def handle_update(self, json_snippet, tmpl_diff, prop_diff):
if self.MEMBERS in prop_diff:
members = set(prop_diff[self.MEMBERS])
rd_members = db_api.resource_data_get_all(self)
old_members = set(rd_members.keys())
client = self.neutron()
for member in old_members - members:
member_id = rd_members[member]
try:
client.delete_member(member_id)
except NeutronClientException as ex:
if ex.status_code != 404:
raise ex
db_api.resource_data_delete(self, member)
pool = self.properties[self.POOL_ID]
nova_client = self.nova()
protocol_port = self.properties[self.PROTOCOL_PORT]
for member in members - old_members:
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port}})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def test_access_key_get_from_keystone(self):
self.m.StubOutWithMock(user.AccessKey, 'keystone')
user.AccessKey.keystone().MultipleTimes().AndReturn(self.fc)
self.m.ReplayAll()
t = template_format.parse(user_accesskey_template)
stack = utils.parse_stack(t)
self.create_user(t, stack, 'CfnUser')
rsrc = self.create_access_key(t, stack, 'HostKeys')
# Delete the resource data for secret_key, to test that existing
# stacks which don't have the resource_data stored will continue
# working via retrieving the keypair from keystone
db_api.resource_data_delete(rsrc, 'credential_id')
db_api.resource_data_delete(rsrc, 'secret_key')
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual(0, len(rs_data.keys()))
rsrc._secret = None
self.assertEqual(self.fc.secret,
rsrc.FnGetAtt('SecretAccessKey'))
scheduler.TaskRunner(rsrc.delete)()
self.assertEqual((rsrc.DELETE, rsrc.COMPLETE), rsrc.state)
self.m.VerifyAll()
def test_get_user_id(self):
self.stack = self.create_stack(stack_name='resource_data_test',
stub=False)
self.m.StubOutWithMock(clients.OpenStackClients, 'keystone')
clients.OpenStackClients.keystone().MultipleTimes().AndReturn(
fakes.FakeKeystoneClient(
access='anaccesskey', secret='verysecret'))
self.m.ReplayAll()
self.stack.create()
rsrc = self.stack['signal_handler']
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
# Ensure the resource data has been stored correctly
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual('1234', rs_data.get('user_id'))
self.assertEqual('1234', rsrc.resource_id)
self.assertEqual('1234', rsrc._get_user_id())
# Check user id can still be fetched from resource_id
# if the resource data is not there.
db_api.resource_data_delete(rsrc, 'user_id')
self.assertRaises(
exception.NotFound, db_api.resource_data_get, rsrc, 'user_id')
self.assertEqual('1234', rsrc._get_user_id())
self.m.VerifyAll()
def password(self, password):
try:
if password is None:
db_api.resource_data_delete(self, 'password')
else:
db_api.resource_data_set(self, 'password', password, True)
except exception.NotFound:
pass
def handle_delete(self):
if self.resource_id is None:
return
try:
self.keystone().delete_stack_user(self.resource_id)
except clients.hkc.kc.exceptions.NotFound:
pass
db_api.resource_data_delete(self, 'ec2_signed_url')
def handle_delete(self):
client = self.neutron()
for member in self.properties.get(self.MEMBERS):
member_id = db_api.resource_data_get(self, member)
try:
client.delete_member(member_id)
except NeutronClientException as ex:
if ex.status_code != 404:
raise ex
db_api.resource_data_delete(self, member)
def handle_delete(self):
if self.resource_id is None:
return
try:
self.keystone().delete_stack_user(self.resource_id)
except clients.hkc.kc.exceptions.NotFound:
pass
for data_key in ('ec2_signed_url', 'access_key', 'secret_key'):
try:
db_api.resource_data_delete(self, data_key)
except exception.NotFound:
pass
def test_handle_delete_noid(self):
rsrc = self._user_create(stack_name='user_testdel2',
project_id='aprojectdel2',
user_id='auserdel2')
self.m.ReplayAll()
scheduler.TaskRunner(rsrc.create)()
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
db_api.resource_data_delete(rsrc, 'user_id')
scheduler.TaskRunner(rsrc.delete)()
self.assertEqual((rsrc.DELETE, rsrc.COMPLETE), rsrc.state)
self.m.VerifyAll()
def _delete_user(self):
user_id = self._get_user_id()
if user_id is None:
return
try:
self.keystone().delete_stack_user(user_id)
except kc_exception.NotFound:
pass
for data_key in ('ec2_signed_url', 'access_key', 'secret_key',
'credential_id'):
try:
db_api.resource_data_delete(self, data_key)
except exception.NotFound:
pass
def data_delete(self, key):
'''
Remove a resource_data element associated to a resource.
:returns: True if the key existed to delete
'''
try:
db_api.resource_data_delete(self, key)
except exception.NotFound:
return False
else:
# force fetch all resource data from the database again
self._data = None
return True
def _delete_keypair(self):
# Subclasses may optionally call this to delete a keypair created
# via _create_keypair
user_id = self._get_user_id()
credential_id = db_api.resource_data_get(self, 'credential_id')
try:
self.keystone().delete_stack_domain_user_keypair(
user_id=user_id, project_id=self.stack.stack_user_project_id,
credential_id=credential_id)
except ValueError:
self.keystone().delete_ec2_keypair(
user_id=user_id, credential_id=credential_id)
for data_key in ('access_key', 'secret_key', 'credential_id'):
try:
db_api.resource_data_delete(self, data_key)
except exception.NotFound:
pass
def test_get_user_id(self):
self.stack = self.create_stack(stack_name="resource_data_test", stub=False)
self.stub_keystoneclient(access="anaccesskey", secret="verysecret")
self.m.ReplayAll()
self.stack.create()
rsrc = self.stack["signal_handler"]
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
# Ensure the resource data has been stored correctly
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual("1234", rs_data.get("user_id"))
self.assertEqual("1234", rsrc.resource_id)
self.assertEqual("1234", rsrc._get_user_id())
# Check user id can still be fetched from resource_id
# if the resource data is not there.
db_api.resource_data_delete(rsrc, "user_id")
self.assertRaises(exception.NotFound, db_api.resource_data_get, rsrc, "user_id")
self.assertEqual("1234", rsrc._get_user_id())
self.m.VerifyAll()
def _delete_user(self):
user_id = self._get_user_id()
if user_id is None:
return
try:
self.keystone().delete_stack_domain_user(
user_id=user_id, project_id=self.stack.stack_user_project_id)
except kc_exception.NotFound:
pass
except ValueError:
# FIXME(shardy): This is a legacy delete path for backwards
# compatibility with resources created before the migration
# to stack_user.StackUser domain users. After an appropriate
# transitional period, this should be removed.
logger.warning(_('Reverting to legacy user delete path'))
try:
self.keystone().delete_stack_user(user_id)
except kc_exception.NotFound:
pass
for data_key in ('credential_id', 'access_key', 'secret_key'):
try:
db_api.resource_data_delete(self, data_key)
except exception.NotFound:
pass
def _delete_signed_url(self):
try:
db_api.resource_data_delete(self, 'ec2_signed_url')
except exception.NotFound:
pass
def _delete_signed_url(self):
try:
db_api.resource_data_delete(self, 'ec2_signed_url')
except exception.NotFound:
pass
def handle_delete(self):
super(SignalResponder, self).handle_delete()
try:
db_api.resource_data_delete(self, 'ec2_signed_url')
except exception.NotFound:
pass
def delete(cls, resource, key):
db_api.resource_data_delete(resource.context, resource.id, key)
def delete(cls, resource, key):
db_api.resource_data_delete(resource, key)
def delete(cls, resource, key):
return db_api.resource_data_delete(resource, key)
