Merge "Pass user_creds_id into nested stacks"

2014-07-22 14:02:23 +00:00 · 2014-07-22 14:02:23 +00:00 · 9f26fc53e7
parent e2b2b7adff 88568e6400
commit 9f26fc53e7
5 changed files with 45 additions and 7 deletions
--- a/heat/engine/parser.py
+++ b/heat/engine/parser.py
@ -780,7 +780,9 @@ class Stack(collections.Mapping):
            stack_status = self.FAILED
            reason = '%s timed out' % action.title()

-        if stack_status != self.FAILED and not backup:
+        # If the stack delete suceeded, this is not a backup stack and it's
+        # not a nested stack, we should delete the credentials
+        if stack_status != self.FAILED and not backup and not self.owner_id:
            # Cleanup stored user_creds so they aren't accessible via
            # the soft-deleted stack which remains in the DB
            if self.user_creds_id:
--- a/heat/engine/stack_resource.py
+++ b/heat/engine/stack_resource.py
@ -114,7 +114,8 @@ class StackResource(resource.Resource):
                              self._nested_environment(params),
                              disable_rollback=True,
                              parent_resource=self,
-                              owner_id=self.stack.id)
+                              owner_id=self.stack.id,
+                              user_creds_id=self.stack.user_creds_id)

        return nested.preview_resources()

@ -173,6 +174,7 @@ class StackResource(resource.Resource):
                              disable_rollback=True,
                              parent_resource=self,
                              owner_id=self.stack.id,
+                              user_creds_id=self.stack.user_creds_id,
                              adopt_stack_data=adopt_data)
        nested.validate()
        self._nested = nested
@ -229,7 +231,8 @@ class StackResource(resource.Resource):
                             timeout_mins=timeout_mins,
                             disable_rollback=True,
                             parent_resource=self,
-                             owner_id=self.stack.id)
+                             owner_id=self.stack.id,
+                             user_creds_id=self.stack.user_creds_id)
        stack.parameters.set_stack_id(nested_stack.identifier())
        stack.validate()

--- a/heat/tests/common.py
+++ b/heat/tests/common.py
@ -114,8 +114,8 @@ class HeatTestCase(testscenarios.WithScenarios,
        mockfixture = self.useFixture(mockpatch.PatchObject(obj, attr))
        return mockfixture.mock

-    def stub_keystoneclient(self, **kwargs):
+    def stub_keystoneclient(self, fake_client=None, **kwargs):
        client = self.patchobject(keystone.KeystoneClientPlugin, "_create")
-        fkc = fakes.FakeKeystoneClient(**kwargs)
+        fkc = fake_client or fakes.FakeKeystoneClient(**kwargs)
        client.return_value = fkc
        return fkc
--- a/heat/tests/test_parser.py
+++ b/heat/tests/test_parser.py
@ -1382,6 +1382,36 @@ class StackTest(HeatTestCase):
        self.assertEqual(self.stack.state,
                         (parser.Stack.DELETE, parser.Stack.COMPLETE))

+    def test_delete_trust_nested(self):
+        cfg.CONF.set_override('deferred_auth_method', 'trusts')
+
+        class FakeKeystoneClientFail(FakeKeystoneClient):
+            def delete_trust(self, trust_id):
+                raise Exception("Shouldn't delete")
+
+        self.stub_keystoneclient(fake_client=FakeKeystoneClientFail())
+
+        self.stack = parser.Stack(
+            self.ctx, 'delete_trust_nested', self.tmpl,
+            owner_id='owner123')
+        stack_id = self.stack.store()
+
+        db_s = db_api.stack_get(self.ctx, stack_id)
+        self.assertIsNotNone(db_s)
+        user_creds_id = db_s.user_creds_id
+        self.assertIsNotNone(user_creds_id)
+        user_creds = db_api.user_creds_get(user_creds_id)
+        self.assertIsNotNone(user_creds)
+
+        self.stack.delete()
+
+        db_s = db_api.stack_get(self.ctx, stack_id)
+        self.assertIsNone(db_s)
+        user_creds = db_api.user_creds_get(user_creds_id)
+        self.assertIsNotNone(user_creds)
+        self.assertEqual(self.stack.state,
+                         (parser.Stack.DELETE, parser.Stack.COMPLETE))
+
    def test_delete_trust_fail(self):
        cfg.CONF.set_override('deferred_auth_method', 'trusts')

--- a/heat/tests/test_stack_resource.py
+++ b/heat/tests/test_stack_resource.py
@ -111,7 +111,8 @@ class StackResourceTest(HeatTestCase):
                             'Resources':
                             {self.ws_resname: ws_res_snippet}})
        self.parent_stack = parser.Stack(utils.dummy_context(), 'test_stack',
-                                         t, stack_id=str(uuid.uuid4()))
+                                         t, stack_id=str(uuid.uuid4()),
+                                         user_creds_id='uc123')
        resource_defns = t.resource_definitions(self.parent_stack)
        self.parent_resource = MyStackResource('test',
                                               resource_defns[self.ws_resname],
@ -172,7 +173,8 @@ class StackResourceTest(HeatTestCase):
            'environment',
            disable_rollback=mock.ANY,
            parent_resource=parent_resource,
-            owner_id=mock.ANY
+            owner_id=self.parent_stack.id,
+            user_creds_id=self.parent_stack.user_creds_id
        )

    def test_preview_validates_nested_resources(self):
@ -539,6 +541,7 @@ class StackResourceTest(HeatTestCase):
                     disable_rollback=True,
                     parent_resource=self.parent_resource,
                     owner_id=self.parent_stack.id,
+                     user_creds_id=self.parent_stack.user_creds_id,
                     adopt_stack_data=None).AndReturn(self.stack)

        st_set = self.stack.state_set