diff options
| author | Zuul <zuul@review.opendev.org> | 2021-03-11 16:04:46 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2021-03-11 16:04:46 +0000 |
| commit | ef0f64e3c83658fcebad0b54f5ee85613655aaf1 (patch) | |
| tree | 252978d2d6e39a87f2053d7e750185cec4ab89de /heat/tests | |
| parent | ee219a86f4502a778c27e925c399eb268bafcba2 (diff) | |
| parent | d8efcd17808ebbb6eb6d88e592635bdd1ebb3d92 (diff) | |
| download | heat-ef0f64e3c83658fcebad0b54f5ee85613655aaf1.tar.gz | |
Merge "Regenerate trust when update with different user"
Diffstat (limited to 'heat/tests')
| -rw-r--r-- | heat/tests/clients/test_heat_client.py | 59 | ||||
| -rw-r--r-- | heat/tests/convergence/test_converge.py | 5 | ||||
| -rw-r--r-- | heat/tests/engine/service/test_stack_action.py | 3 | ||||
| -rw-r--r-- | heat/tests/engine/service/test_stack_events.py | 2 | ||||
| -rw-r--r-- | heat/tests/engine/service/test_stack_update.py | 24 | ||||
| -rw-r--r-- | heat/tests/test_engine_service.py | 2 | ||||
| -rw-r--r-- | heat/tests/test_stack.py | 27 | ||||
| -rw-r--r-- | heat/tests/test_stack_update.py | 32 |
8 files changed, 143 insertions, 11 deletions
diff --git a/heat/tests/clients/test_heat_client.py b/heat/tests/clients/test_heat_client.py index 912fbdf75..dabd00436 100644 --- a/heat/tests/clients/test_heat_client.py +++ b/heat/tests/clients/test_heat_client.py @@ -521,6 +521,65 @@ class KeystoneClientTest(common.HeatTestCase): self.assertRaises(exception.AuthorizationFailure, heat_keystoneclient.KeystoneClient, ctx) + def test_regenerate_trust_context_with_no_exist_trust_id(self): + + """Test regenerate_trust_context.""" + + class MockTrust(object): + id = 'dtrust123' + + mock_ks_auth, mock_auth_ref = self._stubs_auth(user_id='5678', + project_id='42', + stub_trust_context=True, + stub_admin_auth=True) + + cfg.CONF.set_override('deferred_auth_method', 'trusts') + + trustor_roles = ['heat_stack_owner', 'admin', '__member__'] + trustee_roles = trustor_roles + mock_auth_ref.user_id = '5678' + mock_auth_ref.project_id = '42' + + self.mock_ks_v3_client.trusts.create.return_value = MockTrust() + + ctx = utils.dummy_context(roles=trustor_roles) + ctx.trust_id = None + heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) + trust_context = heat_ks_client.regenerate_trust_context() + self.assertEqual('dtrust123', trust_context.trust_id) + self.assertEqual('5678', trust_context.trustor_user_id) + ks_loading.load_auth_from_conf_options.assert_called_once_with( + cfg.CONF, 'trustee', trust_id=None) + self.mock_ks_v3_client.trusts.create.assert_called_once_with( + trustor_user='5678', + trustee_user='1234', + project='42', + impersonation=True, + allow_redelegation=False, + role_names=trustee_roles) + self.assertEqual(0, self.mock_ks_v3_client.trusts.delete.call_count) + + def test_regenerate_trust_context_with_exist_trust_id(self): + + """Test regenerate_trust_context.""" + + self._stubs_auth(method='trust') + cfg.CONF.set_override('deferred_auth_method', 'trusts') + + ctx = utils.dummy_context() + ctx.trust_id = 'atrust123' + ctx.trustor_user_id = 'trustor_user_id' + + class MockTrust(object): + id = 'dtrust123' + + self.mock_ks_v3_client.trusts.create.return_value = MockTrust() + heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) + trust_context = heat_ks_client.regenerate_trust_context() + self.assertEqual('dtrust123', trust_context.trust_id) + self.mock_ks_v3_client.trusts.delete.assert_called_once_with( + ctx.trust_id) + def test_create_trust_context_trust_id(self): """Test create_trust_context with existing trust_id.""" diff --git a/heat/tests/convergence/test_converge.py b/heat/tests/convergence/test_converge.py index 081a8d43c..8e1b10480 100644 --- a/heat/tests/convergence/test_converge.py +++ b/heat/tests/convergence/test_converge.py @@ -11,13 +11,15 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg + +from heat.common import context from heat.engine import resource from heat.tests import common from heat.tests.convergence.framework import fake_resource from heat.tests.convergence.framework import processes from heat.tests.convergence.framework import scenario from heat.tests.convergence.framework import testutils -from oslo_config import cfg class ScenarioTest(common.HeatTestCase): @@ -27,6 +29,7 @@ class ScenarioTest(common.HeatTestCase): def setUp(self): super(ScenarioTest, self).setUp() + self.patchobject(context, 'StoredContext') resource._register_class('OS::Heat::TestResource', fake_resource.TestResource) self.procs = processes.Processes() diff --git a/heat/tests/engine/service/test_stack_action.py b/heat/tests/engine/service/test_stack_action.py index 48a704b67..74a1d96e5 100644 --- a/heat/tests/engine/service/test_stack_action.py +++ b/heat/tests/engine/service/test_stack_action.py @@ -159,6 +159,7 @@ class StackServiceUpdateActionsNotSupportedTest(common.HeatTestCase): self.ctx, old_stack.identifier(), template, params, None, {}) self.assertEqual(exception.NotSupported, ex.exc_info[0]) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) old_stack.delete() diff --git a/heat/tests/engine/service/test_stack_events.py b/heat/tests/engine/service/test_stack_events.py index a1da41582..ef1907c47 100644 --- a/heat/tests/engine/service/test_stack_events.py +++ b/heat/tests/engine/service/test_stack_events.py @@ -16,6 +16,7 @@ from unittest import mock from oslo_config import cfg from oslo_messaging import conffixture +from heat.common import context from heat.engine import resource as res from heat.engine.resources.aws.ec2 import instance as instances from heat.engine import service @@ -32,6 +33,7 @@ class StackEventTest(common.HeatTestCase): def setUp(self): super(StackEventTest, self).setUp() + self.patchobject(context, 'StoredContext') self.ctx = utils.dummy_context(tenant_id='stack_event_test_tenant') self.eng = service.EngineService('a-host', 'a-topic') diff --git a/heat/tests/engine/service/test_stack_update.py b/heat/tests/engine/service/test_stack_update.py index 17aaabb8b..f1df832af 100644 --- a/heat/tests/engine/service/test_stack_update.py +++ b/heat/tests/engine/service/test_stack_update.py @@ -18,6 +18,7 @@ from oslo_config import cfg from oslo_messaging import conffixture from oslo_messaging.rpc import dispatcher +from heat.common import context from heat.common import environment_util as env_util from heat.common import exception from heat.common import messaging @@ -45,6 +46,7 @@ class ServiceStackUpdateTest(common.HeatTestCase): def setUp(self): super(ServiceStackUpdateTest, self).setUp() self.useFixture(conffixture.ConfFixture(cfg.CONF)) + self.patchobject(context, 'StoredContext') self.ctx = utils.dummy_context() self.man = service.EngineService('a-host', 'a-topic') self.man.thread_group_mgr = tools.DummyThreadGroupManager() @@ -103,7 +105,8 @@ class ServiceStackUpdateTest(common.HeatTestCase): username='test_username', converge=True ) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) mock_validate.assert_called_once_with() def _test_stack_update_with_environment_files(self, stack_name, @@ -222,7 +225,8 @@ class ServiceStackUpdateTest(common.HeatTestCase): username='test_username', converge=False ) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) mock_validate.assert_called_once_with() def test_stack_update_existing_parameters(self): @@ -555,7 +559,8 @@ resources: mock_validate.assert_called_once_with() mock_tmpl.assert_called_once_with(template, files=None) mock_env.assert_called_once_with(params) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) mock_stack.assert_called_once_with( self.ctx, stk.name, stk.t, convergence=False, @@ -703,7 +708,8 @@ resources: username='test_username', converge=False ) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) mock_validate.assert_called_once_with() def test_stack_update_stack_id_equal(self): @@ -750,9 +756,11 @@ resources: old_stack['A'].properties['Foo']) self.assertEqual(create_stack['A'].id, old_stack['A'].id) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) def test_stack_update_exceeds_resource_limit(self): + self.patchobject(context, 'StoredContext') stack_name = 'test_stack_update_exceeds_resource_limit' params = {} tpl = {'HeatTemplateFormatVersion': '2012-12-12', @@ -822,7 +830,8 @@ resources: username='test_username', converge=False ) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) mock_validate.assert_called_once_with() def test_stack_update_nonexist(self): @@ -886,7 +895,8 @@ resources: user_creds_id=u'1', username='test_username', converge=False ) - mock_load.assert_called_once_with(self.ctx, stack=s) + mock_load.assert_called_once_with(self.ctx, stack=s, + check_refresh_cred=True) def test_stack_update_existing_template(self): '''Update a stack using the same template.''' diff --git a/heat/tests/test_engine_service.py b/heat/tests/test_engine_service.py index aa6b62818..875d44dcd 100644 --- a/heat/tests/test_engine_service.py +++ b/heat/tests/test_engine_service.py @@ -289,7 +289,7 @@ class StackConvergenceServiceCreateUpdateTest(common.HeatTestCase): self.assertIsInstance(result, dict) self.assertTrue(result['stack_id']) parser.Stack.load.assert_called_once_with( - self.ctx, stack=mock.ANY) + self.ctx, stack=mock.ANY, check_refresh_cred=True) templatem.Template.assert_called_once_with(template, files=None) environment.Environment.assert_called_once_with(params) diff --git a/heat/tests/test_stack.py b/heat/tests/test_stack.py index 0e8a0b4e4..790d0f4ca 100644 --- a/heat/tests/test_stack.py +++ b/heat/tests/test_stack.py @@ -478,7 +478,7 @@ class StackTest(common.HeatTestCase): prev_raw_template_id=None, current_deps=None, cache_data=None, nested_depth=0, - deleted_time=None) + deleted_time=None, refresh_cred=False) template.Template.load.assert_called_once_with( self.ctx, stk.raw_template_id, stk.raw_template) @@ -1630,6 +1630,31 @@ class StackTest(common.HeatTestCase): saved_stack = stack.Stack.load(self.ctx, stack_id=stack_ownee.id) self.assertEqual(self.stack.id, saved_stack.owner_id) + def _test_load_with_refresh_cred(self, refresh=True): + cfg.CONF.set_override('deferred_auth_method', 'trusts') + self.patchobject(self.ctx.auth_plugin, 'get_user_id', + return_value='old_trustor_user_id') + self.patchobject(self.ctx.auth_plugin, 'get_project_id', + return_value='test_tenant_id') + + old_context = utils.dummy_context() + old_context.trust_id = 'atrust123' + old_context.trustor_user_id = ( + 'trustor_user_id' if refresh else 'old_trustor_user_id') + m_sc = self.patchobject(context, 'StoredContext') + m_sc.from_dict.return_value = old_context + self.stack = stack.Stack(self.ctx, 'test_regenerate_trust', self.tmpl) + self.stack.store() + load_stack = stack.Stack.load(self.ctx, stack_id=self.stack.id, + check_refresh_cred=True) + self.assertEqual(refresh, load_stack.refresh_cred) + + def test_load_with_refresh_cred(self): + self._test_load_with_refresh_cred() + + def test_load_with_no_refresh_cred(self): + self._test_load_with_refresh_cred(refresh=False) + def test_requires_deferred_auth(self): tmpl = {'HeatTemplateFormatVersion': '2012-12-12', 'Resources': {'AResource': {'Type': 'GenericResourceType'}, diff --git a/heat/tests/test_stack_update.py b/heat/tests/test_stack_update.py index 71e97c981..a466cef4f 100644 --- a/heat/tests/test_stack_update.py +++ b/heat/tests/test_stack_update.py @@ -18,6 +18,7 @@ from unittest import mock from heat.common import exception from heat.common import template_format from heat.db.sqlalchemy import api as db_api +from heat.engine.clients.os.keystone import fake_keystoneclient from heat.engine import environment from heat.engine import resource from heat.engine import rsrc_defn @@ -72,6 +73,37 @@ class StackUpdateTest(common.HeatTestCase): self.assertRaises(exception.NotFound, db_api.raw_template_get, self.ctx, raw_template_id) + def test_update_with_refresh_creds(self): + tmpl = {'HeatTemplateFormatVersion': '2012-12-12', + 'Resources': {'AResource': {'Type': 'GenericResourceType'}}} + + self.stack = stack.Stack(self.ctx, 'update_test_stack', + template.Template(tmpl)) + self.stack.store() + self.stack.create() + self.assertEqual((stack.Stack.CREATE, stack.Stack.COMPLETE), + self.stack.state) + + tmpl2 = {'HeatTemplateFormatVersion': '2012-12-12', + 'Resources': { + 'AResource': {'Type': 'GenericResourceType'}, + 'BResource': {'Type': 'GenericResourceType'}}} + updated_stack = stack.Stack(self.ctx, 'updated_stack', + template.Template(tmpl2)) + old_user_creds_id = self.stack.user_creds_id + self.stack.refresh_cred = True + + self.stack.context.user_id = '5678' + + mock_del_trust = self.patchobject( + fake_keystoneclient.FakeKeystoneClient, 'delete_trust') + + self.stack.update(updated_stack) + self.assertEqual((stack.Stack.UPDATE, stack.Stack.COMPLETE), + self.stack.state) + self.assertEqual(1, mock_del_trust.call_count) + self.assertNotEqual(self.stack.user_creds_id, old_user_creds_id) + def test_update_remove(self): tmpl = {'HeatTemplateFormatVersion': '2012-12-12', 'Resources': { |