def generate_trust_ids(users_to_delete):
"""
From a list of users to delete, generate a file with a trustid for each
user. The user is acting as the trustor, delegating in a trustee, which
will impersonate it to delete its resources.
:param users_to_delete: a list of trustors.
:return: this function does not return anything. It creates a file.
"""
global logger
osclients = OpenStackClients()
users_trusted_ids = open('users_trusted_ids.txt', 'w')
check_users = CheckUsers()
# Use an alternative URL that allow direct access to the keystone admin
# endpoint, because the registered one uses an internal IP address.
osclients.override_endpoint(
'identity', osclients.region, 'admin', KEYSTONE_ENDPOINT)
trust_factory = TrustFactory(osclients)
lines = users_to_delete.readlines()
total = len(lines)
count = 0
if 'TRUSTEE_USER' in env:
trustee = env['TRUSTEE_USER']
else:
trustee = TRUSTEE
for user in lines:
user = user.strip()
if user == '':
continue
try:
count += 1
(username, trust_id) = trust_factory.create_trust_admin(
user, trustee)
users_trusted_ids.write(username + ',' + trust_id + '\n')
msg = 'Generated trustid for user {0} ({1}/{2})'
logger.info(msg.format(user, count, total))
except Exception, e:
msg = 'Failed getting trust-id from trustor {0}. Reason: {1}'
logger.error(msg.format(user, str(e)))
def generate_trust_ids(users_to_delete):
"""
From a list of users to delete, generate a file with a trustid for each
user. The user is acting as the trustor, delegating in a trustee, which
will impersonate it to delete its resources.
:param users_to_delete: a list of trustors.
:return: this function does not return anything. It creates a file.
"""
global logger
osclients = OpenStackClients()
users_trusted_ids = open('users_trusted_ids.txt', 'w')
check_users = CheckUsers()
# Use an alternative URL that allow direct access to the keystone admin
# endpoint, because the registered one uses an internal IP address.
osclients.override_endpoint('identity', osclients.region, 'admin',
KEYSTONE_ENDPOINT)
trust_factory = TrustFactory(osclients)
lines = users_to_delete.readlines()
total = len(lines)
count = 0
if 'TRUSTEE_USER' in env:
trustee = env['TRUSTEE_USER']
else:
trustee = TRUSTEE
for user in lines:
user = user.strip()
if user == '':
continue
try:
count += 1
(username,
trust_id) = trust_factory.create_trust_admin(user, trustee)
users_trusted_ids.write(username + ',' + trust_id + '\n')
msg = 'Generated trustid for user {0} ({1}/{2})'
logger.info(msg.format(user, count, total))
except Exception, e:
msg = 'Failed getting trust-id from trustor {0}. Reason: {1}'
logger.error(msg.format(user, str(e)))
class TestOSClientsOverrideEndpoint(TestCase):
"""Class to test the endpoint override feature"""
def setUp(self):
d = defaultdict(list)
d['catalog'].append(service)
self.access = d
self.osclients = OpenStackClients()
self.url = 'http://fake.org:9090'
self.original_url = service['endpoints'][1]['url']
def restore_catalog(self):
"""restore catalog"""
service['endpoints'][1]['url'] = self.original_url
def tearDown(self):
"""restore objects"""
self.restore_catalog()
def override_endpoint(self):
"""method that override the endpoint"""
self.osclients.override_endpoint('object-store', 'Spain2', 'admin', self.url)
def assertOverrideEndpoint(self):
"""check that the override has been done"""
self.assertEquals(self.osclients.get_admin_endpoint('object-store', 'Spain2'), self.url)
def test_override_endpoint_session(self):
"""test that invoking override endpoint does not create a session"""
self.override_endpoint()
self.assertFalse(self.osclients._session_v2)
self.assertFalse(self.osclients._session_v3)
def test_override_endpoint(self):
"""check that a session catalog is overriden"""
mock = MagicMock()
config = {'auth.get_access.return_value': self.access}
mock.configure_mock(**config)
self.osclients._session_v3 = mock
self.override_endpoint()
self.assertOverrideEndpoint()
@patch('fiwareskuld.utils.osclients.session')
def test_override_endpoint_multiple(self, mock):
"""test that override works with an already created session and then
with a new one without invoking the method again"""
config = {'Session.return_value.auth.get_access.return_value': self.access}
mock.configure_mock(**config)
session = self.osclients.get_session()
self.override_endpoint()
self.assertOverrideEndpoint()
# invalidate and create a new session; ensure than catalog is again
# the original. Setting a new token invalidate the session. The new
# one is created at the invocation of get_admin_endpoint.
self.restore_catalog()
self.osclients.set_token('faketoken')
# check again
self.assertOverrideEndpoint()
{'name': usertocheck.name})
return True
else:
return False
logger.debug('Getting expired users')
(next_to_expire, expired_users) = ExpiredUsers(
username=env['OS_USERNAME'], password=env['OS_PASSWORD'],
tenant=env['OS_TENANT_NAME']).get_yellow_red_users()
osclients = OpenStackClients()
# Use an alternative URL that allow direct access to the keystone admin
# endpoint, because the registered one uses an internal IP address.
osclients.override_endpoint(
'identity', osclients.region, 'admin', settings.KEYSTONE_ENDPOINT)
keystone = osclients.get_keystoneclientv3()
# build users map
logger.debug('Building user map')
users_by_id = dict()
for user in keystone.users.list():
users_by_id[user.id] = user
with open('users_to_delete.txt', 'w') as fich_delete:
logger.debug('Generating user delete list')
for user_id in expired_users:
if not is_user_protected(users_by_id[user_id]):
fich_delete.write(user_id + "\n")
class TestOSClientsOverrideEndpoint(TestCase):
"""Class to test the endpoint override feature"""
def setUp(self):
d = defaultdict(list)
d['catalog'].append(service)
self.access = d
self.osclients = OpenStackClients()
self.url = 'http://fake.org:9090'
self.original_url = service['endpoints'][1]['url']
def restore_catalog(self):
"""restore catalog"""
service['endpoints'][1]['url'] = self.original_url
def tearDown(self):
"""restore objects"""
self.restore_catalog()
def override_endpoint(self):
"""method that override the endpoint"""
self.osclients.override_endpoint('object-store', 'Spain2', 'admin',
self.url)
def assertOverrideEndpoint(self):
"""check that the override has been done"""
self.assertEquals(
self.osclients.get_admin_endpoint('object-store', 'Spain2'),
self.url)
def test_override_endpoint_session(self):
"""test that invoking override endpoint does not create a session"""
self.override_endpoint()
self.assertFalse(self.osclients._session_v2)
self.assertFalse(self.osclients._session_v3)
def test_override_endpoint(self):
"""check that a session catalog is overriden"""
mock = MagicMock()
config = {'auth.get_access.return_value': self.access}
mock.configure_mock(**config)
self.osclients._session_v3 = mock
self.override_endpoint()
self.assertOverrideEndpoint()
@patch('fiwareskuld.utils.osclients.session')
def test_override_endpoint_multiple(self, mock):
"""test that override works with an already created session and then
with a new one without invoking the method again"""
config = {
'Session.return_value.auth.get_access.return_value': self.access
}
mock.configure_mock(**config)
session = self.osclients.get_session()
self.override_endpoint()
self.assertOverrideEndpoint()
# invalidate and create a new session; ensure than catalog is again
# the original. Setting a new token invalidate the session. The new
# one is created at the invocation of get_admin_endpoint.
self.restore_catalog()
self.osclients.set_token('faketoken')
# check again
self.assertOverrideEndpoint()
