def generate_trust_ids(users_to_delete): """ From a list of users to delete, generate a file with a trustid for each user. The user is acting as the trustor, delegating in a trustee, which will impersonate it to delete its resources. :param users_to_delete: a list of trustors. :return: this function does not return anything. It creates a file. """ global logger osclients = OpenStackClients() users_trusted_ids = open('users_trusted_ids.txt', 'w') check_users = CheckUsers() # Use an alternative URL that allow direct access to the keystone admin # endpoint, because the registered one uses an internal IP address. osclients.override_endpoint('identity', osclients.region, 'admin', KEYSTONE_ENDPOINT) trust_factory = TrustFactory(osclients) lines = users_to_delete.readlines() total = len(lines) count = 0 if 'TRUSTEE_USER' in env: trustee = env['TRUSTEE_USER'] else: trustee = TRUSTEE for user in lines: user = user.strip() if user == '': continue try: count += 1 (username, trust_id) = trust_factory.create_trust_admin(user, trustee) users_trusted_ids.write(username + ',' + trust_id + '\n') msg = 'Generated trustid for user {0} ({1}/{2})' logger.info(msg.format(user, count, total)) except Exception, e: msg = 'Failed getting trust-id from trustor {0}. Reason: {1}' logger.error(msg.format(user, str(e)))
def generate_trust_ids(users_to_delete): """ From a list of users to delete, generate a file with a trustid for each user. The user is acting as the trustor, delegating in a trustee, which will impersonate it to delete its resources. :param users_to_delete: a list of trustors. :return: this function does not return anything. It creates a file. """ global logger osclients = OpenStackClients() users_trusted_ids = open('users_trusted_ids.txt', 'w') check_users = CheckUsers() # Use an alternative URL that allow direct access to the keystone admin # endpoint, because the registered one uses an internal IP address. osclients.override_endpoint( 'identity', osclients.region, 'admin', KEYSTONE_ENDPOINT) trust_factory = TrustFactory(osclients) lines = users_to_delete.readlines() total = len(lines) count = 0 if 'TRUSTEE_USER' in env: trustee = env['TRUSTEE_USER'] else: trustee = TRUSTEE for user in lines: user = user.strip() if user == '': continue try: count += 1 (username, trust_id) = trust_factory.create_trust_admin( user, trustee) users_trusted_ids.write(username + ',' + trust_id + '\n') msg = 'Generated trustid for user {0} ({1}/{2})' logger.info(msg.format(user, count, total)) except Exception, e: msg = 'Failed getting trust-id from trustor {0}. Reason: {1}' logger.error(msg.format(user, str(e)))
class TestTrustFactory(unittest.TestCase): """class to test methods of TrustFactory""" def setUp(self): """create object and init object.keystone with a mock""" self.trustfactory = TrustFactory(MagicMock()) self.trustfactory.keystone = MagicMock() def assertCreateResult(self, result, trustor): """check the result tuple""" self.assertEquals(result[0], trustor.name) self.assertEquals(result[1], 'generatedtrustid') self.assertEquals(result[2], trustor.id) def test_create_trust(self): """check result of create_trust""" trustor = MagicMock(id='trustor_id', name='trustor_name') trust = MagicMock(id='generatedtrustid') config = { 'users.get.return_value': trustor, 'trusts.create.return_value': trust } self.trustfactory.keystone.configure_mock(**config) result = self.trustfactory.create_trust('trustor_id', 'trustee_id') self.assertCreateResult(result, trustor) def test_create_trust_admin(self): """check externals calls and result of create_trust_admin""" resp = MagicMock() body_response = {'trust': {'id': 'generatedtrustid'}} trustor = MagicMock(id='trustor_id', name='trustor_name', cloud_project_id='trustor_tenant') trustee = MagicMock(id='trustee_id', name='trustee_name') config = { 'trusts.client.post.return_value': (resp, body_response), 'users.get.return_value': trustor, 'users.find.return_value': trustee } self.trustfactory.keystone.configure_mock(**config) now = time.time() with patch('fiwareskuld.impersonate.time.time') as time_mock: time_mock.configure_mock(return_value=now) result = self.trustfactory.create_trust_admin( 'trustor_id', 'trustee_name') # check result self.assertCreateResult(result, trustor) # check call body = { 'trust': { 'impersonation': True, 'trustor_user_id': trustor.id, 'allow_redelegation': True, 'roles': [{ 'name': 'owner' }], 'expires_at': timeutils.iso8601_from_timestamp( now + self.trustfactory.trustid_validity, True), 'trustee_user_id': trustee.id, 'project_id': trustor.cloud_project_id } } self.trustfactory.keystone.trusts.client.post.assert_called_once_with( 'OS-TRUST/trusts_for_admin', body=body) def test_delete_trust(self): """test delete_trust method call to keystone client""" id = 'id1' self.trustfactory.delete_trust(id) self.trustfactory.keystone.trusts.delete.assert_called_once_with(id) def test_delete_trust_admin(self): """test delete_trust_admin method call to keystone client""" id = 'id1' resp = MagicMock() config = {'users.client.delete.return_value': (resp, 'body')} self.trustfactory.keystone.configure_mock(**config) return_value = self.trustfactory.delete_trust_admin(id) self.trustfactory.keystone.users.client.delete.assert_called_once_with( 'OS-TRUST/trusts_for_admin/' + id) self.assertEquals(return_value, resp.ok)
class TestTrustFactory(unittest.TestCase): """class to test methods of TrustFactory""" def setUp(self): """create object and init object.keystone with a mock""" self.trustfactory = TrustFactory(MagicMock()) self.trustfactory.keystone = MagicMock() def assertCreateResult(self, result, trustor): """check the result tuple""" self.assertEquals(result[0], trustor.name) self.assertEquals(result[1], 'generatedtrustid') self.assertEquals(result[2], trustor.id) def test_create_trust(self): """check result of create_trust""" trustor = MagicMock(id='trustor_id', name='trustor_name') trust = MagicMock(id='generatedtrustid') config = {'users.get.return_value': trustor, 'trusts.create.return_value': trust} self.trustfactory.keystone.configure_mock(**config) result = self.trustfactory.create_trust('trustor_id', 'trustee_id') self.assertCreateResult(result, trustor) def test_create_trust_admin(self): """check externals calls and result of create_trust_admin""" resp = MagicMock() body_response = {'trust': {'id': 'generatedtrustid'}} trustor = MagicMock(id='trustor_id', name='trustor_name', cloud_project_id='trustor_tenant') trustee = MagicMock(id='trustee_id', name='trustee_name') config = { 'trusts.client.post.return_value': (resp, body_response), 'users.get.return_value': trustor, 'users.find.return_value': trustee } self.trustfactory.keystone.configure_mock(**config) now = time.time() with patch('fiwareskuld.impersonate.time.time') as time_mock: time_mock.configure_mock(return_value=now) result = self.trustfactory.create_trust_admin( 'trustor_id', 'trustee_name') # check result self.assertCreateResult(result, trustor) # check call body = {'trust': {'impersonation': True, 'trustor_user_id': trustor.id, 'allow_redelegation': True, 'roles': [{'name': 'owner'}], 'expires_at': timeutils.iso8601_from_timestamp( now + self.trustfactory.trustid_validity, True), 'trustee_user_id': trustee.id, 'project_id': trustor.cloud_project_id}} self.trustfactory.keystone.trusts.client.post.assert_called_once_with( 'OS-TRUST/trusts_for_admin', body=body) def test_delete_trust(self): """test delete_trust method call to keystone client""" id = 'id1' self.trustfactory.delete_trust(id) self.trustfactory.keystone.trusts.delete.assert_called_once_with(id) def test_delete_trust_admin(self): """test delete_trust_admin method call to keystone client""" id = 'id1' resp = MagicMock() config = {'users.client.delete.return_value': (resp, 'body')} self.trustfactory.keystone.configure_mock(**config) return_value = self.trustfactory.delete_trust_admin(id) self.trustfactory.keystone.users.client.delete.assert_called_once_with( 'OS-TRUST/trusts_for_admin/' + id) self.assertEquals(return_value, resp.ok)