Allow passing an existing user_creds_id to parser.Stack
Currently we always create a new user_creds entry every time a stack is stored, even if a user_creds_id is passed to the constructor. So allow an existing user_creds ID to be respected. This will enable optimisation of the creation of trusts, e.g so we won't have to create a new trust for every nested stack, we can pass the top level credentials into the nested stack instead, which means updates which create nested stacks with a trust-scoped-token will work. This will be required for updates via trusts from Solum, and probably also to make OS::Heat::AutoScalingGroup work with the trust-alarm-urls blueprint, where ceilometer will send a signal using a trust. Change-Id: I7f78a2202514f13deb60ad7d66b9145447cc5625 Partial-Bug: #1317293 blueprint: trust-alarm-urls
This commit is contained in:
parent
0b91f35c01
commit
a75d3c94d8
|
@ -253,15 +253,16 @@ class Stack(collections.Mapping):
|
|||
if self.id:
|
||||
db_api.stack_update(self.context, self.id, s)
|
||||
else:
|
||||
# Create a context containing a trust_id and trustor_user_id
|
||||
# if trusts are enabled
|
||||
if cfg.CONF.deferred_auth_method == 'trusts':
|
||||
trust_context = self.clients.keystone().create_trust_context()
|
||||
new_creds = db_api.user_creds_create(trust_context)
|
||||
else:
|
||||
new_creds = db_api.user_creds_create(self.context)
|
||||
s['user_creds_id'] = new_creds.id
|
||||
self.user_creds_id = new_creds.id
|
||||
if not self.user_creds_id:
|
||||
# Create a context containing a trust_id and trustor_user_id
|
||||
# if trusts are enabled
|
||||
if cfg.CONF.deferred_auth_method == 'trusts':
|
||||
trust_ctx = self.clients.keystone().create_trust_context()
|
||||
new_creds = db_api.user_creds_create(trust_ctx)
|
||||
else:
|
||||
new_creds = db_api.user_creds_create(self.context)
|
||||
s['user_creds_id'] = new_creds.id
|
||||
self.user_creds_id = new_creds.id
|
||||
|
||||
new_s = db_api.stack_create(self.context, s)
|
||||
self.id = new_s.id
|
||||
|
|
|
@ -2872,6 +2872,19 @@ class StackTest(HeatTestCase):
|
|||
db_stack = db_api.stack_get(self.ctx, stack_ownee.id)
|
||||
self.assertEqual(self.stack.id, db_stack.owner_id)
|
||||
|
||||
def test_init_user_creds_id(self):
|
||||
ctx_init = utils.dummy_context(user='my_user',
|
||||
password='my_pass')
|
||||
ctx_init.request_id = self.ctx.request_id
|
||||
creds = db_api.user_creds_create(ctx_init)
|
||||
self.stack = parser.Stack(self.ctx, 'creds_init', self.tmpl,
|
||||
user_creds_id=creds.id)
|
||||
self.stack.store()
|
||||
self.assertEqual(creds.id, self.stack.user_creds_id)
|
||||
ctx_expected = ctx_init.to_dict()
|
||||
ctx_expected['auth_token'] = None
|
||||
self.assertEqual(ctx_expected, self.stack.stored_context().to_dict())
|
||||
|
||||
def test_store_saves_creds(self):
|
||||
"""
|
||||
A user_creds entry is created on first stack store
|
||||
|
|
Loading…
Reference in New Issue