def _get_private_key(self, source_creds, source_url):
source_private_key = ''
if source_creds:
cfg.CONF.import_opt('system_param_store',
'solum.api.handlers.plan_handler',
group='api')
store = cfg.CONF.api.system_param_store
if store == 'database':
deploy_keys_str = base64.b64decode(source_creds)
elif store == 'barbican':
client = clients.OpenStackClients(None).barbican().admin_client
secret = client.secrets.get(secret_ref=source_creds)
deploy_keys_str = secret.payload
elif store == 'local_file':
cfg.CONF.import_opt('system_param_file',
'solum.api.handlers.plan_handler',
group='api')
secrets_file = cfg.CONF.api.system_param_file
s = shelve.open(secrets_file)
deploy_keys_str = s[str(source_creds)]
deploy_keys_str = base64.b64decode(deploy_keys_str)
s.close()
deploy_keys = ast.literal_eval(deploy_keys_str)
for dk in deploy_keys:
if source_url == dk['source_url']:
source_private_key = dk['private_key']
return source_private_key
def test_clients_barbican_noauth(self):
dummy_url = 'http://server.test:5000/v2.0'
cfg.CONF.set_override('auth_uri',
dummy_url,
group='keystone_authtoken')
cfg.CONF.set_override('admin_user',
'solum',
group='keystone_authtoken')
cfg.CONF.set_override('admin_password',
'verybadpass',
group='keystone_authtoken')
cfg.CONF.set_override('admin_tenant_name',
'service',
group='keystone_authtoken')
obj = clients.OpenStackClients(None)
# try to create and store a secret
try:
bclient = obj.barbican().admin_client
secret = bclient.secrets.create(name="test", payload="test")
secret.store()
except exceptions.ConnectionRefused:
self.assertTrue(True)
except exceptions.RequestTimeout:
self.assertTrue(True)
def test_url_for(self, mock_keystone):
obj = clients.OpenStackClients(None)
obj.url_for(service_type='fake_service', endpoint_type='fake_endpoint')
mock_cat = mock_keystone.return_value.client.service_catalog
mock_cat.url_for.assert_called_once_with(service_type='fake_service',
endpoint_type='fake_endpoint')
def get_heat_client(ctxt, app):
# raw_content = json.loads(app.raw_content)
# username = raw_content['username']
# encoded_password = raw_content['password'].encode('ISO-8859-1')
# decrypted_password = utils.decrypt(encoded_password)
# password = decrypted_password
# tenant_name = raw_content['tenant_name']
# auth_url = cfg.CONF.keystone_authtoken.auth_uri
# ks_kwargs = {
# 'username': username,
# 'password': password,
# 'tenant_name': tenant_name,
# 'auth_url': auth_url
# }
# k_client = ksclient.Client(**ks_kwargs)
# auth_token = k_client.auth_token
osc = clients.OpenStackClients(ctxt)
# TODO(zhurong): Following works for github triggers.
# We should accommodate it with the current workflow.
# See for details: https://bugs.launchpad.net/solum/+bug/1671871
# heat = osc.heat(username, password, auth_token)
heat = osc.heat(token=ctxt.auth_token)
return heat
def delete_heat_stack(self, ctxt, assem_id):
osc = clients.OpenStackClients(ctxt)
assem = objects.registry.Assembly.get_by_id(ctxt, assem_id)
stack_id = self._find_id_if_stack_exists(osc, assem)
if stack_id is not None:
osc.heat().stacks.delete(stack_id)
wait_interval = cfg.CONF.deployer.wait_interval
growth_factor = cfg.CONF.deployer.growth_factor
stack_name = self._get_stack_name(assem)
for count in range(cfg.CONF.deployer.max_attempts):
stack_id = self._get_stack_id_from_heat(osc, stack_name)
if stack_id is None:
break
time.sleep(wait_interval)
wait_interval *= growth_factor
if stack_id is None:
assem.destroy(ctxt)
return
if stack_id is not None:
assem.status = STATES.ERROR_STACK_DELETE_FAILED
assem.save(ctxt)
def __init__(self, context, assembly, lp_type, image_storage):
super(DockerHandler, self).__init__(context, assembly, image_storage)
self.lp_type = lp_type
self.lp = None
if self.image_storage == 'glance':
self.glance = clients.OpenStackClients(context).glance()
def test_clients_barbican(self, mock_sess, mock_call):
mock_sess.return_value = "keystone_session"
mock_call.return_value = "barbican_client_handle"
obj = clients.OpenStackClients(None)
self.assertEqual(None, obj._barbican)
obj.barbican().admin_client
self.assertNotEqual(None, obj._barbican)
mock_call.assert_called_once_with(session='keystone_session')
def test_clients_glance_noauth(self):
con = mock.MagicMock()
con.auth_token = None
con.auth_token_info = None
con.tenant = "b363706f891f48019483f8bd6503c54d"
obj = clients.OpenStackClients(con)
obj._glance = None
self.assertRaises(exception.AuthorizationFailure, obj.glance)
def test_clients_barbican_cached(self, mock_sess, mock_auth, mock_call):
mock_auth.return_value = "keystone_auth_handle"
mock_call.return_value = "barbican_client_handle"
mock_sess.return_value = "keystone_session"
obj = clients.OpenStackClients(None)
barbican_admin = obj.barbican().admin_client
barbican_admin_cached = obj.barbican().admin_client
self.assertEqual(barbican_admin, barbican_admin_cached)
mock_call.assert_called_once_with(session='keystone_session')
def test_clients_barbican(self, mock_sess, mock_call):
# TODO(zhurong): should unskip the test
self.skipTest('Skipping this test for bug #1686560')
mock_sess.return_value = "keystone_session"
mock_call.return_value = "barbican_client_handle"
obj = clients.OpenStackClients(None)
self.assertIsNone(obj._barbican)
obj.barbican().admin_client
self.assertIsNotNone(obj._barbican)
mock_call.assert_called_once_with(session='keystone_session')
def test_clients_glance_cached(self, mock_url, mock_call):
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54d"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._glance = None
glance = obj.glance()
glance_cached = obj.glance()
self.assertEqual(glance, glance_cached)
def test_clients_mistral_noauth(self):
# TODO(zhurong): should unskip the test
self.skipTest('Skipping this test for bug #1686560')
con = mock.MagicMock()
con.auth_token = None
con.auth_token_info = None
con.tenant = "b363706f891f48019483f8bd6503c54d"
obj = clients.OpenStackClients(con)
obj._mistral = None
self.assertRaises(exception.AuthorizationFailure, obj.mistral)
def test_clients_marconi_cached(self, mock_auth, mock_url):
mock_auth.__get__ = mock.Mock(return_value="keystone_url")
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54b"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._marconi = None
marconi = obj.marconi()
marconi_cached = obj.marconi()
self.assertEqual(marconi, marconi_cached)
def test_clients_barbican_cached(self, mock_sess, mock_auth, mock_call):
# TODO(zhurong): should unskip the test
self.skipTest('Skipping this test for bug #1686560')
mock_auth.return_value = "keystone_auth_handle"
mock_call.return_value = "barbican_client_handle"
mock_sess.return_value = "keystone_session"
obj = clients.OpenStackClients(None)
barbican_admin = obj.barbican().admin_client
barbican_admin_cached = obj.barbican().admin_client
self.assertEqual(barbican_admin, barbican_admin_cached)
mock_call.assert_called_once_with(session='keystone_session')
def _deploy_infra(self, image_id):
osc = clients.OpenStackClients(self.context)
parameters = {'image': image_id}
template = catalog.get('templates', 'infra')
created_stack = osc.heat().stacks.create(stack_name='infra',
template=template,
parameters=parameters)
return created_stack['stack']['id']
def test_clients_glance(self, mock_url, mock_call):
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54d"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._glance = None
obj.glance()
mock_call.assert_called_once_with(
'2', 'url_from_keystone', token='3bcc3d3a03f44e3d8377f9247b0ad155')
mock_url.assert_called_once_with(service_type='image',
endpoint_type='publicURL')
def test_clients_swift(self, mock_url, mock_call):
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54b"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._swift = None
obj.swift()
mock_call.assert_called_once_with(
auth_version="2.0", os_options={'endpoint_type': 'publicURL'},
cacert=None, preauthurl="url_from_keystone", insecure=False,
preauthtoken="3bcc3d3a03f44e3d8377f9247b0ad155")
def _generate_sys_params(self, plan_obj, data):
# NOTE: this method may modify the input 'data'
sys_params = {}
deploy_keys = []
for artifact in data.get('artifacts', []):
if (('content' not in artifact)
or ('private' not in artifact['content'])
or (not artifact['content']['private'])):
continue
new_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = new_key.public_key().public_bytes(
serialization.Encoding.OpenSSH,
serialization.PublicFormat.OpenSSH)
private_key = new_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
artifact['content']['public_key'] = public_key
deploy_keys.append({
'source_url': artifact['content']['href'],
'private_key': private_key
})
if deploy_keys:
encoded_payload = base64.b64encode(bytes(str(deploy_keys)))
repo_deploy_keys = ''
if sys_param_store == 'database':
repo_deploy_keys = encoded_payload
elif sys_param_store == 'local_file':
secrets_file = CONF.api.system_param_file
try:
os.makedirs(os.path.dirname(secrets_file), 0o700)
except OSError as ex:
if ex.errno != errno.EEXIST:
raise
s = shelve.open(secrets_file)
try:
s[plan_obj.uuid] = encoded_payload
repo_deploy_keys = plan_obj.uuid
finally:
s.close()
elif sys_param_store == 'barbican':
client = clients.OpenStackClients(None).barbican().admin_client
repo_deploy_keys = client.secrets.create(
name=plan_obj.uuid,
payload=encoded_payload,
payload_content_type='application/octet-stream',
payload_content_encoding='base64').store()
if repo_deploy_keys:
sys_params['REPO_DEPLOY_KEYS'] = repo_deploy_keys
return sys_params
def test_clients_heat_noauth(self):
con = mock.MagicMock()
con.auth_token = None
con.auth_token_info = None
con.tenant = "b363706f891f48019483f8bd6503c54b"
auth_url = mock.PropertyMock(name="auth_url",
return_value="keystone_url")
type(con).auth_url = auth_url
con.get_url_for = mock.Mock(name="get_url_for")
con.get_url_for.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._heat = None
self.assertRaises(exception.AuthorizationFailure, obj.heat)
def test_clients_mistral(self, mock_url, mock_call):
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54d"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._mistral = None
obj.mistral()
mock_call.assert_called_once_with(
mistral_url='url_from_keystone',
auth_token='3bcc3d3a03f44e3d8377f9247b0ad155')
mock_url.assert_called_once_with(service_type='workflow',
endpoint_type='publicURL',
region_name='RegionOne')
def test_clients_neutron(self, mock_auth, mock_url, mock_call):
mock_auth.__get__ = mock.Mock(return_value="keystone_url")
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54b"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
con.auth_url = "keystone_url"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._neutron = None
obj.neutron()
mock_call.assert_called_once_with(
'2.0', endpoint_url='url_from_keystone', username=None,
token='3bcc3d3a03f44e3d8377f9247b0ad155', auth_url='keystone_url',
ca_cert=None, password=None, insecure=False)
def test_clients_zaqar_noauth(self):
# TODO(zhurong): should unskip the test
self.skipTest('Skipping this test for bug #1686560')
con = mock.MagicMock()
con.auth_token = None
con.auth_token_info = None
con.tenant = "b363706f891f48019483f8bd6503c54b"
auth_url = mock.PropertyMock(name="auth_url",
return_value="keystone_url")
type(con).auth_url = auth_url
con.get_url_for = mock.Mock(name="get_url_for")
con.get_url_for.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._zaqar = None
self.assertRaises(exception.AuthorizationFailure, obj.zaqar)
def _ensure_workbook(self, pipeline):
osc = clients.OpenStackClients(self.context)
try:
osc.mistral().workbooks.get(pipeline.workbook_name)
except Exception as excp:
if 'Workbook not found' in str(excp):
definition = catalog.get('workbooks', pipeline.workbook_name)
# create the workbook for the user.
osc.mistral().workbooks.create(pipeline.workbook_name,
'solum generated workbook',
['solum', 'builtin'])
osc.mistral().workbooks.upload_definition(
pipeline.workbook_name, definition)
else:
raise
def get_du_details(self, ctxt, du_id):
du_loc = None
du_name = None
du_image_backend = cfg.CONF.worker.image_storage
if du_image_backend.lower() == 'glance':
img = clients.OpenStackClients(ctxt).glance().images.get(du_id)
du_loc = img.id
du_name = img.name
elif du_image_backend.lower() == 'swift':
raise exception.NotImplemented()
else:
LOG.error("Invalid image storage option.")
raise exception.ResourceNotFound()
return du_loc, du_name
def _destroy_other_assemblies(self, ctxt, assembly_id):
# Except current app's stack, destroy all other app stacks
# We query the newly deployed assembly's object here to
# ensure that we get most up-to-date value for created_at attribute.
# If we use the already available object then there is a possibility
# that the attribute does not have the most up-to-date value due to the
# possibility that SQLAlchemy might not synchronize object's db state
# with its in-memory representation.
new_assembly = objects.registry.Assembly.get_by_id(ctxt, assembly_id)
# Fetch all assemblies by plan id, and self.destroy() them.
new_assem_id = new_assembly.id
app_id = new_assembly.plan_id
created_at = new_assembly.created_at
assemblies = objects.registry.AssemblyList.get_earlier(
new_assem_id, app_id, STATES.READY, created_at)
for assem in assemblies:
if assem.id == new_assembly.id:
continue
# Just delete the old heat stacks and don't delete assemblies
stack_id = self._find_id_if_stack_exists(assem)
osc = clients.OpenStackClients(ctxt)
try:
LOG.debug("Deleting Heat stack %s", stack_id)
osc.heat().stacks.delete(stack_id)
except exc.HTTPNotFound:
# stack already deleted
LOG.debug("Heat stack not found %s", stack_id)
continue
except Exception as e:
LOG.exception(e)
continue
# wait for deletion to complete
wait_interval = cfg.CONF.deployer.wait_interval
growth_factor = cfg.CONF.deployer.growth_factor
stack_name = self._get_stack_name(assem)
for count in range(cfg.CONF.deployer.max_attempts):
try:
# Must use stack_name for expecting a 404
osc.heat().stacks.get(stack_name)
except exc.HTTPNotFound:
LOG.debug("Heat stack deleted %s", stack_id)
continue
time.sleep(wait_interval)
wait_interval *= growth_factor
def test_clients_heat(self, mock_auth, mock_url, mock_call):
mock_auth.__get__ = mock.Mock(return_value="keystone_url")
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54b"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
con.auth_url = "keystone_url"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._heat = None
obj.heat()
mock_call.assert_called_once_with(
'1', 'url_from_keystone', username=None,
cert_file=None, token='3bcc3d3a03f44e3d8377f9247b0ad155',
auth_url='keystone_url', ca_file=None, key_file=None,
password=None, insecure=False)
mock_url.assert_called_once_with(service_type='orchestration',
endpoint_type='publicURL')
def deploy(self, ctxt, assembly_id, image_id):
osc = clients.OpenStackClients(ctxt)
assem = objects.registry.Assembly.get_by_id(ctxt, assembly_id)
parameters = {'app_name': assem.name, 'image': image_id}
parameters.update(heat_utils.get_network_parameters(osc))
# TODO(asalkeld) support template flavors (maybe an autoscaling one)
# this could also be stored in glance.
template_flavor = 'basic'
try:
template = catalog.get('templates', template_flavor)
except exception.ObjectNotFound as onf_ex:
LOG.excepion(onf_ex)
assem.status = STATES.ERROR
assem.save(ctxt)
return
stack_name = self._get_stack_name(assem)
stack_id = self._find_id_if_stack_exists(osc, assem)
if stack_id is not None:
osc.heat().stacks.update(stack_id,
stack_name=stack_name,
template=template,
parameters=parameters)
else:
created_stack = osc.heat().stacks.create(stack_name=stack_name,
template=template,
parameters=parameters)
stack_id = created_stack['stack']['id']
comp_name = 'Heat_Stack_for_%s' % assem.name
comp_description = 'Heat Stack %s' % (
yaml.load(template).get('description'))
objects.registry.Component.assign_and_create(
ctxt, assem, comp_name, 'Heat Stack', comp_description,
created_stack['stack']['links'][0]['href'], stack_id)
assem.status = STATES.DEPLOYING
assem.save(ctxt)
self._update_assembly_status(ctxt, assem, osc, stack_id)
def _delete_params(self, plan_id):
param_obj = objects.registry.Parameter.get_by_plan_id(self.context,
plan_id)
if param_obj:
sys_params = param_obj.sys_defined_params
if sys_params and 'REPO_DEPLOY_KEYS' in sys_params:
# sys_params['REPO_DEPLOY_KEYS'] is just a reference to
# deploy keys when sys_param_store is not 'database'
if sys_param_store == 'local_file':
secrets_file = CONF.api.system_param_file
s = shelve.open(secrets_file)
del s[sys_params['REPO_DEPLOY_KEYS'].encode("utf-8")]
s.close()
elif sys_param_store == 'barbican':
osc = clients.OpenStackClients(None)
client = osc.barbican().admin_client
client.secrets.delete(sys_params['REPO_DEPLOY_KEYS'])
param_obj.destroy(self.context)
def test_clients_marconi(self, mock_auth, mock_url, mock_call):
mock_auth.__get__ = mock.Mock(return_value="keystone_url")
con = mock.MagicMock()
con.tenant = "b363706f891f48019483f8bd6503c54b"
con.auth_token = "3bcc3d3a03f44e3d8377f9247b0ad155"
con.auth_url = "keystone_url"
mock_url.return_value = "url_from_keystone"
obj = clients.OpenStackClients(con)
obj._marconi = None
obj.marconi()
conf = {'auth_opts':
{'backend': 'keystone',
'options':
{'os_auth_token': '3bcc3d3a03f44e3d8377f9247b0ad155',
'os_auth_url': 'keystone_url',
'insecure': False}
}
}
mock_call.assert_called_once_with('url_from_keystone', conf=conf)
def get_heat_client(ctxt, app):
raw_content = json.loads(app.raw_content)
username = raw_content['username']
encoded_password = raw_content['password'].encode('ISO-8859-1')
decrypted_password = utils.decrypt(encoded_password)
password = decrypted_password
tenant_name = raw_content['tenant_name']
auth_url = cfg.CONF.keystone_authtoken.auth_uri
ks_kwargs = {
'username': username,
'password': password,
'tenant_name': tenant_name,
'auth_url': auth_url
}
k_client = ksclient.Client(**ks_kwargs)
auth_token = k_client.auth_token
osc = clients.OpenStackClients(ctxt)
heat = osc.heat(username, password, auth_token)
return heat
