From 283ea4a16622287c476141736d373405119f3e79 Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Fri, 30 Mar 2012 14:34:14 +0100 Subject: [PATCH] Export user id as password to keystone when using noauth Fixes bug #969208 When using noauth, a user's password is her user id (e.g. in novarc). When we export to keystone, we should make sure the same credentials keep working rather than effectively switching all the passwords to random UUIDs which users would never have seen before. Change-Id: Ie77c622ce1952d03e836bb64167184022a02e902 --- bin/nova-manage | 11 +++++++++-- nova/tests/test_nova_manage.py | 24 +++++++++++++++++------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/bin/nova-manage b/bin/nova-manage index 65082ba90abb..462b9d5e2101 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -1542,16 +1542,23 @@ class ExportCommands(object): am = manager.AuthManager() for user in am.get_users(): + # NOTE(vish): Deprecated auth uses an access key, no auth uses a + # the user_id in place of it. + if FLAGS.auth_strategy == 'deprecated': + access = user.access + else: + access = user.id + user_dict = { 'id': user.id, 'name': user.name, - 'password': user.access, + 'password': access, } output['users'].append(user_dict) ec2_cred = { 'user_id': user.id, - 'access_key': user.access, + 'access_key': access, 'secret_key': user.secret, } output['ec2_credentials'].append(ec2_cred) diff --git a/nova/tests/test_nova_manage.py b/nova/tests/test_nova_manage.py index a91657ac46e9..d3ef7ed95e3b 100644 --- a/nova/tests/test_nova_manage.py +++ b/nova/tests/test_nova_manage.py @@ -239,7 +239,14 @@ class NetworkCommandsTestCase(test.TestCase): class ExportAuthTestCase(test.TestCase): - def test_export(self): + def test_export_with_noauth(self): + self._do_test_export() + + def test_export_with_deprecated_auth(self): + self.flags(auth_strategy='deprecated') + self._do_test_export(noauth=False) + + def _do_test_export(self, noauth=True): self.flags(allowed_roles=['role1', 'role2']) am = nova.auth.manager.AuthManager(new=True) user1 = am.create_user('user1', 'a1', 's1') @@ -255,11 +262,14 @@ class ExportAuthTestCase(test.TestCase): commands = nova_manage.ExportCommands() output = commands._get_auth_data() + def pw(idx): + return ('user' if noauth else 'a') + str(idx) + expected = { "users": [ - {"id": "user1", "name": "user1", 'password': 'a1'}, - {"id": "user2", "name": "user2", 'password': 'a2'}, - {"id": "user3", "name": "user3", 'password': 'a3'}, + {"id": "user1", "name": "user1", 'password': pw(1)}, + {"id": "user2", "name": "user2", 'password': pw(2)}, + {"id": "user3", "name": "user3", 'password': pw(3)}, ], "roles": ["role1", "role2"], "role_user_tenant_list": [ @@ -273,9 +283,9 @@ class ExportAuthTestCase(test.TestCase): {"tenant_id": "proj2", "user_id": "user3"}, ], "ec2_credentials": [ - {"access_key": "a1", "secret_key": "s1", "user_id": "user1"}, - {"access_key": "a2", "secret_key": "s2", "user_id": "user2"}, - {"access_key": "a3", "secret_key": "s3", "user_id": "user3"}, + {"access_key": pw(1), "secret_key": "s1", "user_id": "user1"}, + {"access_key": pw(2), "secret_key": "s2", "user_id": "user2"}, + {"access_key": pw(3), "secret_key": "s3", "user_id": "user3"}, ], "tenants": [ {"description": "proj1", "id": "proj1", "name": "proj1"},