diff options
| author |   spisarski <s.pisarski@cablelabs.com> | 2017-07-07 15:26:24 -0600 |
|---|---|---|
| committer | spisarski <s.pisarski@cablelabs.com> | 2017-07-11 08:10:28 -0600 |
| commit | 9881e7e312b1927d9be52ae02dccc5f9df3982df (patch) | |
| tree | 167feaba570b4e29368260d82284bd398564c71d /snaps/openstack/utils | |
| parent | 5f3fe6856f07bd1289bac532264eccf6cba68d77 (diff) | |
Added ability to add a user to a role.
This functionality was requested as the SNAPS-OO integration tests
currently have the ability to run these tests in custom projects with
custom users and certain OpenStack installations are not allowing
some of the integration tests functions unless the new user has been
added to the 'admin' role.
Change-Id: I255cfa089a14bbcb434a6cd33b2a1dfae66206b5
Signed-off-by: spisarski <s.pisarski@cablelabs.com>
Diffstat (limited to 'snaps/openstack/utils')
| -rw-r--r-- | snaps/openstack/utils/keystone_utils.py | 61 | ||||
| -rw-r--r-- | snaps/openstack/utils/tests/keystone_utils_tests.py | 38 |
2 files changed, 93 insertions, 6 deletions
diff --git a/snaps/openstack/utils/keystone_utils.py b/snaps/openstack/utils/keystone_utils.py index 3823914..0a850d3 100644 --- a/snaps/openstack/utils/keystone_utils.py +++ b/snaps/openstack/utils/keystone_utils.py @@ -207,12 +207,28 @@ def create_user(keystone, user_settings): email=user_settings.email, tenant_id=project_id, enabled=user_settings.enabled) else: - # TODO - need to support groups os_user = keystone.users.create( name=user_settings.name, password=user_settings.password, email=user_settings.email, project=project, domain=user_settings.domain_name, enabled=user_settings.enabled) + for role_name, role_project in user_settings.roles.items(): + os_role = get_os_role_by_name(keystone, role_name) + os_project = get_project(keystone=keystone, project_name=role_project) + + if os_role and os_project: + existing_roles = get_os_roles_by_user(keystone, os_user, + os_project) + found = False + for role in existing_roles: + if role.id == os_role.id: + found = True + + if not found: + grant_user_role_to_project( + keystone=keystone, user=os_user, role=os_role, + project=os_project) + if os_user: return User(name=os_user.name, user_id=os_user.id) @@ -226,6 +242,45 @@ def delete_user(keystone, user): keystone.users.delete(user.id) +def get_os_role_by_name(keystone, name): + """ + Returns an OpenStack role object of a given name or None if not exists + :param keystone: the keystone client + :param name: the role name + :return: the OpenStack role object + """ + roles = keystone.roles.list() + for role in roles: + if role.name == name: + return role + + +def get_os_roles_by_user(keystone, user, project): + """ + Returns a list of OpenStack role object associated with a user + :param keystone: the keystone client + :param user: the OpenStack user object + :param project: the OpenStack project object (only required for v2) + :return: a list of OpenStack role objects + """ + if keystone.version == V2_VERSION: + os_user = get_os_user(keystone, user) + roles = keystone.roles.roles_for_user(os_user, project) + return roles + else: + return keystone.roles.list(user=user, project=project) + + +def get_os_role_by_id(keystone, role_id): + """ + Returns an OpenStack role object of a given name or None if not exists + :param keystone: the keystone client + :param role_id: the role ID + :return: the OpenStack role object + """ + return keystone.roles.get(role_id) + + def create_role(keystone, name): """ Creates an OpenStack role @@ -246,9 +301,9 @@ def delete_role(keystone, role): keystone.roles.delete(role) -def assoc_user_to_project(keystone, role, user, project): +def grant_user_role_to_project(keystone, role, user, project): """ - Adds a user to a project + Grants user and role to a project :param keystone: the Keystone client :param role: the role used to join a project/user :param user: the user to add to the project (SNAPS-OO User Domain object diff --git a/snaps/openstack/utils/tests/keystone_utils_tests.py b/snaps/openstack/utils/tests/keystone_utils_tests.py index 1fc9d38..89b2b2c 100644 --- a/snaps/openstack/utils/tests/keystone_utils_tests.py +++ b/snaps/openstack/utils/tests/keystone_utils_tests.py @@ -59,12 +59,13 @@ class KeystoneUtilsTests(OSComponentTestCase): Instantiates the CreateImage object that is responsible for downloading and creating an OS image file within OpenStack """ - guid = uuid.uuid4() - self.username = self.__class__.__name__ + '-' + str(guid) + self.guid = self.__class__.__name__ + '-' + str(uuid.uuid4()) + self.username = self.guid + '-username' self.user = None - self.project_name = self.__class__.__name__ + '-' + str(guid) + self.project_name = self.guid + '-projName' self.project = None + self.role = None self.keystone = keystone_utils.keystone_client(self.os_creds) def tearDown(self): @@ -77,6 +78,9 @@ class KeystoneUtilsTests(OSComponentTestCase): if self.user: keystone_utils.delete_user(self.keystone, self.user) + if self.role: + keystone_utils.delete_role(self.keystone, self.role) + def test_create_user_minimal(self): """ Tests the keystone_utils.create_user() function @@ -151,3 +155,31 @@ class KeystoneUtilsTests(OSComponentTestCase): self.assertNotEqual(endpoint_public, endpoint_internal) self.assertNotEqual(endpoint_public, endpoint_admin) self.assertEqual(endpoint_admin, endpoint_internal) + + def test_grant_user_role_to_project(self): + """ + Tests the keystone_utils function grant_user_role_to_project() + :return: + """ + user_settings = UserSettings(name=self.username, + password=str(uuid.uuid4())) + self.user = keystone_utils.create_user(self.keystone, user_settings) + self.assertEqual(self.username, self.user.name) + + project_settings = ProjectSettings(name=self.project_name) + self.project = keystone_utils.create_project(self.keystone, + project_settings) + self.assertEqual(self.project_name, self.project.name) + + role_name = self.guid + '-role' + self.role = keystone_utils.create_role(self.keystone, role_name) + self.assertEqual(role_name, self.role.name) + + keystone_utils.grant_user_role_to_project( + self.keystone, self.role, self.user, self.project) + + user_roles = keystone_utils.get_os_roles_by_user( + self.keystone, self.user, self.project) + self.assertIsNotNone(user_roles) + self.assertEqual(1, len(user_roles)) + self.assertEqual(self.role.id, user_roles[0].id) |