| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 1 | # Copyright (c) 2014 Deutsche Telekom AG |
| 2 | # Copyright (c) 2014 Hewlett-Packard Development Company, L.P. |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | import abc |
| 16 | |
| Ihar Hrachyshka | c695f9f | 2015-02-26 23:26:41 +0100 | [diff] [blame] | 17 | from oslo_log import log as logging |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 18 | import six |
| 19 | |
| 20 | from neutron.tests.tempest import auth |
| 21 | from neutron.tests.tempest import config |
| 22 | from neutron.tests.tempest import exceptions |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 23 | |
| 24 | CONF = config.CONF |
| 25 | LOG = logging.getLogger(__name__) |
| 26 | |
| 27 | # Type of credentials available from configuration |
| 28 | CREDENTIAL_TYPES = { |
| 29 | 'identity_admin': ('identity', 'admin'), |
| 30 | 'user': ('identity', None), |
| 31 | 'alt_user': ('identity', 'alt') |
| 32 | } |
| 33 | |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 34 | DEFAULT_PARAMS = { |
| 35 | 'disable_ssl_certificate_validation': |
| 36 | CONF.identity.disable_ssl_certificate_validation, |
| 37 | 'ca_certs': CONF.identity.ca_certificates_file, |
| 38 | 'trace_requests': CONF.debug.trace_requests |
| 39 | } |
| 40 | |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 41 | |
| 42 | # Read credentials from configuration, builds a Credentials object |
| 43 | # based on the specified or configured version |
| 44 | def get_configured_credentials(credential_type, fill_in=True, |
| 45 | identity_version=None): |
| 46 | identity_version = identity_version or CONF.identity.auth_version |
| 47 | if identity_version not in ('v2', 'v3'): |
| 48 | raise exceptions.InvalidConfiguration( |
| 49 | 'Unsupported auth version: %s' % identity_version) |
| 50 | if credential_type not in CREDENTIAL_TYPES: |
| 51 | raise exceptions.InvalidCredentials() |
| 52 | conf_attributes = ['username', 'password', 'tenant_name'] |
| 53 | if identity_version == 'v3': |
| 54 | conf_attributes.append('domain_name') |
| 55 | # Read the parts of credentials from config |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 56 | params = DEFAULT_PARAMS.copy() |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 57 | section, prefix = CREDENTIAL_TYPES[credential_type] |
| 58 | for attr in conf_attributes: |
| 59 | _section = getattr(CONF, section) |
| 60 | if prefix is None: |
| 61 | params[attr] = getattr(_section, attr) |
| 62 | else: |
| 63 | params[attr] = getattr(_section, prefix + "_" + attr) |
| 64 | # Build and validate credentials. We are reading configured credentials, |
| 65 | # so validate them even if fill_in is False |
| 66 | credentials = get_credentials(fill_in=fill_in, **params) |
| 67 | if not fill_in: |
| 68 | if not credentials.is_valid(): |
| 69 | msg = ("The %s credentials are incorrectly set in the config file." |
| 70 | " Double check that all required values are assigned" % |
| 71 | credential_type) |
| 72 | raise exceptions.InvalidConfiguration(msg) |
| 73 | return credentials |
| 74 | |
| 75 | |
| 76 | # Wrapper around auth.get_credentials to use the configured identity version |
| 77 | # is none is specified |
| 78 | def get_credentials(fill_in=True, identity_version=None, **kwargs): |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 79 | params = dict(DEFAULT_PARAMS, **kwargs) |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 80 | identity_version = identity_version or CONF.identity.auth_version |
| 81 | # In case of "v3" add the domain from config if not specified |
| 82 | if identity_version == 'v3': |
| 83 | domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES |
| 84 | if 'domain' in x) |
| 85 | if not domain_fields.intersection(kwargs.keys()): |
| 86 | kwargs['user_domain_name'] = CONF.identity.admin_domain_name |
| 87 | auth_url = CONF.identity.uri_v3 |
| 88 | else: |
| 89 | auth_url = CONF.identity.uri |
| 90 | return auth.get_credentials(auth_url, |
| 91 | fill_in=fill_in, |
| 92 | identity_version=identity_version, |
| Maru Newby | 5690a35 | 2015-03-13 18:46:40 +0000 | [diff] [blame] | 93 | **params) |
| Maru Newby | b096d9f | 2015-03-09 18:54:54 +0000 | [diff] [blame] | 94 | |
| 95 | |
| 96 | @six.add_metaclass(abc.ABCMeta) |
| 97 | class CredentialProvider(object): |
| 98 | def __init__(self, name, password='pass', network_resources=None): |
| 99 | self.name = name |
| 100 | |
| 101 | @abc.abstractmethod |
| 102 | def get_primary_creds(self): |
| 103 | return |
| 104 | |
| 105 | @abc.abstractmethod |
| 106 | def get_admin_creds(self): |
| 107 | return |
| 108 | |
| 109 | @abc.abstractmethod |
| 110 | def get_alt_creds(self): |
| 111 | return |
| 112 | |
| 113 | @abc.abstractmethod |
| 114 | def clear_isolated_creds(self): |
| 115 | return |
| 116 | |
| 117 | @abc.abstractmethod |
| 118 | def is_multi_user(self): |
| 119 | return |
| 120 | |
| 121 | @abc.abstractmethod |
| 122 | def is_multi_tenant(self): |
| 123 | return |
| 124 | |
| 125 | @abc.abstractmethod |
| 126 | def get_creds_by_roles(self, roles, force_new=False): |
| 127 | return |
| 128 | |
| 129 | @abc.abstractmethod |
| 130 | def is_role_available(self, role): |
| 131 | return |