def delete_user(self, user):
     kc = KeystoneCommands(username=self.inputs.stack_user,
                           password=self.inputs.stack_password,
                           tenant=self.inputs.project_name,
                           auth_url=self.auth_url,
                           insecure=self.insecure)
     kc.delete_user(user)
Beispiel #2
0
 def __init__(self, username, password, project_id, project_name,
              auth_url, endpoint_type, region_name, scope, cert, key,
              cacert, domain_name, insecure, logger):
     self.logger = logger
     prj = project_id.replace('-', '')
     self._ks = KeystoneCommands(username=username,
                                 password=password,
                                 tenant=project_name,
                                 domain_name=domain_name,
                                 auth_url=auth_url,
                                 region_name=region_name,
                                 scope=scope,
                                 cert=cert,
                                 key=key,
                                 cacert=cacert,
                                 insecure=insecure,
                                 logger=logger)
     self._qh = neuc.Client(
         '2.0',
         session=self._ks.get_session(scope='project'),
         region_name=region_name)
     self._nh = novac.Client(
         '2',
         session=self._ks.get_session(scope='project'),
         region_name=region_name)
 def reauth(self):
     self.keystone = KeystoneCommands(username=self.user,
                                      password=self.passwd,
                                      tenant=self.project,
                                      auth_url=self.auth_url,
                                      insecure=self.insecure,
                                      region_name=self.region_name,
                                      logger=self.logger)
 def add_user_to_project(self, user, project):
     kc = KeystoneCommands(username= self.inputs.stack_user,
                           password= self.inputs.stack_password,
                           tenant= self.inputs.project_name,
                           auth_url= self.auth_url, insecure=self.insecure)
     try:
         kc.add_user_to_tenant(project, user, 'admin')
     except Exception as e:
         self.logger.info("%s user already added to project"%(user))
 def add_user_to_project(self, user, project):
     kc = KeystoneCommands(username=self.inputs.stack_user,
                           password=self.inputs.stack_password,
                           tenant=self.inputs.project_name,
                           auth_url=self.auth_url,
                           insecure=self.insecure)
     try:
         kc.add_user_to_tenant(project, user, 'admin')
     except Exception as e:
         self.logger.info("%s user already added to project" % (user))
 def create_user(self, user, password):
     kc = KeystoneCommands(username= self.inputs.stack_user,
                           password= self.inputs.stack_password,
                           tenant= self.inputs.project_name,
                           auth_url= self.auth_url, insecure=self.insecure)
     try:
         kc.create_user(user,password,email='',
                        tenant_name=self.inputs.stack_tenant,enabled=True)
     except:
         self.logger.info("%s user already created"%(self.user))
Beispiel #7
0
 def reauth(self):
     self.keystone = KeystoneCommands(username=self.user,
                                      password=self.passwd,
                                      tenant=self.project,
                                      domain_name=self.domain_name,
                                      auth_url=self.auth_url,
                                      insecure=self.insecure,
                                      region_name=self.region_name,
                                      cert=self.keystone_certfile,
                                      key=self.keystone_keyfile,
                                      cacert=self.certbundle,
                                      logger=self.logger,
                                      scope=self.scope)
 def create_user(self, user, password):
     kc = KeystoneCommands(username=self.inputs.stack_user,
                           password=self.inputs.stack_password,
                           tenant=self.inputs.project_name,
                           auth_url=self.auth_url,
                           insecure=self.insecure)
     try:
         kc.create_user(user,
                        password,
                        email='',
                        tenant_name=self.inputs.stack_tenant,
                        enabled=True)
     except:
         self.logger.info("%s user already created" % (self.user))
 def verify_service_enabled(self, service):
     kc = KeystoneCommands(username= self.inputs.stack_user,
                           password= self.inputs.stack_password,
                           tenant= self.inputs.project_name,
                           auth_url= self.auth_url, insecure=self.insecure)
     try:
         for svc in kc.services_list():
             if service in svc.name:
                 return True
             else:
                 continue 
         return False     
     except Exception as e:
         return False
 def reauth(self):
     self.keystone = KeystoneCommands(username=self.user,
                                      password=self.passwd,
                                      tenant=self.project,
                                      auth_url=self.auth_url,
                                      insecure=self.insecure,
                                      region_name=self.region_name)
Beispiel #11
0
 def __init__(self, username, password, project_name, inputs, openstack_ip):
     self.inputs = inputs
     self.logger = self.inputs.logger
     auth_url = os.getenv('OS_AUTH_URL') or \
                     'http://' + openstack_ip + ':5000/v2.0'
     insecure = bool(os.getenv('OS_INSECURE', True))
     kc = KeystoneCommands(username=username,
                           password=password,
                           tenant=project_name,
                           auth_url=auth_url,
                           insecure=insecure)
     self.project_id = kc.get_id().replace('-', '')
     self.obj = client.Client('2.0',
                              username=username,
                              password=password,
                              tenant_id=self.project_id,
                              auth_url=auth_url,
                              insecure=insecure)
Beispiel #12
0
 def reauth(self):
     self.keystone = KeystoneCommands(username=self.user,
                                      password=self.passwd,
                                      tenant=self.project,
                                      domain_name=self.domain_name,
                                      auth_url=self.auth_url,
                                      insecure=self.insecure,
                                      region_name=self.region_name,
                                      cert=self.keystone_certfile,
                                      key=self.keystone_keyfile,
                                      cacert=self.certbundle,
                                      logger=self.logger,
                                      scope=self.scope)
Beispiel #13
0
class OpenstackAuth(OrchestratorAuth):

   def __init__(self, user, passwd, project_name, inputs, logger):
       self.inputs = inputs
       self.user = user
       self.passwd = passwd
       self.project = project_name
       self.logger = logger
       self.insecure = bool(os.getenv('OS_INSECURE',True))
       self.auth_url = os.getenv('OS_AUTH_URL') or \
               'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
       self.domain = 'default-domain'
       self.reauth()

   def reauth(self):
       self.keystone = KeystoneCommands(username= self.user,
                                        password= self.passwd,
                                        tenant= self.project,
                                        auth_url= self.auth_url,
                                        insecure=self.insecure)

   def get_project_id(self, domain_name=None, project_name=None):
       if not project_name or project_name == self.project:
           return self.keystone.get_id()
       else:
           return self.keystone.get_project_id(project_name)

   def create_project(self, name):
       return self.keystone.create_project(name)

   def delete_project(self, name):
       try:
           self.keystone.delete_project(name)
       except ks_exceptions.ClientException, e:
           # TODO Remove this workaround 
           if 'Unable to add token to revocation list' in str(e):
               self.logger.warn('Exception %s while deleting project' % (
                    str(e)))
Beispiel #14
0
 def __init__(
         self,
         username,
         password,
         project_name,
         inputs,
         openstack_ip):
     self.inputs = inputs
     self.logger = self.inputs.logger
     auth_url = os.getenv('OS_AUTH_URL') or \
                     'http://' + openstack_ip + ':5000/v2.0'
     insecure = bool(os.getenv('OS_INSECURE', True))
     kc = KeystoneCommands(username=username,
                           password=password,
                           tenant=project_name,
                           auth_url=auth_url,
                           insecure=insecure)
     self.project_id = kc.get_id().replace('-','')
     self.obj = client.Client('2.0', username=username,
                              password=password,
                              tenant_id=self.project_id,
                              auth_url=auth_url,
                              insecure=insecure)
Beispiel #15
0
class OpenstackAuth(OrchestratorAuth):
    def __init__(self, user, passwd, project_name, inputs, logger):
        self.inputs = inputs
        self.user = user
        self.passwd = passwd
        self.project = project_name
        self.logger = logger
        self.insecure = bool(os.getenv('OS_INSECURE', True))
        self.auth_url = os.getenv('OS_AUTH_URL') or \
                'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
        self.domain = 'default-domain'
        self.reauth()

    def reauth(self):
        self.keystone = KeystoneCommands(username=self.user,
                                         password=self.passwd,
                                         tenant=self.project,
                                         auth_url=self.auth_url,
                                         insecure=self.insecure)

    def get_project_id(self, domain_name=None, project_name=None):
        if not project_name or project_name == self.project:
            return self.keystone.get_id()
        else:
            return self.keystone.get_project_id(project_name)

    def create_project(self, name):
        return self.keystone.create_project(name)

    def delete_project(self, name):
        try:
            self.keystone.delete_project(name)
        except ks_exceptions.ClientException, e:
            # TODO Remove this workaround
            if 'Unable to add token to revocation list' in str(e):
                self.logger.warn('Exception %s while deleting project' %
                                 (str(e)))
    def delete_user(self,user=None):

        if user:
            user = user
	else:
	    user = self.user
        insecure = bool(os.getenv('OS_INSECURE',True))
        try:
            self.auth_url = os.getenv('OS_AUTH_URL') or \
                                 'http://' + self.inputs.openstack_ip + ':5000/v2.0'
            self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
                                                   tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)

        except Exception as e:
            self.logger.warn("Failed - Keystone client instance")
        self.key_stone_clients.delete_user(user)
Beispiel #17
0
 def setUpClass(cls):
     super(BaseMultitenancyTest, cls).setUpClass()
     cls.quantum_h= cls.connections.quantum_h
     cls.nova_h = cls.connections.nova_h
     cls.vnc_lib= cls.connections.vnc_lib
     cls.agent_inspect= cls.connections.agent_inspect
     cls.cn_inspect= cls.connections.cn_inspect
     auth_url = os.getenv('OS_AUTH_URL') or \
                    'http://' + cls.inputs.auth_ip + ':5000/v2.0'
     insecure = bool(os.getenv('OS_INSECURE',True))
     cls.key_stone_clients = KeystoneCommands(
         username=cls.inputs.admin_user,
         password = cls.inputs.admin_password,
         tenant = cls.inputs.admin_tenant,
         auth_url=auth_url,
         insecure=insecure)
    def create_and_attach_user_to_tenant(self):
        insecure = bool(os.getenv('OS_INSECURE',True))
        try:
            auth_url = os.getenv('OS_AUTH_URL') or \
                                 'http://' + self.inputs.openstack_ip + ':5000/v2.0'
            self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
                                                   tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
            try:
                self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True)
            except:
                self.logger.info("%s user already created"%(self.user))

            try:
                self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin')
            except Exception as e:
                self.logger.info("%s user already added to project"%(self.user))
            try:
                self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin')
            except Exception as e:
                self.logger.info("Admin user already added to project")
            time.sleep(4)
        except Exception as e:
            self.logger.info("Failed - Keystone client instance")
Beispiel #19
0
class OpenstackAuth(OrchestratorAuth):

   def __init__(self, user, passwd, project_name,
                inputs=None, logger=None, auth_url=None):
       self.inputs = inputs
       self.user = user
       self.passwd = passwd
       self.project = project_name
       self.logger = logger or logging.getLogger(__name__)
       self.insecure = bool(os.getenv('OS_INSECURE',True))
       if inputs:
           self.auth_url = 'http://%s:5000/v2.0' % (self.inputs.openstack_ip)
       else:
           self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
       self.reauth()

   def reauth(self):
       self.keystone = KeystoneCommands(username=self.user,
                                        password=self.passwd,
                                        tenant=self.project,
                                        auth_url=self.auth_url,
                                        insecure=self.insecure)

   def get_project_id(self, name=None):
       if not name or name == self.project:
           return self.keystone.get_id()
       return self.keystone.get_project_id(name)

   def create_project(self, name):
       return self.keystone.create_project(name)

   def delete_project(self, name):
       self.keystone.delete_project(name)

   def delete_user(self, user):
       self.keystone.delete_user(user)

   def create_user(self, user, password):
       try:
           self.keystone.create_user(user,password,email='',
                          tenant_name=self.inputs.stack_tenant,enabled=True)
       except:
           self.logger.info("%s user already created"%(self.user))

   def add_user_to_project(self, user, project, role='admin'):
       try:
           self.keystone.add_user_to_tenant(project, user, role)
       except Exception as e:
           self.logger.info("%s user already added to project"%(user))

   def verify_service_enabled(self, service):
       try:
           for svc in self.keystone.services_list():
               if service in svc.name:
                   return True
               else:
                   continue
           return False
       except Exception as e:
           return False

   def get_auth_h(self):
       return self.keystone
class IsolatedCreds(fixtures.Fixture):

    def __init__(self,project_name,inputs,ini_file = None ,logger = None):

#        self.project_name = project_name
        self.project_name = get_random_name(project_name) 
        self.user = project_name
        self.password = project_name
        self.inputs = inputs
        self.ini_file = ini_file
        self.logger = logger

    def setUp(self):
        super(IsolatedCreds, self).setUp()
        self.connections= ContrailConnections(self.inputs, self.logger)
        self.vnc_lib= self.connections.vnc_lib
       # self.logger= self.inputs.logger

    def create_tenant(self): 

        self.project = None
        time.sleep(4)        
        try:
            self.project = project_test.ProjectFixture(project_name = self.project_name,
					vnc_lib_h= self.vnc_lib,username= self.user,password= self.password,
                                        connections= self.connections)
            self.project.setUp()
        except Exception as e:
            self.logger.warn("got exception as %s"%(e)) 
        finally:
            return self.project

    def delete_tenant(self):

        self.project.cleanUp()

    def delete_user(self,user=None):

        if user:
            user = user
	else:
	    user = self.user
        insecure = bool(os.getenv('OS_INSECURE',True))
        try:
            self.auth_url = os.getenv('OS_AUTH_URL') or \
                                 'http://' + self.inputs.openstack_ip + ':5000/v2.0'
            self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
                                                   tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)

        except Exception as e:
            self.logger.warn("Failed - Keystone client instance")
        self.key_stone_clients.delete_user(user)

    def create_and_attach_user_to_tenant(self):
        insecure = bool(os.getenv('OS_INSECURE',True))
        try:
            auth_url = os.getenv('OS_AUTH_URL') or \
                                 'http://' + self.inputs.openstack_ip + ':5000/v2.0'
            self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password,
                                                   tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure)
            try:
                self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True)
            except:
                self.logger.info("%s user already created"%(self.user))

            try:
                self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin')
            except Exception as e:
                self.logger.info("%s user already added to project"%(self.user))
            try:
                self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin')
            except Exception as e:
                self.logger.info("Admin user already added to project")
            time.sleep(4)
        except Exception as e:
            self.logger.info("Failed - Keystone client instance")

    def get_inputs(self):

        self.project_inputs= self.useFixture(ContrailTestInit(self.ini_file, 
                            stack_user=self.project.username,
                            stack_password=self.project.password,
                            project_fq_name=['default-domain',self.project_name],logger = self.logger))
        return self.project_inputs

    def get_conections(self): 
            
        self.project_connections= ContrailConnections(self.project_inputs,project_name= self.project_name,
				   username=self.project.username
                                  ,password= self.project.password,
                                   logger = self.logger)
        return self.project_connections

    def get_admin_inputs(self):

        admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger)
        return admin.get_inputs()		

    def get_admin_connections(self):

        admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger)
        return admin.get_conections()	
	
    def cleanUp(self):
        super(IsolatedCreds, self).cleanUp()
    def _create_prov_file(self):
        ''' Creates json data for a single node only.
            Optional Env variables:
              openstack creds:
               * OS_USERNAME (default: admin)
               * OS_PASSWORD (default: contrail123)
               * OS_TENANT_NAME (default: admin)
               * OS_DOMAIN_NAME (default: default-domain)
               * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
               * OS_INSECURE (default: True)
              login creds:
               * USERNAME (default: root)
               * PASSWORD (default: c0ntrail123)
              contrail service:
               * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
        '''
        pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
        if self.orchestrator.lower() != 'openstack':
            raise Exception('Please specify testbed info in $PARAMS_FILE '
                            'under "Basic" section, keyword "provFile"')
        if self.orchestrator.lower() == 'openstack':
            auth_url = os.getenv('OS_AUTH_URL', None) or \
                       'http://127.0.0.1:5000/v2.0'
            insecure = bool(os.getenv('OS_INSECURE', True))
            keystone = KeystoneCommands(
                self.stack_user,
                self.stack_password,
                self.stack_tenant,
                auth_url,
                region_name=self.region_name,
                insecure=insecure,
                logger=self.logger)
            match = re.match(pattern, keystone.get_endpoint('identity')[0])
            self.auth_ip = match.group('ip')
            self.auth_port = match.group('port')

        # Assume contrail-config runs in the same node as neutron-server
        discovery = os.getenv('DISCOVERY_IP', None) or \
                    (keystone and re.match(pattern,
                    keystone.get_endpoint('network')[0]).group('ip'))
        ds_client = VerificationDsSrv(discovery)
        services = ds_client.get_ds_services().info
        cfgm = database = services['config']
        collector = services['analytics']
        bgp = services['control-node']
        openstack = [self.auth_ip] if self.auth_ip else []
        computes = self.get_computes(cfgm[0])
        data = {'hosts': list()}
        hosts = cfgm + database + collector + bgp + computes + openstack
        username = os.getenv('USERNAME', 'root')
        password = os.getenv('PASSWORD', 'c0ntrail123')
        for host in set(hosts):
            with settings(
                    host_string='%s@%s' % (username, host),
                    password=password,
                    warn_only=True):
                hname = run('hostname')
            hdict = {
                'ip': host,
                'data-ip': host,
                'control-ip': host,
                'username': username,
                'password': password,
                'name': hname,
                'roles': [],
            }
            if host in cfgm:
                hdict['roles'].append({'type': 'cfgm'})
            if host in collector:
                hdict['roles'].append({'type': 'collector'})
            if host in database:
                hdict['roles'].append({'type': 'database'})
            if host in bgp:
                hdict['roles'].append({'type': 'bgp'})
            if host in computes:
                hdict['roles'].append({'type': 'compute'})
            if host in openstack:
                hdict['roles'].append({'type': 'openstack'})
            data['hosts'].append(hdict)
        tempfile = NamedTemporaryFile(delete=False)
        with open(tempfile.name, 'w') as fd:
            json.dump(data, fd)
        return tempfile.name
    def _create_prov_file(self):
        ''' Creates json data for a single node only.
            Optional Env variables:
              openstack creds:
               * OS_USERNAME (default: admin)
               * OS_PASSWORD (default: contrail123)
               * OS_TENANT_NAME (default: admin)
               * OS_DOMAIN_NAME (default: default-domain)
               * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0)
               * OS_INSECURE (default: True)
              login creds:
               * USERNAME (default: root)
               * PASSWORD (default: c0ntrail123)
              contrail service:
               * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint)
        '''
        pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)'
        if self.orchestrator.lower() != 'openstack':
            raise Exception('Please specify testbed info in $PARAMS_FILE '
                            'under "Basic" section, keyword "provFile"')
        if self.orchestrator.lower() == 'openstack':
            auth_url = os.getenv('OS_AUTH_URL', None) or \
                       'http://127.0.0.1:5000/v2.0'
            insecure = bool(os.getenv('OS_INSECURE', True))
            keystone = KeystoneCommands(self.stack_user,
                                        self.stack_password,
                                        self.stack_tenant,
                                        auth_url,
                                        region_name=self.region_name,
                                        insecure=insecure,
                                        logger=self.logger)
            match = re.match(pattern, keystone.get_endpoint('identity')[0])
            self.auth_ip = match.group('ip')
            self.auth_port = match.group('port')

        # Assume contrail-config runs in the same node as neutron-server
        discovery = os.getenv('DISCOVERY_IP', None) or \
                    (keystone and re.match(pattern,
                    keystone.get_endpoint('network')[0]).group('ip'))
        ds_client = VerificationDsSrv(discovery)
        services = ds_client.get_ds_services().info
        cfgm = database = services['config']
        collector = services['analytics']
        bgp = services['control-node']
        openstack = [self.auth_ip] if self.auth_ip else []
        computes = self.get_computes(cfgm[0])
        data = {'hosts': list()}
        hosts = cfgm + database + collector + bgp + computes + openstack
        username = os.getenv('USERNAME', 'root')
        password = os.getenv('PASSWORD', 'c0ntrail123')
        for host in set(hosts):
            with settings(host_string='%s@%s' % (username, host),
                          password=password,
                          warn_only=True):
                hname = run('hostname')
            hdict = {
                'ip': host,
                'data-ip': host,
                'control-ip': host,
                'username': username,
                'password': password,
                'name': hname,
                'roles': [],
            }
            if host in cfgm:
                hdict['roles'].append({'type': 'cfgm'})
            if host in collector:
                hdict['roles'].append({'type': 'collector'})
            if host in database:
                hdict['roles'].append({'type': 'database'})
            if host in bgp:
                hdict['roles'].append({'type': 'bgp'})
            if host in computes:
                hdict['roles'].append({'type': 'compute'})
            if host in openstack:
                hdict['roles'].append({'type': 'openstack'})
            data['hosts'].append(hdict)
        tempfile = NamedTemporaryFile(delete=False)
        with open(tempfile.name, 'w') as fd:
            json.dump(data, fd)
        return tempfile.name
Beispiel #23
0
class OpenstackAuth(OrchestratorAuth):
    def __init__(self,
                 user,
                 passwd,
                 project_name,
                 inputs=None,
                 logger=None,
                 auth_url=None,
                 region_name=None):
        self.inputs = inputs
        self.user = user
        self.passwd = passwd
        self.project = project_name
        self.logger = logger or contrail_logging.getLogger(__name__)
        self.insecure = bool(os.getenv('OS_INSECURE', True))
        if inputs:
            self.auth_url = inputs.auth_url
            self.region_name = inputs.region_name
        else:
            self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
            self.region_name = region_name or os.getenv('OS_REGION_NAME')
        self.reauth()

    def reauth(self):
        self.keystone = KeystoneCommands(username=self.user,
                                         password=self.passwd,
                                         tenant=self.project,
                                         auth_url=self.auth_url,
                                         insecure=self.insecure,
                                         region_name=self.region_name,
                                         logger=self.logger)

    def get_project_id(self, name=None):
        if not name or name == self.project:
            return self.keystone.get_id()
        return self.keystone.get_project_id(name)

    def create_project(self, name):
        return self.keystone.create_project(name)

    def delete_project(self, name):
        self.keystone.delete_project(name)

    def delete_user(self, user):
        self.keystone.delete_user(user)

    def create_user(self, user, password):
        try:
            self.keystone.create_user(user,
                                      password,
                                      email='',
                                      tenant_name=self.inputs.stack_tenant,
                                      enabled=True)
        except:
            self.logger.info("%s user already present" % (self.user))

    def add_user_to_project(self, user, project, role='admin'):
        try:
            self.keystone.add_user_to_tenant(project, user, role)
        except Exception as e:
            self.logger.info("%s user already added to project" % (user))

    def verify_service_enabled(self, service):
        try:
            for svc in self.keystone.services_list():
                if service in svc.name:
                    return True
                else:
                    continue
            return False
        except Exception as e:
            return False

    def get_auth_h(self):
        return self.keystone
Beispiel #24
0
class OpenstackAuth(OrchestratorAuth):

   def __init__(self, username, password, project_name,
                inputs=None, logger=None, auth_url=None, region_name=None,
                certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'):
       self.inputs = inputs
       self.user = username
       self.passwd = password
       self.project = project_name
       self.scope = scope
       self.logger = logger or contrail_logging.getLogger(__name__)
       if inputs:
           self.auth_url = inputs.auth_url
           self.region_name = inputs.region_name
           self.domain_name = domain_name or self.inputs.admin_domain
           self.keystone_certfile = self.inputs.keystonecertfile
           self.keystone_keyfile = self.inputs.keystonekeyfile
           self.certbundle = self.inputs.certbundle
           self.insecure = self.inputs.insecure
           self.scope = 'project' if inputs.use_project_scoped_token else scope
       else:
           self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
           self.region_name = region_name or os.getenv('OS_REGION_NAME')
           self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
           self.keystone_certfile = certfile
           self.keystone_keyfile = keyfile
           self.insecure = insecure
           self.certbundle = cacert
       self.reauth()

   def reauth(self):
       self.keystone = KeystoneCommands(username=self.user,
                                        password=self.passwd,
                                        tenant=self.project,
                                        domain_name=self.domain_name,
                                        auth_url=self.auth_url,
                                        insecure=self.insecure,
                                        region_name=self.region_name,
                                        cert=self.keystone_certfile,
                                        key=self.keystone_keyfile,
                                        cacert=self.certbundle,
                                        logger=self.logger,
                                        scope=self.scope)
       
   def get_domain_id(self, name='Default'):
        return self.keystone.get_domain_id(name)

   def get_project_id(self, name=None, domain_id=None):
       if not name or name == self.project:
           return self.keystone.get_id()
       return self.keystone.get_project_id(name, domain_id)

   def get_session(self,scope='domain'):
       return self.keystone.get_session(scope)

   def get_client(self,scope='domain'):
       return self.keystone.get_client(scope)

   def get_endpoint(self, service, interface='public'):
       return self.keystone.get_endpoint(service, interface)

   def get_token(self):
       return self.keystone.get_token()

   def create_domain(self,domain_name):
       return self.keystone.create_domain(domain_name)
        
   def delete_domain(self, domain_name):
       self.keystone.delete_domain(domain_name)
   
   def update_domain(self,domain_id, domain_name, description, enabled):
       return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name,
                                    description=description,enabled=enabled)
   
   def get_domain(self,domain_id):
       return self.keystone.get_domain(domain_id=domain_id) 

   def create_project(self, name, domain_name=None):
       return self.keystone.create_project(name, domain_name)

   def delete_project(self, name):
       self.keystone.delete_project(name)

   def delete_user(self, user):
       self.keystone.delete_user(user)

   def create_user(self, user, password, tenant_name=None, domain_name=None):
       try:
           self.keystone.create_user(user,password,email='',
                          tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True,
                          domain_name=domain_name)
       except:
           self.logger.info("%s user already present"%(self.user))

   def get_user_id(self, user):
       user_obj = self.keystone.get_user_dct(user)
       return user_obj.id if user_obj else None

   def create_role(self, role):
       self.keystone.create_role(role)

   def delete_role(self, role):
       self.keystone.delete_role(role)

   def add_user_to_domain(self, user, role='admin', domain=None):
       try:
           self.keystone.add_user_to_domain(user, role, domain)
       except Exception as e:
           self.logger.info("%s user already added to domain"%(user))

   def add_user_to_project(self, user, project, role='admin'):
       try:
           self.keystone.add_user_to_tenant(project, user, role)
       except Exception as e:
           self.logger.info("%s user already added to project"%(user))

   def remove_user_from_project(self, user, role, project):
       try:
           self.keystone.remove_user_from_tenant(project, user, role)
       except Exception as e:
           self.logger.exception("%s user already removed from project"%(user))

   def verify_service_enabled(self, service):
       try:
           for svc in self.keystone.services_list():
               if service in svc.name:
                   return True
               else:
                   continue
           return False
       except Exception as e:
           return False

   def get_auth_h(self):
       return self.keystone
 
   def create_user_group(self,group,domain_name):
       try:
           self.keystone.create_group(group,domain_name)
       except Exception as e:
           self.logger.info("%s user group already present"%(group))

   def delete_group(self,name):
        return self.keystone.delete_group(name=name)

   def add_user_to_group(self,user,group):
       try:
           self.keystone.add_user_to_group(user, group)
       except Exception as e:
           self.logger.info("%s user already added to group %s"%(user, group))

   def remove_user_from_group(self,user,group):
       try:
           self.keystone.remove_user_from_group(user, group)
       except Exception as e:
           self.logger.info("%s user already removed from group %s"%(user, group))

   def add_group_to_domain(self,group, role='admin', domain=None):
       try:
           self.keystone.add_group_to_domain(group, role='admin', domain=domain)
       except Exception as e:
           self.logger.info("%s group already added to domain"%(group,project))

   def remove_group_from_domain(self, group, role, domain=None):
       try:
           self.keystone.remove_group_from_domain(group, role, domain=None)
       except Exception as e:
           self.logger.info("%s group already removed from domain"%(group,domain))

   def add_group_to_tenant(self, project, group, role='admin'):
       try:
           self.keystone.add_group_to_tenant(project, group, role='admin')
       except Exception as e:
           self.logger.info("%s group already added to project"%(group,tenant))

   def remove_group_from_tenant(self,project, group, role):
       try:
           self.keystone.remove_group_from_tenant(project, group, role)
       except Exception as e:
           self.logger.info("%s group already removed from project"%(group,tenant))
Beispiel #25
0
class OpenstackAuth(OrchestratorAuth):
    def __init__(self,
                 username,
                 password,
                 project_name,
                 inputs=None,
                 logger=None,
                 auth_url=None,
                 region_name=None,
                 certfile=None,
                 keyfile=None,
                 cacert=None,
                 insecure=True,
                 domain_name=None,
                 scope='domain'):
        self.inputs = inputs
        self.user = username
        self.passwd = password
        self.project = project_name
        self.scope = scope
        self.logger = logger or contrail_logging.getLogger(__name__)
        if inputs:
            self.auth_url = inputs.auth_url
            self.region_name = inputs.region_name
            self.domain_name = domain_name or self.inputs.admin_domain
            self.keystone_certfile = self.inputs.keystonecertfile
            self.keystone_keyfile = self.inputs.keystonekeyfile
            self.certbundle = self.inputs.certbundle
            self.insecure = self.inputs.insecure
            self.scope = 'project' if inputs.use_project_scoped_token else scope
        else:
            self.auth_url = auth_url or os.getenv('OS_AUTH_URL')
            self.region_name = region_name or os.getenv('OS_REGION_NAME')
            self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME')
            self.keystone_certfile = certfile
            self.keystone_keyfile = keyfile
            self.insecure = insecure
            self.certbundle = cacert
        self.reauth()

    def reauth(self):
        self.keystone = KeystoneCommands(username=self.user,
                                         password=self.passwd,
                                         tenant=self.project,
                                         domain_name=self.domain_name,
                                         auth_url=self.auth_url,
                                         insecure=self.insecure,
                                         region_name=self.region_name,
                                         cert=self.keystone_certfile,
                                         key=self.keystone_keyfile,
                                         cacert=self.certbundle,
                                         logger=self.logger,
                                         scope=self.scope)

    def get_domain_id(self, name='Default'):
        return self.keystone.get_domain_id(name)

    def get_project_id(self, name=None, domain_id=None):
        if not name or name == self.project:
            return self.keystone.get_id()
        return self.keystone.get_project_id(name, domain_id)

    def get_session(self, scope='domain'):
        return self.keystone.get_session(scope)

    def get_client(self, scope='domain'):
        return self.keystone.get_client(scope)

    def get_endpoint(self, service, interface='public'):
        return self.keystone.get_endpoint(service, interface)

    def get_token(self):
        return self.keystone.get_token()

    def create_domain(self, domain_name):
        return self.keystone.create_domain(domain_name)

    def delete_domain(self, domain_name):
        self.keystone.delete_domain(domain_name)

    def update_domain(self, domain_id, domain_name, description, enabled):
        return self.keystone.update_domain(domain_id=domain_id,
                                           domain_name=domain_name,
                                           description=description,
                                           enabled=enabled)

    def get_domain(self, domain_id):
        return self.keystone.get_domain(domain_id=domain_id)

    def create_project(self, name, domain_name=None):
        return self.keystone.create_project(name, domain_name)

    def delete_project(self, name):
        self.keystone.delete_project(name)

    def delete_user(self, user):
        self.keystone.delete_user(user)

    def create_user(self, user, password, tenant_name=None, domain_name=None):
        try:
            self.keystone.create_user(user,
                                      password,
                                      email='',
                                      tenant_name=tenant_name
                                      or self.inputs.stack_tenant,
                                      enabled=True,
                                      domain_name=domain_name)
        except:
            self.logger.info("%s user already present" % (self.user))

    def get_user_id(self, user):
        user_obj = self.keystone.get_user_dct(user)
        return user_obj.id if user_obj else None

    def create_role(self, role):
        self.keystone.create_role(role)

    def delete_role(self, role):
        self.keystone.delete_role(role)

    def add_user_to_domain(self, user, role='admin', domain=None):
        try:
            self.keystone.add_user_to_domain(user, role, domain)
        except Exception as e:
            self.logger.info("%s user already added to domain" % (user))

    def add_user_to_project(self, user, project, role='admin'):
        try:
            self.keystone.add_user_to_tenant(project, user, role)
        except Exception as e:
            self.logger.info("%s user already added to project" % (user))

    def remove_user_from_project(self, user, role, project):
        try:
            self.keystone.remove_user_role(user, role, project)
        except Exception as e:
            self.logger.exception("%s user already removed from project" %
                                  (user))

    def verify_service_enabled(self, service):
        try:
            for svc in self.keystone.services_list():
                if service in svc.name:
                    return True
                else:
                    continue
            return False
        except Exception as e:
            return False

    def get_auth_h(self):
        return self.keystone

    def create_user_group(self, group, domain_name):
        try:
            self.keystone.create_group(group, domain_name)
        except Exception as e:
            self.logger.info("%s user group already present" % (group))

    def delete_group(self, name):
        return self.keystone.delete_group(name=name)

    def add_user_to_group(self, user, group):
        try:
            self.keystone.add_user_to_group(user, group)
        except Exception as e:
            self.logger.info("%s user already added to group %s" %
                             (user, group))

    def remove_user_from_group(self, user, group):
        try:
            self.keystone.remove_user_from_group(user, group)
        except Exception as e:
            self.logger.info("%s user already removed from group %s" %
                             (user, group))

    def add_group_to_domain(self, group, role='admin', domain=None):
        try:
            self.keystone.add_group_to_domain(group,
                                              role='admin',
                                              domain=domain)
        except Exception as e:
            self.logger.info("%s group already added to domain" %
                             (group, project))

    def remove_group_from_domain(self, group, role, domain=None):
        try:
            self.keystone.remove_group_from_domain(group, role, domain=None)
        except Exception as e:
            self.logger.info("%s group already removed from domain" %
                             (group, domain))

    def add_group_to_tenant(self, project, group, role='admin'):
        try:
            self.keystone.add_group_to_tenant(project, group, role='admin')
        except Exception as e:
            self.logger.info("%s group already added to project" %
                             (group, tenant))

    def remove_group_from_tenant(self, project, group, role):
        try:
            self.keystone.remove_group_from_tenant(project, group, role)
        except Exception as e:
            self.logger.info("%s group already removed from project" %
                             (group, tenant))
Beispiel #26
0
    class OpenstackDriver(OsVmMixin, OsVnMixin, OsSubnetMixin, OsPolicyMixin):
        ''' Api Driver class for Openstack Apis.

            This class wraps/abstracts all openstack apis, nova, neutron, etc.
            Any and all openstack libs calls must be added in this class.
            Provides create, read, update and delete methods for resources.
            Note: For resources defined in contrail-schema, the create & update
            methods expect resource desc (kwargs) to be in-sync with structure
            defined in contrail-schema (i.e, contrailv2 heat template).
        '''
        def __init__(self, username, password, project_id, project_name,
                     auth_url, endpoint_type, region_name, scope, cert, key,
                     cacert, domain_name, insecure, logger):
            self.logger = logger
            prj = project_id.replace('-', '')
            self._ks = KeystoneCommands(username=username,
                                        password=password,
                                        tenant=project_name,
                                        domain_name=domain_name,
                                        auth_url=auth_url,
                                        region_name=region_name,
                                        scope=scope,
                                        cert=cert,
                                        key=key,
                                        cacert=cacert,
                                        insecure=insecure,
                                        logger=logger)
            self._qh = neuc.Client(
                '2.0',
                session=self._ks.get_session(scope='project'),
                region_name=region_name)
            self._nh = novac.Client(
                '2',
                session=self._ks.get_session(scope='project'),
                region_name=region_name)

        @property
        def keystone_handle(self):
            return self._ks

        @property
        def quantum_handle(self):
            return self._qh

        @property
        def nova_handle(self):
            return self._nh

        def get_zones(self):
            try:
                zones = self._nh.availability_zones.list()
                return filter(lambda x: x.zoneName != 'internal', zones)
            except novaException.Forbidden:
                return None

        def get_hosts(self, zone=None):
            computes = self._get_nova_services(binary='nova-compute')
            if zone:
                computes = filter(lambda x: x.zone == zone.zoneName, computes)
            return computes

        def _get_nova_services(self, **kwargs):
            try:
                svcs = self._nh.services.list(**kwargs)
                svcs = filter(lambda x: x.state != 'down' and \
                                x.status != 'disabled', svcs)
                return svcs
            except novaException.Forbidden:
                return None

        def get_hypervisor(self, **kwargs):
            if kwargs:
                try:
                    return self._nh.hypervisors.find(**kwargs)
                except novaException.NotFound:
                    return None
            else:
                return self._nh.hypervisors.list()

        def get_flavor(self, name):
            try:
                return self._nh.flavors.find(name=name)
            except novaException.NotFound:
                return None

        def create_flavor(self, name, vcpus, ram, disk):
            self._nh.flavors.create(name=name, vcpus=vcpus, ram=ram, disk=disk)
            flavor = self.get_flavor(name)
            return flavor

        def get_image(self, name_or_id):
            try:
                return self._nh.images.get(name_or_id)
            except novaException.NotFound:
                try:
                    return self._nh.images.find(name=name_or_id)
                except novaException.NotFound:
                    return None
 def delete_user(self, user):
     kc = KeystoneCommands(username= self.inputs.stack_user,
                           password= self.inputs.stack_password,
                           tenant= self.inputs.project_name,
                           auth_url= self.auth_url, insecure=self.insecure)
     kc.delete_user(user)