Merge "Bugfix: Clean up trusts for all deleted clusters"
This commit is contained in:
commit
05c2b170c0
@ -263,14 +263,16 @@ class KeystoneClientV3(object):
|
|||||||
domain_id=domain_id)
|
domain_id=domain_id)
|
||||||
return user
|
return user
|
||||||
|
|
||||||
def delete_trustee(self, trustee_id):
|
def delete_trustee(self, trustee_user_id):
|
||||||
|
if trustee_user_id is None:
|
||||||
|
return
|
||||||
try:
|
try:
|
||||||
self.domain_admin_client.users.delete(trustee_id)
|
self.domain_admin_client.users.delete(trustee_user_id)
|
||||||
except kc_exception.NotFound:
|
except kc_exception.NotFound:
|
||||||
pass
|
pass
|
||||||
except Exception:
|
except Exception:
|
||||||
LOG.exception('Failed to delete trustee')
|
LOG.exception('Failed to delete trustee')
|
||||||
raise exception.TrusteeDeleteFailed(trustee_id=trustee_id)
|
raise exception.TrusteeDeleteFailed(trustee_id=trustee_user_id)
|
||||||
|
|
||||||
def get_validate_region_name(self, region_name):
|
def get_validate_region_name(self, region_name):
|
||||||
if region_name is None:
|
if region_name is None:
|
||||||
|
@ -44,20 +44,20 @@ def create_trustee_and_trust(osc, cluster):
|
|||||||
|
|
||||||
|
|
||||||
def delete_trustee_and_trust(osc, context, cluster):
|
def delete_trustee_and_trust(osc, context, cluster):
|
||||||
|
kst = osc.keystone()
|
||||||
try:
|
try:
|
||||||
kst = osc.keystone()
|
|
||||||
|
|
||||||
# The cluster which is upgraded from Liberty doesn't have trust_id
|
|
||||||
if cluster.trust_id:
|
if cluster.trust_id:
|
||||||
kst.delete_trust(context, cluster)
|
kst.delete_trust(context, cluster)
|
||||||
|
cluster.trust_id = None
|
||||||
except Exception:
|
except Exception:
|
||||||
# Exceptions are already logged by keystone().delete_trust
|
# Exceptions are already logged by keystone().delete_trust
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
# The cluster which is upgraded from Liberty doesn't have
|
|
||||||
# trustee_user_id
|
|
||||||
if cluster.trustee_user_id:
|
if cluster.trustee_user_id:
|
||||||
osc.keystone().delete_trustee(cluster.trustee_user_id)
|
kst.delete_trustee(cluster.trustee_user_id)
|
||||||
|
cluster.trustee_user_id = None
|
||||||
|
cluster.trustee_username = None
|
||||||
|
cluster.trustee_password = None
|
||||||
except Exception:
|
except Exception:
|
||||||
# Exceptions are already logged by keystone().delete_trustee
|
# Exceptions are already logged by keystone().delete_trustee
|
||||||
pass
|
pass
|
||||||
|
@ -21,10 +21,13 @@ from oslo_service import periodic_task
|
|||||||
|
|
||||||
from pycadf import cadftaxonomy as taxonomy
|
from pycadf import cadftaxonomy as taxonomy
|
||||||
|
|
||||||
|
from magnum.common import clients
|
||||||
from magnum.common import context
|
from magnum.common import context
|
||||||
from magnum.common import exception
|
from magnum.common import exception
|
||||||
from magnum.common import profiler
|
from magnum.common import profiler
|
||||||
from magnum.common import rpc
|
from magnum.common import rpc
|
||||||
|
from magnum.conductor.handlers.common import cert_manager
|
||||||
|
from magnum.conductor.handlers.common import trust_manager
|
||||||
from magnum.conductor import monitors
|
from magnum.conductor import monitors
|
||||||
from magnum.conductor import utils as conductor_utils
|
from magnum.conductor import utils as conductor_utils
|
||||||
import magnum.conf
|
import magnum.conf
|
||||||
@ -95,6 +98,14 @@ class ClusterUpdateJob(object):
|
|||||||
taxonomy.OUTCOME_FAILURE, self.cluster)
|
taxonomy.OUTCOME_FAILURE, self.cluster)
|
||||||
# if we're done with it, delete it
|
# if we're done with it, delete it
|
||||||
if self.cluster.status == objects.fields.ClusterStatus.DELETE_COMPLETE:
|
if self.cluster.status == objects.fields.ClusterStatus.DELETE_COMPLETE:
|
||||||
|
# Clean up trusts and certificates, if they still exist.
|
||||||
|
os_client = clients.OpenStackClients(self.ctx)
|
||||||
|
LOG.debug("Calling delete_trustee_and_trusts from periodic "
|
||||||
|
"DELETE_COMPLETE")
|
||||||
|
trust_manager.delete_trustee_and_trust(os_client, self.ctx,
|
||||||
|
self.cluster)
|
||||||
|
cert_manager.delete_certificates_from_cluster(self.cluster,
|
||||||
|
context=self.ctx)
|
||||||
# delete all the nodegroups that belong to this cluster
|
# delete all the nodegroups that belong to this cluster
|
||||||
for ng in objects.NodeGroup.list(self.ctx, self.cluster.uuid):
|
for ng in objects.NodeGroup.list(self.ctx, self.cluster.uuid):
|
||||||
ng.destroy()
|
ng.destroy()
|
||||||
|
@ -89,7 +89,7 @@ class TrustManagerTestCase(base.BaseTestCase):
|
|||||||
context, mock_cluster
|
context, mock_cluster
|
||||||
)
|
)
|
||||||
mock_keystone.delete_trustee.assert_called_once_with(
|
mock_keystone.delete_trustee.assert_called_once_with(
|
||||||
mock_cluster.trustee_user_id,
|
'trustee_user_id',
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_delete_trustee_and_trust_without_trust_id(self):
|
def test_delete_trustee_and_trust_without_trust_id(self):
|
||||||
@ -105,7 +105,7 @@ class TrustManagerTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
self.assertEqual(0, mock_keystone.delete_trust.call_count)
|
self.assertEqual(0, mock_keystone.delete_trust.call_count)
|
||||||
mock_keystone.delete_trustee.assert_called_once_with(
|
mock_keystone.delete_trustee.assert_called_once_with(
|
||||||
mock_cluster.trustee_user_id,
|
'trustee_user_id',
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_delete_trustee_and_trust_without_trustee_user_id(self):
|
def test_delete_trustee_and_trust_without_trustee_user_id(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user