Skip to content

Commit

Permalink
Add 'Member' role to all created users
Browse files Browse the repository at this point in the history 
When cloud's glance service configured to use swift for storing data
then user works with glance must have operator_role.

Change-Id: Idd92640d5d6b1957aa6ac84a4124e0b2eb5f26b1
Closes-bug: #1316166
  • Loading branch information
@Andrey-mp
Andrey-mp authored and Andrey Pavlov committed Jun 23, 2014
1 parent acee202 commit af1fb70
Show file tree
Hide file tree
Showing 3 changed files with 79 additions and 68 deletions.
19 changes: 0 additions & 19 deletions tempest/api/object_storage/base.py
View file
Expand Up @@ -44,9 +44,6 @@ def setUpClass(cls):
cls.isolated_creds.get_admin_creds())
# Get isolated creds for alt user
cls.os_alt = clients.Manager(cls.isolated_creds.get_alt_creds())
# Add isolated users to operator role so that they can create a
# container in swift.
cls._assign_member_role()
else:
cls.os = clients.Manager()
cls.os_admin = clients.AdminManager()
Expand Down Expand Up @@ -79,22 +76,6 @@ def tearDownClass(cls):
cls.isolated_creds.clear_isolated_creds()
super(BaseObjectTest, cls).tearDownClass()

@classmethod
def _assign_member_role(cls):
primary_creds = cls.isolated_creds.get_primary_creds()
alt_creds = cls.isolated_creds.get_alt_creds()
swift_role = CONF.object_storage.operator_role
try:
resp, roles = cls.os_admin.identity_client.list_roles()
role = next(r for r in roles if r['name'] == swift_role)
except StopIteration:
msg = "No role named %s found" % swift_role
raise exceptions.NotFound(msg)
for creds in [primary_creds, alt_creds]:
cls.os_admin.identity_client.assign_user_role(creds.tenant_id,
creds.user_id,
role['id'])

@classmethod
def delete_containers(cls, containers, container_client=None,
object_client=None):
Expand Down
38 changes: 19 additions & 19 deletions tempest/common/isolated_creds.py
View file
Expand Up @@ -106,12 +106,23 @@ def _list_roles(self):
roles = self.identity_admin_client.roles.list()
return roles

def _assign_user_role(self, tenant, user, role):
def _assign_user_role(self, tenant, user, role_name):
role = None
try:
roles = self._list_roles()
if self.tempest_client:
role = next(r for r in roles if r['name'] == role_name)
else:
role = next(r for r in roles if r.name == role_name)
except StopIteration:
msg = 'No "%s" role found' % role_name
raise exceptions.NotFound(msg)
if self.tempest_client:
self.identity_admin_client.assign_user_role(tenant, user, role)
self.identity_admin_client.assign_user_role(tenant['id'],
user['id'], role['id'])
else:
self.identity_admin_client.roles.add_user_role(user,
role, tenant=tenant)
self.identity_admin_client.roles.add_user_role(user.id, role.id,
tenant.id)

def _delete_user(self, user):
if self.tempest_client:
Expand Down Expand Up @@ -149,22 +160,11 @@ def _create_creds(self, suffix="", admin=False):
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self._create_user(username, self.password,
tenant, email)
# NOTE(andrey-mp): user needs this role to create containers in swift
swift_operator_role = CONF.object_storage.operator_role
self._assign_user_role(tenant, user, swift_operator_role)
if admin:
role = None
try:
roles = self._list_roles()
admin_role = CONF.identity.admin_role
if self.tempest_client:
role = next(r for r in roles if r['name'] == admin_role)
else:
role = next(r for r in roles if r.name == admin_role)
except StopIteration:
msg = "No admin role found"
raise exceptions.NotFound(msg)
if self.tempest_client:
self._assign_user_role(tenant['id'], user['id'], role['id'])
else:
self._assign_user_role(tenant.id, user.id, role.id)
self._assign_user_role(tenant, user, CONF.identity.admin_role)
return self._get_credentials(user, tenant)

def _get_credentials(self, user, tenant):
Expand Down
90 changes: 60 additions & 30 deletions tempest/tests/test_tenant_isolation.py
View file
Expand Up @@ -42,6 +42,8 @@ def setUp(self):
self.fake_http = fake_http.fake_httplib2(return_type=200)
self.stubs.Set(http.ClosingHttp, 'request',
fake_identity._fake_v2_response)
cfg.CONF.set_default('operator_role', 'FakeRole',
group='object-storage')

def test_tempest_client(self):
iso_creds = isolated_creds.IsolatedCreds('test class')
Expand Down Expand Up @@ -92,6 +94,31 @@ def _mock_tenant_create(self, id, name):
{'id': id, 'name': name})))
return tenant_fix

def _mock_list_roles(self, id, name):
roles_fix = self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': id, 'name': name},
{'id': '1', 'name': 'FakeRole'}])))
return roles_fix

def _mock_assign_user_role(self):
tenant_fix = self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'assign_user_role',
return_value=({'status': 200},
{})))
return tenant_fix

def _mock_list_role(self):
roles_fix = self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': '1', 'name': 'FakeRole'}])))
return roles_fix

def _mock_network_create(self, iso_creds, id, name):
net_fix = self.useFixture(mockpatch.PatchObject(
iso_creds.network_admin_client,
Expand Down Expand Up @@ -121,6 +148,8 @@ def test_primary_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
primary_creds = iso_creds.get_primary_creds()
Expand All @@ -135,13 +164,9 @@ def test_admin_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_list_roles('1234', 'admin')
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': '1234', 'name': 'admin'}])))

user_mock = mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role')
Expand All @@ -150,7 +175,9 @@ def test_admin_creds(self, MockRestClient):
with mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role') as user_mock:
admin_creds = iso_creds.get_admin_creds()
user_mock.assert_called_once_with('1234', '1234', '1234')
user_mock.assert_has_calls([
mock.call('1234', '1234', '1'),
mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant')
# Verify IDs
Expand All @@ -162,6 +189,8 @@ def test_all_cred_cleanup(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
roles_fix = self._mock_list_role()
tenant_fix = self._mock_tenant_create('1234', 'fake_prim_tenant')
user_fix = self._mock_user_create('1234', 'fake_prim_user')
iso_creds.get_primary_creds()
Expand All @@ -172,16 +201,11 @@ def test_all_cred_cleanup(self, MockRestClient):
iso_creds.get_alt_creds()
tenant_fix.cleanUp()
user_fix.cleanUp()
roles_fix.cleanUp()
tenant_fix = self._mock_tenant_create('123456', 'fake_admin_tenant')
user_fix = self._mock_user_create('123456', 'fake_admin_user')
self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': '123456', 'name': 'admin'}])))
with mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role'):
iso_creds.get_admin_creds()
self._mock_list_roles('123456', 'admin')
iso_creds.get_admin_creds()
user_mock = self.patch(
'tempest.services.identity.json.identity_client.'
'IdentityClientJSON.delete_user')
Expand Down Expand Up @@ -209,6 +233,8 @@ def test_alt_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
alt_creds = iso_creds.get_alt_creds()
Expand All @@ -222,6 +248,8 @@ def test_alt_creds(self, MockRestClient):
def test_network_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_net')
Expand All @@ -247,6 +275,8 @@ def test_network_cleanup(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
# Create primary tenant and network
self._mock_assign_user_role()
roles_fix = self._mock_list_role()
user_fix = self._mock_user_create('1234', 'fake_prim_user')
tenant_fix = self._mock_tenant_create('1234', 'fake_prim_tenant')
net_fix = self._mock_network_create(iso_creds, '1234', 'fake_net')
Expand Down Expand Up @@ -278,6 +308,7 @@ def test_network_cleanup(self, MockRestClient):
net_fix.cleanUp()
subnet_fix.cleanUp()
router_fix.cleanUp()
roles_fix.cleanUp()
# Create admin tenant and networks
user_fix = self._mock_user_create('123456', 'fake_admin_user')
tenant_fix = self._mock_tenant_create('123456', 'fake_admin_tenant')
Expand All @@ -286,14 +317,8 @@ def test_network_cleanup(self, MockRestClient):
subnet_fix = self._mock_subnet_create(iso_creds, '123456',
'fake_admin_subnet')
router_fix = self._mock_router_create('123456', 'fake_admin_router')
self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': '123456', 'name': 'admin'}])))
with mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role'):
iso_creds.get_admin_creds()
self._mock_list_roles('123456', 'admin')
iso_creds.get_admin_creds()
self.patch('tempest.services.identity.json.identity_client.'
'IdentityClientJSON.delete_user')
self.patch('tempest.services.identity.json.identity_client.'
Expand Down Expand Up @@ -348,6 +373,8 @@ def test_network_cleanup(self, MockRestClient):
def test_network_alt_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_alt_net')
Expand All @@ -372,6 +399,7 @@ def test_network_alt_creation(self, MockRestClient):
def test_network_admin_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
self._mock_assign_user_role()
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_admin_net')
Expand All @@ -380,14 +408,8 @@ def test_network_admin_creation(self, MockRestClient):
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClientJSON.'
'add_router_interface_with_subnet_id')
self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
'list_roles',
return_value=({'status': 200},
[{'id': '123456', 'name': 'admin'}])))
with mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role'):
iso_creds.get_admin_creds()
self._mock_list_roles('123456', 'admin')
iso_creds.get_admin_creds()
router_interface_mock.called_once_with('1234', '1234')
network = iso_creds.get_admin_network()
subnet = iso_creds.get_admin_subnet()
Expand All @@ -410,6 +432,8 @@ def test_no_network_resources(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
net = mock.patch.object(iso_creds.network_admin_client,
Expand Down Expand Up @@ -444,6 +468,8 @@ def test_router_without_network(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
Expand All @@ -460,6 +486,8 @@ def test_subnet_without_network(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
Expand All @@ -476,6 +504,8 @@ def test_dhcp_without_subnet(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
Expand Down

0 comments on commit af1fb70

Please sign in to comment.