diff options
| author | Mark McLoughlin <markmc@redhat.com> | 2012-03-30 14:34:14 +0100 |
|---|---|---|
| committer | Mark McLoughlin <markmc@redhat.com> | 2012-03-30 14:36:59 +0100 |
| commit | 283ea4a16622287c476141736d373405119f3e79 (patch) | |
| tree | 40c0bf64b252511ba1a8e34f29fbb03056a0257d | |
| parent | 75676812e867a36778fa5b1beb3d2dbfcb87bec2 (diff) | |
| download | nova-283ea4a16622287c476141736d373405119f3e79.tar.gz nova-283ea4a16622287c476141736d373405119f3e79.tar.xz nova-283ea4a16622287c476141736d373405119f3e79.zip | |
Export user id as password to keystone when using noauth
Fixes bug #969208
When using noauth, a user's password is her user id (e.g. in novarc).
When we export to keystone, we should make sure the same credentials
keep working rather than effectively switching all the passwords to
random UUIDs which users would never have seen before.
Change-Id: Ie77c622ce1952d03e836bb64167184022a02e902
| -rwxr-xr-x | bin/nova-manage | 11 | ||||
| -rw-r--r-- | nova/tests/test_nova_manage.py | 24 |
2 files changed, 26 insertions, 9 deletions
diff --git a/bin/nova-manage b/bin/nova-manage index 65082ba90..462b9d5e2 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -1542,16 +1542,23 @@ class ExportCommands(object): am = manager.AuthManager() for user in am.get_users(): + # NOTE(vish): Deprecated auth uses an access key, no auth uses a + # the user_id in place of it. + if FLAGS.auth_strategy == 'deprecated': + access = user.access + else: + access = user.id + user_dict = { 'id': user.id, 'name': user.name, - 'password': user.access, + 'password': access, } output['users'].append(user_dict) ec2_cred = { 'user_id': user.id, - 'access_key': user.access, + 'access_key': access, 'secret_key': user.secret, } output['ec2_credentials'].append(ec2_cred) diff --git a/nova/tests/test_nova_manage.py b/nova/tests/test_nova_manage.py index a91657ac4..d3ef7ed95 100644 --- a/nova/tests/test_nova_manage.py +++ b/nova/tests/test_nova_manage.py @@ -239,7 +239,14 @@ class NetworkCommandsTestCase(test.TestCase): class ExportAuthTestCase(test.TestCase): - def test_export(self): + def test_export_with_noauth(self): + self._do_test_export() + + def test_export_with_deprecated_auth(self): + self.flags(auth_strategy='deprecated') + self._do_test_export(noauth=False) + + def _do_test_export(self, noauth=True): self.flags(allowed_roles=['role1', 'role2']) am = nova.auth.manager.AuthManager(new=True) user1 = am.create_user('user1', 'a1', 's1') @@ -255,11 +262,14 @@ class ExportAuthTestCase(test.TestCase): commands = nova_manage.ExportCommands() output = commands._get_auth_data() + def pw(idx): + return ('user' if noauth else 'a') + str(idx) + expected = { "users": [ - {"id": "user1", "name": "user1", 'password': 'a1'}, - {"id": "user2", "name": "user2", 'password': 'a2'}, - {"id": "user3", "name": "user3", 'password': 'a3'}, + {"id": "user1", "name": "user1", 'password': pw(1)}, + {"id": "user2", "name": "user2", 'password': pw(2)}, + {"id": "user3", "name": "user3", 'password': pw(3)}, ], "roles": ["role1", "role2"], "role_user_tenant_list": [ @@ -273,9 +283,9 @@ class ExportAuthTestCase(test.TestCase): {"tenant_id": "proj2", "user_id": "user3"}, ], "ec2_credentials": [ - {"access_key": "a1", "secret_key": "s1", "user_id": "user1"}, - {"access_key": "a2", "secret_key": "s2", "user_id": "user2"}, - {"access_key": "a3", "secret_key": "s3", "user_id": "user3"}, + {"access_key": pw(1), "secret_key": "s1", "user_id": "user1"}, + {"access_key": pw(2), "secret_key": "s2", "user_id": "user2"}, + {"access_key": pw(3), "secret_key": "s3", "user_id": "user3"}, ], "tenants": [ {"description": "proj1", "id": "proj1", "name": "proj1"}, |