def migrate_identity(context, tenant_id): flow = graph_flow.Flow("identity-{}".format(tenant_id)) tenant_retrieve = "tenant-{}-retrieve".format(tenant_id) if tenant_retrieve not in context.store: tenant_flow = tenant_tasks.migrate_tenant(context, tenant_id) flow.add(tenant_flow) users_ids, roles_ids = set(), set() # XXX(akscram): Due to the bug #1308218 users duplication can be here. users = context.src_cloud.keystone.users.list(tenant_id) for user in users: user_retrieve = "user-{}-retrieve".format(user.id) if (user.id == context.src_cloud.keystone.auth_ref.user_id or user.id in users_ids or user_retrieve in context.store): continue user_tenant_id = getattr(user, "tenantId", None) user_flow = user_tasks.migrate_user(context, user.id, tenant_id=user_tenant_id) flow.add(user_flow) users_ids.add(user.id) user_roles = context.src_cloud.keystone.users.list_roles( user.id, tenant=tenant_id) for role in user_roles: # NOTE(akscram): Actually all roles which started with # underscore are hidden. if role.name.startswith("_"): continue roles_ids.add(role.id) user_role_ensure = "user-role-{}-{}-{}-ensure".format(user.id, role.id, tenant_id) if user_role_ensure in context.store: continue membership_flow = user_tasks.migrate_membership(context, user.id, role.id, tenant_id) flow.add(membership_flow) for role_id in roles_ids: role_retrieve = "role-{}-retrieve".format(role_id) if role_retrieve not in context.store: role_flow = role_tasks.migrate_role(context, role_id) flow.add(role_flow) return users_ids, flow
def test_migrate_role(self, mock_flow, mock_retrieve_role, mock_ensure_role): flow = role.migrate_role( self.context, self.dummy_id, ) mock_flow.assert_called_once_with("migrate-role-%s" % self.dummy_id) self.assertEqual( mock_flow().add.call_args, call( mock_retrieve_role(), mock_ensure_role() ) ) self.assertEqual( {"role-%s-retrieve" % self.dummy_id: self.dummy_id}, self.context.store, )
def migrate_server_identity(context, server_info): server_id = server_info["id"] flow = graph_flow.Flow("server-identity-{}".format(server_id)) tenant_id = server_info["tenant_id"] user_id = server_info["user_id"] tenant_retrieve = "tenant-{}-retrieve".format(tenant_id) user_retrieve = "user-{}-retrieve".format(user_id) if tenant_retrieve not in context.store: tenant_flow = tenant_tasks.migrate_tenant(context, tenant_id) flow.add(tenant_flow) if user_retrieve not in context.store: user = context.src_cloud.keystone.users.get(user_id) user_tenant_id = getattr(user, "tenantId", None) user_flow = user_tasks.migrate_user(context, user_id, tenant_id=user_tenant_id) flow.add(user_flow) roles = context.src_cloud.keystone.users.list_roles(user_id, tenant=tenant_id) for role in roles: role_id = role.id role_retrieve = "role-{}-retrieve".format(role_id) if role_retrieve not in context.store: role_flow = role_tasks.migrate_role(context, role_id) flow.add(role_flow) if role.name.startswith("_"): continue user_role_ensure = "user-role-{}-{}-{}-ensure".format(user_id, role_id, tenant_id) if user_role_ensure in context.store: continue membership_flow = user_tasks.migrate_membership(context, user_id, role_id, tenant_id) flow.add(membership_flow) return flow