def get_configured_admin_credentials(fill_in=True, identity_version=None):
identity_version = identity_version or CONF.identity.auth_version
if identity_version not in ('v2', 'v3'):
raise exceptions.InvalidConfiguration('Unsupported auth version: %s' %
identity_version)
conf_attributes = ['username', 'password', 'project_name']
if identity_version == 'v3':
conf_attributes.append('domain_name')
# Read the parts of credentials from config
params = DEFAULT_PARAMS.copy()
for attr in conf_attributes:
params[attr] = getattr(CONF.auth, 'admin_' + attr)
# Build and validate credentials. We are reading configured credentials,
# so validate them even if fill_in is False
credentials = get_credentials(fill_in=fill_in,
identity_version=identity_version,
**params)
if not fill_in:
if not credentials.is_valid():
msg = ("The admin credentials are incorrectly set in the config "
"file for identity version %s. Double check that all "
"required values are assigned.")
raise exceptions.InvalidConfiguration(msg % identity_version)
return credentials
def _set_identity_clients(self):
params = {
'service': CONF.identity.catalog_type,
'region': CONF.identity.region,
'endpoint_type': 'adminURL'
}
params.update(self.default_params_with_timeout_values)
self.identity_client = IdentityClient(self.auth_provider, **params)
self.identity_v3_client = IdentityV3Client(self.auth_provider,
**params)
self.endpoints_client = EndPointClient(self.auth_provider, **params)
self.service_client = ServiceClient(self.auth_provider, **params)
self.policy_client = PolicyClient(self.auth_provider, **params)
self.region_client = RegionClient(self.auth_provider, **params)
self.credentials_client = CredentialsClient(self.auth_provider,
**params)
# Token clients do not use the catalog. They only need default_params.
# They read auth_url, so they should only be set if the corresponding
# API version is marked as enabled
if CONF.identity_feature_enabled.api_v2:
if CONF.identity.uri:
self.token_client = TokenClientJSON(CONF.identity.uri,
**self.default_params)
else:
msg = 'Identity v2 API enabled, but no identity.uri set'
raise exceptions.InvalidConfiguration(msg)
if CONF.identity_feature_enabled.api_v3:
if CONF.identity.uri_v3:
self.token_v3_client = V3TokenClientJSON(
CONF.identity.uri_v3, **self.default_params)
else:
msg = 'Identity v3 API enabled, but no identity.uri_v3 set'
raise exceptions.InvalidConfiguration(msg)
def get_configured_credentials(credential_type, fill_in=True,
identity_version=None):
identity_version = identity_version or CONF.identity.auth_version
if identity_version not in ('v2', 'v3'):
raise exceptions.InvalidConfiguration(
'Unsupported auth version: %s' % identity_version)
if credential_type not in CREDENTIAL_TYPES:
raise exceptions.InvalidCredentials()
conf_attributes = ['username', 'password', 'tenant_name']
if identity_version == 'v3':
conf_attributes.append('domain_name')
# Read the parts of credentials from config
params = DEFAULT_PARAMS.copy()
section, prefix = CREDENTIAL_TYPES[credential_type]
for attr in conf_attributes:
_section = getattr(CONF, section)
if prefix is None:
params[attr] = getattr(_section, attr)
else:
params[attr] = getattr(_section, prefix + "_" + attr)
# Build and validate credentials. We are reading configured credentials,
# so validate them even if fill_in is False
credentials = get_credentials(fill_in=fill_in,
identity_version=identity_version, **params)
if not fill_in:
if not credentials.is_valid():
msg = ("The %s credentials are incorrectly set in the config file."
" Double check that all required values are assigned" %
credential_type)
raise exceptions.InvalidConfiguration(msg)
return credentials
def _set_identity_clients(self):
params = {
'service': CONF.identity.catalog_type,
'region': CONF.identity.region
}
params.update(self.default_params_with_timeout_values)
params_v2_admin = params.copy()
params_v2_admin['endpoint_type'] = CONF.identity.v2_admin_endpoint_type
# Client uses admin endpoint type of Keystone API v2
self.identity_client = IdentityClient(self.auth_provider,
**params_v2_admin)
self.tenants_client = TenantsClient(self.auth_provider,
**params_v2_admin)
self.roles_client = RolesClient(self.auth_provider, **params_v2_admin)
self.users_client = UsersClient(self.auth_provider, **params_v2_admin)
params_v2_public = params.copy()
params_v2_public['endpoint_type'] = (
CONF.identity.v2_public_endpoint_type)
# Client uses public endpoint type of Keystone API v2
self.identity_public_client = IdentityClient(self.auth_provider,
**params_v2_public)
self.tenants_public_client = TenantsClient(self.auth_provider,
**params_v2_public)
self.roles_public_client = RolesClient(self.auth_provider,
**params_v2_public)
self.users_public_client = UsersClient(self.auth_provider,
**params_v2_public)
params_v3 = params.copy()
params_v3['endpoint_type'] = CONF.identity.v3_endpoint_type
# Clients below use the endpoint type of Keystone API v3
self.identity_v3_client = IdentityV3Client(self.auth_provider,
**params_v3)
self.endpoints_client = EndPointV3Client(self.auth_provider,
**params_v3)
self.identity_services_client = IdentityServicesV3Client(
self.auth_provider, **params_v3)
self.policies_client = PoliciesV3Client(self.auth_provider,
**params_v3)
self.regions_client = RegionsV3Client(self.auth_provider, **params_v3)
self.credentials_client = CredentialsV3Client(self.auth_provider,
**params_v3)
self.groups_client = GroupsV3Client(self.auth_provider, **params_v3)
# Token clients do not use the catalog. They only need default_params.
# They read auth_url, so they should only be set if the corresponding
# API version is marked as enabled
if CONF.identity_feature_enabled.api_v2:
if CONF.identity.uri:
self.token_client = TokenClient(CONF.identity.uri,
**self.default_params)
else:
msg = 'Identity v2 API enabled, but no identity.uri set'
raise exceptions.InvalidConfiguration(msg)
if CONF.identity_feature_enabled.api_v3:
if CONF.identity.uri_v3:
self.token_v3_client = V3TokenClient(CONF.identity.uri_v3,
**self.default_params)
else:
msg = 'Identity v3 API enabled, but no identity.uri_v3 set'
raise exceptions.InvalidConfiguration(msg)
def get_network_from_name(name, compute_networks_client):
"""Get a full network dict from just a network name
:param str name: the name of the network to use
:param NetworksClientJSON compute_networks_client: The network client
object to use for making the network lists api request
:return: The full dictionary for the network in question
:rtype: dict
:raises InvalidConfiguration: If the name provided is invalid, the networks
list returns a 404, there are no found networks, or the found network
is invalid
"""
caller = misc_utils.find_test_caller()
if not name:
raise exceptions.InvalidConfiguration()
try:
networks = compute_networks_client.list_networks(name=name)
except lib_exc.NotFound:
# In case of nova network, if the fixed_network_name is not
# owned by the tenant, and the network client is not an admin
# one, list_networks will not find it
msg = ('Unable to find network %s. '
'Starting instance without specifying a network.' % name)
if caller:
msg = '(%s) %s' % (caller, msg)
LOG.info(msg)
raise exceptions.InvalidConfiguration()
# Check that a network exists, else raise an InvalidConfigurationException
if len(networks) == 1:
network = sorted(networks)[0]
elif len(networks) > 1:
msg = ("Network with name: %s had multiple matching networks in the "
"list response: %s\n Unable to specify a single network" %
(name, networks))
if caller:
msg = '(%s) %s' % (caller, msg)
LOG.warn(msg)
raise exceptions.InvalidConfiguration()
else:
msg = "Network with name: %s not found" % name
if caller:
msg = '(%s) %s' % (caller, msg)
LOG.warn(msg)
raise exceptions.InvalidConfiguration()
# To be consistent between neutron and nova network always use name even
# if label is used in the api response. If neither is present than then
# the returned network is invalid.
name = network.get('name') or network.get('label')
if not name:
msg = "Network found from list doesn't contain a valid name or label"
if caller:
msg = '(%s) %s' % (caller, msg)
LOG.warn(msg)
raise exceptions.InvalidConfiguration()
network['name'] = name
return network
def __init__(self, username=None, password=None, tenant_name=None,
interface='json'):
"""
We allow overriding of the credentials used within the various
client classes managed by the Manager object. Left as None, the
standard username/password/tenant_name is used.
:param username: Override of the username
:param password: Override of the password
:param tenant_name: Override of the tenant name
"""
self.config = config.TempestConfig()
# If no creds are provided, we fall back on the defaults
# in the config file for the Compute API.
self.username = username or self.config.compute.username
self.password = password or self.config.compute.password
self.tenant_name = tenant_name or self.config.compute.tenant_name
if None in (self.username, self.password, self.tenant_name):
msg = ("Missing required credentials. "
"username: %(username)s, password: %(password)s, "
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
self.auth_url = self.config.identity.auth_url
if self.config.identity.strategy == 'keystone':
client_args = (self.config, self.username, self.password,
self.auth_url, self.tenant_name)
else:
client_args = (self.config, self.username, self.password,
self.auth_url)
try:
self.servers_client = SERVERS_CLIENTS[interface](*client_args)
self.limits_client = LIMITS_CLIENTS[interface](*client_args)
self.keypairs_client = KEYPAIRS_CLIENTS[interface](*client_args)
self.flavors_client = FLAVORS_CLIENTS[interface](*client_args)
self.extensions_client = \
EXTENSIONS_CLIENTS[interface](*client_args)
self.volumes_extensions_client = \
VOLUMES_EXTENSIONS_CLIENTS[interface](*client_args)
except KeyError:
msg = "Unsupported interface type `%s'" % interface
raise exceptions.InvalidConfiguration(msg)
self.images_client = ImagesClient(*client_args)
self.security_groups_client = SecurityGroupsClient(*client_args)
self.floating_ips_client = FloatingIPsClient(*client_args)
self.console_outputs_client = ConsoleOutputsClient(*client_args)
self.network_client = NetworkClient(*client_args)
self.volumes_client = VolumesClient(*client_args)
def test_schedule_to_all_nodes(self):
host_client = self.manager.hosts_client
hosts = host_client.list_hosts()['hosts']
hosts = [x for x in hosts if x['service'] == 'compute']
# ensure we have at least as many compute hosts as we expect
if len(hosts) < CONF.compute.min_compute_nodes:
raise exceptions.InvalidConfiguration(
"Host list %s is shorter than min_compute_nodes. "
"Did a compute worker not boot correctly?" % hosts)
# create 1 compute for each node, up to the min_compute_nodes
# threshold (so that things don't get crazy if you have 1000
# compute nodes but set min to 3).
servers = []
for host in hosts[:CONF.compute.min_compute_nodes]:
# by getting to active state here, this means this has
# landed on the host in question.
inst = self.create_server(
availability_zone='%(zone)s:%(host_name)s' % host,
wait_until='ACTIVE')
server = self.servers_client.show_server(inst['id'])['server']
servers.append(server)
# make sure we really have the number of servers we think we should
self.assertEqual(len(servers), CONF.compute.min_compute_nodes,
"Incorrect number of servers built %s" % servers)
# ensure that every server ended up on a different host
host_ids = [x['hostId'] for x in servers]
self.assertEqual(
len(set(host_ids)), len(servers),
"Incorrect number of distinct host_ids scheduled to %s" % servers)
def _validate_credentials(self, username, password, tenant_name):
if None in (username, password, tenant_name):
msg = ("Missing required credentials. "
"username: %(u)s, password: %(p)s, "
"tenant_name: %(t)s" %
{'u': username, 'p': password, 't': tenant_name})
raise exceptions.InvalidConfiguration(msg)
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
admin_creds = get_configured_admin_credentials(
fill_in=True, identity_version=identity_version)
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
admin_creds=admin_creds,
**_get_dynamic_provider_params())
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name,
identity_version=identity_version,
**_get_preprov_provider_params())
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
def build_url(host,
port,
api_version=None,
path=None,
params=None,
use_ssl=False):
"""Build the request URL from given host, port, path and parameters"""
pattern = 'v\d\.\d'
if re.match(pattern, path):
message = 'Version should not be included in path.'
raise exceptions.InvalidConfiguration(message=message)
if use_ssl:
url = "https://" + host
else:
url = "http://" + host
if port is not None:
url += ":" + port
url += "/"
if api_version is not None:
url += api_version + "/"
if path is not None:
url += path
if params is not None:
url += "?"
url += urllib.urlencode(params)
return url
def __init__(self, username=None, password=None, tenant_name=None,
interface='json'):
"""
We allow overriding of the credentials used within the various
client classes managed by the Manager object. Left as None, the
standard username/password/tenant_name is used.
:param username: Override of the username
:param password: Override of the password
:param tenant_name: Override of the tenant name
"""
self.config = config.TempestConfig()
# If no creds are provided, we fall back on the defaults
# in the config file for the Compute API.
self.username = username or self.config.identity.username
self.password = password or self.config.identity.password
self.tenant_name = tenant_name or self.config.identity.tenant_name
if None in (self.username, self.password, self.tenant_name):
msg = ("Missing required credentials. "
"username: %(u)s, password: %(p)s, "
"tenant_name: %(t)s" %
{'u': username, 'p': password, 't': tenant_name})
raise exceptions.InvalidConfiguration(msg)
self.auth_url = self.config.identity.uri
client_args = (self.config, self.username, self.password,
self.auth_url, self.tenant_name)
# common clients
self.dynamodb_client = botoclients.APIClientDynamoDB(*client_args)
self.magnetodb_client = MagnetoDBClientJSON(*client_args)
def resource_setup(cls):
super(L3AgentSchedulerTestJSON, cls).resource_setup()
body = cls.admin_agents_client.list_agents()
agents = body['agents']
for agent in agents:
# TODO(armax): falling back on default _agent_mode can be
# dropped as soon as Icehouse is dropped.
agent_mode = (agent['configurations'].get('agent_mode',
cls._agent_mode))
if agent['agent_type'] == AGENT_TYPE and agent_mode in AGENT_MODES:
cls.agent = agent
break
else:
msg = "L3 Agent Scheduler enabled in conf, but L3 Agent not found"
raise exceptions.InvalidConfiguration(msg)
cls.router = cls.create_router(data_utils.rand_name('router'))
# NOTE(armax): If DVR is an available extension, and the created router
# is indeed a distributed one, more resources need to be provisioned
# in order to bind the router to the L3 agent.
# That said, let's preserve the existing test logic, where the extra
# query and setup steps are only required if the extension is available
# and only if the router's default type is distributed.
if test.is_extension_enabled('dvr', 'network'):
cls.is_dvr_router = cls.admin_client.show_router(
cls.router['id'])['router'].get('distributed', False)
if cls.is_dvr_router:
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.port = cls.create_port(cls.network)
cls.client.add_router_interface_with_port_id(
cls.router['id'], cls.port['id'])
def test_create_port_in_allowed_allocation_pools(self):
network = self.create_network()
net_id = network['id']
address = self._get_ipaddress_from_tempest_conf()
if ((address.version == 4 and address.prefixlen >= 30)
or (address.version == 6 and address.prefixlen >= 126)):
msg = ("Subnet %s isn't large enough for the test" % address.cidr)
raise exceptions.InvalidConfiguration(message=msg)
allocation_pools = {
'allocation_pools': [{
'start': str(address[2]),
'end': str(address[-2])
}]
}
subnet = self.create_subnet(network,
cidr=address,
mask_bits=address.prefixlen,
**allocation_pools)
self.addCleanup(self.subnets_client.delete_subnet, subnet['id'])
body = self.ports_client.create_port(network_id=net_id)
self.addCleanup(self.ports_client.delete_port, body['port']['id'])
port = body['port']
ip_address = port['fixed_ips'][0]['ip_address']
start_ip_address = allocation_pools['allocation_pools'][0]['start']
end_ip_address = allocation_pools['allocation_pools'][0]['end']
ip_range = netaddr.IPRange(start_ip_address, end_ip_address)
self.assertIn(ip_address, ip_range)
def check_skip_with_microversion(test_min_version, test_max_version,
cfg_min_version, cfg_max_version):
min_version = api_version_request.APIVersionRequest(test_min_version)
max_version = api_version_request.APIVersionRequest(test_max_version)
config_min_version = api_version_request.APIVersionRequest(cfg_min_version)
config_max_version = api_version_request.APIVersionRequest(cfg_max_version)
if ((min_version > max_version)
or (config_min_version > config_max_version)):
msg = (
"Min version is greater than Max version. Test Class versions "
"[%s - %s]. configuration versions [%s - %s]." %
(min_version.get_string(), max_version.get_string(),
config_min_version.get_string(), config_max_version.get_string()))
raise exceptions.InvalidConfiguration(msg)
# NOTE: Select tests which are in range of configuration like
# config min config max
# ----------------+--------------------------+----------------
# ...don't-select|
# ...select... ...select... ...select...
# |don't-select...
# ......................select............................
if (max_version < config_min_version or config_max_version < min_version):
msg = (
"The microversion range[%s - %s] of this test is out of the "
"configuration range[%s - %s]." %
(min_version.get_string(), max_version.get_string(),
config_min_version.get_string(), config_max_version.get_string()))
raise testtools.TestCase.skipException(msg)
def _get_network_client(self):
# The intended configuration is for the network client to have
# admin privileges and indicate for whom resources are being
# created via a 'tenant_id' parameter. This will often be
# preferable to authenticating as a specific user because
# working with certain resources (public routers and networks)
# often requires admin privileges anyway.
username = self.config.identity.admin_username
password = self.config.identity.admin_password
tenant_name = self.config.identity.admin_tenant_name
if None in (username, password, tenant_name):
msg = ("Missing required credentials for network client. "
"username: %(username)s, password: %(password)s, "
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
auth_url = self.config.identity.uri
dscv = self.config.identity.disable_ssl_certificate_validation
return quantumclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
auth_url=auth_url,
insecure=dscv)
def is_multi_user(self):
# Default credentials is not a valid option with locking Account
if self.use_default_creds:
raise exceptions.InvalidConfiguration(
"Account file %s doesn't exist" % CONF.auth.test_accounts_file)
else:
return len(self.hash_dict) > 1
def _get_identity_client(self,
username=None,
password=None,
tenant_name=None):
# This identity client is not intended to check the security
# of the identity service, so use admin credentials by default.
if not username:
username = self.config.identity.admin_username
if not password:
password = self.config.identity.admin_password
if not tenant_name:
tenant_name = self.config.identity.admin_tenant_name
if None in (username, password, tenant_name):
msg = ("Missing required credentials for identity client. "
"username: %(username)s, password: %(password)s, "
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
auth_url = self.config.identity.uri
dscv = self.config.identity.disable_ssl_certificate_validation
return keystoneclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
auth_url=auth_url,
insecure=dscv)
def _get_creds(self, roles=None):
if self.use_default_creds:
raise exceptions.InvalidConfiguration(
"Account file %s doesn't exist" % CONF.auth.test_accounts_file)
useable_hashes = self._get_match_hash_list(roles)
free_hash = self._get_free_hash(useable_hashes)
return self.hash_dict['creds'][free_hash]
def _get_match_hash_list(self, roles=None):
hashes = []
if roles:
# Loop over all the creds for each role in the subdict and generate
# a list of cred lists for each role
for role in roles:
temp_hashes = self.hash_dict['roles'].get(role, None)
if not temp_hashes:
raise exceptions.InvalidConfiguration(
"No credentials with role: %s specified in the "
"accounts ""file" % role)
hashes.append(temp_hashes)
# Take the list of lists and do a boolean and between each list to
# find the creds which fall under all the specified roles
temp_list = set(hashes[0])
for hash_list in hashes[1:]:
temp_list = temp_list & set(hash_list)
hashes = temp_list
else:
hashes = self.hash_dict['creds'].keys()
# NOTE(mtreinish): admin is a special case because of the increased
# privlege set which could potentially cause issues on tests where that
# is not expected. So unless the admin role isn't specified do not
# allocate admin.
admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role,
None)
if ((not roles or CONF.identity.admin_role not in roles) and
admin_hashes):
useable_hashes = [x for x in hashes if x not in admin_hashes]
else:
useable_hashes = hashes
return useable_hashes
def setUp(self):
super(TestShareBasicOps, self).setUp()
# Setup image and flavor the test instance
# Support both configured and injected values
if not hasattr(self, 'flavor_ref'):
self.flavor_ref = CONF.compute.flavor_ref
if CONF.share.image_with_share_tools:
images = self.images_client.list_images()
for img in images:
if img["name"] == CONF.share.image_with_share_tools:
self.image_ref = img['id']
break
if not self.image_ref:
msg = ("Image %s not found" %
CONF.share.image_with_share_tools)
raise exceptions.InvalidConfiguration(message=msg)
self.image_utils = test_utils.ImageUtils()
if not self.image_utils.is_flavor_enough(self.flavor_ref,
self.image_ref):
raise self.skipException(
'{image} does not fit in {flavor}'.format(
image=self.image_ref, flavor=self.flavor_ref
)
)
self.ssh_user = CONF.compute.image_ssh_user
LOG.debug('Starting test for i:{image}, f:{flavor}. '
'user: {ssh_user}'.format(
image=self.image_ref, flavor=self.flavor_ref,
ssh_user=self.ssh_user))
def _get_compute_client(self,
username=None,
password=None,
tenant_name=None):
# Novaclient will not execute operations for anyone but the
# identified user, so a new client needs to be created for
# each user that operations need to be performed for.
if not username:
username = self.config.compute.username
if not password:
password = self.config.compute.password
if not tenant_name:
tenant_name = self.config.compute.tenant_name
if None in (username, password, tenant_name):
msg = ("Missing required credentials for compute client. "
"username: %(username)s, password: %(password)s, "
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
# Novaclient adds a /tokens/ part to the auth URL automatically
auth_url = self.config.identity.auth_url.rstrip('tokens')
client_args = (username, password, tenant_name, auth_url)
# Create our default Nova client to use in testing
service_type = self.config.compute.catalog_type
return novaclient.client.Client(self.NOVACLIENT_VERSION,
*client_args,
service_type=service_type,
no_cache=True)
def _create_network_resources(self, tenant_id):
network = None
subnet = None
router = None
# Make sure settings
if self.network_resources:
if self.network_resources['router']:
if (not self.network_resources['subnet']
or not self.network_resources['network']):
raise exceptions.InvalidConfiguration(
'A router requires a subnet and network')
elif self.network_resources['subnet']:
if not self.network_resources['network']:
raise exceptions.InvalidConfiguration(
'A subnet requires a network')
elif self.network_resources['dhcp']:
raise exceptions.InvalidConfiguration('DHCP requires a subnet')
data_utils.rand_name_root = data_utils.rand_name(self.name)
if not self.network_resources or self.network_resources['network']:
network_name = data_utils.rand_name_root + "-network"
network = self._create_network(network_name, tenant_id)
try:
if not self.network_resources or self.network_resources['subnet']:
subnet_name = data_utils.rand_name_root + "-subnet"
subnet = self._create_subnet(subnet_name, tenant_id,
network['id'])
if not self.network_resources or self.network_resources['router']:
router_name = data_utils.rand_name_root + "-router"
router = self._create_router(router_name, tenant_id)
self._add_router_interface(router['id'], subnet['id'])
except Exception:
try:
if router:
self._clear_isolated_router(router['id'], router['name'])
if subnet:
self._clear_isolated_subnet(subnet['id'], subnet['name'])
if network:
self._clear_isolated_network(network['id'],
network['name'])
except Exception as cleanup_exception:
msg = "There was an exception trying to setup network " \
"resources for tenant %s, and this error happened " \
"trying to clean them up: %s"
LOG.warning(msg % (tenant_id, cleanup_exception))
raise
return network, subnet, router
def skip_checks(cls):
super(BaseComputeTest, cls).skip_checks()
if not CONF.service_available.nova:
raise cls.skipException("Nova is not available")
if cls._api_version != 2:
msg = ("Unexpected API version is specified (%s)" %
cls._api_version)
raise exceptions.InvalidConfiguration(message=msg)
def _get_creds(self, roles=None):
if self.use_default_creds:
raise exceptions.InvalidConfiguration(
"Account file %s doesn't exist" % CONF.auth.test_accounts_file)
useable_hashes = self._get_match_hash_list(roles)
free_hash = self._get_free_hash(useable_hashes)
clean_creds = self._sanitize_creds(self.hash_dict['creds'][free_hash])
LOG.info('%s allocated creds:\n%s' % (self.name, clean_creds))
return self._wrap_creds_with_network(free_hash)
def read_accounts_yaml(path):
try:
with open(path, 'r') as yaml_file:
accounts = yaml.load(yaml_file)
except IOError:
raise exceptions.InvalidConfiguration(
'The path for the test accounts file: %s '
'could not be found' % path)
return accounts
def resource_setup(cls):
cls.set_network_resources()
super(BaseComputeTest, cls).resource_setup()
# TODO(andreaf) WE should care also for the alt_manager here
# but only once client lazy load in the manager is done
cls.os = cls.get_client_manager()
cls.multi_user = cls.check_multi_user()
cls.build_interval = CONF.compute.build_interval
cls.build_timeout = CONF.compute.build_timeout
cls.ssh_user = CONF.compute.ssh_user
cls.image_ref = CONF.compute.image_ref
cls.image_ref_alt = CONF.compute.image_ref_alt
cls.flavor_ref = CONF.compute.flavor_ref
cls.flavor_ref_alt = CONF.compute.flavor_ref_alt
cls.image_ssh_user = CONF.compute.image_ssh_user
cls.image_ssh_password = CONF.compute.image_ssh_password
cls.servers = []
cls.images = []
cls.security_groups = []
cls.server_groups = []
if cls._api_version == 2:
cls.servers_client = cls.os.servers_client
cls.flavors_client = cls.os.flavors_client
cls.images_client = cls.os.images_client
cls.extensions_client = cls.os.extensions_client
cls.floating_ips_client = cls.os.floating_ips_client
cls.keypairs_client = cls.os.keypairs_client
cls.security_groups_client = cls.os.security_groups_client
cls.quotas_client = cls.os.quotas_client
# NOTE(mriedem): os-quota-class-sets is v2 API only
cls.quota_classes_client = cls.os.quota_classes_client
# NOTE(mriedem): os-networks is v2 API only
cls.networks_client = cls.os.networks_client
cls.limits_client = cls.os.limits_client
cls.volumes_extensions_client = cls.os.volumes_extensions_client
cls.volumes_client = cls.os.volumes_client
cls.interfaces_client = cls.os.interfaces_client
cls.fixed_ips_client = cls.os.fixed_ips_client
cls.availability_zone_client = cls.os.availability_zone_client
cls.agents_client = cls.os.agents_client
cls.aggregates_client = cls.os.aggregates_client
cls.services_client = cls.os.services_client
cls.instance_usages_audit_log_client = \
cls.os.instance_usages_audit_log_client
cls.hypervisor_client = cls.os.hypervisor_client
cls.certificates_client = cls.os.certificates_client
cls.migrations_client = cls.os.migrations_client
cls.security_group_default_rules_client = (
cls.os.security_group_default_rules_client)
else:
msg = ("Unexpected API version is specified (%s)" %
cls._api_version)
raise exceptions.InvalidConfiguration(message=msg)
def get_creds(self, id):
try:
# No need to sort the dict as within the same python process
# the HASH seed won't change, so subsequent calls to keys()
# will return the same result
_hash = self.hash_dict.keys()[id]
except IndexError:
msg = 'Insufficient number of users provided'
raise exceptions.InvalidConfiguration(msg)
return self.hash_dict[_hash]
def __init__(self, auth_url):
super(V3TokenClientJSON, self).__init__(None, None, None)
if not auth_url:
raise exceptions.InvalidConfiguration('you must specify a v3 uri '
'if using the v3 identity '
'api')
if 'auth/tokens' not in auth_url:
auth_url = auth_url.rstrip('/') + '/auth/tokens'
self.auth_url = auth_url
def _unique_creds(self, cred_arg=None):
"""Verify that the configured credentials are valid and distinct """
try:
user = self.get_primary_creds()
alt_user = self.get_alt_creds()
return getattr(user, cred_arg) != getattr(alt_user, cred_arg)
except exceptions.InvalidCredentials as ic:
msg = "At least one of the configured credentials is " \
"not valid: %s" % ic.message
raise exceptions.InvalidConfiguration(msg)
def read_role_sets_yaml(path):
# Reads in the role sets to use
try:
with open(path, 'r') as yaml_file:
role_sets = yaml.safe_load(yaml_file)
except IOError:
raise exceptions.InvalidConfiguration(
('The path for the role sets file: %s '
'could not be found.') % path)
return role_sets