tests for ec2 crud

12 years ago · 1418925669
parent dae746d9b7
commit 1418925669
5 changed files with 36 additions and 13 deletions
--- a/etc/keystone.conf
+++ b/etc/keystone.conf
@ -66,7 +66,7 @@ paste.app_factory = keystone.service:admin_app_factory
 pipeline = token_auth admin_token_auth json_body debug ec2_extension public_service

 [pipeline:admin_api]
-pipeline = token_auth admin_token_auth json_body debug crud_extension admin_service
+pipeline = token_auth admin_token_auth json_body debug ec2_extension crud_extension admin_service

 [composite:main]
 use = egg:Paste#urlmap
--- a/keystone/backends/kvs.py
+++ b/keystone/backends/kvs.py
@ -280,9 +280,10 @@ class KvsEc2(object):
        credential_ref = self.db.get('credential-%s' % credential_id)
        return credential_ref

-    def list_credentials(self):
+    def list_credentials(self, user_id):
        credential_ids = self.db.get('credential_list', [])
-        return [self.get_credential(x) for x in credential_ids]
+        rv = [self.get_credential(x) for x in credential_ids]
+        return [x for x in rv if x['user_id'] == user_id]

    # CRUD
    def create_credential(self, credential_id, credential):
--- a/keystone/backends/sql/core.py
+++ b/keystone/backends/sql/core.py
@ -494,9 +494,10 @@ class SqlEc2(SqlBase):
            return
        return credential_ref.to_dict()

-    def list_credentials(self):
+    def list_credentials(self, user_id):
        session = self.get_session()
-        credential_refs = session.query(Ec2Credential)
+        credential_refs = session.query(Ec2Credential)\
+                                 .filter_by(user_id=user_id)
        return [x.to_dict() for x in credential_refs]

    # CRUD
--- a/keystone/service.py
+++ b/keystone/service.py
@ -335,25 +335,25 @@ class Ec2Extension(wsgi.ExtensionRouter):
        mapper.connect('/ec2tokens',
                       controller=ec2_controller,
                       action='authenticate_ec2',
-                       conditions=dict(methods=['POST']))
+                       conditions=dict(method=['POST']))

        # crud
        mapper.connect('/users/{user_id}/credentials/OS-EC2',
                       controller=ec2_controller,
                       action='create_credential',
-                       conditions=dict(methods=['POST']))
+                       conditions=dict(method=['POST']))
        mapper.connect('/users/{user_id}/credentials/OS-EC2',
                       controller=ec2_controller,
                       action='get_credentials',
-                       conditions=dict(methods=['GET']))
+                       conditions=dict(method=['GET']))
        mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
                       controller=ec2_controller,
                       action='get_credential',
-                       conditions=dict(methods=['GET']))
+                       conditions=dict(method=['GET']))
        mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
                       controller=ec2_controller,
                       action='delete_credential',
-                       conditions=dict(methods=['DELETE']))
+                       conditions=dict(method=['DELETE']))

        super(Ec2Extension, self).__init__(application, mapper)

@ -442,17 +442,17 @@ class Ec2Controller(Application):
        """List credentials for the given user_id."""
        # TODO(termie): validate that this request is valid for given user
        #               tenant
-        return {'credentials': self.ec2_api.list_credentials(user_id)}
+        return {'credentials': self.ec2_api.list_credentials(context, user_id)}

    def get_credential(self, context, user_id, credential_id):
        # TODO(termie): validate that this request is valid for given user
        #               tenant
-        return {'credential': self.ec2_api.get_credential(credential_id)}
+        return {'credential': self.ec2_api.get_credential(context, credential_id)}

    def delete_credential(self, context, user_id, credential_id):
        # TODO(termie): validate that this request is valid for given user
        #               tenant
-        return self.ec2_api.delete_credential(credential_id)
+        return self.ec2_api.delete_credential(context, credential_id)


 class NoopController(Application):
--- a/tests/test_keystoneclient.py
+++ b/tests/test_keystoneclient.py
@ -239,6 +239,27 @@ class KcMasterTestCase(CompatTestCase):
        roles = client.roles.get_user_role_refs('foo')
        self.assertTrue(len(roles) > 0)

+    def test_ec2_credential_creation(self):
+        from keystoneclient import exceptions as client_exceptions
+
+        client = self.foo_client()
+        creds = client.ec2.list(self.user_foo['id'])
+        self.assertEquals(creds, [])
+
+        cred = client.ec2.create(self.user_foo['id'], self.tenant_bar['id'])
+        creds = client.ec2.list(self.user_foo['id'])
+        self.assertEquals(creds, [cred])
+
+        got = client.ec2.get(self.user_foo['id'], cred.access)
+        self.assertEquals(cred, got)
+
+        # FIXME(ja): need to test ec2 validation here
+
+        client.ec2.delete(self.user_foo['id'], cred.access)
+        creds = client.ec2.list(self.user_foo['id'])
+        self.assertEquals(creds, [])
+
+
    def test_service_create_and_delete(self):
        from keystoneclient import exceptions as client_exceptions