempest.lib.services.identity.v2.roles_client.'
'RolesClient.create_user_role_on_project')
def test_give_role_to_user_Admin(
self,
mock_create_user_role_on_project,
mock_list_roles,
mock_create_user,
mock_list_users,
mock_get_project_by_name):
mock_get_project_by_name.return_value = {'id': "fake_project_id"}
users = self.users
users['users'].append(
{'name': "Admin", 'id': "Admin_user_id"})
roles = self.roles
roles['roles'].append(
{'name': "Admin", 'id': "Admin_role_id"})
mock_list_users.return_value = users
mock_list_roles.return_value = roles
# using admin as user and role as those are the default values
# when discover-tempest-config is executed
self.Service.give_role_to_user(
username="admin",
role_name="admin")
def _check_user_roles(self, user_roles, system_roles):
self.Service._conf.set('auth', 'tempest_roles', user_roles)
return self.Service.check_user_roles(system_roles)

28
config_tempest/users.py
View File

@ -48,6 +48,28 @@ class Users(object):
self.give_role_to_user(username, role_name='admin')
def _filter_ids_by_name(self, mode, name, role_name, roles_list):
"""Filter the id that belongs to the name in the given list.
:param mode: 'roles' or 'users', depending what we're looking for
:param name: Name we want to filter by
:param role_name: Name of the role we wanna assign the user
:param roles_list: List of roles or users to search in.
:return: List containing an id matching the name in the roles_list.
:rtype: list
"""
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
if not match and role_name == 'admin':
# in a few cases there might be the admin role with upper-case
# first letter, therefore, let's try Admin
name = 'Admin'
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
if match and mode == 'users':
# if we found a match with Admin and we're in the users mode,
# change also the admin_username in the tempest.conf
self._conf.set('auth', 'admin_username', name)
return match
def give_role_to_user(self, username, role_name,
role_required=True):
"""Give the user a role in the project.
@ -59,14 +81,16 @@ class Users(object):
project_name = self._conf.get('identity', 'project_name')
proj_id = self.projects_client.get_project_by_name(project_name)['id']
users = self.users_client.list_users()
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
user_ids = self._filter_ids_by_name('users', username,
role_name, users)
if not user_ids:
raise Exception("user %s not found" % username)
user_id = user_ids[0]
roles = self.roles_client.list_roles()
self.check_user_roles(roles)
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
role_ids = self._filter_ids_by_name('roles', role_name,
role_name, roles)
if not role_ids:
if role_required:
raise Exception("required role %s not found" % role_name)