Add trust_id and trustor_user_id Context and DB
Add trust_id and trustor_user_id to the user_creds table and related RequestContext object blueprint heat-trusts Change-Id: Ie0fdc5068475db7e84f366d1eb2b9ae56db0b3fc
This commit is contained in:
parent
4fd744173f
commit
85968a7495
@ -38,7 +38,9 @@ class RequestContext(context.RequestContext):
|
||||
aws_creds=None, tenant=None,
|
||||
tenant_id=None, auth_url=None, roles=None, is_admin=False,
|
||||
read_only=False, show_deleted=False,
|
||||
owner_is_tenant=True, overwrite=True, **kwargs):
|
||||
owner_is_tenant=True, overwrite=True,
|
||||
trust_id=None, trustor_user_id=None,
|
||||
**kwargs):
|
||||
"""
|
||||
:param overwrite: Set to False to ensure that the greenthread local
|
||||
copy of the index is not overwritten.
|
||||
@ -63,6 +65,8 @@ class RequestContext(context.RequestContext):
|
||||
if overwrite or not hasattr(local.store, 'context'):
|
||||
self.update_store()
|
||||
self._session = None
|
||||
self.trust_id = trust_id
|
||||
self.trustor_user_id = trustor_user_id
|
||||
|
||||
def update_store(self):
|
||||
local.store.context = self
|
||||
@ -80,6 +84,8 @@ class RequestContext(context.RequestContext):
|
||||
'aws_creds': self.aws_creds,
|
||||
'tenant': self.tenant,
|
||||
'tenant_id': self.tenant_id,
|
||||
'trust_id': self.trust_id,
|
||||
'trustor_user_id': self.trustor_user_id,
|
||||
'auth_url': self.auth_url,
|
||||
'roles': self.roles,
|
||||
'is_admin': self.is_admin}
|
||||
|
@ -259,6 +259,12 @@ def stack_delete(context, stack_id):
|
||||
def user_creds_create(context):
|
||||
values = context.to_dict()
|
||||
user_creds_ref = models.UserCreds()
|
||||
if values.get('trust_id'):
|
||||
user_creds_ref.trust_id = crypt.encrypt(values.get('trust_id'))
|
||||
user_creds_ref.trustor_user_id = values.get('trustor_user_id')
|
||||
user_creds_ref.username = None
|
||||
user_creds_ref.password = None
|
||||
else:
|
||||
user_creds_ref.update(values)
|
||||
user_creds_ref.password = crypt.encrypt(values['password'])
|
||||
user_creds_ref.save(_session(context))
|
||||
@ -271,6 +277,7 @@ def user_creds_get(user_creds_id):
|
||||
# or it can be committed back to the DB in decrypted form
|
||||
result = dict(db_result)
|
||||
result['password'] = crypt.decrypt(result['password'])
|
||||
result['trust_id'] = crypt.decrypt(result['trust_id'])
|
||||
return result
|
||||
|
||||
|
||||
|
@ -0,0 +1,38 @@
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import sqlalchemy
|
||||
|
||||
|
||||
def upgrade(migrate_engine):
|
||||
meta = sqlalchemy.MetaData(bind=migrate_engine)
|
||||
|
||||
user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
|
||||
|
||||
# keystone IDs are 32 characters long, but the keystone DB schema
|
||||
# specifies varchar(64) so align with that here, for the trust_id
|
||||
# we encrypt it, so align with the 255 chars allowed for password
|
||||
trustor_user_id = sqlalchemy.Column('trustor_user_id',
|
||||
sqlalchemy.String(length=64))
|
||||
trust_id = sqlalchemy.Column('trust_id', sqlalchemy.String(length=255))
|
||||
trustor_user_id.create(user_creds)
|
||||
trust_id.create(user_creds)
|
||||
|
||||
|
||||
def downgrade(migrate_engine):
|
||||
meta = sqlalchemy.MetaData(bind=migrate_engine)
|
||||
|
||||
user_creds = sqlalchemy.Table('user_creds', meta, autoload=True)
|
||||
user_creds.c.trustor_user_id.drop()
|
||||
user_creds.c.trust_id.drop()
|
@ -210,6 +210,8 @@ class UserCreds(BASE, HeatBase):
|
||||
tenant = sqlalchemy.Column(sqlalchemy.String)
|
||||
auth_url = sqlalchemy.Column(sqlalchemy.String)
|
||||
tenant_id = sqlalchemy.Column(sqlalchemy.String)
|
||||
trust_id = sqlalchemy.Column(sqlalchemy.String)
|
||||
trustor_user_id = sqlalchemy.Column(sqlalchemy.String)
|
||||
stack = relationship(Stack, backref=backref('user_creds'))
|
||||
|
||||
|
||||
|
@ -261,3 +261,37 @@ class SqlAlchemyTest(HeatTestCase):
|
||||
self.assertEqual(2, len(events))
|
||||
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_user_creds_password(self):
|
||||
self.ctx.trust_id = None
|
||||
db_creds = db_api.user_creds_create(self.ctx)
|
||||
load_creds = db_api.user_creds_get(db_creds.id)
|
||||
|
||||
self.assertEqual(load_creds.get('username'), 'test_username')
|
||||
self.assertEqual(load_creds.get('password'), 'password')
|
||||
self.assertEqual(load_creds.get('tenant'), 'test_tenant')
|
||||
self.assertEqual(load_creds.get('tenant_id'), 'test_tenant_id')
|
||||
self.assertIsNotNone(load_creds.get('created_at'))
|
||||
self.assertIsNone(load_creds.get('updated_at'))
|
||||
self.assertEqual(load_creds.get('auth_url'),
|
||||
'http://_testnoexisthost_:5000/v2.0')
|
||||
self.assertIsNone(load_creds.get('trust_id'))
|
||||
self.assertIsNone(load_creds.get('trustor_user_id'))
|
||||
|
||||
def test_user_creds_trust(self):
|
||||
self.ctx.username = None
|
||||
self.ctx.password = None
|
||||
self.ctx.trust_id = 'atrust123'
|
||||
self.ctx.trustor_user_id = 'atrustor123'
|
||||
db_creds = db_api.user_creds_create(self.ctx)
|
||||
load_creds = db_api.user_creds_get(db_creds.id)
|
||||
|
||||
self.assertIsNone(load_creds.get('username'))
|
||||
self.assertIsNone(load_creds.get('password'))
|
||||
self.assertIsNone(load_creds.get('tenant'))
|
||||
self.assertIsNone(load_creds.get('tenant_id'))
|
||||
self.assertIsNotNone(load_creds.get('created_at'))
|
||||
self.assertIsNone(load_creds.get('updated_at'))
|
||||
self.assertIsNone(load_creds.get('auth_url'))
|
||||
self.assertEqual(load_creds.get('trust_id'), 'atrust123')
|
||||
self.assertEqual(load_creds.get('trustor_user_id'), 'atrustor123')
|
||||
|
Loading…
Reference in New Issue
Block a user