Improve coverage of storing credentials in parser.Stack

Currently the trusts path is not directly tested, so add coverage
and ensure the correct credentials are stored in each case.

Related-Bug: #1247200
Conflicts:
	heat/tests/test_parser.py

(cherry picked from commit 5397e94292dcbf61778bdaf8abdd3c14be728458)
Change-Id: I0aa999e01015046946f242a9b52b484522dc6d72

2 files changed, 52 insertions, 4 deletions

diff --git a/heat/tests/fakes.py b/heat/tests/fakes.py
index dd0427955..31f70320c 100644
--- a/heat/tests/fakes.py
+++ b/heat/tests/fakes.py
@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from heat.common import context
 
 """
 A fake server that "responds" to API methods with pre-canned responses.
@@ -98,9 +99,10 @@ class FakeClient(object):
 
 
 class FakeKeystoneClient(object):
-    def __init__(self, username='test_user', user_id='1234', access='4567',
-                 secret='8901'):
+    def __init__(self, username='test_user', password='apassword',
+                 user_id='1234', access='4567', secret='8901'):
         self.username = username
+        self.password = password
         self.user_id = user_id
         self.access = access
         self.secret = secret
@@ -139,7 +141,10 @@ class FakeKeystoneClient(object):
         return 'http://example.com:1234/v1'
 
     def create_trust_context(self):
-        pass
+        return context.RequestContext(username=self.username,
+                                      password=self.password,
+                                      trust_id='atrust',
+                                      trustor_user_id='auser123')
 
-    def delete_trust_context(self):
+    def delete_trust(self, trust_id):
         pass
diff --git a/heat/tests/test_parser.py b/heat/tests/test_parser.py
index 9ac90f9ff..afb22147e 100644
--- a/heat/tests/test_parser.py
+++ b/heat/tests/test_parser.py
@@ -15,6 +15,8 @@
 import json
 import time
 
+from oslo.config import cfg
+
 from heat.engine import environment
 from heat.common import exception
 from heat.common import template_format
@@ -1846,6 +1848,47 @@ class StackTest(HeatTestCase):
         user_creds_id = db_stack.user_creds_id
         self.assertIsNotNone(user_creds_id)
 
+        # should've stored the username/password in the context
+        user_creds = db_api.user_creds_get(user_creds_id)
+        self.assertEqual(self.ctx.username, user_creds.get('username'))
+        self.assertEqual(self.ctx.password, user_creds.get('password'))
+        self.assertIsNone(user_creds.get('trust_id'))
+        self.assertIsNone(user_creds.get('trustor_user_id'))
+
+        # Store again, ID should not change
+        self.stack.store()
+        self.assertEqual(user_creds_id, db_stack.user_creds_id)
+
+    @utils.stack_delete_after
+    def test_store_saves_creds_trust(self):
+        """
+        A user_creds entry is created on first stack store
+        """
+        cfg.CONF.set_override('deferred_auth_method', 'trusts')
+
+        self.m.StubOutWithMock(clients.OpenStackClients, 'keystone')
+        clients.OpenStackClients.keystone().MultipleTimes().AndReturn(
+            FakeKeystoneClient())
+        self.m.ReplayAll()
+
+        self.stack = parser.Stack(
+            self.ctx, 'creds_stack', template.Template({}))
+        self.stack.store()
+
+        # The store should've created a user_creds row and set user_creds_id
+        db_stack = db_api.stack_get(self.ctx, self.stack.id)
+        user_creds_id = db_stack.user_creds_id
+        self.assertIsNotNone(user_creds_id)
+
+        # should've stored the trust_id and trustor_user_id returned from
+        # FakeKeystoneClient.create_trust_context, username/password should
+        # not have been stored
+        user_creds = db_api.user_creds_get(user_creds_id)
+        self.assertIsNone(user_creds.get('username'))
+        self.assertIsNone(user_creds.get('password'))
+        self.assertEqual('atrust', user_creds.get('trust_id'))
+        self.assertEqual('auser123', user_creds.get('trustor_user_id'))
+
         # Store again, ID should not change
         self.stack.store()
         self.assertEqual(user_creds_id, db_stack.user_creds_id)