Merge pull request #4 from ideaship/grant_domain_04

Grant domain
This commit is contained in:
Jan Klare 2017-11-13 23:22:41 +11:00 committed by GitHub
commit 00db69eaa9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 48 additions and 20 deletions

View File

@ -32,8 +32,17 @@ module OpenstackclientCookbook
action :create do
user = connection.users.find { |u| u.name == user_name }
project = connection.projects.find { |p| p.name == project_name }
domain = connection.domains.find { |u| u.name == domain_name }
if user
log "User with name: \"#{user_name}\" already exists"
elsif domain
connection.users.create(
name: user_name,
domain_id: domain.id,
email: email,
default_project_id: project ? project.id : nil,
password: password
)
else
connection.users.create(
name: user_name,
@ -53,6 +62,7 @@ module OpenstackclientCookbook
end
end
# Grant a role in a project
action :grant_role do
user = connection.users.find { |u| u.name == user_name }
project = connection.projects.find { |p| p.name == project_name }
@ -67,20 +77,22 @@ module OpenstackclientCookbook
project.revoke_role_from_user role.id, user.id if role && project && user
end
# Grant a role in a domain
# Note: in spite of what the action name may suggest, the domain name is
# only used to identify a user who is in that domain. This action grants
# the user a role in the domain.
action :grant_domain do
user = connection.users.find { |u| u.name == user_name }
domain = connection.domains.find { |p| p.name == domain_name }
role = connection.roles.find { |r| r.name == role_name }
connection.grant_domain_user_role(
domain.id, user.id, role.id) if role && domain && user
user.grant_role role.id if role && domain && user
end
action :revoke_domain do
user = connection.users.find { |u| u.name == user_name }
domain = connection.domains.find { |p| p.name == domain_name }
role = connection.roles.find { |r| r.name == role_name }
connection.revoke_domain_user_role(
domain.id, user.id, role.id) if role && domain && user
user.revoke_role role.id if role && domain && user
end
end
end

View File

@ -49,7 +49,6 @@ end
openstack_user 'myuser' do
role_name 'myrole'
project_name 'myproject'
domain_name 'mydomain'
connection_params connection_params
action :grant_domain
@ -57,7 +56,6 @@ end
openstack_user 'myuser' do
role_name 'myrole'
project_name 'myproject'
domain_name 'mydomain'
connection_params connection_params
action :revoke_domain

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_domain'
describe 'openstackclient_test::domain' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_domain'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_domain'])
)
runner.converge(described_recipe)
end

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_endpoint'
describe 'openstackclient_test::endpoint' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_endpoint'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_endpoint'])
)
runner.converge(described_recipe)
end

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_project'
describe 'openstackclient_test::project' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_project'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_project'])
)
runner.converge(described_recipe)
end

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_role'
describe 'openstackclient_test::role' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_role'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_role'])
)
runner.converge(described_recipe)
end

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_service'
describe 'openstackclient_test::service' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_service'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_service'])
)
runner.converge(described_recipe)
end

View File

@ -23,4 +23,9 @@ RSpec.configure do |config|
config.log_level = :error
end
UBUNTU_OPTS = {
platform: 'ubuntu',
version: '16.04'
}.freeze
at_exit { ChefSpec::Coverage.report! }

View File

@ -19,7 +19,9 @@ require_relative '../libraries/openstack_user'
describe 'openstackclient_test::user' do
let(:chef_run) do
runner = ChefSpec::SoloRunner.new(step_into: ['openstack_user'])
runner = ChefSpec::SoloRunner.new(
UBUNTU_OPTS.merge(step_into: ['openstack_user'])
)
runner.converge(described_recipe)
end
@ -33,7 +35,9 @@ describe 'openstackclient_test::user' do
let(:found_user) do
double :find,
id: 4,
destroy: true
destroy: true,
grant_role: true,
revoke_role: true
end
let(:users_populated) do
@ -133,6 +137,7 @@ describe 'openstackclient_test::user' do
expect(users_empty).to receive(:create)
.with(
name: 'myuser',
domain_id: 5,
email: 'myemail',
default_project_id: 42,
password: 'mypassword'
@ -152,9 +157,7 @@ describe 'openstackclient_test::user' do
users: users_populated,
domains: domains_populated,
roles: roles_populated,
projects: projects_populated,
grant_domain_user_role: true,
revoke_domain_user_role: true
projects: projects_populated
end
before do
@ -241,14 +244,14 @@ describe 'openstackclient_test::user' do
end
it do
expect(connection_dub).to receive(:grant_domain_user_role)
.with(5, 4, 3)
expect(found_user).to receive(:grant_role)
.with(3)
chef_run
end
it do
expect(connection_dub).to receive(:revoke_domain_user_role)
.with(5, 4, 3)
expect(found_user).to receive(:revoke_role)
.with(3)
chef_run
end
end