Export user id as password to keystone when using noauth

Fixes bug #969208 When using noauth, a user's password is her user id (e.g. in novarc). When we export to keystone, we should make sure the same credentials keep working rather than effectively switching all the passwords to random UUIDs which users would never have seen before. Change-Id: Ie77c622ce1952d03e836bb64167184022a02e902
2012-03-30 14:34:14 +01:00 · 2012-03-30 14:34:14 +01:00 · 6b8e9d6774
parent ada63db6be
commit 6b8e9d6774
2 changed files with 26 additions and 9 deletions
--- a/bin/nova-manage
+++ b/bin/nova-manage
@ -1542,16 +1542,23 @@ class ExportCommands(object):
        am = manager.AuthManager()

        for user in am.get_users():
+            # NOTE(vish): Deprecated auth uses an access key, no auth uses a
+            #             the user_id in place of it.
+            if FLAGS.auth_strategy == 'deprecated':
+                access = user.access
+            else:
+                access = user.id
+
            user_dict = {
                'id': user.id,
                'name': user.name,
-                'password': user.access,
+                'password': access,
            }
            output['users'].append(user_dict)

            ec2_cred = {
                'user_id': user.id,
-                'access_key': user.access,
+                'access_key': access,
                'secret_key': user.secret,
            }
            output['ec2_credentials'].append(ec2_cred)
--- a/nova/tests/test_nova_manage.py
+++ b/nova/tests/test_nova_manage.py
@ -239,7 +239,14 @@ class NetworkCommandsTestCase(test.TestCase):

 class ExportAuthTestCase(test.TestCase):

-    def test_export(self):
+    def test_export_with_noauth(self):
+        self._do_test_export()
+
+    def test_export_with_deprecated_auth(self):
+        self.flags(auth_strategy='deprecated')
+        self._do_test_export(noauth=False)
+
+    def _do_test_export(self, noauth=True):
        self.flags(allowed_roles=['role1', 'role2'])
        am = nova.auth.manager.AuthManager(new=True)
        user1 = am.create_user('user1', 'a1', 's1')
@ -255,11 +262,14 @@ class ExportAuthTestCase(test.TestCase):
        commands = nova_manage.ExportCommands()
        output = commands._get_auth_data()

+        def pw(idx):
+            return ('user' if noauth else 'a') + str(idx)
+
        expected = {
            "users": [
-                {"id": "user1", "name": "user1", 'password': 'a1'},
-                {"id": "user2", "name": "user2", 'password': 'a2'},
-                {"id": "user3", "name": "user3", 'password': 'a3'},
+                {"id": "user1", "name": "user1", 'password': pw(1)},
+                {"id": "user2", "name": "user2", 'password': pw(2)},
+                {"id": "user3", "name": "user3", 'password': pw(3)},
            ],
            "roles": ["role1", "role2"],
            "role_user_tenant_list": [
@ -273,9 +283,9 @@ class ExportAuthTestCase(test.TestCase):
                {"tenant_id": "proj2", "user_id": "user3"},
            ],
            "ec2_credentials": [
-                {"access_key": "a1", "secret_key": "s1", "user_id": "user1"},
-                {"access_key": "a2", "secret_key": "s2", "user_id": "user2"},
-                {"access_key": "a3", "secret_key": "s3", "user_id": "user3"},
+                {"access_key": pw(1), "secret_key": "s1", "user_id": "user1"},
+                {"access_key": pw(2), "secret_key": "s2", "user_id": "user2"},
+                {"access_key": pw(3), "secret_key": "s3", "user_id": "user3"},
            ],
            "tenants": [
                {"description": "proj1", "id": "proj1", "name": "proj1"},