From 6a18fb0d43d333fadde23f1c039fd8737d0c3d15 Mon Sep 17 00:00:00 2001 From: huangtianhua Date: Sat, 22 Apr 2017 10:16:14 +0800 Subject: [PATCH] Support property 'domain' for keystone role Adds property 'domain' for keystone role resource: 1. the default value of the property is 'default' 2. the property is non-updatalbe Change-Id: I829921dc35e2754eb6c6ccc293423c755806b0df Closes-Bug: #1684558 --- .../resources/openstack/keystone/role.py | 32 +++++++-- heat/tests/openstack/keystone/test_role.py | 72 +++++++++++-------- 2 files changed, 71 insertions(+), 33 deletions(-) diff --git a/heat/engine/resources/openstack/keystone/role.py b/heat/engine/resources/openstack/keystone/role.py index 785783fc51..51d1416c74 100644 --- a/heat/engine/resources/openstack/keystone/role.py +++ b/heat/engine/resources/openstack/keystone/role.py @@ -12,9 +12,11 @@ # under the License. from heat.common.i18n import _ +from heat.engine import constraints from heat.engine import properties from heat.engine import resource from heat.engine import support +from heat.engine import translation class KeystoneRole(resource.Resource): @@ -22,7 +24,8 @@ class KeystoneRole(resource.Resource): Roles dictate the level of authorization the end user can obtain. Roles can be granted at either the domain or project level. Role can be assigned to - the individual user or at the group level. Role names are globally unique. + the individual user or at the group level. Role name is unique within the + owning domain. """ support_status = support.SupportStatus( @@ -34,9 +37,9 @@ class KeystoneRole(resource.Resource): entity = 'roles' PROPERTIES = ( - NAME + NAME, DOMAIN, ) = ( - 'name' + 'name', 'domain', ) properties_schema = { @@ -44,17 +47,36 @@ class KeystoneRole(resource.Resource): properties.Schema.STRING, _('Name of keystone role.'), update_allowed=True + ), + DOMAIN: properties.Schema( + properties.Schema.STRING, + _('Name or id of keystone domain.'), + default='default', + constraints=[constraints.CustomConstraint('keystone.domain')], + support_status=support.SupportStatus(version='10.0.0') ) } + def translation_rules(self, properties): + return [ + translation.TranslationRule( + properties, + translation.TranslationRule.RESOLVE, + [self.DOMAIN], + client_plugin=self.client_plugin(), + finder='get_domain_id' + ) + ] + def client(self): return super(KeystoneRole, self).client().client def handle_create(self): role_name = (self.properties[self.NAME] or self.physical_resource_name()) - - role = self.client().roles.create(name=role_name) + domain = self.properties[self.DOMAIN] + role = self.client().roles.create(name=role_name, + domain=domain) self.resource_id_set(role.id) diff --git a/heat/tests/openstack/keystone/test_role.py b/heat/tests/openstack/keystone/test_role.py index 637070352a..258308d369 100644 --- a/heat/tests/openstack/keystone/test_role.py +++ b/heat/tests/openstack/keystone/test_role.py @@ -11,6 +11,7 @@ # License for the specific language governing permissions and limitations # under the License. +import copy import mock from heat.engine import resource @@ -41,14 +42,6 @@ class KeystoneRoleTest(common.HeatTestCase): super(KeystoneRoleTest, self).setUp() self.ctx = utils.dummy_context() - - self.stack = stack.Stack( - self.ctx, 'test_stack_keystone', - template.Template(keystone_role_template) - ) - - self.test_role = self.stack['test_role'] - # Mock client self.keystoneclient = mock.Mock() self.patchobject(resource.Resource, 'client', @@ -56,53 +49,75 @@ class KeystoneRoleTest(common.HeatTestCase): client=self.keystoneclient)) self.roles = self.keystoneclient.roles - def _get_mock_role(self): + def _get_rsrc(self, domain='default', without_name=False): + t = template.Template(keystone_role_template) + tmpl = copy.deepcopy(t) + tmpl['resources']['test_role']['Properties']['domain'] = domain + if without_name: + tmpl['resources']['test_role']['Properties'].pop('name') + test_stack = stack.Stack(self.ctx, 'test_keystone_role', tmpl) + test_role = test_stack['test_role'] + return test_role + + def _get_mock_role(self, domain='default'): value = mock.MagicMock() role_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151' + domain_id = domain value.id = role_id - + value.domain_id = domain_id return value - def test_role_handle_create(self): - mock_role = self._get_mock_role() + def _test_handle_create(self, domain='default'): + test_role = self._get_rsrc(domain) + mock_role = self._get_mock_role(domain) self.roles.create.return_value = mock_role # validate the properties self.assertEqual('test_role_1', - self.test_role.properties.get(role.KeystoneRole.NAME)) + test_role.properties.get(role.KeystoneRole.NAME)) + self.assertEqual(domain, + test_role.properties.get(role.KeystoneRole.DOMAIN)) - self.test_role.handle_create() + test_role.handle_create() # validate role creation with given name - self.roles.create.assert_called_once_with(name='test_role_1') + self.roles.create.assert_called_once_with(name='test_role_1', + domain=domain) # validate physical resource id - self.assertEqual(mock_role.id, self.test_role.resource_id) + self.assertEqual(mock_role.id, test_role.resource_id) + + def test_role_handle_create(self): + self._test_handle_create() + + def test_role_handle_create_with_domain(self): + self._test_handle_create(domain='d_test') def test_role_handle_create_default_name(self): # reset the NAME value to None, to make sure role is # created with physical_resource_name - self.test_role.properties = mock.MagicMock() - self.test_role.properties.__getitem__.return_value = None - - self.test_role.handle_create() + test_role = self._get_rsrc(without_name=True) + test_role.physical_resource_name = mock.Mock( + return_value='phy_role_name') + test_role.handle_create() # validate role creation with default name - physical_resource_name = self.test_role.physical_resource_name() - self.roles.create.assert_called_once_with(name=physical_resource_name) + self.roles.create.assert_called_once_with(name='phy_role_name', + domain='default') def test_role_handle_update(self): - self.test_role.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151' + test_role = self._get_rsrc() + test_role.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151' # update the name property prop_diff = {role.KeystoneRole.NAME: 'test_role_1_updated'} - self.test_role.handle_update(json_snippet=None, - tmpl_diff=None, - prop_diff=prop_diff) + test_role.handle_update(json_snippet=None, + tmpl_diff=None, + prop_diff=prop_diff) self.roles.update.assert_called_once_with( - role=self.test_role.resource_id, + role=test_role.resource_id, name=prop_diff[role.KeystoneRole.NAME] ) @@ -110,5 +125,6 @@ class KeystoneRoleTest(common.HeatTestCase): role = mock.Mock() role.to_dict.return_value = {'attr': 'val'} self.roles.get.return_value = role - res = self.test_role._show_resource() + test_role = self._get_rsrc() + res = test_role._show_resource() self.assertEqual({'attr': 'val'}, res)