Export user id as password to keystone when using noauth

Fixes bug #969208

When using noauth, a user's password is her user id (e.g. in novarc).

When we export to keystone, we should make sure the same credentials
keep working rather than effectively switching all the passwords to
random UUIDs which users would never have seen before.

Change-Id: Ie77c622ce1952d03e836bb64167184022a02e902
This commit is contained in:
Mark McLoughlin 2012-03-30 14:34:14 +01:00
parent 75676812e8
commit 283ea4a166
2 changed files with 26 additions and 9 deletions

View File

@ -1542,16 +1542,23 @@ class ExportCommands(object):
am = manager.AuthManager() am = manager.AuthManager()
for user in am.get_users(): for user in am.get_users():
# NOTE(vish): Deprecated auth uses an access key, no auth uses a
# the user_id in place of it.
if FLAGS.auth_strategy == 'deprecated':
access = user.access
else:
access = user.id
user_dict = { user_dict = {
'id': user.id, 'id': user.id,
'name': user.name, 'name': user.name,
'password': user.access, 'password': access,
} }
output['users'].append(user_dict) output['users'].append(user_dict)
ec2_cred = { ec2_cred = {
'user_id': user.id, 'user_id': user.id,
'access_key': user.access, 'access_key': access,
'secret_key': user.secret, 'secret_key': user.secret,
} }
output['ec2_credentials'].append(ec2_cred) output['ec2_credentials'].append(ec2_cred)

View File

@ -239,7 +239,14 @@ class NetworkCommandsTestCase(test.TestCase):
class ExportAuthTestCase(test.TestCase): class ExportAuthTestCase(test.TestCase):
def test_export(self): def test_export_with_noauth(self):
self._do_test_export()
def test_export_with_deprecated_auth(self):
self.flags(auth_strategy='deprecated')
self._do_test_export(noauth=False)
def _do_test_export(self, noauth=True):
self.flags(allowed_roles=['role1', 'role2']) self.flags(allowed_roles=['role1', 'role2'])
am = nova.auth.manager.AuthManager(new=True) am = nova.auth.manager.AuthManager(new=True)
user1 = am.create_user('user1', 'a1', 's1') user1 = am.create_user('user1', 'a1', 's1')
@ -255,11 +262,14 @@ class ExportAuthTestCase(test.TestCase):
commands = nova_manage.ExportCommands() commands = nova_manage.ExportCommands()
output = commands._get_auth_data() output = commands._get_auth_data()
def pw(idx):
return ('user' if noauth else 'a') + str(idx)
expected = { expected = {
"users": [ "users": [
{"id": "user1", "name": "user1", 'password': 'a1'}, {"id": "user1", "name": "user1", 'password': pw(1)},
{"id": "user2", "name": "user2", 'password': 'a2'}, {"id": "user2", "name": "user2", 'password': pw(2)},
{"id": "user3", "name": "user3", 'password': 'a3'}, {"id": "user3", "name": "user3", 'password': pw(3)},
], ],
"roles": ["role1", "role2"], "roles": ["role1", "role2"],
"role_user_tenant_list": [ "role_user_tenant_list": [
@ -273,9 +283,9 @@ class ExportAuthTestCase(test.TestCase):
{"tenant_id": "proj2", "user_id": "user3"}, {"tenant_id": "proj2", "user_id": "user3"},
], ],
"ec2_credentials": [ "ec2_credentials": [
{"access_key": "a1", "secret_key": "s1", "user_id": "user1"}, {"access_key": pw(1), "secret_key": "s1", "user_id": "user1"},
{"access_key": "a2", "secret_key": "s2", "user_id": "user2"}, {"access_key": pw(2), "secret_key": "s2", "user_id": "user2"},
{"access_key": "a3", "secret_key": "s3", "user_id": "user3"}, {"access_key": pw(3), "secret_key": "s3", "user_id": "user3"},
], ],
"tenants": [ "tenants": [
{"description": "proj1", "id": "proj1", "name": "proj1"}, {"description": "proj1", "id": "proj1", "name": "proj1"},