Example #1
0
def get_credential_provider(opts):
    identity_version = "".join(['v', str(opts.identity_version)])
    # NOTE(andreaf) For now tempest.conf controls whether resources will
    # actually be created. Once we remove the dependency from tempest.conf
    # we will need extra CLI option(s) to control this.
    network_resources = {
        'router': True,
        'network': True,
        'subnet': True,
        'dhcp': True
    }
    admin_creds_dict = {
        'username': opts.os_username,
        'password': opts.os_password
    }
    _project_name = opts.os_project_name or opts.os_tenant_name
    if opts.identity_version == 3:
        admin_creds_dict['project_name'] = _project_name
        admin_creds_dict['domain_name'] = opts.os_domain_name or 'Default'
    elif opts.identity_version == 2:
        admin_creds_dict['tenant_name'] = _project_name
    admin_creds = credentials_factory.get_credentials(
        fill_in=False, identity_version=identity_version, **admin_creds_dict)
    return dynamic_creds.DynamicCredentialProvider(
        identity_version=identity_version,
        name=opts.tag,
        network_resources=network_resources,
        neutron_available=CONF.service_available.neutron,
        create_networks=CONF.auth.create_isolated_networks,
        identity_admin_role=CONF.identity.admin_role,
        identity_admin_domain_scope=CONF.identity.admin_domain_scope,
        project_network_cidr=CONF.network.project_network_cidr,
        project_network_mask_bits=CONF.network.project_network_mask_bits,
        public_network_id=CONF.network.public_network_id,
        admin_creds=admin_creds,
        **credentials_factory.get_dynamic_provider_params())
def get_credentials_provider(name, network_resources=None,
                             force_tenant_isolation=False,
                             identity_version=None):
    # If a test requires a new account to work, it can have it via forcing
    # dynamic credentials. A new account will be produced only for that test.
    # In case admin credentials are not available for the account creation,
    # the test should be skipped else it would fail.
    identity_version = identity_version or CONF.identity.auth_version
    if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
        admin_creds = get_configured_admin_credentials(
            fill_in=True, identity_version=identity_version)
        return dynamic_creds.DynamicCredentialProvider(
            name=name,
            network_resources=network_resources,
            identity_version=identity_version,
            admin_creds=admin_creds,
            identity_admin_domain_scope=CONF.identity.admin_domain_scope,
            identity_admin_role=CONF.identity.admin_role,
            extra_roles=CONF.auth.tempest_roles,
            neutron_available=CONF.service_available.neutron,
            project_network_cidr=CONF.network.project_network_cidr,
            project_network_mask_bits=CONF.network.project_network_mask_bits,
            public_network_id=CONF.network.public_network_id,
            create_networks=(CONF.auth.create_isolated_networks and not
                             CONF.baremetal.driver_enabled),
            resource_prefix=CONF.resources_prefix,
            **get_dynamic_provider_params())
    else:
        if CONF.auth.test_accounts_file:
            # Most params are not relevant for pre-created accounts
            return preprov_creds.PreProvisionedCredentialProvider(
                name=name, identity_version=identity_version,
                **get_preprov_provider_params())
        else:
            raise exceptions.InvalidConfiguration(
                'A valid credential provider is needed')
Example #3
0
    def test_no_network_creation_with_config_set(self, MockRestClient):
        cfg.CONF.set_default('create_isolated_networks', False, group='auth')
        creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
        self._mock_assign_user_role()
        self._mock_list_role()
        self._mock_user_create('1234', 'fake_prim_user')
        self._mock_tenant_create('1234', 'fake_prim_tenant')
        net = mock.patch.object(creds.networks_admin_client, 'delete_network')
        net_mock = net.start()
        subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet')
        subnet_mock = subnet.start()
        router = mock.patch.object(creds.routers_admin_client, 'delete_router')
        router_mock = router.start()

        primary_creds = creds.get_primary_creds()
        self.assertEqual(net_mock.mock_calls, [])
        self.assertEqual(subnet_mock.mock_calls, [])
        self.assertEqual(router_mock.mock_calls, [])
        network = primary_creds.network
        subnet = primary_creds.subnet
        router = primary_creds.router
        self.assertIsNone(network)
        self.assertIsNone(subnet)
        self.assertIsNone(router)
Example #4
0
 def test_all_cred_cleanup(self, MockRestClient):
     cfg.CONF.set_default('neutron', False, 'service_available')
     creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
     self._mock_assign_user_role()
     self._mock_list_role()
     self._mock_tenant_create('1234', 'fake_prim_tenant')
     self._mock_user_create('1234', 'fake_prim_user')
     creds.get_primary_creds()
     self._mock_tenant_create('12345', 'fake_alt_tenant')
     self._mock_user_create('12345', 'fake_alt_user')
     creds.get_alt_creds()
     self._mock_tenant_create('123456', 'fake_admin_tenant')
     self._mock_user_create('123456', 'fake_admin_user')
     self._mock_list_roles('123456', 'admin')
     creds.get_admin_creds()
     user_mock = self.patchobject(self.users_client.UsersClient,
                                  'delete_user')
     tenant_mock = self.patchobject(self.tenants_client_class,
                                    self.delete_tenant)
     creds.clear_creds()
     # Verify user delete calls
     calls = user_mock.mock_calls
     self.assertEqual(len(calls), 3)
     args = map(lambda x: x[1][0], calls)
     args = list(args)
     self.assertIn('1234', args)
     self.assertIn('12345', args)
     self.assertIn('123456', args)
     # Verify tenant delete calls
     calls = tenant_mock.mock_calls
     self.assertEqual(len(calls), 3)
     args = map(lambda x: x[1][0], calls)
     args = list(args)
     self.assertIn('1234', args)
     self.assertIn('12345', args)
     self.assertIn('123456', args)
Example #5
0
    def provide_share_network(cls,
                              shares_client,
                              networks_client,
                              isolated_creds_client=None):
        """Used for finding/creating share network for multitenant driver.

        This method creates/gets entity share-network for one tenant. This
        share-network will be used for creation of service vm.

        :param shares_client: shares client, which requires share-network
        :param networks_client: network client from same tenant as shares
        :param isolated_creds_client: DynamicCredentialProvider instance
            If provided, then its networking will be used if needed.
            If not provided, then common network will be used if needed.
        :returns: str -- share network id for shares_client tenant
        :returns: None -- if single-tenant driver used
        """

        sc = shares_client
        search_word = "reusable"
        sn_name = "autogenerated_by_tempest_%s" % search_word

        if not CONF.share.multitenancy_enabled:
            # Assumed usage of a single-tenant driver
            share_network_id = None
        elif sc.share_network_id:
            # Share-network already exists, use it
            share_network_id = sc.share_network_id
        elif not CONF.share.create_networks_when_multitenancy_enabled:
            share_network_id = None

            # Try get suitable share-network
            share_networks = sc.list_share_networks_with_detail()
            for sn in share_networks:
                if (sn["neutron_net_id"] is None
                        and sn["neutron_subnet_id"] is None and sn["name"]
                        and search_word in sn["name"]):
                    share_network_id = sn["id"]
                    break

            # Create new share-network if one was not found
            if share_network_id is None:
                sn_desc = "This share-network was created by tempest"
                sn = sc.create_share_network(name=sn_name, description=sn_desc)
                share_network_id = sn["id"]
        else:
            net_id = subnet_id = share_network_id = None

            if not isolated_creds_client:
                # Search for networks, created in previous runs
                service_net_name = "share-service"
                networks = networks_client.list_networks()
                if "networks" in networks.keys():
                    networks = networks["networks"]
                for network in networks:
                    if (service_net_name in network["name"]
                            and sc.tenant_id == network['tenant_id']):
                        net_id = network["id"]
                        if len(network["subnets"]) > 0:
                            subnet_id = network["subnets"][0]
                            break

                # Create suitable network
                if (net_id is None or subnet_id is None):
                    ic = dynamic_creds.DynamicCredentialProvider(
                        identity_version=CONF.identity.auth_version,
                        name=service_net_name,
                        admin_role=CONF.identity.admin_role,
                        admin_creds=(
                            common_creds.get_configured_admin_credentials()))
                    net_data = ic._create_network_resources(sc.tenant_id)
                    network, subnet, router = net_data
                    net_id = network["id"]
                    subnet_id = subnet["id"]

                # Try get suitable share-network
                share_networks = sc.list_share_networks_with_detail()
                for sn in share_networks:
                    if (net_id == sn["neutron_net_id"]
                            and subnet_id == sn["neutron_subnet_id"]
                            and sn["name"] and search_word in sn["name"]):
                        share_network_id = sn["id"]
                        break
            else:
                sn_name = "autogenerated_by_tempest_for_isolated_creds"
                # Use precreated network and subnet from isolated creds
                net_id = isolated_creds_client.get_credentials(
                    isolated_creds_client.type_of_creds).network['id']
                subnet_id = isolated_creds_client.get_credentials(
                    isolated_creds_client.type_of_creds).subnet['id']

            # Create suitable share-network
            if share_network_id is None:
                sn_desc = "This share-network was created by tempest"
                sn = sc.create_share_network(name=sn_name,
                                             description=sn_desc,
                                             neutron_net_id=net_id,
                                             neutron_subnet_id=subnet_id)
                share_network_id = sn["id"]

        return share_network_id
Example #6
0
    def get_client_with_isolated_creds(cls,
                                       name=None,
                                       type_of_creds="admin",
                                       cleanup_in_class=False,
                                       client_version='1'):
        """Creates isolated creds.

        :param name: name, will be used for naming ic and related stuff
        :param type_of_creds: admin, alt or primary
        :param cleanup_in_class: defines place where to delete
        :returns: SharesClient -- shares client with isolated creds.
        :returns: To client added dict attr 'creds' with
        :returns: key elements 'tenant' and 'user'.
        """
        if name is None:
            # Get name of test method
            name = inspect.stack()[1][3]
            if len(name) > 32:
                name = name[0:32]

        # Choose type of isolated creds
        ic = dynamic_creds.DynamicCredentialProvider(
            identity_version=CONF.identity.auth_version,
            name=name,
            admin_role=CONF.identity.admin_role,
            admin_creds=common_creds.get_configured_admin_credentials())
        if "admin" in type_of_creds:
            creds = ic.get_admin_creds().credentials
        elif "alt" in type_of_creds:
            creds = ic.get_alt_creds().credentials
        else:
            creds = ic.get_credentials(type_of_creds).credentials
        ic.type_of_creds = type_of_creds

        # create client with isolated creds
        os = clients.Manager(credentials=creds)
        if client_version == '1':
            client = shares_client.SharesClient(os.auth_provider)
        elif client_version == '2':
            client = shares_v2_client.SharesV2Client(os.auth_provider)

        # Set place where will be deleted isolated creds
        ic_res = {
            "method": ic.clear_creds,
            "deleted": False,
        }
        if cleanup_in_class:
            cls.class_isolated_creds.insert(0, ic_res)
        else:
            cls.method_isolated_creds.insert(0, ic_res)

        # Provide share network
        if CONF.share.multitenancy_enabled:
            if (not CONF.service_available.neutron
                    and CONF.share.create_networks_when_multitenancy_enabled):
                raise cls.skipException("Neutron support is required")
            nc = os.networks_client
            share_network_id = cls.provide_share_network(client, nc, ic)
            client.share_network_id = share_network_id
            resource = {
                "type": "share_network",
                "id": client.share_network_id,
                "client": client,
            }
            if cleanup_in_class:
                cls.class_resources.insert(0, resource)
            else:
                cls.method_resources.insert(0, resource)
        return client
 def test_tempest_client(self):
     creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
     self.assertIsInstance(creds.identity_admin_client,
                           json_iden_client.IdentityClient)
    def test_network_cleanup(self, MockRestClient):
        def side_effect(**args):
            return {
                "security_groups": [{
                    "tenant_id": args['tenant_id'],
                    "name": args['name'],
                    "description": args['name'],
                    "security_group_rules": [],
                    "id": "sg-%s" % args['tenant_id']
                }]
            }

        creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
        # Create primary tenant and network
        self._mock_assign_user_role()
        self._mock_list_role()
        self._mock_user_create('1234', 'fake_prim_user')
        self._mock_tenant_create('1234', 'fake_prim_tenant')
        self._mock_network_create(creds, '1234', 'fake_net')
        self._mock_subnet_create(creds, '1234', 'fake_subnet')
        self._mock_router_create('1234', 'fake_router')
        router_interface_mock = self.patch(
            'tempest.services.network.json.routers_client.RoutersClient.'
            'add_router_interface')
        creds.get_primary_creds()
        router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
        router_interface_mock.reset_mock()
        # Create alternate tenant and network
        self._mock_user_create('12345', 'fake_alt_user')
        self._mock_tenant_create('12345', 'fake_alt_tenant')
        self._mock_network_create(creds, '12345', 'fake_alt_net')
        self._mock_subnet_create(creds, '12345', 'fake_alt_subnet')
        self._mock_router_create('12345', 'fake_alt_router')
        creds.get_alt_creds()
        router_interface_mock.assert_called_once_with('12345',
                                                      subnet_id='12345')
        router_interface_mock.reset_mock()
        # Create admin tenant and networks
        self._mock_user_create('123456', 'fake_admin_user')
        self._mock_tenant_create('123456', 'fake_admin_tenant')
        self._mock_network_create(creds, '123456', 'fake_admin_net')
        self._mock_subnet_create(creds, '123456', 'fake_admin_subnet')
        self._mock_router_create('123456', 'fake_admin_router')
        self._mock_list_roles('123456', 'admin')
        creds.get_admin_creds()
        self.patch('tempest.services.identity.v2.json.users_client.'
                   'UsersClient.delete_user')
        self.patch('tempest.services.identity.v2.json.tenants_client.'
                   'TenantsClient.delete_tenant')
        net = mock.patch.object(creds.networks_admin_client, 'delete_network')
        net_mock = net.start()
        subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet')
        subnet_mock = subnet.start()
        router = mock.patch.object(creds.routers_admin_client, 'delete_router')
        router_mock = router.start()
        remove_router_interface_mock = self.patch(
            'tempest.services.network.json.routers_client.RoutersClient.'
            'remove_router_interface')
        return_values = ({'status': 200}, {'ports': []})
        port_list_mock = mock.patch.object(creds.ports_admin_client,
                                           'list_ports',
                                           return_value=return_values)

        port_list_mock.start()
        secgroup_list_mock = mock.patch.object(
            creds.security_groups_admin_client,
            'list_security_groups',
            side_effect=side_effect)
        secgroup_list_mock.start()

        return_values = fake_http.fake_http_response({}, status=204), ''
        remove_secgroup_mock = self.patch(
            'tempest.lib.services.network.security_groups_client.'
            'SecurityGroupsClient.delete',
            return_value=return_values)
        creds.clear_creds()
        # Verify default security group delete
        calls = remove_secgroup_mock.mock_calls
        self.assertEqual(len(calls), 3)
        args = map(lambda x: x[1][0], calls)
        args = list(args)
        self.assertIn('v2.0/security-groups/sg-1234', args)
        self.assertIn('v2.0/security-groups/sg-12345', args)
        self.assertIn('v2.0/security-groups/sg-123456', args)
        # Verify remove router interface calls
        calls = remove_router_interface_mock.mock_calls
        self.assertEqual(len(calls), 3)
        args = map(lambda x: (x[1][0], x[2]), calls)
        args = list(args)
        self.assertIn(('1234', {'subnet_id': '1234'}), args)
        self.assertIn(('12345', {'subnet_id': '12345'}), args)
        self.assertIn(('123456', {'subnet_id': '123456'}), args)
        # Verify network delete calls
        calls = net_mock.mock_calls
        self.assertEqual(len(calls), 3)
        args = map(lambda x: x[1][0], calls)
        args = list(args)
        self.assertIn('1234', args)
        self.assertIn('12345', args)
        self.assertIn('123456', args)
        # Verify subnet delete calls
        calls = subnet_mock.mock_calls
        self.assertEqual(len(calls), 3)
        args = map(lambda x: x[1][0], calls)
        args = list(args)
        self.assertIn('1234', args)
        self.assertIn('12345', args)
        self.assertIn('123456', args)
        # Verify router delete calls
        calls = router_mock.mock_calls
        self.assertEqual(len(calls), 3)
        args = map(lambda x: x[1][0], calls)
        args = list(args)
        self.assertIn('1234', args)
        self.assertIn('12345', args)
        self.assertIn('123456', args)