[S2007072] Enables case insensitive user name search.

Task: 37963

If heat templates use keystone user name in a case different
from the case in which the user name is stored in keystone DB
Heat stack creates fails. This change adds an option to heat
engine to enable case insensitive user name search.

Change-Id: I8e5cb027beebce39921d336fb3845125b0efc5bc
This commit is contained in:
Sampat P 2020-01-06 15:29:04 -05:00
parent 9c6fd452b7
commit 9dded0d8c8
3 changed files with 26 additions and 20 deletions

View File

@ -157,17 +157,16 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
if not domain: if not domain:
user, domain = self.parse_entity_with_domain(user, user, domain = self.parse_entity_with_domain(user,
'KeystoneUser') 'KeystoneUser')
try: try:
user_obj = self.client().client.users.get(user) user_obj = self.client().client.users.get(user)
return user_obj.id return user_obj.id
except ks_exceptions.NotFound: except ks_exceptions.NotFound:
user_list = self.client().client.users.list(name=user, try:
domain=domain) user_obj = self.client().client.users.find(name=user,
for user_obj in user_list: domain=domain)
if user_obj.name == user: return user_obj.id
return user_obj.id except ks_exceptions.NotFound:
pass
raise exception.EntityNotFound(entity='KeystoneUser', name=user) raise exception.EntityNotFound(entity='KeystoneUser', name=user)
def get_region_id(self, region): def get_region_id(self, region):

View File

@ -874,9 +874,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
def test_get_user_id_with_name(self, client_keystone): def test_get_user_id_with_name(self, client_keystone):
self._client.client.users.get.side_effect = (keystone_exceptions self._client.client.users.get.side_effect = (keystone_exceptions
.NotFound) .NotFound)
self._client.client.users.list.return_value = [ self._client.client.users.find.return_value = self._get_mock_user()
self._get_mock_user()
]
client_keystone.return_value = self._client client_keystone.return_value = self._client
client_plugin = keystone.KeystoneClientPlugin( client_plugin = keystone.KeystoneClientPlugin(
@ -888,16 +886,14 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
self.assertRaises(keystone_exceptions.NotFound, self.assertRaises(keystone_exceptions.NotFound,
self._client.client.users.get, self._client.client.users.get,
self.sample_name) self.sample_name)
self._client.client.users.list.assert_called_once_with( self._client.client.users.find.assert_called_once_with(
domain=None, name=self.sample_name) domain=None, name=self.sample_name)
@mock.patch.object(keystone.KeystoneClientPlugin, 'client') @mock.patch.object(keystone.KeystoneClientPlugin, 'client')
def test_get_user_id_with_name_and_domain(self, client_keystone): def test_get_user_id_with_name_and_domain(self, client_keystone):
self._client.client.users.get.side_effect = (keystone_exceptions self._client.client.users.get.side_effect = (keystone_exceptions
.NotFound) .NotFound)
self._client.client.users.list.return_value = [ self._client.client.users.find.return_value = self._get_mock_user()
self._get_mock_user()
]
client_keystone.return_value = self._client client_keystone.return_value = self._client
client_plugin = keystone.KeystoneClientPlugin( client_plugin = keystone.KeystoneClientPlugin(
@ -908,7 +904,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
self.assertRaises(keystone_exceptions.NotFound, self.assertRaises(keystone_exceptions.NotFound,
self._client.client.users.get, self._client.client.users.get,
self.sample_name) self.sample_name)
self._client.client.users.list.assert_called_once_with( self._client.client.users.find.assert_called_once_with(
domain=client_plugin.get_domain_id(self.sample_domain_uuid), domain=client_plugin.get_domain_id(self.sample_domain_uuid),
name=self.sample_name) name=self.sample_name)
@ -916,8 +912,8 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
def test_get_user_id_not_found(self, client_keystone): def test_get_user_id_not_found(self, client_keystone):
self._client.client.users.get.side_effect = (keystone_exceptions self._client.client.users.get.side_effect = (keystone_exceptions
.NotFound) .NotFound)
self._client.client.users.list.return_value = [] self._client.client.users.find.side_effect = (keystone_exceptions
.NotFound)
client_keystone.return_value = self._client client_keystone.return_value = self._client
client_plugin = keystone.KeystoneClientPlugin( client_plugin = keystone.KeystoneClientPlugin(
context=mock.MagicMock() context=mock.MagicMock()
@ -932,7 +928,7 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
self.assertRaises(keystone_exceptions.NotFound, self.assertRaises(keystone_exceptions.NotFound,
self._client.client.users.get, self._client.client.users.get,
self.sample_name) self.sample_name)
self._client.client.users.list.assert_called_once_with( self._client.client.users.find.assert_called_once_with(
domain=None, name=self.sample_name) domain=None, name=self.sample_name)
@mock.patch.object(keystone.KeystoneClientPlugin, 'client') @mock.patch.object(keystone.KeystoneClientPlugin, 'client')
@ -940,8 +936,8 @@ class KeystoneClientPluginUserTest(common.HeatTestCase):
client_keystone): client_keystone):
self._client.client.users.get.side_effect = (keystone_exceptions self._client.client.users.get.side_effect = (keystone_exceptions
.NotFound) .NotFound)
self._client.client.users.list.return_value = [] self._client.client.users.find.side_effect = (keystone_exceptions
.NotFound)
client_keystone.return_value = self._client client_keystone.return_value = self._client
client_plugin = keystone.KeystoneClientPlugin( client_plugin = keystone.KeystoneClientPlugin(
context=mock.MagicMock() context=mock.MagicMock()

View File

@ -0,0 +1,11 @@
---
fixes:
- |
On clouds where Keystone usernames are `case-insensitive
<https://docs.openstack.org/keystone/latest/admin/case-insensitive.html>`_,
Heat will now allow usernames with any case as property and
parameter values where a Keystone user is expected
(i.e. a ``keystone.user`` custom constraint applies).
Previously the case had to match the case with which the name
was stored in Keystone, even if Keystone itself was
case-insensitive.