#!/bin/python
from os import environ as env
import keystoneclient.v2_0.client as ksclient
keystone = ksclient.Client(auth_url=env['OS_AUTH_URL'],
username=env['OS_USERNAME'],
password=env['OS_PASSWORD'],
tenant_name=env['OS_TENANT_NAME'])
#keystone2 =ksclient.Client()
#env['tokens']=keystone.auth_token
print keystone.auth_token
help='Glance file store image directory',
default='/var/lib/glance/images')
argparser.add_argument('--debug',
help='Enable API debugging',
action='store_true')
argparser.add_argument('--criticality',
help='Set sensu alert level, critical is default',
default='critical')
options = argparser.parse_args()
store_directory = options.imagedir
if 'OS_CACERT' in os.environ.keys():
glance_auth['ca_cert'] = os.environ['OS_CACERT']
keystone = ksclient.Client(**glance_auth)
auth_token = keystone.auth_token
endpoint = keystone.service_catalog.url_for(service_type='image',
endpoint_type='publicURL')
if options.debug:
logging.basicConfig(level=logging.DEBUG)
glance = client.Client('2', endpoint=endpoint, token=auth_token)
glance.format = 'json'
# Fetch the list of files in store_directory matching the UUID regex
uuid_re = re.compile(
r'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
files = [(x, os.path.join(store_directory, x))
def func():
auth_ref = self._get_client_by_creds().auth_ref
return keystone_client.Client(auth_ref=auth_ref,
endpoint=self.config.cloud.auth_url,
cacert=self.config.cloud.cacert,
insecure=self.config.cloud.insecure)
def _auth(profile=None, api_version=2, **connection_args):
'''
Set up glance credentials, returns
`glanceclient.client.Client`. Optional parameter
"api_version" defaults to 2.
Only intended to be used within glance-enabled modules
'''
if profile:
prefix = profile + ":keystone."
else:
prefix = "keystone."
def get(key, default=None):
'''
Checks connection_args, then salt-minion config,
falls back to specified default value.
'''
return connection_args.get('connection_' + key,
__salt__['config.get'](prefix + key, default))
user = get('user', 'admin')
password = get('password', None)
tenant = get('tenant', 'admin')
tenant_id = get('tenant_id')
auth_url = get('auth_url', 'http://127.0.0.1:35357/v2.0')
insecure = get('insecure', False)
admin_token = get('token')
region = get('region')
ks_endpoint = get('endpoint', 'http://127.0.0.1:9292/')
g_endpoint_url = __salt__['keystone.endpoint_get']('glance', profile)
# The trailing 'v2' causes URLs like thise one:
# http://127.0.0.1:9292/v2/v1/images
g_endpoint_url = re.sub('/v2', '', g_endpoint_url['internalurl'])
if admin_token and api_version != 1 and not password:
# If we had a password we could just
# ignore the admin-token and move on...
raise SaltInvocationError('Only can use keystone admin token ' +
'with Glance API v1')
elif password:
# Can't use the admin-token anyway
kwargs = {'username': user,
'password': password,
'tenant_id': tenant_id,
'auth_url': auth_url,
'endpoint_url': g_endpoint_url,
'region_name': region,
'tenant_name': tenant}
# 'insecure' keyword not supported by all v2.0 keystone clients
# this ensures it's only passed in when defined
if insecure:
kwargs['insecure'] = True
elif api_version == 1 and admin_token:
kwargs = {'token': admin_token,
'auth_url': auth_url,
'endpoint_url': g_endpoint_url}
else:
raise SaltInvocationError('No credentials to authenticate with.')
if HAS_KEYSTONE:
log.debug('Calling keystoneclient.v2_0.client.Client(' +
'{0}, **{1})'.format(ks_endpoint, kwargs))
keystone = kstone.Client(**kwargs)
log.debug(help(keystone.get_token))
kwargs['token'] = keystone.get_token(keystone.session)
# This doesn't realy prevent the password to show up
# in the minion log as keystoneclient.session is
# logging it anyway when in debug-mode
kwargs.pop('password')
log.debug('Calling glanceclient.client.Client(' +
'{0}, {1}, **{2})'.format(api_version,
g_endpoint_url, kwargs))
# may raise exc.HTTPUnauthorized, exc.HTTPNotFound
# but we deal with those elsewhere
return client.Client(api_version, g_endpoint_url, **kwargs)
else:
raise NotImplementedError(
"Can't retrieve a auth_token without keystone")
Developer: [email protected] """ import os import time import pdb import novaclient.v1_1.client as nvclient from novaclient.base import * from novaclient.exceptions import NotFound from config import FLOATING_IP_CREATION, IMAGE_NAME, FLAVOUR_NAME,OS_USERNAME, OS_TENANT_NAME, OS_PASSWORD, OS_AUTH_URL from credentials import get_nova_credentials, get_tenant_nova_credentials,get_credentials from floating_ips import add_floating_ip_for_vm import glanceclient.v2.client as glance_client import keystoneclient.v2_0.client as ksclient keystone = ksclient.Client(auth_url="http://172.168.2.40:35357/v2.0", username="******", password="******", tenant_name="admin") token = keystone.auth_ref['token']['id'] credentials = get_nova_credentials() nova = nvclient.Client(**credentials) #glance=glance_client.Client(username=OS_USERNAME,password=OS_PASSWORD,tenant_name=OS_TENANT_NAME,auth_url=OS_AUTH_URL) glance=glance_client.Client(endpoint="http://172.168.2.40:9292", token=token) if not nova.keypairs.findall(name="admin"): with open(os.path.expanduser('~/.ssh/id_rsa.pub')) as fpubkey: nova.keypairs.create(name="admin", public_key=fpubkey.read()) def upload_image_glance(): pdb.set_trace()
print "listorphans.py <object> where object is one or more of",
print "'networks', 'routers', 'subnets', 'floatingips' or 'all'"
def get_credentials():
d = {}
d['username'] = os.environ['OS_USERNAME']
d['password'] = os.environ['OS_PASSWORD']
d['auth_url'] = os.environ['OS_AUTH_URL']
d['tenant_name'] = os.environ['OS_TENANT_NAME']
return d
credentials = get_credentials()
neutron = nclient.Client(**credentials)
keystone = ksclient.Client(**credentials)
def get_tenantids():
return [tenant.id for tenant in keystone.tenants.list()]
def get_orphaned_neutron_objects(object):
objects = getattr(neutron, 'list_' + object)()
tenantids = get_tenantids()
orphans = []
for object in objects.get(object):
if object['tenant_id'] not in tenantids:
orphans.append(object['id'])
return orphans
def nova_deploy_instace():
service_types = []
service_status = {}
INITIAL_STATUS = "UNKNOWN"
service_url = {}
FLAVOR_NAME = "cirros.1"
NETWORK_NAME = "default"
IMAGE_NAME = "cirros-0.3.4"
#keystone = client.Client(username=os.environ['OS_USERNAME'],
# password=os.environ['OS_PASSWORD'],
# tenant_name=os.environ['OS_TENANT_NAME'],
# auth_url=os.environ['OS_AUTH_URL'])
auth = v2.Password(auth_url=os.environ["OS_AUTH_URL"],
username=os.environ["OS_USERNAME"],
password=os.environ['OS_PASSWORD'],
tenant_name=os.environ['OS_TENANT_NAME'])
sess = session.Session(auth=auth)
#get keystone session
keystone = client.Client(session=sess)
#print keystone.tenants.list()
nova = novaClient.Client("2",
session=keystone.session,
timings=True,
timeout=1)
flavor = nova.flavors.find(name=FLAVOR_NAME)
if not flavor:
print "No flavour found"
exit(0)
#Get glance images
glance = glanceClient.Client("1", session=keystone.session)
image = glance.images.find(name=IMAGE_NAME)
if not image:
print "No image found"
exit(0)
#get neutron /netrowk info
neutron = neutronClient.Client(session=keystone.session)
networks = neutron.list_networks(name=NETWORK_NAME)
if not networks:
print "No default network found"
exit(0)
nics = [{'net-id': networks['networks'][0]['id']}]
index = 0
while index == 0:
results = []
try:
# Starting nova instance
result = initResult()
nova.reset_timings()
result["action"] = "Create"
result["invoked_time"] = str(datetime.datetime.now())
instance = nova.servers.create(name="PUTTUR_IS_HERE",
image=image,
flavor=flavor,
nics=nics)
instance_id = instance.id
result["time"] = getTimings(nova.get_timings())
result['id'] = instance_id
result['name'] = instance.name
nova.reset_timings()
# Poll at 2?? second intervals, until the status is no longer 'BUILD' or need to decide when to stop '' till it is running?
status = instance.status
result["status"] = status
if status == "ERROR":
result["error_state"] = instance.error
results.append(result)
print_result(results)
exit(0)
results.append(result)
#exit(0)
#check status
while status == 'BUILD':
time.sleep(1)
result = initResult()
# Retrieve the instance again so the status field updates
try:
nova.reset_timings()
instance = nova.servers.get(instance_id)
if instance.status != status:
result["invoked_time"] = str(datetime.datetime.now())
status = instance.status
result["action"] = "GET_STATUS"
result["status"] = status
if hasattr(instance, "fault"):
result["fault"] = get_fault(instance.fault)
result["time"] = getTimings(nova.get_timings())
results.append(result)
except Exception as err:
result["error_state"] = err
results.append(result)
#if the status is Not Build, delete
except Exception as err:
result["error_state"] = err
results.append(result)
#print_result(results)
#Delete instance and print
result = delete_instance(nova, instance_id)
results.append(result)
print_result(results)
# This script creates an instance called "instance2"
from keystoneclient.v2_0 import client as keystone_client
from glanceclient import Client as glance_client
from novaclient.v1_1 import client as nova_client
keystone = keystone_client.Client(username='******', password='******', tenant_name='userj', auth_url='http://controller:35357/v2.0')
endpoint = keystone.service_catalog.url_for(service_type='image', endpoint_type='publicURL')
glance = glance_client('2', endpoint, token=keystone.auth_token)
nova = nova_client.Client('userj', 'Password123', 'userj', 'http://controller:35357/v2.0')
nova.servers.create(name='instance2', flavor=nova.flavors.find(name="m1.small"), image=nova.images.find(name="ubuntu-trusty-14.04"), nics=[{'net-id': '71ae39ba-28a0-4635-baa7-8bdc28dac1ea'}], key_name="demo-key")
def get_keystone_client(username=None, password=None,
auth_url=None, tenant_name=None):
"""Get keystone client
"""
return ksclient.Client(username=username, password=password,
auth_url=auth_url, tenant_name=tenant_name)
def post_handle(message):
cf = ConfigParser.ConfigParser()
logger = logging.getLogger("GlanceHandler")
glanceDao = DRGlanceDao()
cf.read("/home/eshufan/projects/drcontroller/drcontroller/conf/set.conf")
drf_keystone = keystoneclient.Client(auth_url=cf.get("drf", "auth_url"),
username=cf.get("drf", "user"),
password=cf.get("drf", "password"),
tenant_name=cf.get(
"drf", "tenant_name"))
drf_glance_endpoint = drf_keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
drf_glance = glanceclient.Client('1',
drf_glance_endpoint,
token=drf_keystone.auth_token)
# print "drf:", drf_glance_endpoint
# pdb.set_trace()
image_id = message['Response']['image']['id']
status = message['Response']['image']['status']
logger.info('Create shadow image for ' + image_id + ' in dr site')
# status=drf_glance.images.get(image_id).status
# count=0
# while (status != 'active') and (status != 'killed'):
# time.sleep(1)
# if status == 'queued':
# count +=1
# else:
# count = 0
# if count == 5:
# glanceDao.add(DRGlance(primary_uuid=image_id,status='queued'))
# break
# status=drf_glance.images.get(image_id).status
if status == 'queued':
glanceDao.add(DRGlance(primary_uuid=image_id, status='queued'))
if status == 'active':
new_data = drf_glance.images.data(image_id)._resp
drc_keystone = keystoneclient.Client(
auth_url=cf.get("drc", "auth_url"),
username=cf.get("drc", "user"),
password=cf.get("drc", "password"),
tenant_name=cf.get("drc", "tenant_name"))
drc_glance_endpoint = drc_keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
drc_glance = glanceclient.Client('1',
drc_glance_endpoint,
token=drc_keystone.auth_token)
image = drc_glance.images.create(
name=message['Response']['image']['name'] + "_shadow",
container_format=message['Response']['image']['container_format'],
min_ram=message['Response']['image']['min_ram'],
disk_format=message['Response']['image']['disk_format'],
min_disk=message['Response']['image']['min_disk'],
protected=str(message['Response']['image']['protected']),
is_public=str(message['Response']['image']['is_public']),
owner=message['Response']['image']['owner'],
data=new_data)
glanceDao.add(
DRGlance(primary_uuid=image_id,
secondary_uuid=image.id,
status='active'))
logger.info('Shadow image ' + image.id + ' created for ' + image_id)
def keystoneclient(request,
username=None,
password=None,
tenant_id=None,
token_id=None,
endpoint=None,
endpoint_type=None,
admin=False):
"""Returns a client connected to the Keystone backend.
Several forms of authentication are supported:
* Username + password -> Unscoped authentication
* Username + password + tenant id -> Scoped authentication
* Unscoped token -> Unscoped authentication
* Unscoped token + tenant id -> Scoped authentication
* Scoped token -> Scoped authentication
Available services and data from the backend will vary depending on
whether the authentication was scoped or unscoped.
Lazy authentication if an ``endpoint`` parameter is provided.
Calls requiring the admin endpoint should have ``admin=True`` passed in
as a keyword argument.
The client is cached so that subsequent API calls during the same
request/response cycle don't have to be re-authenticated.
"""
user = request.user
if admin:
if not user.is_admin():
raise exceptions.NotAuthorized
endpoint_type = 'adminURL'
else:
endpoint_type = endpoint_type or getattr(
settings, 'OPENSTACK_ENDPOINT_TYPE', 'internalURL')
# Take care of client connection caching/fetching a new client.
# Admin vs. non-admin clients are cached separately for token matching.
cache_attr = "_keystone_admin" if admin else "_keystone"
if hasattr(request, cache_attr) and (not token_id or getattr(
request, cache_attr).auth_token == token_id):
LOG.debug("Using cached client for token: %s" % user.token)
conn = getattr(request, cache_attr)
else:
endpoint_lookup = _get_endpoint_url(request, endpoint_type)
auth_url = endpoint or endpoint_lookup
LOG.debug("Creating a new keystoneclient connection to %s." % auth_url)
conn = keystone_client.Client(username=username or user.username,
password=password,
tenant_id=tenant_id or user.tenant_id,
token=token_id or user.token,
auth_url=auth_url,
endpoint=endpoint)
setattr(request, cache_attr, conn)
# Fetch the correct endpoint if we've re-scoped the token.
catalog = getattr(conn, 'service_catalog', None)
if catalog and "serviceCatalog" in catalog.catalog.keys():
catalog = catalog.catalog['serviceCatalog']
endpoint = _get_endpoint_url(request, endpoint_type, catalog)
conn.management_url = endpoint
return conn
def put_handle(message):
glanceDao = DRGlanceDao()
cf = ConfigParser.ConfigParser()
cf.read("/home/eshufan/projects/drcontroller/drcontroller/conf/set.conf")
image_id = message['Response']['image']['id']
try:
glancedb = glanceDao.get_by_primary_uuid(image_id)
gl_status = glancedb.status
except:
return
if gl_status == 'queued':
drf_keystone = keystoneclient.Client(
auth_url=cf.get("drf", "auth_url"),
username=cf.get("drf", "user"),
password=cf.get("drf", "password"),
tenant_name=cf.get("drf", "tenant_name"))
drf_glance_endpoint = drf_keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
drf_glance = glanceclient.Client('1',
drf_glance_endpoint,
token=drf_keystone.auth_token)
# status=drf_glance.images.get(image_id).status
# count=0
# while (status != 'active') and (status != 'killed'):
# time.sleep(1)
# if status == 'queued':
# count +=1
# else:
# count = 0
# if count == 5:
# break
# status=drf_glance.images.get(image_id).status
status = message['Response']['image']['status']
if status == 'active':
new_data = drf_glance.images.data(image_id)._resp
drc_keystone = keystoneclient.Client(
auth_url=cf.get("drc", "auth_url"),
username=cf.get("drc", "user"),
password=cf.get("drc", "password"),
tenant_name=cf.get("drc", "tenant_name"))
drc_glance_endpoint = drc_keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
drc_glance = glanceclient.Client('1',
drc_glance_endpoint,
token=drc_keystone.auth_token)
image = drc_glance.images.create(
name=message['Response']['image']['name'] + "_shadow",
container_format=message['Response']['image']
['container_format'],
min_ram=message['Response']['image']['min_ram'],
disk_format=message['Response']['image']['disk_format'],
min_disk=message['Response']['image']['min_disk'],
protected=str(message['Response']['image']['protected']),
is_public=str(message['Response']['image']['is_public']),
owner=message['Response']['image']['owner'],
data=new_data)
glanceDao.delete_by_primary_uuid(image_id)
glanceDao.add(
DRGlance(primary_uuid=image_id,
secondary_uuid=image.id,
status='active'))
if gl_status == 'active':
try:
drc_id = glanceDao.get_by_primary_uuid(image_id).secondary_uuid
except:
return
drc_keystone = keystoneclient.Client(
auth_url=cf.get("drc", "auth_url"),
username=cf.get("drc", "user"),
password=cf.get("drc", "password"),
tenant_name=cf.get("drc", "tenant_name"))
drc_glance_endpoint = drc_keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
drc_glance = glanceclient.Client('1',
drc_glance_endpoint,
token=drc_keystone.auth_token)
image = drc_glance.images.update(
image=drc_id,
name=message['Response']['image']['name'] + "_shadow",
container_format=message['Response']['image']['container_format'],
min_ram=message['Response']['image']['min_ram'],
disk_format=message['Response']['image']['disk_format'],
min_disk=message['Response']['image']['min_disk'],
protected=str(message['Response']['image']['protected']),
is_public=str(message['Response']['image']['is_public']),
owner=message['Response']['image']['owner'])
def keystone(self):
if self._keystone is None:
ret_count = self.options.get('retries', 1)
tmp_passwd = self.generate_random_passwd()
while True:
if ret_count <= 0:
self.log.error(
">>> Keystone error: no more retries for connect to keystone server."
)
sys.exit(1)
try:
a_token = self.options.get('auth-token')
a_url = self.options.get('admin-auth-url')
if a_token and a_url:
self.log.debug("Authentication by predefined token.")
# create keystone instance, authorized by service token
ks = ks_client.Client(
token=a_token,
endpoint=a_url,
)
service_tenant = ks.tenants.find(name='services')
auth_url = ks.endpoints.find(
service_id=ks.services.find(
type='identity').id).internalurl
# find and re-create temporary rescheduling-admin user with random password
try:
user = ks.users.find(username=TMP_USER_NAME)
ks.users.delete(user)
except ks_NotFound:
# user not found, it's OK
pass
user = ks.users.create(TMP_USER_NAME,
tmp_passwd,
tenant_id=service_tenant.id)
ks.roles.add_user_role(user,
ks.roles.find(name='admin'),
service_tenant)
# authenticate newly-created tmp neutron admin
self._keystone = ks_client.Client(
username=user.username,
password=tmp_passwd,
tenant_id=user.tenantId,
auth_url=auth_url,
)
self._need_cleanup_tmp_admin = True
else:
self.log.debug(
"Authentication by given credentionals.")
self._keystone = ks_client.Client(
username=self.auth_config['OS_USERNAME'],
password=self.auth_config['OS_PASSWORD'],
tenant_name=self.auth_config['OS_TENANT_NAME'],
auth_url=self.auth_config['OS_AUTH_URL'],
)
break
except Exception as e:
errmsg = str(e.message).strip(
) # str() need, because keystone may use int as message in exception
if re.search(r"Connection\s+refused$", errmsg, re.I) or \
re.search(r"Connection\s+timed\s+out$", errmsg, re.I) or\
re.search(r"Lost\s+connection\s+to\s+MySQL\s+server", errmsg, re.I) or\
re.search(r"Service\s+Unavailable$", errmsg, re.I) or\
re.search(r"'*NoneType'*\s+object\s+has\s+no\s+attribute\s+'*__getitem__'*$", errmsg, re.I) or \
re.search(r"No\s+route\s+to\s+host$", errmsg, re.I):
self.log.info(
">>> Can't connect to {0}, wait for server ready..."
.format(self.auth_config['OS_AUTH_URL']))
time.sleep(self.options.sleep)
else:
self.log.error(">>> Keystone error:\n{0}".format(
e.message))
raise e
ret_count -= 1
return self._keystone
# Config
config = yaml.load(open("config.yaml", "r"))
# Slack
def slack(s):
payload = { "text" : "image-builder: " + s }
requests.post(config["slack"]["webhook"], data=json.dumps(payload))
# OpenStack
openstack = config["openstack"]
nova_client = nova.Client(username=openstack["username"], api_key=openstack["password"], project_id=openstack["tenant"], auth_url=openstack["auth_url"])
keystone_client = keystone.Client(username=openstack["username"], password=openstack["password"], tenant_name=openstack["tenant"], auth_url=openstack["auth_url"])
glance_url = keystone_client.service_catalog.url_for(service_type="image", endpoint_type="publicURL")
swift_url = keystone_client.service_catalog.url_for(service_type="object-store", endpoint_type="publicURL")
glance_client = glanceclient.Client(endpoint=glance_url, token=keystone_client.auth_token)
def horizon(type, id, name = None):
if name is None:
name = id
return "<%s|%s>" % (config["openstack"]["horizon"][type] % id, name)
def initiate():
"""Boot the builder."""
user_data = open("user-data.sh").read()
flavor = nova_client.flavors.find(name=openstack["flavor"])
builder = nova_client.servers.create(availability_zone=openstack["region"], name="image-builder", image=openstack["image"]["base"], flavor=flavor, userdata=user_data, security_groups=[openstack["security_group"]])
def __init__(self, adap, **kwargs):
super(_V2RequestStrategy, self).__init__(adap, **kwargs)
self._client = v2_client.Client(session=adap)
def setUp(self):
super(ITestCase, self).setUp()
self.common_config = cfg.ITConfig().common_config
self.vanilla_config = cfg.ITConfig().vanilla_config
self.vanilla_two_config = cfg.ITConfig().vanilla_two_config
self.hdp_config = cfg.ITConfig().hdp_config
telnetlib.Telnet(
self.common_config.SAHARA_HOST, self.common_config.SAHARA_PORT
)
keystone = keystone_client.Client(
username=self.common_config.OS_USERNAME,
password=self.common_config.OS_PASSWORD,
tenant_name=self.common_config.OS_TENANT_NAME,
auth_url=self.common_config.OS_AUTH_URL)
keystone.management_url = self.common_config.OS_AUTH_URL
self.common_config.OS_TENANT_ID = [
tenant.id for tenant in keystone.tenants.list()
if tenant.name == self.common_config.OS_TENANT_NAME][0]
self.sahara = sahara_client.Client(
version=self.common_config.SAHARA_API_VERSION,
username=self.common_config.OS_USERNAME,
api_key=self.common_config.OS_PASSWORD,
project_name=self.common_config.OS_TENANT_NAME,
auth_url=self.common_config.OS_AUTH_URL,
sahara_url='http://%s:%s/v%s/%s' % (
self.common_config.SAHARA_HOST,
self.common_config.SAHARA_PORT,
self.common_config.SAHARA_API_VERSION,
self.common_config.OS_TENANT_ID
))
self.nova = nova_client.Client(
username=self.common_config.OS_USERNAME,
api_key=self.common_config.OS_PASSWORD,
project_id=self.common_config.OS_TENANT_NAME,
auth_url=self.common_config.OS_AUTH_URL)
self.neutron = neutron_client.Client(
username=self.common_config.OS_USERNAME,
password=self.common_config.OS_PASSWORD,
tenant_name=self.common_config.OS_TENANT_NAME,
auth_url=self.common_config.OS_AUTH_URL)
if not self.common_config.FLAVOR_ID:
self.flavor_id = self.nova.flavors.create(
name='i-test-flavor-%s' % str(uuid.uuid4())[:8],
ram=1024,
vcpus=1,
disk=10,
ephemeral=10).id
else:
self.flavor_id = self.common_config.FLAVOR_ID
if not self.common_config.PATH_TO_SSH_KEY:
self.common_config.USER_KEYPAIR_ID += str(uuid.uuid4())[:8]
self.private_key = self.nova.keypairs.create(
self.common_config.USER_KEYPAIR_ID).private_key
else:
self.private_key = open(self.common_config.PATH_TO_SSH_KEY).read()
extra_config = dict(config.items("extra_conf"))
# kwargs for connection
kwargs_conn = {
"tenant_name": connection['username'],
"auth_url": connection['auth_url'],
"username": connection['username'],
"password": connection['password'],
"nova_version": extra_config['nova_version'],
"cloudkitty_version": extra_config['cloudkitty_version'],
"log_file": extra_config['log_file'],
"region_name": connection['region']
}
# keystone client establish connection
keystone = kclient.Client(**kwargs_conn)
# Establish the connection Cloudkitty
ck = client.get_client(kwargs_conn.get('cloudkitty_version'), **kwargs_conn)
# Establish the connection NOVA
nt = nova_client.Client(kwargs_conn.get('nova_version'),
kwargs_conn.get('username'),
kwargs_conn.get('password'),
kwargs_conn.get('tenant_name'),
kwargs_conn.get('auth_url'))
# Logging the items
# Log Definition
logging.basicConfig(filename=kwargs_conn.get('log_file'),
level=logging.INFO,
def authenticate(auth_url, user, key, tenant, **kwargs):
"""Authenticates against the endpoint to use. The correct
endpoint to use is looked up in the service catalog. The
caller can override this lookup by passing the endpoint
as a parameter.
:param auth_url: The keystone auth endpoint to use
:param user: The username to use for auth
:param key: The apikey to use for authentiation
:param endpoint: The Barbican endpoint to use. IOW, don't
look up an endpoint in the service catalog, just use
this one instead.
:param tenant_name: The optional tenant-name to use
:param tenant_id: The optional tenant ID toi use
:param cacert: The cacert PEM file to use
:param service_type: The service type to look for in
the service catalog
:param endpoint_type The endpoint type to reference in
the service catalog
:param region_name The region to pass for authentication
:returns: Tuple containing Barbican endpoint and token
:raises: ClientException
"""
insecure = kwargs.get('insecure', False)
endpoint = kwargs.get('endpoint')
cacert = kwargs.get('cacert')
try:
_ksclient = ksclient.Client(username=user,
password=key,
tenant_name=tenant,
cacert=cacert,
auth_url=auth_url,
insecure=insecure)
except exceptions.Unauthorized:
raise ClientException('Unauthorized. Check username, password'
' and tenant name/id')
except exceptions.AuthorizationFailure:
raise ClientException('Authorization Failure. %s')
if not endpoint:
# The user did not pass in an endpoint, so we need to
# look one up on their behalf in the service catalog
# TODO(jdp): Ensure that this is the correct service_type field
service_type = kwargs.get('service_type', 'queueing')
endpoint_type = kwargs.get('endpoint_type', 'publicURL')
region = kwargs.get('region_name')
try:
endpoint = _ksclient.service_catalog.url_for(
attr='region',
filter_value=region,
service_type=service_type,
endpoint_type=endpoint_type)
except exceptions.EndpointNotFound:
raise ClientException('Endpoint not found in service catalog')
return endpoint, _ksclient.auth_token
''' ================== STUFF AS DEMO USER YOU SHOULD CARE ========================= '''
def get_demo_creds():
d = {}
d['username'] = os.environ['OS_USERNAME']
d['password'] = os.environ['OS_PASSWORD']
d['auth_url'] = os.environ['OS_AUTH_URL']
d['tenant_name'] = os.environ['OS_TENANT_NAME']
return d
demo_creds = get_demo_creds()
print demo_creds, "\n"
# get auth_token to connect to heat API
# you need an auth token to connect to Heat API always.
me = ksclient.Client(**demo_creds)
print "auth_token: ", me.auth_token, "\n"
# get the heat endpoint URL from service_catalog
heat_endpoint = me.service_catalog.url_for(service_type='orchestration',
endpoint_type='publicURL')
print "demo_heat_endpoint: ", heat_endpoint, '\n'
# create heat client for demo/demo
# heat client asks for auth_token, not all clients ask for this, you may
# want to check the openstack documents once.
# from heatclient import client as hc
import heatclient.client as hc
HEAT_VERSION = 1
heat = hc.Client(HEAT_VERSION,
def get_keystone_client(auth_url=AUTH_URL):
return client.Client(username=USER,
password=PASS,
tenant_name=TENANT,
auth_url=auth_url,
endpoint_type='adminURL')
def add_user_to_tenant(user, tenant):
keystone = client.Client(username=username,
password=password,
tenant_name=tenant_name,
auth_url=auth_url)
db = DataBase.acctDB()
def authenticate(self,
username=None,
password=None,
tenant=None,
auth_url=None,
otp=None):
""" Authenticates a user via the Keystone Identity API. """
LOG.debug('Beginning user authentication for user "%s".' % username)
insecure = False
try:
client = keystone_client.Client(username=username,
password=password,
tenant_id=tenant,
auth_url=auth_url,
insecure=insecure,
timeout=8)
except (keystone_exceptions.Unauthorized,
keystone_exceptions.Forbidden,
keystone_exceptions.NotFound) as exc:
msg = ('Invalid user name or password.')
LOG.debug(exc.message)
return username, u'Invalid'
except (keystone_exceptions.ClientException,
keystone_exceptions.AuthorizationFailure) as exc:
msg = ("An error occurred authenticating. "
"Please try again later.")
#if u'Authorization Failed: InvalidResponse' == exc.args[0]:
# print exc.args[0]
LOG.debug(exc.message)
return username, u'IPError'
try:
tenants = client.tenants.list()
except (keystone_exceptions.ClientException,
keystone_exceptions.AuthorizationFailure):
msg = ('Unable to retrieve authorized projects.')
if not tenants:
msg = ('You are not authorized for any projects.')
alltoken = {}
alltoken.clear()
while tenants:
tenant = tenants.pop()
try:
token = client.tokens.authenticate(username=username,
password=password,
tenant_id=tenant.id)
alltoken[tenant.id] = token
except (keystone_exceptions.ClientException,
keystone_exceptions.AuthorizationFailure):
token = None
if token is None:
msg = ("Unable to authenticate to any available projects.")
user = create_user_from_token(token, client.auth_url, alltoken, client)
LOG.debug('Authentication completed for user "%s".' % username)
return user, u''
required_images, valid_image, len(required_images))
sys.exit(STATE_WARNING)
if args.req_images and args.req_count:
print "OK - image %s found and enough images >=%d" % (required_images,
required_count)
elif args.req_images:
print "OK - image %s found" % required_images
elif args.req_count:
print "OK - more than %d images found" % required_count
else:
print "OK - Connection glance established"
if __name__ == '__main__':
args = collect_args().parse_args()
try:
ks_client = ksclient.Client(username=args.username,
password=args.password,
tenant_name=args.tenant,
auth_url=args.auth_url)
token = ks_client.auth_token
endpoint = ks_client.service_catalog.url_for(service_type='image')
endpoint = endpoint.replace('v1', '')
c = glance_client.Client('1', endpoint, token=token)
sys.exit(check_glance(c, args))
except Exception as e:
print str(e)
sys.exit(STATE_CRITICAL)
def main():
exit_code = -1
start_time = time.time()
ks_creds = openstack_utils.get_credentials("keystone")
nv_creds = openstack_utils.get_credentials("nova")
nt_creds = openstack_utils.get_credentials("neutron")
keystone = ksclient.Client(**ks_creds)
user_id = openstack_utils.get_user_id(keystone, ks_creds['username'])
if user_id == '':
logger.error("Error : Failed to get id of %s user" %
ks_creds['username'])
exit(-1)
logger.info("Creating tenant '%s'..." % PROMISE_TENANT_NAME)
tenant_id = openstack_utils.create_tenant(keystone, PROMISE_TENANT_NAME,
TENANT_DESCRIPTION)
if not tenant_id:
logger.error("Error : Failed to create %s tenant" %
PROMISE_TENANT_NAME)
exit(-1)
logger.debug("Tenant '%s' created successfully." % PROMISE_TENANT_NAME)
roles_name = ["admin", "Admin"]
role_id = ''
for role_name in roles_name:
if role_id == '':
role_id = openstack_utils.get_role_id(keystone, role_name)
if role_id == '':
logger.error("Error : Failed to get id for %s role" % role_name)
exit(-1)
logger.info("Adding role '%s' to tenant '%s'..." %
(role_id, PROMISE_TENANT_NAME))
if not openstack_utils.add_role_user(keystone, user_id, role_id,
tenant_id):
logger.error("Error : Failed to add %s on tenant %s" %
(ks_creds['username'], PROMISE_TENANT_NAME))
exit(-1)
logger.debug("Role added successfully.")
logger.info("Creating user '%s'..." % PROMISE_USER_NAME)
user_id = openstack_utils.create_user(keystone, PROMISE_USER_NAME,
PROMISE_USER_PWD, None, tenant_id)
if not user_id:
logger.error("Error : Failed to create %s user" % PROMISE_USER_NAME)
exit(-1)
logger.debug("User '%s' created successfully." % PROMISE_USER_NAME)
logger.info("Updating OpenStack credentials...")
ks_creds.update({
"username": PROMISE_TENANT_NAME,
"password": PROMISE_TENANT_NAME,
"tenant_name": PROMISE_TENANT_NAME,
})
nt_creds.update({
"tenant_name": PROMISE_TENANT_NAME,
})
nv_creds.update({
"project_id": PROMISE_TENANT_NAME,
})
glance = openstack_utils.get_glance_client()
nova = nvclient.Client("2", **nv_creds)
logger.info("Creating image '%s' from '%s'..." %
(PROMISE_IMAGE_NAME, GLANCE_IMAGE_PATH))
image_id = openstack_utils.create_glance_image(glance, PROMISE_IMAGE_NAME,
GLANCE_IMAGE_PATH)
if not image_id:
logger.error("Failed to create the Glance image...")
exit(-1)
logger.debug("Image '%s' with ID '%s' created successfully." %
(PROMISE_IMAGE_NAME, image_id))
flavor_id = openstack_utils.get_flavor_id(nova, PROMISE_FLAVOR_NAME)
if flavor_id == '':
logger.info("Creating flavor '%s'..." % PROMISE_FLAVOR_NAME)
flavor_id = openstack_utils.create_flavor(nova, PROMISE_FLAVOR_NAME,
PROMISE_FLAVOR_RAM,
PROMISE_FLAVOR_DISK,
PROMISE_FLAVOR_VCPUS)
if not flavor_id:
logger.error("Failed to create the Flavor...")
exit(-1)
logger.debug("Flavor '%s' with ID '%s' created successfully." %
(PROMISE_FLAVOR_NAME, flavor_id))
else:
logger.debug("Using existing flavor '%s' with ID '%s'..." %
(PROMISE_FLAVOR_NAME, flavor_id))
neutron = ntclient.Client(**nt_creds)
network_dic = openstack_utils.create_network_full(neutron,
PROMISE_NET_NAME,
PROMISE_SUBNET_NAME,
PROMISE_ROUTER_NAME,
PROMISE_SUBNET_CIDR)
if not network_dic:
logger.error("Failed to create the private network...")
exit(-1)
logger.info("Exporting environment variables...")
os.environ["NODE_ENV"] = "functest"
os.environ["OS_PASSWORD"] = PROMISE_USER_PWD
os.environ["OS_TEST_IMAGE"] = image_id
os.environ["OS_TEST_FLAVOR"] = flavor_id
os.environ["OS_TEST_NETWORK"] = network_dic["net_id"]
os.environ["OS_TENANT_NAME"] = PROMISE_TENANT_NAME
os.environ["OS_USERNAME"] = PROMISE_USER_NAME
os.chdir(PROMISE_REPO_DIR + '/source/')
results_file_name = os.path.join(RESULTS_DIR, 'promise-results.json')
results_file = open(results_file_name, 'w+')
cmd = 'npm run -s test -- --reporter json'
logger.info("Running command: %s" % cmd)
ret = subprocess.call(cmd,
shell=True,
stdout=results_file,
stderr=subprocess.STDOUT)
results_file.close()
if ret == 0:
logger.info("The test succeeded.")
# test_status = 'OK'
else:
logger.info("The command '%s' failed." % cmd)
# test_status = "Failed"
# Print output of file
with open(results_file_name, 'r') as results_file:
data = results_file.read()
logger.debug("\n%s" % data)
json_data = json.loads(data)
suites = json_data["stats"]["suites"]
tests = json_data["stats"]["tests"]
passes = json_data["stats"]["passes"]
pending = json_data["stats"]["pending"]
failures = json_data["stats"]["failures"]
start_time_json = json_data["stats"]["start"]
end_time = json_data["stats"]["end"]
duration = float(json_data["stats"]["duration"]) / float(1000)
logger.info("\n"
"****************************************\n"
" Promise test report\n\n"
"****************************************\n"
" Suites: \t%s\n"
" Tests: \t%s\n"
" Passes: \t%s\n"
" Pending: \t%s\n"
" Failures:\t%s\n"
" Start: \t%s\n"
" End: \t%s\n"
" Duration:\t%s\n"
"****************************************\n\n" %
(suites, tests, passes, pending, failures, start_time_json,
end_time, duration))
if args.report:
stop_time = time.time()
json_results = {
"timestart": start_time,
"duration": duration,
"tests": int(tests),
"failures": int(failures)
}
logger.debug("Promise Results json: " + str(json_results))
# criteria for Promise in Release B was 100% of tests OK
status = "FAIL"
if int(tests) > 32 and int(failures) < 1:
status = "PASS"
exit_code = 0
ft_utils.push_results_to_db("promise", "promise", start_time,
stop_time, status, json_results)
exit(exit_code)
def factory_fn(token, endpoint):
return v2_0_client.Client(token=token,
endpoint=endpoint,
endpoint_override=endpoint,
insecure=credential.https_insecure,
cacert=credential.https_cacert)
def get_admin_client(instance=None):
admin_client = client.Client(token=settings.ADMIN_TOKEN,
endpoint=settings.ENDPOINT)
return admin_client
def client_create_wrapper():
client.Client(username=self.TEST_USER,
password="******",
tenant_id=self.TEST_TENANT_ID,
auth_url=self.TEST_URL)
def __init__(self, endpoint, token):
self.api_version = 2
self.api = client.Client(endpoint=endpoint, token=token)
def __init__(self): self.keystone=ksclient.Client(auth_url="http://controller:35357/v2.0",username="******",password="******",tenant_name="admin") self.users=self.keystone.users self.roles=self.keystone.roles print "keystoneclient initialization successfully!"
def all(ip='127.0.0.1',
port=8082,
domain_name='default-domain',
proj_name='my-proj',
subnet='192.168.1.0',
prefix=24,
vn_name='my-vn'):
testfail = 0
testpass = 0
fqdn = [domain_name]
pobjs = {}
kc = client.Client(username='******',
password='******',
tenant_name='admin',
auth_url='http://127.0.0.1:5000/v2.0')
# create admin account first to ensure there are no permission problems
admin = User(ip, port, kc, 'admin', 'contrail123', 'admin', 'admin')
alice = User(ip, port, kc, 'alice', 'alice123', 'alice-role', 'alice-proj')
bob = User(ip, port, kc, 'bob', 'bob123', 'bob-role', 'bob-proj')
# create domain
domain = vnc_read_obj(admin.vnc_lib, 'domain', name=fqdn)
if domain == None:
domain = Domain(domain_name)
admin.vnc_lib.domain_create(domain)
domain = vnc_read_obj(vnc_lib, 'domain', name=domain.get_fq_name())
print 'Created domain %s' % fqdn
# read projects
alice.project_obj = vnc_read_obj(admin.vnc_lib,
'project',
obj_uuid=alice.project_uuid)
print 'Created Project object for %s' % alice.project
bob.project_obj = vnc_read_obj(admin.vnc_lib,
'project',
obj_uuid=bob.project_uuid)
print 'Created Project object for %s' % bob.project
# reassign ownership of projects to alice and bob (from admin)
for user in [alice, bob]:
print 'Change owner of project %s to %s' % (user.project,
user.project_uuid)
set_perms(user.project_obj, owner=user.project_uuid, share=[])
admin.vnc_lib.project_update(user.project_obj)
# delete test VN if it exists
for net_name in [vn_name, 'second-vn', 'bob-vn-in-alice-project']:
vn_fq_name = [domain_name, alice.project, net_name]
vn = vnc_read_obj(admin.vnc_lib, 'virtual-network', name=vn_fq_name)
if vn:
print '%s exists ... deleting to start fresh' % vn_fq_name
admin.vnc_lib.virtual_network_delete(fq_name=vn_fq_name)
print
print '########### API ACCESS (CREATE) ##################'
# delete api-access-list for alice and bob and disallow api access to their projects
for user in [alice, bob]:
print "Delete api-acl for project %s to disallow api access" % user.project
vnc_fix_api_access_list(admin.vnc_lib, user.project_obj, rule_str=None)
print 'alice: trying to create VN in her project'
vn = VirtualNetwork(vn_name, alice.project_obj)
try:
alice.vnc_lib.virtual_network_create(vn)
print '*** Created virtual network %s ... test failed!' % vn.get_fq_name(
)
testfail += 1
except PermissionDenied as e:
print 'Failed to create VN ... Test passes!'
testpass += 1
if testfail > 0:
sys.exit()
# allow permission to create virtual-network
for user in [alice, bob]:
print "%s: project %s to allow full access to role %s" % \
(user.name, user.project, user.role)
# note that collection API is set for create operation
vnc_fix_api_access_list(admin.vnc_lib,
user.project_obj,
rule_str='virtual-networks %s:C' % user.role)
print ''
print 'alice: trying to create VN in her project'
try:
alice.vnc_lib.virtual_network_create(vn)
print 'Created virtual network %s ... test passed!' % vn.get_fq_name()
testpass += 1
except PermissionDenied as e:
print 'Failed to create VN ... Test failed!'
testfail += 1
if testfail > 0:
sys.exit()
print
print '########### API ACCESS (READ) ##################'
print 'alice: trying to read VN in her project (should fail)'
try:
vn2 = vnc_read_obj(alice.vnc_lib,
'virtual-network',
name=vn.get_fq_name())
print '*** Read VN without read permission ... test failed!!!'
testfail += 1
except PermissionDenied as e:
print 'Unable to read VN ... test passed'
testpass += 1
if testfail > 0:
sys.exit()
# allow read access
vnc_fix_api_access_list(admin.vnc_lib,
alice.project_obj,
rule_str='virtual-network %s:R' % alice.role)
print 'alice: added permission to read virtual-network'
print 'alice: trying to read VN in her project (should succeed)'
try:
vn2 = vnc_read_obj(alice.vnc_lib,
'virtual-network',
name=vn.get_fq_name())
print 'Read VN successfully ... test passed'
testpass += 1
except PermissionDenied as e:
testfail += 1
print '*** Read VN failed ... test failed!!!'
if testfail > 0:
sys.exit()
print
print '########### API ACCESS (UPDATE) ##################'
print 'alice: trying to update VN in her project (should fail)'
try:
vn.display_name = "foobar"
alice.vnc_lib.virtual_network_update(vn)
print '*** Set field in virtual network %s ... test failed!' % vn.get_fq_name(
)
testfail += 1
except PermissionDenied as e:
print 'Unable to update field in VN ... Test succeeded!'
testpass += 1
if testfail > 0:
sys.exit()
vnc_fix_api_access_list(admin.vnc_lib,
alice.project_obj,
rule_str='virtual-network %s:U' % alice.role)
print ''
print 'alice: added permission to update virtual-network'
print 'alice: trying to set field in her VN '
try:
vn.display_name = "foobar"
alice.vnc_lib.virtual_network_update(vn)
print 'Set field in virtual network %s ... test passed!' % vn.get_fq_name(
)
testpass += 1
except PermissionDenied as e:
print '*** Failed to update field in VN ... Test failed!'
testfail += 1
if testfail > 0:
sys.exit()
vn2 = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn.get_fq_name())
print 'alice: display_name %s' % vn2.display_name
if vn2.display_name != "foobar":
testfail += 1
print '*** Failed to update shared field correctly in VN ... Test failed!'
else:
testpass += 1
print 'Updated shared field correctly in virtual network %s ... test passed!' % vn.get_fq_name(
)
if testfail > 0:
sys.exit()
print
print '########### API ACCESS (update field) ##################'
print 'Restricting update of field to admin only '
vnc_fix_api_access_list(admin.vnc_lib,
alice.project_obj,
rule_str='virtual-network.display_name admin:U')
try:
vn.display_name = "alice"
alice.vnc_lib.virtual_network_update(vn)
print '*** Set field in virtual network %s ... test failed!' % vn.get_fq_name(
)
testfail += 1
except PermissionDenied as e:
print 'Failed to update field in VN ... Test passed!'
testpass += 1
if testfail > 0:
sys.exit()
print
print '########### API ACCESS (DELETE) ##################'
# delete test VN ... should fail
vn_fq_name = [domain_name, alice.project, vn_name]
try:
alice.vnc_lib.virtual_network_delete(fq_name=vn_fq_name)
print '*** %s: Deleted VN %s ... test failed!' % (alice.name,
vn_fq_name)
testfail += 1
except PermissionDenied as e:
print '%s: Error deleting VN %s ... test passed!' % (alice.name,
vn_fq_name)
testpass += 1
if testfail > 0:
sys.exit()
print
print '############### PERMS2 ##########################'
print 'Giving bob API level access to perform all ops on virtual-network'
vnc_fix_api_access_list(admin.vnc_lib,
bob.project_obj,
rule_str='virtual-network %s:RUD' % bob.role)
print ''
print 'bob: trying to create VN in alice project ... should fail'
try:
vn2 = VirtualNetwork('bob-vn-in-alice-project', alice.project_obj)
bob.vnc_lib.virtual_network_create(vn2)
print '*** Created virtual network %s ... test failed!' % vn2.get_fq_name(
)
testfail += 1
except PermissionDenied as e:
print 'Failed to create VN ... Test passed!'
testpass += 1
if testfail > 0:
sys.exit()
vn = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn_fq_name)
print
print '########### READ (SHARED WITH TENANT) ##################'
print 'Disable share in virtual networks for others'
set_perms(vn, share=[], global_access=PERMS_NONE)
alice.vnc_lib.virtual_network_update(vn)
print 'Reading VN as bob ... should fail'
try:
net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid())
print '*** Succeeded in reading VN. Test failed!'
testfail += 1
except PermissionDenied as e:
print 'Failed to read VN ... Test passed!'
testpass += 1
if testfail > 0:
sys.exit()
print 'Enable share in virtual network for bob project'
set_perms(vn, share=[(bob.project_uuid, PERMS_R)])
alice.vnc_lib.virtual_network_update(vn)
print 'Reading VN as bob ... should succeed'
try:
net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid())
print 'Succeeded in reading VN. Test passed!'
testpass += 1
except PermissionDenied as e:
print '*** Failed to read VN ... Test failed!'
testfail += 1
if testfail > 0:
sys.exit()
print
print '########### READ (GLOBALLY SHARED ) ##################'
print 'Disable share in virtual networks for others'
set_perms(vn, share=[])
alice.vnc_lib.virtual_network_update(vn)
print 'Reading VN as bob ... should fail'
try:
net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid())
print 'Succeeded in reading VN. Test failed!'
testfail += 1
except PermissionDenied as e:
print '*** Failed to read VN ... Test passed!'
testpass += 1
if testfail > 0:
sys.exit()
print
print 'Enable virtual networks in alice project for global sharing (read only)'
set_perms(vn, share=[], global_access=PERMS_R)
alice.vnc_lib.virtual_network_update(vn)
print 'Reading VN as bob ... should succeed'
try:
net_obj = bob.vnc_lib.virtual_network_read(id=vn.get_uuid())
print 'Succeeded in reading VN. Test passed!'
testpass += 1
except PermissionDenied as e:
print '*** Failed to read VN ... Test failed!'
testfail += 1
if testfail > 0:
sys.exit()
print 'Writing shared VN as bob ... should fail'
try:
vn.display_name = "foobar"
bob.vnc_lib.virtual_network_update(vn)
print '*** Succeeded in updating VN. Test failed!!'
testfail += 1
except PermissionDenied as e:
print 'Failed to update VN ... Test passed!'
testpass += 1
if testfail > 0:
sys.exit()
print
print 'Enable virtual networks in alice project for global sharing (read, write)'
print 'Writing shared VN as bob ... should succeed'
# important: read VN afresh to overwrite display_name update pending status
vn = vnc_read_obj(alice.vnc_lib, 'virtual-network', name=vn_fq_name)
set_perms(vn, global_access=PERMS_RW)
alice.vnc_lib.virtual_network_update(vn)
try:
bob.vnc_lib.virtual_network_update(vn)
print 'Succeeded in updating VN. Test passed!'
testpass += 1
except PermissionDenied as e:
print '*** Failed to update VN ... Test failed!!'
testfail += 1
if testfail > 0:
sys.exit()
print ''
print '########################### Collections #################'
print 'User should be able to see VN in own project and any shared'
print ''
print 'alice: get virtual network collection ... should fail'
try:
x = alice.vnc_lib.virtual_networks_list(parent_id=alice.project_uuid)
print '*** Read VN collection without list permission ... test failed!'
testfail += 1
except PermissionDenied as e:
print 'Failed to read VN collection ... test passed'
testpass += 1
if testfail > 0:
sys.exit()
# allow permission to read virtual-network collection
for user in [alice, bob]:
print "%s: project %s to allow collection access to role %s" % \
(user.name, user.project, user.role)
# note that collection API is set for create operation
vnc_fix_api_access_list(admin.vnc_lib,
user.project_obj,
rule_str='virtual-networks %s:CR' % user.role)
# create one more VN in alice project to differentiate from what bob sees
vn2 = VirtualNetwork('second-vn', alice.project_obj)
alice.vnc_lib.virtual_network_create(vn2)
print 'Alice: created additional VN %s in her project' % vn2.get_fq_name()
print 'Alice: network list'
x = alice.vnc_lib.virtual_networks_list(parent_id=alice.project_uuid)
for item in x['virtual-networks']:
print ' %s: %s' % (item['uuid'], item['fq_name'])
expected = set(['my-vn', 'second-vn'])
received = set([item['fq_name'][-1] for item in x['virtual-networks']])
if received != expected:
print 'Alice: *** Received incorrect VN list ... test failed!'
testfail += 1
else:
print 'Alice: Received correct VN list ... test passed'
testpass += 1
if testfail > 0:
sys.exit()
print
print 'Bob: network list'
y = bob.vnc_lib.virtual_networks_list(parent_id=bob.project_uuid)
for item in y['virtual-networks']:
print ' %s: %s' % (item['uuid'], item['fq_name'])
# need changes in auto code generation for lists
expected = set(['my-vn'])
received = set([item['fq_name'][-1] for item in y['virtual-networks']])
if received != expected:
print 'Bob: *** Received incorrect VN list ... test failed!'
testfail += 1
else:
print 'Bob: Received correct VN list ... test passed'
testpass += 1
if testfail > 0:
sys.exit()
print
print 'Tests fail=%d, pass=%d' % (testfail, testpass)
