Add 'nova-manage export auth'
* Introduce ability to dump auth data to json blob for consumption by keystone * Implements bp keystone-export-rewrite Change-Id: Ic8c0ade8350daa449fb6df7ad3c55c3ae2b0c2c7
This commit is contained in:
Brian Waldon
@@ -2241,12 +2241,80 @@ class GetLogCommands(object):
|
||||
print "No nova entries in syslog!"
|
||||
|
||||
|
||||
class ExportCommands(object):
|
||||
"""Commands used to export data from Nova"""
|
||||
|
||||
def auth(self):
|
||||
"""Export Nova auth data in format that can be consumed by Keystone"""
|
||||
print json.dumps(self._get_auth_data())
|
||||
|
||||
def _get_auth_data(self):
|
||||
output = {
|
||||
'users': [],
|
||||
'tenants': [],
|
||||
'user_tenant_list': [],
|
||||
'ec2_credentials': [],
|
||||
'roles': [],
|
||||
'role_user_tenant_list': [],
|
||||
}
|
||||
|
||||
am = manager.AuthManager()
|
||||
|
||||
for user in am.get_users():
|
||||
user_dict = {
|
||||
'id': user.id,
|
||||
'name': user.name,
|
||||
'password': user.access,
|
||||
}
|
||||
output['users'].append(user_dict)
|
||||
|
||||
ec2_cred = {
|
||||
'user_id': user.id,
|
||||
'access_key': user.access,
|
||||
'secret_key': user.secret,
|
||||
}
|
||||
output['ec2_credentials'].append(ec2_cred)
|
||||
|
||||
for project in am.get_projects():
|
||||
tenant = {
|
||||
'id': project.id,
|
||||
'name': project.name,
|
||||
'description': project.description,
|
||||
}
|
||||
output['tenants'].append(tenant)
|
||||
|
||||
for user_id in project.member_ids:
|
||||
membership = {
|
||||
'tenant_id': project.id,
|
||||
'user_id': user_id,
|
||||
}
|
||||
output['user_tenant_list'].append(membership)
|
||||
|
||||
for role in am.get_roles():
|
||||
if role not in output['roles']:
|
||||
output['roles'].append(role)
|
||||
|
||||
for project in am.get_projects():
|
||||
for user_id in project.member_ids:
|
||||
user = am.get_user(user_id)
|
||||
for role in am.get_user_roles(user_id, project.id):
|
||||
role_grant = {
|
||||
'role': role,
|
||||
'user_id': user_id,
|
||||
'tenant_id': project.id,
|
||||
}
|
||||
output['role_user_tenant_list'].append(role_grant)
|
||||
|
||||
return output
|
||||
|
||||
|
||||
CATEGORIES = [
|
||||
('account', AccountCommands),
|
||||
('agent', AgentBuildCommands),
|
||||
('config', ConfigCommands),
|
||||
('db', DbCommands),
|
||||
('drive', VsaDriveTypeCommands),
|
||||
('export', ExportCommands),
|
||||
('fixed', FixedIpCommands),
|
||||
('flavor', InstanceTypeCommands),
|
||||
('floating', FloatingIpCommands),
|
||||
|
||||
@@ -15,9 +15,21 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import imp
|
||||
import json
|
||||
import os
|
||||
import StringIO
|
||||
import sys
|
||||
|
||||
import stubout
|
||||
|
||||
import nova.auth.manager
|
||||
from nova import context
|
||||
from nova import db
|
||||
from nova import test
|
||||
from nova.tests.db import fakes as db_fakes
|
||||
|
||||
|
||||
TOPDIR = os.path.normpath(os.path.join(
|
||||
os.path.dirname(os.path.abspath(__file__)),
|
||||
os.pardir,
|
||||
@@ -25,16 +37,8 @@ TOPDIR = os.path.normpath(os.path.join(
|
||||
NOVA_MANAGE_PATH = os.path.join(TOPDIR, 'bin', 'nova-manage')
|
||||
|
||||
sys.dont_write_bytecode = True
|
||||
import imp
|
||||
nova_manage = imp.load_source('nova_manage.py', NOVA_MANAGE_PATH)
|
||||
sys.dont_write_bytecode = False
|
||||
import stubout
|
||||
|
||||
import StringIO
|
||||
from nova import context
|
||||
from nova import db
|
||||
from nova import test
|
||||
from nova.tests.db import fakes as db_fakes
|
||||
|
||||
|
||||
class FixedIpCommandsTestCase(test.TestCase):
|
||||
@@ -244,3 +248,52 @@ class NetworkCommandsTestCase(test.TestCase):
|
||||
self._test_modify_base(update_value={'project_id': None, 'host': None},
|
||||
project=None, host=None, dis_project=True,
|
||||
dis_host=True)
|
||||
|
||||
|
||||
class ExportAuthTestCase(test.TestCase):
|
||||
|
||||
def test_export(self):
|
||||
self.flags(allowed_roles=['role1', 'role2'])
|
||||
am = nova.auth.manager.AuthManager(new=True)
|
||||
user1 = am.create_user('user1', 'a1', 's1')
|
||||
user2 = am.create_user('user2', 'a2', 's2')
|
||||
user3 = am.create_user('user3', 'a3', 's3')
|
||||
proj1 = am.create_project('proj1', user1, member_users=[user1, user2])
|
||||
proj2 = am.create_project('proj2', user2, member_users=[user2, user3])
|
||||
am.add_role(user1, 'role1', proj1)
|
||||
am.add_role(user1, 'role1', proj2)
|
||||
am.add_role(user3, 'role1', proj1)
|
||||
am.add_role(user3, 'role2', proj2)
|
||||
|
||||
commands = nova_manage.ExportCommands()
|
||||
output = commands._get_auth_data()
|
||||
|
||||
expected = {
|
||||
"users": [
|
||||
{"id": "user1", "name": "user1", 'password': 'a1'},
|
||||
{"id": "user2", "name": "user2", 'password': 'a2'},
|
||||
{"id": "user3", "name": "user3", 'password': 'a3'},
|
||||
],
|
||||
"roles": ["role1", "role2"],
|
||||
"role_user_tenant_list": [
|
||||
{"user_id": "user1", "role": "role1", "tenant_id": "proj1"},
|
||||
{"user_id": "user3", "role": "role2", "tenant_id": "proj2"},
|
||||
],
|
||||
"user_tenant_list": [
|
||||
{"tenant_id": "proj1", "user_id": "user1"},
|
||||
{"tenant_id": "proj1", "user_id": "user2"},
|
||||
{"tenant_id": "proj2", "user_id": "user2"},
|
||||
{"tenant_id": "proj2", "user_id": "user3"},
|
||||
],
|
||||
"ec2_credentials": [
|
||||
{"access_key": "a1", "secret_key": "s1", "user_id": "user1"},
|
||||
{"access_key": "a2", "secret_key": "s2", "user_id": "user2"},
|
||||
{"access_key": "a3", "secret_key": "s3", "user_id": "user3"},
|
||||
],
|
||||
"tenants": [
|
||||
{"description": "proj1", "id": "proj1", "name": "proj1"},
|
||||
{"description": "proj2", "id": "proj2", "name": "proj2"},
|
||||
],
|
||||
}
|
||||
|
||||
self.assertDictMatch(output, expected)
|
||||
|
||||
Reference in New Issue
Block a user