Merge "Refactor bay_conductor to split trust methods"
This commit is contained in:
commit
b52cc471f2
|
@ -24,8 +24,8 @@ import six
|
|||
from magnum.common import clients
|
||||
from magnum.common import exception
|
||||
from magnum.common import short_id
|
||||
from magnum.common import utils
|
||||
from magnum.conductor.handlers.common import cert_manager
|
||||
from magnum.conductor.handlers.common import trust_manager
|
||||
from magnum.conductor import scale_manager
|
||||
from magnum.conductor.template_definition import TemplateDefinition as TDef
|
||||
from magnum.conductor import utils as conductor_utils
|
||||
|
@ -56,8 +56,6 @@ bay_heat_opts = [
|
|||
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(bay_heat_opts, group='bay_heat')
|
||||
CONF.import_opt('trustee_domain_id', 'magnum.common.keystone',
|
||||
group='trust')
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -119,19 +117,6 @@ class Handler(object):
|
|||
def __init__(self):
|
||||
super(Handler, self).__init__()
|
||||
|
||||
@staticmethod
|
||||
def _create_trustee_and_trust(osc, bay):
|
||||
password = utils.generate_password(length=18)
|
||||
trustee = osc.keystone().create_trustee(
|
||||
bay.uuid,
|
||||
password,
|
||||
CONF.trust.trustee_domain_id)
|
||||
bay.trustee_username = trustee.name
|
||||
bay.trustee_user_id = trustee.id
|
||||
bay.trustee_password = password
|
||||
trust = osc.keystone().create_trust(trustee.id)
|
||||
bay.trust_id = trust.id
|
||||
|
||||
# Bay Operations
|
||||
|
||||
def bay_create(self, context, bay, bay_create_timeout):
|
||||
|
@ -140,14 +125,16 @@ class Handler(object):
|
|||
osc = clients.OpenStackClients(context)
|
||||
|
||||
bay.uuid = uuid.uuid4()
|
||||
self._create_trustee_and_trust(osc, bay)
|
||||
try:
|
||||
# Create trustee/trust and set them to bay
|
||||
trust_manager.create_trustee_and_trust(osc, bay)
|
||||
# Generate certificate and set the cert reference to bay
|
||||
cert_manager.generate_certificates_to_bay(bay)
|
||||
created_stack = _create_stack(context, osc, bay,
|
||||
bay_create_timeout)
|
||||
except exc.HTTPBadRequest as e:
|
||||
cert_manager.delete_certificates_from_bay(bay)
|
||||
trust_manager.delete_trustee_and_trust(osc, bay)
|
||||
raise exception.InvalidParameterValue(message=six.text_type(e))
|
||||
except Exception:
|
||||
raise
|
||||
|
@ -191,18 +178,11 @@ class Handler(object):
|
|||
|
||||
return bay
|
||||
|
||||
@staticmethod
|
||||
def _delete_trustee_and_trust(osc, bay):
|
||||
osc.keystone().delete_trust(bay.trust_id)
|
||||
osc.keystone().delete_trustee(bay.trustee_user_id)
|
||||
|
||||
def bay_delete(self, context, uuid):
|
||||
LOG.debug('bay_heat bay_delete')
|
||||
osc = clients.OpenStackClients(context)
|
||||
bay = objects.Bay.get_by_uuid(context, uuid)
|
||||
|
||||
self._delete_trustee_and_trust(osc, bay)
|
||||
|
||||
stack_id = bay.stack_id
|
||||
# NOTE(sdake): This will execute a stack_delete operation. This will
|
||||
# Ignore HTTPNotFound exceptions (stack wasn't present). In the case
|
||||
|
@ -217,6 +197,7 @@ class Handler(object):
|
|||
LOG.info(_LI('The stack %s was not be found during bay'
|
||||
' deletion.'), stack_id)
|
||||
try:
|
||||
trust_manager.delete_trustee_and_trust(osc, bay)
|
||||
cert_manager.delete_certificates_from_bay(bay)
|
||||
bay.destroy()
|
||||
except exception.BayNotFound:
|
||||
|
@ -296,6 +277,8 @@ class HeatPoller(object):
|
|||
LOG.info(_LI('Bay has been deleted, stack_id: %s')
|
||||
% self.bay.stack_id)
|
||||
try:
|
||||
trust_manager.delete_trustee_and_trust(self.openstack_client,
|
||||
self.bay)
|
||||
cert_manager.delete_certificates_from_bay(self.bay)
|
||||
self.bay.destroy()
|
||||
except exception.BayNotFound:
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
from magnum.common import utils
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_opt('trustee_domain_id', 'magnum.common.keystone',
|
||||
group='trust')
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def create_trustee_and_trust(osc, bay):
|
||||
password = utils.generate_password(length=18)
|
||||
trustee = osc.keystone().create_trustee(
|
||||
bay.uuid,
|
||||
password,
|
||||
CONF.trust.trustee_domain_id)
|
||||
bay.trustee_username = trustee.name
|
||||
bay.trustee_user_id = trustee.id
|
||||
bay.trustee_password = password
|
||||
trust = osc.keystone().create_trust(trustee.id)
|
||||
bay.trust_id = trust.id
|
||||
|
||||
|
||||
def delete_trustee_and_trust(osc, bay):
|
||||
try:
|
||||
# The bay which is upgraded from Liberty doesn't have trust_id
|
||||
if bay.trust_id:
|
||||
osc.keystone().delete_trust(bay.trust_id)
|
||||
except Exception:
|
||||
# Exceptions are already logged by keystone().delete_trust
|
||||
pass
|
||||
try:
|
||||
# The bay which is upgraded from Liberty doesn't have trustee_user_id
|
||||
if bay.trustee_user_id:
|
||||
osc.keystone().delete_trustee(bay.trustee_user_id)
|
||||
except Exception:
|
||||
# Exceptions are already logged by keystone().delete_trustee
|
||||
pass
|
|
@ -0,0 +1,112 @@
|
|||
# Copyright 2016 NEC Corporation. All rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import mock
|
||||
from mock import patch
|
||||
from oslo_config import fixture
|
||||
|
||||
from magnum.conductor.handlers.common import trust_manager
|
||||
from magnum.tests import base
|
||||
|
||||
|
||||
class TrustManagerTestCase(base.BaseTestCase):
|
||||
def setUp(self):
|
||||
super(TrustManagerTestCase, self).setUp()
|
||||
|
||||
osc_class_patcher = patch('magnum.common.clients.OpenStackClients')
|
||||
osc_class = osc_class_patcher.start()
|
||||
self.addCleanup(osc_class_patcher.stop)
|
||||
|
||||
self.osc = mock.MagicMock()
|
||||
osc_class.return_value = self.osc
|
||||
|
||||
@patch('magnum.common.utils.generate_password')
|
||||
def test_create_trustee_and_trust(self, mock_generate_password):
|
||||
mock_password = "password_mock"
|
||||
mock_trustee_domain_id = 'trustee_domain_id_mock'
|
||||
mock_generate_password.return_value = mock_password
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = 'mock_bay_uuid'
|
||||
mock_keystone = mock.MagicMock()
|
||||
mock_trustee = mock.MagicMock()
|
||||
mock_trustee.id = 'mock_trustee_id'
|
||||
mock_trustee.name = 'mock_trustee_username'
|
||||
mock_trust = mock.MagicMock()
|
||||
mock_trust.id = 'mock_trust_id'
|
||||
|
||||
self.osc.keystone.return_value = mock_keystone
|
||||
fixture.Config().config(group='trust',
|
||||
trustee_domain_id=mock_trustee_domain_id)
|
||||
|
||||
mock_keystone.create_trustee.return_value = mock_trustee
|
||||
mock_keystone.create_trust.return_value = mock_trust
|
||||
|
||||
trust_manager.create_trustee_and_trust(self.osc, mock_bay)
|
||||
|
||||
mock_keystone.create_trustee.assert_called_once_with(
|
||||
mock_bay.uuid,
|
||||
mock_password,
|
||||
mock_trustee_domain_id,
|
||||
)
|
||||
mock_keystone.create_trust.assert_called_once_with(
|
||||
mock_trustee.id,
|
||||
)
|
||||
self.assertEqual(mock_trustee.name, mock_bay.trustee_username)
|
||||
self.assertEqual(mock_trustee.id, mock_bay.trustee_user_id)
|
||||
self.assertEqual(mock_password, mock_bay.trustee_password)
|
||||
self.assertEqual(mock_trust.id, mock_bay.trust_id)
|
||||
|
||||
def test_delete_trustee_and_trust(self):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.trust_id = 'trust_id'
|
||||
mock_bay.trustee_user_id = 'trustee_user_id'
|
||||
mock_keystone = mock.MagicMock()
|
||||
self.osc.keystone.return_value = mock_keystone
|
||||
|
||||
trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
|
||||
|
||||
mock_keystone.delete_trust.assert_called_once_with(
|
||||
mock_bay.trust_id,
|
||||
)
|
||||
mock_keystone.delete_trustee.assert_called_once_with(
|
||||
mock_bay.trustee_user_id,
|
||||
)
|
||||
|
||||
def test_delete_trustee_and_trust_without_trust_id(self):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.trust_id = None
|
||||
mock_bay.trustee_user_id = 'trustee_user_id'
|
||||
mock_keystone = mock.MagicMock()
|
||||
self.osc.keystone.return_value = mock_keystone
|
||||
|
||||
trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
|
||||
|
||||
self.assertEqual(0, mock_keystone.delete_trust.call_count)
|
||||
mock_keystone.delete_trustee.assert_called_once_with(
|
||||
mock_bay.trustee_user_id,
|
||||
)
|
||||
|
||||
def test_delete_trustee_and_trust_without_trustee_user_id(self):
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.trust_id = 'trust_id'
|
||||
mock_bay.trustee_user_id = None
|
||||
mock_keystone = mock.MagicMock()
|
||||
self.osc.keystone.return_value = mock_keystone
|
||||
|
||||
trust_manager.delete_trustee_and_trust(self.osc, mock_bay)
|
||||
|
||||
mock_keystone.delete_trust.assert_called_once_with(
|
||||
mock_bay.trust_id,
|
||||
)
|
||||
self.assertEqual(0, mock_keystone.delete_trustee.call_count)
|
|
@ -44,23 +44,6 @@ class TestHandler(db_base.DbTestCase):
|
|||
self.bay = objects.Bay(self.context, **bay_dict)
|
||||
self.bay.create()
|
||||
|
||||
self.p = patch(
|
||||
'magnum.conductor.handlers.bay_conductor.Handler.'
|
||||
'_create_trustee_and_trust')
|
||||
|
||||
def create_trustee_and_trust(osc, bay):
|
||||
bay.trust_id = 'trust_id'
|
||||
bay.trustee_username = 'user_name'
|
||||
bay.trustee_user_id = 'user_id'
|
||||
bay.trustee_password = 'password'
|
||||
|
||||
self.p.side_effect = create_trustee_and_trust
|
||||
self.p.start()
|
||||
|
||||
def tearDown(self):
|
||||
self.p.stop()
|
||||
super(TestHandler, self).tearDown()
|
||||
|
||||
@patch('magnum.conductor.scale_manager.ScaleManager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.Handler._poll_and_check')
|
||||
@patch('magnum.conductor.handlers.bay_conductor._update_stack')
|
||||
|
@ -163,12 +146,13 @@ class TestHandler(db_base.DbTestCase):
|
|||
self._test_update_bay_status_complete(bay_status.ADOPT_COMPLETE)
|
||||
|
||||
@patch('magnum.conductor.handlers.bay_conductor.HeatPoller')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.trust_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.cert_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor._create_stack')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.uuid')
|
||||
@patch('magnum.common.clients.OpenStackClients')
|
||||
def test_create(self, mock_openstack_client_class, mock_uuid,
|
||||
mock_create_stack, mock_cert_manager,
|
||||
mock_create_stack, mock_cert_manager, mock_trust_manager,
|
||||
mock_heat_poller_class):
|
||||
timeout = 15
|
||||
test_uuid = uuid.uuid4()
|
||||
|
@ -176,7 +160,8 @@ class TestHandler(db_base.DbTestCase):
|
|||
mock_poller = mock.MagicMock()
|
||||
mock_poller.poll_and_check.return_value = loopingcall.LoopingCallDone()
|
||||
mock_heat_poller_class.return_value = mock_poller
|
||||
mock_openstack_client_class.return_value = mock.sentinel.osc
|
||||
osc = mock.sentinel.osc
|
||||
mock_openstack_client_class.return_value = osc
|
||||
|
||||
def create_stack_side_effect(context, osc, bay, timeout):
|
||||
self.assertEqual(str(test_uuid), bay.uuid)
|
||||
|
@ -203,13 +188,19 @@ class TestHandler(db_base.DbTestCase):
|
|||
mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
|
||||
self.bay)
|
||||
self.assertEqual(bay_status.CREATE_IN_PROGRESS, bay.status)
|
||||
mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
|
||||
osc, self.bay)
|
||||
|
||||
@patch('magnum.conductor.handlers.bay_conductor.trust_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.cert_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor._create_stack')
|
||||
@patch('magnum.common.clients.OpenStackClients')
|
||||
def test_create_handles_bad_request(self, mock_openstack_client_class,
|
||||
mock_create_stack,
|
||||
mock_cert_manager):
|
||||
mock_cert_manager,
|
||||
mock_trust_manager):
|
||||
osc = mock.MagicMock()
|
||||
mock_openstack_client_class.return_value = osc
|
||||
mock_create_stack.side_effect = exc.HTTPBadRequest
|
||||
timeout = 15
|
||||
self.assertRaises(exception.InvalidParameterValue,
|
||||
|
@ -218,15 +209,25 @@ class TestHandler(db_base.DbTestCase):
|
|||
mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
|
||||
self.bay)
|
||||
mock_cert_manager.delete_certificates_from_bay(self.bay)
|
||||
mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
|
||||
osc, self.bay)
|
||||
mock_trust_manager.delete_trustee_and_trust.assert_called_once_with(
|
||||
osc, self.bay)
|
||||
|
||||
@patch('magnum.conductor.handlers.bay_conductor.trust_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.cert_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor._create_stack')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.uuid')
|
||||
@patch('magnum.common.clients.OpenStackClients')
|
||||
def test_create_with_invalid_unicode_name(self,
|
||||
mock_openstack_client_class,
|
||||
mock_uuid,
|
||||
mock_create_stack,
|
||||
mock_cert_manager):
|
||||
mock_cert_manager,
|
||||
mock_trust_manager):
|
||||
timeout = 15
|
||||
osc = mock.MagicMock()
|
||||
mock_openstack_client_class.return_value = osc
|
||||
test_uuid = uuid.uuid4()
|
||||
mock_uuid.uuid4.return_value = test_uuid
|
||||
error_message = six.u("""Invalid stack name 测试集群-zoyh253geukk
|
||||
|
@ -239,6 +240,8 @@ class TestHandler(db_base.DbTestCase):
|
|||
self.bay, timeout)
|
||||
mock_cert_manager.generate_certificates_to_bay.assert_called_once_with(
|
||||
self.bay)
|
||||
mock_trust_manager.create_trustee_and_trust.assert_called_once_with(
|
||||
osc, self.bay)
|
||||
|
||||
@patch('magnum.common.clients.OpenStackClients')
|
||||
def test_bay_delete(self, mock_openstack_client_class):
|
||||
|
@ -430,13 +433,16 @@ class TestHeatPoller(base.TestCase):
|
|||
|
||||
self.assertEqual(2, bay.node_count)
|
||||
|
||||
@patch('magnum.conductor.handlers.bay_conductor.trust_manager')
|
||||
@patch('magnum.conductor.handlers.bay_conductor.cert_manager')
|
||||
def test_delete_complete(self, cert_manager):
|
||||
def test_delete_complete(self, cert_manager, trust_manager):
|
||||
mock_heat_stack, bay, poller = self.setup_poll_test()
|
||||
poller._delete_complete()
|
||||
self.assertEqual(1, bay.destroy.call_count)
|
||||
self.assertEqual(1,
|
||||
cert_manager.delete_certificates_from_bay.call_count)
|
||||
self.assertEqual(1,
|
||||
trust_manager.delete_trustee_and_trust.call_count)
|
||||
|
||||
def test_create_or_complete(self):
|
||||
mock_heat_stack, bay, poller = self.setup_poll_test()
|
||||
|
|
Loading…
Reference in New Issue