Merge "Ensure cleanup is performed correctly on roles"
This commit is contained in:
commit
9fa4228ab0
@ -64,6 +64,12 @@ class RoleGenerator(context.Context):
|
|||||||
raise exceptions.NotFoundException(
|
raise exceptions.NotFoundException(
|
||||||
"There is no role with name `%s`" % context_role)
|
"There is no role with name `%s`" % context_role)
|
||||||
|
|
||||||
|
def _get_user_role_ids(self, user_id, project_id):
|
||||||
|
keystone = identity.Identity(osclients.Clients(self.credential))
|
||||||
|
user_roles = keystone.list_roles(user_id=user_id,
|
||||||
|
project_id=project_id)
|
||||||
|
return [role.id for role in user_roles]
|
||||||
|
|
||||||
def _get_consumer(self, func_name):
|
def _get_consumer(self, func_name):
|
||||||
def consume(cache, args):
|
def consume(cache, args):
|
||||||
role_id, user_id, project_id = args
|
role_id, user_id, project_id = args
|
||||||
@ -90,20 +96,28 @@ class RoleGenerator(context.Context):
|
|||||||
"role_id": role.id,
|
"role_id": role.id,
|
||||||
"threads": threads})
|
"threads": threads})
|
||||||
for user in self.context["users"]:
|
for user in self.context["users"]:
|
||||||
|
if "roles" not in user:
|
||||||
|
user["roles"] = self._get_user_role_ids(
|
||||||
|
user["id"],
|
||||||
|
user["tenant_id"])
|
||||||
|
user["assigned_roles"] = []
|
||||||
|
if role.id not in user["roles"]:
|
||||||
args = (role.id, user["id"], user["tenant_id"])
|
args = (role.id, user["id"], user["tenant_id"])
|
||||||
queue.append(args)
|
queue.append(args)
|
||||||
|
user["assigned_roles"].append(role.id)
|
||||||
|
|
||||||
broker.run(publish, self._get_consumer("add_role"), threads)
|
broker.run(publish, self._get_consumer("add_role"), threads)
|
||||||
self.context["roles"] = roles_dict
|
self.context["roles"] = roles_dict
|
||||||
|
|
||||||
def cleanup(self):
|
def cleanup(self):
|
||||||
"""Remove all roles from users."""
|
"""Remove assigned roles from users."""
|
||||||
threads = self.workers
|
threads = self.workers
|
||||||
|
|
||||||
def publish(queue):
|
def publish(queue):
|
||||||
for role_id in self.context["roles"]:
|
for role_id in self.context["roles"]:
|
||||||
LOG.debug("Removing role %s from all users" % role_id)
|
LOG.debug("Removing assigned role %s from all users" % role_id)
|
||||||
for user in self.context["users"]:
|
for user in self.context["users"]:
|
||||||
|
if role_id in user["assigned_roles"]:
|
||||||
args = (role_id, user["id"], user["tenant_id"])
|
args = (role_id, user["id"], user["tenant_id"])
|
||||||
queue.append(args)
|
queue.append(args)
|
||||||
|
|
||||||
|
@ -87,8 +87,10 @@ class RoleGeneratorTestCase(test.TestCase):
|
|||||||
ctx = roles.RoleGenerator(self.context)
|
ctx = roles.RoleGenerator(self.context)
|
||||||
ctx.context["roles"] = {"r1": "test_role1",
|
ctx.context["roles"] = {"r1": "test_role1",
|
||||||
"r2": "test_role2"}
|
"r2": "test_role2"}
|
||||||
ctx.context["users"] = [{"id": "u1", "tenant_id": "t1"},
|
ctx.context["users"] = [{"id": "u1", "tenant_id": "t1",
|
||||||
{"id": "u2", "tenant_id": "t2"}]
|
"assigned_roles": ["r1", "r2"]},
|
||||||
|
{"id": "u2", "tenant_id": "t2",
|
||||||
|
"assigned_roles": ["r1", "r2"]}]
|
||||||
ctx.credential = mock.MagicMock()
|
ctx.credential = mock.MagicMock()
|
||||||
ctx.cleanup()
|
ctx.cleanup()
|
||||||
calls = [
|
calls = [
|
||||||
@ -107,17 +109,23 @@ class RoleGeneratorTestCase(test.TestCase):
|
|||||||
mock_osclients.Clients.return_value = fc
|
mock_osclients.Clients.return_value = fc
|
||||||
self.create_default_roles_and_patch_add_remove_functions(fc)
|
self.create_default_roles_and_patch_add_remove_functions(fc)
|
||||||
|
|
||||||
|
def _get_user_role_ids_side_effect(user_id, project_id):
|
||||||
|
return ["r1", "r2"] if user_id == "u3" else []
|
||||||
|
|
||||||
with roles.RoleGenerator(self.context) as ctx:
|
with roles.RoleGenerator(self.context) as ctx:
|
||||||
ctx.context["users"] = [{"id": "u1", "tenant_id": "t1"},
|
ctx.context["users"] = [{"id": "u1", "tenant_id": "t1"},
|
||||||
{"id": "u2", "tenant_id": "t2"}]
|
{"id": "u2", "tenant_id": "t2"},
|
||||||
|
{"id": "u3", "tenant_id": "t3"}]
|
||||||
|
|
||||||
|
ctx._get_user_role_ids = mock.MagicMock()
|
||||||
|
ctx._get_user_role_ids.side_effect = _get_user_role_ids_side_effect
|
||||||
ctx.setup()
|
ctx.setup()
|
||||||
ctx.credential = mock.MagicMock()
|
ctx.credential = mock.MagicMock()
|
||||||
calls = [
|
calls = [
|
||||||
mock.call(user="u1", role="r1", tenant="t1"),
|
mock.call(user="u1", role="r1", tenant="t1"),
|
||||||
mock.call(user="u2", role="r1", tenant="t2"),
|
mock.call(user="u2", role="r1", tenant="t2"),
|
||||||
mock.call(user="u1", role="r2", tenant="t1"),
|
mock.call(user="u1", role="r2", tenant="t1"),
|
||||||
mock.call(user="u2", role="r2", tenant="t2")
|
mock.call(user="u2", role="r2", tenant="t2"),
|
||||||
]
|
]
|
||||||
fc.keystone().roles.add_user_role.assert_has_calls(calls,
|
fc.keystone().roles.add_user_role.assert_has_calls(calls,
|
||||||
any_order=True)
|
any_order=True)
|
||||||
@ -128,7 +136,7 @@ class RoleGeneratorTestCase(test.TestCase):
|
|||||||
self.assertEqual(2, len(ctx.context["roles"]))
|
self.assertEqual(2, len(ctx.context["roles"]))
|
||||||
self.assertEqual(2, len(fc.keystone().roles.list()))
|
self.assertEqual(2, len(fc.keystone().roles.list()))
|
||||||
|
|
||||||
# Cleanup (called by content manager)
|
# Cleanup (called by context manager)
|
||||||
self.assertEqual(2, len(fc.keystone().roles.list()))
|
self.assertEqual(2, len(fc.keystone().roles.list()))
|
||||||
self.assertEqual(4, fc.keystone().roles.add_user_role.call_count)
|
self.assertEqual(4, fc.keystone().roles.add_user_role.call_count)
|
||||||
self.assertEqual(4, fc.keystone().roles.remove_user_role.call_count)
|
self.assertEqual(4, fc.keystone().roles.remove_user_role.call_count)
|
||||||
|
Loading…
Reference in New Issue
Block a user