Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / b6baff8c07352df544136eb81ea2569151836581 / . / tempest / common / cred_client.py
blob: 2ca9f403e0f6ac0465fa9091426d45d126ef5500 [file] [log] [blame]
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
12
13import abc
14
15from oslo_log import log as logging
16import six
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]17
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]18from tempest.lib import auth
19from tempest.lib import exceptions as lib_exc
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]20from tempest.services.identity.v2.json import identity_client as v2_identity
21
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]22LOG = logging.getLogger(__name__)
23
24
25@six.add_metaclass(abc.ABCMeta)
26class CredsClient(object):
Ken'ichi Ohmichicb67d2d2015-11-19 08:23:22 +0000[diff] [blame]27 """This class is a wrapper around the identity clients
28
29 to provide a single interface for managing credentials in both v2 and v3
30 cases. It's not bound to created credentials, only to a specific set of
31 admin credentials used for generating credentials.
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]32 """
33
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]34 def __init__(self, identity_client, projects_client, users_client,
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]35 roles_client):
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]36 # The client implies version and credentials
37 self.identity_client = identity_client
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]38 self.users_client = users_client
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]39 self.projects_client = projects_client
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]40 self.roles_client = roles_client
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]41
42 def create_user(self, username, password, project, email):
ghanshyame1c6c1c2016-06-15 14:50:41 +0900[diff] [blame]43 params = self._create_user_params(username, password,
44 project['id'], email)
45 user = self.users_client.create_user(**params)
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]46 if 'user' in user:
47 user = user['user']
48 return user
49
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]50 def delete_user(self, user_id):
51 self.users_client.delete_user(user_id)
52
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]53 @abc.abstractmethod
54 def create_project(self, name, description):
55 pass
56
57 def _check_role_exists(self, role_name):
58 try:
59 roles = self._list_roles()
60 role = next(r for r in roles if r['name'] == role_name)
61 except StopIteration:
62 return None
63 return role
64
65 def create_user_role(self, role_name):
66 if not self._check_role_exists(role_name):
piyush110786afaaf262015-12-11 18:54:05 +0530[diff] [blame]67 self.roles_client.create_role(name=role_name)
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]68
69 def assign_user_role(self, user, project, role_name):
70 role = self._check_role_exists(role_name)
71 if not role:
72 msg = 'No "%s" role found' % role_name
73 raise lib_exc.NotFound(msg)
74 try:
Ghanshyamc0448672016-02-17 12:53:25 +0900[diff] [blame]75 self._assign_user_role(project, user, role)
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]76 except lib_exc.Conflict:
77 LOG.debug("Role %s already assigned on project %s for user %s" % (
78 role['id'], project['id'], user['id']))
79
80 @abc.abstractmethod
81 def get_credentials(self, user, project, password):
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]82 """Produces a Credentials object from the details provided
83
84 :param user: a user dict
85 :param project: a project dict
86 :param password: the password as a string
87 :return: a Credentials object with all the available credential details
88 """
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]89 pass
90
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]91 def _list_roles(self):
Daniel Mellado6b16b922015-12-07 12:43:08 +0000[diff] [blame]92 roles = self.roles_client.list_roles()['roles']
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]93 return roles
94
95
96class V2CredsClient(CredsClient):
97
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]98 def __init__(self, identity_client, projects_client, users_client,
99 roles_client):
Daniel Mellado6b16b922015-12-07 12:43:08 +0000[diff] [blame]100 super(V2CredsClient, self).__init__(identity_client,
101 projects_client,
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]102 users_client,
103 roles_client)
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]104
ghanshyame1c6c1c2016-06-15 14:50:41 +0900[diff] [blame]105 def _create_user_params(self, username, password, project_id, email):
106 params = {'name': username,
107 'password': password,
108 'tenantId': project_id,
109 'email': email}
110 return params
111
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]112 def create_project(self, name, description):
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]113 tenant = self.projects_client.create_tenant(
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]114 name=name, description=description)['tenant']
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]115 return tenant
116
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]117 def delete_project(self, project_id):
118 self.projects_client.delete_tenant(project_id)
119
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]120 def get_credentials(self, user, project, password):
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]121 # User and project already include both ID and name here,
122 # so there's no need to use the fill_in mode
123 return auth.get_credentials(
124 auth_url=None,
125 fill_in=False,
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]126 identity_version='v2',
127 username=user['name'], user_id=user['id'],
128 tenant_name=project['name'], tenant_id=project['id'],
129 password=password)
130
Ghanshyamc0448672016-02-17 12:53:25 +0900[diff] [blame]131 def _assign_user_role(self, project, user, role):
ghanshyam50894fc2016-06-17 13:20:25 +0900[diff] [blame]132 self.roles_client.create_user_role_on_project(project['id'],
133 user['id'],
134 role['id'])
Ghanshyamc0448672016-02-17 12:53:25 +0900[diff] [blame]135
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]136
137class V3CredsClient(CredsClient):
138
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]139 def __init__(self, identity_client, projects_client, users_client,
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]140 roles_client, domains_client, domain_name):
Daniel Mellado91a26b62016-02-11 11:13:04 +0000[diff] [blame]141 super(V3CredsClient, self).__init__(identity_client, projects_client,
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]142 users_client, roles_client)
Daniel Mellado91a26b62016-02-11 11:13:04 +0000[diff] [blame]143 self.domains_client = domains_client
144
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]145 try:
146 # Domain names must be unique, in any case a list is returned,
147 # selecting the first (and only) element
Daniel Mellado91a26b62016-02-11 11:13:04 +0000[diff] [blame]148 self.creds_domain = self.domains_client.list_domains(
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]149 params={'name': domain_name})['domains'][0]
150 except lib_exc.NotFound:
151 # TODO(andrea) we could probably create the domain on the fly
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]152 msg = "Requested domain %s could not be found" % domain_name
153 raise lib_exc.InvalidCredentials(msg)
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]154
ghanshyame1c6c1c2016-06-15 14:50:41 +0900[diff] [blame]155 def _create_user_params(self, username, password, project_id, email):
156 params = {'user_name': username,
157 'password': password,
158 'project_id': project_id,
159 'email': email}
160 return params
161
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]162 def create_project(self, name, description):
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]163 project = self.projects_client.create_project(
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]164 name=name, description=description,
165 domain_id=self.creds_domain['id'])['project']
166 return project
167
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]168 def delete_project(self, project_id):
169 self.projects_client.delete_project(project_id)
170
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]171 def get_credentials(self, user, project, password):
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]172 # User, project and domain already include both ID and name here,
173 # so there's no need to use the fill_in mode.
Andrea Frittoli (andreaf)bd06f982016-06-02 17:26:51 +0100[diff] [blame]174 # NOTE(andreaf) We need to set all fields in the returned credentials.
175 # Scope is then used to pick only those relevant for the type of
176 # token needed by each service client.
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]177 return auth.get_credentials(
178 auth_url=None,
179 fill_in=False,
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]180 identity_version='v3',
181 username=user['name'], user_id=user['id'],
182 project_name=project['name'], project_id=project['id'],
183 password=password,
Andrea Frittoli (andreaf)278463c2015-10-08 15:04:09 +0100[diff] [blame]184 project_domain_id=self.creds_domain['id'],
Andrea Frittoli (andreaf)bd06f982016-06-02 17:26:51 +0100[diff] [blame]185 project_domain_name=self.creds_domain['name'],
186 domain_id=self.creds_domain['id'],
187 domain_name=self.creds_domain['name'])
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]188
Ghanshyamc0448672016-02-17 12:53:25 +0900[diff] [blame]189 def _assign_user_role(self, project, user, role):
190 self.roles_client.assign_user_role_on_project(project['id'],
191 user['id'],
192 role['id'])
193
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]194 def assign_user_role_on_domain(self, user, role_name, domain=None):
195 """Assign the specified role on a domain
196
197 :param user: a user dict
198 :param role_name: name of the role to be assigned
199 :param domain: (optional) The domain to assign the role on. If not
200 specified the default domain of cred_client
201 """
202 # NOTE(andreaf) This method is very specific to the v3 case, and
203 # because of that it's not defined in the parent class.
204 if domain is None:
205 domain = self.creds_domain
206 role = self._check_role_exists(role_name)
207 if not role:
208 msg = 'No "%s" role found' % role_name
209 raise lib_exc.NotFound(msg)
210 try:
211 self.roles_client.assign_user_role_on_domain(
212 domain['id'], user['id'], role['id'])
213 except lib_exc.Conflict:
214 LOG.debug("Role %s already assigned on domain %s for user %s",
215 role['id'], domain['id'], user['id'])
216
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]217
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]218def get_creds_client(identity_client,
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]219 projects_client,
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]220 users_client,
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]221 roles_client,
Daniel Mellado91a26b62016-02-11 11:13:04 +0000[diff] [blame]222 domains_client=None,
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]223 project_domain_name=None):
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]224 if isinstance(identity_client, v2_identity.IdentityClient):
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]225 return V2CredsClient(identity_client, projects_client, users_client,
226 roles_client)
Jamie Lennox15350172015-08-17 10:54:25 +1000[diff] [blame]227 else:
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]228 return V3CredsClient(identity_client, projects_client, users_client,
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]229 roles_client, domains_client, project_domain_name)