From 80a1953d7d7780c0ec1f6650401ca41e6d504f49 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 6 Nov 2023 00:56:53 +0900 Subject: [PATCH] Use openstack cli to resolve project/user id The openstack command can resolve project id or user id from name and domain name/id given. We can use that feature instead of maintaining our own logic. Change-Id: I3d4fbb082cf228ef4a75c0761fb21fdebf664cf4 --- lib/puppet/provider/keystone.rb | 23 ----- .../provider/keystone_user_role/openstack.rb | 20 +--- spec/unit/provider/keystone_spec.rb | 32 ------- .../keystone_user_role/openstack_spec.rb | 94 +++++++------------ 4 files changed, 38 insertions(+), 131 deletions(-) diff --git a/lib/puppet/provider/keystone.rb b/lib/puppet/provider/keystone.rb index 53a6244e6..e6875e3bc 100644 --- a/lib/puppet/provider/keystone.rb +++ b/lib/puppet/provider/keystone.rb @@ -102,20 +102,6 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack @users_name[id_str] end - def self.project_id_from_name_and_domain_name(name, domain_name) - @projects_name ||= {} - id_str = "#{name}_#{domain_name}" - unless @projects_name.keys.include?(id_str) - project = fetch_project(name, domain_name) - if project && project.key?(:id) - @projects_name[id_str] = project[:id] - else - err("Could not find project with name [#{name}] and domain [#{domain_name}]") - end - end - @projects_name[id_str] - end - def self.domain_name_from_id(id) unless @domain_hash list = system_request('domain', 'list') @@ -152,15 +138,6 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack @domain_hash_name[name] end - def self.fetch_project(name, domain) - domain ||= default_domain - system_request('project', 'show', - [name, '--domain', domain], - {:no_retry_exception_msgs => /No project with a name or ID/}) - rescue Puppet::ExecutionFailure => e - raise e unless e.message =~ /No project with a name or ID/ - end - def self.fetch_user(name, domain) domain ||= default_domain user = system_request('user', 'show', diff --git a/lib/puppet/provider/keystone_user_role/openstack.rb b/lib/puppet/provider/keystone_user_role/openstack.rb index 110346249..d825f592d 100644 --- a/lib/puppet/provider/keystone_user_role/openstack.rb +++ b/lib/puppet/provider/keystone_user_role/openstack.rb @@ -86,27 +86,15 @@ Puppet::Type.type(:keystone_user_role).provide( return @properties if @properties properties = [] if set?(:project) - properties << '--project' << get_project_id + properties << '--project' << project + properties << '--project-domain' << project_domain elsif set?(:domain) properties << '--domain' << domain else properties << '--system' << system end - properties << '--user' << get_user_id + properties << '--user' << user + properties << '--user-domain' << user_domain @properties = properties end - - def get_user_id - id = self.class.user_id_from_name_and_domain_name(user, user_domain) - raise(Puppet::Error, "No user #{user} with domain #{user_domain} found") if id.nil? - id - end - - def get_project_id - id = self.class.project_id_from_name_and_domain_name(project, project_domain) - if id.nil? - raise(Puppet::Error, "No project #{project} with domain #{project_domain} found") - end - id - end end diff --git a/spec/unit/provider/keystone_spec.rb b/spec/unit/provider/keystone_spec.rb index a5a2223e0..ac26d3e24 100644 --- a/spec/unit/provider/keystone_spec.rb +++ b/spec/unit/provider/keystone_spec.rb @@ -62,38 +62,6 @@ id="newid" end end - describe '#fetch_project' do - let(:set_env) do - ENV['OS_USERNAME'] = 'test' - ENV['OS_PASSWORD'] = 'abc123' - ENV['OS_SYSTEM_SCOPE'] = 'all' - ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5000/v3' - end - - before(:each) do - set_env - end - - it 'should be false if the project does not exist' do - expect(klass).to receive(:request_timeout).and_return(0) - expect(klass).to receive(:openstack) - .with('project', 'show', '--format', 'shell', ['no_project', '--domain', 'Default']) - .exactly(1).times - .and_raise(Puppet::ExecutionFailure, "Execution of '/usr/bin/openstack project show --format shell no_project' returned 1: No project with a name or ID of 'no_project' exists.") - expect(klass.fetch_project('no_project', 'Default')).to be_falsey - end - - it 'should return the project' do - expect(klass).to receive(:openstack) - .with('project', 'show', '--format', 'shell', ['The Project', '--domain', 'Default']) - .and_return(' -name="The Project" -id="the_project_id" -') - expect(klass.fetch_project('The Project', 'Default')).to eq({:name=>"The Project", :id=>"the_project_id"}) - end - end - describe '#fetch_user' do let(:set_env) do ENV['OS_USERNAME'] = 'test' diff --git a/spec/unit/provider/keystone_user_role/openstack_spec.rb b/spec/unit/provider/keystone_user_role/openstack_spec.rb index 720476617..1ff8e4c6e 100644 --- a/spec/unit/provider/keystone_user_role/openstack_spec.rb +++ b/spec/unit/provider/keystone_user_role/openstack_spec.rb @@ -36,33 +36,27 @@ describe Puppet::Type.type(:keystone_user_role).provider(:openstack) do describe '#create' do before(:each) do - expect(described_class).to receive(:openstack) .with('role assignment', 'list', '--quiet', '--format', 'csv', - ['--names', '--project', 'project1_id', '--user', 'user1_id']) + ['--names', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) .and_return('"ID","Name","Project","User" "role1_id","role1","project1","user1" "role2_id","role2","project1","user1" ') expect(described_class).to receive(:openstack) .with('role', 'add', - ['role1', '--project', 'project1_id', '--user', 'user1_id']) + ['role1', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) expect(described_class).to receive(:openstack) .with('role', 'add', - ['role2', '--project', 'project1_id', '--user', 'user1_id']) - expect(described_class).to receive(:openstack) - .with('project', 'show', '--format', 'shell', - ['project1', '--domain', 'domain1']) - .and_return('name="project1" -id="project1_id" -') - expect(described_class).to receive(:openstack) - .with('user', 'show', '--format', 'shell', - ['user1', '--domain', 'domain1']) - .and_return('name="user1" -id="user1_id" -') + ['role2', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) end + include_examples 'create the correct resource', [ { 'expected_results' => {} @@ -107,25 +101,19 @@ id="user1_id" provider.instance_variable_get('@property_hash')[:roles] = ['role1', 'role2'] expect(described_class).to receive(:openstack) .with('role', 'remove', - ['role1', '--project', 'project1_id', '--user', 'user1_id']) + ['role1', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) expect(described_class).to receive(:openstack) .with('role', 'remove', - ['role2', '--project', 'project1_id', '--user', 'user1_id']) - expect(described_class).to receive(:openstack) - .with('project', 'show', '--format', 'shell', - ['project1', '--domain', 'domain1']) - .and_return('name="project1" -id="project1_id" -') - expect(described_class).to receive(:openstack) - .with('user', 'show', '--format', 'shell', - ['user1', '--domain', 'domain1']) - .and_return('name="user1" -id="user1_id" -') + ['role2', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) expect(described_class).to receive(:openstack) .with('role assignment', 'list', '--quiet', '--format', 'csv', - ['--names', '--project', 'project1_id', '--user', 'user1_id']) + ['--names', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) .and_return('"ID","Name","Project","User" ') provider.destroy @@ -137,22 +125,12 @@ id="user1_id" subject(:response) do expect(described_class).to receive(:openstack) .with('role assignment', 'list', '--quiet', '--format', 'csv', - ['--names', '--project', 'project1_id', '--user', 'user1_id']) + ['--names', + '--project', 'project1', '--project-domain', 'domain1', + '--user', 'user1', '--user-domain', 'domain1']) .and_return('"ID","Name","Project","User" "role1_id","role1","project1","user1" "role2_id","role2","project1","user1" -') - expect(described_class).to receive(:openstack) - .with('project', 'show', '--format', 'shell', - ['project1', '--domain', 'domain1']) - .and_return('name="project1" -id="project1_id" -') - expect(described_class).to receive(:openstack) - .with('user', 'show', '--format', 'shell', - ['user1', '--domain', 'domain1']) - .and_return('name="user1" -id="user1_id" ') provider.exists? end @@ -173,28 +151,24 @@ id="user1_id" expect(provider).to receive(:roles).and_return(%w(role_one role_two)) expect(described_class).to receive(:openstack) .with('role', 'remove', - ['role_one', '--project', 'project1_id', '--user', 'user1_id']) + ['role_one', + '--project', 'project_one', '--project-domain', 'Default', + '--user', 'user_one', '--user-domain', 'Default']) expect(described_class).to receive(:openstack) .with('role', 'remove', - ['role_two', '--project', 'project1_id', '--user', 'user1_id']) + ['role_two', + '--project', 'project_one', '--project-domain', 'Default', + '--user', 'user_one', '--user-domain', 'Default']) expect(described_class).to receive(:openstack) .with('role', 'add', - ['one', '--project', 'project1_id', '--user', 'user1_id']) + ['one', + '--project', 'project_one', '--project-domain', 'Default', + '--user', 'user_one', '--user-domain', 'Default']) expect(described_class).to receive(:openstack) .with('role', 'add', - ['two', '--project', 'project1_id', '--user', 'user1_id']) - expect(described_class).to receive(:openstack) - .with('project', 'show', '--format', 'shell', - ['project_one', '--domain', 'Default']) - .and_return('name="project_one" -id="project1_id" -') - expect(described_class).to receive(:openstack) - .with('user', 'show', '--format', 'shell', - ['user_one', '--domain', 'Default']) - .and_return('name="role_one" -id="user1_id" -') + ['two', + '--project', 'project_one', '--project-domain', 'Default', + '--user', 'user_one', '--user-domain', 'Default']) provider.roles = %w(one two) end end