stack user add _user_token
Change-Id: I729a6e591e30a93378596eb35722120b4bb364fc
This commit is contained in:
parent
f997588f9c
commit
c991000458
@ -49,6 +49,21 @@ class StackUser(resource.Resource):
|
|||||||
# Store the ID in resource data, for compatibility with SignalResponder
|
# Store the ID in resource data, for compatibility with SignalResponder
|
||||||
self.data_set('user_id', user_id)
|
self.data_set('user_id', user_id)
|
||||||
|
|
||||||
|
def _user_token(self):
|
||||||
|
project_id = self.stack.stack_user_project_id
|
||||||
|
if not project_id:
|
||||||
|
raise ValueError(_("Can't get user token, user not yet created"))
|
||||||
|
password = getattr(self, 'password', None)
|
||||||
|
# FIXME(shardy): the create and getattr here could allow insane
|
||||||
|
# passwords, e.g a zero length string, if these happen it almost
|
||||||
|
# certainly means a bug elsewhere in heat, so add assertion to catch
|
||||||
|
if password is None:
|
||||||
|
raise ValueError(_("Can't get user token without password"))
|
||||||
|
|
||||||
|
return self.keystone().stack_domain_user_token(
|
||||||
|
username=self.physical_resource_name(),
|
||||||
|
project_id=project_id, password=password)
|
||||||
|
|
||||||
def _get_user_id(self):
|
def _get_user_id(self):
|
||||||
user_id = self.data().get('user_id')
|
user_id = self.data().get('user_id')
|
||||||
if user_id:
|
if user_id:
|
||||||
|
@ -164,3 +164,6 @@ class FakeKeystoneClient(object):
|
|||||||
def delete_stack_domain_user_keypair(self, user_id, project_id,
|
def delete_stack_domain_user_keypair(self, user_id, project_id,
|
||||||
credential_id):
|
credential_id):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
def stack_domain_user_token(self, username, project_id, password):
|
||||||
|
pass
|
||||||
|
@ -12,6 +12,8 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import six
|
||||||
|
|
||||||
from keystoneclient import exceptions as kc_exceptions
|
from keystoneclient import exceptions as kc_exceptions
|
||||||
|
|
||||||
from heat.common import exception
|
from heat.common import exception
|
||||||
@ -48,7 +50,8 @@ class StackUserTest(HeatTestCase):
|
|||||||
super(StackUserTest, self).tearDown()
|
super(StackUserTest, self).tearDown()
|
||||||
|
|
||||||
def _user_create(self, stack_name, project_id, user_id,
|
def _user_create(self, stack_name, project_id, user_id,
|
||||||
resource_name='user', create_project=True):
|
resource_name='user', create_project=True,
|
||||||
|
password=None):
|
||||||
t = template_format.parse(user_template)
|
t = template_format.parse(user_template)
|
||||||
stack = utils.parse_stack(t, stack_name=stack_name)
|
stack = utils.parse_stack(t, stack_name=stack_name)
|
||||||
rsrc = stack[resource_name]
|
rsrc = stack[resource_name]
|
||||||
@ -72,7 +75,7 @@ class StackUserTest(HeatTestCase):
|
|||||||
'create_stack_domain_user')
|
'create_stack_domain_user')
|
||||||
expected_username = '%s-%s-%s' % (stack_name, resource_name, 'aabbcc')
|
expected_username = '%s-%s-%s' % (stack_name, resource_name, 'aabbcc')
|
||||||
fakes.FakeKeystoneClient.create_stack_domain_user(
|
fakes.FakeKeystoneClient.create_stack_domain_user(
|
||||||
username=expected_username, password=None,
|
username=expected_username, password=password,
|
||||||
project_id=project_id).AndReturn(user_id)
|
project_id=project_id).AndReturn(user_id)
|
||||||
|
|
||||||
return rsrc
|
return rsrc
|
||||||
@ -350,3 +353,48 @@ class StackUserTest(HeatTestCase):
|
|||||||
rs_data = db_api.resource_data_get_all(rsrc)
|
rs_data = db_api.resource_data_get_all(rsrc)
|
||||||
self.assertEqual({'user_id': 'auserdel'}, rs_data)
|
self.assertEqual({'user_id': 'auserdel'}, rs_data)
|
||||||
self.m.VerifyAll()
|
self.m.VerifyAll()
|
||||||
|
|
||||||
|
def test_user_token(self):
|
||||||
|
rsrc = self._user_create(stack_name='user_test123',
|
||||||
|
project_id='aproject123',
|
||||||
|
user_id='auser123',
|
||||||
|
password='apassword')
|
||||||
|
|
||||||
|
short_id.get_id(rsrc.id).AndReturn('aabbcc')
|
||||||
|
self.m.StubOutWithMock(fakes.FakeKeystoneClient,
|
||||||
|
'stack_domain_user_token')
|
||||||
|
username = 'user_test123-user-aabbcc'
|
||||||
|
fakes.FakeKeystoneClient.stack_domain_user_token(
|
||||||
|
username=username, project_id='aproject123',
|
||||||
|
password='apassword').AndReturn('atoken123')
|
||||||
|
self.m.ReplayAll()
|
||||||
|
|
||||||
|
rsrc.password = 'apassword'
|
||||||
|
scheduler.TaskRunner(rsrc.create)()
|
||||||
|
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
|
||||||
|
self.assertEqual('atoken123', rsrc._user_token())
|
||||||
|
self.m.VerifyAll()
|
||||||
|
|
||||||
|
def test_user_token_err_nopassword(self):
|
||||||
|
rsrc = self._user_create(stack_name='user_test123',
|
||||||
|
project_id='aproject123',
|
||||||
|
user_id='auser123')
|
||||||
|
self.m.ReplayAll()
|
||||||
|
|
||||||
|
scheduler.TaskRunner(rsrc.create)()
|
||||||
|
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
|
||||||
|
ex = self.assertRaises(ValueError, rsrc._user_token)
|
||||||
|
expected = "Can't get user token without password"
|
||||||
|
self.assertEqual(expected, six.text_type(ex))
|
||||||
|
self.m.VerifyAll()
|
||||||
|
|
||||||
|
def test_user_token_err_noproject(self):
|
||||||
|
stack_name = 'user_test123'
|
||||||
|
resource_name = 'user'
|
||||||
|
t = template_format.parse(user_template)
|
||||||
|
stack = utils.parse_stack(t, stack_name=stack_name)
|
||||||
|
rsrc = stack[resource_name]
|
||||||
|
|
||||||
|
ex = self.assertRaises(ValueError, rsrc._user_token)
|
||||||
|
expected = "Can't get user token, user not yet created"
|
||||||
|
self.assertEqual(expected, six.text_type(ex))
|
||||||
|
Loading…
Reference in New Issue
Block a user