Merge "Remove heat_keystoneclient roles filtering workaround"

heat/common/heat_keystoneclient.py

@@ -262,16 +262,6 @@ class KeystoneClientV3(object):
         #get the last 64 characters of the username
         return username[-64:]
 
-    def _get_stack_user_role(self, roles_list):
-        # FIXME(shardy): The currently released v3 keystoneclient doesn't
-        # support filtering the results, so we have to do it locally,
-        # update when a new keystoneclient release happens containing
-        # the extensible-crud-manager-operations patch
-        stack_user_role = [r for r in roles_list
-                           if r.name == cfg.CONF.heat_stack_user_role]
-        if len(stack_user_role) == 1:
-            return stack_user_role[0].id
-
     def create_stack_user(self, username, password=''):
         """Create a user defined as part of a stack.
 
@@ -285,9 +275,10 @@ class KeystoneClientV3(object):
         # create_stack_domain user, but this function is expected to
         # be removed after the transition of all resources to domain
         # users has been completed
-        roles_list = self.client.roles.list()
-        role_id = self._get_stack_user_role(roles_list)
-        if role_id:
+        stack_user_role = self.client.roles.list(
+            name=cfg.CONF.heat_stack_user_role)
+        if len(stack_user_role) == 1:
+            role_id = stack_user_role[0].id
             # Create the user
             user = self.client.users.create(
                 name=self._get_username(username), password=password,
@@ -327,9 +318,10 @@ class KeystoneClientV3(object):
         # This role is designed to allow easier differentiation of the
         # heat-generated "stack users" which will generally have credentials
         # deployed on an instance (hence are implicitly untrusted)
-        roles_list = self.domain_admin_client.roles.list()
-        role_id = self._get_stack_user_role(roles_list)
-        if role_id:
+        stack_user_role = self.domain_admin_client.roles.list(
+            name=cfg.CONF.heat_stack_user_role)
+        if len(stack_user_role) == 1:
+            role_id = stack_user_role[0].id
             # Create user
             user = self.domain_admin_client.users.create(
                 name=self._get_username(username), password=password,

heat/tests/test_heatclient.py

@@ -149,7 +149,8 @@ class KeystoneClientTest(HeatTestCase):
                                             ).AndReturn(mock_user)
 
         self.mock_ks_v3_client.roles = self.m.CreateMockAnything()
-        self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list())
+        self.mock_ks_v3_client.roles.list(
+            name='heat_stack_user').AndReturn(self._mock_roles_list())
         self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id,
                                            role='4546',
                                            user='auser123').AndReturn(None)
@@ -170,8 +171,8 @@ class KeystoneClientTest(HeatTestCase):
         ctx.trust_id = None
 
         self.mock_ks_v3_client.roles = self.m.CreateMockAnything()
-        mock_roles_list = self._mock_roles_list(heat_stack_user='badrole')
-        self.mock_ks_v3_client.roles.list().AndReturn(mock_roles_list)
+        self.mock_ks_v3_client.roles.list(
+            name='heat_stack_user').AndReturn([])
         self.m.ReplayAll()
         heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
         err = self.assertRaises(exception.Error,
@@ -181,11 +182,10 @@ class KeystoneClientTest(HeatTestCase):
 
     def _mock_roles_list(self, heat_stack_user='heat_stack_user'):
         mock_roles_list = []
-        for r_id, r_name in (('1234', 'blah'), ('4546', heat_stack_user)):
-            mock_role = self.m.CreateMockAnything()
-            mock_role.id = r_id
-            mock_role.name = r_name
-            mock_roles_list.append(mock_role)
+        mock_role = self.m.CreateMockAnything()
+        mock_role.id = '4546'
+        mock_role.name = heat_stack_user
+        mock_roles_list.append(mock_role)
         return mock_roles_list
 
     def test_create_stack_domain_user(self):
@@ -205,7 +205,8 @@ class KeystoneClientTest(HeatTestCase):
                                             domain='adomain123'
                                             ).AndReturn(mock_user)
         self.mock_admin_client.roles = self.m.CreateMockAnything()
-        self.mock_admin_client.roles.list().AndReturn(self._mock_roles_list())
+        self.mock_admin_client.roles.list(
+            name='heat_stack_user').AndReturn(self._mock_roles_list())
         self.mock_admin_client.roles.grant(project='aproject',
                                            role='4546',
                                            user='duser123').AndReturn(None)
@@ -233,7 +234,8 @@ class KeystoneClientTest(HeatTestCase):
                                             ).AndReturn(mock_user)
 
         self.mock_ks_v3_client.roles = self.m.CreateMockAnything()
-        self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list())
+        self.mock_ks_v3_client.roles.list(
+            name='heat_stack_user').AndReturn(self._mock_roles_list())
         self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id,
                                            role='4546',
                                            user='auser123').AndReturn(None)
@@ -253,8 +255,7 @@ class KeystoneClientTest(HeatTestCase):
 
         # mock keystone client functions
         self.mock_admin_client.roles = self.m.CreateMockAnything()
-        mock_roles_list = self._mock_roles_list(heat_stack_user='badrole')
-        self.mock_admin_client.roles.list().AndReturn(mock_roles_list)
+        self.mock_admin_client.roles.list(name='heat_stack_user').AndReturn([])
         self.m.ReplayAll()
 
         heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)