3 require 'puppet/provider/keystone_user_role/openstack'
5 provider_class = Puppet::Type.type(:keystone_user_role).provider(:openstack)
7 Puppet::Type.type(:keystone_user).provider(:openstack)
10 Puppet::Type.type(:keystone_tenant).provider(:openstack)
13 describe provider_class do
15 # assumes Enabled is the last column - no quotes
16 def list_to_csv(thelist)
17 if thelist.is_a?(String)
26 if xx.equal?(rec.last)
27 # True/False have no quotes
28 if xx == 'True' or xx == 'False'
31 str = str + '"' + xx + '"' + "\n"
34 str = str + '"' + xx + '",'
41 def before_need_instances
42 provider.class.expects(:openstack).once
43 .with('domain', 'list', '--quiet', '--format', 'csv')
44 .returns('"ID","Name","Enabled","Description"
45 "foo_domain_id","foo_domain",True,"foo domain"
46 "bar_domain_id","bar_domain",True,"bar domain"
47 "another_domain_id","another_domain",True,"another domain"
48 "disabled_domain_id","disabled_domain",False,"disabled domain"
50 project_list = [['project-id-1','foo','foo_domain_id','foo project in foo domain','True'],
51 ['project-id-2','foo','bar_domain_id','foo project in bar domain','True'],
52 ['project-id-3','bar','foo_domain_id','bar project in foo domain','True'],
53 ['project-id-4','etc','another_domain_id','another project','True']]
55 user_list_for_project = {
56 'project-id-1' => [['user-id-1','foo@example.com','foo','foo_domain','foo user','foo@foo_domain','True'],
57 ['user-id-2','bar@example.com','foo','foo_domain','bar user','bar@foo_domain','True']],
58 'project-id-2' => [['user-id-3','foo@bar.com','foo','bar_domain','foo user','foo@bar_domain','True'],
59 ['user-id-4','bar@bar.com','foo','bar_domain','bar user','bar@bar_domain','True']]
61 user_list_for_project.default = ''
63 user_list_for_domain = {
64 'foo_domain_id' => [['user-id-1','foo@example.com','foo','foo_domain','foo user','foo@foo_domain','True'],
65 ['user-id-2','bar@example.com','foo','foo_domain','bar user','bar@foo_domain','True']],
66 'bar_domain_id' => [['user-id-3','foo@bar.com','foo','bar_domain','foo user','foo@bar_domain','True'],
67 ['user-id-4','bar@bar.com','foo','bar_domain','bar user','bar@bar_domain','True']]
69 user_list_for_domain.default = ''
71 role_list_for_project_user = {
73 'user-id-1' => [['role-id-1','foo','foo','foo'],
74 ['role-id-2','bar','foo','foo']]
77 'user-id-3' => [['role-id-1','foo','foo','foo'],
78 ['role-id-2','bar','foo','foo']]
81 role_list_for_project_user.default = ''
83 role_list_for_domain_user = {
85 'user-id-2' => [['role-id-1','foo','foo_domain','foo'],
86 ['role-id-2','bar','foo_domain','foo']]
89 'user-id-4' => [['role-id-1','foo','bar_domain','foo'],
90 ['role-id-2','bar','bar_domain','foo']]
93 role_list_for_project_user.default = ''
95 provider.class.expects(:openstack).once
96 .with('project', 'list', '--quiet', '--format', 'csv', ['--long'])
97 .returns('"ID","Name","Domain ID","Description","Enabled"' + "\n" + list_to_csv(project_list))
98 project_list.each do |rec|
99 csvlist = list_to_csv(user_list_for_project[rec[0]])
100 provider.class.expects(:openstack)
101 .with('user', 'list', '--quiet', '--format', 'csv', ['--long', '--project', rec[0]])
102 .returns('"ID","Name","Project","Domain","Description","Email","Enabled"' + "\n" + csvlist)
103 next if csvlist == ''
104 user_list_for_project[rec[0]].each do |urec|
106 if role_list_for_project_user.has_key?(rec[0]) and
107 role_list_for_project_user[rec[0]].has_key?(urec[0])
108 csvlist = list_to_csv(role_list_for_project_user[rec[0]][urec[0]])
110 provider.class.expects(:openstack)
111 .with('role', 'list', '--quiet', '--format', 'csv', ['--project', rec[0], '--user', urec[0]])
112 .returns('"ID","Name","Project","User"' + "\n" + csvlist)
115 ['foo_domain_id', 'bar_domain_id'].each do |domid|
116 csvlist = list_to_csv(user_list_for_domain[domid])
117 provider.class.expects(:openstack)
118 .with('user', 'list', '--quiet', '--format', 'csv', ['--long', '--domain', domid])
119 .returns('"ID","Name","Project","Domain","Description","Email","Enabled"' + "\n" + csvlist)
120 next if csvlist == ''
121 user_list_for_domain[domid].each do |urec|
123 if role_list_for_domain_user.has_key?(domid) and
124 role_list_for_domain_user[domid].has_key?(urec[0])
125 csvlist = list_to_csv(role_list_for_domain_user[domid][urec[0]])
127 provider.class.expects(:openstack)
128 .with('role', 'list', '--quiet', '--format', 'csv', ['--domain', domid, '--user', urec[0]])
129 .returns('"ID","Name","Domain","User"' + "\n" + csvlist)
134 def before_common(destroy, nolist=false, instances=false)
135 rolelistprojectuser = [['role-id-1','foo','foo','foo'],
136 ['role-id-2','bar','foo','foo']]
137 csvlist = list_to_csv(rolelistprojectuser)
138 rolelistreturns = ['"ID","Name","Project","User"' + "\n" + csvlist]
141 rolelistreturns = ['']
145 provider.class.expects(:openstack).times(nn)
146 .with('role', 'list', '--quiet', '--format', 'csv', ['--project', 'project-id-1', '--user', 'user-id-1'])
147 .returns(*rolelistreturns)
150 userhash = {:id => 'user-id-1', :name => 'foo@example.com'}
151 usermock = user_class.new(userhash)
153 usermock.expects(:exists?).with(any_parameters).returns(true)
154 user_class.expects(:new).twice.with(any_parameters).returns(usermock)
156 user_class.expects(:instances).with(any_parameters).returns([usermock])
158 projecthash = {:id => 'project-id-1', :name => 'foo'}
159 projectmock = project_class.new(projecthash)
161 projectmock.expects(:exists?).with(any_parameters).returns(true)
162 project_class.expects(:new).with(any_parameters).returns(projectmock)
164 project_class.expects(:instances).with(any_parameters).returns([projectmock])
167 before :each, :default => true do
171 before :each, :destroy => true do
175 before :each, :nolist => true do
176 before_common(true, true)
179 before :each, :instances => true do
180 before_common(true, true, true)
183 shared_examples 'authenticated with environment variables' do
184 ENV['OS_USERNAME'] = 'test'
185 ENV['OS_PASSWORD'] = 'abc123'
186 ENV['OS_PROJECT_NAME'] = 'test'
187 ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5000'
190 describe 'when updating a user\'s role' do
191 it_behaves_like 'authenticated with environment variables' do
192 let(:user_role_attrs) do
195 :ensure => 'present',
196 :roles => ['foo', 'bar'],
201 Puppet::Type::Keystone_user_role.new(user_role_attrs)
205 provider_class.new(resource)
208 describe '#create', :default => true do
209 it 'adds all the roles to the user' do
210 provider.class.expects(:openstack)
211 .with('role', 'add', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
212 provider.class.expects(:openstack)
213 .with('role', 'add', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
215 expect(provider.exists?).to be_truthy
219 describe '#destroy', :destroy => true do
220 it 'removes all the roles from a user' do
221 provider.instance_variable_get('@property_hash')[:roles] = ['foo', 'bar']
222 provider.class.expects(:openstack)
223 .with('role', 'remove', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
224 provider.class.expects(:openstack)
225 .with('role', 'remove', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
227 expect(provider.exists?).to be_falsey
232 describe '#exists', :default => true do
233 subject(:response) do
234 response = provider.exists?
237 it { is_expected.to be_truthy }
241 describe '#instances', :instances => true do
242 it 'finds every user role' do
243 provider.class.expects(:openstack)
244 .with('role', 'list', '--quiet', '--format', 'csv', [])
245 .returns('"ID","Name"
249 provider.class.expects(:openstack)
250 .with('role assignment', 'list', '--quiet', '--format', 'csv', [])
252 "Role","User","Group","Project","Domain"
253 "foo-role-id","user-id-1","","project-id-1",""
254 "bar-role-id","user-id-1","","project-id-1",""
256 instances = provider.class.instances
257 expect(instances.count).to eq(1)
258 expect(instances[0].name).to eq('foo@example.com@foo')
259 expect(instances[0].roles).to eq(['foo', 'bar'])
263 describe '#roles=', :nolist => true do
264 let(:user_role_attrs) do
267 :ensure => 'present',
268 :roles => ['one', 'two'],
272 it 'applies the new roles' do
273 provider.instance_variable_get('@property_hash')[:roles] = ['foo', 'bar']
274 provider.class.expects(:openstack)
275 .with('role', 'remove', ['foo', '--project', 'project-id-1', '--user', 'user-id-1'])
276 provider.class.expects(:openstack)
277 .with('role', 'remove', ['bar', '--project', 'project-id-1', '--user', 'user-id-1'])
278 provider.class.expects(:openstack)
279 .with('role', 'add', ['one', '--project', 'project-id-1', '--user', 'user-id-1'])
280 provider.class.expects(:openstack)
281 .with('role', 'add', ['two', '--project', 'project-id-1', '--user', 'user-id-1'])
282 provider.roles=(['one', 'two'])