heat_keystoneclient revise get_ec2_keypair

Modify get_ec2_keypair so it's no longer making assumptions about the number of keypairs a user has, instead we provide create_ec2_keypair, which just creates and returns a keypair, and get_ec2_keypair just gets a specified keypair by user and access key ID. It's now up to the calling resources to manage the lifecycle of the keypairs (which they should be doing anyway..). Also make the user_id optional. Change-Id: I28aa0c2d764b9e957302269598a5910346363d0f Related-Bug: #1089261 blueprint: instance-users
2013-12-16 17:31:11 +00:00 · 2013-12-16 17:31:11 +00:00 · cd853f6994
parent 7214c146f1
commit cd853f6994
5 changed files with 23 additions and 20 deletions
--- a/heat/common/heat_keystoneclient.py
+++ b/heat/common/heat_keystoneclient.py
@ -309,20 +309,13 @@ class KeystoneClient(object):
    def delete_ec2_keypair(self, user_id, accesskey):
        self.client_v2.ec2.delete(user_id, accesskey)

-    def get_ec2_keypair(self, user_id):
-        # We make the assumption that each user will only have one
-        # ec2 keypair, it's not clear if AWS allow multiple AccessKey resources
-        # to be associated with a single User resource, but for simplicity
-        # we assume that here for now
-        cred = self.client_v2.ec2.list(user_id)
-        if len(cred) == 0:
-            return self.client_v2.ec2.create(user_id, self.context.tenant_id)
-        if len(cred) == 1:
-            return cred[0]
-        else:
-            logger.error(_("Unexpected number of ec2 credentials %(len)s "
-                           "for %(user)s") % {'len': len(cred),
-                                              'user': user_id})
+    def get_ec2_keypair(self, access, user_id=None):
+        uid = user_id or self.client_v2.auth_ref.user_id
+        return self.client_v2.ec2.get(uid, access)
+
+    def create_ec2_keypair(self, user_id=None):
+        uid = user_id or self.client_v2.auth_ref.user_id
+        return self.client_v2.ec2.create(uid, self.context.tenant_id)

    def disable_stack_user(self, user_id):
        # FIXME : This won't work with the v3 keystone API
--- a/heat/engine/resources/user.py
+++ b/heat/engine/resources/user.py
@ -210,7 +210,7 @@ class AccessKey(resource.Resource):
            raise exception.NotFound(_('could not find user %s') %
                                     self.properties[self.USER_NAME])

-        kp = self.keystone().get_ec2_keypair(user.resource_id)
+        kp = self.keystone().create_ec2_keypair(user.resource_id)
        if not kp:
            raise exception.Error(_("Error creating ec2 keypair for user %s") %
                                  user)
@ -261,7 +261,8 @@ class AccessKey(resource.Resource):
                except exception.NotFound:
                    try:
                        user_id = self._get_user().resource_id
-                        kp = self.keystone().get_ec2_keypair(user_id)
+                        kp = self.keystone().get_ec2_keypair(
+                            user_id=user_id, access=self.resource_id)
                        self._secret = kp.secret
                        # Store the key in resource_data
                        db_api.resource_data_set(self, 'secret_key',
--- a/heat/engine/signal_responder.py
+++ b/heat/engine/signal_responder.py
@ -50,7 +50,7 @@ class SignalResponder(resource.Resource):
            self.physical_resource_name())
        self.resource_id_set(user_id)

-        kp = self.keystone().get_ec2_keypair(user_id)
+        kp = self.keystone().create_ec2_keypair(user_id)
        if not kp:
            raise exception.Error(_("Error creating ec2 keypair for user %s") %
                                  user_id)
--- a/heat/tests/fakes.py
+++ b/heat/tests/fakes.py
@ -94,7 +94,16 @@ class FakeKeystoneClient(object):
    def delete_stack_user(self, user_id):
        self.user_id = None

-    def get_ec2_keypair(self, user_id):
+    def get_ec2_keypair(self, access, user_id):
+        if user_id == self.user_id:
+            if access == self.access:
+                return self.creds
+            else:
+                raise ValueError("Unexpected access %s" % access)
+        else:
+            raise ValueError("Unexpected user_id %s" % user_id)
+
+    def create_ec2_keypair(self, user_id):
        if user_id == self.user_id:
            if not self.creds:
                class FakeCred(object):
--- a/heat/tests/test_signal.py
+++ b/heat/tests/test_signal.py
@ -121,7 +121,7 @@ class SignalTest(HeatTestCase):
                                       stub=False)

        class FakeKeystoneClientFail(fakes.FakeKeystoneClient):
-            def get_ec2_keypair(self, name):
+            def create_ec2_keypair(self, name):
                raise kc_exceptions.Forbidden("Denied!")

        self.m.StubOutWithMock(clients.OpenStackClients, 'keystone')
@ -142,7 +142,7 @@ class SignalTest(HeatTestCase):
                                       stub=False)

        class FakeKeystoneClientFail(fakes.FakeKeystoneClient):
-            def get_ec2_keypair(self, name):
+            def create_ec2_keypair(self, name):
                return None

        self.m.StubOutWithMock(clients.OpenStackClients, 'keystone')