require 'puppet/provider/keystone_user_role/openstack'
provider_class = Puppet::Type.type(:keystone_user_role).provider(:openstack)
+def user_class
+ Puppet::Type.type(:keystone_user).provider(:openstack)
+end
+def project_class
+ Puppet::Type.type(:keystone_tenant).provider(:openstack)
+end
describe provider_class do
- describe 'when updating a user\'s role' do
+ # assumes Enabled is the last column - no quotes
+ def list_to_csv(thelist)
+ if thelist.is_a?(String)
+ return ''
+ end
+ str=""
+ thelist.each do |rec|
+ if rec.is_a?(String)
+ return ''
+ end
+ rec.each do |xx|
+ if xx.equal?(rec.last)
+ # True/False have no quotes
+ if xx == 'True' or xx == 'False'
+ str = str + xx + "\n"
+ else
+ str = str + '"' + xx + '"' + "\n"
+ end
+ else
+ str = str + '"' + xx + '",'
+ end
+ end
+ end
+ str
+ end
- let(:user_role_attrs) do
- {
- :name => 'foo@example.com@foo',
- :ensure => 'present',
- :roles => ['foo', 'bar'],
- :auth => {
- 'username' => 'test',
- 'password' => 'abc123',
- 'tenant_name' => 'foo',
- 'auth_url' => 'http://127.0.0.1:5000/v2.0',
- }
+ def before_need_instances
+ provider.class.expects(:openstack).once
+ .with('domain', 'list', '--quiet', '--format', 'csv')
+ .returns('"ID","Name","Enabled","Description"
+"foo_domain_id","foo_domain",True,"foo domain"
+"bar_domain_id","bar_domain",True,"bar domain"
+"another_domain_id","another_domain",True,"another domain"
+"disabled_domain_id","disabled_domain",False,"disabled domain"
+')
+ project_list = [['project-id-1','foo','foo_domain_id','foo project in foo domain','True'],
+ ['project-id-2','foo','bar_domain_id','foo project in bar domain','True'],
+ ['project-id-3','bar','foo_domain_id','bar project in foo domain','True'],
+ ['project-id-4','etc','another_domain_id','another project','True']]
+
+ user_list_for_project = {
+ 'project-id-1' => [['user-id-1','foo@example.com','foo','foo_domain','foo user','foo@foo_domain','True'],
+ ['user-id-2','bar@example.com','foo','foo_domain','bar user','bar@foo_domain','True']],
+ 'project-id-2' => [['user-id-3','foo@bar.com','foo','bar_domain','foo user','foo@bar_domain','True'],
+ ['user-id-4','bar@bar.com','foo','bar_domain','bar user','bar@bar_domain','True']]
+ }
+ user_list_for_project.default = ''
+
+ user_list_for_domain = {
+ 'foo_domain_id' => [['user-id-1','foo@example.com','foo','foo_domain','foo user','foo@foo_domain','True'],
+ ['user-id-2','bar@example.com','foo','foo_domain','bar user','bar@foo_domain','True']],
+ 'bar_domain_id' => [['user-id-3','foo@bar.com','foo','bar_domain','foo user','foo@bar_domain','True'],
+ ['user-id-4','bar@bar.com','foo','bar_domain','bar user','bar@bar_domain','True']]
+ }
+ user_list_for_domain.default = ''
+
+ role_list_for_project_user = {
+ 'project-id-1' => {
+ 'user-id-1' => [['role-id-1','foo','foo','foo'],
+ ['role-id-2','bar','foo','foo']]
+ },
+ 'project-id-2' => {
+ 'user-id-3' => [['role-id-1','foo','foo','foo'],
+ ['role-id-2','bar','foo','foo']]
}
+ }
+ role_list_for_project_user.default = ''
+
+ role_list_for_domain_user = {
+ 'foo_domain_id' => {
+ 'user-id-2' => [['role-id-1','foo','foo_domain','foo'],
+ ['role-id-2','bar','foo_domain','foo']]
+ },
+ 'bar_domain_id' => {
+ 'user-id-4' => [['role-id-1','foo','bar_domain','foo'],
+ ['role-id-2','bar','bar_domain','foo']]
+ }
+ }
+ role_list_for_project_user.default = ''
+
+ provider.class.expects(:openstack).once
+ .with('project', 'list', '--quiet', '--format', 'csv', ['--long'])
+ .returns('"ID","Name","Domain ID","Description","Enabled"' + "\n" + list_to_csv(project_list))
+ project_list.each do |rec|
+ csvlist = list_to_csv(user_list_for_project[rec[0]])
+ provider.class.expects(:openstack)
+ .with('user', 'list', '--quiet', '--format', 'csv', ['--long', '--project', rec[0]])
+ .returns('"ID","Name","Project","Domain","Description","Email","Enabled"' + "\n" + csvlist)
+ next if csvlist == ''
+ user_list_for_project[rec[0]].each do |urec|
+ csvlist = ''
+ if role_list_for_project_user.has_key?(rec[0]) and
+ role_list_for_project_user[rec[0]].has_key?(urec[0])
+ csvlist = list_to_csv(role_list_for_project_user[rec[0]][urec[0]])
+ end
+ provider.class.expects(:openstack)
+ .with('role', 'list', '--quiet', '--format', 'csv', ['--project', rec[0], '--user', urec[0]])
+ .returns('"ID","Name","Project","User"' + "\n" + csvlist)
+ end
end
+ ['foo_domain_id', 'bar_domain_id'].each do |domid|
+ csvlist = list_to_csv(user_list_for_domain[domid])
+ provider.class.expects(:openstack)
+ .with('user', 'list', '--quiet', '--format', 'csv', ['--long', '--domain', domid])
+ .returns('"ID","Name","Project","Domain","Description","Email","Enabled"' + "\n" + csvlist)
+ next if csvlist == ''
+ user_list_for_domain[domid].each do |urec|
+ csvlist = ''
+ if role_list_for_domain_user.has_key?(domid) and
+ role_list_for_domain_user[domid].has_key?(urec[0])
+ csvlist = list_to_csv(role_list_for_domain_user[domid][urec[0]])
+ end
+ provider.class.expects(:openstack)
+ .with('role', 'list', '--quiet', '--format', 'csv', ['--domain', domid, '--user', urec[0]])
+ .returns('"ID","Name","Domain","User"' + "\n" + csvlist)
+ end
+ end
+ end
- let(:resource) do
- Puppet::Type::Keystone_user_role.new(user_role_attrs)
+ def before_common(destroy, nolist=false, instances=false)
+ rolelistprojectuser = [['role-id-1','foo','foo','foo'],
+ ['role-id-2','bar','foo','foo']]
+ csvlist = list_to_csv(rolelistprojectuser)
+ rolelistreturns = ['"ID","Name","Project","User"' + "\n" + csvlist]
+ nn = 1
+ if destroy
+ rolelistreturns = ['']
+ nn = 1
+ end
+ unless nolist
+ provider.class.expects(:openstack).times(nn)
+ .with('role', 'list', '--quiet', '--format', 'csv', ['--project', 'project-id-1', '--user', 'user-id-1'])
+ .returns(*rolelistreturns)
end
- let(:provider) do
- provider_class.new(resource)
+ userhash = {:id => 'user-id-1', :name => 'foo@example.com'}
+ usermock = user_class.new(userhash)
+ unless instances
+ usermock.expects(:exists?).with(any_parameters).returns(true)
+ user_class.expects(:new).twice.with(any_parameters).returns(usermock)
end
+ user_class.expects(:instances).with(any_parameters).returns([usermock])
- before(:each) do
- provider.class.stubs(:openstack)
- .with('user', 'list', '--quiet', '--format', 'csv', [['--project', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- .returns('"ID","Name"
-"1cb05cfed7c24279be884ba4f6520262","foo@example.com"
-')
- provider.class.stubs(:openstack)
- .with('project', 'list', '--quiet', '--format', 'csv', [['--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- .returns('"ID","Name"
-"1cb05cfed7c24279be884ba4f6520262","foo"
-')
+ projecthash = {:id => 'project-id-1', :name => 'foo'}
+ projectmock = project_class.new(projecthash)
+ unless instances
+ projectmock.expects(:exists?).with(any_parameters).returns(true)
+ project_class.expects(:new).with(any_parameters).returns(projectmock)
end
+ project_class.expects(:instances).with(any_parameters).returns([projectmock])
+ end
- describe '#create' do
- it 'adds all the roles to the user' do
- provider.class.stubs(:openstack)
- .with('user role', 'list', '--quiet', '--format', 'csv', [['--project', 'foo', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- .returns('"ID","Name","Project","User"
-"1cb05cfed7c24279be884ba4f6520262","foo","foo","foo@example.com"
-"1cb05cfed7c24279be884ba4f6520263","bar","foo","foo@example.com"
-')
- provider.class.stubs(:openstack)
- .with('role', 'add', [['foo', '--project', 'foo', '--user', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- provider.class.stubs(:openstack)
- .with('role', 'add', [['bar', '--project', 'foo', '--user', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- provider.create
- expect(provider.exists?).to be_truthy
+ before :each, :default => true do
+ before_common(false)
+ end
+
+ before :each, :destroy => true do
+ before_common(true)
+ end
+
+ before :each, :nolist => true do
+ before_common(true, true)
+ end
+
+ before :each, :instances => true do
+ before_common(true, true, true)
+ end
+
+ shared_examples 'authenticated with environment variables' do
+ ENV['OS_USERNAME'] = 'test'
+ ENV['OS_PASSWORD'] = 'abc123'
+ ENV['OS_PROJECT_NAME'] = 'test'
+ ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5000'
+ end
+
+ describe 'when updating a user\'s role' do
+ it_behaves_like 'authenticated with environment variables' do
+ let(:user_role_attrs) do
+ {
+ :name => 'foo@foo',
+ :ensure => 'present',
+ :roles => ['foo', 'bar'],
+ }
end
- end
- describe '#destroy' do
- it 'removes all the roles from a user' do
- provider.class.stubs(:openstack)
- .with('user role', 'list', '--quiet', '--format', 'csv', [['--project', 'foo', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- .returns('"ID","Name","Project","User"')
- provider.class.stubs(:openstack)
- .with('role', 'remove', [['foo', '--project', 'foo', '--user', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- provider.class.stubs(:openstack)
- .with('role', 'remove', [['bar', '--project', 'foo', '--user', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- provider.destroy
- expect(provider.exists?).to be_falsey
+ let(:resource) do
+ Puppet::Type::Keystone_user_role.new(user_role_attrs)
end
- end
+ let(:provider) do
+ provider_class.new(resource)
+ end
+
+ describe '#create', :default => true do
+ it 'adds all the roles to the user' do
+ provider.class.expects(:openstack)
+ .with('role', 'add', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.class.expects(:openstack)
+ .with('role', 'add', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+ end
+
+ describe '#destroy', :destroy => true do
+ it 'removes all the roles from a user' do
+ provider.instance_variable_get('@property_hash')[:roles] = ['foo', 'bar']
+ provider.class.expects(:openstack)
+ .with('role', 'remove', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.class.expects(:openstack)
+ .with('role', 'remove', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.destroy
+ expect(provider.exists?).to be_falsey
+ end
+
+ end
+
+ describe '#exists', :default => true do
+ subject(:response) do
+ response = provider.exists?
+ end
- describe '#exists' do
- subject(:response) do
- provider.class.stubs(:openstack)
- .with('user role', 'list', '--quiet', '--format', 'csv', [['--project', 'foo', 'foo@example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
- .returns('"ID","Name","Project","User"
-"1cb05ed7c24279be884ba4f6520262","foo","foo","foo@example.com"
-"1cb05ed7c24279be884ba4f6520262","bar","foo","foo@example.com"
+ it { is_expected.to be_truthy }
+
+ end
+
+ describe '#instances', :instances => true do
+ it 'finds every user role' do
+ provider.class.expects(:openstack)
+ .with('role', 'list', '--quiet', '--format', 'csv', [])
+ .returns('"ID","Name"
+"foo-role-id","foo"
+"bar-role-id","bar"
')
- response = provider.exists?
+ provider.class.expects(:openstack)
+ .with('role assignment', 'list', '--quiet', '--format', 'csv', [])
+ .returns('
+"Role","User","Group","Project","Domain"
+"foo-role-id","user-id-1","","project-id-1",""
+"bar-role-id","user-id-1","","project-id-1",""
+')
+ instances = provider.class.instances
+ expect(instances.count).to eq(1)
+ expect(instances[0].name).to eq('foo@example.com@foo')
+ expect(instances[0].roles).to eq(['foo', 'bar'])
+ end
end
- it { is_expected.to be_truthy }
+ describe '#roles=', :nolist => true do
+ let(:user_role_attrs) do
+ {
+ :name => 'foo@foo',
+ :ensure => 'present',
+ :roles => ['one', 'two'],
+ }
+ end
+ it 'applies the new roles' do
+ provider.instance_variable_get('@property_hash')[:roles] = ['foo', 'bar']
+ provider.class.expects(:openstack)
+ .with('role', 'remove', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.class.expects(:openstack)
+ .with('role', 'remove', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.class.expects(:openstack)
+ .with('role', 'add', ['one', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.class.expects(:openstack)
+ .with('role', 'add', ['two', '--project', 'project-id-1', '--user', 'user-id-1'])
+ provider.roles=(['one', 'two'])
+ end
+ end
end
-
end
end