def project_check(request, current_project): project_id = request.session.get('project_id') user = request.user if current_project: try: keystone = Keystone(request) except exceptions.AuthorizationFailure: msg = _('Unable to retrieve Keystone data') messages.add_message(request, messages.ERROR, msg) log.error(f'{request.user}: {msg}') return False if not keystone.conn: return False project = keystone.project_get_by_name(current_project) if not project: # messages.add_message(request, messages.WARNING, u"Unauthorized") return False if not project_id or project.id != project_id: groups = user.groups.all() group_projects = GroupProjects.objects.filter(group_id__in=[group.id for group in groups]) if group_projects.filter(project=project.id).count() == 0: # messages.add_message(request, messages.WARNING, u"Unauthorized") return False save_current_project(user.id, project.id) set_current_project(request, project) return True
def switch(request, project_id): """Switch session parameters to project with project_id""" if project_id is None: raise ValueError(_("Missing 'project_id'")) next_url = reverse("main") # _build_next_url(request) try: keystone = Keystone(request) except exceptions.AuthorizationFailure: msg = _("Unable to retrieve Keystone data") messages.add_message(request, messages.ERROR, msg) log.error(f"{request.user}: {msg}") return HttpResponseRedirect(next_url) try: project = keystone.project_get(project_id) except Exception as err: messages.add_message(request, messages.ERROR, _("Can't find this project")) log.exception("{}{}".format(_("Exception:").encode("UTF-8"), err)) return HttpResponseRedirect(next_url) save_current_project(request.user.id, project.id) set_current_project(request, project) log.info("User [{}] switched to project [{}]".format(request.user, project_id)) messages.add_message(request, messages.INFO, _("Project selected: {}".format(project.name))) return HttpResponseRedirect(next_url)
def _get_data(self): """ Retrieve sorted list of projects """ user = self.request.user groups = user.groups.all() try: keystone = Keystone(self.request) except exceptions.AuthorizationFailure: msg = _('Unable to retrieve Keystone data') messages.add_message(self.request, messages.ERROR, msg) log.error(f'{self.request.user}: {msg}') return [] projects = [] for group in groups: gps = GroupProjects.objects.filter(group=group.id) gps_ks = [ x for x in filter(lambda x: x.enabled, keystone.project_list()) ] for gp in gps: for gp_ks in gps_ks: if gp.project == gp_ks.id and gp_ks not in projects: projects.append(gp_ks) break projects.sort(key=lambda x: x.name.lower()) return projects
def test_vault_create_project_fail_to_save_group_project_on_db( self, mock_gp_save, mock_user_delete, mock_user_create, mock_project_delete, mock_encrypt_password): fake_user = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name)) mock_user_create.return_value = fake_user # Excecao ao salvar no db mock_gp_save.side_effect = Exception mock_encrypt_password.return_value = b'123456' keystone = Keystone(self.request, project_name='project_name') expected = { 'status': False, 'reason': 'Unable to assign project to group' } computed = keystone.vault_project_create( self.project.name, 2, description=self.project.description) self.assertEqual(computed, expected) mock_project_delete.assert_called_with(self.project.id) mock_user_delete.assert_called_with(fake_user.id)
def test_keystone_create_user_and_set_role(self, mock_role_get, mock_project_get, mock_add_user_role): """ Cadastra usuario e seta role para project """ mock_user_create = self.mock_keystone_conn.return_value.users.create fake_user = FakeResource('user_id', name='user_name') fake_role = FakeResource('role_id', name='role_name') fake_project = FakeResource('project_id', name='project_name') mock_user_create.return_value = fake_user mock_role_get.return_value = fake_role mock_project_get.return_value = fake_project keystone = Keystone(self.request, 'project_name') keystone.user_create('name', email='*****@*****.**', password='******', project_id='project_id', enabled=True, role_id='role_id') keystone.conn.users.create.assert_called_with('name', domain=None, email='*****@*****.**', enabled=True, password='******', project='project_id') mock_add_user_role.assert_called_with(fake_user, fake_project, fake_role)
def test_vault_create_project(self, mock_gp, mock_ap, mock_key_pass, mock_key_user): mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name)) mock_key_pass.return_value = 'password' keystone = Keystone(self.request, tenant_name='tenant_name') expected = { 'status': True, 'project': self.mock_project_create.return_value, 'user': mock_key_user.return_value, 'password': mock_key_pass.return_value, } computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description) # Criacao do Project self.mock_project_create.assert_called_with(self.project.name, description=self.project.description, enabled=True) # Criacao do User mock_key_user.assert_called_with(name='u_{}'.format(self.project.name), password='******', project_id=self.project.id, role_id=settings.KEYSTONE_ROLE) mock_gp.assert_called_with(group_id=1, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) mock_ap.assert_called_with(area_id=1, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) self.assertEqual(computed, expected)
def switch(request, project_id, next_url=None): """ Switch session parameters to project with project_id """ if project_id is None: raise ValueError(_("Missing 'project_id'")) if next_url is not None: next_url = next_url else: next_url = _build_next_url(request) try: project = Project.objects.get(id=project_id) except Project.DoesNotExist as err: messages.add_message(request, messages.ERROR, _("Can't find this project")) log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), err)) return HttpResponseRedirect(next_url) keystone = Keystone(request) request.session['project_id'] = project_id request.session['project_name'] = project.name request.session['service_catalog'] = keystone.get_endpoints() request.session['auth_token'] = keystone.conn.auth_token return HttpResponseRedirect(next_url)
def maybe_update_token(request): token_time = request.session.get('token_time') if token_time is None or token_time < datetime.utcnow(): log.info('Updating token for user [{}]'.format(request.user)) try: keystone = Keystone(request) except exceptions.AuthorizationFailure: msg = _('Unable to retrieve Keystone data') messages.add_message(request, messages.ERROR, msg) log.error(f'{request.user}: {msg}') return False if keystone.conn is None: return False request.session['token_time'] = ( timedelta(minutes=15) + datetime.utcnow() ) request.session['auth_token'] = keystone.conn.auth_token request.session['service_catalog'] = keystone.get_endpoints() return True return False
def get_context_data(self, **kwargs): context = super(CreateProjectSuccessView, self).get_context_data(**kwargs) request = kwargs.get("request") context["project_info"] = request.session.get("project_info") context["project_info"]["auth_url"] = settings.KEYSTONE_URL project_name = context["project_info"]["project_name"] user_name = context["project_info"]["user_name"] password = context["project_info"]["user_password"] try: keystone = Keystone(request, username=user_name, password=password, project_name=project_name) context["project_info"]["endpoints"] = keystone.get_endpoints() except exceptions.AuthorizationFailure: msg = _("Unable to retrieve Keystone data") messages.add_message(request, messages.ERROR, msg) log.error(f"{request.user}: {msg}") return context
def get_context_data(self, **kwargs): context = super(CreateProjectSuccessView, self).get_context_data(**kwargs) request = kwargs.get('request') context['project_info'] = request.session.get('project_info') context['project_info']['auth_url'] = settings.KEYSTONE_URL project_name = context['project_info']['project_name'] user_name = context['project_info']['user_name'] password = context['project_info']['user_password'] try: keystone = Keystone(request, username=user_name, password=password, project_name=project_name) context['project_info']['endpoints'] = keystone.get_endpoints() except exceptions.AuthorizationFailure: msg = _('Unable to retrieve Keystone data') messages.add_message(request, messages.ERROR, msg) log.error(f'{request.user}: {msg}') return context
def test_keystone_create_user_with_no_role(self, mock_add_user_role): """ Cadastra usuario sem setar role para nenhum project """ keystone = Keystone(self.request) keystone.user_create('name', email='*****@*****.**', password='******', project_id='project_id', enabled=True) keystone.conn.users.create.assert_called_with('name', 'password', '*****@*****.**', 'project_id', True) self.assertFalse(mock_add_user_role.called)
def swift_cloud_status(request): try: keystone = Keystone(request) except Exception as err: log.exception(f"Keystone error: {err}") return render(request, "vault/swift_cloud/status.html", { "projects": [], "error": "Keystone Error" }) environ = settings.ENVIRON if not environ and "localhost" in request.get_host(): environ = "local" user = request.user group_ids = [g.id for g in user.groups.all()] projects = [] keystone_projects = keystone.project_list() try: group_projects = GroupProjects.objects.filter(group_id__in=group_ids, owner=True) for project in keystone_projects: for gp in group_projects: if project.id == gp.project: projects.append({ "id": project.id, "name": project.name, "description": project.description, "environment": environ, "team": gp.group.name, "status": "", "metadata": {} }) projects.sort(key=lambda p: p["name"].lower()) except Exception as err: log.exception(f"Keystone error: {err}") # Get transfer status for all projects in swift cloud tools api sct_client = SCTClient(settings.SWIFT_CLOUD_TOOLS_URL, settings.SWIFT_CLOUD_TOOLS_API_KEY) data = [] try: response = sct_client.transfer_status_by_projects( [p["id"] for p in projects]) if response.ok: data = response.json() except Exception as err: log.exception(f"Swift Cloud Tools Error: {err}") return render(request, "vault/swift_cloud/status.html", { "projects": json.dumps(projects), "migration_data": json.dumps(data) })
def test_user_list_valid_project_id_with_no_user(self): """ Testa metodo de listagem de usuario para o caso de um project_id valido que NAO possui usuarios """ expected = [] self.mock_keystone_conn.return_value.users.list.return_value = expected keystone = Keystone(self.request) computed = keystone.user_list(project_id='123454321') self.assertEqual(computed, expected)
def test_user_list_valid_project_id_with_no_user(self): """ Testa metodo de listagem de usuario para o caso de um project_id valido que NAO possui usuarios """ expected = [] self.mock_keystone_conn.return_value.users.list.return_value = expected keystone = Keystone(self.request) computed = keystone.user_list(project_id='123454321') self.assertEqual(computed, expected)
def post(self, request, *args, **kwargs): form = DeleteProjectConfirm(data=request.POST) if not form.is_valid(): return self.render_to_response( self.get_context_data(form=form, request=request)) user = form.data.get('user') password = form.data.get('password') project_id = self.kwargs.get('project_id') project_name = self.keystone.project_get(project_id).name try: keystone_app = Keystone(request, username=user, password=password, tenant_name=project_name) except exceptions.Unauthorized: # Falhou ao auntenticar com as credenciais enviadas pelo usuario messages.add_message(request, messages.ERROR, _('Invalid credentials.')) return self.render_to_response( context=self.get_context_data(form=form, request=request)) endpoints = keystone_app.get_endpoints() storage_url = endpoints['adminURL'] auth_token = self.keystone.conn.auth_token swift_del_result = delete_swift_account(storage_url, auth_token) if not swift_del_result: messages.add_message(request, messages.ERROR, _('Error when delete project')) return HttpResponseRedirect( reverse('edit_project', kwargs={'project_id': project_id})) try: self.keystone.vault_delete_project(project_id) messages.add_message(request, messages.SUCCESS, _('Successfully deleted project.')) except Exception as e: log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e)) messages.add_message(request, messages.ERROR, _('Error when delete project')) return HttpResponseRedirect(self.success_url)
def post(self, request, *args, **kwargs): form = DeleteProjectConfirm(data=request.POST) if not form.is_valid(): return self.render_to_response( self.get_context_data(form=form, request=request) ) user = form.data.get('user') password = form.data.get('password') project_id = self.kwargs.get('project_id') project_name = self.keystone.project_get(project_id).name try: keystone_app = Keystone(request, username=user, password=password, tenant_name=project_name) except exceptions.Unauthorized: # Falhou ao auntenticar com as credenciais enviadas pelo usuario messages.add_message(request, messages.ERROR, _('Invalid credentials.')) return self.render_to_response( context=self.get_context_data(form=form, request=request) ) endpoints = keystone_app.get_endpoints() storage_url = endpoints['adminURL'] auth_token = self.keystone.conn.auth_token swift_del_result = delete_swift_account(storage_url, auth_token) if not swift_del_result: messages.add_message(request, messages.ERROR, _('Error when delete project')) return HttpResponseRedirect(reverse('edit_project', kwargs={'project_id': project_id})) try: self.keystone.vault_delete_project(project_id) messages.add_message(request, messages.SUCCESS, _('Successfully deleted project.')) except Exception as e: log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e)) messages.add_message(request, messages.ERROR, _('Error when delete project')) return HttpResponseRedirect(self.success_url)
def test_keystone_create_user_with_no_role(self, mock_add_user_role): """ Cadastra usuario sem setar role para nenhum project """ keystone = Keystone(self.request) keystone.user_create('name', email='*****@*****.**', password='******', project_id='project_id', enabled=True) keystone.conn.users.create.assert_called_with('name', 'password', '*****@*****.**', 'project_id', True) self.assertFalse(mock_add_user_role.called)
def test_vault_create_project_forbidden_on_project_create(self, mock_key_user): self.mock_project_create.side_effect = exceptions.Forbidden mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name)) keystone = Keystone(self.request, tenant_name='tenant_name') expected = {'status': False, 'reason': 'Superuser required.'} computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description) self.assertEqual(computed, expected) # Criacao de user nao pode ocorrer quando hover falha na criacao do project self.assertFalse(mock_key_user.called)
def test_vault_create_project_forbidden_on_user_create(self, mock_key_user, mock_project_delete, mock_project_create): mock_project_create.return_value = ProjectFactory(id=self.project.id, name=self.project.name) mock_key_user.side_effect = exceptions.Forbidden keystone = Keystone(self.request, tenant_name='tenant_name') expected = {'status': False, 'reason': 'Admin required'} computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description) self.assertEqual(computed, expected) # Se falhou o cadastro de usuario, o project devera ser deletado mock_project_delete.assert_called_with(self.project.id)
def test_vault_delete_project(self): keystone = Keystone(self.request) _ = keystone.vault_delete_project(self.project_id) # Delete project self.mock_project_delete.assert_called_with(self.project_id) # Find project's user self.mock_return_find_u_user.assert_called_with(self.project_id) # Delete user self.mock_user_delete.assert_called_with(self.user_id)
def test_vault_delete_project(self): keystone = Keystone(self.request) _ = keystone.vault_delete_project(self.project_id) # Delete project self.mock_project_delete.assert_called_with(self.project_id) # Find project's user self.mock_return_find_u_user.assert_called_with(self.project_id) # Delete user self.mock_user_delete.assert_called_with(self.user_id)
def __init__(self, *args, **kwargs): super(CreateUserForm, self).__init__(*args, **kwargs) _password = Keystone.create_password() for field in ('password', 'password_confirm'): self.fields[field].initial = _password
def test_vault_update_project_keystone(self, mock_prj_owner): mock_prj_owner.return_value = {'status': True} fake_project = self.mock_project_get.return_value keystone = Keystone(self.request, project_name='project_name') computed = keystone.vault_project_update( self.project.id, self.project.name, self.group.id, description=self.project.description) expected = { 'status': True, 'project': self.mock_project_update.return_value } self.assertEqual(computed, expected)
def test_vault_create_project_fail_to_save_project_to_team_on_db(self, mock_user_delete, mock_user_create, mock_project_delete, _, mock_areaprojects): mock_areaprojects.side_effect = Exception project_name = 'project_test' fake_user = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name)) mock_user_create.return_value = fake_user keystone = Keystone(self.request, tenant_name='tenant_name') result = keystone.vault_create_project(project_name, self.group, self.area) expected = {'status': False, 'reason': 'Unable to assign project to area'} self.assertEqual(result, expected) mock_project_delete.assert_called_with(self.project.id) mock_user_delete.assert_called_with(fake_user.id)
def test_vault_create_project_forbidden_on_user_create( self, mock_key_user, mock_project_delete, mock_project_create): mock_project_create.return_value = ProjectFactory( id=self.project.id, name=self.project.name) mock_key_user.side_effect = exceptions.Forbidden keystone = Keystone(self.request, tenant_name='tenant_name') expected = {'status': False, 'reason': 'Admin required'} computed = keystone.vault_create_project( self.project.name, 1, 1, description=self.project.description) self.assertEqual(computed, expected) # Se falhou o cadastro de usuario, o project devera ser deletado mock_project_delete.assert_called_with(self.project.id)
def test_vault_create_project(self, mock_gp_create, mock_key_pass, mock_key_user, mock_encrypt_password): mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format( self.project.name)) mock_key_pass.return_value = 'password' mock_encrypt_password.return_value = b'123456' keystone = Keystone(self.request, project_name='project_name') expected = { 'status': True, 'project': self.mock_project_create.return_value, 'user': mock_key_user.return_value, 'password': mock_key_pass.return_value, } computed = keystone.vault_project_create( self.project.name, self.group.id, description=self.project.description) # Project creation self.mock_project_create.assert_called_with( self.project.name, description=self.project.description, enabled=True) # User creation mock_key_user.assert_called_with( name='u_vault_{}'.format(self.project.name), email='', password='******', enabled=True, domain='default', project_id=self.project.id, role_id='e03a556b664d4a41aaf2c5b4518f33ae') mock_gp_create.assert_called_with(group_id=self.group.id, project_id=self.project.id, owner=1) self.assertEqual(computed, expected)
def test_user_list_invalid_project(self): """ Testa metodo de listagem de usuario para o caso de um project_id invalido """ self.mock_keystone_conn.return_value.users.list.side_effect = exceptions.NotFound keystone = Keystone(self.request) self.assertRaises(exceptions.NotFound, keystone.user_list)
def test_vault_create_project_forbidden_on_project_create( self, mock_key_user): self.mock_project_create.side_effect = exceptions.Forbidden mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format( self.project.name)) keystone = Keystone(self.request, project_name='project_name') expected = {'status': False, 'reason': 'Superuser required.'} computed = keystone.vault_project_create( self.project.name, 1, description=self.project.description) self.assertEqual(computed, expected) # Criacao de user nao pode ocorrer quando hover falha na criacao do project self.assertFalse(mock_key_user.called)
def test_regular_user_creates_keystone_conn_on_a_NOT_allowed_project(self): # Se este mock retorna uma lista vazia, significa que o time do # usuario NAO possui permissao no project self.mock_filter.return_value = [] self.request.user.is_superuser = False keystone = Keystone(self.request, project_name='abcdefg') self.assertEqual(keystone.conn, None)
def setUp(self): self.request = fake_request() self.request.user.is_superuser = True self.keystone = Keystone(self.request) self.project = None self.user = None
def get_context_data(self, **kwargs): context = super(CreateProjectSuccessView, self).get_context_data(**kwargs) request = kwargs.get('request') context['project_info'] = request.session.get('project_info') context['project_info']['auth_url'] = settings.KEYSTONE_URL project_name = context['project_info']['project_name'] user_name = context['project_info']['user_name'] password = context['project_info']['user_password'] keystone = Keystone(request, username=user_name, password=password, tenant_name=project_name) context['project_info']['endpoints'] = keystone.get_endpoints() return context
def test_return_find_u_user(self, mock_project_get, mock_user_list): mock_project_get.return_value = ProjectFactory(id='abcde', name='infra') mock_user_list.return_value = UserFactory(id='abcde', username='******') keystone = Keystone(self.request, tenant_name='tenant_name') fake_user = '******'.format(self.project.name) self.assertEqual(fake_user, mock_user_list.return_value.username)
def test_vault_create_project_fail_to_save_group_project_on_db(self, mock_gp_save, mock_user_delete, mock_user_create, mock_project_delete): fake_user = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name)) mock_user_create.return_value = fake_user # Excecao ao salvar no db mock_gp_save.side_effect = Exception keystone = Keystone(self.request, tenant_name='tenant_name') expected = {'status': False, 'reason': 'Unable to assign project to group'} computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description) self.assertEqual(computed, expected) mock_project_delete.assert_called_with(self.project.id) mock_user_delete.assert_called_with(fake_user.id)
def test_regular_user_creates_keystone_conn_on_a_allowed_project(self): # Se este mock retorna uma lista nao vazia, significa que o time do # usuario possui permissao no project self.mock_filter.return_value = [1] self.request.user.is_superuser = False self.conn = Keystone(self.request, project_name='project_name') self.assertTrue(isinstance(self.conn, Keystone))
def test_vault_update_project(self, mock_gp, mock_ap): group_id = 123 area_id = 456 keystone = Keystone(self.request, tenant_name='tenant_name') fake_project = self.mock_project_get.return_value expected = { 'status': True, 'project': self.mock_project_update.return_value, } computed = keystone.vault_update_project( self.project.id, self.project.name, group_id, area_id, description=self.project.description) # Update do Project self.mock_project_update.assert_called_with( fake_project, name=self.project.name, description=self.project.description, enabled=True) mock_gp.objects.filter.assert_called_with(project_id=self.project.id) self.assertTrue(mock_gp.objects.filter.return_value.delete.called) mock_gp.assert_called_with(group_id=group_id, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) mock_ap.objects.filter.assert_called_with(project_id=self.project.id) self.assertTrue(mock_ap.objects.filter.return_value.delete.called) mock_ap.assert_called_with(area_id=area_id, project_id=self.project.id) self.assertTrue(mock_ap.return_value.save.called) self.assertEqual(computed, expected)
def swift_cloud_report(request): try: keystone = Keystone(request) except Exception as err: log.exception(f"Keystone error: {err}") return render(request, "vault/swift_cloud/report.html", {"projects": []}) environ = settings.ENVIRON if not environ and "localhost" in request.get_host(): environ = "local" projects = [] try: for project in keystone.project_list(): projects.append({ "id": project.id, "name": project.name, "description": project.description, "environment": environ, "status": "", }) projects.sort(key=lambda p: p["name"].lower()) except Exception as err: log.exception(f"Keystone error: {err}") sct_client = SCTClient(settings.SWIFT_CLOUD_TOOLS_URL, settings.SWIFT_CLOUD_TOOLS_API_KEY) data = [] try: reponse = sct_client.transfer_status_by_projects( [p["id"] for p in projects]) if response.ok: data = reponse.json() except Exception as err: log.exception(f"Swift Cloud Tools Error: {err}") return render(request, "vault/swift_cloud/report.html", { "projects": json.dumps(projects), "migration_data": json.dumps(data) })
def test_keystone_create_user_and_set_role(self, mock_role_get, mock_project_get, mock_add_user_role): """ Cadastra usuario e seta role para project """ mock_user_create = self.mock_keystone_conn.return_value.users.create fake_user = FakeResource('user_id', name='user_name') fake_role = FakeResource('role_id', name='role_name') fake_project = FakeResource('project_id', name='project_name') mock_user_create.return_value = fake_user mock_role_get.return_value = fake_role mock_project_get.return_value = fake_project keystone = Keystone(self.request, 'tenant_name') keystone.user_create('name', email='*****@*****.**', password='******', project_id='project_id', enabled=True, role_id='role_id') keystone.conn.users.create.assert_called_with('name', 'password', '*****@*****.**', 'project_id', True) mock_add_user_role.assert_called_with(fake_user, fake_project, fake_role)
def get_context_data(self, **kwargs): context = super(CreateProjectSuccessView, self).get_context_data(**kwargs) request = kwargs.get('request') context['project_info'] = request.session.get('project_info') context['project_info']['auth_url'] = settings.KEYSTONE_URL project_name = context['project_info']['project_name'] user_name = context['project_info']['user_name'] password = context['project_info']['user_password'] keystone = Keystone(request, username=user_name, password=password, tenant_name=project_name) context['project_info']['endpoints'] = keystone.get_endpoints() return context
def _check_backup_user(request, project_id): try: keystone = Keystone(request) except exceptions.AuthorizationFailure: msg = _('Unable to retrieve Keystone data') messages.add_message(request, messages.ERROR, msg) log.error(f'{request.user}: {msg}') return False if keystone.conn is None: log.error('check_backup_user: Keystone connection error') return False all_users = keystone.user_list() backup_user = None for user in all_users: if user.username == settings.BACKUP_USER: backup_user = user if backup_user is None: log.error('check_backup_user: Undefined backup user') return False all_roles = keystone.role_list() backup_role = None for role in all_roles: if role.name == settings.BACKUP_USER_ROLE: backup_role = role if backup_role is None: log.error('check_backup_user: Undefined backup role') return False items = BackupContainer.objects.filter(project_id=project_id) if items.count() == 0: keystone.remove_user_role(project=project_id, role=backup_role, user=backup_user) return True try: keystone.add_user_role(project=project_id, role=backup_role, user=backup_user) except exceptions.Conflict: log.info('backup_user already with role'.format(project_id)) return True
def test_vault_create_project(self, mock_gp, mock_ap, mock_key_pass, mock_key_user): mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format( self.project.name)) mock_key_pass.return_value = 'password' keystone = Keystone(self.request, tenant_name='tenant_name') expected = { 'status': True, 'project': self.mock_project_create.return_value, 'user': mock_key_user.return_value, 'password': mock_key_pass.return_value, } computed = keystone.vault_create_project( self.project.name, 1, 1, description=self.project.description) # Criacao do Project self.mock_project_create.assert_called_with( self.project.name, description=self.project.description, enabled=True) # Criacao do User mock_key_user.assert_called_with(name='u_{}'.format(self.project.name), password='******', project_id=self.project.id, role_id=settings.KEYSTONE_ROLE) mock_gp.assert_called_with(group_id=1, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) mock_ap.assert_called_with(area_id=1, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) self.assertEqual(computed, expected)
def test_vault_update_project(self, mock_gp, mock_ap): group_id = 123 area_id = 456 keystone = Keystone(self.request, tenant_name='tenant_name') fake_project = self.mock_project_get.return_value expected = { 'status': True, 'project': self.mock_project_update.return_value, } computed = keystone.vault_update_project(self.project.id, self.project.name, group_id, area_id, description=self.project.description) # Update do Project self.mock_project_update.assert_called_with(fake_project, name=self.project.name, description=self.project.description, enabled=True) mock_gp.objects.filter.assert_called_with(project_id=self.project.id) self.assertTrue(mock_gp.objects.filter.return_value.delete.called) mock_gp.assert_called_with(group_id=group_id, project_id=self.project.id) self.assertTrue(mock_gp.return_value.save.called) mock_ap.objects.filter.assert_called_with(project_id=self.project.id) self.assertTrue(mock_ap.objects.filter.return_value.delete.called) mock_ap.assert_called_with(area_id=area_id, project_id=self.project.id) self.assertTrue(mock_ap.return_value.save.called) self.assertEqual(computed, expected)
def test_vault_delete_project(self, mock_endpoints, mock_swift_delete, mock_keystone_delete): mock_endpoints.return_value = { 'adminURL': 'https://fake.api.globoi.com/v1/AUTH_XPTO' } class FakeResponse: status_code = 204 mock_swift_delete.return_value = FakeResponse() keystone = Keystone(self.request) _ = keystone.vault_project_delete(self.project.name) # Swift project delete mock_swift_delete.assert_called_with(self.project.id) # Find project's user self.mock_find_user_with_u_prefix.assert_called_with( self.project.id, 'u_vault') # Keystone project delete mock_keystone_delete.assert_called_with(self.project.id)
def get(self, request, *args, **kwargs): context = {} try: user = self.keystone.return_find_u_user(kwargs.get('project_id')) new_password = Keystone.create_password() self.keystone.user_update(user, password=new_password) context = {'new_password': new_password} actionlog.log(request.user.username, 'update', user) except Exception as e: log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e)) return self.render_to_response(context, status=200)
def test_create_password(self): computed = Keystone.create_password() self.assertTrue(isinstance(computed, str))