Use openstack cli to resolve project/user id
The openstack command can resolve project id or user id from name and domain name/id given. We can use that feature instead of maintaining our own logic. Change-Id: I3d4fbb082cf228ef4a75c0761fb21fdebf664cf4
This commit is contained in:
Takashi Kajinami
parent
df9ce566c6
commit
80a1953d7d
@ -102,20 +102,6 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
|
||||
@users_name[id_str]
|
||||
end
|
||||
|
||||
def self.project_id_from_name_and_domain_name(name, domain_name)
|
||||
@projects_name ||= {}
|
||||
id_str = "#{name}_#{domain_name}"
|
||||
unless @projects_name.keys.include?(id_str)
|
||||
project = fetch_project(name, domain_name)
|
||||
if project && project.key?(:id)
|
||||
@projects_name[id_str] = project[:id]
|
||||
else
|
||||
err("Could not find project with name [#{name}] and domain [#{domain_name}]")
|
||||
end
|
||||
end
|
||||
@projects_name[id_str]
|
||||
end
|
||||
|
||||
def self.domain_name_from_id(id)
|
||||
unless @domain_hash
|
||||
list = system_request('domain', 'list')
|
||||
@ -152,15 +138,6 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack
|
||||
@domain_hash_name[name]
|
||||
end
|
||||
|
||||
def self.fetch_project(name, domain)
|
||||
domain ||= default_domain
|
||||
system_request('project', 'show',
|
||||
[name, '--domain', domain],
|
||||
{:no_retry_exception_msgs => /No project with a name or ID/})
|
||||
rescue Puppet::ExecutionFailure => e
|
||||
raise e unless e.message =~ /No project with a name or ID/
|
||||
end
|
||||
|
||||
def self.fetch_user(name, domain)
|
||||
domain ||= default_domain
|
||||
user = system_request('user', 'show',
|
||||
|
||||
@ -86,27 +86,15 @@ Puppet::Type.type(:keystone_user_role).provide(
|
||||
return @properties if @properties
|
||||
properties = []
|
||||
if set?(:project)
|
||||
properties << '--project' << get_project_id
|
||||
properties << '--project' << project
|
||||
properties << '--project-domain' << project_domain
|
||||
elsif set?(:domain)
|
||||
properties << '--domain' << domain
|
||||
else
|
||||
properties << '--system' << system
|
||||
end
|
||||
properties << '--user' << get_user_id
|
||||
properties << '--user' << user
|
||||
properties << '--user-domain' << user_domain
|
||||
@properties = properties
|
||||
end
|
||||
|
||||
def get_user_id
|
||||
id = self.class.user_id_from_name_and_domain_name(user, user_domain)
|
||||
raise(Puppet::Error, "No user #{user} with domain #{user_domain} found") if id.nil?
|
||||
id
|
||||
end
|
||||
|
||||
def get_project_id
|
||||
id = self.class.project_id_from_name_and_domain_name(project, project_domain)
|
||||
if id.nil?
|
||||
raise(Puppet::Error, "No project #{project} with domain #{project_domain} found")
|
||||
end
|
||||
id
|
||||
end
|
||||
end
|
||||
|
||||
@ -62,38 +62,6 @@ id="newid"
|
||||
end
|
||||
end
|
||||
|
||||
describe '#fetch_project' do
|
||||
let(:set_env) do
|
||||
ENV['OS_USERNAME'] = 'test'
|
||||
ENV['OS_PASSWORD'] = 'abc123'
|
||||
ENV['OS_SYSTEM_SCOPE'] = 'all'
|
||||
ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5000/v3'
|
||||
end
|
||||
|
||||
before(:each) do
|
||||
set_env
|
||||
end
|
||||
|
||||
it 'should be false if the project does not exist' do
|
||||
expect(klass).to receive(:request_timeout).and_return(0)
|
||||
expect(klass).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell', ['no_project', '--domain', 'Default'])
|
||||
.exactly(1).times
|
||||
.and_raise(Puppet::ExecutionFailure, "Execution of '/usr/bin/openstack project show --format shell no_project' returned 1: No project with a name or ID of 'no_project' exists.")
|
||||
expect(klass.fetch_project('no_project', 'Default')).to be_falsey
|
||||
end
|
||||
|
||||
it 'should return the project' do
|
||||
expect(klass).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell', ['The Project', '--domain', 'Default'])
|
||||
.and_return('
|
||||
name="The Project"
|
||||
id="the_project_id"
|
||||
')
|
||||
expect(klass.fetch_project('The Project', 'Default')).to eq({:name=>"The Project", :id=>"the_project_id"})
|
||||
end
|
||||
end
|
||||
|
||||
describe '#fetch_user' do
|
||||
let(:set_env) do
|
||||
ENV['OS_USERNAME'] = 'test'
|
||||
|
||||
@ -36,33 +36,27 @@ describe Puppet::Type.type(:keystone_user_role).provider(:openstack) do
|
||||
|
||||
describe '#create' do
|
||||
before(:each) do
|
||||
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role assignment', 'list', '--quiet', '--format', 'csv',
|
||||
['--names', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['--names',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
.and_return('"ID","Name","Project","User"
|
||||
"role1_id","role1","project1","user1"
|
||||
"role2_id","role2","project1","user1"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'add',
|
||||
['role1', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['role1',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'add',
|
||||
['role2', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell',
|
||||
['project1', '--domain', 'domain1'])
|
||||
.and_return('name="project1"
|
||||
id="project1_id"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('user', 'show', '--format', 'shell',
|
||||
['user1', '--domain', 'domain1'])
|
||||
.and_return('name="user1"
|
||||
id="user1_id"
|
||||
')
|
||||
['role2',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
end
|
||||
|
||||
include_examples 'create the correct resource', [
|
||||
{
|
||||
'expected_results' => {}
|
||||
@ -107,25 +101,19 @@ id="user1_id"
|
||||
provider.instance_variable_get('@property_hash')[:roles] = ['role1', 'role2']
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'remove',
|
||||
['role1', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['role1',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'remove',
|
||||
['role2', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell',
|
||||
['project1', '--domain', 'domain1'])
|
||||
.and_return('name="project1"
|
||||
id="project1_id"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('user', 'show', '--format', 'shell',
|
||||
['user1', '--domain', 'domain1'])
|
||||
.and_return('name="user1"
|
||||
id="user1_id"
|
||||
')
|
||||
['role2',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role assignment', 'list', '--quiet', '--format', 'csv',
|
||||
['--names', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['--names',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
.and_return('"ID","Name","Project","User"
|
||||
')
|
||||
provider.destroy
|
||||
@ -137,22 +125,12 @@ id="user1_id"
|
||||
subject(:response) do
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role assignment', 'list', '--quiet', '--format', 'csv',
|
||||
['--names', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['--names',
|
||||
'--project', 'project1', '--project-domain', 'domain1',
|
||||
'--user', 'user1', '--user-domain', 'domain1'])
|
||||
.and_return('"ID","Name","Project","User"
|
||||
"role1_id","role1","project1","user1"
|
||||
"role2_id","role2","project1","user1"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell',
|
||||
['project1', '--domain', 'domain1'])
|
||||
.and_return('name="project1"
|
||||
id="project1_id"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('user', 'show', '--format', 'shell',
|
||||
['user1', '--domain', 'domain1'])
|
||||
.and_return('name="user1"
|
||||
id="user1_id"
|
||||
')
|
||||
provider.exists?
|
||||
end
|
||||
@ -173,28 +151,24 @@ id="user1_id"
|
||||
expect(provider).to receive(:roles).and_return(%w(role_one role_two))
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'remove',
|
||||
['role_one', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['role_one',
|
||||
'--project', 'project_one', '--project-domain', 'Default',
|
||||
'--user', 'user_one', '--user-domain', 'Default'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'remove',
|
||||
['role_two', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['role_two',
|
||||
'--project', 'project_one', '--project-domain', 'Default',
|
||||
'--user', 'user_one', '--user-domain', 'Default'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'add',
|
||||
['one', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
['one',
|
||||
'--project', 'project_one', '--project-domain', 'Default',
|
||||
'--user', 'user_one', '--user-domain', 'Default'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('role', 'add',
|
||||
['two', '--project', 'project1_id', '--user', 'user1_id'])
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('project', 'show', '--format', 'shell',
|
||||
['project_one', '--domain', 'Default'])
|
||||
.and_return('name="project_one"
|
||||
id="project1_id"
|
||||
')
|
||||
expect(described_class).to receive(:openstack)
|
||||
.with('user', 'show', '--format', 'shell',
|
||||
['user_one', '--domain', 'Default'])
|
||||
.and_return('name="role_one"
|
||||
id="user1_id"
|
||||
')
|
||||
['two',
|
||||
'--project', 'project_one', '--project-domain', 'Default',
|
||||
'--user', 'user_one', '--user-domain', 'Default'])
|
||||
provider.roles = %w(one two)
|
||||
end
|
||||
end
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user