def tenant_access_ls(args):
    """ Handle tenant access ls command """
    name = args.name
    error_info, privileges = auth_api._tenant_access_ls(name)
    if error_info:
        return operation_fail(error_info.msg)

    header = tenant_access_ls_headers()
    rows = generate_tenant_access_ls_rows(privileges)
    print(cli_table.create(header, rows))
def create_default_tenant_and_privileges(test_obj):
    """ Create default tenant and privilege if not exist"""

    # create DEFAULT tenant if needed
    error_info, tenant_uuid, tenant_name = auth.get_default_tenant()
    if not tenant_uuid:
        logging.debug("create_default_tenant_and_privileges: create DEFAULT tenant")
        error_info, tenant = auth_api._tenant_create(
                                        name=auth_data_const.DEFAULT_TENANT,
                                        default_datastore=auth_data_const.VM_DS,
                                        description=auth_data_const.DEFAULT_TENANT_DESCR,
                                        vm_list=[],
                                        privileges=[])

        if error_info:
            logging.warning(error_info.msg)
        test_obj.assertEqual(error_info, None)

    error_info, existing_privileges = auth_api._tenant_access_ls(auth_data_const.DEFAULT_TENANT)
    test_obj.assertEqual(error_info, None)

    # create access privilege to datastore "_ALL_DS" for _DEFAULT tenant if needed
    if not auth_api.privilege_exist(existing_privileges, auth_data_const.ALL_DS_URL):
        error_info = auth_api._tenant_access_add(name=auth_data_const.DEFAULT_TENANT,
                                                datastore=auth_data_const.ALL_DS,
                                                allow_create=True)

        if error_info:
            logging.warning(error_info.msg)
        test_obj.assertEqual(error_info, None)

    # create access privilege to datastore "_VM_DS" for _DEFAULT tenant if needed
    if not auth_api.privilege_exist(existing_privileges, auth_data_const.VM_DS_URL):
        error_info = auth_api._tenant_access_add(name=auth_data_const.DEFAULT_TENANT,
                                                datastore=auth_data_const.VM_DS,
                                                allow_create=True)

        if error_info:
            logging.warning(error_info.msg)
        test_obj.assertEqual(error_info, None)
Example #3
0
    def test_tenant_access(self):
        """ Test AdminCLI command for tenant access management """

        # create tenant1 without adding any vms and privileges
        # the "default_datastore" will be set to "_VM_DS"
        # a full access privilege will be created for tenant1
        error_info, tenant = auth_api._tenant_create(
            name=self.tenant1_name,
            default_datastore=auth_data_const.VM_DS,
            description="Test tenant1",
            vm_list=[self.vm1_name],
            privileges=[])
        self.assertEqual(None, error_info)

        # now, should only have privilege to ""_VM_DS
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
            privileges, self.tenant1_name)
        self.assertEqual(1, len(rows))
        expected_output = [auth_data_const.VM_DS, "True", "Unset", "Unset"]
        actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # remove the privilege to "_VM_DS", which should fail
        # since "_VM_DS still the "default_datastore" for tenant1
        error_info = auth_api._tenant_access_rm(
            name=self.tenant1_name, datastore=auth_data_const.VM_DS)
        self.assertNotEqual(None, error_info)

        # add a access privilege for tenant to self.datastore_name
        # allow_create = False
        # max_volume size = 600MB
        # total_volume size = 1GB
        volume_maxsize_in_MB = convert.convert_to_MB("600MB")
        volume_totalsize_in_MB = convert.convert_to_MB("1GB")
        error_info = auth_api._tenant_access_add(
            name=self.tenant1_name,
            datastore=self.datastore_name,
            allow_create=False,
            volume_maxsize_in_MB=volume_maxsize_in_MB,
            volume_totalsize_in_MB=volume_totalsize_in_MB)
        self.assertEqual(None, error_info)

        # update the "default_datastore" to self.datastore_name
        error_info = auth_api._tenant_update(
            name=self.tenant1_name, default_datastore=self.datastore_name)
        self.assertEqual(None, error_info)

        # try to remove the privilege to "_VM_DS" again, which should not fail
        # since the "default_datastore" for tenant1 is set to self.datastore_name
        error_info = auth_api._tenant_access_rm(
            name=self.tenant1_name, datastore=auth_data_const.VM_DS)
        self.assertEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_access_ls_headers()
        # There are 4 columns for each row, the name of the columns are
        # "Datastore", "Allow_create", "Max_volume_size", "Total_size"
        # Sample output of a row:
        # ['datastore1', 'False', '600.00MB', '1.00GB']
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
            privileges, self.tenant1_name)
        self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT)

        # tenant aceess privilege should only have a row now
        self.assertEqual(len(rows), 1)

        expected_output = [self.datastore_name, "False", "600.00MB", "1.00GB"]
        actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # update the access privileges
        # change allow_create to True
        # change max_volume size to 1000MB
        # change total_volume size to 2GB
        volume_maxsize_in_MB = convert.convert_to_MB("1000MB")
        volume_totalsize_in_MB = convert.convert_to_MB("3GB")

        self.parser = vmdkops_admin.create_parser()

        privilege_test_info = [
            ["False", "False"],
            ["FALSE", "False"],
            ["false", "False"],
            ["True", "True"],
            ["TRUE", "True"],
            ["true", "True"],
        ]

        for val in privilege_test_info:
            command = ("vmgroup access set --name={0} ".format(
                self.tenant1_name))
            command += ("--datastore={0} ".format(self.datastore_name))
            command += ("--allow-create={0} ".format(val[0]))
            command += ("--volume-maxsize=500MB --volume-totalsize=1GB")

            args = self.parser.parse_args(command.split())
            error_info = vmdkops_admin.tenant_access_set(args)
            self.assertEqual(None, error_info)

            error_info, privileges = auth_api._tenant_access_ls(
                self.tenant1_name)
            self.assertEqual(None, error_info)

            _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
                privileges, self.tenant1_name)
            self.assertEqual(len(rows), 1)

            expected_output = [
                self.datastore_name, val[1], "500.00MB", "1.00GB"
            ]
            actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
            self.assertEqual(expected_output, actual_output)

        print(
            "[Negative test case]: Expected invalid values for allow-create option"
        )
        for val in ["INVALID", ""]:
            command = ("vmgroup access set --name={0} ".format(
                self.tenant1_name))
            command += ("--datastore={0} ".format(self.datastore_name))
            command += ("--allow-create={0} ".format(val))
            command += ("--volume-maxsize=500MB --volume-totalsize=1GB")

            args = self.parser.parse_args(command.split())
            error_info = vmdkops_admin.tenant_access_set(args)
            expected_message = "Invalid value {0} for allow-create option".format(
                val)
            self.assertEqual(expected_message, error_info)

        if self.datastore1_name:
            # second datastore is available, can test tenant update with  --default_datastore
            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)

            # Two tenants in the list, "_DEFAULT" and "test_tenant1"
            # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"

            # There are 5 columns for each row, the name of the columns are
            # "Uuid", "Name", "Description", "Default_datastore", "VM_list"
            # Sample output of one row:
            # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
            _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore_name
            self.assertEqual(expected_output, actual_output)

            # add access privilege to self.datastore1_name
            volume_maxsize_in_MB = convert.convert_to_MB("600MB")
            volume_totalsize_in_MB = convert.convert_to_MB("1GB")
            error_info = auth_api._tenant_access_add(
                name=self.tenant1_name,
                datastore=self.datastore1_name,
                allow_create=False,
                volume_maxsize_in_MB=volume_maxsize_in_MB,
                volume_totalsize_in_MB=volume_totalsize_in_MB)
            self.assertEqual(None, error_info)

            # update the "default_datastore"
            error_info = auth_api._tenant_update(
                name=self.tenant1_name, default_datastore=self.datastore1_name)
            self.assertEqual(None, error_info)

            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)

            _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore1_name
            self.assertEqual(expected_output, actual_output)

            # switch the "default_datastore" to self.datastore_name
            error_info = auth_api._tenant_update(
                name=self.tenant1_name, default_datastore=self.datastore_name)
            self.assertEqual(error_info, None)
            # remove the privilege to self.datastore1_name
            error_info = auth_api._tenant_access_rm(
                name=self.tenant1_name, datastore=self.datastore1_name)
            self.assertEqual(error_info, None)

        # remove access privileges, which should fail
        # since the "default_datastore" is set to self.datastore_name
        # cannot remove the privilege
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                datastore=self.datastore_name)

        self.assertNotEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        # now, only have a privilege to self.datastore_name
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
            privileges, self.tenant1_name)
        self.assertEqual(1, len(rows))
        expected_output = [self.datastore_name, "True", "500.00MB", "1.00GB"]
        actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
        self.assertEqual(expected_output, actual_output)
Example #4
0
    def test_tenant(self):
        """ Test AdminCLI command for tenant management """
        # create tenant1
        vm_list = [self.vm1_name]

        # create tenant and set "default_datastore" to an invalide datastore_name
        # should fail since the "default_datastore" is not valid
        error_info, tenant = auth_api._tenant_create(
            name=self.tenant1_name,
            default_datastore=self.bad_datastore_name,
            description="Test tenant1",
            vm_list=vm_list,
            privileges=[])
        self.assertNotEqual(None, error_info)

        # try to create the tenant and set "default_datastore" to "_ALL_DS"
        # should fail since "_ALL_DS" cannot be set as "default_datastore"
        error_info, tenant = auth_api._tenant_create(
            name=self.tenant1_name,
            default_datastore=self.bad_datastore_name,
            description="Test tenant1",
            vm_list=vm_list,
            privileges=[])
        self.assertNotEqual(None, error_info)

        # try to create the tenant and set "default_datastore" to "_VM_DS"
        # should succeed
        error_info, tenant = auth_api._tenant_create(
            name=self.tenant1_name,
            default_datastore=auth_data_const.VM_DS,
            description="Test tenant1",
            vm_list=vm_list,
            privileges=[])
        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
        self.assertEqual(len(header), TENANT_LS_EXPECTED_COLUMN_COUNT)

        # Two tenants in the list, "_DEFAULT" and "test_tenant1"
        # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"
        self.assertEqual(len(rows), 2)

        # There are 5 columns for each row, the name of the columns are
        # "Uuid", "Name", "Description", "Default_datastore", "VM_list"
        # Sample output of rows[1]:
        # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
        expected_output = [
            self.tenant1_name, "Test tenant1", auth_data_const.VM_DS,
            generate_vm_name_str(vm_list)
        ]
        actual_output = [
            convert_to_str(rows[1][1]),
            convert_to_str(rows[1][2]),
            convert_to_str(rows[1][3]),
            convert_to_str(rows[1][4])
        ]

        self.assertEqual(expected_output, actual_output)

        # tenant update to update description and default_datastore
        # update default_datastore to self.datastore_name, which should succeed
        error_info = auth_api._tenant_update(
            name=self.tenant1_name,
            description="This is test tenant1",
            default_datastore=self.datastore_name)
        self.assertEqual(None, error_info)

        # update default_datastore to "_ALL_DS", which should fail
        error_info = auth_api._tenant_update(
            name=self.tenant1_name, default_datastore=auth_data_const.ALL_DS)
        self.assertNotEqual(None, error_info)

        # list the access privilege for tenant1
        # now should have two access privileges
        # to datastore "_VM_DS" and self.datastore
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
            privileges, self.tenant1_name)

        self.assertEqual(len(rows), 2)
        if rows[0][0] == self.datastore_name:
            expected_output = [[self.datastore_name, 'True', 'Unset', 'Unset'],
                               [
                                   auth_data_const.VM_DS, 'True', 'Unset',
                                   'Unset'
                               ]]
        else:
            expected_output = [[
                auth_data_const.VM_DS, 'True', 'Unset', 'Unset'
            ], [self.datastore_name, 'True', 'Unset', 'Unset']]

        actual_output = [[rows[0][0], rows[0][1], rows[0][2], rows[0][3]],
                         [rows[1][0], rows[1][1], rows[1][2], rows[1][3]]]

        self.assertEqual(expected_output, actual_output)

        # remove access privilege to "_VM_DS"
        error_info = auth_api._tenant_access_rm(
            name=self.tenant1_name, datastore=auth_data_const.VM_DS)
        self.assertEqual(None, error_info)

        # now, should only have one access privilege
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(
            privileges, self.tenant1_name)
        self.assertEqual(len(rows), 1)

        expected_output = [self.datastore_name, 'True', 'Unset', 'Unset']
        actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # update default vmgroup description
        error_info = auth_api._tenant_update(
            name=auth_data_const.DEFAULT_TENANT,
            description="This is the default vmgroup")

        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        expected_output = [
            self.tenant1_name, "This is test tenant1", self.datastore_name,
            generate_vm_name_str(vm_list)
        ]
        actual_output = [
            convert_to_str(rows[1][1]),
            convert_to_str(rows[1][2]),
            convert_to_str(rows[1][3]),
            convert_to_str(rows[1][4])
        ]

        self.assertEqual(expected_output, actual_output)

        # tenant update to rename the tenant
        error_info = auth_api._tenant_update(name=self.tenant1_name,
                                             new_name=self.tenant1_new_name)
        self.assertEqual(None, error_info)

        # verify default vmgroup can't be renamed
        error_info = auth_api._tenant_update(
            name=auth_data_const.DEFAULT_TENANT,
            new_name=self.tenant1_new_name)
        self.assertNotEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        expected_output = [
            self.tenant1_new_name, "This is test tenant1", self.datastore_name,
            generate_vm_name_str(vm_list)
        ]
        actual_output = [
            convert_to_str(rows[1][1]),
            convert_to_str(rows[1][2]),
            convert_to_str(rows[1][3]),
            convert_to_str(rows[1][4])
        ]

        # tenant rm to remove the tenant
        error_info = auth_api._tenant_vm_rm(name=self.tenant1_new_name,
                                            vm_list=vm_list)
        self.assertEqual(None, error_info)

        error_info = test_utils.cleanup_tenant(self.tenant1_new_name)
        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        # right now, should only have 1 tenant, which is "_DEFAULT" tenant
        self.assertEqual(len(rows), 1)
    def test_tenant_access(self):
        """ Test AdminCLI command for tenant access management """

        # create tenant1 without adding any vms and privileges
        # the "default_datastore" will be set to "_VM_DS"
        # a full access privilege will be created for tenant1
        error_info, tenant = auth_api._tenant_create(
                                                    name=self.tenant1_name,
                                                    default_datastore=auth_data_const.VM_DS,
                                                    description="Test tenant1",
                                                    vm_list=[self.vm1_name],
                                                    privileges=[])
        self.assertEqual(None, error_info)

        # now, should only have privilege to ""_VM_DS
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)
        self.assertEqual(1, len(rows))
        expected_output = [auth_data_const.VM_DS,
                            "True",
                            "Unset",
                            "Unset"]
        actual_output = [rows[0][0],
                         rows[0][1],
                         rows[0][2],
                         rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # remove the privilege to "_VM_DS", which should fail
        # since "_VM_DS still the "default_datastore" for tenant1
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                datastore=auth_data_const.VM_DS
                                                )
        self.assertNotEqual(None, error_info)

        # add a access privilege for tenant to self.datastore_name
        # allow_create = False
        # max_volume size = 600MB
        # total_volume size = 1GB
        volume_maxsize_in_MB = convert.convert_to_MB("600MB")
        volume_totalsize_in_MB = convert.convert_to_MB("1GB")
        error_info = auth_api._tenant_access_add(name=self.tenant1_name,
                                                 datastore=self.datastore_name,
                                                 allow_create=False,
                                                 volume_maxsize_in_MB=volume_maxsize_in_MB,
                                                 volume_totalsize_in_MB=volume_totalsize_in_MB
                                             )
        self.assertEqual(None, error_info)

        # update the "default_datastore" to self.datastore_name
        error_info = auth_api._tenant_update(name=self.tenant1_name,
                                             default_datastore=self.datastore_name)
        self.assertEqual(None, error_info)

        # try to remove the privilege to "_VM_DS" again, which should not fail
        # since the "default_datastore" for tenant1 is set to self.datastore_name
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                datastore=auth_data_const.VM_DS
                                                )
        self.assertEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_access_ls_headers()
        # There are 4 columns for each row, the name of the columns are
        # "Datastore", "Allow_create", "Max_volume_size", "Total_size"
        # Sample output of a row:
        # ['datastore1', 'False', '600.00MB', '1.00GB']
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)
        self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT)

        # tenant aceess privilege should only have a row now
        self.assertEqual(len(rows), 1)

        expected_output = [self.datastore_name,
                           "False",
                           "600.00MB",
                           "1.00GB"]
        actual_output = [rows[0][0],
                         rows[0][1],
                         rows[0][2],
                         rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # update the access privileges
        # change allow_create to True
        # change max_volume size to 1000MB
        # change total_volume size to 2GB
        volume_maxsize_in_MB = convert.convert_to_MB("1000MB")
        volume_totalsize_in_MB = convert.convert_to_MB("3GB")

        self.parser = vmdkops_admin.create_parser()

        privilege_test_info = [
            ["False", "False"],
            ["FALSE", "False"],
            ["false", "False"],
            ["True", "True"],
            ["TRUE", "True"],
            ["true", "True"],
        ]

        for val in privilege_test_info:
            command = ("vmgroup access set --name={0} ".format(self.tenant1_name))
            command += ("--datastore={0} ".format(self.datastore_name))
            command += ("--allow-create={0} ".format(val[0]))
            command += ("--volume-maxsize=500MB --volume-totalsize=1GB")

            args = self.parser.parse_args(command.split())
            error_info = vmdkops_admin.tenant_access_set(args)
            self.assertEqual(None, error_info)

            error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
            self.assertEqual(None, error_info)

            _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)
            self.assertEqual(len(rows), 1)

            expected_output = [self.datastore_name,
                            val[1],
                            "500.00MB",
                            "1.00GB"]
            actual_output = [rows[0][0],
                            rows[0][1],
                            rows[0][2],
                            rows[0][3]]
            self.assertEqual(expected_output, actual_output)

        print("[Negative test case]: Expected invalid values for allow-create option")
        for val in ["INVALID", ""]:
            command = ("vmgroup access set --name={0} ".format(self.tenant1_name))
            command += ("--datastore={0} ".format(self.datastore_name))
            command += ("--allow-create={0} ".format(val))
            command += ("--volume-maxsize=500MB --volume-totalsize=1GB")

            args = self.parser.parse_args(command.split())
            error_info = vmdkops_admin.tenant_access_set(args)
            expected_message = "ERROR:Invalid value {0} for allow-create option".format(val)
            self.assertEqual(expected_message, error_info)

        if self.datastore1_name:
            # second datastore is available, can test tenant update with  --default_datastore
            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)

            # Two tenants in the list, "_DEFAULT" and "test_tenant1"
            # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"

            # There are 5 columns for each row, the name of the columns are
            # "Uuid", "Name", "Description", "Default_datastore", "VM_list"
            # Sample output of one row:
            # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
            _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore_name
            self.assertEqual(expected_output, actual_output)

            # add access privilege to self.datastore1_name
            volume_maxsize_in_MB = convert.convert_to_MB("600MB")
            volume_totalsize_in_MB = convert.convert_to_MB("1GB")
            error_info = auth_api._tenant_access_add(name=self.tenant1_name,
                                                     datastore=self.datastore1_name,
                                                     allow_create=False,
                                                     volume_maxsize_in_MB=volume_maxsize_in_MB,
                                                     volume_totalsize_in_MB=volume_totalsize_in_MB)
            self.assertEqual(None, error_info)

            # update the "default_datastore"
            error_info = auth_api._tenant_update(name=self.tenant1_name,
                                                 default_datastore=self.datastore1_name)
            self.assertEqual(None, error_info)

            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)

            _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore1_name
            self.assertEqual(expected_output, actual_output)

            # switch the "default_datastore" to self.datastore_name
            error_info = auth_api._tenant_update(name=self.tenant1_name,
                                                 default_datastore=self.datastore_name)
            self.assertEqual(error_info, None)
            # remove the privilege to self.datastore1_name
            error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                    datastore=self.datastore1_name)
            self.assertEqual(error_info, None)

        # remove access privileges, which should fail
        # since the "default_datastore" is set to self.datastore_name
        # cannot remove the privilege
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
        datastore=self.datastore_name)

        self.assertNotEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        # now, only have a privilege to self.datastore_name
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)
        self.assertEqual(1, len(rows))
        expected_output = [self.datastore_name,
                            "True",
                            "500.00MB",
                            "1.00GB"]
        actual_output = [rows[0][0],
                         rows[0][1],
                         rows[0][2],
                         rows[0][3]]
        self.assertEqual(expected_output, actual_output)
    def test_tenant(self):
        """ Test AdminCLI command for tenant management """
        # create tenant1
        vm_list = [self.vm1_name]

        # create tenant and set "default_datastore" to an invalide datastore_name
        # should fail since the "default_datastore" is not valid
        error_info, tenant = auth_api._tenant_create(
                                                    name=self.tenant1_name,
                                                    default_datastore=self.bad_datastore_name,
                                                    description="Test tenant1",
                                                    vm_list=vm_list,
                                                    privileges=[])
        self.assertNotEqual(None, error_info)

        # try to create the tenant and set "default_datastore" to "_ALL_DS"
        # should fail since "_ALL_DS" cannot be set as "default_datastore"
        error_info, tenant = auth_api._tenant_create(
                                                    name=self.tenant1_name,
                                                    default_datastore=self.bad_datastore_name,
                                                    description="Test tenant1",
                                                    vm_list=vm_list,
                                                    privileges=[])
        self.assertNotEqual(None, error_info)

        # try to create the tenant and set "default_datastore" to "_VM_DS"
        # should succeed
        error_info, tenant = auth_api._tenant_create(
                                                    name=self.tenant1_name,
                                                    default_datastore=auth_data_const.VM_DS,
                                                    description="Test tenant1",
                                                    vm_list=vm_list,
                                                    privileges=[])
        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
        self.assertEqual(len(header), TENANT_LS_EXPECTED_COLUMN_COUNT)

        # Two tenants in the list, "_DEFAULT" and "test_tenant1"
        # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"
        self.assertEqual(len(rows), 2)

        # There are 5 columns for each row, the name of the columns are
        # "Uuid", "Name", "Description", "Default_datastore", "VM_list"
        # Sample output of rows[1]:
        # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
        expected_output = [self.tenant1_name,
                           "Test tenant1",
                           auth_data_const.VM_DS,
                           generate_vm_name_str(vm_list)]
        actual_output = [convert_to_str(rows[1][1]),
                         convert_to_str(rows[1][2]),
                         convert_to_str(rows[1][3]),
                         convert_to_str(rows[1][4])
                        ]

        self.assertEqual(expected_output, actual_output)

        # tenant update to update description and default_datastore
        # update default_datastore to self.datastore_name, which should succeed
        error_info = auth_api._tenant_update(
                                             name=self.tenant1_name,
                                             description="This is test tenant1",
                                             default_datastore=self.datastore_name)
        self.assertEqual(None, error_info)


        # update default_datastore to "_ALL_DS", which should fail
        error_info = auth_api._tenant_update(
                                             name=self.tenant1_name,
                                             default_datastore=auth_data_const.ALL_DS)
        self.assertNotEqual(None, error_info)

        # list the access privilege for tenant1
        # now should have two access privileges
        # to datastore "_VM_DS" and self.datastore
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)

        self.assertEqual(len(rows), 2)
        if rows[0][0] == self.datastore_name:
            expected_output = [
                               [self.datastore_name, 'True', 'Unset', 'Unset'],
                               [auth_data_const.VM_DS, 'True', 'Unset', 'Unset']
                              ]
        else:
            expected_output = [
                               [auth_data_const.VM_DS, 'True', 'Unset', 'Unset'],
                               [self.datastore_name, 'True', 'Unset', 'Unset']
                              ]

        actual_output = [
                         [rows[0][0], rows[0][1], rows[0][2], rows[0][3]],
                         [rows[1][0], rows[1][1], rows[1][2], rows[1][3]]
                        ]

        self.assertEqual(expected_output, actual_output)

        # remove access privilege to "_VM_DS"
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                datastore=auth_data_const.VM_DS)
        self.assertEqual(None, error_info)

        # now, should only have one access privilege
        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)
        _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name)
        self.assertEqual(len(rows), 1)

        expected_output = [self.datastore_name, 'True', 'Unset', 'Unset']
        actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # update default vmgroup description
        error_info = auth_api._tenant_update(name=auth_data_const.DEFAULT_TENANT,
                                             description="This is the default vmgroup")

        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        expected_output = [self.tenant1_name,
                           "This is test tenant1",
                           self.datastore_name,
                           generate_vm_name_str(vm_list)]
        actual_output = [convert_to_str(rows[1][1]),
                         convert_to_str(rows[1][2]),
                         convert_to_str(rows[1][3]),
                         convert_to_str(rows[1][4])
                        ]

        self.assertEqual(expected_output, actual_output)

        # tenant update to rename the tenant
        error_info = auth_api._tenant_update(
            name=self.tenant1_name,
            new_name=self.tenant1_new_name)
        self.assertEqual(None, error_info)

        # verify default vmgroup can't be renamed
        error_info  = auth_api._tenant_update(name=auth_data_const.DEFAULT_TENANT,
                                              new_name=self.tenant1_new_name)
        self.assertNotEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        expected_output = [self.tenant1_new_name,
                           "This is test tenant1",
                           self.datastore_name,
                           generate_vm_name_str(vm_list)]
        actual_output = [convert_to_str(rows[1][1]),
                         convert_to_str(rows[1][2]),
                         convert_to_str(rows[1][3]),
                         convert_to_str(rows[1][4])
                         ]


        # tenant rm to remove the tenant
        error_info = auth_api._tenant_vm_rm(name=self.tenant1_new_name,
                                            vm_list=vm_list)
        self.assertEqual(None, error_info)

        error_info = test_utils.cleanup_tenant(self.tenant1_new_name)
        self.assertEqual(None, error_info)

        error_info, tenant_list = auth_api._tenant_ls()
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_ls_headers()
        _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

        # right now, should only have 1 tenant, which is "_DEFAULT" tenant
        self.assertEqual(len(rows), 1)
    def test_tenant_access(self):
        """ Test AdminCLI command for tenant access management """

        # create tenant1 without adding any vms and privileges
        error_info, tenant = auth_api._tenant_create(
                                                    name=self.tenant1_name,
                                                    description="Test tenant1",
                                                    vm_list=[self.vm1_name],
                                                    privileges=[])
        self.assertEqual(None, error_info)

        # add first access privilege for tenant
        # allow_create = False
        # max_volume size = 600MB
        # total_volume size = 1GB
        volume_maxsize_in_MB = convert.convert_to_MB("600MB")
        volume_totalsize_in_MB = convert.convert_to_MB("1GB")
        error_info = auth_api._tenant_access_add(name=self.tenant1_name,
                                                 datastore=self.datastore_name,
                                                 default_datastore=False,
                                                 allow_create=False,
                                                 volume_maxsize_in_MB=volume_maxsize_in_MB,
                                                 volume_totalsize_in_MB=volume_totalsize_in_MB
                                             )
        self.assertEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        header = vmdkops_admin.tenant_access_ls_headers()
        # There are 4 columns for each row, the name of the columns are
        # "Datastore", "Allow_create", "Max_volume_size", "Total_size"
        # Sample output of a row:
        # ['datastore1', 'False', '600.00MB', '1.00GB']
        rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)
        self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT)

        # tenant aceess privilege should only have a row now
        self.assertEqual(len(rows), 1)

        expected_output = [self.datastore_name,
                           "False",
                           "600.00MB",
                           "1.00GB"]
        actual_output = [rows[0][0],
                         rows[0][1],
                         rows[0][2],
                         rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        # update the access privileges
        # change allow_create to True
        # change max_volume size to 1000MB
        # change total_volume size to 2GB
        volume_maxsize_in_MB = convert.convert_to_MB("1000MB")
        volume_totalsize_in_MB = convert.convert_to_MB("3GB")
        error_info = auth_api._tenant_access_set(name=self.tenant1_name,
                                                 datastore=self.datastore_name,
                                                 allow_create="True",
                                                 volume_maxsize_in_MB=volume_maxsize_in_MB,
                                                 volume_totalsize_in_MB=volume_totalsize_in_MB
                                             )
        self.assertEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)
        self.assertEqual(len(rows), 1)


        expected_output = [self.datastore_name,
                           "True",
                           "1000.00MB",
                           "3.00GB"]
        actual_output = [rows[0][0],
                         rows[0][1],
                         rows[0][2],
                         rows[0][3]]
        self.assertEqual(expected_output, actual_output)

        if self.datastore1_name:
            # second datastore is available, can test tenant access add with --default_datastore
            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)

            # Two tenants in the list, "_DEFAULT" and "test_tenant1"
            # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"

            # There are 5 columns for each row, the name of the columns are
            # "Uuid", "Name", "Description", "Default_datastore", "VM_list"
            # Sample output of one row:
            # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
            rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)

            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore_name
            self.assertEqual(expected_output, actual_output)

            # add second access privilege for tenant
            # allow_create = False
            # max_volume size = 600MB
            # total_volume size = 1GB
            volume_maxsize_in_MB = convert.convert_to_MB("600MB")
            volume_totalsize_in_MB = convert.convert_to_MB("1GB")
            error_info = auth_api._tenant_access_add(name=self.tenant1_name,
                                                    datastore=self.datastore1_name,
                                                    default_datastore=True,
                                                    allow_create=False,
                                                    volume_maxsize_in_MB=volume_maxsize_in_MB,
                                                    volume_totalsize_in_MB=volume_totalsize_in_MB
                                                )
            self.assertEqual(None, error_info)

            error_info, tenant_list = auth_api._tenant_ls()
            self.assertEqual(None, error_info)


            rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
            # get "default_datastore" from the output
            actual_output = rows[1][3]
            expected_output = self.datastore1_name
            self.assertEqual(expected_output, actual_output)

            error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
                                                    datastore=self.datastore1_name)
            self.assertEqual(error_info, None)

        # remove access privileges
        error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
        datastore=self.datastore_name)

        self.assertEqual(None, error_info)

        error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
        self.assertEqual(None, error_info)

        rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)

        # no tenant access privilege available for this tenant
        self.assertEqual(rows, [])