Add get-or-create-user and delete-user actions for ceph auth
The get-or-create-user action allows to create and get user, with its mon and osd capabilities, and retrieve the related keyring. The delete-user action allows to delete users. Closes-Bug: 1899215 func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/765 Change-Id: I2bd148e442990b6ff978624023bd85a741c6259a
This commit is contained in:
parent
bfd999cb85
commit
d3b2494ee8
22
actions.yaml
22
actions.yaml
|
@ -417,3 +417,25 @@ list-crush-rules:
|
|||
default: text
|
||||
description: "The output format, either json, yaml or text (default)"
|
||||
additionalProperties: false
|
||||
get-or-create-user:
|
||||
description: "Get or create a user and it's capabilities."
|
||||
params:
|
||||
username:
|
||||
type: string
|
||||
description: "User ID to get or create."
|
||||
mon-caps:
|
||||
type: string
|
||||
default: allow rw
|
||||
description: "Monitor capabilities include r, w, x access settings or profile {name}."
|
||||
osd-caps:
|
||||
type: string
|
||||
default: allow rw
|
||||
description: "OSD capabilities include r, w, x, class-read, class-write access settings or profile {name}."
|
||||
required: [username]
|
||||
delete-user:
|
||||
description: "Delete a user."
|
||||
params:
|
||||
username:
|
||||
type: string
|
||||
description: "User ID to delete."
|
||||
required: [username]
|
|
@ -0,0 +1 @@
|
|||
delete_user.py
|
|
@ -0,0 +1,43 @@
|
|||
#!/usr/bin/env python3
|
||||
#
|
||||
# Copyright 2022 Canonical Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import sys
|
||||
|
||||
sys.path.append('hooks')
|
||||
from charmhelpers.core.hookenv import action_get, action_fail, action_set, log
|
||||
from subprocess import CalledProcessError, check_output, STDOUT
|
||||
|
||||
|
||||
def delete_user():
|
||||
username = action_get("username")
|
||||
client = "client.{}".format(username)
|
||||
try:
|
||||
log(f'Attempting to delete credentials for entity {client}.')
|
||||
output = check_output(['ceph', 'auth', 'del', client],
|
||||
stderr=STDOUT).decode("utf-8")
|
||||
return output
|
||||
except CalledProcessError as e:
|
||||
log(f'Failed to delete credentials for entity {client}.')
|
||||
action_fail("User creation failed because of a failed process. "
|
||||
"Ret Code: {} Message: {}".format(e.returncode, str(e)))
|
||||
|
||||
|
||||
def main():
|
||||
action_set({"message": delete_user()})
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -0,0 +1 @@
|
|||
get_or_create_user.py
|
|
@ -0,0 +1,63 @@
|
|||
#!/usr/bin/env python3
|
||||
#
|
||||
# Copyright 2022 Canonical Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import sys
|
||||
import json
|
||||
|
||||
sys.path.append("hooks")
|
||||
from charmhelpers.core.hookenv import action_get, action_fail, action_set, log
|
||||
from subprocess import CalledProcessError, check_output
|
||||
|
||||
|
||||
def get_or_create_user():
|
||||
username = action_get("username")
|
||||
client = "client.{}".format(username)
|
||||
try:
|
||||
log(f'Attempting to retrieve existing credentials for entity {client}')
|
||||
keyring = json.loads(
|
||||
check_output(["ceph", "auth", "get", client,
|
||||
"--format=json"]).decode("utf-8")
|
||||
)
|
||||
log(f'Found existing credentials for entity {client}')
|
||||
return json.dumps(keyring, indent=2)
|
||||
except CalledProcessError:
|
||||
log(f'Credentials for entity {client} not found')
|
||||
pass
|
||||
try:
|
||||
log(f'Attempting to create new credentials for entity {client}')
|
||||
mon_caps = action_get("mon-caps")
|
||||
osd_caps = action_get("osd-caps")
|
||||
log(f'with the following mon capabilities: {mon_caps},')
|
||||
log(f'and osd capabilities: {osd_caps}.')
|
||||
keyring = json.loads(
|
||||
check_output(["ceph", "auth", "get-or-create",
|
||||
client, "mon", mon_caps, "osd", osd_caps,
|
||||
"--format=json"]).decode("utf-8")
|
||||
)
|
||||
log(f'New credentials for entity {client} created')
|
||||
return json.dumps(keyring, indent=2)
|
||||
except CalledProcessError as e:
|
||||
log(f'Failed to get or create credentials for entity {client}.')
|
||||
action_fail("User creation failed because of a failed process. "
|
||||
"Ret Code: {} Message: {}".format(e.returncode, str(e)))
|
||||
|
||||
|
||||
def main():
|
||||
action_set({"message": get_or_create_user()})
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -44,7 +44,8 @@ git+https://github.com/openstack-charmers/zaza.git#egg=zaza
|
|||
git+https://github.com/openstack-charmers/zaza-openstack-tests.git#egg=zaza.openstack
|
||||
|
||||
# Needed for charm-glance:
|
||||
git+https://opendev.org/openstack/tempest.git#egg=tempest;python_version>='3.6'
|
||||
git+https://opendev.org/openstack/tempest.git#egg=tempest;python_version>='3.8'
|
||||
tempest<31.0.0;python_version<'3.8'
|
||||
tempest<24.0.0;python_version<'3.6'
|
||||
|
||||
croniter # needed for charm-rabbitmq-server unit tests
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2022 Canonical Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
"""Tests for delete_user action."""
|
||||
|
||||
from actions import delete_user
|
||||
from test_utils import CharmTestCase
|
||||
|
||||
|
||||
class DeleteUserTestCase(CharmTestCase):
|
||||
_stderr = b"""updated"""
|
||||
|
||||
def setUp(self):
|
||||
super(DeleteUserTestCase, self).setUp(
|
||||
delete_user, ["check_output", "action_get", "action_fail",
|
||||
"action_set", "log"])
|
||||
self.action_get.return_value = "sandbox" # username=sandbox
|
||||
self.check_output.return_value = self._stderr
|
||||
|
||||
def test_delete_user(self):
|
||||
"""Test getting status updated."""
|
||||
self.user = None
|
||||
|
||||
def _action_set(message):
|
||||
self.user = message["message"]
|
||||
self.action_set.side_effect = _action_set
|
||||
delete_user.main()
|
||||
self.action_get.assert_called_once_with("username")
|
||||
self.assertEqual(self.user, "updated")
|
|
@ -0,0 +1,57 @@
|
|||
# Copyright 2022 Canonical Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
"""Tests for get_or_create_user action."""
|
||||
|
||||
import json
|
||||
|
||||
from actions import get_or_create_user
|
||||
from test_utils import CharmTestCase
|
||||
|
||||
|
||||
class GetOrCreateUserTestCase(CharmTestCase):
|
||||
_keyring = b"""
|
||||
[
|
||||
{
|
||||
"entity": "client.sandbox",
|
||||
"key": "AQCnGXxiOkueGBAAsWX27MV8PNwuyMhPSzSCPg==",
|
||||
"caps": {
|
||||
"mon": "allow r",
|
||||
"osd": "allow r"
|
||||
}
|
||||
}
|
||||
]"""
|
||||
|
||||
def setUp(self):
|
||||
super(GetOrCreateUserTestCase, self).setUp(
|
||||
get_or_create_user, ["check_output", "action_get", "action_fail",
|
||||
"action_set", "log"])
|
||||
self.action_get.return_value = "sandbox" # username=sandbox
|
||||
self.check_output.return_value = self._keyring
|
||||
|
||||
def test_get_or_create_user(self):
|
||||
"""Test getting resulting keyring."""
|
||||
self.user = None
|
||||
|
||||
def _action_set(message):
|
||||
self.user = json.loads(message["message"])
|
||||
self.action_set.side_effect = _action_set
|
||||
get_or_create_user.main()
|
||||
self.action_get.assert_called_once_with("username")
|
||||
self.assertEqual(self.user[0]["entity"], "client.sandbox")
|
||||
self.assertEqual(
|
||||
self.user[0]["key"],
|
||||
"AQCnGXxiOkueGBAAsWX27MV8PNwuyMhPSzSCPg=="
|
||||
)
|
||||
self.assertEqual(self.user[0]["caps"]["mon"], "allow r")
|
||||
self.assertEqual(self.user[0]["caps"]["osd"], "allow r")
|
Loading…
Reference in New Issue