Enable domain specific drivers

Enable support for domain specific drivers, managed via configuration files (instead of directly using the API and database). Using multiple domains means that calls to users.list must be scoped to a specific domain; ensure that v3 calls to this method are appropriately scoped. NOTE: template file changes have NOT been backported. Partial-Bug: 1645803 (cherry picked from commit 795ebdeb19) Change-Id: I7ed84b7210597ab1633eba343a0c68741a5a8578
2017-01-23 11:06:06 +00:00 · 2017-01-23 11:06:06 +00:00 · b4b320c098
parent 7bd0832bc3
commit b4b320c098
3 changed files with 35 additions and 7 deletions
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@ -763,13 +763,18 @@ def create_or_show_domain(name):

 def user_exists(name, domain=None):
    manager = get_manager()
+    domain_id = None
    if domain:
        domain_id = manager.resolve_domain_id(domain)
        if not domain_id:
            error_out('Could not resolve domain_id for {} when checking if '
                      ' user {} exists'.format(domain, name))
    if manager.resolve_user_id(name, user_domain=domain):
-        for user in manager.api.users.list():
+        if manager.api_version == 2:
+            users = manager.api.users.list()
+        else:
+            users = manager.api.users.list(domain=domain_id)
+        for user in users:
            if user.name.lower() == name.lower():
                # In v3 Domains are seperate user namespaces so need to check
                # that the domain matched if provided
--- a/hooks/manager.py
+++ b/hooks/manager.py
@ -198,9 +198,10 @@ class KeystoneManager3(KeystoneManager):

    def resolve_user_id(self, name, user_domain=None):
        """Find the user_id of a given user"""
+        domain_id = None
        if user_domain:
            domain_id = self.resolve_domain_id(user_domain)
-        for user in self.api.users.list():
+        for user in self.api.users.list(domain=domain_id):
            if name.lower() == user.name.lower():
                if user_domain:
                    if domain_id == user.domain_id:
--- a/tests/basic_deployment.py
+++ b/tests/basic_deployment.py
@ -43,6 +43,8 @@ u = OpenStackAmuletUtils(DEBUG)
 class KeystoneBasicDeployment(OpenStackAmuletDeployment):
    """Amulet tests on a basic keystone deployment."""

+    DEFAULT_DOMAIN = 'default'
+
    def __init__(self, series=None, openstack=None,
                 source=None, git=False, stable=True):
        """Deploy the entire test environment."""
@ -252,9 +254,9 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
        except keystoneclient.exceptions.NotFound:
            self.keystone_v3.roles.create(name=self.demo_role)

-        try:
-            self.keystone_v3.users.find(name=self.demo_user_v3)
-        except keystoneclient.exceptions.NotFound:
+        if not self.find_keystone_v3_user(self.keystone_v3,
+                                          self.demo_user_v3,
+                                          self.demo_domain):
            self.keystone_v3.users.create(
                self.demo_user_v3,
                domain=domain.id,
@ -375,12 +377,29 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
            else:
                user_info['default_project_id'] = u.not_null
            expected.append(user_info)
-        actual = client.users.list()
+        if self.keystone_api_version == 2:
+            actual = client.users.list()
+        else:
+            # Ensure list is scoped to the default domain
+            # when checking v3 users (v2->v3 upgrade check)
+            actual = client.users.list(
+                domain=client.domains.find(name=self.DEFAULT_DOMAIN).id
+            )
        ret = u.validate_user_data(expected, actual,
                                   api_version=self.keystone_api_version)
        if ret:
            amulet.raise_status(amulet.FAIL, msg=ret)

+    def find_keystone_v3_user(self, client, username, domain):
+        """Find a user within a specified keystone v3 domain"""
+        domain_users = client.users.list(
+            domain=client.domains.find(name=domain).id
+        )
+        for user in domain_users:
+            if username.lower() == user.name.lower():
+                return user
+        return None
+
    def test_106_keystone_users(self):
        self.set_api_version(2)
        self.validate_keystone_users(self.keystone_v2)
@ -412,7 +431,10 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
        if self.is_liberty_or_newer():
            self.set_api_version(3)
            self.create_users_v3()
-            actual_user = self.keystone_v3.users.find(name=self.demo_user_v3)
+            actual_user = self.find_keystone_v3_user(self.keystone_v3,
+                                                     self.demo_user_v3,
+                                                     self.demo_domain)
+            assert actual_user is not None
            expect = {
                'default_project_id': self.demo_project,
                'email': 'demov3@demo.com',