Merge "Do not create admin user if it exists already"

2014-06-26 12:17:09 +00:00 · 2014-06-26 12:17:09 +00:00 · 9102604e74
commit 9102604e74
parent 07e990d09f a1d905a113
2 changed files with 57 additions and 17 deletions
--- a/os_cloud_config/keystone.py
+++ b/os_cloud_config/keystone.py
@ -164,9 +164,16 @@ def _create_admin_user(keystone, admin_email, admin_password):
    admin_tenant = keystone.tenants.find(name='admin')
    admin_role = keystone.roles.find(name='admin')

+    try:
+        admin_user = keystone.users.find(name='admin')
+        LOG.debug('Admin user already exists, skip creation')
+    except exceptions.NotFound:
        LOG.debug('Creating admin user.')
        admin_user = keystone.users.create('admin', email=admin_email,
                                           password=admin_password,
                                           tenant_id=admin_tenant.id)
+    if admin_role in keystone.roles.roles_for_user(admin_user, admin_tenant):
+        LOG.debug('Admin user is already granted admin role with admin tenant')
+    else:
        LOG.debug('Granting admin role to admin user on admin tenant.')
        keystone.roles.add_user_role(admin_user, admin_role, admin_tenant)
--- a/os_cloud_config/tests/test_keystone.py
+++ b/os_cloud_config/tests/test_keystone.py
@ -31,6 +31,12 @@ class KeystoneTest(base.TestCase):
            public_endpoint, 'http://%s:35357/v2.0' % host,
            'http://192.0.0.3:5000/v2.0')

+    def assert_calls_in_create_user(self):
+        self.client.tenants.find.assert_called_once_with(name='admin')
+        self.client.roles.find.assert_called_once_with(name='admin')
+        self.client.users.find.assert_called_once_with(name='admin')
+        self.client.roles.roles_for_user.assert_called_once()
+
    @mock.patch('subprocess.check_call')
    def test_initialize(self, check_call_mock):
        self._patch_client()
@ -44,17 +50,7 @@ class KeystoneTest(base.TestCase):
        self.client.tenants.create.assert_has_calls(
            [mock.call('admin', None), mock.call('service', None)])

-        self.client.tenants.find.assert_called_once_with(name='admin')
-        self.client.roles.find.assert_called_once_with(name='admin')
-        self.client.users.create.assert_called_once_with(
-            'admin', email='admin@example.org', password='adminpasswd',
-            tenant_id=self.client.tenants.find.return_value.id)
-
-        self.client.roles.find.assert_called_once_with(name='admin')
-        self.client.roles.add_user_role.assert_called_once_with(
-            self.client.users.create.return_value,
-            self.client.roles.find.return_value,
-            self.client.tenants.find.return_value)
+        self.assert_calls_in_create_user()

        self.assert_endpoint('192.0.0.3')

@ -137,3 +133,40 @@ class KeystoneTest(base.TestCase):
    def _patch_client_cleanup(self):
        self.create_admin_client_patcher.stop()
        self.client = None
+
+    def test_create_admin_user_user_exists(self):
+        self._patch_client()
+        keystone._create_admin_user(self.client, 'admin@example.org',
+                                    'adminpasswd')
+        self.assert_calls_in_create_user()
+        self.client.users.create.assert_not_called()
+
+    def test_create_admin_user_user_does_not_exist(self):
+        self._patch_client()
+        self.client.users.find.side_effect = exceptions.NotFound()
+        keystone._create_admin_user(self.client, 'admin@example.org',
+                                    'adminpasswd')
+        self.assert_calls_in_create_user()
+        self.client.users.create.assert_called_once_with(
+            'admin', email='admin@example.org', password='adminpasswd',
+            tenant_id=self.client.tenants.find.return_value.id)
+
+    def test_create_admin_user_role_assigned(self):
+        self._patch_client()
+        self.client.roles.roles_for_user.return_value = [self.client.roles
+                                                         .find.return_value]
+        keystone._create_admin_user(self.client, 'admin@example.org',
+                                    'adminpasswd')
+        self.assert_calls_in_create_user()
+        self.client.roles.add_user_role.assert_not_called()
+
+    def test_create_admin_user_role_not_assigned(self):
+        self._patch_client()
+        self.client.roles.roles_for_user.return_value = []
+        keystone._create_admin_user(self.client, 'admin@example.org',
+                                    'adminpasswd')
+        self.assert_calls_in_create_user()
+        self.client.roles.add_user_role.assert_called_once_with(
+            self.client.users.find.return_value,
+            self.client.roles.find.return_value,
+            self.client.tenants.find.return_value)