Fixes user and project search by name in openstack_user resource

As project and user names are only unique for each domain and some Keystone settings may filter user listing, any user or project search by name needs to include the associated domain. This change fixes any search done by name of a project or user in the openstack_user resource. It is assumed that if no domain is specified and there are multiple elements with the same name, the first search result is chosen. Closes-Bug: #1871144 Change-Id: I0ed3ffabab5f8b0959c3b2c50a3619f378e59c9e Signed-off-by: Henrique Santos <hfigueiredosantos@tecnico.ulisboa.pt>
2020-04-14 16:02:48 +01:00 · 2020-04-14 16:02:48 +01:00 · 3ae01161cd
parent 27ae6d914f
commit 3ae01161cd
2 changed files with 41 additions and 15 deletions
--- a/libraries/openstack_user.rb
+++ b/libraries/openstack_user.rb
@ -1,4 +1,3 @@
-
 #
 # Copyright:: 2016 cloudbau GmbH
 #
@ -30,9 +29,14 @@ module OpenstackclientCookbook
    default_action :create

    action :create do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
-      project = new_resource.connection.projects.find { |p| p.name == new_resource.project_name }
-      domain = new_resource.connection.domains.find { |u| u.name == new_resource.domain_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      project = new_resource.connection.projects.find do |p|
+        (p.name == new_resource.project_name) && (domain ? p.domain_id == domain.id : {})
+      end
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
      if user
        log "User with name: \"#{new_resource.user_name}\" already exists"
      elsif domain
@ -54,7 +58,11 @@ module OpenstackclientCookbook
    end

    action :delete do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
      if user
        user.destroy
      else
@ -64,15 +72,27 @@ module OpenstackclientCookbook

    # Grant a role in a project
    action :grant_role do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
-      project = new_resource.connection.projects.find { |p| p.name == new_resource.project_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      project = new_resource.connection.projects.find do |p|
+        (p.name == new_resource.project_name) && (domain ? p.domain_id == domain.id : {})
+      end
      role = new_resource.connection.roles.find { |r| r.name == new_resource.role_name }
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
      project.grant_role_to_user role.id, user.id if role && project && user
    end

    action :revoke_role do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
-      project = new_resource.connection.projects.find { |p| p.name == new_resource.project_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
+      project = new_resource.connection.projects.find do |p|
+        (p.name == new_resource.project_name) && (domain ? p.domain_id == domain.id : {})
+      end
      role = new_resource.connection.roles.find { |r| r.name == new_resource.role_name }
      project.revoke_role_from_user role.id, user.id if role && project && user
    end
@ -82,15 +102,21 @@ module OpenstackclientCookbook
    # only used to identify a user who is in that domain. This action grants
    # the user a role in the domain.
    action :grant_domain do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
-      domain = new_resource.connection.domains.find { |p| p.name == new_resource.domain_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
      role = new_resource.connection.roles.find { |r| r.name == new_resource.role_name }
      user.grant_role role.id if role && domain && user
    end

    action :revoke_domain do
-      user = new_resource.connection.users.find { |u| u.name == new_resource.user_name }
-      domain = new_resource.connection.domains.find { |p| p.name == new_resource.domain_name }
+      domain = new_resource.connection.domains.find { |d| d.name == new_resource.domain_name }
+      user = new_resource.connection.users.find_by_name(
+          new_resource.user_name,
+          domain ? { domain_id: domain.id } : {}
+        ).first
      role = new_resource.connection.roles.find { |r| r.name == new_resource.role_name }
      user.revoke_role role.id if role && domain && user
    end
--- a/spec/user_spec.rb
+++ b/spec/user_spec.rb
@ -29,7 +29,7 @@ describe 'openstackclient_test::user' do
    double :user,
           create: true,
           destroy: true,
-           find: nil
+           find_by_name: []
  end

  let(:found_user) do
@ -44,7 +44,7 @@ describe 'openstackclient_test::user' do
    double :user,
           create: true,
           destroy: true,
-           find: found_user
+           find_by_name: [ found_user ]
  end

  let(:found_role) do