Merge "Delete RoleAssignment if user/group does not exist"
This commit is contained in:
commit
98eb90f806
heat
engine
tests
@ -11,7 +11,7 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from keystoneclient import exceptions
|
from keystoneauth1 import exceptions as ks_exceptions
|
||||||
|
|
||||||
from heat.common import exception
|
from heat.common import exception
|
||||||
from heat.engine.clients import client_plugin
|
from heat.engine.clients import client_plugin
|
||||||
@ -20,7 +20,7 @@ from heat.engine.clients.os.keystone import heat_keystoneclient as hkc
|
|||||||
|
|
||||||
class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
||||||
|
|
||||||
exceptions_module = exceptions
|
exceptions_module = [ks_exceptions, exception]
|
||||||
|
|
||||||
service_types = [IDENTITY] = ['identity']
|
service_types = [IDENTITY] = ['identity']
|
||||||
|
|
||||||
@ -28,19 +28,20 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
return hkc.KeystoneClient(self.context)
|
return hkc.KeystoneClient(self.context)
|
||||||
|
|
||||||
def is_not_found(self, ex):
|
def is_not_found(self, ex):
|
||||||
return isinstance(ex, exceptions.NotFound)
|
return isinstance(ex, (ks_exceptions.NotFound,
|
||||||
|
exception.EntityNotFound))
|
||||||
|
|
||||||
def is_over_limit(self, ex):
|
def is_over_limit(self, ex):
|
||||||
return isinstance(ex, exceptions.RequestEntityTooLarge)
|
return isinstance(ex, ks_exceptions.RequestEntityTooLarge)
|
||||||
|
|
||||||
def is_conflict(self, ex):
|
def is_conflict(self, ex):
|
||||||
return isinstance(ex, exceptions.Conflict)
|
return isinstance(ex, ks_exceptions.Conflict)
|
||||||
|
|
||||||
def get_role_id(self, role):
|
def get_role_id(self, role):
|
||||||
try:
|
try:
|
||||||
role_obj = self.client().client.roles.get(role)
|
role_obj = self.client().client.roles.get(role)
|
||||||
return role_obj.id
|
return role_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
role_list = self.client().client.roles.list(name=role)
|
role_list = self.client().client.roles.list(name=role)
|
||||||
for role_obj in role_list:
|
for role_obj in role_list:
|
||||||
if role_obj.name == role:
|
if role_obj.name == role:
|
||||||
@ -54,7 +55,7 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
project_obj = self.client().client.projects.get(project)
|
project_obj = self.client().client.projects.get(project)
|
||||||
return project_obj.id
|
return project_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
project_list = self.client().client.projects.list(name=project)
|
project_list = self.client().client.projects.list(name=project)
|
||||||
for project_obj in project_list:
|
for project_obj in project_list:
|
||||||
if project_obj.name == project:
|
if project_obj.name == project:
|
||||||
@ -69,7 +70,7 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
domain_obj = self.client().client.domains.get(domain)
|
domain_obj = self.client().client.domains.get(domain)
|
||||||
return domain_obj.id
|
return domain_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
domain_list = self.client().client.domains.list(name=domain)
|
domain_list = self.client().client.domains.list(name=domain)
|
||||||
for domain_obj in domain_list:
|
for domain_obj in domain_list:
|
||||||
if domain_obj.name == domain:
|
if domain_obj.name == domain:
|
||||||
@ -83,7 +84,7 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
group_obj = self.client().client.groups.get(group)
|
group_obj = self.client().client.groups.get(group)
|
||||||
return group_obj.id
|
return group_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
group_list = self.client().client.groups.list(name=group)
|
group_list = self.client().client.groups.list(name=group)
|
||||||
for group_obj in group_list:
|
for group_obj in group_list:
|
||||||
if group_obj.name == group:
|
if group_obj.name == group:
|
||||||
@ -97,7 +98,7 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
service_obj = self.client().client.services.get(service)
|
service_obj = self.client().client.services.get(service)
|
||||||
return service_obj.id
|
return service_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
service_list = self.client().client.services.list(name=service)
|
service_list = self.client().client.services.list(name=service)
|
||||||
|
|
||||||
if len(service_list) == 1:
|
if len(service_list) == 1:
|
||||||
@ -114,7 +115,7 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
user_obj = self.client().client.users.get(user)
|
user_obj = self.client().client.users.get(user)
|
||||||
return user_obj.id
|
return user_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
user_list = self.client().client.users.list(name=user)
|
user_list = self.client().client.users.list(name=user)
|
||||||
for user_obj in user_list:
|
for user_obj in user_list:
|
||||||
if user_obj.name == user:
|
if user_obj.name == user:
|
||||||
@ -126,6 +127,6 @@ class KeystoneClientPlugin(client_plugin.ClientPlugin):
|
|||||||
try:
|
try:
|
||||||
region_obj = self.client().client.regions.get(region)
|
region_obj = self.client().client.regions.get(region)
|
||||||
return region_obj.id
|
return region_obj.id
|
||||||
except exceptions.NotFound:
|
except ks_exceptions.NotFound:
|
||||||
raise exception.EntityNotFound(entity='KeystoneRegion',
|
raise exception.EntityNotFound(entity='KeystoneRegion',
|
||||||
name=region)
|
name=region)
|
||||||
|
@ -349,8 +349,12 @@ class KeystoneUserRoleAssignment(resource.Resource,
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def user_id(self):
|
def user_id(self):
|
||||||
return (self.client_plugin().get_user_id(
|
try:
|
||||||
self.properties.get(self.USER)))
|
return self.client_plugin().get_user_id(
|
||||||
|
self.properties.get(self.USER))
|
||||||
|
except Exception as ex:
|
||||||
|
self.client_plugin().ignore_not_found(ex)
|
||||||
|
return None
|
||||||
|
|
||||||
def handle_create(self):
|
def handle_create(self):
|
||||||
self.create_assignment(user_id=self.user_id)
|
self.create_assignment(user_id=self.user_id)
|
||||||
@ -406,8 +410,12 @@ class KeystoneGroupRoleAssignment(resource.Resource,
|
|||||||
|
|
||||||
@property
|
@property
|
||||||
def group_id(self):
|
def group_id(self):
|
||||||
return (self.client_plugin().get_group_id(
|
try:
|
||||||
self.properties.get(self.GROUP)))
|
return self.client_plugin().get_group_id(
|
||||||
|
self.properties.get(self.GROUP))
|
||||||
|
except Exception as ex:
|
||||||
|
self.client_plugin().ignore_not_found(ex)
|
||||||
|
return None
|
||||||
|
|
||||||
def handle_create(self):
|
def handle_create(self):
|
||||||
self.create_assignment(group_id=self.group_id)
|
self.create_assignment(group_id=self.group_id)
|
||||||
|
@ -636,6 +636,14 @@ class TestIsNotFound(common.HeatTestCase):
|
|||||||
plugin='keystone',
|
plugin='keystone',
|
||||||
exception=lambda: keystone_exc.NotFound(details='gone'),
|
exception=lambda: keystone_exc.NotFound(details='gone'),
|
||||||
)),
|
)),
|
||||||
|
('keystone_entity_not_found', dict(
|
||||||
|
is_not_found=True,
|
||||||
|
is_over_limit=False,
|
||||||
|
is_client_exception=True,
|
||||||
|
is_conflict=False,
|
||||||
|
plugin='keystone',
|
||||||
|
exception=lambda: exception.EntityNotFound(),
|
||||||
|
)),
|
||||||
('keystone_exception', dict(
|
('keystone_exception', dict(
|
||||||
is_not_found=False,
|
is_not_found=False,
|
||||||
is_over_limit=False,
|
is_over_limit=False,
|
||||||
|
@ -460,6 +460,12 @@ class KeystoneUserRoleAssignmentTest(common.HeatTestCase):
|
|||||||
user='user_1',
|
user='user_1',
|
||||||
project='project_1')
|
project='project_1')
|
||||||
|
|
||||||
|
def test_user_role_assignment_delete_user_not_found(self):
|
||||||
|
self.keystone_client_plugin.get_user_id.side_effect = [
|
||||||
|
exception.EntityNotFound]
|
||||||
|
self.assertIsNone(self.test_role_assignment.handle_delete())
|
||||||
|
self.roles.revoke.assert_not_called()
|
||||||
|
|
||||||
|
|
||||||
class KeystoneGroupRoleAssignmentTest(common.HeatTestCase):
|
class KeystoneGroupRoleAssignmentTest(common.HeatTestCase):
|
||||||
|
|
||||||
@ -573,3 +579,9 @@ class KeystoneGroupRoleAssignmentTest(common.HeatTestCase):
|
|||||||
role='role_1',
|
role='role_1',
|
||||||
group='group_1',
|
group='group_1',
|
||||||
project='project_1')
|
project='project_1')
|
||||||
|
|
||||||
|
def test_group_role_assignment_delete_group_not_found(self):
|
||||||
|
self.keystone_client_plugin.get_group_id.side_effect = [
|
||||||
|
exception.EntityNotFound]
|
||||||
|
self.assertIsNone(self.test_role_assignment.handle_delete())
|
||||||
|
self.roles.revoke.assert_not_called()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user