def project_check(request, current_project):
project_id = request.session.get('project_id')
user = request.user
if current_project:
try:
keystone = Keystone(request)
except exceptions.AuthorizationFailure:
msg = _('Unable to retrieve Keystone data')
messages.add_message(request, messages.ERROR, msg)
log.error(f'{request.user}: {msg}')
return False
if not keystone.conn:
return False
project = keystone.project_get_by_name(current_project)
if not project:
# messages.add_message(request, messages.WARNING, u"Unauthorized")
return False
if not project_id or project.id != project_id:
groups = user.groups.all()
group_projects = GroupProjects.objects.filter(group_id__in=[group.id for group in groups])
if group_projects.filter(project=project.id).count() == 0:
# messages.add_message(request, messages.WARNING, u"Unauthorized")
return False
save_current_project(user.id, project.id)
set_current_project(request, project)
return True
def switch(request, project_id):
"""Switch session parameters to project with project_id"""
if project_id is None:
raise ValueError(_("Missing 'project_id'"))
next_url = reverse("main") # _build_next_url(request)
try:
keystone = Keystone(request)
except exceptions.AuthorizationFailure:
msg = _("Unable to retrieve Keystone data")
messages.add_message(request, messages.ERROR, msg)
log.error(f"{request.user}: {msg}")
return HttpResponseRedirect(next_url)
try:
project = keystone.project_get(project_id)
except Exception as err:
messages.add_message(request, messages.ERROR, _("Can't find this project"))
log.exception("{}{}".format(_("Exception:").encode("UTF-8"), err))
return HttpResponseRedirect(next_url)
save_current_project(request.user.id, project.id)
set_current_project(request, project)
log.info("User [{}] switched to project [{}]".format(request.user, project_id))
messages.add_message(request, messages.INFO, _("Project selected: {}".format(project.name)))
return HttpResponseRedirect(next_url)
def _get_data(self):
""" Retrieve sorted list of projects """
user = self.request.user
groups = user.groups.all()
try:
keystone = Keystone(self.request)
except exceptions.AuthorizationFailure:
msg = _('Unable to retrieve Keystone data')
messages.add_message(self.request, messages.ERROR, msg)
log.error(f'{self.request.user}: {msg}')
return []
projects = []
for group in groups:
gps = GroupProjects.objects.filter(group=group.id)
gps_ks = [
x for x in filter(lambda x: x.enabled, keystone.project_list())
]
for gp in gps:
for gp_ks in gps_ks:
if gp.project == gp_ks.id and gp_ks not in projects:
projects.append(gp_ks)
break
projects.sort(key=lambda x: x.name.lower())
return projects
def test_vault_create_project_fail_to_save_group_project_on_db(
self, mock_gp_save, mock_user_delete, mock_user_create,
mock_project_delete, mock_encrypt_password):
fake_user = FakeResource(n=self.project.id,
name='u_{}'.format(self.project.name))
mock_user_create.return_value = fake_user
# Excecao ao salvar no db
mock_gp_save.side_effect = Exception
mock_encrypt_password.return_value = b'123456'
keystone = Keystone(self.request, project_name='project_name')
expected = {
'status': False,
'reason': 'Unable to assign project to group'
}
computed = keystone.vault_project_create(
self.project.name, 2, description=self.project.description)
self.assertEqual(computed, expected)
mock_project_delete.assert_called_with(self.project.id)
mock_user_delete.assert_called_with(fake_user.id)
def test_keystone_create_user_and_set_role(self, mock_role_get,
mock_project_get,
mock_add_user_role):
""" Cadastra usuario e seta role para project """
mock_user_create = self.mock_keystone_conn.return_value.users.create
fake_user = FakeResource('user_id', name='user_name')
fake_role = FakeResource('role_id', name='role_name')
fake_project = FakeResource('project_id', name='project_name')
mock_user_create.return_value = fake_user
mock_role_get.return_value = fake_role
mock_project_get.return_value = fake_project
keystone = Keystone(self.request, 'project_name')
keystone.user_create('name',
email='*****@*****.**',
password='******',
project_id='project_id',
enabled=True,
role_id='role_id')
keystone.conn.users.create.assert_called_with('name',
domain=None,
email='*****@*****.**',
enabled=True,
password='******',
project='project_id')
mock_add_user_role.assert_called_with(fake_user, fake_project,
fake_role)
def test_vault_create_project(self, mock_gp, mock_ap, mock_key_pass, mock_key_user):
mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name))
mock_key_pass.return_value = 'password'
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {
'status': True,
'project': self.mock_project_create.return_value,
'user': mock_key_user.return_value,
'password': mock_key_pass.return_value,
}
computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description)
# Criacao do Project
self.mock_project_create.assert_called_with(self.project.name, description=self.project.description, enabled=True)
# Criacao do User
mock_key_user.assert_called_with(name='u_{}'.format(self.project.name),
password='******',
project_id=self.project.id,
role_id=settings.KEYSTONE_ROLE)
mock_gp.assert_called_with(group_id=1, project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
mock_ap.assert_called_with(area_id=1, project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
self.assertEqual(computed, expected)
def switch(request, project_id, next_url=None):
"""
Switch session parameters to project with project_id
"""
if project_id is None:
raise ValueError(_("Missing 'project_id'"))
if next_url is not None:
next_url = next_url
else:
next_url = _build_next_url(request)
try:
project = Project.objects.get(id=project_id)
except Project.DoesNotExist as err:
messages.add_message(request, messages.ERROR,
_("Can't find this project"))
log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), err))
return HttpResponseRedirect(next_url)
keystone = Keystone(request)
request.session['project_id'] = project_id
request.session['project_name'] = project.name
request.session['service_catalog'] = keystone.get_endpoints()
request.session['auth_token'] = keystone.conn.auth_token
return HttpResponseRedirect(next_url)
def maybe_update_token(request):
token_time = request.session.get('token_time')
if token_time is None or token_time < datetime.utcnow():
log.info('Updating token for user [{}]'.format(request.user))
try:
keystone = Keystone(request)
except exceptions.AuthorizationFailure:
msg = _('Unable to retrieve Keystone data')
messages.add_message(request, messages.ERROR, msg)
log.error(f'{request.user}: {msg}')
return False
if keystone.conn is None:
return False
request.session['token_time'] = (
timedelta(minutes=15) + datetime.utcnow()
)
request.session['auth_token'] = keystone.conn.auth_token
request.session['service_catalog'] = keystone.get_endpoints()
return True
return False
def get_context_data(self, **kwargs):
context = super(CreateProjectSuccessView,
self).get_context_data(**kwargs)
request = kwargs.get("request")
context["project_info"] = request.session.get("project_info")
context["project_info"]["auth_url"] = settings.KEYSTONE_URL
project_name = context["project_info"]["project_name"]
user_name = context["project_info"]["user_name"]
password = context["project_info"]["user_password"]
try:
keystone = Keystone(request,
username=user_name,
password=password,
project_name=project_name)
context["project_info"]["endpoints"] = keystone.get_endpoints()
except exceptions.AuthorizationFailure:
msg = _("Unable to retrieve Keystone data")
messages.add_message(request, messages.ERROR, msg)
log.error(f"{request.user}: {msg}")
return context
def get_context_data(self, **kwargs):
context = super(CreateProjectSuccessView,
self).get_context_data(**kwargs)
request = kwargs.get('request')
context['project_info'] = request.session.get('project_info')
context['project_info']['auth_url'] = settings.KEYSTONE_URL
project_name = context['project_info']['project_name']
user_name = context['project_info']['user_name']
password = context['project_info']['user_password']
try:
keystone = Keystone(request,
username=user_name,
password=password,
project_name=project_name)
context['project_info']['endpoints'] = keystone.get_endpoints()
except exceptions.AuthorizationFailure:
msg = _('Unable to retrieve Keystone data')
messages.add_message(request, messages.ERROR, msg)
log.error(f'{request.user}: {msg}')
return context
def test_keystone_create_user_with_no_role(self, mock_add_user_role):
""" Cadastra usuario sem setar role para nenhum project """
keystone = Keystone(self.request)
keystone.user_create('name', email='*****@*****.**',
password='******', project_id='project_id',
enabled=True)
keystone.conn.users.create.assert_called_with('name', 'password', '*****@*****.**', 'project_id', True)
self.assertFalse(mock_add_user_role.called)
def swift_cloud_status(request):
try:
keystone = Keystone(request)
except Exception as err:
log.exception(f"Keystone error: {err}")
return render(request, "vault/swift_cloud/status.html", {
"projects": [],
"error": "Keystone Error"
})
environ = settings.ENVIRON
if not environ and "localhost" in request.get_host():
environ = "local"
user = request.user
group_ids = [g.id for g in user.groups.all()]
projects = []
keystone_projects = keystone.project_list()
try:
group_projects = GroupProjects.objects.filter(group_id__in=group_ids,
owner=True)
for project in keystone_projects:
for gp in group_projects:
if project.id == gp.project:
projects.append({
"id": project.id,
"name": project.name,
"description": project.description,
"environment": environ,
"team": gp.group.name,
"status": "",
"metadata": {}
})
projects.sort(key=lambda p: p["name"].lower())
except Exception as err:
log.exception(f"Keystone error: {err}")
# Get transfer status for all projects in swift cloud tools api
sct_client = SCTClient(settings.SWIFT_CLOUD_TOOLS_URL,
settings.SWIFT_CLOUD_TOOLS_API_KEY)
data = []
try:
response = sct_client.transfer_status_by_projects(
[p["id"] for p in projects])
if response.ok:
data = response.json()
except Exception as err:
log.exception(f"Swift Cloud Tools Error: {err}")
return render(request, "vault/swift_cloud/status.html", {
"projects": json.dumps(projects),
"migration_data": json.dumps(data)
})
def test_user_list_valid_project_id_with_no_user(self):
"""
Testa metodo de listagem de usuario para o caso de um project_id valido
que NAO possui usuarios
"""
expected = []
self.mock_keystone_conn.return_value.users.list.return_value = expected
keystone = Keystone(self.request)
computed = keystone.user_list(project_id='123454321')
self.assertEqual(computed, expected)
def test_user_list_valid_project_id_with_no_user(self):
"""
Testa metodo de listagem de usuario para o caso de um project_id valido
que NAO possui usuarios
"""
expected = []
self.mock_keystone_conn.return_value.users.list.return_value = expected
keystone = Keystone(self.request)
computed = keystone.user_list(project_id='123454321')
self.assertEqual(computed, expected)
def post(self, request, *args, **kwargs):
form = DeleteProjectConfirm(data=request.POST)
if not form.is_valid():
return self.render_to_response(
self.get_context_data(form=form, request=request))
user = form.data.get('user')
password = form.data.get('password')
project_id = self.kwargs.get('project_id')
project_name = self.keystone.project_get(project_id).name
try:
keystone_app = Keystone(request,
username=user,
password=password,
tenant_name=project_name)
except exceptions.Unauthorized:
# Falhou ao auntenticar com as credenciais enviadas pelo usuario
messages.add_message(request, messages.ERROR,
_('Invalid credentials.'))
return self.render_to_response(
context=self.get_context_data(form=form, request=request))
endpoints = keystone_app.get_endpoints()
storage_url = endpoints['adminURL']
auth_token = self.keystone.conn.auth_token
swift_del_result = delete_swift_account(storage_url, auth_token)
if not swift_del_result:
messages.add_message(request, messages.ERROR,
_('Error when delete project'))
return HttpResponseRedirect(
reverse('edit_project', kwargs={'project_id': project_id}))
try:
self.keystone.vault_delete_project(project_id)
messages.add_message(request, messages.SUCCESS,
_('Successfully deleted project.'))
except Exception as e:
log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e))
messages.add_message(request, messages.ERROR,
_('Error when delete project'))
return HttpResponseRedirect(self.success_url)
def post(self, request, *args, **kwargs):
form = DeleteProjectConfirm(data=request.POST)
if not form.is_valid():
return self.render_to_response(
self.get_context_data(form=form, request=request)
)
user = form.data.get('user')
password = form.data.get('password')
project_id = self.kwargs.get('project_id')
project_name = self.keystone.project_get(project_id).name
try:
keystone_app = Keystone(request,
username=user,
password=password,
tenant_name=project_name)
except exceptions.Unauthorized:
# Falhou ao auntenticar com as credenciais enviadas pelo usuario
messages.add_message(request, messages.ERROR, _('Invalid credentials.'))
return self.render_to_response(
context=self.get_context_data(form=form, request=request)
)
endpoints = keystone_app.get_endpoints()
storage_url = endpoints['adminURL']
auth_token = self.keystone.conn.auth_token
swift_del_result = delete_swift_account(storage_url, auth_token)
if not swift_del_result:
messages.add_message(request, messages.ERROR,
_('Error when delete project'))
return HttpResponseRedirect(reverse('edit_project', kwargs={'project_id': project_id}))
try:
self.keystone.vault_delete_project(project_id)
messages.add_message(request, messages.SUCCESS,
_('Successfully deleted project.'))
except Exception as e:
log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e))
messages.add_message(request, messages.ERROR,
_('Error when delete project'))
return HttpResponseRedirect(self.success_url)
def test_keystone_create_user_with_no_role(self, mock_add_user_role):
""" Cadastra usuario sem setar role para nenhum project """
keystone = Keystone(self.request)
keystone.user_create('name',
email='*****@*****.**',
password='******',
project_id='project_id',
enabled=True)
keystone.conn.users.create.assert_called_with('name', 'password',
'*****@*****.**',
'project_id', True)
self.assertFalse(mock_add_user_role.called)
def test_vault_create_project_forbidden_on_project_create(self, mock_key_user):
self.mock_project_create.side_effect = exceptions.Forbidden
mock_key_user.return_value = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name))
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {'status': False, 'reason': 'Superuser required.'}
computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description)
self.assertEqual(computed, expected)
# Criacao de user nao pode ocorrer quando hover falha na criacao do project
self.assertFalse(mock_key_user.called)
def test_vault_create_project_forbidden_on_user_create(self, mock_key_user, mock_project_delete, mock_project_create):
mock_project_create.return_value = ProjectFactory(id=self.project.id, name=self.project.name)
mock_key_user.side_effect = exceptions.Forbidden
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {'status': False, 'reason': 'Admin required'}
computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description)
self.assertEqual(computed, expected)
# Se falhou o cadastro de usuario, o project devera ser deletado
mock_project_delete.assert_called_with(self.project.id)
def test_vault_delete_project(self):
keystone = Keystone(self.request)
_ = keystone.vault_delete_project(self.project_id)
# Delete project
self.mock_project_delete.assert_called_with(self.project_id)
# Find project's user
self.mock_return_find_u_user.assert_called_with(self.project_id)
# Delete user
self.mock_user_delete.assert_called_with(self.user_id)
def test_vault_delete_project(self):
keystone = Keystone(self.request)
_ = keystone.vault_delete_project(self.project_id)
# Delete project
self.mock_project_delete.assert_called_with(self.project_id)
# Find project's user
self.mock_return_find_u_user.assert_called_with(self.project_id)
# Delete user
self.mock_user_delete.assert_called_with(self.user_id)
def __init__(self, *args, **kwargs):
super(CreateUserForm, self).__init__(*args, **kwargs)
_password = Keystone.create_password()
for field in ('password', 'password_confirm'):
self.fields[field].initial = _password
def test_vault_update_project_keystone(self, mock_prj_owner):
mock_prj_owner.return_value = {'status': True}
fake_project = self.mock_project_get.return_value
keystone = Keystone(self.request, project_name='project_name')
computed = keystone.vault_project_update(
self.project.id,
self.project.name,
self.group.id,
description=self.project.description)
expected = {
'status': True,
'project': self.mock_project_update.return_value
}
self.assertEqual(computed, expected)
def test_vault_create_project_fail_to_save_project_to_team_on_db(self, mock_user_delete, mock_user_create, mock_project_delete, _, mock_areaprojects):
mock_areaprojects.side_effect = Exception
project_name = 'project_test'
fake_user = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name))
mock_user_create.return_value = fake_user
keystone = Keystone(self.request, tenant_name='tenant_name')
result = keystone.vault_create_project(project_name, self.group, self.area)
expected = {'status': False, 'reason': 'Unable to assign project to area'}
self.assertEqual(result, expected)
mock_project_delete.assert_called_with(self.project.id)
mock_user_delete.assert_called_with(fake_user.id)
def test_vault_create_project_forbidden_on_user_create(
self, mock_key_user, mock_project_delete, mock_project_create):
mock_project_create.return_value = ProjectFactory(
id=self.project.id, name=self.project.name)
mock_key_user.side_effect = exceptions.Forbidden
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {'status': False, 'reason': 'Admin required'}
computed = keystone.vault_create_project(
self.project.name, 1, 1, description=self.project.description)
self.assertEqual(computed, expected)
# Se falhou o cadastro de usuario, o project devera ser deletado
mock_project_delete.assert_called_with(self.project.id)
def test_vault_create_project(self, mock_gp_create, mock_key_pass,
mock_key_user, mock_encrypt_password):
mock_key_user.return_value = FakeResource(n=self.project.id,
name='u_{}'.format(
self.project.name))
mock_key_pass.return_value = 'password'
mock_encrypt_password.return_value = b'123456'
keystone = Keystone(self.request, project_name='project_name')
expected = {
'status': True,
'project': self.mock_project_create.return_value,
'user': mock_key_user.return_value,
'password': mock_key_pass.return_value,
}
computed = keystone.vault_project_create(
self.project.name,
self.group.id,
description=self.project.description)
# Project creation
self.mock_project_create.assert_called_with(
self.project.name,
description=self.project.description,
enabled=True)
# User creation
mock_key_user.assert_called_with(
name='u_vault_{}'.format(self.project.name),
email='',
password='******',
enabled=True,
domain='default',
project_id=self.project.id,
role_id='e03a556b664d4a41aaf2c5b4518f33ae')
mock_gp_create.assert_called_with(group_id=self.group.id,
project_id=self.project.id,
owner=1)
self.assertEqual(computed, expected)
def test_user_list_invalid_project(self):
"""
Testa metodo de listagem de usuario para o caso de um project_id
invalido
"""
self.mock_keystone_conn.return_value.users.list.side_effect = exceptions.NotFound
keystone = Keystone(self.request)
self.assertRaises(exceptions.NotFound, keystone.user_list)
def test_vault_create_project_forbidden_on_project_create(
self, mock_key_user):
self.mock_project_create.side_effect = exceptions.Forbidden
mock_key_user.return_value = FakeResource(n=self.project.id,
name='u_{}'.format(
self.project.name))
keystone = Keystone(self.request, project_name='project_name')
expected = {'status': False, 'reason': 'Superuser required.'}
computed = keystone.vault_project_create(
self.project.name, 1, description=self.project.description)
self.assertEqual(computed, expected)
# Criacao de user nao pode ocorrer quando hover falha na criacao do project
self.assertFalse(mock_key_user.called)
def test_regular_user_creates_keystone_conn_on_a_NOT_allowed_project(self):
# Se este mock retorna uma lista vazia, significa que o time do
# usuario NAO possui permissao no project
self.mock_filter.return_value = []
self.request.user.is_superuser = False
keystone = Keystone(self.request, project_name='abcdefg')
self.assertEqual(keystone.conn, None)
def setUp(self):
self.request = fake_request()
self.request.user.is_superuser = True
self.keystone = Keystone(self.request)
self.project = None
self.user = None
def get_context_data(self, **kwargs):
context = super(CreateProjectSuccessView, self).get_context_data(**kwargs)
request = kwargs.get('request')
context['project_info'] = request.session.get('project_info')
context['project_info']['auth_url'] = settings.KEYSTONE_URL
project_name = context['project_info']['project_name']
user_name = context['project_info']['user_name']
password = context['project_info']['user_password']
keystone = Keystone(request, username=user_name, password=password,
tenant_name=project_name)
context['project_info']['endpoints'] = keystone.get_endpoints()
return context
def test_return_find_u_user(self, mock_project_get, mock_user_list):
mock_project_get.return_value = ProjectFactory(id='abcde',
name='infra')
mock_user_list.return_value = UserFactory(id='abcde',
username='******')
keystone = Keystone(self.request, tenant_name='tenant_name')
fake_user = '******'.format(self.project.name)
self.assertEqual(fake_user, mock_user_list.return_value.username)
def test_vault_create_project_fail_to_save_group_project_on_db(self, mock_gp_save, mock_user_delete, mock_user_create, mock_project_delete):
fake_user = FakeResource(n=self.project.id, name='u_{}'.format(self.project.name))
mock_user_create.return_value = fake_user
# Excecao ao salvar no db
mock_gp_save.side_effect = Exception
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {'status': False, 'reason': 'Unable to assign project to group'}
computed = keystone.vault_create_project(self.project.name, 1, 1, description=self.project.description)
self.assertEqual(computed, expected)
mock_project_delete.assert_called_with(self.project.id)
mock_user_delete.assert_called_with(fake_user.id)
def test_regular_user_creates_keystone_conn_on_a_allowed_project(self):
# Se este mock retorna uma lista nao vazia, significa que o time do
# usuario possui permissao no project
self.mock_filter.return_value = [1]
self.request.user.is_superuser = False
self.conn = Keystone(self.request, project_name='project_name')
self.assertTrue(isinstance(self.conn, Keystone))
def test_vault_update_project(self, mock_gp, mock_ap):
group_id = 123
area_id = 456
keystone = Keystone(self.request, tenant_name='tenant_name')
fake_project = self.mock_project_get.return_value
expected = {
'status': True,
'project': self.mock_project_update.return_value,
}
computed = keystone.vault_update_project(
self.project.id,
self.project.name,
group_id,
area_id,
description=self.project.description)
# Update do Project
self.mock_project_update.assert_called_with(
fake_project,
name=self.project.name,
description=self.project.description,
enabled=True)
mock_gp.objects.filter.assert_called_with(project_id=self.project.id)
self.assertTrue(mock_gp.objects.filter.return_value.delete.called)
mock_gp.assert_called_with(group_id=group_id,
project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
mock_ap.objects.filter.assert_called_with(project_id=self.project.id)
self.assertTrue(mock_ap.objects.filter.return_value.delete.called)
mock_ap.assert_called_with(area_id=area_id, project_id=self.project.id)
self.assertTrue(mock_ap.return_value.save.called)
self.assertEqual(computed, expected)
def swift_cloud_report(request):
try:
keystone = Keystone(request)
except Exception as err:
log.exception(f"Keystone error: {err}")
return render(request, "vault/swift_cloud/report.html",
{"projects": []})
environ = settings.ENVIRON
if not environ and "localhost" in request.get_host():
environ = "local"
projects = []
try:
for project in keystone.project_list():
projects.append({
"id": project.id,
"name": project.name,
"description": project.description,
"environment": environ,
"status": "",
})
projects.sort(key=lambda p: p["name"].lower())
except Exception as err:
log.exception(f"Keystone error: {err}")
sct_client = SCTClient(settings.SWIFT_CLOUD_TOOLS_URL,
settings.SWIFT_CLOUD_TOOLS_API_KEY)
data = []
try:
reponse = sct_client.transfer_status_by_projects(
[p["id"] for p in projects])
if response.ok:
data = reponse.json()
except Exception as err:
log.exception(f"Swift Cloud Tools Error: {err}")
return render(request, "vault/swift_cloud/report.html", {
"projects": json.dumps(projects),
"migration_data": json.dumps(data)
})
def test_keystone_create_user_and_set_role(self, mock_role_get, mock_project_get, mock_add_user_role):
""" Cadastra usuario e seta role para project """
mock_user_create = self.mock_keystone_conn.return_value.users.create
fake_user = FakeResource('user_id', name='user_name')
fake_role = FakeResource('role_id', name='role_name')
fake_project = FakeResource('project_id', name='project_name')
mock_user_create.return_value = fake_user
mock_role_get.return_value = fake_role
mock_project_get.return_value = fake_project
keystone = Keystone(self.request, 'tenant_name')
keystone.user_create('name', email='*****@*****.**',
password='******', project_id='project_id',
enabled=True, role_id='role_id')
keystone.conn.users.create.assert_called_with('name', 'password', '*****@*****.**', 'project_id', True)
mock_add_user_role.assert_called_with(fake_user, fake_project, fake_role)
def get_context_data(self, **kwargs):
context = super(CreateProjectSuccessView,
self).get_context_data(**kwargs)
request = kwargs.get('request')
context['project_info'] = request.session.get('project_info')
context['project_info']['auth_url'] = settings.KEYSTONE_URL
project_name = context['project_info']['project_name']
user_name = context['project_info']['user_name']
password = context['project_info']['user_password']
keystone = Keystone(request,
username=user_name,
password=password,
tenant_name=project_name)
context['project_info']['endpoints'] = keystone.get_endpoints()
return context
def _check_backup_user(request, project_id):
try:
keystone = Keystone(request)
except exceptions.AuthorizationFailure:
msg = _('Unable to retrieve Keystone data')
messages.add_message(request, messages.ERROR, msg)
log.error(f'{request.user}: {msg}')
return False
if keystone.conn is None:
log.error('check_backup_user: Keystone connection error')
return False
all_users = keystone.user_list()
backup_user = None
for user in all_users:
if user.username == settings.BACKUP_USER:
backup_user = user
if backup_user is None:
log.error('check_backup_user: Undefined backup user')
return False
all_roles = keystone.role_list()
backup_role = None
for role in all_roles:
if role.name == settings.BACKUP_USER_ROLE:
backup_role = role
if backup_role is None:
log.error('check_backup_user: Undefined backup role')
return False
items = BackupContainer.objects.filter(project_id=project_id)
if items.count() == 0:
keystone.remove_user_role(project=project_id,
role=backup_role,
user=backup_user)
return True
try:
keystone.add_user_role(project=project_id,
role=backup_role,
user=backup_user)
except exceptions.Conflict:
log.info('backup_user already with role'.format(project_id))
return True
def test_vault_create_project(self, mock_gp, mock_ap, mock_key_pass,
mock_key_user):
mock_key_user.return_value = FakeResource(n=self.project.id,
name='u_{}'.format(
self.project.name))
mock_key_pass.return_value = 'password'
keystone = Keystone(self.request, tenant_name='tenant_name')
expected = {
'status': True,
'project': self.mock_project_create.return_value,
'user': mock_key_user.return_value,
'password': mock_key_pass.return_value,
}
computed = keystone.vault_create_project(
self.project.name, 1, 1, description=self.project.description)
# Criacao do Project
self.mock_project_create.assert_called_with(
self.project.name,
description=self.project.description,
enabled=True)
# Criacao do User
mock_key_user.assert_called_with(name='u_{}'.format(self.project.name),
password='******',
project_id=self.project.id,
role_id=settings.KEYSTONE_ROLE)
mock_gp.assert_called_with(group_id=1, project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
mock_ap.assert_called_with(area_id=1, project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
self.assertEqual(computed, expected)
def test_vault_update_project(self, mock_gp, mock_ap):
group_id = 123
area_id = 456
keystone = Keystone(self.request, tenant_name='tenant_name')
fake_project = self.mock_project_get.return_value
expected = {
'status': True,
'project': self.mock_project_update.return_value,
}
computed = keystone.vault_update_project(self.project.id,
self.project.name,
group_id,
area_id,
description=self.project.description)
# Update do Project
self.mock_project_update.assert_called_with(fake_project,
name=self.project.name,
description=self.project.description,
enabled=True)
mock_gp.objects.filter.assert_called_with(project_id=self.project.id)
self.assertTrue(mock_gp.objects.filter.return_value.delete.called)
mock_gp.assert_called_with(group_id=group_id, project_id=self.project.id)
self.assertTrue(mock_gp.return_value.save.called)
mock_ap.objects.filter.assert_called_with(project_id=self.project.id)
self.assertTrue(mock_ap.objects.filter.return_value.delete.called)
mock_ap.assert_called_with(area_id=area_id, project_id=self.project.id)
self.assertTrue(mock_ap.return_value.save.called)
self.assertEqual(computed, expected)
def test_vault_delete_project(self, mock_endpoints, mock_swift_delete,
mock_keystone_delete):
mock_endpoints.return_value = {
'adminURL': 'https://fake.api.globoi.com/v1/AUTH_XPTO'
}
class FakeResponse:
status_code = 204
mock_swift_delete.return_value = FakeResponse()
keystone = Keystone(self.request)
_ = keystone.vault_project_delete(self.project.name)
# Swift project delete
mock_swift_delete.assert_called_with(self.project.id)
# Find project's user
self.mock_find_user_with_u_prefix.assert_called_with(
self.project.id, 'u_vault')
# Keystone project delete
mock_keystone_delete.assert_called_with(self.project.id)
def get(self, request, *args, **kwargs):
context = {}
try:
user = self.keystone.return_find_u_user(kwargs.get('project_id'))
new_password = Keystone.create_password()
self.keystone.user_update(user, password=new_password)
context = {'new_password': new_password}
actionlog.log(request.user.username, 'update', user)
except Exception as e:
log.exception('{}{}'.format(_('Exception:').encode('UTF-8'), e))
return self.render_to_response(context, status=200)
def test_create_password(self):
computed = Keystone.create_password()
self.assertTrue(isinstance(computed, str))
