openstack/deb-heat
Code Issues Proposed changes

Versioned objects - UserCreds

Browse Source 
implementation for versioned objects. This contains UserCreds

Co-Authored-By: Michal Jastrzebski (inc0) <michal.jastrzebski@intel.com>
Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Change-Id: Ibae5504060d2c714225cd8b735b430c7da52e0fa
This commit is contained in:
ShaoHe Feng 2015-03-11 21:18:10 +08:00 committed by Grzegorz Grasza (xek)
parent 45be90bb22
commit a521e72a8b
4 changed files with 100 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
heat/engine/stack.py
View File

@ -43,6 +43,7 @@ from heat.engine import template as tmpl
from heat.engine import update from heat.engine import update
from heat.objects import resource as resource_objects from heat.objects import resource as resource_objects
from heat.objects import stack as stack_object from heat.objects import stack as stack_object
from heat.objects import user_creds as ucreds_object
from heat.rpc import api as rpc_api from heat.rpc import api as rpc_api
cfg.CONF.import_opt('error_wait_time', 'heat.common.config') cfg.CONF.import_opt('error_wait_time', 'heat.common.config')
@ -171,10 +172,11 @@ class Stack(collections.Mapping):
def stored_context(self): def stored_context(self):
if self.user_creds_id: if self.user_creds_id:
creds = db_api.user_creds_get(self.user_creds_id) creds_obj = ucreds_object.UserCreds.get_by_id(self.user_creds_id)
# Maintain request_id from self.context so we retain traceability # Maintain request_id from self.context so we retain traceability
# in situations where servicing a request requires switching from # in situations where servicing a request requires switching from
# the request context to the stored context # the request context to the stored context
creds = creds_obj.obj_to_primitive()["versioned_object.data"]
creds['request_id'] = self.context.request_id creds['request_id'] = self.context.request_id
# We don't store roles in the user_creds table, so disable the # We don't store roles in the user_creds table, so disable the
# policy check for admin by setting is_admin=False. # policy check for admin by setting is_admin=False.
@ -371,9 +373,9 @@ class Stack(collections.Mapping):
if cfg.CONF.deferred_auth_method == 'trusts': if cfg.CONF.deferred_auth_method == 'trusts':
keystone = self.clients.client('keystone') keystone = self.clients.client('keystone')
trust_ctx = keystone.create_trust_context() trust_ctx = keystone.create_trust_context()
new_creds = db_api.user_creds_create(trust_ctx) new_creds = ucreds_object.UserCreds.create(trust_ctx)
else: else:
new_creds = db_api.user_creds_create(self.context) new_creds = ucreds_object.UserCreds.create(self.context)
s['user_creds_id'] = new_creds.id s['user_creds_id'] = new_creds.id
self.user_creds_id = new_creds.id self.user_creds_id = new_creds.id
@ -927,7 +929,7 @@ class Stack(collections.Mapping):
# Ignore this error instead of blocking stack deletion. # Ignore this error instead of blocking stack deletion.
user_creds = None user_creds = None
try: try:
user_creds = db_api.user_creds_get(self.user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(self.user_creds_id)
except exception.Error as err: except exception.Error as err:
LOG.exception(err) LOG.exception(err)
pass pass
@ -968,7 +970,8 @@ class Stack(collections.Mapping):
# Delete the stored credentials # Delete the stored credentials
try: try:
db_api.user_creds_delete(self.context, self.user_creds_id) ucreds_object.UserCreds.delete(self.context,
self.user_creds_id)
except exception.NotFound: except exception.NotFound:
LOG.info(_LI("Tried to delete user_creds that do not exist " LOG.info(_LI("Tried to delete user_creds that do not exist "
"(stack=%(stack)s user_creds_id=%(uc)s)"), "(stack=%(stack)s user_creds_id=%(uc)s)"),

73
heat/objects/user_creds.py Normal file
View File

@ -0,0 +1,73 @@
# Copyright 2014 Intel Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""
UserCreds object
"""
from oslo_versionedobjects import base
from oslo_versionedobjects import fields
from heat.db import api as db_api
@base.VersionedObjectRegistry.register
class UserCreds(base.VersionedObject,
base.VersionedObjectDictCompat,
base.ComparableVersionedObject):
fields = {
'id': fields.StringField(),
'created_at': fields.DateTimeField(read_only=True),
'updated_at': fields.DateTimeField(nullable=True),
'username': fields.StringField(nullable=True),
'password': fields.StringField(nullable=True),
'tenant': fields.StringField(nullable=True),
'tenant_id': fields.StringField(nullable=True),
'trustor_user_id': fields.StringField(nullable=True),
'trust_id': fields.StringField(nullable=True),
'region_name': fields.StringField(nullable=True),
'auth_url': fields.StringField(nullable=True),
'decrypt_method': fields.StringField(nullable=True)
}
@staticmethod
def _from_db_object(ucreds, db_ucreds, context=None):
if db_ucreds is None:
return db_ucreds
ucreds._context = context
for field in ucreds.fields:
# TODO(Shao HE Feng), now the db layer delete the decrypt_method
# field, just skip it here. and will add an encrypted_field later.
if field == "decrypt_method":
continue
ucreds[field] = db_ucreds[field]
ucreds.obj_reset_changes()
return ucreds
@classmethod
def create(cls, context):
user_creds_db = db_api.user_creds_create(context)
return cls._from_db_object(cls(), user_creds_db)
@classmethod
def delete(cls, context, user_creds_id):
return db_api.user_creds_delete(context, user_creds_id)
@classmethod
def get_by_id(cls, context_id):
user_creds_db = db_api.user_creds_get(context_id)
user_creds = cls._from_db_object(cls(), user_creds_db)
return user_creds

17
heat/tests/test_stack.py
View File

@ -33,6 +33,7 @@ from heat.engine import scheduler
from heat.engine import stack from heat.engine import stack
from heat.engine import template from heat.engine import template
from heat.objects import stack as stack_object from heat.objects import stack as stack_object
from heat.objects import user_creds as ucreds_object
from heat.tests import common from heat.tests import common
from heat.tests import fakes from heat.tests import fakes
from heat.tests import generic_resource as generic_rsrc from heat.tests import generic_resource as generic_rsrc
@ -1092,7 +1093,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='my_user', ctx_init = utils.dummy_context(user='my_user',
password='my_pass') password='my_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_init', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_init', self.tmpl,
user_creds_id=creds.id) user_creds_id=creds.id)
self.stack.store() self.stack.store()
@ -1114,7 +1115,7 @@ class StackTest(common.HeatTestCase):
self.assertIsNotNone(user_creds_id) self.assertIsNotNone(user_creds_id)
# should've stored the username/password in the context # should've stored the username/password in the context
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertEqual(self.ctx.username, user_creds.get('username')) self.assertEqual(self.ctx.username, user_creds.get('username'))
self.assertEqual(self.ctx.password, user_creds.get('password')) self.assertEqual(self.ctx.password, user_creds.get('password'))
self.assertIsNone(user_creds.get('trust_id')) self.assertIsNone(user_creds.get('trust_id'))
@ -1152,7 +1153,7 @@ class StackTest(common.HeatTestCase):
# should've stored the trust_id and trustor_user_id returned from # should've stored the trust_id and trustor_user_id returned from
# FakeKeystoneClient.create_trust_context, username/password should # FakeKeystoneClient.create_trust_context, username/password should
# not have been stored # not have been stored
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertIsNone(user_creds.get('username')) self.assertIsNone(user_creds.get('username'))
self.assertIsNone(user_creds.get('password')) self.assertIsNone(user_creds.get('password'))
self.assertEqual('atrust', user_creds.get('trust_id')) self.assertEqual('atrust', user_creds.get('trust_id'))
@ -1173,7 +1174,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='my_user', ctx_init = utils.dummy_context(user='my_user',
password='my_pass') password='my_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_init', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_init', self.tmpl,
user_creds_id=creds.id) user_creds_id=creds.id)
self.stack.store() self.stack.store()
@ -1218,7 +1219,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='mystored_user', ctx_init = utils.dummy_context(user='mystored_user',
password='mystored_pass') password='mystored_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_store1', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_store1', self.tmpl,
user_creds_id=creds.id, user_creds_id=creds.id,
use_stored_context=False) use_stored_context=False)
@ -1231,7 +1232,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='mystored_user', ctx_init = utils.dummy_context(user='mystored_user',
password='mystored_pass') password='mystored_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_store2', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_store2', self.tmpl,
user_creds_id=creds.id, user_creds_id=creds.id,
use_stored_context=True) use_stored_context=True)
@ -1245,7 +1246,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='mystored_user', ctx_init = utils.dummy_context(user='mystored_user',
password='mystored_pass') password='mystored_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_store3', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_store3', self.tmpl,
user_creds_id=creds.id) user_creds_id=creds.id)
self.stack.store() self.stack.store()
@ -1258,7 +1259,7 @@ class StackTest(common.HeatTestCase):
ctx_init = utils.dummy_context(user='mystored_user', ctx_init = utils.dummy_context(user='mystored_user',
password='mystored_pass') password='mystored_pass')
ctx_init.request_id = self.ctx.request_id ctx_init.request_id = self.ctx.request_id
creds = db_api.user_creds_create(ctx_init) creds = ucreds_object.UserCreds.create(ctx_init)
self.stack = stack.Stack(self.ctx, 'creds_store4', self.tmpl, self.stack = stack.Stack(self.ctx, 'creds_store4', self.tmpl,
user_creds_id=creds.id) user_creds_id=creds.id)
self.stack.store() self.stack.store()

19
heat/tests/test_stack_delete.py
View File

@ -27,6 +27,7 @@ from heat.engine import resource
from heat.engine import scheduler from heat.engine import scheduler
from heat.engine import stack from heat.engine import stack
from heat.engine import template from heat.engine import template
from heat.objects import user_creds as ucreds_object
from heat.tests import common from heat.tests import common
from heat.tests import fakes from heat.tests import fakes
from heat.tests import generic_resource as generic_rsrc from heat.tests import generic_resource as generic_rsrc
@ -68,14 +69,14 @@ class StackTest(common.HeatTestCase):
self.assertIsNotNone(db_s) self.assertIsNotNone(db_s)
self.assertIsNotNone(db_s.user_creds_id) self.assertIsNotNone(db_s.user_creds_id)
user_creds_id = db_s.user_creds_id user_creds_id = db_s.user_creds_id
db_creds = db_api.user_creds_get(db_s.user_creds_id) db_creds = ucreds_object.UserCreds.get_by_id(db_s.user_creds_id)
self.assertIsNotNone(db_creds) self.assertIsNotNone(db_creds)
self.stack.delete() self.stack.delete()
db_s = db_api.stack_get(self.ctx, stack_id) db_s = db_api.stack_get(self.ctx, stack_id)
self.assertIsNone(db_s) self.assertIsNone(db_s)
db_creds = db_api.user_creds_get(user_creds_id) db_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertIsNone(db_creds) self.assertIsNone(db_creds)
del_db_s = db_api.stack_get(self.ctx, stack_id, show_deleted=True) del_db_s = db_api.stack_get(self.ctx, stack_id, show_deleted=True)
self.assertIsNone(del_db_s.user_creds_id) self.assertIsNone(del_db_s.user_creds_id)
@ -96,16 +97,16 @@ class StackTest(common.HeatTestCase):
self.assertIsNotNone(db_s) self.assertIsNotNone(db_s)
self.assertIsNotNone(db_s.user_creds_id) self.assertIsNotNone(db_s.user_creds_id)
user_creds_id = db_s.user_creds_id user_creds_id = db_s.user_creds_id
db_creds = db_api.user_creds_get(db_s.user_creds_id) db_creds = ucreds_object.UserCreds.get_by_id(db_s.user_creds_id)
self.assertIsNotNone(db_creds) self.assertIsNotNone(db_creds)
db_api.user_creds_delete(self.ctx, user_creds_id) ucreds_object.UserCreds.delete(self.ctx, user_creds_id)
self.stack.delete() self.stack.delete()
db_s = db_api.stack_get(self.ctx, stack_id) db_s = db_api.stack_get(self.ctx, stack_id)
self.assertIsNone(db_s) self.assertIsNone(db_s)
db_creds = db_api.user_creds_get(user_creds_id) db_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertIsNone(db_creds) self.assertIsNone(db_creds)
del_db_s = db_api.stack_get(self.ctx, stack_id, show_deleted=True) del_db_s = db_api.stack_get(self.ctx, stack_id, show_deleted=True)
self.assertIsNone(del_db_s.user_creds_id) self.assertIsNone(del_db_s.user_creds_id)
@ -169,7 +170,7 @@ class StackTest(common.HeatTestCase):
user_creds_id = db_s.user_creds_id user_creds_id = db_s.user_creds_id
self.assertIsNotNone(user_creds_id) self.assertIsNotNone(user_creds_id)
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertEqual('thetrustor', user_creds.get('trustor_user_id')) self.assertEqual('thetrustor', user_creds.get('trustor_user_id'))
self.stack.delete() self.stack.delete()
@ -203,7 +204,7 @@ class StackTest(common.HeatTestCase):
user_creds_id = db_s.user_creds_id user_creds_id = db_s.user_creds_id
self.assertIsNotNone(user_creds_id) self.assertIsNotNone(user_creds_id)
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertEqual('thetrustor', user_creds.get('trustor_user_id')) self.assertEqual('thetrustor', user_creds.get('trustor_user_id'))
mock_kc.return_value = fakes.FakeKeystoneClient(user_id='nottrustor') mock_kc.return_value = fakes.FakeKeystoneClient(user_id='nottrustor')
@ -260,14 +261,14 @@ class StackTest(common.HeatTestCase):
self.assertIsNotNone(db_s) self.assertIsNotNone(db_s)
user_creds_id = db_s.user_creds_id user_creds_id = db_s.user_creds_id
self.assertIsNotNone(user_creds_id) self.assertIsNotNone(user_creds_id)
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertIsNotNone(user_creds) self.assertIsNotNone(user_creds)
self.stack.delete() self.stack.delete()
db_s = db_api.stack_get(self.ctx, stack_id) db_s = db_api.stack_get(self.ctx, stack_id)
self.assertIsNone(db_s) self.assertIsNone(db_s)
user_creds = db_api.user_creds_get(user_creds_id) user_creds = ucreds_object.UserCreds.get_by_id(user_creds_id)
self.assertIsNotNone(user_creds) self.assertIsNotNone(user_creds)
self.assertEqual((stack.Stack.DELETE, stack.Stack.COMPLETE), self.assertEqual((stack.Stack.DELETE, stack.Stack.COMPLETE),
self.stack.state) self.stack.state)