def test_new_project_reapprove_failure(self):
"""
Project created at approve step, failure at role grant.
Ensure reapprove correctly finishes.
"""
setup_identity_cache()
task = Task.objects.create(keystone_user={})
data = {
"domain_id": "default",
"parent_id": None,
"email": "*****@*****.**",
"project_name": "test_project",
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, True)
# NOTE(adrian): We need the code to fail at the
# grant roles step so we can attempt reapproving it
class FakeException(Exception):
pass
def fail_grant(user, default_roles, project_id):
raise FakeException
# We swap out the old grant function and keep
# it for later.
old_grant_function = action.grant_roles
action.grant_roles = fail_grant
# Now we expect the failure
self.assertRaises(FakeException, action.approve)
# No roles_granted yet, but user created
self.assertTrue("user_id" in action.action.cache)
self.assertFalse("roles_granted" in action.action.cache)
new_project = fake_clients.identity_cache["new_projects"][0]
self.assertEqual(new_project.name, "test_project")
new_user = fake_clients.identity_cache["new_users"][0]
self.assertEqual(new_user.name, "*****@*****.**")
self.assertEqual(new_user.email, "*****@*****.**")
self.assertEqual(len(fake_clients.identity_cache["role_assignments"]),
0)
# And then swap back the correct function
action.grant_roles = old_grant_function
# and try again, it should work this time
action.approve()
self.assertEqual(action.valid, True)
# roles_granted in cache
self.assertTrue("roles_granted" in action.action.cache)
token_data = {"password": "******"}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(new_user.password, "123456")
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(new_user, new_project)
self.assertEqual(
sorted(roles),
sorted(
["member", "project_admin", "project_mod",
"heat_stack_owner"]),
)
def test_new_project_reapprove_failure(self):
"""
Project created at post_approve step, failure at role grant.
Ensure reapprove correctly finishes.
"""
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
# NOTE(adrian): We need the code to fail at the
# grant roles step so we can attempt reapproving it
class FakeException(Exception):
pass
def fail_grant(user, default_roles, project_id):
raise FakeException
# We swap out the old grant function and keep
# it for later.
old_grant_function = action.grant_roles
action.grant_roles = fail_grant
# Now we expect the failure
self.assertRaises(FakeException, action.post_approve)
# No roles_granted yet, but user created
self.assertTrue("user_id" in action.action.cache)
self.assertFalse("roles_granted" in action.action.cache)
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
project = tests.temp_cache['projects']['test_project']
self.assertFalse("user_id_1" in project.roles)
# And then swap back the correct function
action.grant_roles = old_grant_function
# and try again, it should work this time
action.post_approve()
self.assertEquals(action.valid, True)
# roles_granted in cache
self.assertTrue("roles_granted" in action.action.cache)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles["user_id_1"]),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
