Allow passing an existing user_creds_id to parser.Stack

Currently we always create a new user_creds entry every time a stack is stored, even if a user_creds_id is passed to the constructor. So allow an existing user_creds ID to be respected. This will enable optimisation of the creation of trusts, e.g so we won't have to create a new trust for every nested stack, we can pass the top level credentials into the nested stack instead, which means updates which create nested stacks with a trust-scoped-token will work. This will be required for updates via trusts from Solum, and probably also to make OS::Heat::AutoScalingGroup work with the trust-alarm-urls blueprint, where ceilometer will send a signal using a trust. Change-Id: I7f78a2202514f13deb60ad7d66b9145447cc5625 Partial-Bug: #1317293 blueprint: trust-alarm-urls
2014-06-12 14:18:58 +01:00 · 2014-06-12 14:18:58 +01:00 · a75d3c94d8
parent 0b91f35c01
commit a75d3c94d8
2 changed files with 23 additions and 9 deletions
--- a/heat/engine/parser.py
+++ b/heat/engine/parser.py
@ -253,15 +253,16 @@ class Stack(collections.Mapping):
        if self.id:
            db_api.stack_update(self.context, self.id, s)
        else:
-            # Create a context containing a trust_id and trustor_user_id
-            # if trusts are enabled
-            if cfg.CONF.deferred_auth_method == 'trusts':
-                trust_context = self.clients.keystone().create_trust_context()
-                new_creds = db_api.user_creds_create(trust_context)
-            else:
-                new_creds = db_api.user_creds_create(self.context)
-            s['user_creds_id'] = new_creds.id
-            self.user_creds_id = new_creds.id
+            if not self.user_creds_id:
+                # Create a context containing a trust_id and trustor_user_id
+                # if trusts are enabled
+                if cfg.CONF.deferred_auth_method == 'trusts':
+                    trust_ctx = self.clients.keystone().create_trust_context()
+                    new_creds = db_api.user_creds_create(trust_ctx)
+                else:
+                    new_creds = db_api.user_creds_create(self.context)
+                s['user_creds_id'] = new_creds.id
+                self.user_creds_id = new_creds.id

            new_s = db_api.stack_create(self.context, s)
            self.id = new_s.id
--- a/heat/tests/test_parser.py
+++ b/heat/tests/test_parser.py
@ -2872,6 +2872,19 @@ class StackTest(HeatTestCase):
        db_stack = db_api.stack_get(self.ctx, stack_ownee.id)
        self.assertEqual(self.stack.id, db_stack.owner_id)

+    def test_init_user_creds_id(self):
+        ctx_init = utils.dummy_context(user='my_user',
+                                       password='my_pass')
+        ctx_init.request_id = self.ctx.request_id
+        creds = db_api.user_creds_create(ctx_init)
+        self.stack = parser.Stack(self.ctx, 'creds_init', self.tmpl,
+                                  user_creds_id=creds.id)
+        self.stack.store()
+        self.assertEqual(creds.id, self.stack.user_creds_id)
+        ctx_expected = ctx_init.to_dict()
+        ctx_expected['auth_token'] = None
+        self.assertEqual(ctx_expected, self.stack.stored_context().to_dict())
+
    def test_store_saves_creds(self):
        """
        A user_creds entry is created on first stack store