def migrate_identity(context, tenant_id):
flow = graph_flow.Flow("identity-{}".format(tenant_id))
tenant_retrieve = "tenant-{}-retrieve".format(tenant_id)
if tenant_retrieve not in context.store:
tenant_flow = tenant_tasks.migrate_tenant(context, tenant_id)
flow.add(tenant_flow)
users_ids, roles_ids = set(), set()
# XXX(akscram): Due to the bug #1308218 users duplication can be here.
users = context.src_cloud.keystone.users.list(tenant_id)
for user in users:
user_retrieve = "user-{}-retrieve".format(user.id)
if (user.id == context.src_cloud.keystone.auth_ref.user_id or
user.id in users_ids or
user_retrieve in context.store):
continue
user_tenant_id = getattr(user, "tenantId", None)
user_flow = user_tasks.migrate_user(context, user.id,
tenant_id=user_tenant_id)
flow.add(user_flow)
users_ids.add(user.id)
user_roles = context.src_cloud.keystone.users.list_roles(
user.id, tenant=tenant_id)
for role in user_roles:
# NOTE(akscram): Actually all roles which started with
# underscore are hidden.
if role.name.startswith("_"):
continue
roles_ids.add(role.id)
user_role_ensure = "user-role-{}-{}-{}-ensure".format(user.id,
role.id,
tenant_id)
if user_role_ensure in context.store:
continue
membership_flow = user_tasks.migrate_membership(context,
user.id,
role.id,
tenant_id)
flow.add(membership_flow)
for role_id in roles_ids:
role_retrieve = "role-{}-retrieve".format(role_id)
if role_retrieve not in context.store:
role_flow = role_tasks.migrate_role(context, role_id)
flow.add(role_flow)
return users_ids, flow
def test_migrate_role(self, mock_flow,
mock_retrieve_role, mock_ensure_role):
flow = role.migrate_role(
self.context,
self.dummy_id,
)
mock_flow.assert_called_once_with("migrate-role-%s" % self.dummy_id)
self.assertEqual(
mock_flow().add.call_args,
call(
mock_retrieve_role(),
mock_ensure_role()
)
)
self.assertEqual(
{"role-%s-retrieve" % self.dummy_id: self.dummy_id},
self.context.store,
)
def migrate_server_identity(context, server_info):
server_id = server_info["id"]
flow = graph_flow.Flow("server-identity-{}".format(server_id))
tenant_id = server_info["tenant_id"]
user_id = server_info["user_id"]
tenant_retrieve = "tenant-{}-retrieve".format(tenant_id)
user_retrieve = "user-{}-retrieve".format(user_id)
if tenant_retrieve not in context.store:
tenant_flow = tenant_tasks.migrate_tenant(context, tenant_id)
flow.add(tenant_flow)
if user_retrieve not in context.store:
user = context.src_cloud.keystone.users.get(user_id)
user_tenant_id = getattr(user, "tenantId", None)
user_flow = user_tasks.migrate_user(context, user_id,
tenant_id=user_tenant_id)
flow.add(user_flow)
roles = context.src_cloud.keystone.users.list_roles(user_id,
tenant=tenant_id)
for role in roles:
role_id = role.id
role_retrieve = "role-{}-retrieve".format(role_id)
if role_retrieve not in context.store:
role_flow = role_tasks.migrate_role(context, role_id)
flow.add(role_flow)
if role.name.startswith("_"):
continue
user_role_ensure = "user-role-{}-{}-{}-ensure".format(user_id,
role_id,
tenant_id)
if user_role_ensure in context.store:
continue
membership_flow = user_tasks.migrate_membership(context, user_id,
role_id, tenant_id)
flow.add(membership_flow)
return flow
