Support Admin admin user and role
We didn't take into account that the admin role and user might be called on with uppercase first letter - Admin - on some systems. The patch edits the logic so that we accept this admin name or role. Story: #2010880 Task: #48601 Change-Id: Ie027de58f77a58f44b31274e6d75dc830d3b717d
This commit is contained in:
parent
58e32bbe5a
commit
b5ae1f69ac
@ -286,6 +286,38 @@ class TestUsers(BaseConfigTempestTest):
|
||||
username=self.username,
|
||||
role_name=self.role_name)
|
||||
|
||||
@mock.patch('config_tempest.clients.ProjectsClient'
|
||||
'.get_project_by_name')
|
||||
@mock.patch('tempest.lib.services.identity.v2.'
|
||||
'users_client.UsersClient.list_users')
|
||||
@mock.patch('tempest.lib.services.identity.v2.'
|
||||
'users_client.UsersClient.create_user')
|
||||
@mock.patch('tempest.lib.services.identity.v2.'
|
||||
'roles_client.RolesClient.list_roles')
|
||||
@mock.patch('tempest.lib.services.identity.v2.roles_client.'
|
||||
'RolesClient.create_user_role_on_project')
|
||||
def test_give_role_to_user_Admin(
|
||||
self,
|
||||
mock_create_user_role_on_project,
|
||||
mock_list_roles,
|
||||
mock_create_user,
|
||||
mock_list_users,
|
||||
mock_get_project_by_name):
|
||||
mock_get_project_by_name.return_value = {'id': "fake_project_id"}
|
||||
users = self.users
|
||||
users['users'].append(
|
||||
{'name': "Admin", 'id': "Admin_user_id"})
|
||||
roles = self.roles
|
||||
roles['roles'].append(
|
||||
{'name': "Admin", 'id': "Admin_role_id"})
|
||||
mock_list_users.return_value = users
|
||||
mock_list_roles.return_value = roles
|
||||
# using admin as user and role as those are the default values
|
||||
# when discover-tempest-config is executed
|
||||
self.Service.give_role_to_user(
|
||||
username="admin",
|
||||
role_name="admin")
|
||||
|
||||
def _check_user_roles(self, user_roles, system_roles):
|
||||
self.Service._conf.set('auth', 'tempest_roles', user_roles)
|
||||
return self.Service.check_user_roles(system_roles)
|
||||
|
@ -48,10 +48,35 @@ class Users(object):
|
||||
|
||||
self.give_role_to_user(username, role_name='admin')
|
||||
|
||||
def _filter_ids_by_name(self, mode, name, role_name, roles_list):
|
||||
"""Filter the id that belongs to the name in the given list.
|
||||
|
||||
:param mode: 'roles' or 'users', depending what we're looking for
|
||||
:param name: Name we want to filter by
|
||||
:param role_name: Name of the role we wanna assign the user
|
||||
:param roles_list: List of roles or users to search in.
|
||||
:return: List containing an id matching the name in the roles_list.
|
||||
:rtype: list
|
||||
"""
|
||||
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
|
||||
if not match and role_name == 'admin':
|
||||
# in a few cases there might be the admin role with upper-case
|
||||
# first letter, therefore, let's try Admin
|
||||
name = 'Admin'
|
||||
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
|
||||
if match and mode == 'users':
|
||||
# if we found a match with Admin and we're in the users mode,
|
||||
# change also the admin_username in the tempest.conf
|
||||
self._conf.set('auth', 'admin_username', name)
|
||||
return match
|
||||
|
||||
def give_role_to_user(self, username, role_name,
|
||||
role_required=True):
|
||||
"""Give the user a role in the project.
|
||||
|
||||
If the role is 'admin' and it isn't found, the method will try 'Admin'
|
||||
as sometimes the admin role can be named with upper-case 1st letter.
|
||||
|
||||
:type username: string
|
||||
:type role_name: string
|
||||
:type role_required: boolean
|
||||
@ -59,14 +84,16 @@ class Users(object):
|
||||
project_name = self._conf.get('identity', 'project_name')
|
||||
proj_id = self.projects_client.get_project_by_name(project_name)['id']
|
||||
users = self.users_client.list_users()
|
||||
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
|
||||
user_ids = self._filter_ids_by_name('users', username,
|
||||
role_name, users)
|
||||
if not user_ids:
|
||||
raise Exception("user %s not found" % username)
|
||||
user_id = user_ids[0]
|
||||
|
||||
roles = self.roles_client.list_roles()
|
||||
self.check_user_roles(roles)
|
||||
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
|
||||
role_ids = self._filter_ids_by_name('roles', role_name,
|
||||
role_name, roles)
|
||||
if not role_ids:
|
||||
if role_required:
|
||||
raise Exception("required role %s not found" % role_name)
|
||||
|
Loading…
x
Reference in New Issue
Block a user