def tenant_access_rm(args): """ Handle tenant access rm command """ error_info = auth_api._tenant_access_rm(args.name, args.datastore) if error_info: return operation_fail(error_info.msg) else: print("vm-group access rm succeeded")
def RemovePrivilege(self, tenant, datastore): logging.info("Removing privilege (datastore=%s) from tenant: %s", datastore, tenant.name) error_info = auth_api._tenant_access_rm(tenant.name, datastore) if error_info: logging.error("Failed to remove privilege from tenant: %s", error_info.msg) if error_info.code == ErrorCode.TENANT_NOT_EXIST: raise vim.fault.NotFound(msg=error_info.msg) elif error_info.code == ErrorCode.DS_NOT_EXIST or error_info.code == ErrorCode.PRIVILEGE_NOT_FOUND: raise vmodl.fault.InvalidArgument(invalidProperty="datastore") else: raise vim.fault.VcsFault(msg=error_info.msg) logging.info("Succssfully removed privilege (datastore=%s) from tenant: %s", datastore, tenant.name)
def RemovePrivilege(self, tenant, datastore): logging.info("Removing privilege (datastore=%s) from tenant: %s", datastore, tenant.name) error_info = auth_api._tenant_access_rm(tenant.name, datastore) if error_info: logging.error("Failed to remove privilege from tenant: %s", error_info.msg) if error_info.code == ErrorCode.TENANT_NOT_EXIST: raise vim.fault.NotFound(msg=error_info.msg) elif error_info.code == ErrorCode.DS_NOT_EXIST or error_info.code == ErrorCode.PRIVILEGE_NOT_FOUND: raise vmodl.fault.InvalidArgument(invalidProperty="datastore") else: raise vim.fault.VcsFault(msg=error_info.msg) logging.info( "Succssfully removed privilege (datastore=%s) from tenant: %s", datastore, tenant.name)
def test_tenant_access(self): """ Test AdminCLI command for tenant access management """ # create tenant1 without adding any vms and privileges # the "default_datastore" will be set to "_VM_DS" # a full access privilege will be created for tenant1 error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=auth_data_const.VM_DS, description="Test tenant1", vm_list=[self.vm1_name], privileges=[]) self.assertEqual(None, error_info) # now, should only have privilege to ""_VM_DS error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(1, len(rows)) expected_output = [auth_data_const.VM_DS, "True", "Unset", "Unset"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # remove the privilege to "_VM_DS", which should fail # since "_VM_DS still the "default_datastore" for tenant1 error_info = auth_api._tenant_access_rm( name=self.tenant1_name, datastore=auth_data_const.VM_DS) self.assertNotEqual(None, error_info) # add a access privilege for tenant to self.datastore_name # allow_create = False # max_volume size = 600MB # total_volume size = 1GB volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add( name=self.tenant1_name, datastore=self.datastore_name, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB) self.assertEqual(None, error_info) # update the "default_datastore" to self.datastore_name error_info = auth_api._tenant_update( name=self.tenant1_name, default_datastore=self.datastore_name) self.assertEqual(None, error_info) # try to remove the privilege to "_VM_DS" again, which should not fail # since the "default_datastore" for tenant1 is set to self.datastore_name error_info = auth_api._tenant_access_rm( name=self.tenant1_name, datastore=auth_data_const.VM_DS) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) header = vmdkops_admin.tenant_access_ls_headers() # There are 4 columns for each row, the name of the columns are # "Datastore", "Allow_create", "Max_volume_size", "Total_size" # Sample output of a row: # ['datastore1', 'False', '600.00MB', '1.00GB'] _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT) # tenant aceess privilege should only have a row now self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, "False", "600.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # update the access privileges # change allow_create to True # change max_volume size to 1000MB # change total_volume size to 2GB volume_maxsize_in_MB = convert.convert_to_MB("1000MB") volume_totalsize_in_MB = convert.convert_to_MB("3GB") self.parser = vmdkops_admin.create_parser() privilege_test_info = [ ["False", "False"], ["FALSE", "False"], ["false", "False"], ["True", "True"], ["TRUE", "True"], ["true", "True"], ] for val in privilege_test_info: command = ("vmgroup access set --name={0} ".format( self.tenant1_name)) command += ("--datastore={0} ".format(self.datastore_name)) command += ("--allow-create={0} ".format(val[0])) command += ("--volume-maxsize=500MB --volume-totalsize=1GB") args = self.parser.parse_args(command.split()) error_info = vmdkops_admin.tenant_access_set(args) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls( self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(len(rows), 1) expected_output = [ self.datastore_name, val[1], "500.00MB", "1.00GB" ] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) print( "[Negative test case]: Expected invalid values for allow-create option" ) for val in ["INVALID", ""]: command = ("vmgroup access set --name={0} ".format( self.tenant1_name)) command += ("--datastore={0} ".format(self.datastore_name)) command += ("--allow-create={0} ".format(val)) command += ("--volume-maxsize=500MB --volume-totalsize=1GB") args = self.parser.parse_args(command.split()) error_info = vmdkops_admin.tenant_access_set(args) expected_message = "Invalid value {0} for allow-create option".format( val) self.assertEqual(expected_message, error_info) if self.datastore1_name: # second datastore is available, can test tenant update with --default_datastore error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) # Two tenants in the list, "_DEFAULT" and "test_tenant1" # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1" # There are 5 columns for each row, the name of the columns are # "Uuid", "Name", "Description", "Default_datastore", "VM_list" # Sample output of one row: # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1'] _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore_name self.assertEqual(expected_output, actual_output) # add access privilege to self.datastore1_name volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add( name=self.tenant1_name, datastore=self.datastore1_name, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB) self.assertEqual(None, error_info) # update the "default_datastore" error_info = auth_api._tenant_update( name=self.tenant1_name, default_datastore=self.datastore1_name) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore1_name self.assertEqual(expected_output, actual_output) # switch the "default_datastore" to self.datastore_name error_info = auth_api._tenant_update( name=self.tenant1_name, default_datastore=self.datastore_name) self.assertEqual(error_info, None) # remove the privilege to self.datastore1_name error_info = auth_api._tenant_access_rm( name=self.tenant1_name, datastore=self.datastore1_name) self.assertEqual(error_info, None) # remove access privileges, which should fail # since the "default_datastore" is set to self.datastore_name # cannot remove the privilege error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=self.datastore_name) self.assertNotEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) # now, only have a privilege to self.datastore_name _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(1, len(rows)) expected_output = [self.datastore_name, "True", "500.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output)
def test_tenant(self): """ Test AdminCLI command for tenant management """ # create tenant1 vm_list = [self.vm1_name] # create tenant and set "default_datastore" to an invalide datastore_name # should fail since the "default_datastore" is not valid error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=self.bad_datastore_name, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertNotEqual(None, error_info) # try to create the tenant and set "default_datastore" to "_ALL_DS" # should fail since "_ALL_DS" cannot be set as "default_datastore" error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=self.bad_datastore_name, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertNotEqual(None, error_info) # try to create the tenant and set "default_datastore" to "_VM_DS" # should succeed error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=auth_data_const.VM_DS, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) self.assertEqual(len(header), TENANT_LS_EXPECTED_COLUMN_COUNT) # Two tenants in the list, "_DEFAULT" and "test_tenant1" # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1" self.assertEqual(len(rows), 2) # There are 5 columns for each row, the name of the columns are # "Uuid", "Name", "Description", "Default_datastore", "VM_list" # Sample output of rows[1]: # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1'] expected_output = [ self.tenant1_name, "Test tenant1", auth_data_const.VM_DS, generate_vm_name_str(vm_list) ] actual_output = [ convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] self.assertEqual(expected_output, actual_output) # tenant update to update description and default_datastore # update default_datastore to self.datastore_name, which should succeed error_info = auth_api._tenant_update( name=self.tenant1_name, description="This is test tenant1", default_datastore=self.datastore_name) self.assertEqual(None, error_info) # update default_datastore to "_ALL_DS", which should fail error_info = auth_api._tenant_update( name=self.tenant1_name, default_datastore=auth_data_const.ALL_DS) self.assertNotEqual(None, error_info) # list the access privilege for tenant1 # now should have two access privileges # to datastore "_VM_DS" and self.datastore error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(len(rows), 2) if rows[0][0] == self.datastore_name: expected_output = [[self.datastore_name, 'True', 'Unset', 'Unset'], [ auth_data_const.VM_DS, 'True', 'Unset', 'Unset' ]] else: expected_output = [[ auth_data_const.VM_DS, 'True', 'Unset', 'Unset' ], [self.datastore_name, 'True', 'Unset', 'Unset']] actual_output = [[rows[0][0], rows[0][1], rows[0][2], rows[0][3]], [rows[1][0], rows[1][1], rows[1][2], rows[1][3]]] self.assertEqual(expected_output, actual_output) # remove access privilege to "_VM_DS" error_info = auth_api._tenant_access_rm( name=self.tenant1_name, datastore=auth_data_const.VM_DS) self.assertEqual(None, error_info) # now, should only have one access privilege error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows( privileges, self.tenant1_name) self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, 'True', 'Unset', 'Unset'] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # update default vmgroup description error_info = auth_api._tenant_update( name=auth_data_const.DEFAULT_TENANT, description="This is the default vmgroup") self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) expected_output = [ self.tenant1_name, "This is test tenant1", self.datastore_name, generate_vm_name_str(vm_list) ] actual_output = [ convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] self.assertEqual(expected_output, actual_output) # tenant update to rename the tenant error_info = auth_api._tenant_update(name=self.tenant1_name, new_name=self.tenant1_new_name) self.assertEqual(None, error_info) # verify default vmgroup can't be renamed error_info = auth_api._tenant_update( name=auth_data_const.DEFAULT_TENANT, new_name=self.tenant1_new_name) self.assertNotEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) expected_output = [ self.tenant1_new_name, "This is test tenant1", self.datastore_name, generate_vm_name_str(vm_list) ] actual_output = [ convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] # tenant rm to remove the tenant error_info = auth_api._tenant_vm_rm(name=self.tenant1_new_name, vm_list=vm_list) self.assertEqual(None, error_info) error_info = test_utils.cleanup_tenant(self.tenant1_new_name) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # right now, should only have 1 tenant, which is "_DEFAULT" tenant self.assertEqual(len(rows), 1)
def test_tenant_access(self): """ Test AdminCLI command for tenant access management """ # create tenant1 without adding any vms and privileges # the "default_datastore" will be set to "_VM_DS" # a full access privilege will be created for tenant1 error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=auth_data_const.VM_DS, description="Test tenant1", vm_list=[self.vm1_name], privileges=[]) self.assertEqual(None, error_info) # now, should only have privilege to ""_VM_DS error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(1, len(rows)) expected_output = [auth_data_const.VM_DS, "True", "Unset", "Unset"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # remove the privilege to "_VM_DS", which should fail # since "_VM_DS still the "default_datastore" for tenant1 error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=auth_data_const.VM_DS ) self.assertNotEqual(None, error_info) # add a access privilege for tenant to self.datastore_name # allow_create = False # max_volume size = 600MB # total_volume size = 1GB volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add(name=self.tenant1_name, datastore=self.datastore_name, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB ) self.assertEqual(None, error_info) # update the "default_datastore" to self.datastore_name error_info = auth_api._tenant_update(name=self.tenant1_name, default_datastore=self.datastore_name) self.assertEqual(None, error_info) # try to remove the privilege to "_VM_DS" again, which should not fail # since the "default_datastore" for tenant1 is set to self.datastore_name error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=auth_data_const.VM_DS ) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) header = vmdkops_admin.tenant_access_ls_headers() # There are 4 columns for each row, the name of the columns are # "Datastore", "Allow_create", "Max_volume_size", "Total_size" # Sample output of a row: # ['datastore1', 'False', '600.00MB', '1.00GB'] _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT) # tenant aceess privilege should only have a row now self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, "False", "600.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # update the access privileges # change allow_create to True # change max_volume size to 1000MB # change total_volume size to 2GB volume_maxsize_in_MB = convert.convert_to_MB("1000MB") volume_totalsize_in_MB = convert.convert_to_MB("3GB") self.parser = vmdkops_admin.create_parser() privilege_test_info = [ ["False", "False"], ["FALSE", "False"], ["false", "False"], ["True", "True"], ["TRUE", "True"], ["true", "True"], ] for val in privilege_test_info: command = ("vmgroup access set --name={0} ".format(self.tenant1_name)) command += ("--datastore={0} ".format(self.datastore_name)) command += ("--allow-create={0} ".format(val[0])) command += ("--volume-maxsize=500MB --volume-totalsize=1GB") args = self.parser.parse_args(command.split()) error_info = vmdkops_admin.tenant_access_set(args) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, val[1], "500.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) print("[Negative test case]: Expected invalid values for allow-create option") for val in ["INVALID", ""]: command = ("vmgroup access set --name={0} ".format(self.tenant1_name)) command += ("--datastore={0} ".format(self.datastore_name)) command += ("--allow-create={0} ".format(val)) command += ("--volume-maxsize=500MB --volume-totalsize=1GB") args = self.parser.parse_args(command.split()) error_info = vmdkops_admin.tenant_access_set(args) expected_message = "ERROR:Invalid value {0} for allow-create option".format(val) self.assertEqual(expected_message, error_info) if self.datastore1_name: # second datastore is available, can test tenant update with --default_datastore error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) # Two tenants in the list, "_DEFAULT" and "test_tenant1" # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1" # There are 5 columns for each row, the name of the columns are # "Uuid", "Name", "Description", "Default_datastore", "VM_list" # Sample output of one row: # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1'] _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore_name self.assertEqual(expected_output, actual_output) # add access privilege to self.datastore1_name volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add(name=self.tenant1_name, datastore=self.datastore1_name, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB) self.assertEqual(None, error_info) # update the "default_datastore" error_info = auth_api._tenant_update(name=self.tenant1_name, default_datastore=self.datastore1_name) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore1_name self.assertEqual(expected_output, actual_output) # switch the "default_datastore" to self.datastore_name error_info = auth_api._tenant_update(name=self.tenant1_name, default_datastore=self.datastore_name) self.assertEqual(error_info, None) # remove the privilege to self.datastore1_name error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=self.datastore1_name) self.assertEqual(error_info, None) # remove access privileges, which should fail # since the "default_datastore" is set to self.datastore_name # cannot remove the privilege error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=self.datastore_name) self.assertNotEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) # now, only have a privilege to self.datastore_name _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(1, len(rows)) expected_output = [self.datastore_name, "True", "500.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output)
def test_tenant(self): """ Test AdminCLI command for tenant management """ # create tenant1 vm_list = [self.vm1_name] # create tenant and set "default_datastore" to an invalide datastore_name # should fail since the "default_datastore" is not valid error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=self.bad_datastore_name, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertNotEqual(None, error_info) # try to create the tenant and set "default_datastore" to "_ALL_DS" # should fail since "_ALL_DS" cannot be set as "default_datastore" error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=self.bad_datastore_name, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertNotEqual(None, error_info) # try to create the tenant and set "default_datastore" to "_VM_DS" # should succeed error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, default_datastore=auth_data_const.VM_DS, description="Test tenant1", vm_list=vm_list, privileges=[]) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) self.assertEqual(len(header), TENANT_LS_EXPECTED_COLUMN_COUNT) # Two tenants in the list, "_DEFAULT" and "test_tenant1" # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1" self.assertEqual(len(rows), 2) # There are 5 columns for each row, the name of the columns are # "Uuid", "Name", "Description", "Default_datastore", "VM_list" # Sample output of rows[1]: # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1'] expected_output = [self.tenant1_name, "Test tenant1", auth_data_const.VM_DS, generate_vm_name_str(vm_list)] actual_output = [convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] self.assertEqual(expected_output, actual_output) # tenant update to update description and default_datastore # update default_datastore to self.datastore_name, which should succeed error_info = auth_api._tenant_update( name=self.tenant1_name, description="This is test tenant1", default_datastore=self.datastore_name) self.assertEqual(None, error_info) # update default_datastore to "_ALL_DS", which should fail error_info = auth_api._tenant_update( name=self.tenant1_name, default_datastore=auth_data_const.ALL_DS) self.assertNotEqual(None, error_info) # list the access privilege for tenant1 # now should have two access privileges # to datastore "_VM_DS" and self.datastore error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(len(rows), 2) if rows[0][0] == self.datastore_name: expected_output = [ [self.datastore_name, 'True', 'Unset', 'Unset'], [auth_data_const.VM_DS, 'True', 'Unset', 'Unset'] ] else: expected_output = [ [auth_data_const.VM_DS, 'True', 'Unset', 'Unset'], [self.datastore_name, 'True', 'Unset', 'Unset'] ] actual_output = [ [rows[0][0], rows[0][1], rows[0][2], rows[0][3]], [rows[1][0], rows[1][1], rows[1][2], rows[1][3]] ] self.assertEqual(expected_output, actual_output) # remove access privilege to "_VM_DS" error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=auth_data_const.VM_DS) self.assertEqual(None, error_info) # now, should only have one access privilege error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) _, rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges, self.tenant1_name) self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, 'True', 'Unset', 'Unset'] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # update default vmgroup description error_info = auth_api._tenant_update(name=auth_data_const.DEFAULT_TENANT, description="This is the default vmgroup") self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) expected_output = [self.tenant1_name, "This is test tenant1", self.datastore_name, generate_vm_name_str(vm_list)] actual_output = [convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] self.assertEqual(expected_output, actual_output) # tenant update to rename the tenant error_info = auth_api._tenant_update( name=self.tenant1_name, new_name=self.tenant1_new_name) self.assertEqual(None, error_info) # verify default vmgroup can't be renamed error_info = auth_api._tenant_update(name=auth_data_const.DEFAULT_TENANT, new_name=self.tenant1_new_name) self.assertNotEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) expected_output = [self.tenant1_new_name, "This is test tenant1", self.datastore_name, generate_vm_name_str(vm_list)] actual_output = [convert_to_str(rows[1][1]), convert_to_str(rows[1][2]), convert_to_str(rows[1][3]), convert_to_str(rows[1][4]) ] # tenant rm to remove the tenant error_info = auth_api._tenant_vm_rm(name=self.tenant1_new_name, vm_list=vm_list) self.assertEqual(None, error_info) error_info = test_utils.cleanup_tenant(self.tenant1_new_name) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) header = vmdkops_admin.tenant_ls_headers() _, rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # right now, should only have 1 tenant, which is "_DEFAULT" tenant self.assertEqual(len(rows), 1)
def test_tenant_access(self): """ Test AdminCLI command for tenant access management """ # create tenant1 without adding any vms and privileges error_info, tenant = auth_api._tenant_create( name=self.tenant1_name, description="Test tenant1", vm_list=[self.vm1_name], privileges=[]) self.assertEqual(None, error_info) # add first access privilege for tenant # allow_create = False # max_volume size = 600MB # total_volume size = 1GB volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add(name=self.tenant1_name, datastore=self.datastore_name, default_datastore=False, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB ) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) header = vmdkops_admin.tenant_access_ls_headers() # There are 4 columns for each row, the name of the columns are # "Datastore", "Allow_create", "Max_volume_size", "Total_size" # Sample output of a row: # ['datastore1', 'False', '600.00MB', '1.00GB'] rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges) self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT) # tenant aceess privilege should only have a row now self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, "False", "600.00MB", "1.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) # update the access privileges # change allow_create to True # change max_volume size to 1000MB # change total_volume size to 2GB volume_maxsize_in_MB = convert.convert_to_MB("1000MB") volume_totalsize_in_MB = convert.convert_to_MB("3GB") error_info = auth_api._tenant_access_set(name=self.tenant1_name, datastore=self.datastore_name, allow_create="True", volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB ) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges) self.assertEqual(len(rows), 1) expected_output = [self.datastore_name, "True", "1000.00MB", "3.00GB"] actual_output = [rows[0][0], rows[0][1], rows[0][2], rows[0][3]] self.assertEqual(expected_output, actual_output) if self.datastore1_name: # second datastore is available, can test tenant access add with --default_datastore error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) # Two tenants in the list, "_DEFAULT" and "test_tenant1" # rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1" # There are 5 columns for each row, the name of the columns are # "Uuid", "Name", "Description", "Default_datastore", "VM_list" # Sample output of one row: # [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1'] rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore_name self.assertEqual(expected_output, actual_output) # add second access privilege for tenant # allow_create = False # max_volume size = 600MB # total_volume size = 1GB volume_maxsize_in_MB = convert.convert_to_MB("600MB") volume_totalsize_in_MB = convert.convert_to_MB("1GB") error_info = auth_api._tenant_access_add(name=self.tenant1_name, datastore=self.datastore1_name, default_datastore=True, allow_create=False, volume_maxsize_in_MB=volume_maxsize_in_MB, volume_totalsize_in_MB=volume_totalsize_in_MB ) self.assertEqual(None, error_info) error_info, tenant_list = auth_api._tenant_ls() self.assertEqual(None, error_info) rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list) # get "default_datastore" from the output actual_output = rows[1][3] expected_output = self.datastore1_name self.assertEqual(expected_output, actual_output) error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=self.datastore1_name) self.assertEqual(error_info, None) # remove access privileges error_info = auth_api._tenant_access_rm(name=self.tenant1_name, datastore=self.datastore_name) self.assertEqual(None, error_info) error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name) self.assertEqual(None, error_info) rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges) # no tenant access privilege available for this tenant self.assertEqual(rows, [])