| Matthew Treinish | b86cda9 | 2013-07-29 11:22:23 -0400 | [diff] [blame^] | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 |
| 2 | |
| 3 | # Copyright 2013 IBM Corp. |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 6 | # not use this file except in compliance with the License. You may obtain |
| 7 | # a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 14 | # License for the specific language governing permissions and limitations |
| 15 | # under the License. |
| 16 | |
| 17 | import keystoneclient.v2_0.client |
| 18 | |
| 19 | from tempest import clients |
| 20 | from tempest.common.utils.data_utils import rand_name |
| 21 | from tempest import config |
| 22 | from tempest import exceptions |
| 23 | from tempest.openstack.common import log as logging |
| 24 | |
| 25 | LOG = logging.getLogger(__name__) |
| 26 | |
| 27 | |
| 28 | class IsolatedCreds(object): |
| 29 | |
| 30 | def __init__(self, name, tempest_client=True, interface='json', |
| 31 | password='pass'): |
| 32 | self.isolated_creds = {} |
| 33 | self.name = name |
| 34 | self.config = config.TempestConfig() |
| 35 | self.tempest_client = tempest_client |
| 36 | self.interface = interface |
| 37 | self.password = password |
| 38 | self.admin_client = self._get_identity_admin_client() |
| 39 | |
| 40 | def _get_keystone_client(self): |
| 41 | username = self.config.identity.admin_username |
| 42 | password = self.config.identity.admin_password |
| 43 | tenant_name = self.config.identity.admin_tenant_name |
| 44 | auth_url = self.config.identity.uri |
| 45 | dscv = self.config.identity.disable_ssl_certificate_validation |
| 46 | return keystoneclient.v2_0.client.Client(username=username, |
| 47 | password=password, |
| 48 | tenant_name=tenant_name, |
| 49 | auth_url=auth_url, |
| 50 | insecure=dscv) |
| 51 | |
| 52 | def _get_identity_admin_client(self): |
| 53 | """ |
| 54 | Returns an instance of the Identity Admin API client |
| 55 | """ |
| 56 | if self.tempest_client: |
| 57 | os = clients.AdminManager(interface=self.interface) |
| 58 | admin_client = os.identity_client |
| 59 | else: |
| 60 | admin_client = self._get_keystone_client() |
| 61 | return admin_client |
| 62 | |
| 63 | def _create_tenant(self, name, description): |
| 64 | if self.tempest_client: |
| 65 | resp, tenant = self.admin_client.create_tenant( |
| 66 | name=name, description=description) |
| 67 | else: |
| 68 | tenant = self.admin_client.tenants.create(name, |
| 69 | description=description) |
| 70 | return tenant |
| 71 | |
| 72 | def _get_tenant_by_name(self, name): |
| 73 | if self.tempest_client: |
| 74 | resp, tenant = self.admin_client.get_tenant_by_name(name) |
| 75 | else: |
| 76 | tenants = self.admin_client.tenants.list() |
| 77 | for ten in tenants: |
| 78 | if ten['name'] == name: |
| 79 | tenant = ten |
| 80 | raise exceptions.NotFound('No such tenant') |
| 81 | return tenant |
| 82 | |
| 83 | def _create_user(self, username, password, tenant, email): |
| 84 | if self.tempest_client: |
| 85 | resp, user = self.admin_client.create_user(username, password, |
| 86 | tenant['id'], email) |
| 87 | else: |
| 88 | user = self.admin_client.users.create(username, password, email, |
| 89 | tenant_id=tenant.id) |
| 90 | return user |
| 91 | |
| 92 | def _get_user(self, tenant, username): |
| 93 | if self.tempest_client: |
| 94 | resp, user = self.admin_client.get_user_by_username(tenant['id'], |
| 95 | username) |
| 96 | else: |
| 97 | user = self.admin_client.users.get(username) |
| 98 | return user |
| 99 | |
| 100 | def _list_roles(self): |
| 101 | if self.tempest_client: |
| 102 | resp, roles = self.admin_client.list_roles() |
| 103 | else: |
| 104 | roles = self.admin_client.roles.list() |
| 105 | return roles |
| 106 | |
| 107 | def _assign_user_role(self, tenant, user, role): |
| 108 | if self.tempest_client: |
| 109 | self.admin_client.assign_user_role(tenant, user, role) |
| 110 | else: |
| 111 | self.admin_client.roles.add_user_role(user, role, tenant=tenant) |
| 112 | |
| 113 | def _delete_user(self, user): |
| 114 | if self.tempest_client: |
| 115 | self.admin_client.delete_user(user) |
| 116 | else: |
| 117 | self.admin_client.users.delete(user) |
| 118 | |
| 119 | def _delete_tenant(self, tenant): |
| 120 | if self.tempest_client: |
| 121 | self.admin_client.delete_tenant(tenant) |
| 122 | else: |
| 123 | self.admin_client.tenants.delete(tenant) |
| 124 | |
| 125 | def _create_creds(self, suffix=None, admin=False): |
| 126 | rand_name_root = rand_name(self.name) |
| 127 | if suffix: |
| 128 | rand_name_root += suffix |
| 129 | tenant_name = rand_name_root + "-tenant" |
| 130 | tenant_desc = tenant_name + "-desc" |
| 131 | rand_name_root = rand_name(self.name) |
| 132 | tenant = self._create_tenant(name=tenant_name, |
| 133 | description=tenant_desc) |
| 134 | if suffix: |
| 135 | rand_name_root += suffix |
| 136 | username = rand_name_root + "-user" |
| 137 | email = rand_name_root + "@example.com" |
| 138 | user = self._create_user(username, self.password, |
| 139 | tenant, email) |
| 140 | if admin: |
| 141 | role = None |
| 142 | try: |
| 143 | roles = self._list_roles() |
| 144 | if self.tempest_client: |
| 145 | role = next(r for r in roles if r['name'] == 'admin') |
| 146 | else: |
| 147 | role = next(r for r in roles if r.name == 'admin') |
| 148 | except StopIteration: |
| 149 | msg = "No admin role found" |
| 150 | raise exceptions.NotFound(msg) |
| 151 | if self.tempest_client: |
| 152 | self._assign_user_role(tenant['id'], user['id'], role['id']) |
| 153 | else: |
| 154 | self._assign_user_role(tenant.id, user.id, role.id) |
| 155 | return user, tenant |
| 156 | |
| 157 | def _get_cred_names(self, user, tenant): |
| 158 | if self.tempest_client: |
| 159 | username = user.get('name') |
| 160 | tenant_name = tenant.get('name') |
| 161 | else: |
| 162 | username = user.name |
| 163 | tenant_name = tenant.name |
| 164 | return username, tenant_name |
| 165 | |
| 166 | def get_primary_tenant(self): |
| 167 | return self.isolated_creds.get('primary')[1] |
| 168 | |
| 169 | def get_primary_user(self): |
| 170 | return self.isolated_creds.get('primary')[0] |
| 171 | |
| 172 | def get_alt_tenant(self): |
| 173 | return self.isolated_creds.get('alt')[1] |
| 174 | |
| 175 | def get_alt_user(self): |
| 176 | return self.isolated_creds.get('alt')[0] |
| 177 | |
| 178 | def get_admin_tenant(self): |
| 179 | return self.isolated_creds.get('admin')[1] |
| 180 | |
| 181 | def get_admin_user(self): |
| 182 | return self.isolated_creds.get('admin')[0] |
| 183 | |
| 184 | def get_primary_creds(self): |
| 185 | if self.isolated_creds.get('primary'): |
| 186 | user, tenant = self.isolated_creds['primary'] |
| 187 | username, tenant_name = self._get_cred_names(user, tenant) |
| 188 | else: |
| 189 | user, tenant = self._create_creds() |
| 190 | username, tenant_name = self._get_cred_names(user, tenant) |
| 191 | self.isolated_creds['primary'] = (user, tenant) |
| 192 | LOG.info("Aquired isolated creds:\n user: %s, tenant: %s" |
| 193 | % (username, tenant_name)) |
| 194 | return username, tenant_name, self.password |
| 195 | |
| 196 | def get_admin_creds(self): |
| 197 | if self.isolated_creds.get('admin'): |
| 198 | user, tenant = self.isolated_creds['admin'] |
| 199 | username, tenant_name = self._get_cred_names(user, tenant) |
| 200 | else: |
| 201 | user, tenant = self._create_creds(admin=True) |
| 202 | username, tenant_name = self._get_cred_names(user, tenant) |
| 203 | self.isolated_creds['admin'] = (user, tenant) |
| 204 | LOG.info("Aquired admin isolated creds:\n user: %s, tenant: %s" |
| 205 | % (username, tenant_name)) |
| 206 | return username, tenant_name, self.password |
| 207 | |
| 208 | def get_alt_creds(self): |
| 209 | if self.isolated_creds.get('alt'): |
| 210 | user, tenant = self.isolated_creds['alt'] |
| 211 | username, tenant_name = self._get_cred_names(user, tenant) |
| 212 | else: |
| 213 | user, tenant = self._create_creds() |
| 214 | username, tenant_name = self._get_cred_names(user, tenant) |
| 215 | self.isolated_creds['alt'] = (user, tenant) |
| 216 | LOG.info("Aquired alt isolated creds:\n user: %s, tenant: %s" |
| 217 | % (username, tenant_name)) |
| 218 | return username, tenant_name, self.password |
| 219 | |
| 220 | def clear_isolated_creds(self): |
| 221 | if not self.isolated_creds: |
| 222 | return |
| 223 | for cred in self.isolated_creds: |
| 224 | user, tenant = self.isolated_creds.get(cred) |
| 225 | try: |
| 226 | if self.tempest_client: |
| 227 | self._delete_user(user['id']) |
| 228 | else: |
| 229 | self._delete_user(user.id) |
| 230 | except exceptions.NotFound: |
| 231 | if self.tempest_client: |
| 232 | name = user['name'] |
| 233 | else: |
| 234 | name = user.name |
| 235 | LOG.warn("user with name: %s not found for delete" % name) |
| 236 | pass |
| 237 | try: |
| 238 | if self.tempest_client: |
| 239 | self._delete_tenant(tenant['id']) |
| 240 | else: |
| 241 | self._delete_tenant(tenant.id) |
| 242 | except exceptions.NotFound: |
| 243 | if self.tempest_client: |
| 244 | name = tenant['name'] |
| 245 | else: |
| 246 | name = tenant.name |
| 247 | LOG.warn("tenant with name: %s not found for delete" % name) |
| 248 | pass |