Example #1
0
    def test_get_os_admin_context(self, password_plugin):
        imp.reload(ec2_context)
        # NOTE(ft): initialize a regular context to populate oslo_context's
        # local storage to prevent admin context to populate it.
        # Used to implicitly validate overwrite=False argument of the call
        # RequestContext constructor from inside get_os_admin_context
        if not context.get_current():
            ec2_context.RequestContext(None, None)

        ctx = ec2_context.get_os_admin_context()
        conf = cfg.CONF
        password_plugin.assert_called_once_with(
            username=conf.admin_user,
            password=conf.admin_password,
            tenant_name=conf.admin_tenant_name,
            project_name=conf.admin_tenant_name,
            auth_url=conf.keystone_url)
        self.assertIsNone(ctx.user_id)
        self.assertIsNone(ctx.project_id)
        self.assertIsNone(ctx.auth_token)
        self.assertEqual([], ctx.service_catalog)
        self.assertTrue(ctx.is_os_admin)
        self.assertIsNotNone(ctx.session)
        self.assertIsNotNone(ctx.session.auth)
        self.assertNotEqual(context.get_current(), ctx)

        password_plugin.reset_mock()
        ec2_context.get_os_admin_context()
        self.assertFalse(password_plugin.called)
Example #2
0
    def test_get_os_admin_context(self, password_plugin):
        imp.reload(ec2_context)
        # NOTE(ft): initialize a regular context to populate oslo_context's
        # local storage to prevent admin context to populate it.
        # Used to implicitly validate overwrite=False argument of the call
        # RequestContext constructor from inside get_os_admin_context
        if not context.get_current():
            ec2_context.RequestContext(None, None)

        ctx = ec2_context.get_os_admin_context()
        conf = cfg.CONF
        password_plugin.assert_called_once_with(
            username=conf.admin_user,
            password=conf.admin_password,
            tenant_name=conf.admin_tenant_name,
            project_name=conf.admin_tenant_name,
            auth_url=conf.keystone_url)
        self.assertIsNone(ctx.user_id)
        self.assertIsNone(ctx.project_id)
        self.assertIsNone(ctx.auth_token)
        self.assertEqual([], ctx.service_catalog)
        self.assertTrue(ctx.is_os_admin)
        self.assertIsNotNone(ctx.session)
        self.assertIsNotNone(ctx.session.auth)
        self.assertNotEqual(context.get_current(), ctx)

        password_plugin.reset_mock()
        ec2_context.get_os_admin_context()
        self.assertFalse(password_plugin.called)
Example #3
0
    def test_get_os_admin_context(self, session, auth):
        conf = config_fixture.Config()
        clients._admin_session = None
        conf.config(auth_type='fake', group=GROUP_AUTHTOKEN)

        imp.reload(ec2_context)
        # NOTE(ft): initialize a regular context to populate oslo_context's
        # local storage to prevent admin context to populate it.
        # Used to implicitly validate overwrite=False argument of the call
        # RequestContext constructor from inside get_os_admin_context
        if not context.get_current():
            ec2_context.RequestContext(None, None)

        ctx = ec2_context.get_os_admin_context()
        conf = cfg.CONF
        auth.assert_called_once_with(conf, GROUP_AUTHTOKEN)
        auth_plugin = auth.return_value
        session.assert_called_once_with(conf,
                                        GROUP_AUTHTOKEN,
                                        auth=auth_plugin)
        self.assertIsNone(ctx.user_id)
        self.assertIsNone(ctx.project_id)
        self.assertIsNone(ctx.auth_token)
        self.assertEqual([], ctx.service_catalog)
        self.assertTrue(ctx.is_os_admin)
        self.assertIsNotNone(ctx.session)
        self.assertIsNotNone(ctx.session.auth)
        self.assertNotEqual(context.get_current(), ctx)

        session.reset_mock()
        ec2_context.get_os_admin_context()
        self.assertFalse(session.called)
Example #4
0
    def test_get_os_admin_context(self, keystone):
        service_catalog = mock.Mock()
        service_catalog.get_data.return_value = 'fake_service_catalog'
        ec2_context._keystone_client_class = mock.Mock(
            return_value=mock.Mock(
                auth_user_id='fake_user_id',
                auth_tenant_id='fake_project_id',
                auth_token='fake_token',
                service_catalog=service_catalog))
        context = ec2_context.get_os_admin_context()
        self.assertEqual('fake_user_id', context.user_id)
        self.assertEqual('fake_project_id', context.project_id)
        self.assertEqual('fake_token', context.auth_token)
        self.assertEqual('fake_service_catalog', context.service_catalog)
        self.assertTrue(context.is_os_admin)
        conf = cfg.CONF
        ec2_context._keystone_client_class.assert_called_once_with(
            username=conf.admin_user,
            password=conf.admin_password,
            tenant_name=conf.admin_tenant_name,
            project_name=conf.admin_tenant_name,
            auth_url=conf.keystone_url)
        service_catalog.get_data.assert_called_once_with()

        keystone.reset_mock()
        self.assertEqual(context, ec2_context.get_os_admin_context())
        self.assertFalse(keystone.called)
Example #5
0
    def test_get_os_admin_context(self, session, auth):
        conf = config_fixture.Config()
        clients._admin_session = None
        conf.config(auth_type='fake', group=GROUP_AUTHTOKEN)

        imp.reload(ec2_context)
        # NOTE(ft): initialize a regular context to populate oslo_context's
        # local storage to prevent admin context to populate it.
        # Used to implicitly validate overwrite=False argument of the call
        # RequestContext constructor from inside get_os_admin_context
        if not context.get_current():
            ec2_context.RequestContext(None, None)

        ctx = ec2_context.get_os_admin_context()
        conf = cfg.CONF
        auth.assert_called_once_with(conf, GROUP_AUTHTOKEN)
        auth_plugin = auth.return_value
        session.assert_called_once_with(conf, GROUP_AUTHTOKEN,
                                        auth=auth_plugin)
        self.assertIsNone(ctx.user_id)
        self.assertIsNone(ctx.project_id)
        self.assertIsNone(ctx.auth_token)
        self.assertEqual([], ctx.service_catalog)
        self.assertTrue(ctx.is_os_admin)
        self.assertIsNotNone(ctx.session)
        self.assertIsNotNone(ctx.session.auth)
        self.assertNotEqual(context.get_current(), ctx)

        session.reset_mock()
        ec2_context.get_os_admin_context()
        self.assertFalse(session.called)
Example #6
0
    def test_get_os_admin_context(self, keystone):
        service_catalog = mock.Mock()
        service_catalog.get_data.return_value = 'fake_service_catalog'
        ec2_context._keystone_client_class = mock.Mock(
            return_value=mock.Mock(
                auth_user_id='fake_user_id',
                auth_tenant_id='fake_project_id',
                auth_token='fake_token',
                service_catalog=service_catalog))
        context = ec2_context.get_os_admin_context()
        self.assertEqual('fake_user_id', context.user_id)
        self.assertEqual('fake_project_id', context.project_id)
        self.assertEqual('fake_token', context.auth_token)
        self.assertEqual('fake_service_catalog', context.service_catalog)
        self.assertTrue(context.is_os_admin)
        conf = cfg.CONF
        ec2_context._keystone_client_class.assert_called_once_with(
            username=conf.admin_user,
            password=conf.admin_password,
            tenant_name=conf.admin_tenant_name,
            project_name=conf.admin_tenant_name,
            auth_url=conf.keystone_url,
            cacert=conf.ssl_ca_file,
            insecure=conf.ssl_insecure)
        service_catalog.get_data.assert_called_once_with()

        keystone.reset_mock()
        self.assertEqual(context, ec2_context.get_os_admin_context())
        self.assertFalse(keystone.called)
Example #7
0
 def get_os_items(self):
     nova = clients.nova(ec2_context.get_os_admin_context())
     os_instances = nova.servers.list(
         search_opts={'all_tenants': True,
                      'project_id': self.context.project_id})
     self.os_instances = {i.id: i for i in os_instances}
     return clients.cinder(self.context).volumes.list()
Example #8
0
 def get_os_items(self):
     nova = clients.nova(ec2_context.get_os_admin_context())
     os_instances = nova.servers.list(search_opts={
         'all_tenants': True,
         'project_id': self.context.project_id
     })
     self.os_instances = {i.id: i for i in os_instances}
     return clients.cinder(self.context).volumes.list()
Example #9
0
    def test_get_metadata_integral(self, keystone, network_interface_api, security_group_api):
        service_catalog = mock.MagicMock()
        service_catalog.get_data.return_value = []
        keystone.return_value = mock.Mock(
            auth_user_id="fake_user_id",
            auth_tenant_id=fakes.ID_OS_PROJECT,
            auth_token="fake_token",
            service_catalog=service_catalog,
        )
        fake_context = context.get_os_admin_context()

        self.set_mock_db_items(
            fakes.DB_INSTANCE_1,
            fakes.DB_INSTANCE_2,
            fakes.DB_NETWORK_INTERFACE_1,
            fakes.DB_NETWORK_INTERFACE_2,
            fakes.DB_IMAGE_1,
            fakes.DB_IMAGE_2,
            fakes.DB_IMAGE_ARI_1,
            fakes.DB_IMAGE_AKI_1,
            fakes.DB_VOLUME_1,
            fakes.DB_VOLUME_2,
            fakes.DB_VOLUME_3,
        )
        self.nova_admin.servers.list.return_value = [
            fakes.OSInstance_full(fakes.OS_INSTANCE_1),
            fakes.OSInstance_full(fakes.OS_INSTANCE_2),
        ]
        self.nova_admin.servers.get.side_effect = tools.get_by_1st_arg_getter(
            {
                fakes.ID_OS_INSTANCE_1: fakes.OSInstance_full(fakes.OS_INSTANCE_1),
                fakes.ID_OS_INSTANCE_2: fakes.OSInstance_full(fakes.OS_INSTANCE_2),
            }
        )
        keypair = mock.Mock(public_key=fakes.PUBLIC_KEY_KEY_PAIR)
        keypair.configure_mock(name=fakes.NAME_KEY_PAIR)
        self.nova.keypairs.get.return_value = keypair
        self.cinder.volumes.list.return_value = [
            fakes.OSVolume(fakes.OS_VOLUME_1),
            fakes.OSVolume(fakes.OS_VOLUME_2),
            fakes.OSVolume(fakes.OS_VOLUME_3),
        ]
        network_interface_api.describe_network_interfaces.side_effect = lambda *args, **kwargs: copy.deepcopy(
            {"networkInterfaceSet": [fakes.EC2_NETWORK_INTERFACE_1, fakes.EC2_NETWORK_INTERFACE_2]}
        )
        security_group_api.describe_security_groups.return_value = {
            "securityGroupInfo": [fakes.EC2_SECURITY_GROUP_1, fakes.EC2_SECURITY_GROUP_3]
        }

        retval = api.get_metadata_item(
            fake_context, ["latest", "meta-data", "instance-id"], fakes.ID_OS_INSTANCE_1, fakes.IP_NETWORK_INTERFACE_2
        )
        self.assertEqual(fakes.ID_EC2_INSTANCE_1, retval)

        retval = api.get_metadata_item(
            fake_context, ["latest", "meta-data", "instance-id"], fakes.ID_OS_INSTANCE_2, "10.200.1.15"
        )
        self.assertEqual(fakes.ID_EC2_INSTANCE_2, retval)
Example #10
0
 def _get_requester(self, req):
     if req.headers.get('X-Metadata-Provider'):
         provider_id, remote_ip = self._unpack_nsx_request(req)
         context = ec2_context.get_os_admin_context()
         os_instance_id, project_id = (
             api.get_os_instance_and_project_id_by_provider_id(
                 context, provider_id, remote_ip))
     elif req.headers.get('X-Instance-ID'):
         os_instance_id, project_id, remote_ip = (
             self._unpack_neutron_request(req))
     else:
         remote_ip = self._unpack_nova_network_request(req)
         context = ec2_context.get_os_admin_context()
         os_instance_id, project_id = (
             api.get_os_instance_and_project_id(context, remote_ip))
     return {'os_instance_id': os_instance_id,
             'project_id': project_id,
             'private_ip': remote_ip}
Example #11
0
 def _get_metadata(self, path_tokens, requester):
     context = ec2_context.get_os_admin_context()
     # NOTE(ft): substitute project_id for context to instance's one.
     # It's needed for correct describe and auto update DB operations.
     # It doesn't affect operations via OpenStack's clients because
     # these clients use auth_token field only
     context.project_id = requester['project_id']
     return api.get_metadata_item(context, path_tokens,
                                  requester['os_instance_id'],
                                  requester['private_ip'])
Example #12
0
    def test_get_metadata_integral(self, keystone, network_interface_api,
                                   security_group_api):
        service_catalog = mock.MagicMock()
        service_catalog.get_data.return_value = []
        keystone.return_value = mock.Mock(auth_user_id='fake_user_id',
                                          auth_tenant_id=fakes.ID_OS_PROJECT,
                                          auth_token='fake_token',
                                          service_catalog=service_catalog)
        fake_context = context.get_os_admin_context()

        self.set_mock_db_items(fakes.DB_INSTANCE_1, fakes.DB_INSTANCE_2,
                               fakes.DB_NETWORK_INTERFACE_1,
                               fakes.DB_NETWORK_INTERFACE_2, fakes.DB_IMAGE_1,
                               fakes.DB_IMAGE_2, fakes.DB_IMAGE_ARI_1,
                               fakes.DB_IMAGE_AKI_1, fakes.DB_VOLUME_1,
                               fakes.DB_VOLUME_2, fakes.DB_VOLUME_3)
        self.nova_admin.servers.list.return_value = [
            fakes.OSInstance_full(fakes.OS_INSTANCE_1),
            fakes.OSInstance_full(fakes.OS_INSTANCE_2)
        ]
        self.nova_admin.servers.get.side_effect = tools.get_by_1st_arg_getter({
            fakes.ID_OS_INSTANCE_1:
            fakes.OSInstance_full(fakes.OS_INSTANCE_1),
            fakes.ID_OS_INSTANCE_2:
            fakes.OSInstance_full(fakes.OS_INSTANCE_2)
        })
        keypair = mock.Mock(public_key=fakes.PUBLIC_KEY_KEY_PAIR)
        keypair.configure_mock(name=fakes.NAME_KEY_PAIR)
        self.nova.keypairs.get.return_value = keypair
        self.cinder.volumes.list.return_value = [
            fakes.OSVolume(fakes.OS_VOLUME_1),
            fakes.OSVolume(fakes.OS_VOLUME_2),
            fakes.OSVolume(fakes.OS_VOLUME_3)
        ]
        network_interface_api.describe_network_interfaces.side_effect = (
            lambda *args, **kwargs: copy.deepcopy({
                'networkInterfaceSet':
                [fakes.EC2_NETWORK_INTERFACE_1, fakes.EC2_NETWORK_INTERFACE_2]
            }))
        security_group_api.describe_security_groups.return_value = {
            'securityGroupInfo':
            [fakes.EC2_SECURITY_GROUP_1, fakes.EC2_SECURITY_GROUP_3]
        }

        retval = api.get_metadata_item(fake_context,
                                       ['latest', 'meta-data', 'instance-id'],
                                       fakes.ID_OS_INSTANCE_1,
                                       fakes.IP_NETWORK_INTERFACE_2)
        self.assertEqual(fakes.ID_EC2_INSTANCE_1, retval)

        retval = api.get_metadata_item(fake_context,
                                       ['latest', 'meta-data', 'instance-id'],
                                       fakes.ID_OS_INSTANCE_2, '10.200.1.15')
        self.assertEqual(fakes.ID_EC2_INSTANCE_2, retval)
Example #13
0
    def _build_proxy_request_headers(self, req):
        if req.headers.get('X-Instance-ID'):
            return req.headers

        remote_ip = self._get_remote_ip(req)
        context = ec2_context.get_os_admin_context()
        instance_id, project_id = (api.get_os_instance_and_project_id(
            context, remote_ip))
        return {
            'X-Forwarded-For': remote_ip,
            'X-Instance-ID': instance_id,
            'X-Tenant-ID': project_id,
            'X-Instance-ID-Signature': self._sign_instance_id(instance_id),
        }
Example #14
0
    def _build_proxy_request_headers(self, req):
        if req.headers.get('X-Instance-ID'):
            return req.headers

        remote_ip = self._get_remote_ip(req)
        context = ec2_context.get_os_admin_context()
        instance_id, project_id = (
            api.get_os_instance_and_project_id(context, remote_ip))
        return {
            'X-Forwarded-For': remote_ip,
            'X-Instance-ID': instance_id,
            'X-Tenant-ID': project_id,
            'X-Instance-ID-Signature': self._sign_instance_id(instance_id),
        }
Example #15
0
 def _get_metadata(self, req, path_tokens):
     context = ec2_context.get_os_admin_context()
     if req.headers.get('X-Instance-ID'):
         os_instance_id, project_id, remote_ip = (
             self._unpack_request_attributes(req))
     else:
         remote_ip = self._get_remote_ip(req)
         os_instance_id, project_id = (api.get_os_instance_and_project_id(
             context, remote_ip))
     # NOTE(ft): substitute project_id for context to instance's one.
     # It's needed for correct describe and auto update DB operations.
     # It doesn't affect operations via OpenStack's clients because
     # these clients use auth_token field only
     context.project_id = project_id
     return api.get_metadata_item(context, path_tokens, os_instance_id,
                                  remote_ip)
Example #16
0
 def _get_metadata(self, req, path_tokens):
     context = ec2_context.get_os_admin_context()
     if req.headers.get('X-Instance-ID'):
         os_instance_id, project_id, remote_ip = (
             self._unpack_request_attributes(req))
     else:
         remote_ip = self._get_remote_ip(req)
         os_instance_id, project_id = (
             api.get_os_instance_and_project_id(context, remote_ip))
     # NOTE(ft): substitute project_id for context to instance's one.
     # It's needed for correct describe and auto update DB operations.
     # It doesn't affect operations via OpenStack's clients because
     # these clients use auth_token field only
     context.project_id = project_id
     return api.get_metadata_item(context, path_tokens, os_instance_id,
                                  remote_ip)