From 0f9326a1adcb257a296646e68edfd9d8d17146db Mon Sep 17 00:00:00 2001 From: Brian Waldon Date: Mon, 20 Feb 2012 13:20:55 -0800 Subject: Add 'nova-manage export auth' * Introduce ability to dump auth data to json blob for consumption by keystone * Implements bp keystone-export-rewrite Change-Id: Ic8c0ade8350daa449fb6df7ad3c55c3ae2b0c2c7 --- bin/nova-manage | 68 +++++++++++++++++++++++++++++++++++++++++ nova/tests/test_nova_manage.py | 69 +++++++++++++++++++++++++++++++++++++----- 2 files changed, 129 insertions(+), 8 deletions(-) diff --git a/bin/nova-manage b/bin/nova-manage index 27541965f..3140a3432 100755 --- a/bin/nova-manage +++ b/bin/nova-manage @@ -2241,12 +2241,80 @@ class GetLogCommands(object): print "No nova entries in syslog!" +class ExportCommands(object): + """Commands used to export data from Nova""" + + def auth(self): + """Export Nova auth data in format that can be consumed by Keystone""" + print json.dumps(self._get_auth_data()) + + def _get_auth_data(self): + output = { + 'users': [], + 'tenants': [], + 'user_tenant_list': [], + 'ec2_credentials': [], + 'roles': [], + 'role_user_tenant_list': [], + } + + am = manager.AuthManager() + + for user in am.get_users(): + user_dict = { + 'id': user.id, + 'name': user.name, + 'password': user.access, + } + output['users'].append(user_dict) + + ec2_cred = { + 'user_id': user.id, + 'access_key': user.access, + 'secret_key': user.secret, + } + output['ec2_credentials'].append(ec2_cred) + + for project in am.get_projects(): + tenant = { + 'id': project.id, + 'name': project.name, + 'description': project.description, + } + output['tenants'].append(tenant) + + for user_id in project.member_ids: + membership = { + 'tenant_id': project.id, + 'user_id': user_id, + } + output['user_tenant_list'].append(membership) + + for role in am.get_roles(): + if role not in output['roles']: + output['roles'].append(role) + + for project in am.get_projects(): + for user_id in project.member_ids: + user = am.get_user(user_id) + for role in am.get_user_roles(user_id, project.id): + role_grant = { + 'role': role, + 'user_id': user_id, + 'tenant_id': project.id, + } + output['role_user_tenant_list'].append(role_grant) + + return output + + CATEGORIES = [ ('account', AccountCommands), ('agent', AgentBuildCommands), ('config', ConfigCommands), ('db', DbCommands), ('drive', VsaDriveTypeCommands), + ('export', ExportCommands), ('fixed', FixedIpCommands), ('flavor', InstanceTypeCommands), ('floating', FloatingIpCommands), diff --git a/nova/tests/test_nova_manage.py b/nova/tests/test_nova_manage.py index 2190d9c02..cc5c13da1 100644 --- a/nova/tests/test_nova_manage.py +++ b/nova/tests/test_nova_manage.py @@ -15,9 +15,21 @@ # License for the specific language governing permissions and limitations # under the License. +import imp +import json import os +import StringIO import sys +import stubout + +import nova.auth.manager +from nova import context +from nova import db +from nova import test +from nova.tests.db import fakes as db_fakes + + TOPDIR = os.path.normpath(os.path.join( os.path.dirname(os.path.abspath(__file__)), os.pardir, @@ -25,16 +37,8 @@ TOPDIR = os.path.normpath(os.path.join( NOVA_MANAGE_PATH = os.path.join(TOPDIR, 'bin', 'nova-manage') sys.dont_write_bytecode = True -import imp nova_manage = imp.load_source('nova_manage.py', NOVA_MANAGE_PATH) sys.dont_write_bytecode = False -import stubout - -import StringIO -from nova import context -from nova import db -from nova import test -from nova.tests.db import fakes as db_fakes class FixedIpCommandsTestCase(test.TestCase): @@ -244,3 +248,52 @@ class NetworkCommandsTestCase(test.TestCase): self._test_modify_base(update_value={'project_id': None, 'host': None}, project=None, host=None, dis_project=True, dis_host=True) + + +class ExportAuthTestCase(test.TestCase): + + def test_export(self): + self.flags(allowed_roles=['role1', 'role2']) + am = nova.auth.manager.AuthManager(new=True) + user1 = am.create_user('user1', 'a1', 's1') + user2 = am.create_user('user2', 'a2', 's2') + user3 = am.create_user('user3', 'a3', 's3') + proj1 = am.create_project('proj1', user1, member_users=[user1, user2]) + proj2 = am.create_project('proj2', user2, member_users=[user2, user3]) + am.add_role(user1, 'role1', proj1) + am.add_role(user1, 'role1', proj2) + am.add_role(user3, 'role1', proj1) + am.add_role(user3, 'role2', proj2) + + commands = nova_manage.ExportCommands() + output = commands._get_auth_data() + + expected = { + "users": [ + {"id": "user1", "name": "user1", 'password': 'a1'}, + {"id": "user2", "name": "user2", 'password': 'a2'}, + {"id": "user3", "name": "user3", 'password': 'a3'}, + ], + "roles": ["role1", "role2"], + "role_user_tenant_list": [ + {"user_id": "user1", "role": "role1", "tenant_id": "proj1"}, + {"user_id": "user3", "role": "role2", "tenant_id": "proj2"}, + ], + "user_tenant_list": [ + {"tenant_id": "proj1", "user_id": "user1"}, + {"tenant_id": "proj1", "user_id": "user2"}, + {"tenant_id": "proj2", "user_id": "user2"}, + {"tenant_id": "proj2", "user_id": "user3"}, + ], + "ec2_credentials": [ + {"access_key": "a1", "secret_key": "s1", "user_id": "user1"}, + {"access_key": "a2", "secret_key": "s2", "user_id": "user2"}, + {"access_key": "a3", "secret_key": "s3", "user_id": "user3"}, + ], + "tenants": [ + {"description": "proj1", "id": "proj1", "name": "proj1"}, + {"description": "proj2", "id": "proj2", "name": "proj2"}, + ], + } + + self.assertDictMatch(output, expected) -- cgit