stack user add _user_token

Change-Id: I729a6e591e30a93378596eb35722120b4bb364fc
This commit is contained in:
Steven Hardy 2014-07-16 19:09:38 +01:00
parent f997588f9c
commit c991000458
3 changed files with 68 additions and 2 deletions

View File

@ -49,6 +49,21 @@ class StackUser(resource.Resource):
# Store the ID in resource data, for compatibility with SignalResponder
self.data_set('user_id', user_id)
def _user_token(self):
project_id = self.stack.stack_user_project_id
if not project_id:
raise ValueError(_("Can't get user token, user not yet created"))
password = getattr(self, 'password', None)
# FIXME(shardy): the create and getattr here could allow insane
# passwords, e.g a zero length string, if these happen it almost
# certainly means a bug elsewhere in heat, so add assertion to catch
if password is None:
raise ValueError(_("Can't get user token without password"))
return self.keystone().stack_domain_user_token(
username=self.physical_resource_name(),
project_id=project_id, password=password)
def _get_user_id(self):
user_id = self.data().get('user_id')
if user_id:

View File

@ -164,3 +164,6 @@ class FakeKeystoneClient(object):
def delete_stack_domain_user_keypair(self, user_id, project_id,
credential_id):
pass
def stack_domain_user_token(self, username, project_id, password):
pass

View File

@ -12,6 +12,8 @@
# License for the specific language governing permissions and limitations
# under the License.
import six
from keystoneclient import exceptions as kc_exceptions
from heat.common import exception
@ -48,7 +50,8 @@ class StackUserTest(HeatTestCase):
super(StackUserTest, self).tearDown()
def _user_create(self, stack_name, project_id, user_id,
resource_name='user', create_project=True):
resource_name='user', create_project=True,
password=None):
t = template_format.parse(user_template)
stack = utils.parse_stack(t, stack_name=stack_name)
rsrc = stack[resource_name]
@ -72,7 +75,7 @@ class StackUserTest(HeatTestCase):
'create_stack_domain_user')
expected_username = '%s-%s-%s' % (stack_name, resource_name, 'aabbcc')
fakes.FakeKeystoneClient.create_stack_domain_user(
username=expected_username, password=None,
username=expected_username, password=password,
project_id=project_id).AndReturn(user_id)
return rsrc
@ -350,3 +353,48 @@ class StackUserTest(HeatTestCase):
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual({'user_id': 'auserdel'}, rs_data)
self.m.VerifyAll()
def test_user_token(self):
rsrc = self._user_create(stack_name='user_test123',
project_id='aproject123',
user_id='auser123',
password='apassword')
short_id.get_id(rsrc.id).AndReturn('aabbcc')
self.m.StubOutWithMock(fakes.FakeKeystoneClient,
'stack_domain_user_token')
username = 'user_test123-user-aabbcc'
fakes.FakeKeystoneClient.stack_domain_user_token(
username=username, project_id='aproject123',
password='apassword').AndReturn('atoken123')
self.m.ReplayAll()
rsrc.password = 'apassword'
scheduler.TaskRunner(rsrc.create)()
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
self.assertEqual('atoken123', rsrc._user_token())
self.m.VerifyAll()
def test_user_token_err_nopassword(self):
rsrc = self._user_create(stack_name='user_test123',
project_id='aproject123',
user_id='auser123')
self.m.ReplayAll()
scheduler.TaskRunner(rsrc.create)()
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
ex = self.assertRaises(ValueError, rsrc._user_token)
expected = "Can't get user token without password"
self.assertEqual(expected, six.text_type(ex))
self.m.VerifyAll()
def test_user_token_err_noproject(self):
stack_name = 'user_test123'
resource_name = 'user'
t = template_format.parse(user_template)
stack = utils.parse_stack(t, stack_name=stack_name)
rsrc = stack[resource_name]
ex = self.assertRaises(ValueError, rsrc._user_token)
expected = "Can't get user token, user not yet created"
self.assertEqual(expected, six.text_type(ex))