commit 915648b0f134e8260ef017b8ab65017e3db94b11
author Vasyl Saienko <vsaienko@mirantis.com> Tue Jan 14 17:18:34 2020 +0000
committer Gerrit Code Review <mail@domain.com> Tue Jan 14 17:18:34 2020 +0000
tree e6d3fc705630af934d458f69d01ca771b24fcf7a
parent bfa18c20b98c589bdeaee361dd0d481d98953f17
parent 95cb78f79cc295c0c6ed1e2b78c6462ab88850af

Merge "tempest cleanup - use admin_mgr only" into mcp/train

tempest/cmd/cleanup.py

diff --git a/tempest/cmd/cleanup.py b/tempest/cmd/cleanup.py
index 645a952..b4fb5a5 100644
--- a/tempest/cmd/cleanup.py
+++ b/tempest/cmd/cleanup.py
@@ -135,8 +135,6 @@
         self.admin_project_id = ""
         self._init_admin_ids()
 
-        self.admin_role_added = []
-
         # available services
         self.project_services = cleanup_service.get_project_cleanup_services()
         self.global_services = cleanup_service.get_global_cleanup_services()
@@ -170,7 +168,6 @@
 
         # Loop through list of projects and clean them up.
         for project in projects:
-            self._add_admin(project['id'])
             self._clean_project(project)
 
         kwargs = {'data': self.dry_run_data,
@@ -188,15 +185,6 @@
                 f.write(json.dumps(self.dry_run_data, sort_keys=True,
                                    indent=2, separators=(',', ': ')))
 
-        self._remove_admin_user_roles()
-
-    def _remove_admin_user_roles(self):
-        project_ids = self.admin_role_added
-        LOG.debug("Removing admin user roles where needed for projects: %s",
-                  project_ids)
-        for project_id in project_ids:
-            self._remove_admin_role(project_id)
-
     def _clean_project(self, project):
         print("Cleaning project:  %s " % project['name'])
         is_dry_run = self.options.dry_run
@@ -209,11 +197,6 @@
             project_data = dry_run_data["_projects_to_clean"][project_id] = {}
             project_data['name'] = project_name
 
-        kwargs = {"username": CONF.auth.admin_username,
-                  "password": CONF.auth.admin_password,
-                  "project_name": project['name']}
-        mgr = clients.Manager(credentials=credentials.get_credentials(
-            **kwargs))
         kwargs = {'data': project_data,
                   'is_dry_run': is_dry_run,
                   'saved_state_json': self.json_data,
@@ -222,7 +205,7 @@
                   'project_id': project_id,
                   'got_exceptions': self.GOT_EXCEPTIONS}
         for service in self.project_services:
-            svc = service(mgr, **kwargs)
+            svc = service(self.admin_mgr, **kwargs)
             svc.run()
 
     def _init_admin_ids(self):
@@ -272,46 +255,6 @@
     def get_description(self):
         return 'Cleanup after tempest run'
 
-    def _add_admin(self, project_id):
-        rl_cl = self.admin_mgr.roles_v3_client
-        needs_role = True
-        roles = rl_cl.list_user_roles_on_project(project_id,
-                                                 self.admin_id)['roles']
-        for role in roles:
-            if role['id'] == self.admin_role_id:
-                needs_role = False
-                LOG.debug("User already had admin privilege for this project")
-        if needs_role:
-            LOG.debug("Adding admin privilege for : %s", project_id)
-            rl_cl.create_user_role_on_project(project_id, self.admin_id,
-                                              self.admin_role_id)
-            self.admin_role_added.append(project_id)
-
-    def _remove_admin_role(self, project_id):
-        LOG.debug("Remove admin user role for projectt: %s", project_id)
-        # Must initialize Admin Manager for each user role
-        # Otherwise authentication exception is thrown, weird
-        id_cl = clients.Manager(
-            credentials.get_configured_admin_credentials()).identity_client
-        if (self._project_exists(project_id)):
-            try:
-                id_cl.delete_role_from_user_on_project(project_id,
-                                                       self.admin_id,
-                                                       self.admin_role_id)
-            except Exception as ex:
-                LOG.exception("Failed removing role from project which still "
-                              "exists, exception: %s", ex)
-
-    def _project_exists(self, project_id):
-        pr_cl = self.admin_mgr.projects_client
-        try:
-            p = pr_cl.show_project(project_id)
-            LOG.debug("Project is: %s", str(p))
-            return True
-        except Exception as ex:
-            LOG.debug("Project no longer exists? %s", ex)
-            return False
-
     def _init_state(self):
         print("Initializing saved state.")
         data = {}