openstack
/
heat
Code Issues Proposed changes

Add trust_id and trustor_user_id Context and DB 

Add trust_id and trustor_user_id to the user_creds table
and related RequestContext object

blueprint heat-trusts

Change-Id: Ie0fdc5068475db7e84f366d1eb2b9ae56db0b3fc
This commit is contained in:
Steven Hardy 2013-09-02 16:29:39 +01:00
parent 4fd744173f
commit 85968a7495
5 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
heat/common/context.py
View File

@ -38,7 +38,9 @@ class RequestContext(context.RequestContext):
aws_creds=None, tenant=None,
tenant_id=None, auth_url=None, roles=None, is_admin=False,
read_only=False, show_deleted=False,
owner_is_tenant=True, overwrite=True, **kwargs):
owner_is_tenant=True, overwrite=True,
trust_id=None, trustor_user_id=None,
**kwargs):
"""
:param overwrite: Set to False to ensure that the greenthread local
copy of the index is not overwritten.
@ -63,6 +65,8 @@ class RequestContext(context.RequestContext):
if overwrite or not hasattr(local.store, 'context'):
self.update_store()
self._session = None
self.trust_id = trust_id
self.trustor_user_id = trustor_user_id
def update_store(self):
local.store.context = self
@ -80,6 +84,8 @@ class RequestContext(context.RequestContext):
'aws_creds': self.aws_creds,
'tenant': self.tenant,
'tenant_id': self.tenant_id,
'trust_id': self.trust_id,
'trustor_user_id': self.trustor_user_id,
'auth_url': self.auth_url,
'roles': self.roles,
'is_admin': self.is_admin}

11
heat/db/sqlalchemy/api.py
View File

@ -259,8 +259,14 @@ def stack_delete(context, stack_id):
def user_creds_create(context):
values = context.to_dict()
user_creds_ref = models.UserCreds()
user_creds_ref.update(values)
user_creds_ref.password = crypt.encrypt(values['password'])
if values.get('trust_id'):
user_creds_ref.trust_id = crypt.encrypt(values.get('trust_id'))
user_creds_ref.trustor_user_id = values.get('trustor_user_id')
user_creds_ref.username = None
user_creds_ref.password = None
else:
user_creds_ref.update(values)
user_creds_ref.password = crypt.encrypt(values['password'])
user_creds_ref.save(_session(context))
return user_creds_ref
@ -271,6 +277,7 @@ def user_creds_get(user_creds_id):
# or it can be committed back to the DB in decrypted form
result = dict(db_result)
result['password'] = crypt.decrypt(result['password'])
result['trust_id'] = crypt.decrypt(result['trust_id'])
return result

38
heat/db/sqlalchemy/migrate_repo/versions/027_user_creds_trusts.py Normal file
View File

@ -0,0 +1,38 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sqlalchemy
def upgrade(migrate_engine):
meta = sqlalchemy.MetaData(bind=migrate_engine)
user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
# keystone IDs are 32 characters long, but the keystone DB schema
# specifies varchar(64) so align with that here, for the trust_id
# we encrypt it, so align with the 255 chars allowed for password
trustor_user_id = sqlalchemy.Column('trustor_user_id',
sqlalchemy.String(length=64))
trust_id = sqlalchemy.Column('trust_id', sqlalchemy.String(length=255))
trustor_user_id.create(user_creds)
trust_id.create(user_creds)
def downgrade(migrate_engine):
meta = sqlalchemy.MetaData(bind=migrate_engine)
user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
user_creds.c.trustor_user_id.drop()
user_creds.c.trust_id.drop()

2
heat/db/sqlalchemy/models.py
View File

@ -210,6 +210,8 @@ class UserCreds(BASE, HeatBase):
tenant = sqlalchemy.Column(sqlalchemy.String)
auth_url = sqlalchemy.Column(sqlalchemy.String)
tenant_id = sqlalchemy.Column(sqlalchemy.String)
trust_id = sqlalchemy.Column(sqlalchemy.String)
trustor_user_id = sqlalchemy.Column(sqlalchemy.String)
stack = relationship(Stack, backref=backref('user_creds'))

34
heat/tests/test_sqlalchemy_api.py
View File

@ -261,3 +261,37 @@ class SqlAlchemyTest(HeatTestCase):
self.assertEqual(2, len(events))
self.m.VerifyAll()
def test_user_creds_password(self):
self.ctx.trust_id = None
db_creds = db_api.user_creds_create(self.ctx)
load_creds = db_api.user_creds_get(db_creds.id)
self.assertEqual(load_creds.get('username'), 'test_username')
self.assertEqual(load_creds.get('password'), 'password')
self.assertEqual(load_creds.get('tenant'), 'test_tenant')
self.assertEqual(load_creds.get('tenant_id'), 'test_tenant_id')
self.assertIsNotNone(load_creds.get('created_at'))
self.assertIsNone(load_creds.get('updated_at'))
self.assertEqual(load_creds.get('auth_url'),
'http://_testnoexisthost_:5000/v2.0')
self.assertIsNone(load_creds.get('trust_id'))
self.assertIsNone(load_creds.get('trustor_user_id'))
def test_user_creds_trust(self):
self.ctx.username = None
self.ctx.password = None
self.ctx.trust_id = 'atrust123'
self.ctx.trustor_user_id = 'atrustor123'
db_creds = db_api.user_creds_create(self.ctx)
load_creds = db_api.user_creds_get(db_creds.id)
self.assertIsNone(load_creds.get('username'))
self.assertIsNone(load_creds.get('password'))
self.assertIsNone(load_creds.get('tenant'))
self.assertIsNone(load_creds.get('tenant_id'))
self.assertIsNotNone(load_creds.get('created_at'))
self.assertIsNone(load_creds.get('updated_at'))
self.assertIsNone(load_creds.get('auth_url'))
self.assertEqual(load_creds.get('trust_id'), 'atrust123')
self.assertEqual(load_creds.get('trustor_user_id'), 'atrustor123')