def try_deploy_instance(self, create_params, conf):
with keystone.AddAdminUserToNonAdminTenant(
self.identity.keystone_client, conf.cloud.user,
conf.cloud.tenant):
nclient = self.proxy(self.get_client(conf), conf)
new_id = self.create_instance(nclient, **create_params)
try:
self.wait_for_status(new_id,
self.get_status,
'active',
timeout=conf.migrate.boot_timeout,
stop_statuses=[ERROR])
except (exception.TimeoutException,
signal_handler.InterruptedException):
LOG.warning("Failed to create instance '%s'", new_id)
if self.instance_exists(new_id):
self.reset_state(new_id)
instance = self.get_instance(new_id)
if hasattr(instance, 'fault') and instance.fault:
LOG.debug("Error message of failed instance '%s': %s",
new_id, instance.fault)
self.failed_instances.append(new_id)
raise
self.processing_instances.append(new_id)
return new_id
def get_server_group_id_by_vm(self, instance_id, instance_tenant):
"""
Get Nova Server Group by it's member
:param instance_id: VM's ID
:param instance_tenant: VM's tenant name
:return str: Nova Server Group ID
"""
client_config = copy.deepcopy(self.config)
client_config.cloud.tenant = instance_tenant
with keystone.AddAdminUserToNonAdminTenant(
self.identity.keystone_client, client_config.cloud.user,
instance_tenant):
nclient = self.compute.get_client(client_config)
try:
server_group_list = nclient.server_groups.list()
except nova_exc.NotFound:
LOG.info("Cloud does not support server_groups")
return
for server_group in server_group_list:
if instance_id in server_group.members:
return server_group.id
LOG.debug("Instance '%s' is not a member of any server group...",
instance_id)
def create_volume(self, size, **kwargs):
"""Creates volume of given size
:raises: OverLimit in case quota exceeds for tenant
"""
cinder = self.cinder_client
tenant_id = kwargs.get('project_id')
# If migrated volume needs to be created on non default volume_type
kwargs['volume_type'] = self.attr_override.get_attr(
kwargs, 'volume_type')
# if volume needs to be created in non-admin tenant, re-auth is
# required in that tenant
if tenant_id:
identity = self.cloud.resources[utils.IDENTITY_RESOURCE]
ks = identity.keystone_client
user = self.config.cloud.user
with keystone.AddAdminUserToNonAdminTenant(ks, user, tenant_id):
tenant = ks.tenants.get(tenant_id)
cinder = self.proxy(self.get_client(tenant=tenant.name),
self.config)
with proxy_client.expect_exception(cinder_exc.OverLimit):
return cinder.volumes.create(size, **kwargs)
else:
with proxy_client.expect_exception(cinder_exc.OverLimit):
return cinder.volumes.create(size, **kwargs)
def test_user_role_is_removed_on_scope_exit(self):
ksclient = mock.MagicMock()
member_role = mock.Mock()
member_role.name = 'admin'
user = mock.MagicMock()
user.name = 'adm'
tenant = mock.MagicMock()
tenant.name = 'tenant'
ksclient.roles.list.return_value = [member_role]
ksclient.users.list.return_value = [user]
ksclient.tenants.list.return_value = [tenant]
ksclient.roles.roles_for_user.return_value = []
with keystone.AddAdminUserToNonAdminTenant(ksclient, 'adm', 'tenant'):
pass
assert ksclient.roles.add_user_role.called
assert ksclient.roles.remove_user_role.called
def test_nothing_happens_if_admin_is_already_member_of_a_tenant(self):
ksclient = mock.MagicMock()
role_name = 'member'
member_role = mock.Mock()
member_role.name = role_name
user = mock.MagicMock()
user.name = 'adm'
tenant = mock.MagicMock()
tenant.name = 'tenant'
ksclient.roles.list.return_value = [member_role]
ksclient.users.list.return_value = [user]
ksclient.tenants.list.return_value = [tenant]
ksclient.roles.roles_for_user.return_value = [member_role]
with keystone.AddAdminUserToNonAdminTenant(ksclient,
'adm',
'tenant',
member_role=role_name):
pass
assert not ksclient.roles.add_user_role.called
assert not ksclient.roles.remove_user_role.called