| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 1 | # Copyright (c) 2014 Deutsche Telekom AG |
| 2 | # Copyright (c) 2014 Hewlett-Packard Development Company, L.P. |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | import abc |
| 16 | |
| 17 | import six |
| 18 | |
| 19 | from neutron.tests.tempest import auth |
| 20 | from neutron.tests.tempest import config |
| 21 | from neutron.tests.tempest import exceptions |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 22 | |
| 23 | CONF = config.CONF |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 24 | |
| 25 | # Type of credentials available from configuration |
| 26 | CREDENTIAL_TYPES = { |
| 27 | 'identity_admin': ('identity', 'admin'), |
| 28 | 'user': ('identity', None), |
| 29 | 'alt_user': ('identity', 'alt') |
| 30 | } |
| 31 | |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 32 | DEFAULT_PARAMS = { |
| 33 | 'disable_ssl_certificate_validation': |
| 34 | CONF.identity.disable_ssl_certificate_validation, |
| 35 | 'ca_certs': CONF.identity.ca_certificates_file, |
| 36 | 'trace_requests': CONF.debug.trace_requests |
| 37 | } |
| 38 | |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 39 | |
| 40 | # Read credentials from configuration, builds a Credentials object |
| 41 | # based on the specified or configured version |
| 42 | def get_configured_credentials(credential_type, fill_in=True, |
| 43 | identity_version=None): |
| 44 | identity_version = identity_version or CONF.identity.auth_version |
| 45 | if identity_version not in ('v2', 'v3'): |
| 46 | raise exceptions.InvalidConfiguration( |
| 47 | 'Unsupported auth version: %s' % identity_version) |
| 48 | if credential_type not in CREDENTIAL_TYPES: |
| 49 | raise exceptions.InvalidCredentials() |
| 50 | conf_attributes = ['username', 'password', 'tenant_name'] |
| 51 | if identity_version == 'v3': |
| 52 | conf_attributes.append('domain_name') |
| 53 | # Read the parts of credentials from config |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 54 | params = DEFAULT_PARAMS.copy() |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 55 | section, prefix = CREDENTIAL_TYPES[credential_type] |
| 56 | for attr in conf_attributes: |
| 57 | _section = getattr(CONF, section) |
| 58 | if prefix is None: |
| 59 | params[attr] = getattr(_section, attr) |
| 60 | else: |
| 61 | params[attr] = getattr(_section, prefix + "_" + attr) |
| 62 | # Build and validate credentials. We are reading configured credentials, |
| 63 | # so validate them even if fill_in is False |
| 64 | credentials = get_credentials(fill_in=fill_in, **params) |
| 65 | if not fill_in: |
| 66 | if not credentials.is_valid(): |
| 67 | msg = ("The %s credentials are incorrectly set in the config file." |
| 68 | " Double check that all required values are assigned" % |
| 69 | credential_type) |
| 70 | raise exceptions.InvalidConfiguration(msg) |
| 71 | return credentials |
| 72 | |
| 73 | |
| 74 | # Wrapper around auth.get_credentials to use the configured identity version |
| 75 | # is none is specified |
| 76 | def get_credentials(fill_in=True, identity_version=None, **kwargs): |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 77 | params = dict(DEFAULT_PARAMS, **kwargs) |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 78 | identity_version = identity_version or CONF.identity.auth_version |
| 79 | # In case of "v3" add the domain from config if not specified |
| 80 | if identity_version == 'v3': |
| 81 | domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES |
| 82 | if 'domain' in x) |
| 83 | if not domain_fields.intersection(kwargs.keys()): |
| 84 | kwargs['user_domain_name'] = CONF.identity.admin_domain_name |
| 85 | auth_url = CONF.identity.uri_v3 |
| 86 | else: |
| 87 | auth_url = CONF.identity.uri |
| 88 | return auth.get_credentials(auth_url, |
| 89 | fill_in=fill_in, |
| 90 | identity_version=identity_version, |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 91 | **params) |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 92 | |
| 93 | |
| 94 | @six.add_metaclass(abc.ABCMeta) |
| 95 | class CredentialProvider(object): |
| 96 | def __init__(self, name, password='pass', network_resources=None): |
| 97 | self.name = name |
| 98 | |
| 99 | @abc.abstractmethod |
| 100 | def get_primary_creds(self): |
| 101 | return |
| 102 | |
| 103 | @abc.abstractmethod |
| 104 | def get_admin_creds(self): |
| 105 | return |
| 106 | |
| 107 | @abc.abstractmethod |
| 108 | def get_alt_creds(self): |
| 109 | return |
| 110 | |
| 111 | @abc.abstractmethod |
| 112 | def clear_isolated_creds(self): |
| 113 | return |
| 114 | |
| 115 | @abc.abstractmethod |
| 116 | def is_multi_user(self): |
| 117 | return |
| 118 | |
| 119 | @abc.abstractmethod |
| 120 | def is_multi_tenant(self): |
| 121 | return |
| 122 | |
| 123 | @abc.abstractmethod |
| 124 | def get_creds_by_roles(self, roles, force_new=False): |
| 125 | return |
| 126 | |
| 127 | @abc.abstractmethod |
| 128 | def is_role_available(self, role): |
| 129 | return |