def test_update_project_save(self):
project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
users = self.users.list()
roles = self.roles.list()
# get/init
api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
.AndReturn(project)
quotas.get_tenant_quota_data(IsA(http.HttpRequest)).AndReturn(quota)
api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
workflow_data = {}
for user in users:
api.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)
workflow_data["role_1"] = ['3'] # admin role
workflow_data["role_2"] = ['2'] # member role
# update some fields
project._info["name"] = "updated name"
project._info["description"] = "updated description"
quota.metadata_items = 444
quota.volumes = 444
updated_project = {"tenant_name": project._info["name"],
"tenant_id": project.id,
"description": project._info["description"],
"enabled": project.enabled}
updated_quota = self._get_quota_info(quota)
# contribute
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
# handle
api.tenant_update(IsA(http.HttpRequest), **updated_project) \
.AndReturn(project)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
api.keystone.user_list(IsA(http.HttpRequest),
tenant_id=self.tenant.id).AndReturn(users)
# admin user - try to remove all roles on current project, warning
api.roles_for_user(IsA(http.HttpRequest), '1', self.tenant.id) \
.AndReturn(roles)
# member user 1 - has role 1, will remove it
api.roles_for_user(IsA(http.HttpRequest), '2', self.tenant.id) \
.AndReturn((roles[0],))
# remove role 1
api.remove_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id='2',
role_id='1')
# add role 2
api.add_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id='2',
role_id='2')
# member user 3 - has role 2
api.roles_for_user(IsA(http.HttpRequest), '3', self.tenant.id) \
.AndReturn((roles[1],))
# remove role 2
api.remove_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id='3',
role_id='2')
# add role 1
api.add_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id='3',
role_id='1')
api.nova.tenant_quota_update(IsA(http.HttpRequest),
project.id,
**updated_quota)
api.cinder.tenant_quota_update(IsA(http.HttpRequest),
project.id,
volumes=updated_quota['volumes'],
gigabytes=updated_quota['gigabytes'])
self.mox.ReplayAll()
# submit form data
project_data = {"name": project._info["name"],
"id": project.id,
"description": project._info["description"],
"enabled": project.enabled}
workflow_data.update(project_data)
workflow_data.update(updated_quota)
url = reverse('horizon:admin:projects:update',
args=[self.tenant.id])
res = self.client.post(url, workflow_data)
self.assertNoFormErrors(res)
self.assertMessageCount(error=0, warning=1)
self.assertRedirectsNoFollow(res, INDEX_URL)
def handle(self, request, data):
project_id = data['project_id']
# update project info
try:
api.tenant_update(request,
tenant_id=project_id,
tenant_name=data['name'],
description=data['description'],
enabled=data['enabled'])
except:
exceptions.handle(request, ignore=True)
return False
# update project members
users_to_modify = 0
try:
available_roles = api.keystone.role_list(request)
project_members = api.keystone.user_list(request,
tenant_id=project_id)
users_to_modify = len(project_members)
for user in project_members:
current_roles = [role for role in
api.roles_for_user(self.request,
user.id,
project_id)]
effective_roles = []
for role in available_roles:
role_list = data["role_" + role.id]
if user.id in role_list:
effective_roles.append(role)
if role not in current_roles:
# user role has changed
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=role.id)
else:
# user role is unchanged
current_roles.pop(current_roles.index(role))
if user.id == request.user.id and \
project_id == request.user.tenant_id and \
any(x.name == 'admin' for x in current_roles):
# Cannot remove "admin" role on current(admin) project
msg = _('You cannot remove the "admin" role from the '
'project you are currently logged into. Please '
'switch to another project with admin permissions '
'or remove the role manually via the CLI')
messages.warning(request, msg)
else:
# delete user's removed roles
for to_delete in current_roles:
api.remove_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=to_delete.id)
users_to_modify -= 1
# add new roles to project
for role in available_roles:
# count how many users may be added for exception handling
role_list = data["role_" + role.id]
users_to_modify += len(role_list)
for role in available_roles:
role_list = data["role_" + role.id]
users_added = 0
for user_id in role_list:
if not filter(lambda x: user_id == x.id, project_members):
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user_id,
role_id=role.id)
users_added += 1
users_to_modify -= users_added
except:
exceptions.handle(request, _('Failed to modify %s project members '
'and update project quotas.'
% users_to_modify))
return True
# update the project quota
ifcb = data['injected_file_content_bytes']
try:
# TODO(gabriel): Once nova-volume is fully deprecated the
# "volumes" and "gigabytes" quotas should no longer be sent to
# the nova API to be updated anymore.
nova.tenant_quota_update(request,
project_id,
metadata_items=data['metadata_items'],
injected_file_content_bytes=ifcb,
volumes=data['volumes'],
gigabytes=data['gigabytes'],
ram=data['ram'],
floating_ips=data['floating_ips'],
instances=data['instances'],
injected_files=data['injected_files'],
cores=data['cores'])
if is_service_enabled(request, 'volume'):
cinder.tenant_quota_update(request,
project_id,
volumes=data['volumes'],
gigabytes=data['gigabytes'])
return True
except:
exceptions.handle(request, _('Modified project information and '
'members, but unable to modify '
'project quotas.'))
return True
def handle(self, request, data):
project_id = data['project_id']
# update project info
try:
api.tenant_update(request,
tenant_id=project_id,
tenant_name=data['name'],
description=data['description'],
enabled=data['enabled'])
except:
exceptions.handle(request, ignore=True)
return False
# update project members
users_to_modify = 0
try:
available_roles = api.keystone.role_list(request)
project_members = api.keystone.user_list(request,
tenant_id=project_id)
users_to_modify = len(project_members)
for user in project_members:
current_roles = [
role for role in api.roles_for_user(
self.request, user.id, project_id)
]
effective_roles = []
for role in available_roles:
role_list = data["role_" + role.id]
if user.id in role_list:
effective_roles.append(role)
if role not in current_roles:
# user role has changed
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=role.id)
else:
# user role is unchanged
current_roles.pop(current_roles.index(role))
if user.id == request.user.id and \
project_id == request.user.tenant_id and \
any(x.name == 'admin' for x in current_roles):
# Cannot remove "admin" role on current(admin) project
msg = _('You cannot remove the "admin" role from the '
'project you are currently logged into. Please '
'switch to another project with admin permissions '
'or remove the role manually via the CLI')
messages.warning(request, msg)
else:
# delete user's removed roles
for to_delete in current_roles:
api.remove_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=to_delete.id)
users_to_modify -= 1
# add new roles to project
for role in available_roles:
# count how many users may be added for exception handling
role_list = data["role_" + role.id]
users_to_modify += len(role_list)
for role in available_roles:
role_list = data["role_" + role.id]
users_added = 0
for user_id in role_list:
if not filter(lambda x: user_id == x.id, project_members):
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user_id,
role_id=role.id)
users_added += 1
users_to_modify -= users_added
except:
exceptions.handle(
request,
_('Failed to modify %s project members '
'and update project quotas.' % users_to_modify))
return True
# update the project quota
ifcb = data['injected_file_content_bytes']
try:
# TODO(gabriel): Once nova-volume is fully deprecated the
# "volumes" and "gigabytes" quotas should no longer be sent to
# the nova API to be updated anymore.
nova.tenant_quota_update(request,
project_id,
metadata_items=data['metadata_items'],
injected_file_content_bytes=ifcb,
volumes=data['volumes'],
gigabytes=data['gigabytes'],
ram=data['ram'],
floating_ips=data['floating_ips'],
instances=data['instances'],
injected_files=data['injected_files'],
cores=data['cores'])
if is_service_enabled(request, 'volume'):
cinder.tenant_quota_update(request,
project_id,
volumes=data['volumes'],
gigabytes=data['gigabytes'])
return True
except:
exceptions.handle(
request,
_('Modified project information and '
'members, but unable to modify '
'project quotas.'))
return True
def test_update_project_member_update_error(self):
project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
users = self.users.list()
roles = self.roles.list()
current_roles = self.roles.list()
# get/init
api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
.AndReturn(project)
api.tenant_quota_get(IsA(http.HttpRequest), self.tenant.id) \
.AndReturn(quota)
api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
workflow_data = {}
for user in users:
api.roles_for_user(IsA(http.HttpRequest), user.id,
self.tenant.id).AndReturn(roles)
role_ids = [role.id for role in roles]
if role_ids:
workflow_data.setdefault("role_" + role_ids[0], []) \
.append(user.id)
# update some fields
project._info["name"] = "updated name"
project._info["description"] = "updated description"
quota.metadata_items = 444
quota.volumes = 444
updated_project = {
"tenant_name": project._info["name"],
"tenant_id": project.id,
"description": project._info["description"],
"enabled": project.enabled
}
updated_quota = self._get_quota_info(quota)
# contribute
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
# handle
api.tenant_update(IsA(http.HttpRequest), **updated_project) \
.AndReturn(project)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
api.keystone.user_list(IsA(http.HttpRequest),
tenant_id=self.tenant.id).AndReturn(users)
for user in users:
api.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id) \
.AndReturn(current_roles)
for role in roles:
if "role_" + role.id in workflow_data:
if role not in current_roles:
api.add_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id=user,
role_id=role.id)
else:
current_roles.pop(current_roles.index(role))
for to_delete in current_roles:
api.remove_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id=user.id,
role_id=to_delete.id) \
.AndRaise(self.exceptions.nova)
break
break
self.mox.ReplayAll()
# submit form data
project_data = {
"name": project._info["name"],
"id": project.id,
"description": project._info["description"],
"enabled": project.enabled
}
workflow_data.update(project_data)
workflow_data.update(updated_quota)
url = reverse('horizon:admin:projects:update', args=[self.tenant.id])
res = self.client.post(url, workflow_data)
self.assertNoFormErrors(res)
self.assertRedirectsNoFollow(res, INDEX_URL)
def test_update_project_member_update_error(self):
project = self.tenants.first()
quota = self.quotas.first()
default_role = self.roles.first()
users = self.users.list()
roles = self.roles.list()
current_roles = self.roles.list()
# get/init
api.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \
.AndReturn(project)
api.tenant_quota_get(IsA(http.HttpRequest), self.tenant.id) \
.AndReturn(quota)
api.get_default_role(IsA(http.HttpRequest)).AndReturn(default_role)
api.keystone.user_list(IsA(http.HttpRequest)).AndReturn(users)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
workflow_data = {}
for user in users:
api.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id).AndReturn(roles)
role_ids = [role.id for role in roles]
if role_ids:
workflow_data.setdefault("role_" + role_ids[0], []) \
.append(user.id)
# update some fields
project._info["name"] = "updated name"
project._info["description"] = "updated description"
quota.metadata_items = 444
quota.volumes = 444
updated_project = {"tenant_name": project._info["name"],
"tenant_id": project.id,
"description": project._info["description"],
"enabled": project.enabled}
updated_quota = self._get_quota_info(quota)
# contribute
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
# handle
api.tenant_update(IsA(http.HttpRequest), **updated_project) \
.AndReturn(project)
api.keystone.role_list(IsA(http.HttpRequest)).AndReturn(roles)
api.keystone.user_list(IsA(http.HttpRequest),
tenant_id=self.tenant.id).AndReturn(users)
for user in users:
api.roles_for_user(IsA(http.HttpRequest),
user.id,
self.tenant.id) \
.AndReturn(current_roles)
for role in roles:
if "role_" + role.id in workflow_data:
if role not in current_roles:
api.add_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id=user,
role_id=role.id)
else:
current_roles.pop(current_roles.index(role))
for to_delete in current_roles:
api.remove_tenant_user_role(IsA(http.HttpRequest),
tenant_id=self.tenant.id,
user_id=user.id,
role_id=to_delete.id) \
.AndRaise(self.exceptions.nova)
break
break
self.mox.ReplayAll()
# submit form data
project_data = {"name": project._info["name"],
"id": project.id,
"description": project._info["description"],
"enabled": project.enabled}
workflow_data.update(project_data)
workflow_data.update(updated_quota)
url = reverse('horizon:admin:projects:update',
args=[self.tenant.id])
res = self.client.post(url, workflow_data)
self.assertNoFormErrors(res)
self.assertRedirectsNoFollow(res, INDEX_URL)
def handle(self, request, data):
project_id = data['project_id']
# update project info
try:
api.tenant_update(request,
tenant_id=project_id,
tenant_name=data['name'],
description=data['description'],
enabled=data['enabled'])
except:
exceptions.handle(request, ignore=True)
return False
# update project members
users_to_modify = 0
try:
available_roles = api.keystone.role_list(request)
project_members = api.keystone.user_list(request,
tenant_id=project_id)
users_to_modify = len(project_members)
for user in project_members:
current_roles = api.roles_for_user(self.request,
user.id,
project_id)
for role in available_roles:
role_list = data["role_" + role.id]
if user.id in role_list:
if role not in current_roles:
# user role has changed
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=role.id)
else:
# user role is unchanged
current_roles.pop(current_roles.index(role))
# delete user's removed roles
for to_delete in current_roles:
api.remove_tenant_user_role(request,
tenant_id=project_id,
user_id=user.id,
role_id=to_delete.id)
users_to_modify -= 1
# add new roles to project
for role in available_roles:
# count how many users may be added for exception handling
role_list = data["role_" + role.id]
users_to_modify += len(role_list)
for role in available_roles:
role_list = data["role_" + role.id]
users_added = 0
for user in role_list:
if not filter(lambda x: user == x.id, project_members):
api.add_tenant_user_role(request,
tenant_id=project_id,
user_id=user,
role_id=role.id)
users_added += 1
users_to_modify -= users_added
except:
exceptions.handle(request, _('Failed to modify %s project members '
'and update project quotas.'
% users_to_modify))
return True
# update the project quota
ifcb = data['injected_file_content_bytes']
try:
api.tenant_quota_update(request,
project_id,
metadata_items=data['metadata_items'],
injected_file_content_bytes=ifcb,
volumes=data['volumes'],
gigabytes=data['gigabytes'],
ram=data['ram'],
floating_ips=data['floating_ips'],
instances=data['instances'],
injected_files=data['injected_files'],
cores=data['cores'])
return True
except:
exceptions.handle(request, _('Modified project information and '
'members, but unable to modify '
'project quotas.'))
return True