[S2007072] Enables case insensitive user name search.
Task: 37963 If heat templates use keystone user name in a case different from the case in which the user name is stored in keystone DB Heat stack creates fails. This change adds an option to heat engine to enable case insensitive user name search. Change-Id: I8e5cb027beebce39921d336fb3845125b0efc5bc
This commit is contained in:
parent
9c6fd452b7
commit
9dded0d8c8
@ -157,17 +157,16 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
if not domain:
|
if not domain:
|
||||||
user, domain = self.parse_entity_with_domain(user,
|
user, domain = self.parse_entity_with_domain(user,
|
||||||
'KeystoneUser')
|
'KeystoneUser')
|
||||||
|
|
||||||
try:
|
try:
|
||||||
user_obj = self.client().client.users.get(user)
|
user_obj = self.client().client.users.get(user)
|
||||||
return user_obj.id
|
return user_obj.id
|
||||||
except ks_exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
user_list = self.client().client.users.list(name=user,
|
try:
|
||||||
|
user_obj = self.client().client.users.find(name=user,
|
||||||
domain=domain)
|
domain=domain)
|
||||||
for user_obj in user_list:
|
|
||||||
if user_obj.name == user:
|
|
||||||
return user_obj.id
|
return user_obj.id
|
||||||
|
except ks_exceptions.NotFound:
|
||||||
|
pass
|
||||||
raise exception.EntityNotFound(entity='KeystoneUser', name=user)
|
raise exception.EntityNotFound(entity='KeystoneUser', name=user)
|
||||||
|
|
||||||
def get_region_id(self, region):
|
def get_region_id(self, region):
|
||||||
|
@ -874,9 +874,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
def test_get_user_id_with_name(self, client_keystone):
|
def test_get_user_id_with_name(self, client_keystone):
|
||||||
self._client.client.users.get.side_effect = (keystone_exceptions
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
.NotFound)
|
.NotFound)
|
||||||
self._client.client.users.list.return_value = [
|
self._client.client.users.find.return_value = self._get_mock_user()
|
||||||
self._get_mock_user()
|
|
||||||
]
|
|
||||||
|
|
||||||
client_keystone.return_value = self._client
|
client_keystone.return_value = self._client
|
||||||
client_plugin = keystone.KeystoneClientPlugin(
|
client_plugin = keystone.KeystoneClientPlugin(
|
||||||
@ -888,16 +886,14 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
self.assertRaises(keystone_exceptions.NotFound,
|
self.assertRaises(keystone_exceptions.NotFound,
|
||||||
self._client.client.users.get,
|
self._client.client.users.get,
|
||||||
self.sample_name)
|
self.sample_name)
|
||||||
self._client.client.users.list.assert_called_once_with(
|
self._client.client.users.find.assert_called_once_with(
|
||||||
domain=None, name=self.sample_name)
|
domain=None, name=self.sample_name)
|
||||||
|
|
||||||
@mock.patch.object(keystone.KeystoneClientPlugin, 'client')
|
@mock.patch.object(keystone.KeystoneClientPlugin, 'client')
|
||||||
def test_get_user_id_with_name_and_domain(self, client_keystone):
|
def test_get_user_id_with_name_and_domain(self, client_keystone):
|
||||||
self._client.client.users.get.side_effect = (keystone_exceptions
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
.NotFound)
|
.NotFound)
|
||||||
self._client.client.users.list.return_value = [
|
self._client.client.users.find.return_value = self._get_mock_user()
|
||||||
self._get_mock_user()
|
|
||||||
]
|
|
||||||
|
|
||||||
client_keystone.return_value = self._client
|
client_keystone.return_value = self._client
|
||||||
client_plugin = keystone.KeystoneClientPlugin(
|
client_plugin = keystone.KeystoneClientPlugin(
|
||||||
@ -908,7 +904,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
self.assertRaises(keystone_exceptions.NotFound,
|
self.assertRaises(keystone_exceptions.NotFound,
|
||||||
self._client.client.users.get,
|
self._client.client.users.get,
|
||||||
self.sample_name)
|
self.sample_name)
|
||||||
self._client.client.users.list.assert_called_once_with(
|
self._client.client.users.find.assert_called_once_with(
|
||||||
domain=client_plugin.get_domain_id(self.sample_domain_uuid),
|
domain=client_plugin.get_domain_id(self.sample_domain_uuid),
|
||||||
name=self.sample_name)
|
name=self.sample_name)
|
||||||
|
|
||||||
@ -916,8 +912,8 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
def test_get_user_id_not_found(self, client_keystone):
|
def test_get_user_id_not_found(self, client_keystone):
|
||||||
self._client.client.users.get.side_effect = (keystone_exceptions
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
.NotFound)
|
.NotFound)
|
||||||
self._client.client.users.list.return_value = []
|
self._client.client.users.find.side_effect = (keystone_exceptions
|
||||||
|
.NotFound)
|
||||||
client_keystone.return_value = self._client
|
client_keystone.return_value = self._client
|
||||||
client_plugin = keystone.KeystoneClientPlugin(
|
client_plugin = keystone.KeystoneClientPlugin(
|
||||||
context=mock.MagicMock()
|
context=mock.MagicMock()
|
||||||
@ -932,7 +928,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
self.assertRaises(keystone_exceptions.NotFound,
|
self.assertRaises(keystone_exceptions.NotFound,
|
||||||
self._client.client.users.get,
|
self._client.client.users.get,
|
||||||
self.sample_name)
|
self.sample_name)
|
||||||
self._client.client.users.list.assert_called_once_with(
|
self._client.client.users.find.assert_called_once_with(
|
||||||
domain=None, name=self.sample_name)
|
domain=None, name=self.sample_name)
|
||||||
|
|
||||||
@mock.patch.object(keystone.KeystoneClientPlugin, 'client')
|
@mock.patch.object(keystone.KeystoneClientPlugin, 'client')
|
||||||
@ -940,8 +936,8 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
|
|||||||
client_keystone):
|
client_keystone):
|
||||||
self._client.client.users.get.side_effect = (keystone_exceptions
|
self._client.client.users.get.side_effect = (keystone_exceptions
|
||||||
.NotFound)
|
.NotFound)
|
||||||
self._client.client.users.list.return_value = []
|
self._client.client.users.find.side_effect = (keystone_exceptions
|
||||||
|
.NotFound)
|
||||||
client_keystone.return_value = self._client
|
client_keystone.return_value = self._client
|
||||||
client_plugin = keystone.KeystoneClientPlugin(
|
client_plugin = keystone.KeystoneClientPlugin(
|
||||||
context=mock.MagicMock()
|
context=mock.MagicMock()
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
On clouds where Keystone usernames are `case-insensitive
|
||||||
|
<https://docs.openstack.org/keystone/latest/admin/case-insensitive.html>`_,
|
||||||
|
Heat will now allow usernames with any case as property and
|
||||||
|
parameter values where a Keystone user is expected
|
||||||
|
(i.e. a ``keystone.user`` custom constraint applies).
|
||||||
|
Previously the case had to match the case with which the name
|
||||||
|
was stored in Keystone, even if Keystone itself was
|
||||||
|
case-insensitive.
|
Loading…
Reference in New Issue
Block a user