def test_new_project_reapprove_failure(self): """ Project created at approve step, failure at role grant. Ensure reapprove correctly finishes. """ setup_identity_cache() task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) # NOTE(adrian): We need the code to fail at the # grant roles step so we can attempt reapproving it class FakeException(Exception): pass def fail_grant(user, default_roles, project_id): raise FakeException # We swap out the old grant function and keep # it for later. old_grant_function = action.grant_roles action.grant_roles = fail_grant # Now we expect the failure self.assertRaises(FakeException, action.approve) # No roles_granted yet, but user created self.assertTrue("user_id" in action.action.cache) self.assertFalse("roles_granted" in action.action.cache) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") new_user = fake_clients.identity_cache["new_users"][0] self.assertEqual(new_user.name, "*****@*****.**") self.assertEqual(new_user.email, "*****@*****.**") self.assertEqual(len(fake_clients.identity_cache["role_assignments"]), 0) # And then swap back the correct function action.grant_roles = old_grant_function # and try again, it should work this time action.approve() self.assertEqual(action.valid, True) # roles_granted in cache self.assertTrue("roles_granted" in action.action.cache) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(new_user.password, "123456") fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_new_project_reapprove_failure(self): """ Project created at post_approve step, failure at role grant. Ensure reapprove correctly finishes. """ setup_temp_cache({}, {}) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'project_name': 'test_project', } action = NewProjectWithUserAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) # NOTE(adrian): We need the code to fail at the # grant roles step so we can attempt reapproving it class FakeException(Exception): pass def fail_grant(user, default_roles, project_id): raise FakeException # We swap out the old grant function and keep # it for later. old_grant_function = action.grant_roles action.grant_roles = fail_grant # Now we expect the failure self.assertRaises(FakeException, action.post_approve) # No roles_granted yet, but user created self.assertTrue("user_id" in action.action.cache) self.assertFalse("roles_granted" in action.action.cache) self.assertEquals(tests.temp_cache['users']["user_id_1"].email, '*****@*****.**') project = tests.temp_cache['projects']['test_project'] self.assertFalse("user_id_1" in project.roles) # And then swap back the correct function action.grant_roles = old_grant_function # and try again, it should work this time action.post_approve() self.assertEquals(action.valid, True) # roles_granted in cache self.assertTrue("roles_granted" in action.action.cache) token_data = {'password': '******'} action.submit(token_data) self.assertEquals(action.valid, True) project = tests.temp_cache['projects']['test_project'] self.assertEquals( sorted(project.roles["user_id_1"]), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))