Add keystone.user custom constraint
This the first patch of two to allow roles to be added to existing users. This patch implements the keystone.user custom constraint, allowing users to specify the names of existing keystone users in their templates. Change-Id: I9041f907a7bb227ba5c31353f431426c82c3ae47 Partial-Bug: #1477218
This commit is contained in:
parent
2bf2efd6ad
commit
b3be2f46d1
@ -101,6 +101,18 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
raise exception.EntityNotFound(entity='KeystoneService',
|
raise exception.EntityNotFound(entity='KeystoneService',
|
||||||
name=service)
|
name=service)
|
||||||
|
|
||||||
|
def get_user_id(self, user):
|
||||||
|
try:
|
||||||
|
user_obj = self.client().client.users.get(user)
|
||||||
|
return user_obj.id
|
||||||
|
except exceptions.NotFound:
|
||||||
|
user_list = self.client().client.users.list(name=user)
|
||||||
|
for user_obj in user_list:
|
||||||
|
if user_obj.name == user:
|
||||||
|
return user_obj.id
|
||||||
|
|
||||||
|
raise exception.EntityNotFound(entity='KeystoneUser', name=user)
|
||||||
|
|
||||||
|
|
||||||
class KeystoneRoleConstraint(constraints.BaseCustomConstraint):
|
class KeystoneRoleConstraint(constraints.BaseCustomConstraint):
|
||||||
|
|
||||||
@ -141,3 +153,11 @@ class KeystoneServiceConstraint(constraints.BaseCustomConstraint):
|
|||||||
|
|
||||||
def validate_with_client(self, client, service):
|
def validate_with_client(self, client, service):
|
||||||
client.client_plugin('keystone').get_service_id(service)
|
client.client_plugin('keystone').get_service_id(service)
|
||||||
|
|
||||||
|
|
||||||
|
class KeystoneUserConstraint(constraints.BaseCustomConstraint):
|
||||||
|
|
||||||
|
expected_exceptions = (exception.EntityNotFound,)
|
||||||
|
|
||||||
|
def validate_with_client(self, client, user):
|
||||||
|
client.client_plugin('keystone').get_user_id(user)
|
||||||
|
@ -126,6 +126,25 @@ class KeystoneServiceConstraintTest(common.HeatTestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class KeystoneUserConstraintTest(common.HeatTestCase):
|
||||||
|
|
||||||
|
def test_expected_exceptions(self):
|
||||||
|
self.assertEqual((exception.EntityNotFound,),
|
||||||
|
client.KeystoneUserConstraint.expected_exceptions,
|
||||||
|
"KeystoneUserConstraint expected exceptions error")
|
||||||
|
|
||||||
|
def test_constrain(self):
|
||||||
|
constrain = client.KeystoneUserConstraint()
|
||||||
|
client_mock = mock.MagicMock()
|
||||||
|
client_plugin_mock = mock.MagicMock()
|
||||||
|
client_plugin_mock.get_user_id.return_value = None
|
||||||
|
client_mock.client_plugin.return_value = client_plugin_mock
|
||||||
|
|
||||||
|
self.assertIsNone(constrain.validate_with_client(client_mock, 'admin'))
|
||||||
|
|
||||||
|
client_plugin_mock.get_user_id.assert_called_once_with('admin')
|
||||||
|
|
||||||
|
|
||||||
class KeystoneClientPluginServiceTest(common.HeatTestCase):
|
class KeystoneClientPluginServiceTest(common.HeatTestCase):
|
||||||
|
|
||||||
sample_uuid = '477e8273-60a7-4c41-b683-fdb0bc7cd152'
|
sample_uuid = '477e8273-60a7-4c41-b683-fdb0bc7cd152'
|
||||||
@ -532,3 +551,77 @@ class KeystoneClientPluginGroupTest(common.HeatTestCase):
|
|||||||
self.sample_name)
|
self.sample_name)
|
||||||
self._client.client.groups.list.assert_called_once_with(
|
self._client.client.groups.list.assert_called_once_with(
|
||||||
name=self.sample_name)
|
name=self.sample_name)
|
||||||
|
|
||||||
|
|
||||||
|
class KeystoneClientPluginUserTest(common.HeatTestCase):
|
||||||
|
|
||||||
|
sample_uuid = '477e8273-60a7-4c41-b683-fdb0bc7cd152'
|
||||||
|
sample_name = 'sample_user'
|
||||||
|
|
||||||
|
def _get_mock_user(self):
|
||||||
|
user = mock.MagicMock()
|
||||||
|
user.id = self.sample_uuid
|
||||||
|
user.name = self.sample_name
|
||||||
|
return user
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(KeystoneClientPluginUserTest, self).setUp()
|
||||||
|
self._client = mock.MagicMock()
|
||||||
|
|
||||||
|
@mock.patch.object(client.KeystoneClientPlugin, 'client')
|
||||||
|
def test_get_user_id(self, client_keystone):
|
||||||
|
self._client.client.users.get.return_value = self._get_mock_user()
|
||||||
|
|
||||||
|
client_keystone.return_value = self._client
|
||||||
|
client_plugin = client.KeystoneClientPlugin(
|
||||||
|
context=mock.MagicMock()
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(self.sample_uuid,
|
||||||
|
client_plugin.get_user_id(self.sample_uuid))
|
||||||
|
self._client.client.users.get.assert_called_once_with(
|
||||||
|
self.sample_uuid)
|
||||||
|
|
||||||
|
@mock.patch.object(client.KeystoneClientPlugin, 'client')
|
||||||
|
def test_get_user_id_with_name(self, client_keystone):
|
||||||
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
|
.NotFound)
|
||||||
|
self._client.client.users.list.return_value = [
|
||||||
|
self._get_mock_user()
|
||||||
|
]
|
||||||
|
|
||||||
|
client_keystone.return_value = self._client
|
||||||
|
client_plugin = client.KeystoneClientPlugin(
|
||||||
|
context=mock.MagicMock()
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(self.sample_uuid,
|
||||||
|
client_plugin.get_user_id(self.sample_name))
|
||||||
|
self.assertRaises(keystone_exceptions.NotFound,
|
||||||
|
self._client.client.users.get,
|
||||||
|
self.sample_name)
|
||||||
|
self._client.client.users.list.assert_called_once_with(
|
||||||
|
name=self.sample_name)
|
||||||
|
|
||||||
|
@mock.patch.object(client.KeystoneClientPlugin, 'client')
|
||||||
|
def test_get_user_id_not_found(self, client_keystone):
|
||||||
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
|
.NotFound)
|
||||||
|
self._client.client.users.list.return_value = []
|
||||||
|
|
||||||
|
client_keystone.return_value = self._client
|
||||||
|
client_plugin = client.KeystoneClientPlugin(
|
||||||
|
context=mock.MagicMock()
|
||||||
|
)
|
||||||
|
|
||||||
|
ex = self.assertRaises(exception.EntityNotFound,
|
||||||
|
client_plugin.get_user_id,
|
||||||
|
self.sample_name)
|
||||||
|
msg = ('The KeystoneUser (%(name)s) could not be found.' %
|
||||||
|
{'name': self.sample_name})
|
||||||
|
self.assertEqual(msg, six.text_type(ex))
|
||||||
|
self.assertRaises(keystone_exceptions.NotFound,
|
||||||
|
self._client.client.users.get,
|
||||||
|
self.sample_name)
|
||||||
|
self._client.client.users.list.assert_called_once_with(
|
||||||
|
name=self.sample_name)
|
||||||
|
@ -88,6 +88,7 @@ heat.constraints =
|
|||||||
keystone.project = heat.engine.clients.os.keystone:KeystoneProjectConstraint
|
keystone.project = heat.engine.clients.os.keystone:KeystoneProjectConstraint
|
||||||
keystone.group = heat.engine.clients.os.keystone:KeystoneGroupConstraint
|
keystone.group = heat.engine.clients.os.keystone:KeystoneGroupConstraint
|
||||||
keystone.service = heat.engine.clients.os.keystone:KeystoneServiceConstraint
|
keystone.service = heat.engine.clients.os.keystone:KeystoneServiceConstraint
|
||||||
|
keystone.user = heat.engine.clients.os.keystone:KeystoneUserConstraint
|
||||||
manila.share_snapshot = heat.engine.clients.os.manila:ManilaShareSnapshotConstraint
|
manila.share_snapshot = heat.engine.clients.os.manila:ManilaShareSnapshotConstraint
|
||||||
manila.share_network = heat.engine.clients.os.manila:ManilaShareNetworkConstraint
|
manila.share_network = heat.engine.clients.os.manila:ManilaShareNetworkConstraint
|
||||||
manila.share_type = heat.engine.clients.os.manila:ManilaShareTypeConstraint
|
manila.share_type = heat.engine.clients.os.manila:ManilaShareTypeConstraint
|
||||||
|
Loading…
Reference in New Issue
Block a user