From 8de00cdc478a8fc30984d62ebd81c0ffcce24c0d Mon Sep 17 00:00:00 2001 From: Peter Razumovsky Date: Fri, 8 Apr 2016 16:31:49 +0300 Subject: [PATCH] Keystone role assignment observe reality method Add special parsing method for role assignments to use it in resources with role assignments. implements bp get-reality-for-resources Change-Id: I1fbb1449723843d88501b8f11913e9908fe4cd00 --- .../openstack/keystone/role_assignments.py | 24 +++++++++++++ .../keystone/test_role_assignments.py | 34 +++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/heat/engine/resources/openstack/keystone/role_assignments.py b/heat/engine/resources/openstack/keystone/role_assignments.py index e71722c462..3e12e9c41d 100644 --- a/heat/engine/resources/openstack/keystone/role_assignments.py +++ b/heat/engine/resources/openstack/keystone/role_assignments.py @@ -308,6 +308,30 @@ class KeystoneRoleAssignmentMixin(object): ' role %s') % role_assignment.get(self.ROLE) raise exception.StackValidationFailed(message=msg) + def parse_list_assignments(self, user_id=None, group_id=None): + """Method used for get_live_state implementation in other resources.""" + assignments = [] + roles = [] + if user_id is not None: + assignments = self.client().role_assignments.list(user=user_id) + elif group_id is not None: + assignments = self.client().role_assignments.list(group=group_id) + for assignment in assignments: + values = assignment.to_dict() + if not values.get('role') or not values.get('role').get('id'): + continue + role = { + self.ROLE: values['role']['id'], + self.DOMAIN: (values.get('scope') and + values['scope'].get('domain') and + values['scope'].get('domain').get('id')), + self.PROJECT: (values.get('scope') and + values['scope'].get('project') and + values['scope'].get('project').get('id')), + } + roles.append(role) + return roles + class KeystoneUserRoleAssignment(resource.Resource, KeystoneRoleAssignmentMixin): diff --git a/heat/tests/openstack/keystone/test_role_assignments.py b/heat/tests/openstack/keystone/test_role_assignments.py index c4c01c50a1..3527bc7117 100644 --- a/heat/tests/openstack/keystone/test_role_assignments.py +++ b/heat/tests/openstack/keystone/test_role_assignments.py @@ -346,6 +346,40 @@ class KeystoneRoleAssignmentMixinTest(common.HeatTestCase): self.assertRaises(exception.ResourcePropertyConflict, self.test_role_assignment.validate) + def test_empty_parse_list_assignments(self): + self.assertEqual([], + self.test_role_assignment.parse_list_assignments()) + + def test_user_parse_list_assignments(self): + self._test_parse_list_assignments('user') + + def test_group_parse_list_assignments(self): + self._test_parse_list_assignments('group') + + def _test_parse_list_assignments(self, entity=None): + dict_obj = mock.MagicMock() + dict_obj.to_dict.side_effect = [{'scope': { + 'project': {'id': 'fc0fe982401643368ff2eb11d9ca70f1'}}, + 'role': {'id': '3b8b253648f44256a457a5073b78021d'}, + entity: {'id': '4147558a763046cfb68fb870d58ef4cf'}}, + {'role': {'id': '3b8b253648f44258021d6a457a5073b7'}, + entity: {'id': '4147558a763046cfb68fb870d58ef4cf'}}] + self.keystoneclient.role_assignments.list.return_value = [dict_obj, + dict_obj] + + kwargs = {'%s_id' % entity: '4147558a763046cfb68fb870d58ef4cf'} + list_assignments = self.test_role_assignment.parse_list_assignments( + **kwargs) + expected = [ + {'role': '3b8b253648f44256a457a5073b78021d', + 'project': 'fc0fe982401643368ff2eb11d9ca70f1', + 'domain': None}, + {'role': '3b8b253648f44258021d6a457a5073b7', + 'project': None, + 'domain': None}, + ] + self.assertEqual(expected, list_assignments) + class KeystoneUserRoleAssignmentTest(common.HeatTestCase):