Merge "Refactor bay_conductor to split trust methods"

magnum/conductor/handlers/bay_conductor.py

@@ -24,8 +24,8 @@ import six
 from magnum.common import clients
 from magnum.common import exception
 from magnum.common import short_id
-from magnum.common import utils
 from magnum.conductor.handlers.common import cert_manager
+from magnum.conductor.handlers.common import trust_manager
 from magnum.conductor import scale_manager
 from magnum.conductor.template_definition import TemplateDefinition as TDef
 from magnum.conductor import utils as conductor_utils
@@ -56,8 +56,6 @@ bay_heat_opts = [
 
 CONF = cfg.CONF
 CONF.register_opts(bay_heat_opts, group='bay_heat')
-CONF.import_opt('trustee_domain_id', 'magnum.common.keystone',
-                group='trust')
 
 LOG = logging.getLogger(__name__)
 
@@ -119,19 +117,6 @@ class Handler(object):
     def __init__(self):
         super(Handler, self).__init__()
 
-    @staticmethod
-    def _create_trustee_and_trust(osc, bay):
-        password = utils.generate_password(length=18)
-        trustee = osc.keystone().create_trustee(
-            bay.uuid,
-            password,
-            CONF.trust.trustee_domain_id)
-        bay.trustee_username = trustee.name
-        bay.trustee_user_id = trustee.id
-        bay.trustee_password = password
-        trust = osc.keystone().create_trust(trustee.id)
-        bay.trust_id = trust.id
-
     # Bay Operations
 
     def bay_create(self, context, bay, bay_create_timeout):
@@ -140,14 +125,16 @@ class Handler(object):
         osc = clients.OpenStackClients(context)
 
         bay.uuid = uuid.uuid4()
-        self._create_trustee_and_trust(osc, bay)
         try:
+            # Create trustee/trust and set them to bay
+            trust_manager.create_trustee_and_trust(osc, bay)
             # Generate certificate and set the cert reference to bay
             cert_manager.generate_certificates_to_bay(bay)
             created_stack = _create_stack(context, osc, bay,
                                           bay_create_timeout)
         except exc.HTTPBadRequest as e:
             cert_manager.delete_certificates_from_bay(bay)
+            trust_manager.delete_trustee_and_trust(osc, bay)
             raise exception.InvalidParameterValue(message=six.text_type(e))
         except Exception:
             raise
@@ -191,18 +178,11 @@ class Handler(object):
 
         return bay
 
-    @staticmethod
-    def _delete_trustee_and_trust(osc, bay):
-        osc.keystone().delete_trust(bay.trust_id)
-        osc.keystone().delete_trustee(bay.trustee_user_id)
-
     def bay_delete(self, context, uuid):
         LOG.debug('bay_heat bay_delete')
         osc = clients.OpenStackClients(context)
         bay = objects.Bay.get_by_uuid(context, uuid)
 
-        self._delete_trustee_and_trust(osc, bay)
-
         stack_id = bay.stack_id
         # NOTE(sdake): This will execute a stack_delete operation.  This will
         # Ignore HTTPNotFound exceptions (stack wasn't present).  In the case
@@ -217,6 +197,7 @@ class Handler(object):
             LOG.info(_LI('The stack %s was not be found during bay'
                          ' deletion.'), stack_id)
             try:
+                trust_manager.delete_trustee_and_trust(osc, bay)
                 cert_manager.delete_certificates_from_bay(bay)
                 bay.destroy()
             except exception.BayNotFound:
@@ -296,6 +277,8 @@ class HeatPoller(object):
         LOG.info(_LI('Bay has been deleted, stack_id: %s')
                  % self.bay.stack_id)
         try:
+            trust_manager.delete_trustee_and_trust(self.openstack_client,
+                                                   self.bay)
             cert_manager.delete_certificates_from_bay(self.bay)
             self.bay.destroy()
         except exception.BayNotFound:

magnum/conductor/handlers/common/trust_manager.py

@@ -0,0 +1,52 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_config import cfg
+from oslo_log import log as logging
+
+from magnum.common import utils
+
+CONF = cfg.CONF
+CONF.import_opt('trustee_domain_id', 'magnum.common.keystone',
+                group='trust')
+
+LOG = logging.getLogger(__name__)
+
+
+def create_trustee_and_trust(osc, bay):
+    password = utils.generate_password(length=18)
+    trustee = osc.keystone().create_trustee(
+        bay.uuid,
+        password,
+        CONF.trust.trustee_domain_id)
+    bay.trustee_username = trustee.name
+    bay.trustee_user_id = trustee.id
+    bay.trustee_password = password
+    trust = osc.keystone().create_trust(trustee.id)
+    bay.trust_id = trust.id
+
+
+def delete_trustee_and_trust(osc, bay):
+    try:
+        # The bay which is upgraded from Liberty doesn't have trust_id
+        if bay.trust_id:
+            osc.keystone().delete_trust(bay.trust_id)
+    except Exception:
+        # Exceptions are already logged by keystone().delete_trust
+        pass
+    try:
+        # The bay which is upgraded from Liberty doesn't have trustee_user_id
+        if bay.trustee_user_id:
+            osc.keystone().delete_trustee(bay.trustee_user_id)
+    except Exception:
+        # Exceptions are already logged by keystone().delete_trustee
+        pass

magnum/tests/unit/conductor/handlers/common/test_trust_manager.py

@@ -0,0 +1,112 @@
+# Copyright 2016 NEC Corporation.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import mock
+from mock import patch
+from oslo_config import fixture
+
+from magnum.conductor.handlers.common import trust_manager
+from magnum.tests import base
+
+
+class TrustManagerTestCase(base.BaseTestCase):
+    def setUp(self):
+        super(TrustManagerTestCase, self).setUp()
+
+        osc_class_patcher = patch('magnum.common.clients.OpenStackClients')
+        osc_class = osc_class_patcher.start()
+        self.addCleanup(osc_class_patcher.stop)
+
+        self.osc = mock.MagicMock()
+        osc_class.return_value = self.osc
+
+    @patch('magnum.common.utils.generate_password')
+    def test_create_trustee_and_trust(self, mock_generate_password):
+        mock_password = "password_mock"
+        mock_trustee_domain_id = 'trustee_domain_id_mock'
+        mock_generate_password.return_value = mock_password
+        mock_bay = mock.MagicMock()
+        mock_bay.uuid = 'mock_bay_uuid'
+        mock_keystone = mock.MagicMock()
+        mock_trustee = mock.MagicMock()
+        mock_trustee.id = 'mock_trustee_id'
+        mock_trustee.name = 'mock_trustee_username'
+        mock_trust = mock.MagicMock()
+        mock_trust.id = 'mock_trust_id'
+
+        self.osc.keystone.return_value = mock_keystone
+        fixture.Config().config(group='trust',
+                                trustee_domain_id=mock_trustee_domain_id)
+
+        mock_keystone.create_trustee.return_value = mock_trustee
+        mock_keystone.create_trust.return_value = mock_trust
+
+        trust_manager.create_trustee_and_trust(self.osc, mock_bay)
+
+        mock_keystone.create_trustee.assert_called_once_with(
+            mock_bay.uuid,
+            mock_password,
+            mock_trustee_domain_id,
+        )
+        mock_keystone.create_trust.assert_called_once_with(
+            mock_trustee.id,
+        )
+        self.assertEqual(mock_trustee.name, mock_bay.trustee_username)
+        self.assertEqual(mock_trustee.id, mock_bay.trustee_user_id)
+        self.assertEqual(mock_password, mock_bay.trustee_password)
+        self.assertEqual(mock_trust.id, mock_bay.trust_id)
+
+    def test_delete_trustee_and_trust(self):
+        mock_bay = mock.MagicMock()
+        mock_bay.trust_id = 'trust_id'
+        mock_bay.trustee_user_id = 'trustee_user_id'
+        mock_keystone = mock.MagicMock()
+        self.osc.keystone.return_value = mock_keystone
+
+        trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
+
+        mock_keystone.delete_trust.assert_called_once_with(
+            mock_bay.trust_id,
+        )
+        mock_keystone.delete_trustee.assert_called_once_with(
+            mock_bay.trustee_user_id,
+        )
+
+    def test_delete_trustee_and_trust_without_trust_id(self):
+        mock_bay = mock.MagicMock()
+        mock_bay.trust_id = None
+        mock_bay.trustee_user_id = 'trustee_user_id'
+        mock_keystone = mock.MagicMock()
+        self.osc.keystone.return_value = mock_keystone
+
+        trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
+
+        self.assertEqual(0, mock_keystone.delete_trust.call_count)
+        mock_keystone.delete_trustee.assert_called_once_with(
+            mock_bay.trustee_user_id,
+        )
+
+    def test_delete_trustee_and_trust_without_trustee_user_id(self):
+        mock_bay = mock.MagicMock()
+        mock_bay.trust_id = 'trust_id'
+        mock_bay.trustee_user_id = None
+        mock_keystone = mock.MagicMock()
+        self.osc.keystone.return_value = mock_keystone
+
+        trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
+
+        mock_keystone.delete_trust.assert_called_once_with(
+            mock_bay.trust_id,
+        )
+        self.assertEqual(0, mock_keystone.delete_trustee.call_count)

magnum/tests/unit/conductor/handlers/test_bay_conductor.py

@@ -44,23 +44,6 @@ class TestHandler(db_base.DbTestCase):
         self.bay = objects.Bay(self.context, **bay_dict)
         self.bay.create()
 
-        self.p = patch(
-            'magnum.conductor.handlers.bay_conductor.Handler.'
-            '_create_trustee_and_trust')
-
-        def create_trustee_and_trust(osc, bay):
-            bay.trust_id = 'trust_id'
-            bay.trustee_username = 'user_name'
-            bay.trustee_user_id = 'user_id'
-            bay.trustee_password = 'password'
-
-        self.p.side_effect = create_trustee_and_trust
-        self.p.start()
-
-    def tearDown(self):
-        self.p.stop()
-        super(TestHandler, self).tearDown()
-
     @patch('magnum.conductor.scale_manager.ScaleManager')
     @patch('magnum.conductor.handlers.bay_conductor.Handler._poll_and_check')
     @patch('magnum.conductor.handlers.bay_conductor._update_stack')
@@ -163,12 +146,13 @@ class TestHandler(db_base.DbTestCase):
         self._test_update_bay_status_complete(bay_status.ADOPT_COMPLETE)
 
     @patch('magnum.conductor.handlers.bay_conductor.HeatPoller')
+    @patch('magnum.conductor.handlers.bay_conductor.trust_manager')
     @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
     @patch('magnum.conductor.handlers.bay_conductor._create_stack')
     @patch('magnum.conductor.handlers.bay_conductor.uuid')
     @patch('magnum.common.clients.OpenStackClients')
     def test_create(self, mock_openstack_client_class, mock_uuid,
-                    mock_create_stack, mock_cert_manager,
+                    mock_create_stack, mock_cert_manager, mock_trust_manager,
                     mock_heat_poller_class):
         timeout = 15
         test_uuid = uuid.uuid4()
@@ -176,7 +160,8 @@ class TestHandler(db_base.DbTestCase):
         mock_poller = mock.MagicMock()
         mock_poller.poll_and_check.return_value = loopingcall.LoopingCallDone()
         mock_heat_poller_class.return_value = mock_poller
-        mock_openstack_client_class.return_value = mock.sentinel.osc
+        osc = mock.sentinel.osc
+        mock_openstack_client_class.return_value = osc
 
         def create_stack_side_effect(context, osc, bay, timeout):
             self.assertEqual(str(test_uuid), bay.uuid)
@@ -203,13 +188,19 @@ class TestHandler(db_base.DbTestCase):
         mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
             self.bay)
         self.assertEqual(bay_status.CREATE_IN_PROGRESS, bay.status)
+        mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
+            osc, self.bay)
 
+    @patch('magnum.conductor.handlers.bay_conductor.trust_manager')
     @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
     @patch('magnum.conductor.handlers.bay_conductor._create_stack')
     @patch('magnum.common.clients.OpenStackClients')
     def test_create_handles_bad_request(self, mock_openstack_client_class,
                                         mock_create_stack,
-                                        mock_cert_manager):
+                                        mock_cert_manager,
+                                        mock_trust_manager):
+        osc = mock.MagicMock()
+        mock_openstack_client_class.return_value = osc
         mock_create_stack.side_effect = exc.HTTPBadRequest
         timeout = 15
         self.assertRaises(exception.InvalidParameterValue,
@@ -218,15 +209,25 @@ class TestHandler(db_base.DbTestCase):
         mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
             self.bay)
         mock_cert_manager.delete_certificates_from_bay(self.bay)
+        mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
+            osc, self.bay)
+        mock_trust_manager.delete_trustee_and_trust.assert_called_once_with(
+            osc, self.bay)
 
+    @patch('magnum.conductor.handlers.bay_conductor.trust_manager')
     @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
     @patch('magnum.conductor.handlers.bay_conductor._create_stack')
     @patch('magnum.conductor.handlers.bay_conductor.uuid')
+    @patch('magnum.common.clients.OpenStackClients')
     def test_create_with_invalid_unicode_name(self,
+                                              mock_openstack_client_class,
                                               mock_uuid,
                                               mock_create_stack,
-                                              mock_cert_manager):
+                                              mock_cert_manager,
+                                              mock_trust_manager):
         timeout = 15
+        osc = mock.MagicMock()
+        mock_openstack_client_class.return_value = osc
         test_uuid = uuid.uuid4()
         mock_uuid.uuid4.return_value = test_uuid
         error_message = six.u("""Invalid stack name 测试集群-zoyh253geukk
@@ -239,6 +240,8 @@ class TestHandler(db_base.DbTestCase):
                           self.bay, timeout)
         mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
             self.bay)
+        mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
+            osc, self.bay)
 
     @patch('magnum.common.clients.OpenStackClients')
     def test_bay_delete(self, mock_openstack_client_class):
@@ -430,13 +433,16 @@ class TestHeatPoller(base.TestCase):
 
         self.assertEqual(2, bay.node_count)
 
+    @patch('magnum.conductor.handlers.bay_conductor.trust_manager')
     @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
-    def test_delete_complete(self, cert_manager):
+    def test_delete_complete(self, cert_manager, trust_manager):
         mock_heat_stack, bay, poller = self.setup_poll_test()
         poller._delete_complete()
         self.assertEqual(1, bay.destroy.call_count)
         self.assertEqual(1,
                          cert_manager.delete_certificates_from_bay.call_count)
+        self.assertEqual(1,
+                         trust_manager.delete_trustee_and_trust.call_count)
 
     def test_create_or_complete(self):
         mock_heat_stack, bay, poller = self.setup_poll_test()