def get_credential_provider(opts): identity_version = "".join(['v', str(opts.identity_version)]) # NOTE(andreaf) For now tempest.conf controls whether resources will # actually be created. Once we remove the dependency from tempest.conf # we will need extra CLI option(s) to control this. network_resources = { 'router': True, 'network': True, 'subnet': True, 'dhcp': True } admin_creds_dict = { 'username': opts.os_username, 'password': opts.os_password } _project_name = opts.os_project_name or opts.os_tenant_name if opts.identity_version == 3: admin_creds_dict['project_name'] = _project_name admin_creds_dict['domain_name'] = opts.os_domain_name or 'Default' elif opts.identity_version == 2: admin_creds_dict['tenant_name'] = _project_name admin_creds = credentials_factory.get_credentials( fill_in=False, identity_version=identity_version, **admin_creds_dict) return dynamic_creds.DynamicCredentialProvider( identity_version=identity_version, name=opts.tag, network_resources=network_resources, neutron_available=CONF.service_available.neutron, create_networks=CONF.auth.create_isolated_networks, identity_admin_role=CONF.identity.admin_role, identity_admin_domain_scope=CONF.identity.admin_domain_scope, project_network_cidr=CONF.network.project_network_cidr, project_network_mask_bits=CONF.network.project_network_mask_bits, public_network_id=CONF.network.public_network_id, admin_creds=admin_creds, **credentials_factory.get_dynamic_provider_params())
def get_credentials_provider(name, network_resources=None, force_tenant_isolation=False, identity_version=None): # If a test requires a new account to work, it can have it via forcing # dynamic credentials. A new account will be produced only for that test. # In case admin credentials are not available for the account creation, # the test should be skipped else it would fail. identity_version = identity_version or CONF.identity.auth_version if CONF.auth.use_dynamic_credentials or force_tenant_isolation: admin_creds = get_configured_admin_credentials( fill_in=True, identity_version=identity_version) return dynamic_creds.DynamicCredentialProvider( name=name, network_resources=network_resources, identity_version=identity_version, admin_creds=admin_creds, identity_admin_domain_scope=CONF.identity.admin_domain_scope, identity_admin_role=CONF.identity.admin_role, extra_roles=CONF.auth.tempest_roles, neutron_available=CONF.service_available.neutron, project_network_cidr=CONF.network.project_network_cidr, project_network_mask_bits=CONF.network.project_network_mask_bits, public_network_id=CONF.network.public_network_id, create_networks=(CONF.auth.create_isolated_networks and not CONF.baremetal.driver_enabled), resource_prefix=CONF.resources_prefix, **get_dynamic_provider_params()) else: if CONF.auth.test_accounts_file: # Most params are not relevant for pre-created accounts return preprov_creds.PreProvisionedCredentialProvider( name=name, identity_version=identity_version, **get_preprov_provider_params()) else: raise exceptions.InvalidConfiguration( 'A valid credential provider is needed')
def test_no_network_creation_with_config_set(self, MockRestClient): cfg.CONF.set_default('create_isolated_networks', False, group='auth') creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_prim_user') self._mock_tenant_create('1234', 'fake_prim_tenant') net = mock.patch.object(creds.networks_admin_client, 'delete_network') net_mock = net.start() subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet') subnet_mock = subnet.start() router = mock.patch.object(creds.routers_admin_client, 'delete_router') router_mock = router.start() primary_creds = creds.get_primary_creds() self.assertEqual(net_mock.mock_calls, []) self.assertEqual(subnet_mock.mock_calls, []) self.assertEqual(router_mock.mock_calls, []) network = primary_creds.network subnet = primary_creds.subnet router = primary_creds.router self.assertIsNone(network) self.assertIsNone(subnet) self.assertIsNone(router)
def test_all_cred_cleanup(self, MockRestClient): cfg.CONF.set_default('neutron', False, 'service_available') creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_tenant_create('1234', 'fake_prim_tenant') self._mock_user_create('1234', 'fake_prim_user') creds.get_primary_creds() self._mock_tenant_create('12345', 'fake_alt_tenant') self._mock_user_create('12345', 'fake_alt_user') creds.get_alt_creds() self._mock_tenant_create('123456', 'fake_admin_tenant') self._mock_user_create('123456', 'fake_admin_user') self._mock_list_roles('123456', 'admin') creds.get_admin_creds() user_mock = self.patchobject(self.users_client.UsersClient, 'delete_user') tenant_mock = self.patchobject(self.tenants_client_class, self.delete_tenant) creds.clear_creds() # Verify user delete calls calls = user_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify tenant delete calls calls = tenant_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args)
def provide_share_network(cls, shares_client, networks_client, isolated_creds_client=None): """Used for finding/creating share network for multitenant driver. This method creates/gets entity share-network for one tenant. This share-network will be used for creation of service vm. :param shares_client: shares client, which requires share-network :param networks_client: network client from same tenant as shares :param isolated_creds_client: DynamicCredentialProvider instance If provided, then its networking will be used if needed. If not provided, then common network will be used if needed. :returns: str -- share network id for shares_client tenant :returns: None -- if single-tenant driver used """ sc = shares_client search_word = "reusable" sn_name = "autogenerated_by_tempest_%s" % search_word if not CONF.share.multitenancy_enabled: # Assumed usage of a single-tenant driver share_network_id = None elif sc.share_network_id: # Share-network already exists, use it share_network_id = sc.share_network_id elif not CONF.share.create_networks_when_multitenancy_enabled: share_network_id = None # Try get suitable share-network share_networks = sc.list_share_networks_with_detail() for sn in share_networks: if (sn["neutron_net_id"] is None and sn["neutron_subnet_id"] is None and sn["name"] and search_word in sn["name"]): share_network_id = sn["id"] break # Create new share-network if one was not found if share_network_id is None: sn_desc = "This share-network was created by tempest" sn = sc.create_share_network(name=sn_name, description=sn_desc) share_network_id = sn["id"] else: net_id = subnet_id = share_network_id = None if not isolated_creds_client: # Search for networks, created in previous runs service_net_name = "share-service" networks = networks_client.list_networks() if "networks" in networks.keys(): networks = networks["networks"] for network in networks: if (service_net_name in network["name"] and sc.tenant_id == network['tenant_id']): net_id = network["id"] if len(network["subnets"]) > 0: subnet_id = network["subnets"][0] break # Create suitable network if (net_id is None or subnet_id is None): ic = dynamic_creds.DynamicCredentialProvider( identity_version=CONF.identity.auth_version, name=service_net_name, admin_role=CONF.identity.admin_role, admin_creds=( common_creds.get_configured_admin_credentials())) net_data = ic._create_network_resources(sc.tenant_id) network, subnet, router = net_data net_id = network["id"] subnet_id = subnet["id"] # Try get suitable share-network share_networks = sc.list_share_networks_with_detail() for sn in share_networks: if (net_id == sn["neutron_net_id"] and subnet_id == sn["neutron_subnet_id"] and sn["name"] and search_word in sn["name"]): share_network_id = sn["id"] break else: sn_name = "autogenerated_by_tempest_for_isolated_creds" # Use precreated network and subnet from isolated creds net_id = isolated_creds_client.get_credentials( isolated_creds_client.type_of_creds).network['id'] subnet_id = isolated_creds_client.get_credentials( isolated_creds_client.type_of_creds).subnet['id'] # Create suitable share-network if share_network_id is None: sn_desc = "This share-network was created by tempest" sn = sc.create_share_network(name=sn_name, description=sn_desc, neutron_net_id=net_id, neutron_subnet_id=subnet_id) share_network_id = sn["id"] return share_network_id
def get_client_with_isolated_creds(cls, name=None, type_of_creds="admin", cleanup_in_class=False, client_version='1'): """Creates isolated creds. :param name: name, will be used for naming ic and related stuff :param type_of_creds: admin, alt or primary :param cleanup_in_class: defines place where to delete :returns: SharesClient -- shares client with isolated creds. :returns: To client added dict attr 'creds' with :returns: key elements 'tenant' and 'user'. """ if name is None: # Get name of test method name = inspect.stack()[1][3] if len(name) > 32: name = name[0:32] # Choose type of isolated creds ic = dynamic_creds.DynamicCredentialProvider( identity_version=CONF.identity.auth_version, name=name, admin_role=CONF.identity.admin_role, admin_creds=common_creds.get_configured_admin_credentials()) if "admin" in type_of_creds: creds = ic.get_admin_creds().credentials elif "alt" in type_of_creds: creds = ic.get_alt_creds().credentials else: creds = ic.get_credentials(type_of_creds).credentials ic.type_of_creds = type_of_creds # create client with isolated creds os = clients.Manager(credentials=creds) if client_version == '1': client = shares_client.SharesClient(os.auth_provider) elif client_version == '2': client = shares_v2_client.SharesV2Client(os.auth_provider) # Set place where will be deleted isolated creds ic_res = { "method": ic.clear_creds, "deleted": False, } if cleanup_in_class: cls.class_isolated_creds.insert(0, ic_res) else: cls.method_isolated_creds.insert(0, ic_res) # Provide share network if CONF.share.multitenancy_enabled: if (not CONF.service_available.neutron and CONF.share.create_networks_when_multitenancy_enabled): raise cls.skipException("Neutron support is required") nc = os.networks_client share_network_id = cls.provide_share_network(client, nc, ic) client.share_network_id = share_network_id resource = { "type": "share_network", "id": client.share_network_id, "client": client, } if cleanup_in_class: cls.class_resources.insert(0, resource) else: cls.method_resources.insert(0, resource) return client
def test_tempest_client(self): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self.assertIsInstance(creds.identity_admin_client, json_iden_client.IdentityClient)
def test_network_cleanup(self, MockRestClient): def side_effect(**args): return { "security_groups": [{ "tenant_id": args['tenant_id'], "name": args['name'], "description": args['name'], "security_group_rules": [], "id": "sg-%s" % args['tenant_id'] }] } creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) # Create primary tenant and network self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_prim_user') self._mock_tenant_create('1234', 'fake_prim_tenant') self._mock_network_create(creds, '1234', 'fake_net') self._mock_subnet_create(creds, '1234', 'fake_subnet') self._mock_router_create('1234', 'fake_router') router_interface_mock = self.patch( 'tempest.services.network.json.routers_client.RoutersClient.' 'add_router_interface') creds.get_primary_creds() router_interface_mock.assert_called_once_with('1234', subnet_id='1234') router_interface_mock.reset_mock() # Create alternate tenant and network self._mock_user_create('12345', 'fake_alt_user') self._mock_tenant_create('12345', 'fake_alt_tenant') self._mock_network_create(creds, '12345', 'fake_alt_net') self._mock_subnet_create(creds, '12345', 'fake_alt_subnet') self._mock_router_create('12345', 'fake_alt_router') creds.get_alt_creds() router_interface_mock.assert_called_once_with('12345', subnet_id='12345') router_interface_mock.reset_mock() # Create admin tenant and networks self._mock_user_create('123456', 'fake_admin_user') self._mock_tenant_create('123456', 'fake_admin_tenant') self._mock_network_create(creds, '123456', 'fake_admin_net') self._mock_subnet_create(creds, '123456', 'fake_admin_subnet') self._mock_router_create('123456', 'fake_admin_router') self._mock_list_roles('123456', 'admin') creds.get_admin_creds() self.patch('tempest.services.identity.v2.json.users_client.' 'UsersClient.delete_user') self.patch('tempest.services.identity.v2.json.tenants_client.' 'TenantsClient.delete_tenant') net = mock.patch.object(creds.networks_admin_client, 'delete_network') net_mock = net.start() subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet') subnet_mock = subnet.start() router = mock.patch.object(creds.routers_admin_client, 'delete_router') router_mock = router.start() remove_router_interface_mock = self.patch( 'tempest.services.network.json.routers_client.RoutersClient.' 'remove_router_interface') return_values = ({'status': 200}, {'ports': []}) port_list_mock = mock.patch.object(creds.ports_admin_client, 'list_ports', return_value=return_values) port_list_mock.start() secgroup_list_mock = mock.patch.object( creds.security_groups_admin_client, 'list_security_groups', side_effect=side_effect) secgroup_list_mock.start() return_values = fake_http.fake_http_response({}, status=204), '' remove_secgroup_mock = self.patch( 'tempest.lib.services.network.security_groups_client.' 'SecurityGroupsClient.delete', return_value=return_values) creds.clear_creds() # Verify default security group delete calls = remove_secgroup_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('v2.0/security-groups/sg-1234', args) self.assertIn('v2.0/security-groups/sg-12345', args) self.assertIn('v2.0/security-groups/sg-123456', args) # Verify remove router interface calls calls = remove_router_interface_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: (x[1][0], x[2]), calls) args = list(args) self.assertIn(('1234', {'subnet_id': '1234'}), args) self.assertIn(('12345', {'subnet_id': '12345'}), args) self.assertIn(('123456', {'subnet_id': '123456'}), args) # Verify network delete calls calls = net_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify subnet delete calls calls = subnet_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify router delete calls calls = router_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args)