def test_get_keystoneclient_v3_with_trust_id(self):
"""test_get_keystoneclient_v3_with_trust_id check that we could retrieve a Session client to work
with keystone v3 and using trust_id"""
osclients = OpenStackClients()
trust_id = "randomid0000000000000000000000001"
osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, trust_id=trust_id)
keystoneClient = osclients.get_keystoneclient()
self.assertIsInstance(keystoneClient, keystoneclient.v3.client.Client)
def test_get_keystoneclient_v2_with_tenant_id(self):
"""test_get_keystoneclient_v2_with_tenant_id check that we could retrieve a Session client to work
with keystone v2 and using tenant_id"""
osclients = OpenStackClients()
osclients.use_v3 = False
osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, tenant_id=self.OS_TENANT_ID)
keystoneClient = osclients.get_keystoneclient()
self.assertIsInstance(keystoneClient, keystoneclient.v2_0.client.Client)
def test_get_session_without_username_nor_token(self):
"""test_get_session_without_username check that we could not retrieve a session without username"""
osclients = OpenStackClients()
osclients.set_credential("", self.OS_PASSWORD,
tenant_id=self.OS_TENANT_ID)
# Checking v3
try:
osclients.get_session()
except Exception as ex:
self.assertRaises(ex)
# Checking v2
osclients.use_v3 = False
try:
osclients.get_session()
except Exception as ex:
self.assertRaises(ex)
class UserResources(object):
"""Class to list, delete user resources. Also provides a method to stop all
the VM of the tenant.
This class works creating a instance with the credential of the user owner
of the resources. It does not use an admin credential!!!"""
def __init__(self, username, password, tenant_id=None, tenant_name=None,
trust_id=None):
"""
Constructor of the class. Tenant_id or tenant_name or tust_id must be
provided.
There are two ways of using this class:
-passing the user, password, tenant_id or tenant_name of the user whose
resources are being deleted
-passing the user and password of the trustee, and the trust_id
generated to impersonate the trustor.
:param username: the user name whose resources are deleted
or the user name of the trustee
:param password: the password of the user whose resources are deleted
or the password of the trustee
:param tenant_id: the tenant id of the user whose resources must be
deleted.
:param tenant_name: the tenant name of the user whose resources must be
deleted
:param trust_id: the trust_id used to impersonate the user whose
resources must be deleted
:return: nothing
"""
self.logger = logging.getLogger(__name__)
self.clients = OpenStackClients()
if tenant_id:
self.clients.set_credential(username, password,
tenant_id=tenant_id)
elif tenant_name:
self.clients.set_credential(username, password,
tenant_name=tenant_name)
elif trust_id:
self.clients.set_credential(username, password, trust_id=trust_id)
self.trust_id = trust_id
else:
raise(
'Either tenant_id or tenant_name or trust_id must be provided')
region = self.clients.region
self.clients.override_endpoint(
'identity', region, 'admin', settings.KEYSTONE_ENDPOINT)
self.user_id = self.clients.get_session().get_user_id()
session = self.clients.get_session()
self.user_name = username
self.nova = NovaResources(self.clients)
self.cinder = CinderResources(self.clients)
self.glance = GlanceResources(self.clients)
try:
self.neutron = NeutronResources(self.clients)
except Exception:
# The region does not support Neutron
# It would be better to check the endpoint
self.neutron = None
try:
self.blueprints = BluePrintResources(self.clients)
except Exception:
# The region does not support PaaS Manager
# It would be better to check the endpoint
self.blueprints = None
try:
self.swift = SwiftResources(self.clients)
except Exception:
# The region does not support Swift
# It would be better to check the endpoint
self.swift = None
# Images in use is a set used to avoid deleting formerly glance images
# in use by other tenants
self.imagesinuse = set()
# Regions the user has access
self.regions_available = set()
self.regions_available.update(self.clients.get_regions('compute'))
def change_region(self, region):
"""
change the region. All the clients need to be updated, but the
session does not.
:param region: the name of the region
:return: nothing.
"""
self.clients.set_region(region)
self.clients.override_endpoint(
'identity', region, 'admin', settings.KEYSTONE_ENDPOINT)
self.nova.on_region_changed()
self.glance.on_region_changed()
try:
if self.swift:
self.swift.on_region_changed()
else:
self.swift = SwiftResources(self.clients)
except Exception:
# The region does not support swift
self.swift = None
self.cinder.on_region_changed()
try:
if self.blueprints:
self.blueprint.on_region_changed()
else:
self.blueprints = BluePrintResources(self.clients)
except Exception:
# The region has not configured paas manager
self.blueprints = None
try:
if self.neutron:
self.neutron.on_region_changed()
else:
self.neutron = NeutronResources(self.clients)
except Exception:
# The region does not support neutron
self.neutron = None
def delete_tenant_resources_pri_1(self):
"""Delete here all the elements that do not depend of others are
deleted first"""
try:
self.nova.delete_user_keypairs()
except Exception, e:
msg = 'Deletion of keypairs failed. Reason: '
self.logger.error(msg + str(e))
# Snapshots must be deleted before the volumes, because a snapshot
# depends of a volume.
try:
self.cinder.delete_tenant_volume_snapshots()
except Exception, e:
msg = 'Deletion of volume snaphosts failed. Reason: '
self.logger.error(msg + str(e))
def test_set_credential_to_osclients(self):
"""test_set_credential_to_osclients check that we could set credentials using method set_credential"""
username = "******"
password = "******"
tenant_name = "new_user cloud"
tenant_id = "00000000000000000000000000000002"
trust_id = "randomid0000000000000000000000001"
# FIRST CHECK: Credentials from ENV
osclients = OpenStackClients()
self.assertEqual(osclients._OpenStackClients__username, self.OS_USERNAME)
self.assertEqual(osclients._OpenStackClients__tenant_id, self.OS_TENANT_ID)
# SECOND CHECK: updating Credentials with tenant_id
osclients.set_credential(username, password,
tenant_id=tenant_id)
self.assertEqual(osclients._OpenStackClients__tenant_id, tenant_id)
# THIRD CHECK: updating Credentials with tenant_name
osclients.set_credential(username, password,
tenant_name=tenant_name)
self.assertEqual(osclients._OpenStackClients__tenant_name, tenant_name)
# FOURTH CHECK: updating Credentials with trust_id
osclients.set_credential(username, password,
trust_id=trust_id)
self.assertEqual(osclients._OpenStackClients__trust_id, trust_id)
# FIFTH CHECK: updating Credentials without trust_id, tenant_id and tenant_name
osclients.set_credential(username, password)
self.assertIsNone(osclients._OpenStackClients__trust_id)
self.assertIsNone(osclients._OpenStackClients__tenant_name)
self.assertIsNone(osclients._OpenStackClients__tenant_id)
# Creating a client to check that set_credential destroy the session with v3
novaclient = osclients.get_novaclient()
self.assertIsNotNone(osclients._session_v3)
osclients.set_credential(username, password)
self.assertIsNone(osclients._session_v3)
# Creating a client to check that set_credential destroy the session with v2
osclients.use_v3 = False
novaclient = osclients.get_novaclient()
self.assertIsNotNone(osclients._session_v2)
osclients.set_credential(username, password)
self.assertIsNone(osclients._session_v2)
# reset the password
p2 = Popen(["curl", "http://169.254.169.254/openstack/latest/meta_data.json"], stdout=PIPE)
metadatajson, err = p2.communicate()
meta = json.loads(metadatajson)["meta"]
keystone_ip = meta["keystone_ip"]
region = meta["Region"]
region2 = meta["region_keystone"]
if region2:
os.environ['OS_REGION_NAME'] = region2
wait_net_service(keystone_ip, 5000, timeout=720)
osclients = OpenStackClients('http://{0}:5000/v3/'.format(keystone_ip))
osclients.set_credential('idm', 'idm', 'idm')
# create idm region user
password_changer = PasswordChanger(osclients)
idm = password_changer.get_user_byname("idm")
idm = password_changer.get_user_byname('idm')
# new_password = password_changer.reset_password(idm)
new_password = '******'
credential = """export OS_AUTH_URL=http://{0}:5000/v3/
export OS_AUTH_URL_V2=http://{0}:5000/v2.0/
export OS_USERNAME={2}
export OS_TENANT_NAME=idm
export OS_PROJECT_DOMAIN_NAME=default
class ServersFacade(object):
def __init__(self, target):
"""Create a new Facade for the specified target (a target is shared
between regions using the same credential)"""
self.osclients = OpenStackClients(target['keystone_url'])
self.osclients.set_credential(target['user'], target['password'],
target['tenant'])
if target.get('use_keystone_v3', False):
self.osclients.set_keystone_version(True)
else:
self.osclients.set_keystone_version(False)
self.session = self.osclients.get_session()
self.target = target
# This is a default value
self.images_dir = '/var/lib/glance/images'
self.logger = logger_cli
def _get_glanceclient(self, region):
"""helper method, to get a glanceclient for the region"""
self.osclients.set_region(region)
return self.osclients.get_glanceclient()
def get_regions(self):
"""It returns the list of regions on the specified target.
:return: a list of region names.
"""
return self.osclients.get_regions('image')
def get_imagelist(self, regionobj):
"""return a image list from the glance of the specified region
:param regionobj: The GlanceSyncRegion object of the region to list
:return: a list of GlanceSyncImage objects
"""
client = self._get_glanceclient(regionobj.region)
try:
target = regionobj.target
# We need a Pool to implement a timeout. Unfortunately
# setting client.images.client.timeout does nothing.
if 'list_images_timeout' in target:
timeout = target['list_images_timeout']
else:
timeout = _default_timeout
pool = Pool(1)
result = pool.apply_async(_getrawimagelist, (client,))
images = result.get(timeout=timeout)
image_list = list()
for image in images:
i = GlanceSyncImage(
image['name'], image['id'], regionobj.fullname,
image['owner'], image['is_public'], image['checksum'],
image['size'], image['status'], image['properties'], image)
image_list.append(i)
except TimeoutError:
msg = regionobj.fullname + \
': Timeout while retrieving image list.'
self.logger.error(msg)
raise GlanceFacadeException(msg)
except Exception, e:
cause = str(e)
if not cause:
cause = repr(e)
msg = regionobj.fullname + \
': Error retrieving image list. Cause: ' + cause
self.logger.error(msg)
raise GlanceFacadeException(msg)
return image_list
class ServersFacade(object):
def __init__(self, target):
"""Create a new Facade for the specified target (a target is shared
between regions using the same credential)"""
self.osclients = OpenStackClients(target['keystone_url'])
self.osclients.set_credential(target['user'], target['password'],
target['tenant'])
if target.get('use_keystone_v3', False):
self.osclients.set_keystone_version(True)
else:
self.osclients.set_keystone_version(False)
self.session = self.osclients.get_session()
self.target = target
# This is a default value
self.images_dir = '/var/lib/glance/images'
self.logger = logger_cli
def _get_glanceclient(self, region):
"""helper method, to get a glanceclient for the region"""
self.osclients.set_region(region)
return self.osclients.get_glanceclient()
def get_regions(self):
"""It returns the list of regions on the specified target.
:return: a list of region names.
"""
return self.osclients.get_regions('image')
def get_imagelist(self, regionobj):
"""return a image list from the glance of the specified region
:param regionobj: The GlanceSyncRegion object of the region to list
:return: a list of GlanceSyncImage objects
"""
client = self._get_glanceclient(regionobj.region)
try:
target = regionobj.target
# We need a Pool to implement a timeout. Unfortunately
# setting client.images.client.timeout does nothing.
if 'list_images_timeout' in target:
timeout = target['list_images_timeout']
else:
timeout = _default_timeout
pool = Pool(1)
result = pool.apply_async(_getrawimagelist, (client, ))
images = result.get(timeout=timeout)
image_list = list()
for image in images:
i = GlanceSyncImage(image['name'], image['id'],
regionobj.fullname, image['owner'],
image['is_public'], image['checksum'],
image['size'], image['status'],
image['properties'], image)
image_list.append(i)
except TimeoutError:
msg = regionobj.fullname + \
': Timeout while retrieving image list.'
self.logger.error(msg)
raise GlanceFacadeException(msg)
except Exception, e:
cause = str(e)
if not cause:
cause = repr(e)
msg = regionobj.fullname + \
': Error retrieving image list. Cause: ' + cause
self.logger.error(msg)
raise GlanceFacadeException(msg)
return image_list
# reset the password
p2 = Popen(["curl", "http://169.254.169.254/openstack/latest/meta_data.json"],
stdout=PIPE)
metadatajson, err = p2.communicate()
meta = json.loads(metadatajson)["meta"]
keystone_ip = meta["keystone_ip"]
region = meta["Region"]
region2 = meta["region_keystone"]
if region2:
os.environ['OS_REGION_NAME'] = region2
wait_net_service(keystone_ip, 5000, timeout=720)
osclients = OpenStackClients('http://{0}:5000/v3/'.format(keystone_ip))
osclients.set_credential('idm', 'idm', 'idm')
# create idm region user
password_changer = PasswordChanger(osclients)
idm = password_changer.get_user_byname("idm")
idm = password_changer.get_user_byname('idm')
# new_password = password_changer.reset_password(idm)
new_password = '******'
credential = """export OS_AUTH_URL=http://{0}:5000/v3/
export OS_AUTH_URL_V2=http://{0}:5000/v2.0/
export OS_USERNAME={2}
export OS_TENANT_NAME=idm
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
