Support Admin admin user and role
We didn't take into account that the admin role and user might be called on with uppercase first letter - Admin - on some systems. The patch edits the logic so that we accept this admin name or role. Story: #2010880 Task: #48601 Change-Id: Ie027de58f77a58f44b31274e6d75dc830d3b717d
This commit is contained in:
Martin Kopec
parent
58e32bbe5a
commit
b5ae1f69ac
@ -286,6 +286,38 @@ class TestUsers(BaseConfigTempestTest):
|
|||||||
username=self.username,
|
username=self.username,
|
||||||
role_name=self.role_name)
|
role_name=self.role_name)
|
||||||
|
|
||||||
|
@mock.patch('config_tempest.clients.ProjectsClient'
|
||||||
|
'.get_project_by_name')
|
||||||
|
@mock.patch('tempest.lib.services.identity.v2.'
|
||||||
|
'users_client.UsersClient.list_users')
|
||||||
|
@mock.patch('tempest.lib.services.identity.v2.'
|
||||||
|
'users_client.UsersClient.create_user')
|
||||||
|
@mock.patch('tempest.lib.services.identity.v2.'
|
||||||
|
'roles_client.RolesClient.list_roles')
|
||||||
|
@mock.patch('tempest.lib.services.identity.v2.roles_client.'
|
||||||
|
'RolesClient.create_user_role_on_project')
|
||||||
|
def test_give_role_to_user_Admin(
|
||||||
|
self,
|
||||||
|
mock_create_user_role_on_project,
|
||||||
|
mock_list_roles,
|
||||||
|
mock_create_user,
|
||||||
|
mock_list_users,
|
||||||
|
mock_get_project_by_name):
|
||||||
|
mock_get_project_by_name.return_value = {'id': "fake_project_id"}
|
||||||
|
users = self.users
|
||||||
|
users['users'].append(
|
||||||
|
{'name': "Admin", 'id': "Admin_user_id"})
|
||||||
|
roles = self.roles
|
||||||
|
roles['roles'].append(
|
||||||
|
{'name': "Admin", 'id': "Admin_role_id"})
|
||||||
|
mock_list_users.return_value = users
|
||||||
|
mock_list_roles.return_value = roles
|
||||||
|
# using admin as user and role as those are the default values
|
||||||
|
# when discover-tempest-config is executed
|
||||||
|
self.Service.give_role_to_user(
|
||||||
|
username="admin",
|
||||||
|
role_name="admin")
|
||||||
|
|
||||||
def _check_user_roles(self, user_roles, system_roles):
|
def _check_user_roles(self, user_roles, system_roles):
|
||||||
self.Service._conf.set('auth', 'tempest_roles', user_roles)
|
self.Service._conf.set('auth', 'tempest_roles', user_roles)
|
||||||
return self.Service.check_user_roles(system_roles)
|
return self.Service.check_user_roles(system_roles)
|
||||||
|
|||||||
@ -48,10 +48,35 @@ class Users(object):
|
|||||||
|
|
||||||
self.give_role_to_user(username, role_name='admin')
|
self.give_role_to_user(username, role_name='admin')
|
||||||
|
|
||||||
|
def _filter_ids_by_name(self, mode, name, role_name, roles_list):
|
||||||
|
"""Filter the id that belongs to the name in the given list.
|
||||||
|
|
||||||
|
:param mode: 'roles' or 'users', depending what we're looking for
|
||||||
|
:param name: Name we want to filter by
|
||||||
|
:param role_name: Name of the role we wanna assign the user
|
||||||
|
:param roles_list: List of roles or users to search in.
|
||||||
|
:return: List containing an id matching the name in the roles_list.
|
||||||
|
:rtype: list
|
||||||
|
"""
|
||||||
|
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
|
||||||
|
if not match and role_name == 'admin':
|
||||||
|
# in a few cases there might be the admin role with upper-case
|
||||||
|
# first letter, therefore, let's try Admin
|
||||||
|
name = 'Admin'
|
||||||
|
match = [n['id'] for n in roles_list[mode] if n['name'] == name]
|
||||||
|
if match and mode == 'users':
|
||||||
|
# if we found a match with Admin and we're in the users mode,
|
||||||
|
# change also the admin_username in the tempest.conf
|
||||||
|
self._conf.set('auth', 'admin_username', name)
|
||||||
|
return match
|
||||||
|
|
||||||
def give_role_to_user(self, username, role_name,
|
def give_role_to_user(self, username, role_name,
|
||||||
role_required=True):
|
role_required=True):
|
||||||
"""Give the user a role in the project.
|
"""Give the user a role in the project.
|
||||||
|
|
||||||
|
If the role is 'admin' and it isn't found, the method will try 'Admin'
|
||||||
|
as sometimes the admin role can be named with upper-case 1st letter.
|
||||||
|
|
||||||
:type username: string
|
:type username: string
|
||||||
:type role_name: string
|
:type role_name: string
|
||||||
:type role_required: boolean
|
:type role_required: boolean
|
||||||
@ -59,14 +84,16 @@ class Users(object):
|
|||||||
project_name = self._conf.get('identity', 'project_name')
|
project_name = self._conf.get('identity', 'project_name')
|
||||||
proj_id = self.projects_client.get_project_by_name(project_name)['id']
|
proj_id = self.projects_client.get_project_by_name(project_name)['id']
|
||||||
users = self.users_client.list_users()
|
users = self.users_client.list_users()
|
||||||
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
|
user_ids = self._filter_ids_by_name('users', username,
|
||||||
|
role_name, users)
|
||||||
if not user_ids:
|
if not user_ids:
|
||||||
raise Exception("user %s not found" % username)
|
raise Exception("user %s not found" % username)
|
||||||
user_id = user_ids[0]
|
user_id = user_ids[0]
|
||||||
|
|
||||||
roles = self.roles_client.list_roles()
|
roles = self.roles_client.list_roles()
|
||||||
self.check_user_roles(roles)
|
self.check_user_roles(roles)
|
||||||
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
|
role_ids = self._filter_ids_by_name('roles', role_name,
|
||||||
|
role_name, roles)
|
||||||
if not role_ids:
|
if not role_ids:
|
||||||
if role_required:
|
if role_required:
|
||||||
raise Exception("required role %s not found" % role_name)
|
raise Exception("required role %s not found" % role_name)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user