Merge lp:~allenap/maas/shared-to-per-tenant-storage-1.2 into lp:maas/1.2
- shared-to-per-tenant-storage-1.2
- Merge into 1.2
Proposed by
Gavin Panella
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Raphaël Badin | ||||
Approved revision: | no longer in the source branch. | ||||
Merged at revision: | 1367 | ||||
Proposed branch: | lp:~allenap/maas/shared-to-per-tenant-storage-1.2 | ||||
Merge into: | lp:maas/1.2 | ||||
Diff against target: |
632 lines (+570/-6) 9 files modified
src/maasserver/models/user.py (+1/-0) src/maasserver/support/pertenant/migration.py (+179/-0) src/maasserver/support/pertenant/tests/test_migration.py (+384/-0) src/maasserver/tests/data/test_rsa0.pub (+1/-1) src/maasserver/tests/data/test_rsa1.pub (+1/-1) src/maasserver/tests/data/test_rsa2.pub (+1/-1) src/maasserver/tests/data/test_rsa3.pub (+1/-1) src/maasserver/tests/data/test_rsa4.pub (+1/-1) src/maasserver/tests/test_sshkey.py (+1/-1) |
||||
To merge this branch: | bzr merge lp:~allenap/maas/shared-to-per-tenant-storage-1.2 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Gavin Panella (community) | Approve | ||
Review via email: mp+152020@code.launchpad.net |
Commit message
Backport of r1449 from trunk: Add the mechanism for migrating shared-namespace file storage usage over to the per-tenant model.
There is a carefully constructed 4-step process that's intended to minimise disruption. Ultimately some eggs do need to be broken, but this branch catches their contents and tries damn hard to bake a tasty cake with it.
Description of the change
To post a comment you must log in.
Revision history for this message
Gavin Panella (allenap) : | # |
review:
Approve
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'src/maasserver/models/user.py' | |||
2 | --- src/maasserver/models/user.py 2012-08-13 04:47:10 +0000 | |||
3 | +++ src/maasserver/models/user.py 2013-03-06 17:48:23 +0000 | |||
4 | @@ -15,6 +15,7 @@ | |||
5 | 15 | 'create_user', | 15 | 'create_user', |
6 | 16 | 'get_auth_tokens', | 16 | 'get_auth_tokens', |
7 | 17 | 'get_creds_tuple', | 17 | 'get_creds_tuple', |
8 | 18 | 'SYSTEM_USERS', | ||
9 | 18 | ] | 19 | ] |
10 | 19 | 20 | ||
11 | 20 | from maasserver import worker_user | 21 | from maasserver import worker_user |
12 | 21 | 22 | ||
13 | === added file 'src/maasserver/support/pertenant/migration.py' | |||
14 | --- src/maasserver/support/pertenant/migration.py 1970-01-01 00:00:00 +0000 | |||
15 | +++ src/maasserver/support/pertenant/migration.py 2013-03-06 17:48:23 +0000 | |||
16 | @@ -0,0 +1,179 @@ | |||
17 | 1 | # Copyright 2012 Canonical Ltd. This software is licensed under the | ||
18 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | ||
19 | 3 | |||
20 | 4 | """Shared namespace --> per-tenant namespace migration. | ||
21 | 5 | |||
22 | 6 | Perform the following steps to migrate: | ||
23 | 7 | |||
24 | 8 | 1. When no files exist (i.e. no Juju environments exist): do nothing | ||
25 | 9 | 1a. When no *unowned* files exist: do nothing. | ||
26 | 10 | |||
27 | 11 | 2. When there's only one user: assign ownership of all files to user. | ||
28 | 12 | |||
29 | 13 | 3. When there are multiple users and a `provider-state` file: parse that file | ||
30 | 14 | to extract the instance id of the bootstrap node. From that instance id, | ||
31 | 15 | get the identity of the user who deployed this environment (that's the | ||
32 | 16 | owner of the bootstrap node). Then proceed as in 4, using that user as the | ||
33 | 17 | "legacy" user. | ||
34 | 18 | |||
35 | 19 | 4. When there are multiple users: create a new "legacy" user, assign ownership | ||
36 | 20 | of all files and allocated/owned nodes to this user, copy all public SSH | ||
37 | 21 | keys to this user, and move all API credentials to this user. | ||
38 | 22 | |||
39 | 23 | There's not a lot we can do about SSH keys authorised to connect to the | ||
40 | 24 | already deployed nodes in #3, but this set will only ever decrease: nodes | ||
41 | 25 | allocated after this migration will permit access from any of the users with | ||
42 | 26 | SSH keys prior to the migration. | ||
43 | 27 | """ | ||
44 | 28 | |||
45 | 29 | from __future__ import ( | ||
46 | 30 | absolute_import, | ||
47 | 31 | print_function, | ||
48 | 32 | unicode_literals, | ||
49 | 33 | ) | ||
50 | 34 | |||
51 | 35 | __metaclass__ = type | ||
52 | 36 | __all__ = [ | ||
53 | 37 | "migrate", | ||
54 | 38 | ] | ||
55 | 39 | |||
56 | 40 | from django.contrib.auth.models import User | ||
57 | 41 | from maasserver.models import ( | ||
58 | 42 | FileStorage, | ||
59 | 43 | Node, | ||
60 | 44 | SSHKey, | ||
61 | 45 | ) | ||
62 | 46 | from maasserver.models.user import ( | ||
63 | 47 | get_auth_tokens, | ||
64 | 48 | SYSTEM_USERS, | ||
65 | 49 | ) | ||
66 | 50 | from maasserver.support.pertenant.utils import get_bootstrap_node_owner | ||
67 | 51 | from maasserver.utils.orm import get_one | ||
68 | 52 | |||
69 | 53 | |||
70 | 54 | legacy_user_name = "shared-environment" | ||
71 | 55 | |||
72 | 56 | |||
73 | 57 | def get_legacy_user(): | ||
74 | 58 | """Return the legacy namespace user, creating it if need be.""" | ||
75 | 59 | try: | ||
76 | 60 | legacy_user = User.objects.get(username=legacy_user_name) | ||
77 | 61 | except User.DoesNotExist: | ||
78 | 62 | # Create the legacy user with a local, probably non-working, email | ||
79 | 63 | # address, and an unusable password. | ||
80 | 64 | legacy_user = User.objects.create_user( | ||
81 | 65 | email="%s@localhost" % legacy_user_name, | ||
82 | 66 | username=legacy_user_name) | ||
83 | 67 | legacy_user.first_name = "Shared" | ||
84 | 68 | legacy_user.last_name = "Environment" | ||
85 | 69 | legacy_user.is_active = True | ||
86 | 70 | return legacy_user | ||
87 | 71 | |||
88 | 72 | |||
89 | 73 | def get_unowned_files(): | ||
90 | 74 | """Returns a `QuerySet` of unowned files.""" | ||
91 | 75 | return FileStorage.objects.filter(owner=None) | ||
92 | 76 | |||
93 | 77 | |||
94 | 78 | def get_real_users(): | ||
95 | 79 | """Returns a `QuerySet` of real. not system, users.""" | ||
96 | 80 | users = User.objects.exclude(username__in=SYSTEM_USERS) | ||
97 | 81 | users = users.exclude(username=legacy_user_name) | ||
98 | 82 | return users | ||
99 | 83 | |||
100 | 84 | |||
101 | 85 | def get_owned_nodes(): | ||
102 | 86 | """Returns a `QuerySet` of nodes owned by real users.""" | ||
103 | 87 | return Node.objects.filter(owner__in=get_real_users()) | ||
104 | 88 | |||
105 | 89 | |||
106 | 90 | def get_owned_nodes_owners(): | ||
107 | 91 | """Returns a `QuerySet` of the owners of nodes owned by real users.""" | ||
108 | 92 | owner_ids = get_owned_nodes().values_list("owner", flat=True) | ||
109 | 93 | return User.objects.filter(id__in=owner_ids.distinct()) | ||
110 | 94 | |||
111 | 95 | |||
112 | 96 | def get_destination_user(): | ||
113 | 97 | """Return the user to which resources should be assigned.""" | ||
114 | 98 | real_users = get_real_users() | ||
115 | 99 | if real_users.count() == 1: | ||
116 | 100 | return get_one(real_users) | ||
117 | 101 | else: | ||
118 | 102 | bootstrap_user = get_bootstrap_node_owner() | ||
119 | 103 | if bootstrap_user is None: | ||
120 | 104 | return get_legacy_user() | ||
121 | 105 | else: | ||
122 | 106 | return bootstrap_user | ||
123 | 107 | |||
124 | 108 | |||
125 | 109 | def get_ssh_keys(user): | ||
126 | 110 | """Return the SSH key strings belonging to the specified user.""" | ||
127 | 111 | return SSHKey.objects.filter(user=user).values_list("key", flat=True) | ||
128 | 112 | |||
129 | 113 | |||
130 | 114 | def copy_ssh_keys(user_from, user_dest): | ||
131 | 115 | """Copies SSH keys from one user to another. | ||
132 | 116 | |||
133 | 117 | This is idempotent, and does not clobber the destination user's existing | ||
134 | 118 | keys. | ||
135 | 119 | """ | ||
136 | 120 | user_from_keys = get_ssh_keys(user_from) | ||
137 | 121 | user_dest_keys = get_ssh_keys(user_dest) | ||
138 | 122 | for key in set(user_from_keys).difference(user_dest_keys): | ||
139 | 123 | ssh_key = SSHKey(user=user_dest, key=key) | ||
140 | 124 | ssh_key.save() | ||
141 | 125 | |||
142 | 126 | |||
143 | 127 | def give_file_to_user(file, user): | ||
144 | 128 | """Give a file to a user.""" | ||
145 | 129 | file.owner = user | ||
146 | 130 | file.save() | ||
147 | 131 | |||
148 | 132 | |||
149 | 133 | def give_api_credentials_to_user(user_from, user_dest): | ||
150 | 134 | """Gives one user's API credentials to another. | ||
151 | 135 | |||
152 | 136 | This ensures that users of the shared namespace environment continue to | ||
153 | 137 | operate within the legacy shared namespace environment by default via the | ||
154 | 138 | API (e.g. maas-cli and Juju). | ||
155 | 139 | """ | ||
156 | 140 | for token in get_auth_tokens(user_from): | ||
157 | 141 | consumer = token.consumer | ||
158 | 142 | consumer.user = user_dest | ||
159 | 143 | consumer.save() | ||
160 | 144 | token.user = user_dest | ||
161 | 145 | token.save() | ||
162 | 146 | |||
163 | 147 | |||
164 | 148 | def give_node_to_user(node, user): | ||
165 | 149 | """Changes a node's ownership for the legacy shared environment.""" | ||
166 | 150 | node.owner = user | ||
167 | 151 | node.save() | ||
168 | 152 | |||
169 | 153 | |||
170 | 154 | def migrate_to_user(user): | ||
171 | 155 | """Migrate files and nodes to the specified user. | ||
172 | 156 | |||
173 | 157 | This also copies, to the destination user, the public SSH keys of any | ||
174 | 158 | owned nodes' owners. This is so that those users who had allocated nodes | ||
175 | 159 | (i.e. active users of a shared-namespace environment) can access newly | ||
176 | 160 | created nodes in the legacy shared-namespace environment. | ||
177 | 161 | """ | ||
178 | 162 | for unowned_file in get_unowned_files(): | ||
179 | 163 | give_file_to_user(unowned_file, user) | ||
180 | 164 | for node_owner in get_owned_nodes_owners(): | ||
181 | 165 | copy_ssh_keys(node_owner, user) | ||
182 | 166 | give_api_credentials_to_user(node_owner, user) | ||
183 | 167 | for owned_node in get_owned_nodes(): | ||
184 | 168 | give_node_to_user(owned_node, user) | ||
185 | 169 | |||
186 | 170 | |||
187 | 171 | def migrate(): | ||
188 | 172 | """Migrate files to a per-tenant namespace.""" | ||
189 | 173 | if get_unowned_files().exists(): | ||
190 | 174 | # 2, 3, and 4 | ||
191 | 175 | user = get_destination_user() | ||
192 | 176 | migrate_to_user(user) | ||
193 | 177 | else: | ||
194 | 178 | # 1 and 1a | ||
195 | 179 | pass | ||
196 | 0 | 180 | ||
197 | === added file 'src/maasserver/support/pertenant/tests/test_migration.py' | |||
198 | --- src/maasserver/support/pertenant/tests/test_migration.py 1970-01-01 00:00:00 +0000 | |||
199 | +++ src/maasserver/support/pertenant/tests/test_migration.py 2013-03-06 17:48:23 +0000 | |||
200 | @@ -0,0 +1,384 @@ | |||
201 | 1 | # Copyright 2012 Canonical Ltd. This software is licensed under the | ||
202 | 2 | # GNU Affero General Public License version 3 (see the file LICENSE). | ||
203 | 3 | |||
204 | 4 | """Test `maasserver.support.pertenant.migration.""" | ||
205 | 5 | |||
206 | 6 | from __future__ import ( | ||
207 | 7 | absolute_import, | ||
208 | 8 | print_function, | ||
209 | 9 | unicode_literals, | ||
210 | 10 | ) | ||
211 | 11 | |||
212 | 12 | __metaclass__ = type | ||
213 | 13 | __all__ = [] | ||
214 | 14 | |||
215 | 15 | from django.contrib.auth.models import User | ||
216 | 16 | from maasserver.models import ( | ||
217 | 17 | Node, | ||
218 | 18 | SSHKey, | ||
219 | 19 | ) | ||
220 | 20 | from maasserver.support.pertenant import migration | ||
221 | 21 | from maasserver.support.pertenant.migration import ( | ||
222 | 22 | copy_ssh_keys, | ||
223 | 23 | get_destination_user, | ||
224 | 24 | get_legacy_user, | ||
225 | 25 | get_owned_nodes, | ||
226 | 26 | get_owned_nodes_owners, | ||
227 | 27 | get_real_users, | ||
228 | 28 | get_ssh_keys, | ||
229 | 29 | get_unowned_files, | ||
230 | 30 | give_api_credentials_to_user, | ||
231 | 31 | give_file_to_user, | ||
232 | 32 | give_node_to_user, | ||
233 | 33 | legacy_user_name, | ||
234 | 34 | migrate, | ||
235 | 35 | migrate_to_user, | ||
236 | 36 | ) | ||
237 | 37 | from maasserver.support.pertenant.tests.test_utils import ( | ||
238 | 38 | make_provider_state_file, | ||
239 | 39 | ) | ||
240 | 40 | from maasserver.testing import ( | ||
241 | 41 | get_data, | ||
242 | 42 | reload_object, | ||
243 | 43 | ) | ||
244 | 44 | from maasserver.testing.factory import factory | ||
245 | 45 | from maasserver.testing.testcase import TestCase | ||
246 | 46 | from mock import ( | ||
247 | 47 | call, | ||
248 | 48 | sentinel, | ||
249 | 49 | ) | ||
250 | 50 | from testtools.matchers import MatchesStructure | ||
251 | 51 | |||
252 | 52 | |||
253 | 53 | def get_ssh_key_string(num=0): | ||
254 | 54 | return get_data('data/test_rsa%d.pub' % num) | ||
255 | 55 | |||
256 | 56 | |||
257 | 57 | class TestFunctions(TestCase): | ||
258 | 58 | |||
259 | 59 | def find_legacy_user(self): | ||
260 | 60 | return User.objects.filter(username=legacy_user_name) | ||
261 | 61 | |||
262 | 62 | def test_get_legacy_user_creates_user(self): | ||
263 | 63 | self.assertEqual([], list(self.find_legacy_user())) | ||
264 | 64 | legacy_user = get_legacy_user() | ||
265 | 65 | self.assertEqual([legacy_user], list(self.find_legacy_user())) | ||
266 | 66 | self.assertThat( | ||
267 | 67 | legacy_user, MatchesStructure.byEquality( | ||
268 | 68 | first_name="Shared", last_name="Environment", | ||
269 | 69 | email=legacy_user_name + "@localhost", is_active=True)) | ||
270 | 70 | |||
271 | 71 | def test_get_legacy_user_creates_user_only_once(self): | ||
272 | 72 | legacy_user1 = get_legacy_user() | ||
273 | 73 | self.assertEqual([legacy_user1], list(self.find_legacy_user())) | ||
274 | 74 | legacy_user2 = get_legacy_user() | ||
275 | 75 | self.assertEqual([legacy_user2], list(self.find_legacy_user())) | ||
276 | 76 | self.assertEqual(legacy_user1, legacy_user2) | ||
277 | 77 | |||
278 | 78 | def test_get_unowned_files_no_files(self): | ||
279 | 79 | self.assertEqual([], list(get_unowned_files())) | ||
280 | 80 | |||
281 | 81 | def test_get_unowned_files(self): | ||
282 | 82 | user = factory.make_user() | ||
283 | 83 | files = [ | ||
284 | 84 | factory.make_file_storage(owner=None), | ||
285 | 85 | factory.make_file_storage(owner=user), | ||
286 | 86 | factory.make_file_storage(owner=None), | ||
287 | 87 | ] | ||
288 | 88 | self.assertSetEqual( | ||
289 | 89 | {files[0], files[2]}, | ||
290 | 90 | set(get_unowned_files())) | ||
291 | 91 | |||
292 | 92 | def test_get_real_users_no_users(self): | ||
293 | 93 | get_legacy_user() # Ensure at least the legacy user exists. | ||
294 | 94 | self.assertEqual([], list(get_real_users())) | ||
295 | 95 | |||
296 | 96 | def test_get_real_users(self): | ||
297 | 97 | get_legacy_user() # Ensure at least the legacy user exists. | ||
298 | 98 | users = [ | ||
299 | 99 | factory.make_user(), | ||
300 | 100 | factory.make_user(), | ||
301 | 101 | ] | ||
302 | 102 | self.assertSetEqual(set(users), set(get_real_users())) | ||
303 | 103 | |||
304 | 104 | def test_get_owned_nodes_no_nodes(self): | ||
305 | 105 | self.assertEqual([], list(get_owned_nodes())) | ||
306 | 106 | |||
307 | 107 | def test_get_owned_nodes_no_owned_nodes(self): | ||
308 | 108 | factory.make_node() | ||
309 | 109 | self.assertEqual([], list(get_owned_nodes())) | ||
310 | 110 | |||
311 | 111 | def test_get_owned_nodes_with_owned_nodes(self): | ||
312 | 112 | nodes = { | ||
313 | 113 | factory.make_node(owner=factory.make_user()), | ||
314 | 114 | factory.make_node(owner=factory.make_user()), | ||
315 | 115 | } | ||
316 | 116 | self.assertSetEqual(nodes, set(get_owned_nodes())) | ||
317 | 117 | |||
318 | 118 | def test_get_owned_nodes_with_nodes_owned_by_system_users(self): | ||
319 | 119 | factory.make_node(owner=get_legacy_user()), | ||
320 | 120 | self.assertEqual([], list(get_owned_nodes())) | ||
321 | 121 | |||
322 | 122 | def test_get_owned_nodes_owners_no_users(self): | ||
323 | 123 | self.assertEqual([], list(get_owned_nodes_owners())) | ||
324 | 124 | |||
325 | 125 | def test_get_owned_nodes_owners_no_nodes(self): | ||
326 | 126 | factory.make_user() | ||
327 | 127 | self.assertEqual([], list(get_owned_nodes_owners())) | ||
328 | 128 | |||
329 | 129 | def test_get_owned_nodes_owners_no_owned_nodes(self): | ||
330 | 130 | factory.make_user() | ||
331 | 131 | factory.make_node(owner=None) | ||
332 | 132 | self.assertEqual([], list(get_owned_nodes_owners())) | ||
333 | 133 | |||
334 | 134 | def test_get_owned_nodes_owners(self): | ||
335 | 135 | user1 = factory.make_user() | ||
336 | 136 | user2 = factory.make_user() | ||
337 | 137 | factory.make_user() | ||
338 | 138 | factory.make_node(owner=user1) | ||
339 | 139 | factory.make_node(owner=user2) | ||
340 | 140 | factory.make_node(owner=None) | ||
341 | 141 | self.assertSetEqual({user1, user2}, set(get_owned_nodes_owners())) | ||
342 | 142 | |||
343 | 143 | def test_get_destination_user_one_real_user(self): | ||
344 | 144 | user = factory.make_user() | ||
345 | 145 | self.assertEqual(user, get_destination_user()) | ||
346 | 146 | |||
347 | 147 | def test_get_destination_user_two_real_users(self): | ||
348 | 148 | factory.make_user() | ||
349 | 149 | factory.make_user() | ||
350 | 150 | self.assertEqual(get_legacy_user(), get_destination_user()) | ||
351 | 151 | |||
352 | 152 | def test_get_destination_user_no_real_users(self): | ||
353 | 153 | self.assertEqual(get_legacy_user(), get_destination_user()) | ||
354 | 154 | |||
355 | 155 | def test_get_destination_user_with_user_from_juju_state(self): | ||
356 | 156 | user1, user2 = factory.make_user(), factory.make_user() | ||
357 | 157 | node = factory.make_node(owner=user1) | ||
358 | 158 | make_provider_state_file(node) | ||
359 | 159 | self.assertEqual(user1, get_destination_user()) | ||
360 | 160 | |||
361 | 161 | def test_get_destination_user_with_orphaned_juju_state(self): | ||
362 | 162 | user1, user2 = factory.make_user(), factory.make_user() | ||
363 | 163 | node = factory.make_node(owner=user1) | ||
364 | 164 | make_provider_state_file(node) | ||
365 | 165 | node.delete() # Orphan the state. | ||
366 | 166 | self.assertEqual(get_legacy_user(), get_destination_user()) | ||
367 | 167 | |||
368 | 168 | |||
369 | 169 | class TestCopySSHKeys(TestCase): | ||
370 | 170 | """Tests for copy_ssh_keys().""" | ||
371 | 171 | |||
372 | 172 | def test_noop_when_there_are_no_keys(self): | ||
373 | 173 | user1 = factory.make_user() | ||
374 | 174 | user2 = factory.make_user() | ||
375 | 175 | copy_ssh_keys(user1, user2) | ||
376 | 176 | ssh_keys = SSHKey.objects.filter(user__in={user1, user2}) | ||
377 | 177 | self.assertEqual([], list(ssh_keys)) | ||
378 | 178 | |||
379 | 179 | def test_copy(self): | ||
380 | 180 | user1 = factory.make_user() | ||
381 | 181 | key1 = factory.make_sshkey(user1) | ||
382 | 182 | user2 = factory.make_user() | ||
383 | 183 | copy_ssh_keys(user1, user2) | ||
384 | 184 | user2s_ssh_keys = SSHKey.objects.filter(user=user2) | ||
385 | 185 | self.assertSetEqual( | ||
386 | 186 | {key1.key}, {ssh_key.key for ssh_key in user2s_ssh_keys}) | ||
387 | 187 | |||
388 | 188 | def test_copy_is_idempotent(self): | ||
389 | 189 | # When the destination user already has a key, copy_ssh_keys() is a | ||
390 | 190 | # noop for that key. | ||
391 | 191 | user1 = factory.make_user() | ||
392 | 192 | key1 = factory.make_sshkey(user1) | ||
393 | 193 | user2 = factory.make_user() | ||
394 | 194 | key2 = factory.make_sshkey(user2, key1.key) | ||
395 | 195 | copy_ssh_keys(user1, user2) | ||
396 | 196 | user2s_ssh_keys = SSHKey.objects.filter(user=user2) | ||
397 | 197 | self.assertSetEqual( | ||
398 | 198 | {key2.key}, {ssh_key.key for ssh_key in user2s_ssh_keys}) | ||
399 | 199 | |||
400 | 200 | def test_copy_does_not_clobber(self): | ||
401 | 201 | # When the destination user already has some keys, copy_ssh_keys() | ||
402 | 202 | # adds to them; it does not remove them. | ||
403 | 203 | user1 = factory.make_user() | ||
404 | 204 | key1 = factory.make_sshkey(user1, get_ssh_key_string(1)) | ||
405 | 205 | user2 = factory.make_user() | ||
406 | 206 | key2 = factory.make_sshkey(user2, get_ssh_key_string(2)) | ||
407 | 207 | copy_ssh_keys(user1, user2) | ||
408 | 208 | user2s_ssh_keys = SSHKey.objects.filter(user=user2) | ||
409 | 209 | self.assertSetEqual( | ||
410 | 210 | {key1.key, key2.key}, | ||
411 | 211 | {ssh_key.key for ssh_key in user2s_ssh_keys}) | ||
412 | 212 | |||
413 | 213 | |||
414 | 214 | class TestGiveFileToUser(TestCase): | ||
415 | 215 | |||
416 | 216 | def test_give_unowned_file(self): | ||
417 | 217 | user = factory.make_user() | ||
418 | 218 | file = factory.make_file_storage(owner=None) | ||
419 | 219 | give_file_to_user(file, user) | ||
420 | 220 | self.assertEqual(user, file.owner) | ||
421 | 221 | |||
422 | 222 | def test_give_owned_file(self): | ||
423 | 223 | user1 = factory.make_user() | ||
424 | 224 | user2 = factory.make_user() | ||
425 | 225 | file = factory.make_file_storage(owner=user1) | ||
426 | 226 | give_file_to_user(file, user2) | ||
427 | 227 | self.assertEqual(user2, file.owner) | ||
428 | 228 | |||
429 | 229 | def test_file_saved(self): | ||
430 | 230 | user = factory.make_user() | ||
431 | 231 | file = factory.make_file_storage(owner=None) | ||
432 | 232 | save = self.patch(file, "save") | ||
433 | 233 | give_file_to_user(file, user) | ||
434 | 234 | save.assert_called_once() | ||
435 | 235 | |||
436 | 236 | |||
437 | 237 | class TestGiveCredentialsToUser(TestCase): | ||
438 | 238 | |||
439 | 239 | def test_give(self): | ||
440 | 240 | user1 = factory.make_user() | ||
441 | 241 | user2 = factory.make_user() | ||
442 | 242 | profile = user1.get_profile() | ||
443 | 243 | consumer, token = profile.create_authorisation_token() | ||
444 | 244 | give_api_credentials_to_user(user1, user2) | ||
445 | 245 | self.assertEqual(user2, reload_object(consumer).user) | ||
446 | 246 | self.assertEqual(user2, reload_object(token).user) | ||
447 | 247 | |||
448 | 248 | |||
449 | 249 | class TestGiveNodeToUser(TestCase): | ||
450 | 250 | |||
451 | 251 | def test_give(self): | ||
452 | 252 | user1 = factory.make_user() | ||
453 | 253 | user2 = factory.make_user() | ||
454 | 254 | node = factory.make_node(owner=user1) | ||
455 | 255 | give_node_to_user(node, user2) | ||
456 | 256 | self.assertEqual(user2, reload_object(node).owner) | ||
457 | 257 | |||
458 | 258 | |||
459 | 259 | class TestMigrateToUser(TestCase): | ||
460 | 260 | |||
461 | 261 | def test_migrate(self): | ||
462 | 262 | # This is a mechanical test, to demonstrate that migrate_to_user() is | ||
463 | 263 | # wired up correctly: it should not really contain much logic because | ||
464 | 264 | # it is meant only as a convenient wrapper around other functions. | ||
465 | 265 | # Those functions are unit tested individually, and the overall | ||
466 | 266 | # behaviour of migrate() is tested too; this is another layer of | ||
467 | 267 | # verification. It's also a reminder not to stuff logic into | ||
468 | 268 | # migrate_to_user(); extract it into functions instead and unit test | ||
469 | 269 | # those. | ||
470 | 270 | |||
471 | 271 | # migrate_to_user() will give all unowned files to a specified user. | ||
472 | 272 | get_unowned_files = self.patch(migration, "get_unowned_files") | ||
473 | 273 | get_unowned_files.return_value = [sentinel.file1, sentinel.file2] | ||
474 | 274 | give_file_to_user = self.patch(migration, "give_file_to_user") | ||
475 | 275 | # migrate_to_user() will copy all SSH keys and give all API | ||
476 | 276 | # credentials belonging to node owners over to a specified user. | ||
477 | 277 | get_owned_nodes_owners = self.patch( | ||
478 | 278 | migration, "get_owned_nodes_owners") | ||
479 | 279 | get_owned_nodes_owners.return_value = [ | ||
480 | 280 | sentinel.node_owner1, sentinel.node_owner2] | ||
481 | 281 | copy_ssh_keys = self.patch(migration, "copy_ssh_keys") | ||
482 | 282 | give_api_credentials_to_user = self.patch( | ||
483 | 283 | migration, "give_api_credentials_to_user") | ||
484 | 284 | # migrate_to_user() will give all owned nodes to a specified user. | ||
485 | 285 | get_owned_nodes = self.patch(migration, "get_owned_nodes") | ||
486 | 286 | get_owned_nodes.return_value = [sentinel.node1, sentinel.node2] | ||
487 | 287 | give_node_to_user = self.patch(migration, "give_node_to_user") | ||
488 | 288 | |||
489 | 289 | migrate_to_user(sentinel.user) | ||
490 | 290 | |||
491 | 291 | # Each unowned file is given to the destination user one at a time. | ||
492 | 292 | get_unowned_files.assert_called_once() | ||
493 | 293 | self.assertEqual( | ||
494 | 294 | [call(sentinel.file1, sentinel.user), | ||
495 | 295 | call(sentinel.file2, sentinel.user)], | ||
496 | 296 | give_file_to_user.call_args_list) | ||
497 | 297 | # The SSH keys of each node owner are copied to the destination user, | ||
498 | 298 | # one at a time, and the credentials of these users are given to the | ||
499 | 299 | # destination user. | ||
500 | 300 | get_owned_nodes_owners.assert_called_once() | ||
501 | 301 | self.assertEqual( | ||
502 | 302 | [call(sentinel.node_owner1, sentinel.user), | ||
503 | 303 | call(sentinel.node_owner2, sentinel.user)], | ||
504 | 304 | copy_ssh_keys.call_args_list) | ||
505 | 305 | self.assertEqual( | ||
506 | 306 | [call(sentinel.node_owner1, sentinel.user), | ||
507 | 307 | call(sentinel.node_owner2, sentinel.user)], | ||
508 | 308 | give_api_credentials_to_user.call_args_list) | ||
509 | 309 | # Each owned node is given to the destination user one at a time. | ||
510 | 310 | get_owned_nodes.assert_called_once() | ||
511 | 311 | self.assertEqual( | ||
512 | 312 | [call(sentinel.node1, sentinel.user), | ||
513 | 313 | call(sentinel.node2, sentinel.user)], | ||
514 | 314 | give_node_to_user.call_args_list) | ||
515 | 315 | |||
516 | 316 | |||
517 | 317 | class TestMigrate(TestCase): | ||
518 | 318 | |||
519 | 319 | def test_migrate_runs_when_no_files_exist(self): | ||
520 | 320 | migrate() | ||
521 | 321 | |||
522 | 322 | def test_migrate_runs_when_no_unowned_files_exist(self): | ||
523 | 323 | factory.make_file_storage(owner=factory.make_user()) | ||
524 | 324 | migrate() | ||
525 | 325 | |||
526 | 326 | def test_migrate_all_files_to_single_user_when_only_one_user(self): | ||
527 | 327 | user = factory.make_user() | ||
528 | 328 | stored = factory.make_file_storage(owner=None) | ||
529 | 329 | migrate() | ||
530 | 330 | self.assertEqual(user, reload_object(stored).owner) | ||
531 | 331 | |||
532 | 332 | def test_migrate_all_files_to_new_legacy_user_when_multiple_users(self): | ||
533 | 333 | stored = factory.make_file_storage(owner=None) | ||
534 | 334 | user1 = factory.make_user() | ||
535 | 335 | user2 = factory.make_user() | ||
536 | 336 | migrate() | ||
537 | 337 | stored = reload_object(stored) | ||
538 | 338 | self.assertNotIn(stored.owner, {user1, user2, None}) | ||
539 | 339 | |||
540 | 340 | def test_migrate_all_nodes_to_new_legacy_user_when_multiple_users(self): | ||
541 | 341 | factory.make_file_storage(owner=None) | ||
542 | 342 | user1 = factory.make_user() | ||
543 | 343 | node1 = factory.make_node(owner=user1) | ||
544 | 344 | user2 = factory.make_user() | ||
545 | 345 | node2 = factory.make_node(owner=user2) | ||
546 | 346 | migrate() | ||
547 | 347 | self.assertNotIn(reload_object(node1).owner, {user1, user2, None}) | ||
548 | 348 | self.assertNotIn(reload_object(node2).owner, {user1, user2, None}) | ||
549 | 349 | |||
550 | 350 | def test_migrate_all_nodes_to_bootstrap_owner_when_multiple_users(self): | ||
551 | 351 | user1 = factory.make_user() | ||
552 | 352 | node1 = factory.make_node(owner=user1) | ||
553 | 353 | user2 = factory.make_user() | ||
554 | 354 | node2 = factory.make_node(owner=user2) | ||
555 | 355 | make_provider_state_file(node1) | ||
556 | 356 | migrate() | ||
557 | 357 | self.assertEqual( | ||
558 | 358 | (user1, user1), | ||
559 | 359 | (reload_object(node1).owner, | ||
560 | 360 | reload_object(node2).owner)) | ||
561 | 361 | |||
562 | 362 | def test_migrate_ancillary_data_to_legacy_user_when_multiple_users(self): | ||
563 | 363 | factory.make_file_storage(owner=None) | ||
564 | 364 | # Create two users, both with API credentials, an SSH key and a node. | ||
565 | 365 | user1 = factory.make_user() | ||
566 | 366 | consumer1, token1 = user1.get_profile().create_authorisation_token() | ||
567 | 367 | key1 = factory.make_sshkey(user1, get_ssh_key_string(1)) | ||
568 | 368 | node1 = factory.make_node(owner=user1) | ||
569 | 369 | user2 = factory.make_user() | ||
570 | 370 | consumer2, token2 = user2.get_profile().create_authorisation_token() | ||
571 | 371 | key2 = factory.make_sshkey(user2, get_ssh_key_string(2)) | ||
572 | 372 | node2 = factory.make_node(owner=user2) | ||
573 | 373 | migrate() | ||
574 | 374 | # The SSH keys have been copied to the legacy user. | ||
575 | 375 | legacy_user = get_legacy_user() | ||
576 | 376 | legacy_users_ssh_keys = get_ssh_keys(legacy_user) | ||
577 | 377 | self.assertSetEqual({key1.key, key2.key}, set(legacy_users_ssh_keys)) | ||
578 | 378 | # The API credentials have been moved to the legacy user. | ||
579 | 379 | legacy_users_nodes = Node.objects.filter(owner=legacy_user) | ||
580 | 380 | self.assertSetEqual({node1, node2}, set(legacy_users_nodes)) | ||
581 | 381 | self.assertEqual( | ||
582 | 382 | (legacy_user, legacy_user, legacy_user, legacy_user), | ||
583 | 383 | (reload_object(consumer1).user, reload_object(token1).user, | ||
584 | 384 | reload_object(consumer2).user, reload_object(token2).user)) | ||
585 | 0 | 385 | ||
586 | === modified file 'src/maasserver/tests/data/test_rsa0.pub' | |||
587 | --- src/maasserver/tests/data/test_rsa0.pub 2012-04-06 09:52:45 +0000 | |||
588 | +++ src/maasserver/tests/data/test_rsa0.pub 2013-03-06 17:48:23 +0000 | |||
589 | @@ -1,1 +1,1 @@ | |||
591 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdrzzDZNwyMVBvBTT6kBnrfPZv/AUbkxj7G5CaMTdw6xkKthV22EntD3lxaQxRKzQTfCc2d/CC1K4ushCcRs1S6SQ2zJ2jDq1UmOUkDMgvNh4JVhJYSKc6mu8i3s7oGSmBado5wvtlpSzMrscOpf8Qe/wmT5fH12KB9ipJqoFNQMVbVcVarE/v6wpn3GZC62YRb5iaz9/M+t92Qhu50W2u+KfouqtKB2lwIDDKZMww38ExtdMouh2FZpxaoh4Uey5bRp3tM3JgnWcX6fyUOp2gxJRPIlD9rrZhX5IkEkZM8MQbdPTQLgIf98oFph5RG6w1t02BvI9nJKM7KkKEfBHt ubuntu@server-7476 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdrzzDZNwyMVBvBTT6kBnrfPZv/AUbkxj7G5CaMTdw6xkKthV22EntD3lxaQxRKzQTfCc2d/CC1K4ushCcRs1S6SQ2zJ2jDq1UmOUkDMgvNh4JVhJYSKc6mu8i3s7oGSmBado5wvtlpSzMrscOpf8Qe/wmT5fH12KB9ipJqoFNQMVbVcVarE/v6wpn3GZC62YRb5iaz9/M+t92Qhu50W2u+KfouqtKB2lwIDDKZMww38ExtdMouh2FZpxaoh4Uey5bRp3tM3JgnWcX6fyUOp2gxJRPIlD9rrZhX5IkEkZM8MQbdPTQLgIf98oFph5RG6w1t02BvI9nJKM7KkKEfBHt ubuntu@test_rsa0.pub |
592 | 2 | 2 | ||
593 | === modified file 'src/maasserver/tests/data/test_rsa1.pub' | |||
594 | --- src/maasserver/tests/data/test_rsa1.pub 2012-04-06 09:52:45 +0000 | |||
595 | +++ src/maasserver/tests/data/test_rsa1.pub 2013-03-06 17:48:23 +0000 | |||
596 | @@ -1,1 +1,1 @@ | |||
598 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6Gkj1y8/0T7q/FqBSr9xRBO9GzT+JeoWNXaqhUBg179Zd53XM4qblVwz/rsMa70te8CYNIFU+GbcNY1tNCo78NlHjQA8H98COnbVWKxvABECHrJ8nbYB4lWH9wI8/uvR0um6yUb/tZYbiSqnQxhoGAF/uQQfhqzc+tc7uTjnsa6krrNqQCdpFbAVVy+vZzvcJl6CX8nu5uJ8jedWfXOZJFcQPH+VwkUT0oV+1zVeLpE4LFkRO52JrC9Dy1xgrYM0EhcrShBdD1GQx9IXdW4Z9PIaVcq/y4Qv574yHMvi+6hwG6xpCtRXmy0lG0LiG60c1yOredkO6U0MJIVbeZ/+r ubuntu@server-7493 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6Gkj1y8/0T7q/FqBSr9xRBO9GzT+JeoWNXaqhUBg179Zd53XM4qblVwz/rsMa70te8CYNIFU+GbcNY1tNCo78NlHjQA8H98COnbVWKxvABECHrJ8nbYB4lWH9wI8/uvR0um6yUb/tZYbiSqnQxhoGAF/uQQfhqzc+tc7uTjnsa6krrNqQCdpFbAVVy+vZzvcJl6CX8nu5uJ8jedWfXOZJFcQPH+VwkUT0oV+1zVeLpE4LFkRO52JrC9Dy1xgrYM0EhcrShBdD1GQx9IXdW4Z9PIaVcq/y4Qv574yHMvi+6hwG6xpCtRXmy0lG0LiG60c1yOredkO6U0MJIVbeZ/+r ubuntu@test_rsa1.pub |
599 | 2 | 2 | ||
600 | === modified file 'src/maasserver/tests/data/test_rsa2.pub' | |||
601 | --- src/maasserver/tests/data/test_rsa2.pub 2012-04-06 09:52:45 +0000 | |||
602 | +++ src/maasserver/tests/data/test_rsa2.pub 2013-03-06 17:48:23 +0000 | |||
603 | @@ -1,1 +1,1 @@ | |||
605 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVdMk4Q+13uUvXjb6iU+oB2Auk0HpaILZ8Pw/V63PTJ+QXtEp0vTe6DEvr9uF2vl6tF+AosiG4krEwqBNGx/h8MmFO7BgNTxn9eU2VwfHzmQ2nqkXHsXgp66cNT0Yd0nfvVV/fsMpKN9fUaYrXjAlFxvC9iQ33Rp6vj/X+oqDvYf3xZjbuZy+BxdJnmiTAJcFouTyrdy1Em1EZITq5M4EXw93/O2vAPYSFPAeELBE+mIMJxOCY1Fm101oAqO0qof3Rb2hZxc2WINjmqZIxoi+sviU0ny/dIFknhYEg1Xh2hObPn0nN5+4VHjBTdRmpRXqggotc53sYC5udVmFsW8B ubuntu@server-7493 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVdMk4Q+13uUvXjb6iU+oB2Auk0HpaILZ8Pw/V63PTJ+QXtEp0vTe6DEvr9uF2vl6tF+AosiG4krEwqBNGx/h8MmFO7BgNTxn9eU2VwfHzmQ2nqkXHsXgp66cNT0Yd0nfvVV/fsMpKN9fUaYrXjAlFxvC9iQ33Rp6vj/X+oqDvYf3xZjbuZy+BxdJnmiTAJcFouTyrdy1Em1EZITq5M4EXw93/O2vAPYSFPAeELBE+mIMJxOCY1Fm101oAqO0qof3Rb2hZxc2WINjmqZIxoi+sviU0ny/dIFknhYEg1Xh2hObPn0nN5+4VHjBTdRmpRXqggotc53sYC5udVmFsW8B ubuntu@test_rsa2.pub |
606 | 2 | 2 | ||
607 | === modified file 'src/maasserver/tests/data/test_rsa3.pub' | |||
608 | --- src/maasserver/tests/data/test_rsa3.pub 2012-04-06 09:52:45 +0000 | |||
609 | +++ src/maasserver/tests/data/test_rsa3.pub 2013-03-06 17:48:23 +0000 | |||
610 | @@ -1,1 +1,1 @@ | |||
612 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDai2ir5yxckoYTHUbFL6pe01Kx+Dy6nw9p7LhFaBixUOh8G7eIgFBguYcir2ZKBfM/lbTnW+MSiGF2VMlXX0+X9Ux2iwPSJa2wIA7Cc5prCz/RnMRKQ+2S1JJuORoi8tDI0p1R0sGWMXCwaj30oRN0THWz884+d3YlDD/O39h74gnLNEx/TQig/r/Aev3VfeKO6dlbbX81vSad2JVncislyMq1TgJdhn2/JI8t+LW0xVc6ZgQr94YB2M2DNjFSisP2vDrV5LWM+IqiF8T/YHkcSsANr8WWvZWa79uHyRBU3xr2qZZqMjMVL0B/NOJYXyGBIJ7HQnlVLmqFenKl8ZtL ubuntu@server-7493 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDai2ir5yxckoYTHUbFL6pe01Kx+Dy6nw9p7LhFaBixUOh8G7eIgFBguYcir2ZKBfM/lbTnW+MSiGF2VMlXX0+X9Ux2iwPSJa2wIA7Cc5prCz/RnMRKQ+2S1JJuORoi8tDI0p1R0sGWMXCwaj30oRN0THWz884+d3YlDD/O39h74gnLNEx/TQig/r/Aev3VfeKO6dlbbX81vSad2JVncislyMq1TgJdhn2/JI8t+LW0xVc6ZgQr94YB2M2DNjFSisP2vDrV5LWM+IqiF8T/YHkcSsANr8WWvZWa79uHyRBU3xr2qZZqMjMVL0B/NOJYXyGBIJ7HQnlVLmqFenKl8ZtL ubuntu@test_rsa3.pub |
613 | 2 | 2 | ||
614 | === modified file 'src/maasserver/tests/data/test_rsa4.pub' | |||
615 | --- src/maasserver/tests/data/test_rsa4.pub 2012-04-06 09:52:45 +0000 | |||
616 | +++ src/maasserver/tests/data/test_rsa4.pub 2013-03-06 17:48:23 +0000 | |||
617 | @@ -1,1 +1,1 @@ | |||
619 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNDA4vXVTxHuKikIXeA6/K/X7hKpJcOJV0HcXUHlSNa9phNW0f8vbci+BxcLAqIz/U+BPiQ9lCxz7so+qCTFrM4poOdkTyup8VUxUqntiaxgiCJZ1of+eMe39+S9XQk6RogiCpExanhD9xPLkK/mLr5phnQwDjEDJwD4OOF0rYsbYoqje/0Pd+Tm0PIepq/qwsu5PAKPJU8dfnp8BWLCuIJ+DA2lfRUjmxWwLczfM/4hu1bZlYp1mzJJgMIOY92/pUToYxvBiIiKs3qWh6HC5Vxo5Vz4w5WLnTnIPDvpYBvWj8LGXJwHuhqlzed2icwPk8krip2BzwsHotru3UXtKf ubuntu@server-7493 | 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNDA4vXVTxHuKikIXeA6/K/X7hKpJcOJV0HcXUHlSNa9phNW0f8vbci+BxcLAqIz/U+BPiQ9lCxz7so+qCTFrM4poOdkTyup8VUxUqntiaxgiCJZ1of+eMe39+S9XQk6RogiCpExanhD9xPLkK/mLr5phnQwDjEDJwD4OOF0rYsbYoqje/0Pd+Tm0PIepq/qwsu5PAKPJU8dfnp8BWLCuIJ+DA2lfRUjmxWwLczfM/4hu1bZlYp1mzJJgMIOY92/pUToYxvBiIiKs3qWh6HC5Vxo5Vz4w5WLnTnIPDvpYBvWj8LGXJwHuhqlzed2icwPk8krip2BzwsHotru3UXtKf ubuntu@test_rsa4.pub |
620 | 2 | 2 | ||
621 | === modified file 'src/maasserver/tests/test_sshkey.py' | |||
622 | --- src/maasserver/tests/test_sshkey.py 2012-05-29 10:24:47 +0000 | |||
623 | +++ src/maasserver/tests/test_sshkey.py 2013-03-06 17:48:23 +0000 | |||
624 | @@ -226,7 +226,7 @@ | |||
625 | 226 | key = SSHKey(key=key_string, user=user) | 226 | key = SSHKey(key=key_string, user=user) |
626 | 227 | display = key.display_html() | 227 | display = key.display_html() |
627 | 228 | self.assertEqual( | 228 | self.assertEqual( |
629 | 229 | 'ssh-rsa AAAAB3NzaC1yc2E… ubuntu@server-7476', display) | 229 | 'ssh-rsa AAAAB3NzaC1yc… ubuntu@test_rsa0.pub', display) |
630 | 230 | 230 | ||
631 | 231 | def test_sshkey_display_is_marked_as_HTML_safe(self): | 231 | def test_sshkey_display_is_marked_as_HTML_safe(self): |
632 | 232 | key_string = get_data('data/test_rsa0.pub') | 232 | key_string = get_data('data/test_rsa0.pub') |