def test_tenant_list_caching(self): projects = [self.data.project_two, self.data.project_one] expected_projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info self._mock_unscoped_client_with_token(user, unscoped) self._mock_unscoped_list_projects(user, projects) self.mox.ReplayAll() project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) # Test to validate that requesting the project list again results # to using the cache and will not make a Keystone call. self.assertEqual(utils._PROJECT_CACHE.get(unscoped.auth_token), expected_projects) project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) utils.remove_project_cache(unscoped.auth_token) self.assertIsNone(utils._PROJECT_CACHE.get(unscoped.auth_token))
def _update_project_members(self, request, data, project_id): # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s project ' 'members%(group_msg)s and set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) finally: auth_utils.remove_project_cache(request.user.token.unscoped_token)
def test_tenant_list_caching(self): projects = [self.data.project_two, self.data.project_one] expected_projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info client = self._mock_unscoped_client_with_token(user, unscoped) self._mock_unscoped_list_projects(client, user, projects) self.mox.ReplayAll() project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token) self.assertEqual(project_list, expected_projects) # Test to validate that requesting the project list again results # to using the cache and will not make a Keystone call. self.assertEqual(utils._PROJECT_CACHE.get(unscoped.auth_token), expected_projects) project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token) self.assertEqual(project_list, expected_projects) utils.remove_project_cache(unscoped.auth_token) self.assertIsNone(utils._PROJECT_CACHE.get(unscoped.auth_token))
def _update_project_members(self, request, data, project_id): # update project members users_to_add = 0 try: available_roles = api.keystone.role_list(request) member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) # count how many users are to be added for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_to_add += len(role_list) # add new users to project for role in available_roles: field_name = member_step.get_member_field_name(role.id) role_list = data[field_name] users_added = 0 for user in role_list: api.keystone.add_tenant_user_role(request, project=project_id, user=user, role=role.id) users_added += 1 users_to_add -= users_added except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", add project groups") else: group_msg = "" exceptions.handle(request, _('Failed to add %(users_to_add)s project ' 'members%(group_msg)s and set project quotas.') % {'users_to_add': users_to_add, 'group_msg': group_msg}) finally: auth_utils.remove_project_cache(request.user.token.id)
def _update_project_members(self, request, user_id, project_id, default_role_id=None): try: api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=default_role_id) except Exception: exceptions.handle(request, _('Failed to add user %s to project %s with role %s.') % (user_id, project_id, default_role_id)) raise finally: auth_utils.remove_project_cache(request.user.token.id)
def test_tenant_list_caching(self): projects = [self.data.project_two, self.data.project_one] expected_projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.mox.ReplayAll() project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) # Test to validate that requesting the project list again results # to using the cache and will not make a Keystone call. self.assertEqual(utils._PROJECT_CACHE.get(unscoped.auth_token), expected_projects) project_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) utils.remove_project_cache(unscoped.auth_token) self.assertIsNone(utils._PROJECT_CACHE.get(unscoped.auth_token))
def delete_token(endpoint, token_id): """Delete a token.""" utils.remove_project_cache(token_id) try: endpoint = utils.fix_auth_url_version(endpoint) session = utils.get_session() auth_plugin = token_endpoint.Token(endpoint=endpoint, token=token_id) client = utils.get_keystone_client().Client(session=session, auth=auth_plugin) if utils.get_keystone_version() >= 3: client.tokens.revoke_token(token=token_id) else: client.tokens.delete(token=token_id) LOG.info("Deleted token %s" % token_id) except keystone_exceptions.ClientException: LOG.info("Could not delete token")
def test_tenant_list_caching(self): tenants = [self.data.tenant_two, self.data.tenant_one] expected_tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) self.mox.ReplayAll() tenant_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(tenant_list, expected_tenants) # Test to validate that requesting the project list again results # to using the cache and will not make a Keystone call. self.assertEqual(utils._PROJECT_CACHE.get(unscoped.auth_token), expected_tenants) tenant_list = utils.get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(tenant_list, expected_tenants) utils.remove_project_cache(unscoped.auth_token) self.assertIsNone(utils._PROJECT_CACHE.get(unscoped.auth_token))
def delete_token(endpoint, token_id): """Delete a token.""" utils.remove_project_cache(token_id) try: endpoint = utils.fix_auth_url_version(endpoint) session = utils.get_session() auth_plugin = token_endpoint.Token(endpoint=endpoint, token=token_id) client = utils.get_keystone_client().Client(session=session, auth=auth_plugin) if utils.get_keystone_version() >= 3: client.tokens.revoke_token(token=token_id) else: client.tokens.delete(token=token_id) LOG.info('Deleted token %s' % token_id) except keystone_exceptions.ClientException: LOG.info('Could not delete token')
def delete_token(endpoint, token_id): """Delete a token.""" insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) utils.remove_project_cache(token_id) try: if utils.get_keystone_version() < 3: client = keystone_client_v2.Client(endpoint=endpoint, token=token_id, insecure=insecure, cacert=ca_cert, debug=settings.DEBUG) client.tokens.delete(token=token_id) LOG.info('Deleted token %s' % token_id) else: # FIXME: KS-client does not have delete token available # Need to add this later when it is exposed. pass except keystone_exceptions.ClientException: LOG.info('Could not delete token')
def delete_token(endpoint, token_id): """Delete a token.""" insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) ca_cert = getattr(settings, "OPENSTACK_SSL_CACERT", None) utils.remove_project_cache(token_id) try: if utils.get_keystone_version() < 3: client = keystone_client_v2.Client( endpoint=endpoint, token=token_id, insecure=insecure, cacert=ca_cert, debug=settings.DEBUG ) client.tokens.delete(token=token_id) LOG.info('Deleted token %s' % token_id) else: # FIXME: KS-client does not have delete token available # Need to add this later when it is exposed. pass except keystone_exceptions.ClientException: LOG.info('Could not delete token')
def _add_project_user_role(self, request, project_id): try: role_list = {role.name: role.id for role in project_identity.role_list(request)} user = auth_utils.get_user(request) role_name_list = [role['name'] for role in user.roles] for role_name in role_name_list: if role_name in getattr(nec_set, 'DISINHERITED_ROLES', []): continue project_identity.add_project_user_role( request, project=project_id, user=user, role=role_list.get(role_name)) return True except Exception: exceptions.handle(request, ignore=True) return False finally: auth_utils.remove_project_cache(request.user.token.id)
def _update_project_members(self, request, data, project_id): # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = self._get_available_roles(request) # Get the users currently associated with this project so we # can diff against it. users_roles = api.keystone.get_project_users_roles( request, project=project_id) users_to_modify = len(users_roles) for user_id in users_roles.keys(): # Check if there have been any changes in the roles of # Existing project members. current_role_ids = list(users_roles[user_id]) modified_role_ids = self._add_roles_to_users( request, data, project_id, user_id, current_role_ids, available_roles) # Prevent admins from doing stupid things to themselves. removing_admin = self._is_removing_self_admin_role( request, project_id, user_id, available_roles, modified_role_ids) # Otherwise go through and revoke any removed roles. if not removing_admin: self._remove_roles_from_user(request, project_id, user_id, modified_role_ids) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if user_id not in users_roles: api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added return True except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle(request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % {'users_to_modify': users_to_modify, 'group_msg': group_msg}) return False finally: auth_utils.remove_project_cache(request.user.token.unscoped_token)
def _update_project_members(self, request, data, project_id): # update project members users_to_modify = 0 # Project-user member step member_step = self.get_step(PROJECT_USER_MEMBER_SLUG) try: # Get our role options available_roles = self._get_available_roles(request) # Get the users currently associated with this project so we # can diff against it. users_roles = api.keystone.get_project_users_roles( request, project=project_id) users_to_modify = len(users_roles) for user_id in users_roles.keys(): # Check if there have been any changes in the roles of # Existing project members. current_role_ids = list(users_roles[user_id]) modified_role_ids = self._add_roles_to_users( request, data, project_id, user_id, current_role_ids, available_roles) # Prevent admins from doing stupid things to themselves. removing_admin = self._is_removing_self_admin_role( request, project_id, user_id, available_roles, modified_role_ids) # Otherwise go through and revoke any removed roles. if not removing_admin: self._remove_roles_from_user(request, project_id, user_id, modified_role_ids) users_to_modify -= 1 # Grant new roles on the project. for role in available_roles: field_name = member_step.get_member_field_name(role.id) # Count how many users may be added for exception handling. users_to_modify += len(data[field_name]) for role in available_roles: users_added = 0 field_name = member_step.get_member_field_name(role.id) for user_id in data[field_name]: if user_id not in users_roles: api.keystone.add_tenant_user_role(request, project=project_id, user=user_id, role=role.id) users_added += 1 users_to_modify -= users_added return True except Exception: if PROJECT_GROUP_ENABLED: group_msg = _(", update project groups") else: group_msg = "" exceptions.handle( request, _('Failed to modify %(users_to_modify)s' ' project members%(group_msg)s and ' 'update project quotas.') % { 'users_to_modify': users_to_modify, 'group_msg': group_msg }) return False finally: auth_utils.remove_project_cache(request.user.token.id)
def handle(self, table, request, obj_ids): response = \ super(DeleteTenantsAction, self).handle(table, request, obj_ids) auth_utils.remove_project_cache(request.user.token.id) return response
def handle(self, table, request, obj_ids): response = \ super(DeleteTenantsAction, self).handle(table, request, obj_ids) auth_utils.remove_project_cache(request.user.token.unscoped_token) return response