Enable domain specific drivers
Enable support for domain specific drivers, managed via
configuration files (instead of directly using the API and
database).
Using multiple domains means that calls to users.list must
be scoped to a specific domain; ensure that v3 calls to this
method are appropriately scoped.
NOTE: template file changes have NOT been backported.
Partial-Bug: 1645803
(cherry picked from commit 795ebdeb19
)
Change-Id: I7ed84b7210597ab1633eba343a0c68741a5a8578
This commit is contained in:
parent
7bd0832bc3
commit
b4b320c098
|
@ -763,13 +763,18 @@ def create_or_show_domain(name):
|
|||
|
||||
def user_exists(name, domain=None):
|
||||
manager = get_manager()
|
||||
domain_id = None
|
||||
if domain:
|
||||
domain_id = manager.resolve_domain_id(domain)
|
||||
if not domain_id:
|
||||
error_out('Could not resolve domain_id for {} when checking if '
|
||||
' user {} exists'.format(domain, name))
|
||||
if manager.resolve_user_id(name, user_domain=domain):
|
||||
for user in manager.api.users.list():
|
||||
if manager.api_version == 2:
|
||||
users = manager.api.users.list()
|
||||
else:
|
||||
users = manager.api.users.list(domain=domain_id)
|
||||
for user in users:
|
||||
if user.name.lower() == name.lower():
|
||||
# In v3 Domains are seperate user namespaces so need to check
|
||||
# that the domain matched if provided
|
||||
|
|
|
@ -198,9 +198,10 @@ class KeystoneManager3(KeystoneManager):
|
|||
|
||||
def resolve_user_id(self, name, user_domain=None):
|
||||
"""Find the user_id of a given user"""
|
||||
domain_id = None
|
||||
if user_domain:
|
||||
domain_id = self.resolve_domain_id(user_domain)
|
||||
for user in self.api.users.list():
|
||||
for user in self.api.users.list(domain=domain_id):
|
||||
if name.lower() == user.name.lower():
|
||||
if user_domain:
|
||||
if domain_id == user.domain_id:
|
||||
|
|
|
@ -43,6 +43,8 @@ u = OpenStackAmuletUtils(DEBUG)
|
|||
class KeystoneBasicDeployment(OpenStackAmuletDeployment):
|
||||
"""Amulet tests on a basic keystone deployment."""
|
||||
|
||||
DEFAULT_DOMAIN = 'default'
|
||||
|
||||
def __init__(self, series=None, openstack=None,
|
||||
source=None, git=False, stable=True):
|
||||
"""Deploy the entire test environment."""
|
||||
|
@ -252,9 +254,9 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
|
|||
except keystoneclient.exceptions.NotFound:
|
||||
self.keystone_v3.roles.create(name=self.demo_role)
|
||||
|
||||
try:
|
||||
self.keystone_v3.users.find(name=self.demo_user_v3)
|
||||
except keystoneclient.exceptions.NotFound:
|
||||
if not self.find_keystone_v3_user(self.keystone_v3,
|
||||
self.demo_user_v3,
|
||||
self.demo_domain):
|
||||
self.keystone_v3.users.create(
|
||||
self.demo_user_v3,
|
||||
domain=domain.id,
|
||||
|
@ -375,12 +377,29 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
|
|||
else:
|
||||
user_info['default_project_id'] = u.not_null
|
||||
expected.append(user_info)
|
||||
actual = client.users.list()
|
||||
if self.keystone_api_version == 2:
|
||||
actual = client.users.list()
|
||||
else:
|
||||
# Ensure list is scoped to the default domain
|
||||
# when checking v3 users (v2->v3 upgrade check)
|
||||
actual = client.users.list(
|
||||
domain=client.domains.find(name=self.DEFAULT_DOMAIN).id
|
||||
)
|
||||
ret = u.validate_user_data(expected, actual,
|
||||
api_version=self.keystone_api_version)
|
||||
if ret:
|
||||
amulet.raise_status(amulet.FAIL, msg=ret)
|
||||
|
||||
def find_keystone_v3_user(self, client, username, domain):
|
||||
"""Find a user within a specified keystone v3 domain"""
|
||||
domain_users = client.users.list(
|
||||
domain=client.domains.find(name=domain).id
|
||||
)
|
||||
for user in domain_users:
|
||||
if username.lower() == user.name.lower():
|
||||
return user
|
||||
return None
|
||||
|
||||
def test_106_keystone_users(self):
|
||||
self.set_api_version(2)
|
||||
self.validate_keystone_users(self.keystone_v2)
|
||||
|
@ -412,7 +431,10 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
|
|||
if self.is_liberty_or_newer():
|
||||
self.set_api_version(3)
|
||||
self.create_users_v3()
|
||||
actual_user = self.keystone_v3.users.find(name=self.demo_user_v3)
|
||||
actual_user = self.find_keystone_v3_user(self.keystone_v3,
|
||||
self.demo_user_v3,
|
||||
self.demo_domain)
|
||||
assert actual_user is not None
|
||||
expect = {
|
||||
'default_project_id': self.demo_project,
|
||||
'email': 'demov3@demo.com',
|
||||
|
|
Loading…
Reference in New Issue