Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 76f33d89db6f2a395c19b94d6ed1c11a6476aa89 / . / tempest / common / isolated_creds.py
blob: b2edfee09c116f2eb5513b19e7764dbbdfc8d636 [file] [log] [blame]
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]1# Copyright 2013 IBM Corp.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]15import netaddr
16
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]17from tempest import auth
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]18from tempest import clients
Marc Kodererd2690fe2014-07-16 14:17:47 +0200[diff] [blame]19from tempest.common import cred_provider
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]20from tempest.common.utils import data_utils
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]21from tempest import config
22from tempest import exceptions
23from tempest.openstack.common import log as logging
24
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]25CONF = config.CONF
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]26LOG = logging.getLogger(__name__)
27
28
Marc Kodererd2690fe2014-07-16 14:17:47 +0200[diff] [blame]29class IsolatedCreds(cred_provider.CredentialProvider):
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]30
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]31 def __init__(self, name, interface='json', password='pass',
32 network_resources=None):
33 super(IsolatedCreds, self).__init__(name, interface, password,
34 network_resources)
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]35 self.network_resources = network_resources
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]36 self.isolated_creds = {}
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]37 self.isolated_net_resources = {}
38 self.ports = []
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]39 self.interface = interface
40 self.password = password
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]41 self.identity_admin_client, self.network_admin_client = (
42 self._get_admin_clients())
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]43
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]44 def _get_admin_clients(self):
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]45 """
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]46 Returns a tuple with instances of the following admin clients (in this
47 order):
48 identity
49 network
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]50 """
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]51 os = clients.AdminManager(interface=self.interface)
Andrea Frittoli422fbdf2014-03-20 10:05:18 +0000[diff] [blame]52 return os.identity_client, os.network_client
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]53
54 def _create_tenant(self, name, description):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]55 _, tenant = self.identity_admin_client.create_tenant(
56 name=name, description=description)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]57 return tenant
58
59 def _get_tenant_by_name(self, name):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]60 _, tenant = self.identity_admin_client.get_tenant_by_name(name)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]61 return tenant
62
63 def _create_user(self, username, password, tenant, email):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]64 _, user = self.identity_admin_client.create_user(
65 username, password, tenant['id'], email)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]66 return user
67
68 def _get_user(self, tenant, username):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]69 _, user = self.identity_admin_client.get_user_by_username(
70 tenant['id'], username)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]71 return user
72
73 def _list_roles(self):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]74 _, roles = self.identity_admin_client.list_roles()
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]75 return roles
76
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]77 def _assign_user_role(self, tenant, user, role_name):
78 role = None
79 try:
80 roles = self._list_roles()
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]81 role = next(r for r in roles if r['name'] == role_name)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]82 except StopIteration:
83 msg = 'No "%s" role found' % role_name
84 raise exceptions.NotFound(msg)
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]85 self.identity_admin_client.assign_user_role(tenant['id'], user['id'],
86 role['id'])
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]87
88 def _delete_user(self, user):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]89 self.identity_admin_client.delete_user(user)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]90
91 def _delete_tenant(self, tenant):
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]92 if CONF.service_available.neutron:
93 self._cleanup_default_secgroup(tenant)
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]94 self.identity_admin_client.delete_tenant(tenant)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]95
Sean Dague6969b902014-01-28 06:48:37 -0500[diff] [blame]96 def _create_creds(self, suffix="", admin=False):
97 """Create random credentials under the following schema.
98
99 If the name contains a '.' is the full class path of something, and
100 we don't really care. If it isn't, it's probably a meaningful name,
101 so use it.
102
103 For logging purposes, -user and -tenant are long and redundant,
104 don't use them. The user# will be sufficient to figure it out.
105 """
106 if '.' in self.name:
107 root = ""
108 else:
109 root = self.name
110
111 tenant_name = data_utils.rand_name(root) + suffix
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]112 tenant_desc = tenant_name + "-desc"
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]113 tenant = self._create_tenant(name=tenant_name,
114 description=tenant_desc)
Sean Dague6969b902014-01-28 06:48:37 -0500[diff] [blame]115
116 username = data_utils.rand_name(root) + suffix
117 email = data_utils.rand_name(root) + suffix + "@example.com"
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]118 user = self._create_user(username, self.password,
119 tenant, email)
Sergey Shnaidman37099612014-07-10 09:43:41 +0400[diff] [blame]120 if CONF.service_available.swift:
121 # NOTE(andrey-mp): user needs this role to create containers
122 # in swift
123 swift_operator_role = CONF.object_storage.operator_role
124 self._assign_user_role(tenant, user, swift_operator_role)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]125 if admin:
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]126 self._assign_user_role(tenant, user, CONF.identity.admin_role)
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]127 return self._get_credentials(user, tenant)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]128
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]129 def _get_credentials(self, user, tenant):
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]130 return auth.get_credentials(
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]131 username=user['name'], user_id=user['id'],
132 tenant_name=tenant['name'], tenant_id=tenant['id'],
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]133 password=self.password)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]134
135 def _create_network_resources(self, tenant_id):
136 network = None
137 subnet = None
138 router = None
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]139 # Make sure settings
140 if self.network_resources:
141 if self.network_resources['router']:
142 if (not self.network_resources['subnet'] or
143 not self.network_resources['network']):
144 raise exceptions.InvalidConfiguration(
145 'A router requires a subnet and network')
146 elif self.network_resources['subnet']:
147 if not self.network_resources['network']:
148 raise exceptions.InvalidConfiguration(
149 'A subnet requires a network')
150 elif self.network_resources['dhcp']:
151 raise exceptions.InvalidConfiguration('DHCP requires a subnet')
152
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]153 data_utils.rand_name_root = data_utils.rand_name(self.name)
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]154 if not self.network_resources or self.network_resources['network']:
155 network_name = data_utils.rand_name_root + "-network"
156 network = self._create_network(network_name, tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]157 try:
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]158 if not self.network_resources or self.network_resources['subnet']:
159 subnet_name = data_utils.rand_name_root + "-subnet"
160 subnet = self._create_subnet(subnet_name, tenant_id,
161 network['id'])
162 if not self.network_resources or self.network_resources['router']:
163 router_name = data_utils.rand_name_root + "-router"
164 router = self._create_router(router_name, tenant_id)
165 self._add_router_interface(router['id'], subnet['id'])
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]166 except Exception:
167 if router:
168 self._clear_isolated_router(router['id'], router['name'])
169 if subnet:
170 self._clear_isolated_subnet(subnet['id'], subnet['name'])
171 if network:
172 self._clear_isolated_network(network['id'], network['name'])
173 raise
174 return network, subnet, router
175
176 def _create_network(self, name, tenant_id):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]177 _, resp_body = self.network_admin_client.create_network(
178 name=name, tenant_id=tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]179 return resp_body['network']
180
181 def _create_subnet(self, subnet_name, tenant_id, network_id):
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]182 base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
183 mask_bits = CONF.network.tenant_network_mask_bits
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]184 for subnet_cidr in base_cidr.subnet(mask_bits):
185 try:
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]186 if self.network_resources:
187 _, resp_body = self.network_admin_client.\
188 create_subnet(
189 network_id=network_id, cidr=str(subnet_cidr),
190 name=subnet_name,
191 tenant_id=tenant_id,
192 enable_dhcp=self.network_resources['dhcp'],
193 ip_version=4)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]194 else:
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]195 _, resp_body = self.network_admin_client.\
196 create_subnet(network_id=network_id,
197 cidr=str(subnet_cidr),
198 name=subnet_name,
199 tenant_id=tenant_id,
200 ip_version=4)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]201 break
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]202 except exceptions.BadRequest as e:
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]203 if 'overlaps with another subnet' not in str(e):
204 raise
205 else:
206 e = exceptions.BuildErrorException()
207 e.message = 'Available CIDR for subnet creation could not be found'
208 raise e
209 return resp_body['subnet']
210
211 def _create_router(self, router_name, tenant_id):
212 external_net_id = dict(
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]213 network_id=CONF.network.public_network_id)
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]214 _, resp_body = self.network_admin_client.create_router(
215 router_name,
216 external_gateway_info=external_net_id,
217 tenant_id=tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]218 return resp_body['router']
219
220 def _add_router_interface(self, router_id, subnet_id):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]221 self.network_admin_client.add_router_interface_with_subnet_id(
222 router_id, subnet_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]223
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]224 def get_primary_network(self):
225 return self.isolated_net_resources.get('primary')[0]
226
227 def get_primary_subnet(self):
228 return self.isolated_net_resources.get('primary')[1]
229
230 def get_primary_router(self):
231 return self.isolated_net_resources.get('primary')[2]
232
233 def get_admin_network(self):
234 return self.isolated_net_resources.get('admin')[0]
235
236 def get_admin_subnet(self):
237 return self.isolated_net_resources.get('admin')[1]
238
239 def get_admin_router(self):
240 return self.isolated_net_resources.get('admin')[2]
241
242 def get_alt_network(self):
243 return self.isolated_net_resources.get('alt')[0]
244
245 def get_alt_subnet(self):
246 return self.isolated_net_resources.get('alt')[1]
247
248 def get_alt_router(self):
249 return self.isolated_net_resources.get('alt')[2]
250
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]251 def get_credentials(self, credential_type):
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]252 if self.isolated_creds.get(credential_type):
253 credentials = self.isolated_creds[credential_type]
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]254 else:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]255 is_admin = (credential_type == 'admin')
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]256 credentials = self._create_creds(admin=is_admin)
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]257 self.isolated_creds[credential_type] = credentials
258 # Maintained until tests are ported
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]259 LOG.info("Acquired isolated creds:\n credentials: %s"
260 % credentials)
Adam Gandelman85395e72014-07-29 18:34:33 -0700[diff] [blame]261 if (CONF.service_available.neutron and
262 not CONF.baremetal.driver_enabled):
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]263 network, subnet, router = self._create_network_resources(
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]264 credentials.tenant_id)
265 self.isolated_net_resources[credential_type] = (
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]266 network, subnet, router,)
267 LOG.info("Created isolated network resources for : \n"
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]268 + " credentials: %s" % credentials)
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]269 return credentials
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]270
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]271 def get_primary_creds(self):
272 return self.get_credentials('primary')
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]273
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]274 def get_admin_creds(self):
275 return self.get_credentials('admin')
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]276
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]277 def get_alt_creds(self):
278 return self.get_credentials('alt')
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]279
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]280 def _clear_isolated_router(self, router_id, router_name):
281 net_client = self.network_admin_client
282 try:
283 net_client.delete_router(router_id)
284 except exceptions.NotFound:
285 LOG.warn('router with name: %s not found for delete' %
286 router_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]287
288 def _clear_isolated_subnet(self, subnet_id, subnet_name):
289 net_client = self.network_admin_client
290 try:
291 net_client.delete_subnet(subnet_id)
292 except exceptions.NotFound:
293 LOG.warn('subnet with name: %s not found for delete' %
294 subnet_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]295
296 def _clear_isolated_network(self, network_id, network_name):
297 net_client = self.network_admin_client
298 try:
299 net_client.delete_network(network_id)
300 except exceptions.NotFound:
301 LOG.warn('network with name: %s not found for delete' %
302 network_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]303
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]304 def _cleanup_default_secgroup(self, tenant):
305 net_client = self.network_admin_client
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]306 _, resp_body = net_client.list_security_groups(tenant_id=tenant,
307 name="default")
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]308 secgroups_to_delete = resp_body['security_groups']
309 for secgroup in secgroups_to_delete:
310 try:
311 net_client.delete_security_group(secgroup['id'])
312 except exceptions.NotFound:
313 LOG.warn('Security group %s, id %s not found for clean-up' %
314 (secgroup['name'], secgroup['id']))
315
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]316 def _clear_isolated_net_resources(self):
317 net_client = self.network_admin_client
318 for cred in self.isolated_net_resources:
319 network, subnet, router = self.isolated_net_resources.get(cred)
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]320 LOG.debug("Clearing network: %(network)s, "
321 "subnet: %(subnet)s, router: %(router)s",
322 {'network': network, 'subnet': subnet, 'router': router})
323 if (not self.network_resources or
324 self.network_resources.get('router')):
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]325 try:
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]326 net_client.remove_router_interface_with_subnet_id(
327 router['id'], subnet['id'])
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]328 except exceptions.NotFound:
329 LOG.warn('router with name: %s not found for delete' %
330 router['name'])
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]331 self._clear_isolated_router(router['id'], router['name'])
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]332 if (not self.network_resources or
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]333 self.network_resources.get('subnet')):
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]334 self._clear_isolated_subnet(subnet['id'], subnet['name'])
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]335 if (not self.network_resources or
336 self.network_resources.get('network')):
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]337 self._clear_isolated_network(network['id'], network['name'])
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]338
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]339 def clear_isolated_creds(self):
340 if not self.isolated_creds:
341 return
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]342 self._clear_isolated_net_resources()
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]343 for creds in self.isolated_creds.itervalues():
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]344 try:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]345 self._delete_user(creds.user_id)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]346 except exceptions.NotFound:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]347 LOG.warn("user with name: %s not found for delete" %
348 creds.username)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]349 try:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]350 self._delete_tenant(creds.tenant_id)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]351 except exceptions.NotFound:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]352 LOG.warn("tenant with name: %s not found for delete" %
353 creds.tenant_name)