Revise trust middleware
This patch revises the trust middleware to use the engine RPC interface instead of the DB APIs. Change-Id: I7838b68ef87ad5d470727586f4cf2b1edb7069ed
This commit is contained in:
parent
043b53735b
commit
2b9f9141c7
|
@ -13,30 +13,31 @@
|
||||||
from senlin.api.common import wsgi
|
from senlin.api.common import wsgi
|
||||||
from senlin.common import context
|
from senlin.common import context
|
||||||
from senlin.common import exception
|
from senlin.common import exception
|
||||||
from senlin.db import api as db_api
|
|
||||||
from senlin.drivers import base as driver_base
|
from senlin.drivers import base as driver_base
|
||||||
|
from senlin.rpc import client as rpc
|
||||||
|
|
||||||
|
|
||||||
class TrustMiddleware(wsgi.Middleware):
|
class TrustMiddleware(wsgi.Middleware):
|
||||||
'''Extract trust info from request.
|
"""Extract trust info from request.
|
||||||
|
|
||||||
The extracted information is filled into the request context.
|
The extracted information is filled into the request context.
|
||||||
Senlin engine will use this information for access control.
|
Senlin engine will use this information for access control.
|
||||||
'''
|
"""
|
||||||
def _get_trust(self, ctx):
|
def _get_trust(self, ctx):
|
||||||
'''List trusts with current user as the trustor.'''
|
"""List trusts with current user as the trustor.
|
||||||
|
|
||||||
|
:param ctx: The requesting context.
|
||||||
|
:return: ID of the trust or exception of InternalError.
|
||||||
|
"""
|
||||||
|
rpcc = rpc.EngineClient()
|
||||||
|
|
||||||
# DB table is used as a cache for the trusts.
|
|
||||||
cred_exists = False
|
cred_exists = False
|
||||||
res = db_api.cred_get(ctx, ctx.user, ctx.project)
|
res = rpcc.credential_get(ctx)
|
||||||
if res is not None:
|
if res:
|
||||||
try:
|
trust_id = res.get('trust', None)
|
||||||
trust_id = res.cred['openstack']['trust']
|
if trust_id:
|
||||||
return trust_id
|
return trust_id
|
||||||
except KeyError:
|
cred_exists = True
|
||||||
# Garbage in the store, ignore it
|
|
||||||
cred_exists = True
|
|
||||||
pass
|
|
||||||
|
|
||||||
params = {
|
params = {
|
||||||
'auth_url': ctx.auth_url,
|
'auth_url': ctx.auth_url,
|
||||||
|
@ -60,15 +61,9 @@ class TrustMiddleware(wsgi.Middleware):
|
||||||
|
|
||||||
# update cache
|
# update cache
|
||||||
if cred_exists:
|
if cred_exists:
|
||||||
db_api.cred_update(ctx.user, ctx.project,
|
rpcc.credential_update(ctx, trust.id)
|
||||||
{'cred': {'openstack': {'trust': trust.id}}})
|
|
||||||
else:
|
else:
|
||||||
values = {
|
rpcc.credential_create(ctx, trust.id)
|
||||||
'user': ctx.user,
|
|
||||||
'project': ctx.project,
|
|
||||||
'cred': {'openstack': {'trust': trust.id}}
|
|
||||||
}
|
|
||||||
db_api.cred_create(ctx, values)
|
|
||||||
|
|
||||||
return trust.id
|
return trust.id
|
||||||
|
|
||||||
|
|
|
@ -11,12 +11,11 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
|
import six
|
||||||
|
|
||||||
from senlin.api.middleware import trust
|
from senlin.api.middleware import trust
|
||||||
from senlin.common import context
|
from senlin.common import context
|
||||||
from senlin.common import exception
|
from senlin.common import exception
|
||||||
from senlin.db import api as db_api
|
|
||||||
from senlin.drivers import base as driver_base
|
|
||||||
from senlin.tests.unit.common import base
|
from senlin.tests.unit.common import base
|
||||||
from senlin.tests.unit.common import utils
|
from senlin.tests.unit.common import utils
|
||||||
|
|
||||||
|
@ -28,40 +27,177 @@ class TestTrustMiddleware(base.SenlinTestCase):
|
||||||
self.context = utils.dummy_context()
|
self.context = utils.dummy_context()
|
||||||
self.middleware = trust.TrustMiddleware(None)
|
self.middleware = trust.TrustMiddleware(None)
|
||||||
|
|
||||||
@mock.patch('senlin.db.api')
|
@mock.patch("senlin.rpc.client.EngineClient")
|
||||||
def test_get_trust_already_exists(self, mock_db_api):
|
def test__get_trust_already_exists(self, mock_rpc):
|
||||||
res = mock.MagicMock()
|
x_cred = {'trust': 'FAKE_TRUST_ID'}
|
||||||
res.cred = {}
|
x_rpc = mock.Mock()
|
||||||
res.cred['openstack'] = {}
|
x_rpc.credential_get.return_value = x_cred
|
||||||
res.cred['openstack']['trust'] = 'FAKE_TRUST_ID'
|
mock_rpc.return_value = x_rpc
|
||||||
db_api.cred_get = mock.MagicMock(return_value=res)
|
|
||||||
trust_id = self.middleware._get_trust(self.context)
|
|
||||||
self.assertEqual(res.cred['openstack']['trust'], trust_id)
|
|
||||||
self.assertTrue(db_api.cred_get.called)
|
|
||||||
|
|
||||||
@mock.patch.object(context, 'get_service_context')
|
result = self.middleware._get_trust(self.context)
|
||||||
@mock.patch.object(db_api, 'cred_get')
|
|
||||||
@mock.patch.object(db_api, 'cred_create')
|
|
||||||
@mock.patch.object(driver_base, 'SenlinDriver')
|
|
||||||
def test_get_trust_not_exists(self, mock_senlindriver, mock_cred_create,
|
|
||||||
mock_cred_get, mock_get_service_context):
|
|
||||||
mock_cred_get.return_value = None
|
|
||||||
mock_get_service_context.return_value = {'k1': 'v1', 'k2': 'v2'}
|
|
||||||
sd = mock.Mock()
|
|
||||||
kc = mock.Mock()
|
|
||||||
sd.identity.return_value = kc
|
|
||||||
mock_senlindriver.return_value = sd
|
|
||||||
kc.get_user_id.return_value = 'FAKE_ADMIN_ID'
|
|
||||||
kc.trust_get_by_trustor.side_effect = exception.InternalError(
|
|
||||||
code=400, message='Bad request')
|
|
||||||
trust = mock.Mock()
|
|
||||||
kc.trust_create.return_value = trust
|
|
||||||
trust.id = 'FAKE_TRUST_ID'
|
|
||||||
|
|
||||||
trust_id = self.middleware._get_trust(self.context)
|
self.assertEqual('FAKE_TRUST_ID', result)
|
||||||
self.assertEqual(trust_id, 'FAKE_TRUST_ID')
|
mock_rpc.assert_called_once_with()
|
||||||
self.assertTrue(db_api.cred_get.called)
|
x_rpc.credential_get.assert_called_once_with(self.context)
|
||||||
self.assertTrue(kc.get_user_id.called)
|
|
||||||
self.assertTrue(kc.trust_get_by_trustor.called)
|
@mock.patch.object(context, "get_service_context")
|
||||||
self.assertTrue(kc.trust_create.called)
|
@mock.patch("senlin.drivers.base.SenlinDriver")
|
||||||
self.assertTrue(db_api.cred_create.called)
|
@mock.patch("senlin.rpc.client.EngineClient")
|
||||||
|
def test__get_trust_bad(self, mock_rpc, mock_driver, mock_context):
|
||||||
|
x_cred = {'foo': 'bar'}
|
||||||
|
x_rpc = mock.Mock()
|
||||||
|
x_rpc.credential_get.return_value = x_cred
|
||||||
|
mock_rpc.return_value = x_rpc
|
||||||
|
|
||||||
|
x_svc_cred = {'uid': 'FAKE_ID', 'passwd': 'FAKE_PASS'}
|
||||||
|
mock_context.return_value = x_svc_cred
|
||||||
|
x_admin_id = 'FAKE_ADMIN_ID'
|
||||||
|
x_trust = mock.Mock(id='FAKE_TRUST_ID')
|
||||||
|
mock_keystone = mock.Mock()
|
||||||
|
mock_keystone.get_user_id.return_value = x_admin_id
|
||||||
|
mock_keystone.trust_get_by_trustor.return_value = x_trust
|
||||||
|
x_driver = mock.Mock()
|
||||||
|
x_driver.identity.return_value = mock_keystone
|
||||||
|
mock_driver.return_value = x_driver
|
||||||
|
|
||||||
|
result = self.middleware._get_trust(self.context)
|
||||||
|
|
||||||
|
self.assertEqual('FAKE_TRUST_ID', result)
|
||||||
|
mock_rpc.assert_called_once_with()
|
||||||
|
x_rpc.credential_get.assert_called_once_with(self.context)
|
||||||
|
mock_driver.assert_called_once_with()
|
||||||
|
x_driver.identity.assert_called_once_with({
|
||||||
|
'auth_url': self.context.auth_url,
|
||||||
|
'project_id': self.context.project,
|
||||||
|
'user_id': self.context.user,
|
||||||
|
'token': self.context.auth_token,
|
||||||
|
})
|
||||||
|
mock_context.assert_called_once_with()
|
||||||
|
mock_keystone.get_user_id.assert_called_once_with(
|
||||||
|
uid='FAKE_ID', passwd='FAKE_PASS')
|
||||||
|
mock_keystone.trust_get_by_trustor.assert_called_once_with(
|
||||||
|
self.context.user, 'FAKE_ADMIN_ID', self.context.project)
|
||||||
|
x_rpc.credential_update.assert_called_once_with(
|
||||||
|
self.context, 'FAKE_TRUST_ID')
|
||||||
|
|
||||||
|
@mock.patch.object(context, "get_service_context")
|
||||||
|
@mock.patch("senlin.drivers.base.SenlinDriver")
|
||||||
|
@mock.patch("senlin.rpc.client.EngineClient")
|
||||||
|
def test__get_trust_not_found(self, mock_rpc, mock_driver, mock_context):
|
||||||
|
x_rpc = mock.Mock()
|
||||||
|
x_rpc.credential_get.return_value = None
|
||||||
|
mock_rpc.return_value = x_rpc
|
||||||
|
|
||||||
|
x_svc_cred = {'uid': 'FAKE_ID', 'passwd': 'FAKE_PASS'}
|
||||||
|
mock_context.return_value = x_svc_cred
|
||||||
|
x_admin_id = 'FAKE_ADMIN_ID'
|
||||||
|
x_trust = mock.Mock(id='FAKE_TRUST_ID')
|
||||||
|
mock_keystone = mock.Mock()
|
||||||
|
mock_keystone.get_user_id.return_value = x_admin_id
|
||||||
|
mock_keystone.trust_get_by_trustor.return_value = x_trust
|
||||||
|
x_driver = mock.Mock()
|
||||||
|
x_driver.identity.return_value = mock_keystone
|
||||||
|
mock_driver.return_value = x_driver
|
||||||
|
|
||||||
|
result = self.middleware._get_trust(self.context)
|
||||||
|
|
||||||
|
self.assertEqual('FAKE_TRUST_ID', result)
|
||||||
|
mock_rpc.assert_called_once_with()
|
||||||
|
x_rpc.credential_get.assert_called_once_with(self.context)
|
||||||
|
mock_driver.assert_called_once_with()
|
||||||
|
x_driver.identity.assert_called_once_with({
|
||||||
|
'auth_url': self.context.auth_url,
|
||||||
|
'project_id': self.context.project,
|
||||||
|
'user_id': self.context.user,
|
||||||
|
'token': self.context.auth_token,
|
||||||
|
})
|
||||||
|
mock_context.assert_called_once_with()
|
||||||
|
mock_keystone.get_user_id.assert_called_once_with(
|
||||||
|
uid='FAKE_ID', passwd='FAKE_PASS')
|
||||||
|
mock_keystone.trust_get_by_trustor.assert_called_once_with(
|
||||||
|
self.context.user, 'FAKE_ADMIN_ID', self.context.project)
|
||||||
|
x_rpc.credential_create.assert_called_once_with(
|
||||||
|
self.context, 'FAKE_TRUST_ID')
|
||||||
|
|
||||||
|
@mock.patch.object(context, "get_service_context")
|
||||||
|
@mock.patch("senlin.drivers.base.SenlinDriver")
|
||||||
|
@mock.patch("senlin.rpc.client.EngineClient")
|
||||||
|
def test__get_trust_do_create(self, mock_rpc, mock_driver, mock_context):
|
||||||
|
x_rpc = mock.Mock()
|
||||||
|
x_rpc.credential_get.return_value = None
|
||||||
|
mock_rpc.return_value = x_rpc
|
||||||
|
|
||||||
|
x_svc_cred = {'uid': 'FAKE_ID', 'passwd': 'FAKE_PASS'}
|
||||||
|
mock_context.return_value = x_svc_cred
|
||||||
|
x_admin_id = 'FAKE_ADMIN_ID'
|
||||||
|
mock_keystone = mock.Mock()
|
||||||
|
mock_keystone.get_user_id.return_value = x_admin_id
|
||||||
|
x_trust = mock.Mock(id='FAKE_TRUST_ID')
|
||||||
|
mock_keystone.trust_create.return_value = x_trust
|
||||||
|
err = exception.InternalError(code=400, message='Boom')
|
||||||
|
mock_keystone.trust_get_by_trustor.side_effect = err
|
||||||
|
x_driver = mock.Mock()
|
||||||
|
x_driver.identity.return_value = mock_keystone
|
||||||
|
mock_driver.return_value = x_driver
|
||||||
|
|
||||||
|
result = self.middleware._get_trust(self.context)
|
||||||
|
|
||||||
|
self.assertEqual('FAKE_TRUST_ID', result)
|
||||||
|
mock_rpc.assert_called_once_with()
|
||||||
|
x_rpc.credential_get.assert_called_once_with(self.context)
|
||||||
|
mock_driver.assert_called_once_with()
|
||||||
|
x_driver.identity.assert_called_once_with({
|
||||||
|
'auth_url': self.context.auth_url,
|
||||||
|
'project_id': self.context.project,
|
||||||
|
'user_id': self.context.user,
|
||||||
|
'token': self.context.auth_token,
|
||||||
|
})
|
||||||
|
mock_context.assert_called_once_with()
|
||||||
|
mock_keystone.get_user_id.assert_called_once_with(
|
||||||
|
uid='FAKE_ID', passwd='FAKE_PASS')
|
||||||
|
mock_keystone.trust_get_by_trustor.assert_called_once_with(
|
||||||
|
self.context.user, 'FAKE_ADMIN_ID', self.context.project)
|
||||||
|
mock_keystone.trust_create.assert_called_once_with(
|
||||||
|
self.context.user, 'FAKE_ADMIN_ID', self.context.project,
|
||||||
|
self.context.roles)
|
||||||
|
x_rpc.credential_create.assert_called_once_with(
|
||||||
|
self.context, 'FAKE_TRUST_ID')
|
||||||
|
|
||||||
|
@mock.patch.object(context, "get_service_context")
|
||||||
|
@mock.patch("senlin.drivers.base.SenlinDriver")
|
||||||
|
@mock.patch("senlin.rpc.client.EngineClient")
|
||||||
|
def test__get_trust_fatal(self, mock_rpc, mock_driver, mock_context):
|
||||||
|
x_rpc = mock.Mock()
|
||||||
|
x_rpc.credential_get.return_value = None
|
||||||
|
mock_rpc.return_value = x_rpc
|
||||||
|
|
||||||
|
x_svc_cred = {'uid': 'FAKE_ID', 'passwd': 'FAKE_PASS'}
|
||||||
|
mock_context.return_value = x_svc_cred
|
||||||
|
x_admin_id = 'FAKE_ADMIN_ID'
|
||||||
|
mock_keystone = mock.Mock()
|
||||||
|
mock_keystone.get_user_id.return_value = x_admin_id
|
||||||
|
err = exception.InternalError(code=500, message='Boom')
|
||||||
|
mock_keystone.trust_get_by_trustor.side_effect = err
|
||||||
|
x_driver = mock.Mock()
|
||||||
|
x_driver.identity.return_value = mock_keystone
|
||||||
|
mock_driver.return_value = x_driver
|
||||||
|
|
||||||
|
ex = self.assertRaises(exception.InternalError,
|
||||||
|
self.middleware._get_trust,
|
||||||
|
self.context)
|
||||||
|
|
||||||
|
self.assertEqual('Boom', six.text_type(ex))
|
||||||
|
mock_rpc.assert_called_once_with()
|
||||||
|
x_rpc.credential_get.assert_called_once_with(self.context)
|
||||||
|
mock_driver.assert_called_once_with()
|
||||||
|
x_driver.identity.assert_called_once_with({
|
||||||
|
'auth_url': self.context.auth_url,
|
||||||
|
'project_id': self.context.project,
|
||||||
|
'user_id': self.context.user,
|
||||||
|
'token': self.context.auth_token,
|
||||||
|
})
|
||||||
|
mock_context.assert_called_once_with()
|
||||||
|
mock_keystone.get_user_id.assert_called_once_with(
|
||||||
|
uid='FAKE_ID', passwd='FAKE_PASS')
|
||||||
|
mock_keystone.trust_get_by_trustor.assert_called_once_with(
|
||||||
|
self.context.user, 'FAKE_ADMIN_ID', self.context.project)
|
||||||
|
|
Loading…
Reference in New Issue