def get_configured_credentials(credential_type, fill_in=True, identity_version=None): identity_version = identity_version or CONF.identity.auth_version if identity_version not in ('v2', 'v3'): raise exceptions.InvalidConfiguration('Unsupported auth version: %s' % identity_version) if credential_type not in CREDENTIAL_TYPES: raise exceptions.InvalidCredentials() conf_attributes = ['username', 'password', 'tenant_name'] if identity_version == 'v3': conf_attributes.append('domain_name') # Read the parts of credentials from config params = DEFAULT_PARAMS.copy() section, prefix = CREDENTIAL_TYPES[credential_type] for attr in conf_attributes: _section = getattr(CONF, section) if prefix is None: params[attr] = getattr(_section, attr) else: params[attr] = getattr(_section, prefix + "_" + attr) # Build and validate credentials. We are reading configured credentials, # so validate them even if fill_in is False credentials = get_credentials(fill_in=fill_in, **params) if not fill_in: if not credentials.is_valid(): msg = ("The %s credentials are incorrectly set in the config file." " Double check that all required values are assigned" % credential_type) raise exceptions.InvalidConfiguration(msg) return credentials
def resource_setup(cls): super(L3AgentSchedulerTestJSON, cls).resource_setup() body = cls.admin_client.list_agents() agents = body['agents'] for agent in agents: # TODO(armax): falling back on default _agent_mode can be # dropped as soon as Icehouse is dropped. agent_mode = ( agent['configurations'].get('agent_mode', cls._agent_mode)) if agent['agent_type'] == AGENT_TYPE and agent_mode in AGENT_MODES: cls.agent = agent break else: msg = "L3 Agent Scheduler enabled in conf, but L3 Agent not found" raise exceptions.InvalidConfiguration(msg) cls.router = cls.create_router(data_utils.rand_name('router')) # NOTE(armax): If DVR is an available extension, and the created router # is indeed a distributed one, more resources need to be provisioned # in order to bind the router to the L3 agent. # That said, let's preserve the existing test logic, where the extra # query and setup steps are only required if the extension is available # and only if the router's default type is distributed. if test.is_extension_enabled('dvr', 'network'): is_dvr_router = cls.admin_client.show_router( cls.router['id'])['router'].get('distributed', False) if is_dvr_router: cls.network = cls.create_network() cls.create_subnet(cls.network) cls.port = cls.create_port(cls.network) cls.client.add_router_interface_with_port_id( cls.router['id'], cls.port['id'])
def _get_creds(self, roles=None): if self.use_default_creds: raise exceptions.InvalidConfiguration( "Account file %s doesn't exist" % CONF.auth.test_accounts_file) useable_hashes = self._get_match_hash_list(roles) free_hash = self._get_free_hash(useable_hashes) return self.hash_dict['creds'][free_hash]
def _get_match_hash_list(self, roles=None): hashes = [] if roles: # Loop over all the creds for each role in the subdict and generate # a list of cred lists for each role for role in roles: temp_hashes = self.hash_dict['roles'].get(role, None) if not temp_hashes: raise exceptions.InvalidConfiguration( "No credentials with role: %s specified in the " "accounts ""file" % role) hashes.append(temp_hashes) # Take the list of lists and do a boolean and between each list to # find the creds which fall under all the specified roles temp_list = set(hashes[0]) for hash_list in hashes[1:]: temp_list = temp_list & set(hash_list) hashes = temp_list else: hashes = self.hash_dict['creds'].keys() # NOTE(mtreinish): admin is a special case because of the increased # privlege set which could potentially cause issues on tests where that # is not expected. So unless the admin role isn't specified do not # allocate admin. admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role, None) if ((not roles or CONF.identity.admin_role not in roles) and admin_hashes): useable_hashes = [x for x in hashes if x not in admin_hashes] else: useable_hashes = hashes return useable_hashes
def is_multi_user(self): # Default credentials is not a valid option with locking Account if self.use_default_creds: raise exceptions.InvalidConfiguration( "Account file %s doesn't exist" % CONF.auth.test_accounts_file) else: return len(self.hash_dict['creds']) > 1
def get_creds(self, id, roles=None): try: hashes = self._get_match_hash_list(roles) # No need to sort the dict as within the same python process # the HASH seed won't change, so subsequent calls to keys() # will return the same result _hash = hashes[id] except IndexError: msg = 'Insufficient number of users provided' raise exceptions.InvalidConfiguration(msg) return self.hash_dict['creds'][_hash]
def _create_network_resources(self, tenant_id): network = None subnet = None router = None # Make sure settings if self.network_resources: if self.network_resources['router']: if (not self.network_resources['subnet'] or not self.network_resources['network']): raise exceptions.InvalidConfiguration( 'A router requires a subnet and network') elif self.network_resources['subnet']: if not self.network_resources['network']: raise exceptions.InvalidConfiguration( 'A subnet requires a network') elif self.network_resources['dhcp']: raise exceptions.InvalidConfiguration('DHCP requires a subnet') data_utils.rand_name_root = data_utils.rand_name(self.name) if not self.network_resources or self.network_resources['network']: network_name = data_utils.rand_name_root + "-network" network = self._create_network(network_name, tenant_id) try: if not self.network_resources or self.network_resources['subnet']: subnet_name = data_utils.rand_name_root + "-subnet" subnet = self._create_subnet(subnet_name, tenant_id, network['id']) if not self.network_resources or self.network_resources['router']: router_name = data_utils.rand_name_root + "-router" router = self._create_router(router_name, tenant_id) self._add_router_interface(router['id'], subnet['id']) except Exception: if router: self._clear_isolated_router(router['id'], router['name']) if subnet: self._clear_isolated_subnet(subnet['id'], subnet['name']) if network: self._clear_isolated_network(network['id'], network['name']) raise return network, subnet, router
def _unique_creds(self, cred_arg=None): """Verify that the configured credentials are valid and distinct """ if self.use_default_creds: try: user = self.get_primary_creds() alt_user = self.get_alt_creds() return getattr(user, cred_arg) != getattr(alt_user, cred_arg) except exceptions.InvalidCredentials as ic: msg = "At least one of the configured credentials is " \ "not valid: %s" % ic raise exceptions.InvalidConfiguration(msg) else: # TODO(andreaf) Add a uniqueness check here return len(self.hash_dict['creds']) > 1
def resource_setup(cls): super(L3AgentSchedulerTestJSON, cls).resource_setup() body = cls.admin_client.list_agents() agents = body['agents'] for agent in agents: # TODO(armax): falling back on default _agent_mode can be # dropped as soon as Icehouse is dropped. agent_mode = ( agent['configurations'].get('agent_mode', cls._agent_mode)) if agent['agent_type'] == AGENT_TYPE and agent_mode in AGENT_MODES: cls.agent = agent break else: msg = "L3 Agent Scheduler enabled in conf, but L3 Agent not found" raise exceptions.InvalidConfiguration(msg) cls.router = cls.create_router(data_utils.rand_name('router'))
def _get_free_hash(self, hashes): # Cast as a list because in some edge cases a set will be passed in hashes = list(hashes) if not os.path.isdir(self.accounts_dir): os.mkdir(self.accounts_dir) # Create File from first hash (since none are in use) self._create_hash_file(hashes[0]) return hashes[0] names = [] for _hash in hashes: res = self._create_hash_file(_hash) if res: return _hash else: path = os.path.join(os.path.join(self.accounts_dir, _hash)) with open(path, 'r') as fd: names.append(fd.read()) msg = ('Insufficient number of users provided. %s have allocated all ' 'the credentials for this allocation request' % ','.join(names)) raise exceptions.InvalidConfiguration(msg)
def __init__(self, auth_url, disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None): dscv = disable_ssl_certificate_validation super(V3TokenClientJSON, self).__init__(None, None, None, disable_ssl_certificate_validation=dscv, ca_certs=ca_certs, trace_requests=trace_requests) if not auth_url: raise exceptions.InvalidConfiguration('you must specify a v3 uri ' 'if using the v3 identity ' 'api') if 'auth/tokens' not in auth_url: auth_url = auth_url.rstrip('/') + '/auth/tokens' self.auth_url = auth_url
def get_unused_ip(cls, net_id, ip_version=None): """Get an unused ip address in a allocaion pool of net""" body = cls.admin_client.list_ports(network_id=net_id) ports = body['ports'] used_ips = [] for port in ports: used_ips.extend( [fixed_ip['ip_address'] for fixed_ip in port['fixed_ips']]) body = cls.admin_client.list_subnets(network_id=net_id) subnets = body['subnets'] for subnet in subnets: if ip_version and subnet['ip_version'] != ip_version: continue cidr = subnet['cidr'] allocation_pools = subnet['allocation_pools'] iterators = [] if allocation_pools: for allocation_pool in allocation_pools: iterators.append( netaddr.iter_iprange(allocation_pool['start'], allocation_pool['end'])) else: net = netaddr.IPNetwork(cidr) def _iterip(): for ip in net: if ip not in (net.network, net.broadcast): yield ip iterators.append(iter(_iterip())) for iterator in iterators: for ip in iterator: if str(ip) not in used_ips: return str(ip) message = ("net(%s) has no usable IP address in allocation pools" % net_id) raise exceptions.InvalidConfiguration(message)
def get_creds_by_roles(self, roles, force_new=False): roles = list(set(roles)) exist_creds = self.isolated_creds.get(str(roles), None) index = 0 if exist_creds and not force_new: return exist_creds elif exist_creds and force_new: new_index = str(roles) + '-' + str(len(self.isolated_creds)) self.isolated_creds[new_index] = exist_creds # Figure out how many existing creds for this roles set are present # use this as the index the returning hash list to ensure separate # creds are returned with force_new being True for creds_names in self.isolated_creds: if str(roles) in creds_names: index = index + 1 if not self.use_default_creds: creds = self.get_creds(index, roles=roles) role_credential = cred_provider.get_credentials(**creds) self.isolated_creds[str(roles)] = role_credential else: msg = "Default credentials can not be used with specifying "\ "credentials by roles" raise exceptions.InvalidConfiguration(msg) return role_credential