def test_constructor_params_moks(self):
"""test constructor passing an instance of osclients
(a mock is used)"""
mock = MagicMock()
trustfactory = TrustFactory(mock)
self.assertTrue(mock.get_keystoneclientv3.called)
self.assertEquals(trustfactory.keystone, mock.get_keystoneclientv3())
def generate_trust_ids(users_to_delete):
"""
From a list of users to delete, generate a file with a trustid for each
user. The user is acting as the trustor, delegating in a trustee, which
will impersonate it to delete its resources.
:param users_to_delete: a list of trustors.
:return: this function does not return anything. It creates a file.
"""
global logger
osclients = OpenStackClients()
users_trusted_ids = open('users_trusted_ids.txt', 'w')
check_users = CheckUsers()
# Use an alternative URL that allow direct access to the keystone admin
# endpoint, because the registered one uses an internal IP address.
osclients.override_endpoint('identity', osclients.region, 'admin',
KEYSTONE_ENDPOINT)
trust_factory = TrustFactory(osclients)
lines = users_to_delete.readlines()
total = len(lines)
count = 0
if 'TRUSTEE_USER' in env:
trustee = env['TRUSTEE_USER']
else:
trustee = TRUSTEE
for user in lines:
user = user.strip()
if user == '':
continue
try:
count += 1
(username,
trust_id) = trust_factory.create_trust_admin(user, trustee)
users_trusted_ids.write(username + ',' + trust_id + '\n')
msg = 'Generated trustid for user {0} ({1}/{2})'
logger.info(msg.format(user, count, total))
except Exception, e:
msg = 'Failed getting trust-id from trustor {0}. Reason: {1}'
logger.error(msg.format(user, str(e)))
def generate_trust_ids(users_to_delete):
"""
From a list of users to delete, generate a file with a trustid for each
user. The user is acting as the trustor, delegating in a trustee, which
will impersonate it to delete its resources.
:param users_to_delete: a list of trustors.
:return: this function does not return anything. It creates a file.
"""
global logger
osclients = OpenStackClients()
users_trusted_ids = open('users_trusted_ids.txt', 'w')
check_users = CheckUsers()
# Use an alternative URL that allow direct access to the keystone admin
# endpoint, because the registered one uses an internal IP address.
osclients.override_endpoint(
'identity', osclients.region, 'admin', KEYSTONE_ENDPOINT)
trust_factory = TrustFactory(osclients)
lines = users_to_delete.readlines()
total = len(lines)
count = 0
if 'TRUSTEE_USER' in env:
trustee = env['TRUSTEE_USER']
else:
trustee = TRUSTEE
for user in lines:
user = user.strip()
if user == '':
continue
try:
count += 1
(username, trust_id) = trust_factory.create_trust_admin(
user, trustee)
users_trusted_ids.write(username + ',' + trust_id + '\n')
msg = 'Generated trustid for user {0} ({1}/{2})'
logger.info(msg.format(user, count, total))
except Exception, e:
msg = 'Failed getting trust-id from trustor {0}. Reason: {1}'
logger.error(msg.format(user, str(e)))
def setUp(self):
"""create object and init object.keystone with a mock"""
self.trustfactory = TrustFactory(MagicMock())
self.trustfactory.keystone = MagicMock()
class TestTrustFactory(unittest.TestCase):
"""class to test methods of TrustFactory"""
def setUp(self):
"""create object and init object.keystone with a mock"""
self.trustfactory = TrustFactory(MagicMock())
self.trustfactory.keystone = MagicMock()
def assertCreateResult(self, result, trustor):
"""check the result tuple"""
self.assertEquals(result[0], trustor.name)
self.assertEquals(result[1], 'generatedtrustid')
self.assertEquals(result[2], trustor.id)
def test_create_trust(self):
"""check result of create_trust"""
trustor = MagicMock(id='trustor_id', name='trustor_name')
trust = MagicMock(id='generatedtrustid')
config = {
'users.get.return_value': trustor,
'trusts.create.return_value': trust
}
self.trustfactory.keystone.configure_mock(**config)
result = self.trustfactory.create_trust('trustor_id', 'trustee_id')
self.assertCreateResult(result, trustor)
def test_create_trust_admin(self):
"""check externals calls and result of create_trust_admin"""
resp = MagicMock()
body_response = {'trust': {'id': 'generatedtrustid'}}
trustor = MagicMock(id='trustor_id',
name='trustor_name',
cloud_project_id='trustor_tenant')
trustee = MagicMock(id='trustee_id', name='trustee_name')
config = {
'trusts.client.post.return_value': (resp, body_response),
'users.get.return_value': trustor,
'users.find.return_value': trustee
}
self.trustfactory.keystone.configure_mock(**config)
now = time.time()
with patch('fiwareskuld.impersonate.time.time') as time_mock:
time_mock.configure_mock(return_value=now)
result = self.trustfactory.create_trust_admin(
'trustor_id', 'trustee_name')
# check result
self.assertCreateResult(result, trustor)
# check call
body = {
'trust': {
'impersonation':
True,
'trustor_user_id':
trustor.id,
'allow_redelegation':
True,
'roles': [{
'name': 'owner'
}],
'expires_at':
timeutils.iso8601_from_timestamp(
now + self.trustfactory.trustid_validity, True),
'trustee_user_id':
trustee.id,
'project_id':
trustor.cloud_project_id
}
}
self.trustfactory.keystone.trusts.client.post.assert_called_once_with(
'OS-TRUST/trusts_for_admin', body=body)
def test_delete_trust(self):
"""test delete_trust method call to keystone client"""
id = 'id1'
self.trustfactory.delete_trust(id)
self.trustfactory.keystone.trusts.delete.assert_called_once_with(id)
def test_delete_trust_admin(self):
"""test delete_trust_admin method call to keystone client"""
id = 'id1'
resp = MagicMock()
config = {'users.client.delete.return_value': (resp, 'body')}
self.trustfactory.keystone.configure_mock(**config)
return_value = self.trustfactory.delete_trust_admin(id)
self.trustfactory.keystone.users.client.delete.assert_called_once_with(
'OS-TRUST/trusts_for_admin/' + id)
self.assertEquals(return_value, resp.ok)
def test_constructor_params_validity(self, mock):
"""test constructor passing trustid_validity"""
trustfactory = TrustFactory(trustid_validity=0)
self.assertEquals(trustfactory.trustid_validity, 0)
self.assertCommonCalls(mock, trustfactory)
def test_constructor_no_params_with_environ(self, mock):
"""test constructo without params but with KEYSTONE_ADMIN_ENDPOINT"""
os.environ['KEYSTONE_ADMIN_ENDPOINT'] = 'foo'
trustfactory = TrustFactory()
self.assertTrue(mock.return_value.override_endpoint.called)
self.assertCommonCalls(mock, trustfactory)
def test_constructor_no_params(self, mock):
"""test call to constructor without params nor environment"""
trustfactory = TrustFactory()
self.assertFalse(mock.return_value.override_endpoint.called)
self.assertEquals(trustfactory.trustid_validity, TRUSTID_VALIDITY)
self.assertCommonCalls(mock, trustfactory)
def setUp(self):
"""create object and init object.keystone with a mock"""
self.trustfactory = TrustFactory(MagicMock())
self.trustfactory.keystone = MagicMock()
class TestTrustFactory(unittest.TestCase):
"""class to test methods of TrustFactory"""
def setUp(self):
"""create object and init object.keystone with a mock"""
self.trustfactory = TrustFactory(MagicMock())
self.trustfactory.keystone = MagicMock()
def assertCreateResult(self, result, trustor):
"""check the result tuple"""
self.assertEquals(result[0], trustor.name)
self.assertEquals(result[1], 'generatedtrustid')
self.assertEquals(result[2], trustor.id)
def test_create_trust(self):
"""check result of create_trust"""
trustor = MagicMock(id='trustor_id', name='trustor_name')
trust = MagicMock(id='generatedtrustid')
config = {'users.get.return_value': trustor,
'trusts.create.return_value': trust}
self.trustfactory.keystone.configure_mock(**config)
result = self.trustfactory.create_trust('trustor_id', 'trustee_id')
self.assertCreateResult(result, trustor)
def test_create_trust_admin(self):
"""check externals calls and result of create_trust_admin"""
resp = MagicMock()
body_response = {'trust': {'id': 'generatedtrustid'}}
trustor = MagicMock(id='trustor_id', name='trustor_name',
cloud_project_id='trustor_tenant')
trustee = MagicMock(id='trustee_id', name='trustee_name')
config = {
'trusts.client.post.return_value': (resp, body_response),
'users.get.return_value': trustor,
'users.find.return_value': trustee
}
self.trustfactory.keystone.configure_mock(**config)
now = time.time()
with patch('fiwareskuld.impersonate.time.time') as time_mock:
time_mock.configure_mock(return_value=now)
result = self.trustfactory.create_trust_admin(
'trustor_id', 'trustee_name')
# check result
self.assertCreateResult(result, trustor)
# check call
body = {'trust': {'impersonation': True, 'trustor_user_id': trustor.id,
'allow_redelegation': True,
'roles': [{'name': 'owner'}],
'expires_at': timeutils.iso8601_from_timestamp(
now + self.trustfactory.trustid_validity, True),
'trustee_user_id': trustee.id,
'project_id': trustor.cloud_project_id}}
self.trustfactory.keystone.trusts.client.post.assert_called_once_with(
'OS-TRUST/trusts_for_admin', body=body)
def test_delete_trust(self):
"""test delete_trust method call to keystone client"""
id = 'id1'
self.trustfactory.delete_trust(id)
self.trustfactory.keystone.trusts.delete.assert_called_once_with(id)
def test_delete_trust_admin(self):
"""test delete_trust_admin method call to keystone client"""
id = 'id1'
resp = MagicMock()
config = {'users.client.delete.return_value': (resp, 'body')}
self.trustfactory.keystone.configure_mock(**config)
return_value = self.trustfactory.delete_trust_admin(id)
self.trustfactory.keystone.users.client.delete.assert_called_once_with(
'OS-TRUST/trusts_for_admin/' + id)
self.assertEquals(return_value, resp.ok)
