heat/heat/tests/openstack/keystone/test_group.py

#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import mock

from heat.engine.clients.os.keystone import fake_keystoneclient as fake_ks
from heat.engine import constraints
from heat.engine import properties
from heat.engine import resource
from heat.engine.resources.openstack.keystone import group
from heat.engine import stack
from heat.engine import template
from heat.tests import common
from heat.tests import utils

keystone_group_template = {
    'heat_template_version': '2013-05-23',
    'resources': {
        'test_group': {
            'type': 'OS::Keystone::Group',
            'properties': {
                'name': 'test_group_1',
                'description': 'Test group',
                'domain': 'default'
            }
        }
    }
}


class KeystoneGroupTest(common.HeatTestCase):
    def setUp(self):
        super(KeystoneGroupTest, self).setUp()

        self.ctx = utils.dummy_context()

        self.stack = stack.Stack(
            self.ctx, 'test_stack_keystone',
            template.Template(keystone_group_template)
        )

        self.test_group = self.stack['test_group']

        # Mock client
        self.keystoneclient = mock.Mock()
        self.patchobject(resource.Resource, 'client',
                         return_value=fake_ks.FakeKeystoneClient(
                             client=self.keystoneclient))
        self.groups = self.keystoneclient.groups
        self.role_assignments = self.keystoneclient.role_assignments

        # Mock client plugin
        def _side_effect(value):
            return value

        self.keystone_client_plugin = mock.MagicMock()
        (self.keystone_client_plugin.get_domain_id.
         side_effect) = _side_effect
        self.test_group.client_plugin = mock.MagicMock()
        (self.test_group.client_plugin.
         return_value) = self.keystone_client_plugin

    def _get_mock_group(self):
        value = mock.MagicMock()
        group_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
        value.id = group_id

        return value

    def test_properties_title(self):
        property_title_map = {
            group.KeystoneGroup.NAME: 'name',
            group.KeystoneGroup.DESCRIPTION: 'description',
            group.KeystoneGroup.DOMAIN: 'domain'
        }

        for actual_title, expected_title in property_title_map.items():
            self.assertEqual(
                expected_title,
                actual_title,
                'KeystoneGroup PROPERTIES(%s) title modified.' %
                actual_title)

    def test_property_name_validate_schema(self):
        schema = group.KeystoneGroup.properties_schema[
            group.KeystoneGroup.NAME]
        self.assertEqual(
            True,
            schema.update_allowed,
            'update_allowed for property %s is modified' %
            group.KeystoneGroup.NAME)

        self.assertEqual(properties.Schema.STRING,
                         schema.type,
                         'type for property %s is modified' %
                         group.KeystoneGroup.NAME)

        self.assertEqual('Name of keystone group.',
                         schema.description,
                         'description for property %s is modified' %
                         group.KeystoneGroup.NAME)

    def test_property_description_validate_schema(self):
        schema = group.KeystoneGroup.properties_schema[
            group.KeystoneGroup.DESCRIPTION]
        self.assertEqual(
            True,
            schema.update_allowed,
            'update_allowed for property %s is modified' %
            group.KeystoneGroup.DESCRIPTION)

        self.assertEqual(properties.Schema.STRING,
                         schema.type,
                         'type for property %s is modified' %
                         group.KeystoneGroup.DESCRIPTION)

        self.assertEqual('Description of keystone group.',
                         schema.description,
                         'description for property %s is modified' %
                         group.KeystoneGroup.DESCRIPTION)

        self.assertEqual(
            '',
            schema.default,
            'default for property %s is modified' %
            group.KeystoneGroup.DESCRIPTION)

    def test_property_domain_validate_schema(self):
        schema = group.KeystoneGroup.properties_schema[
            group.KeystoneGroup.DOMAIN]
        self.assertEqual(
            True,
            schema.update_allowed,
            'update_allowed for property %s is modified' %
            group.KeystoneGroup.DOMAIN)

        self.assertEqual(properties.Schema.STRING,
                         schema.type,
                         'type for property %s is modified' %
                         group.KeystoneGroup.DOMAIN)

        self.assertEqual('Name or id of keystone domain.',
                         schema.description,
                         'description for property %s is modified' %
                         group.KeystoneGroup.DOMAIN)

        self.assertEqual([constraints.CustomConstraint('keystone.domain')],
                         schema.constraints,
                         'constrains for property %s is modified' %
                         group.KeystoneGroup.DOMAIN)

        self.assertEqual(
            'default',
            schema.default,
            'default for property %s is modified' %
            group.KeystoneGroup.DOMAIN)

    def _get_property_schema_value_default(self, name):
        schema = group.KeystoneGroup.properties_schema[name]
        return schema.default

    def test_group_handle_create(self):
        mock_group = self._get_mock_group()
        self.groups.create.return_value = mock_group

        # validate the properties
        self.assertEqual(
            'test_group_1',
            self.test_group.properties.get(group.KeystoneGroup.NAME))
        self.assertEqual(
            'Test group',
            self.test_group.properties.get(group.KeystoneGroup.DESCRIPTION))
        self.assertEqual(
            'default',
            self.test_group.properties.get(group.KeystoneGroup.DOMAIN))

        self.test_group.handle_create()

        # validate group creation
        self.groups.create.assert_called_once_with(
            name='test_group_1',
            description='Test group',
            domain='default')

        # validate physical resource id
        self.assertEqual(mock_group.id, self.test_group.resource_id)

    def test_group_handle_create_default(self):
        values = {
            group.KeystoneGroup.NAME: None,
            group.KeystoneGroup.DESCRIPTION:
            (self._get_property_schema_value_default(
             group.KeystoneGroup.DESCRIPTION)),
            group.KeystoneGroup.DOMAIN:
            (self._get_property_schema_value_default(
             group.KeystoneGroup.DOMAIN)),
            group.KeystoneGroup.ROLES: None
        }

        def _side_effect(key):
            return values[key]

        mock_group = self._get_mock_group()
        self.groups.create.return_value = mock_group
        self.test_group.properties = mock.MagicMock()
        self.test_group.properties.get.side_effect = _side_effect
        self.test_group.properties.__getitem__.side_effect = _side_effect

        self.test_group.physical_resource_name = mock.MagicMock()
        self.test_group.physical_resource_name.return_value = 'foo'

        # validate the properties
        self.assertEqual(
            None,
            self.test_group.properties.get(group.KeystoneGroup.NAME))
        self.assertEqual(
            '',
            self.test_group.properties.get(group.KeystoneGroup.DESCRIPTION))
        self.assertEqual(
            'default',
            self.test_group.properties.get(group.KeystoneGroup.DOMAIN))

        self.test_group.handle_create()

        # validate group creation
        self.groups.create.assert_called_once_with(
            name='foo',
            description='',
            domain='default')

    def test_group_handle_update(self):
        self.test_group.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'

        prop_diff = {group.KeystoneGroup.NAME: 'test_group_1_updated',
                     group.KeystoneGroup.DESCRIPTION: 'Test Group updated',
                     group.KeystoneGroup.DOMAIN: 'test_domain'}

        self.test_group.handle_update(json_snippet=None,
                                      tmpl_diff=None,
                                      prop_diff=prop_diff)

        self.groups.update.assert_called_once_with(
            group=self.test_group.resource_id,
            name=prop_diff[group.KeystoneGroup.NAME],
            description=prop_diff[group.KeystoneGroup.DESCRIPTION],
            domain_id='test_domain'
        )

        # validate the role assignment isn't updated
        self.roles = self.keystoneclient.roles
        self.assertEqual(0, self.roles.revoke.call_count)
        self.assertEqual(0, self.roles.grant.call_count)

    def test_group_handle_update_default(self):
        self.test_group.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'

        prop_diff = {group.KeystoneGroup.DESCRIPTION: 'Test Project updated'}

        self.test_group.handle_update(json_snippet=None,
                                      tmpl_diff=None,
                                      prop_diff=prop_diff)

        # validate default name to physical resource name and
        # domain is set from stored properties used during creation.
        self.groups.update.assert_called_once_with(
            group=self.test_group.resource_id,
            name=None,
            description=prop_diff[group.KeystoneGroup.DESCRIPTION],
            domain_id='default'
        )

    def test_group_handle_delete(self):
        self.test_group.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
        self.groups.delete.return_value = None

        self.test_group.handle_delete()
        self.groups.delete.assert_called_once_with(
            self.test_group.resource_id
        )

    def test_group_handle_delete_resource_id_is_none(self):
        self.resource_id = None
        self.assertIsNone(self.test_group.handle_delete())

    def test_group_handle_delete_not_found(self):
        exc = self.keystoneclient.NotFound
        self.groups.delete.side_effect = exc

        self.assertIsNone(self.test_group.handle_delete())

    def test_show_resource(self):
        group = mock.Mock()
        group.to_dict.return_value = {'attr': 'val'}
        self.groups.get.return_value = group
        res = self.test_group._show_resource()
        self.assertEqual({'attr': 'val'}, res)

    def test_get_live_state(self):
        group = mock.Mock()
        group.to_dict.return_value = {
            'id': '48ee1f94b77047e592de55a4934c198c',
            'domain_id': 'default',
            'name': 'fake',
            'links': {'self': 'some_link'},
            'description': ''}
        roles = mock.MagicMock()
        roles.to_dict.return_value = {
            'scope': {
                'project': {'id': 'fc0fe982401643368ff2eb11d9ca70f1'}},
            'role': {'id': '3b8b253648f44256a457a5073b78021d'},
            'group': {'id': '4147558a763046cfb68fb870d58ef4cf'}}
        self.role_assignments.list.return_value = [roles]
        self.groups.get.return_value = group
        self.test_group.resource_id = '1234'

        reality = self.test_group.get_live_state(self.test_group.properties)
        expected = {
            'domain': 'default',
            'name': 'fake',
            'description': '',
            'roles': [{
                'role': '3b8b253648f44256a457a5073b78021d',
                'project': 'fc0fe982401643368ff2eb11d9ca70f1',
                'domain': None
            }]
        }
        self.assertEqual(set(expected.keys()), set(reality.keys()))
        for key in expected:
            self.assertEqual(expected[key], reality[key])