Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / ce308f58ea671f4c1389213b3bdef53bc26a3c8e / . / tempest / common / isolated_creds.py
blob: 6dca3a35d0d240cccbc1a666eb33fd8df52a36cd [file] [log] [blame]
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]1# Copyright 2013 IBM Corp.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]15import abc
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]16import netaddr
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]17from oslo_log import log as logging
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]18import six
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]19from tempest_lib import exceptions as lib_exc
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]20
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]21from tempest import clients
Marc Kodererd2690fe2014-07-16 14:17:47 +0200[diff] [blame]22from tempest.common import cred_provider
Andrea Frittoli (andreaf)8def7ca2015-05-13 14:24:19 +0100[diff] [blame]23from tempest.common.utils import data_utils
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]24from tempest import config
25from tempest import exceptions
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]26from tempest.services.identity.v2.json import identity_client as v2_identity
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]27
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]28CONF = config.CONF
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]29LOG = logging.getLogger(__name__)
30
31
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]32@six.add_metaclass(abc.ABCMeta)
33class CredsClient(object):
34 """This class is a wrapper around the identity clients, to provide a
35 single interface for managing credentials in both v2 and v3 cases.
36 It's not bound to created credentials, only to a specific set of admin
37 credentials used for generating credentials.
38 """
39
40 def __init__(self, identity_client):
41 # The client implies version and credentials
42 self.identity_client = identity_client
43 self.credentials = self.identity_client.auth_provider.credentials
44
45 def create_user(self, username, password, project, email):
46 user = self.identity_client.create_user(
47 username, password, project['id'], email)
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]48 if 'user' in user:
49 user = user['user']
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]50 return user
51
52 @abc.abstractmethod
53 def create_project(self, name, description):
54 pass
55
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]56 def _check_role_exists(self, role_name):
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]57 try:
58 roles = self._list_roles()
59 role = next(r for r in roles if r['name'] == role_name)
60 except StopIteration:
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]61 return None
62 return role
63
64 def create_user_role(self, role_name):
65 if not self._check_role_exists(role_name):
66 self.identity_client.create_role(role_name)
67
68 def assign_user_role(self, user, project, role_name):
69 role = self._check_role_exists(role_name)
70 if not role:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]71 msg = 'No "%s" role found' % role_name
72 raise lib_exc.NotFound(msg)
73 try:
74 self.identity_client.assign_user_role(project['id'], user['id'],
75 role['id'])
76 except lib_exc.Conflict:
77 LOG.debug("Role %s already assigned on project %s for user %s" % (
78 role['id'], project['id'], user['id']))
79
80 @abc.abstractmethod
81 def get_credentials(self, user, project, password):
82 pass
83
84 def delete_user(self, user_id):
85 self.identity_client.delete_user(user_id)
86
87 def _list_roles(self):
88 roles = self.identity_client.list_roles()
89 return roles
90
91
92class V2CredsClient(CredsClient):
93
94 def create_project(self, name, description):
95 tenant = self.identity_client.create_tenant(
96 name=name, description=description)
97 return tenant
98
99 def get_credentials(self, user, project, password):
100 return cred_provider.get_credentials(
101 identity_version='v2',
102 username=user['name'], user_id=user['id'],
103 tenant_name=project['name'], tenant_id=project['id'],
104 password=password)
105
106 def delete_project(self, project_id):
107 self.identity_client.delete_tenant(project_id)
108
109
110class V3CredsClient(CredsClient):
111
112 def __init__(self, identity_client, domain_name):
113 super(V3CredsClient, self).__init__(identity_client)
114 try:
115 # Domain names must be unique, in any case a list is returned,
116 # selecting the first (and only) element
117 self.creds_domain = self.identity_client.list_domains(
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]118 params={'name': domain_name})['domains'][0]
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]119 except lib_exc.NotFound:
120 # TODO(andrea) we could probably create the domain on the fly
121 msg = "Configured domain %s could not be found" % domain_name
122 raise exceptions.InvalidConfiguration(msg)
123
124 def create_project(self, name, description):
125 project = self.identity_client.create_project(
126 name=name, description=description,
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]127 domain_id=self.creds_domain['id'])['project']
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]128 return project
129
130 def get_credentials(self, user, project, password):
131 return cred_provider.get_credentials(
132 identity_version='v3',
133 username=user['name'], user_id=user['id'],
134 project_name=project['name'], project_id=project['id'],
135 password=password,
136 project_domain_name=self.creds_domain['name'])
137
138 def delete_project(self, project_id):
139 self.identity_client.delete_project(project_id)
140
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]141 def _list_roles(self):
142 roles = self.identity_client.list_roles()['roles']
143 return roles
144
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]145
146def get_creds_client(identity_client, project_domain_name=None):
Ken'ichi Ohmichia6287072015-07-02 02:43:15 +0000[diff] [blame]147 if isinstance(identity_client, v2_identity.IdentityClient):
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]148 return V2CredsClient(identity_client)
149 else:
150 return V3CredsClient(identity_client, project_domain_name)
151
152
Marc Kodererd2690fe2014-07-16 14:17:47 +0200[diff] [blame]153class IsolatedCreds(cred_provider.CredentialProvider):
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]154
LingxianKong9c713d22015-06-09 15:19:55 +0800[diff] [blame]155 def __init__(self, identity_version=None, name=None,
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]156 network_resources=None):
LingxianKong9c713d22015-06-09 15:19:55 +0800[diff] [blame]157 super(IsolatedCreds, self).__init__(identity_version, name,
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]158 network_resources)
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]159 self.network_resources = network_resources
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]160 self.isolated_creds = {}
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]161 self.ports = []
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]162 self.default_admin_creds = cred_provider.get_configured_credentials(
163 'identity_admin', fill_in=True,
164 identity_version=self.identity_version)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]165 self.identity_admin_client, self.network_admin_client = (
166 self._get_admin_clients())
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]167 # Domain where isolated credentials are provisioned (v3 only).
168 # Use that of the admin account is None is configured.
169 self.creds_domain_name = None
170 if self.identity_version == 'v3':
171 self.creds_domain_name = (
David Kranz87fc7e92015-07-28 14:05:20 -0400[diff] [blame]172 self.default_admin_creds.project_domain_name or
173 CONF.auth.default_credentials_domain_name)
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]174 self.creds_client = get_creds_client(
175 self.identity_admin_client, self.creds_domain_name)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]176
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]177 def _get_admin_clients(self):
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]178 """
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]179 Returns a tuple with instances of the following admin clients (in this
180 order):
181 identity
182 network
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]183 """
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]184 os = clients.Manager(self.default_admin_creds)
185 if self.identity_version == 'v2':
186 return os.identity_client, os.network_client
187 else:
188 return os.identity_v3_client, os.network_client
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]189
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]190 def _create_creds(self, suffix="", admin=False, roles=None):
Sean Dague6969b902014-01-28 06:48:37 -0500[diff] [blame]191 """Create random credentials under the following schema.
192
193 If the name contains a '.' is the full class path of something, and
194 we don't really care. If it isn't, it's probably a meaningful name,
195 so use it.
196
197 For logging purposes, -user and -tenant are long and redundant,
198 don't use them. The user# will be sufficient to figure it out.
199 """
200 if '.' in self.name:
201 root = ""
202 else:
203 root = self.name
204
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]205 project_name = data_utils.rand_name(root) + suffix
206 project_desc = project_name + "-desc"
207 project = self.creds_client.create_project(
208 name=project_name, description=project_desc)
Sean Dague6969b902014-01-28 06:48:37 -0500[diff] [blame]209
210 username = data_utils.rand_name(root) + suffix
LingxianKong9c713d22015-06-09 15:19:55 +0800[diff] [blame]211 user_password = data_utils.rand_password()
Sean Dague6969b902014-01-28 06:48:37 -0500[diff] [blame]212 email = data_utils.rand_name(root) + suffix + "@example.com"
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]213 user = self.creds_client.create_user(
LingxianKong9c713d22015-06-09 15:19:55 +0800[diff] [blame]214 username, user_password, project, email)
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]215 if 'user' in user:
216 user = user['user']
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]217 role_assigned = False
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]218 if admin:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]219 self.creds_client.assign_user_role(user, project,
220 CONF.identity.admin_role)
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]221 role_assigned = True
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]222 # Add roles specified in config file
223 for conf_role in CONF.auth.tempest_roles:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]224 self.creds_client.assign_user_role(user, project, conf_role)
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]225 role_assigned = True
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]226 # Add roles requested by caller
227 if roles:
228 for role in roles:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]229 self.creds_client.assign_user_role(user, project, role)
Matthew Treinish32f98a42015-07-14 19:58:46 -0400[diff] [blame]230 role_assigned = True
231 # NOTE(mtreinish) For a user to have access to a project with v3 auth
232 # it must beassigned a role on the project. So we need to ensure that
233 # our newly created user has a role on the newly created project.
234 if self.identity_version == 'v3' and not role_assigned:
235 self.creds_client.create_user_role('Member')
236 self.creds_client.assign_user_role(user, project, 'Member')
237
LingxianKong9c713d22015-06-09 15:19:55 +0800[diff] [blame]238 creds = self.creds_client.get_credentials(user, project, user_password)
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]239 return cred_provider.TestResources(creds)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]240
241 def _create_network_resources(self, tenant_id):
242 network = None
243 subnet = None
244 router = None
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]245 # Make sure settings
246 if self.network_resources:
247 if self.network_resources['router']:
248 if (not self.network_resources['subnet'] or
249 not self.network_resources['network']):
250 raise exceptions.InvalidConfiguration(
251 'A router requires a subnet and network')
252 elif self.network_resources['subnet']:
253 if not self.network_resources['network']:
254 raise exceptions.InvalidConfiguration(
255 'A subnet requires a network')
256 elif self.network_resources['dhcp']:
257 raise exceptions.InvalidConfiguration('DHCP requires a subnet')
258
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]259 data_utils.rand_name_root = data_utils.rand_name(self.name)
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]260 if not self.network_resources or self.network_resources['network']:
261 network_name = data_utils.rand_name_root + "-network"
262 network = self._create_network(network_name, tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]263 try:
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]264 if not self.network_resources or self.network_resources['subnet']:
265 subnet_name = data_utils.rand_name_root + "-subnet"
266 subnet = self._create_subnet(subnet_name, tenant_id,
267 network['id'])
268 if not self.network_resources or self.network_resources['router']:
269 router_name = data_utils.rand_name_root + "-router"
270 router = self._create_router(router_name, tenant_id)
271 self._add_router_interface(router['id'], subnet['id'])
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]272 except Exception:
273 if router:
274 self._clear_isolated_router(router['id'], router['name'])
275 if subnet:
276 self._clear_isolated_subnet(subnet['id'], subnet['name'])
277 if network:
278 self._clear_isolated_network(network['id'], network['name'])
279 raise
280 return network, subnet, router
281
282 def _create_network(self, name, tenant_id):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]283 resp_body = self.network_admin_client.create_network(
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]284 name=name, tenant_id=tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]285 return resp_body['network']
286
287 def _create_subnet(self, subnet_name, tenant_id, network_id):
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]288 base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
289 mask_bits = CONF.network.tenant_network_mask_bits
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]290 for subnet_cidr in base_cidr.subnet(mask_bits):
291 try:
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]292 if self.network_resources:
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]293 resp_body = self.network_admin_client.\
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]294 create_subnet(
295 network_id=network_id, cidr=str(subnet_cidr),
296 name=subnet_name,
297 tenant_id=tenant_id,
298 enable_dhcp=self.network_resources['dhcp'],
299 ip_version=4)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]300 else:
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]301 resp_body = self.network_admin_client.\
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]302 create_subnet(network_id=network_id,
303 cidr=str(subnet_cidr),
304 name=subnet_name,
305 tenant_id=tenant_id,
306 ip_version=4)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]307 break
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]308 except lib_exc.BadRequest as e:
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]309 if 'overlaps with another subnet' not in str(e):
310 raise
311 else:
David Kranzd4210412014-11-21 08:37:45 -0500[diff] [blame]312 message = 'Available CIDR for subnet creation could not be found'
313 raise Exception(message)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]314 return resp_body['subnet']
315
316 def _create_router(self, router_name, tenant_id):
317 external_net_id = dict(
Sean Dague86bd8422013-12-20 09:56:44 -0500[diff] [blame]318 network_id=CONF.network.public_network_id)
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]319 resp_body = self.network_admin_client.create_router(
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]320 router_name,
321 external_gateway_info=external_net_id,
322 tenant_id=tenant_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]323 return resp_body['router']
324
325 def _add_router_interface(self, router_id, subnet_id):
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]326 self.network_admin_client.add_router_interface_with_subnet_id(
327 router_id, subnet_id)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]328
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]329 def get_credentials(self, credential_type):
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]330 if self.isolated_creds.get(str(credential_type)):
331 credentials = self.isolated_creds[str(credential_type)]
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]332 else:
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]333 if credential_type in ['primary', 'alt', 'admin']:
334 is_admin = (credential_type == 'admin')
335 credentials = self._create_creds(admin=is_admin)
336 else:
337 credentials = self._create_creds(roles=credential_type)
338 self.isolated_creds[str(credential_type)] = credentials
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]339 # Maintained until tests are ported
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]340 LOG.info("Acquired isolated creds:\n credentials: %s"
341 % credentials)
Adam Gandelman85395e72014-07-29 18:34:33 -0700[diff] [blame]342 if (CONF.service_available.neutron and
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]343 not CONF.baremetal.driver_enabled and
344 CONF.auth.create_isolated_networks):
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]345 network, subnet, router = self._create_network_resources(
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]346 credentials.tenant_id)
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]347 credentials.set_resources(network=network, subnet=subnet,
348 router=router)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]349 LOG.info("Created isolated network resources for : \n"
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]350 + " credentials: %s" % credentials)
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]351 return credentials
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]352
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]353 def get_primary_creds(self):
354 return self.get_credentials('primary')
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]355
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]356 def get_admin_creds(self):
357 return self.get_credentials('admin')
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]358
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]359 def get_alt_creds(self):
360 return self.get_credentials('alt')
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]361
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]362 def get_creds_by_roles(self, roles, force_new=False):
363 roles = list(set(roles))
364 # The roles list as a str will become the index as the dict key for
365 # the created credentials set in the isolated_creds dict.
366 exist_creds = self.isolated_creds.get(str(roles))
367 # If force_new flag is True 2 cred sets with the same roles are needed
368 # handle this by creating a separate index for old one to store it
369 # separately for cleanup
370 if exist_creds and force_new:
371 new_index = str(roles) + '-' + str(len(self.isolated_creds))
372 self.isolated_creds[new_index] = exist_creds
373 del self.isolated_creds[str(roles)]
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]374 return self.get_credentials(roles)
375
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]376 def _clear_isolated_router(self, router_id, router_name):
377 net_client = self.network_admin_client
378 try:
379 net_client.delete_router(router_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]380 except lib_exc.NotFound:
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]381 LOG.warn('router with name: %s not found for delete' %
382 router_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]383
384 def _clear_isolated_subnet(self, subnet_id, subnet_name):
385 net_client = self.network_admin_client
386 try:
387 net_client.delete_subnet(subnet_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]388 except lib_exc.NotFound:
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]389 LOG.warn('subnet with name: %s not found for delete' %
390 subnet_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]391
392 def _clear_isolated_network(self, network_id, network_name):
393 net_client = self.network_admin_client
394 try:
395 net_client.delete_network(network_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]396 except lib_exc.NotFound:
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]397 LOG.warn('network with name: %s not found for delete' %
398 network_name)
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]399
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]400 def _cleanup_default_secgroup(self, tenant):
401 net_client = self.network_admin_client
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]402 resp_body = net_client.list_security_groups(tenant_id=tenant,
403 name="default")
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]404 secgroups_to_delete = resp_body['security_groups']
405 for secgroup in secgroups_to_delete:
406 try:
407 net_client.delete_security_group(secgroup['id'])
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]408 except lib_exc.NotFound:
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]409 LOG.warn('Security group %s, id %s not found for clean-up' %
410 (secgroup['name'], secgroup['id']))
411
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]412 def _clear_isolated_net_resources(self):
413 net_client = self.network_admin_client
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]414 for cred in self.isolated_creds:
415 creds = self.isolated_creds.get(cred)
416 if (not creds or not any([creds.router, creds.network,
417 creds.subnet])):
418 continue
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]419 LOG.debug("Clearing network: %(network)s, "
Matthew Treinishfe094ea2014-12-09 01:19:27 +0000[diff] [blame]420 "subnet: %(subnet)s, router: %(router)s",
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]421 {'network': creds.network, 'subnet': creds.subnet,
422 'router': creds.router})
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]423 if (not self.network_resources or
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]424 (self.network_resources.get('router') and creds.subnet)):
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]425 try:
Andrea Frittoliae9aca02014-09-25 11:43:11 +0100[diff] [blame]426 net_client.remove_router_interface_with_subnet_id(
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]427 creds.router['id'], creds.subnet['id'])
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]428 except lib_exc.NotFound:
Matthew Treinish9f756a02014-01-15 10:26:07 -0500[diff] [blame]429 LOG.warn('router with name: %s not found for delete' %
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]430 creds.router['name'])
431 self._clear_isolated_router(creds.router['id'],
432 creds.router['name'])
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]433 if (not self.network_resources or
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]434 self.network_resources.get('subnet')):
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]435 self._clear_isolated_subnet(creds.subnet['id'],
436 creds.subnet['name'])
Salvatore Orlandocf996c62014-01-30 09:15:18 -0800[diff] [blame]437 if (not self.network_resources or
438 self.network_resources.get('network')):
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]439 self._clear_isolated_network(creds.network['id'],
440 creds.network['name'])
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]441
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]442 def clear_isolated_creds(self):
443 if not self.isolated_creds:
444 return
Miguel Lavalleb8fabc52013-08-23 11:19:57 -0500[diff] [blame]445 self._clear_isolated_net_resources()
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]446 for creds in six.itervalues(self.isolated_creds):
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]447 try:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]448 self.creds_client.delete_user(creds.user_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]449 except lib_exc.NotFound:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]450 LOG.warn("user with name: %s not found for delete" %
451 creds.username)
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]452 try:
Andrea Frittolic3280152015-02-26 12:42:34 +0000[diff] [blame]453 if CONF.service_available.neutron:
454 self._cleanup_default_secgroup(creds.tenant_id)
455 self.creds_client.delete_project(creds.tenant_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]456 except lib_exc.NotFound:
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]457 LOG.warn("tenant with name: %s not found for delete" %
458 creds.tenant_name)
ahmadfe72a402015-02-13 17:30:36 +0530[diff] [blame]459 self.isolated_creds = {}
Andrea Frittoli8283b4e2014-07-17 13:28:58 +0100[diff] [blame]460
461 def is_multi_user(self):
462 return True
Yair Fried76488d72014-10-21 10:13:19 +0300[diff] [blame]463
464 def is_multi_tenant(self):
465 return True
Matthew Treinish4a596932015-03-06 20:37:01 -0500[diff] [blame]466
467 def is_role_available(self, role):
468 return True