def test_tenant_list_caching(self): projects = [self.data.project_two, self.data.project_one] expected_projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.mox.ReplayAll() project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) # Test to validate that requesting the project list again results # to using the cache and will not make a Keystone call. self.assertEqual(utils._PROJECT_CACHE.get(unscoped.auth_token), expected_projects) project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) utils.remove_project_cache(unscoped.auth_token) self.assertIsNone(utils._PROJECT_CACHE.get(unscoped.auth_token))
def delete_token(endpoint, token_id): """Delete a token.""" insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) utils.remove_project_cache(token_id) try: if utils.get_keystone_version() < 3: client = keystone_client_v2.Client(endpoint=endpoint, token=token_id, insecure=insecure, cacert=ca_cert, debug=settings.DEBUG) client.tokens.delete(token=token_id) LOG.info('Deleted token %s' % token_id) else: # FIXME: KS-client does not have delete token available # Need to add this later when it is exposed. pass except keystone_exceptions.ClientException: LOG.info('Could not delete token')
def _update_project_members(self, request, data, project_id): # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle( request, _('Failed to add %(users_to_add)s project ' 'members%(group_msg)s and set project quotas.') % { 'users_to_add': users_to_add, 'group_msg': group_msg }) finally: auth_utils.remove_project_cache(request.user.token.id)
def _update_project_members(self, request, data, project_id): # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = self._get_available_roles(request) # Get the users currently associated with this project so we # can diff against it. project_members = api.keystone.user_list(request, project=project_id) users_to_modify = len(project_members) for user in project_members: # Check if there have been any changes in the roles of # Existing project members. current_roles = api.keystone.roles_for_user( self.request, user.id, project_id) current_role_ids = self._add_roles_to_users( request, data, project_id, user, current_roles, available_roles) # Prevent admins from doing stupid things to themselves. removing_admin = self._is_removing_self_admin_role( request, project_id, user, current_roles, current_role_ids) # Otherwise go through and revoke any removed roles. if not removing_admin: self._remove_roles_from_user(request, project_id, user, current_role_ids) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if not filter(lambda x: user_id == x.id, project_members): api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added return True except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle( request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % { 'users_to_modify': users_to_modify, 'group_msg': group_msg }) return False finally: auth_utils.remove_project_cache(request.user.token.id)