def test_get_swiftclient(self): """test_get_swiftclient check that we could retrieve a Session client to work with swift using keystone v3""" osclients = OpenStackClients(modules="swift") swiftClient = osclients.get_swiftclient() self.assertIsInstance(swiftClient, Connection)
def test_get_cinderclient(self): """test_get_cinderclient check that we could retrieve a Session client to work with cinder""" osclients = OpenStackClients(modules="cinder") cinderClient = osclients.get_cinderclient() # api_version = cinderClient.get_volume_api_version_from_endpoint() --> This should return "2" against a server self.assertIsInstance(cinderClient, cinderclient.v2.client.Client)
def setUp(self): d = defaultdict(list) d['catalog'].append(service) self.access = d self.osclients = OpenStackClients() self.url = 'http://fake.org:9090' self.original_url = service['endpoints'][1]['url']
def test_get_keystoneclient_v2(self): """test_get_keystoneclient_v2 check that we could retrieve a Session client to work with keystone v2""" osclients = OpenStackClients() osclients.use_v3 = False keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v2_0.client.Client)
def test_get_glanceclient(self): """test_get_glanceclient check that we could retrieve a Session client to work with glance""" osclients = OpenStackClients(modules="glance") osclients.set_keystone_version(use_v3=False) glanceClient = osclients.get_glanceclient() self.assertIsInstance(glanceClient, glanceclient.v1.client.Client)
def test_get_neutronclient_with_all_modules(self): """test_get_neutronclient_with_all_modules check that we could retrieve a Session client to work with neutron if osclients is created with all modules""" osclients = OpenStackClients(modules="auto") neutronClient = osclients.get_neutronclient() self.assertIsInstance(neutronClient, neutronclient.v2_0.client.Client)
def test_get_cinderclient_unknown_module(self): """test_get_cinderclient_unknown_module check that we could not retrieve a Session client to work with cinder if there is no modules defined""" try: osclients = OpenStackClients(modules="") osclients.get_cinderclient() except Exception as ex: self.assertRaises(ex)
def test_get_session_using_token(self): """test creating a session using a token instead of a password""" osclients = OpenStackClients() osclients.set_token('faketoken') session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) self.assertTrue(type(session.auth) == keystoneclient.auth.identity.v3.token.Token)
def test_get_keystoneclient_v3_with_trust_id(self): """test_get_keystoneclient_v3_with_trust_id check that we could retrieve a Session client to work with keystone v3 and using trust_id""" osclients = OpenStackClients() trust_id = "randomid0000000000000000000000001" osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, trust_id=trust_id) keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v3.client.Client)
def test_get_session_using_token(self): """test creating a session using a token instead of a password""" osclients = OpenStackClients() osclients.set_token('faketoken') session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) self.assertTrue( type(session.auth) == keystoneclient.auth.identity.v3.token.Token)
def test_set_region(self): """test_set_region check that we could change the region after create the client""" # FIRST CHECK: Region is recovered from ENV osclients = OpenStackClients() self.assertEqual(osclients.region, self.OS_REGION_NAME) # Check that region is updated to a new Value. region = "Budapest" osclients.set_region(region) self.assertEqual(osclients.region, region)
def test_get_keystoneclient_v2_with_tenant_id(self): """test_get_keystoneclient_v2_with_tenant_id check that we could retrieve a Session client to work with keystone v2 and using tenant_id""" osclients = OpenStackClients() osclients.use_v3 = False osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, tenant_id=self.OS_TENANT_ID) keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v2_0.client.Client)
def test_implement_client_with_unknown_module(self): """test_implement_client_with_unknown_module check that we could not implement an empty client, raising an exception.""" try: OpenStackClients(modules="fakeOpenstackModule") except Exception as ex: self.assertRaises(ex)
def test_implement_client_with_all_modules(self): """test_implement_client_with_all_modules check that we could not implement an empty client, with all modules and a given auth_url""" OS_AUTH_URL = 'http://host.com:4731/v3' osclients = OpenStackClients(modules="all", auth_url=OS_AUTH_URL) self.assertIsNotNone(osclients)
def test_implement_client_with_selected_module(self): """test_implement_client_with_selected_module check that we could not implement an empty client, with selected modules (keystone and cinder)""" selected_modules = "keystone,cinder," osclients = OpenStackClients(modules=selected_modules) self.assertIsNotNone(osclients)
def generate_trust_ids(users_to_delete): """ From a list of users to delete, generate a file with a trustid for each user. The user is acting as the trustor, delegating in a trustee, which will impersonate it to delete its resources. :param users_to_delete: a list of trustors. :return: this function does not return anything. It creates a file. """ global logger osclients = OpenStackClients() users_trusted_ids = open('users_trusted_ids.txt', 'w') check_users = CheckUsers() # Use an alternative URL that allow direct access to the keystone admin # endpoint, because the registered one uses an internal IP address. osclients.override_endpoint('identity', osclients.region, 'admin', KEYSTONE_ENDPOINT) trust_factory = TrustFactory(osclients) lines = users_to_delete.readlines() total = len(lines) count = 0 if 'TRUSTEE_USER' in env: trustee = env['TRUSTEE_USER'] else: trustee = TRUSTEE for user in lines: user = user.strip() if user == '': continue try: count += 1 (username, trust_id) = trust_factory.create_trust_admin(user, trustee) users_trusted_ids.write(username + ',' + trust_id + '\n') msg = 'Generated trustid for user {0} ({1}/{2})' logger.info(msg.format(user, count, total)) except Exception, e: msg = 'Failed getting trust-id from trustor {0}. Reason: {1}' logger.error(msg.format(user, str(e)))
def generate_trust_ids(users_to_delete): """ From a list of users to delete, generate a file with a trustid for each user. The user is acting as the trustor, delegating in a trustee, which will impersonate it to delete its resources. :param users_to_delete: a list of trustors. :return: this function does not return anything. It creates a file. """ global logger osclients = OpenStackClients() users_trusted_ids = open('users_trusted_ids.txt', 'w') check_users = CheckUsers() # Use an alternative URL that allow direct access to the keystone admin # endpoint, because the registered one uses an internal IP address. osclients.override_endpoint( 'identity', osclients.region, 'admin', KEYSTONE_ENDPOINT) trust_factory = TrustFactory(osclients) lines = users_to_delete.readlines() total = len(lines) count = 0 if 'TRUSTEE_USER' in env: trustee = env['TRUSTEE_USER'] else: trustee = TRUSTEE for user in lines: user = user.strip() if user == '': continue try: count += 1 (username, trust_id) = trust_factory.create_trust_admin( user, trustee) users_trusted_ids.write(username + ',' + trust_id + '\n') msg = 'Generated trustid for user {0} ({1}/{2})' logger.info(msg.format(user, count, total)) except Exception, e: msg = 'Failed getting trust-id from trustor {0}. Reason: {1}' logger.error(msg.format(user, str(e)))
def test_get_session_without_username_nor_token(self): """test_get_session_without_username check that we could not retrieve a session without username""" osclients = OpenStackClients() osclients.set_credential("", self.OS_PASSWORD, tenant_id=self.OS_TENANT_ID) # Checking v3 try: osclients.get_session() except Exception as ex: self.assertRaises(ex) # Checking v2 osclients.use_v3 = False try: osclients.get_session() except Exception as ex: self.assertRaises(ex)
def test_get_session_without_auth_url(self): """test_get_session_without_auth_url check that we could not retrieve a session without auth_url""" osclients = OpenStackClients() osclients.auth_url = None # Checking v3 try: osclients.get_session() except Exception as ex: self.assertRaises(ex) # Checking v2 osclients.use_v3 = False try: osclients.get_session() except Exception as ex: self.assertRaises(ex)
def test_get_session_with_different_auth_url(self): """test_get_session_without_auth_url check that we could retrieve a session with auth_url formats""" auth_url_v2_1 = "http://cloud.lab.fi-ware.org:4731/v2.0" auth_url_v2_2 = "http://cloud.lab.fi-ware.org:4731/v2.0/" auth_url_v3_1 = "http://cloud.lab.fi-ware.org:4731/v3" auth_url_v3_2 = "http://cloud.lab.fi-ware.org:4731/v3/" osclients = OpenStackClients() # Checking v3 osclients.auth_url = auth_url_v2_1 session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) session.invalidate() osclients._session_v3 = None osclients.auth_url = auth_url_v2_2 session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) session.invalidate() osclients._session_v3 = None # Checking v2 osclients.use_v3 = False osclients.auth_url = auth_url_v3_1 session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) session.invalidate() osclients._session_v2 = None osclients.auth_url = auth_url_v3_2 session = osclients.get_session() self.assertIsInstance(session, keystoneclient.session.Session) session.invalidate() osclients._session_v2 = None
def test_get_novaclient(self): """test_get_novaclient check that we could retrieve a Session client to work with nova""" osclients = OpenStackClients(modules="nova") novaClient = osclients.get_novaclient() self.assertIsInstance(novaClient, novaclient.v2.client.Client)
def test_set_credential_to_osclients(self): """test_set_credential_to_osclients check that we could set credentials using method set_credential""" username = "******" password = "******" tenant_name = "new_user cloud" tenant_id = "00000000000000000000000000000002" trust_id = "randomid0000000000000000000000001" # FIRST CHECK: Credentials from ENV osclients = OpenStackClients() self.assertEqual(osclients._OpenStackClients__username, self.OS_USERNAME) self.assertEqual(osclients._OpenStackClients__tenant_id, self.OS_TENANT_ID) # SECOND CHECK: updating Credentials with tenant_id osclients.set_credential(username, password, tenant_id=tenant_id) self.assertEqual(osclients._OpenStackClients__tenant_id, tenant_id) # THIRD CHECK: updating Credentials with tenant_name osclients.set_credential(username, password, tenant_name=tenant_name) self.assertEqual(osclients._OpenStackClients__tenant_name, tenant_name) # FOURTH CHECK: updating Credentials with trust_id osclients.set_credential(username, password, trust_id=trust_id) self.assertEqual(osclients._OpenStackClients__trust_id, trust_id) # FIFTH CHECK: updating Credentials without trust_id, tenant_id and tenant_name osclients.set_credential(username, password) self.assertIsNone(osclients._OpenStackClients__trust_id) self.assertIsNone(osclients._OpenStackClients__tenant_name) self.assertIsNone(osclients._OpenStackClients__tenant_id) # Creating a client to check that set_credential destroy the session with v3 novaclient = osclients.get_novaclient() self.assertIsNotNone(osclients._session_v3) osclients.set_credential(username, password) self.assertIsNone(osclients._session_v3) # Creating a client to check that set_credential destroy the session with v2 osclients.use_v3 = False novaclient = osclients.get_novaclient() self.assertIsNotNone(osclients._session_v2) osclients.set_credential(username, password) self.assertIsNone(osclients._session_v2)
def __init__(self): """constructor""" osclients = OpenStackClients() neutron = osclients.get_neutronclient() cinder = osclients.get_cinderclient() glance = osclients.get_glanceclient() nova = osclients.get_novaclient() swift = osclients.get_swiftclient() print('Creating a container') swift.put_container('container', dict()) print('Creating two objects') swift.put_object('container', 'object', 'content') swift.put_object('container', 'object2', 'content2') print('Creating a volume') volume = cinder.volumes.create(name='cindervolume', size=1) external_net = None for net in neutron.list_networks()['networks']: if net['router:external']: external_net = net['id'] break properties = {'key1': 'value1'} print('Creating a private image') glance.images.create(container_format='bare', name='testimage1', disk_format='qcow2', data='aaaaa', properties=properties, is_public=False) if can_create_shared_images: download_images() print('Creating a shared image') cirrosfile = open(img_name) image_shared1 = glance.images.create(container_format='bare', name='testimg2', disk_format='qcow2', data=cirrosfile, properties={'key2': 'value2'}, is_public=True) print('Creating another shared image') cirrosfile2 = open(img_name2) image_shared2 = glance.images.create(container_format='bare', name='testima3', disk_format='qcow2', data=cirrosfile2, properties={'key3': 'val3'}, is_public=True) image_id = image_shared1.id else: image_id = glance.images.find(name=image_name) print('Creating a keypair') nova.keypairs.create(name='testpublickey') print('Allocating a new security group') nova.security_groups.create( 'testsecgroup a security group for testing') print('Reserving a flotaing ip') floatingip = nova.floating_ips.create(pool=external_net) if can_create_networks: print('Creating a router') router = neutron.create_router( {'router': { 'name': 'testrouter', 'admin_state_up': True }})['router'] print('Creating a network') n = neutron.create_network( {'network': { 'name': 'testnetwork', 'admin_state_up': True, }}) network = n['network'] print('Creating a subnet') subnet = neutron.create_subnet({ 'subnet': { 'name': 'testsubnet', 'network_id': network['id'], 'ip_version': 4, 'cidr': '192.168.1.0/24', 'dns_nameservers': ['8.8.8.8'] } })['subnet'] """ Only admin users can create shared networks. network2 = neutron.create_network( {'network': {'name': 'testnetwork_shared', 'admin_state_up': True, 'shared': True}})['network'] subnet2 = neutron.create_subnet( {'subnet': {'name': 'testsubnet_shared', 'network_id': network2['id'], 'ip_version': 4, 'cidr': '192.168.2.0/24', 'dns_nameservers': ['8.8.8.8']}})['subnet'] """ print('Adding interface and gateway to router') neutron.add_interface_router(router['id'], {'subnet_id': subnet['id']}) neutron.add_gateway_router(router['id'], {'network_id': external_net}) else: # use any internal network network = None for net in neutron.list_networks()['networks']: if not net['router:external']: network = net break # The volume must be available before creating the snapshot. time.sleep(3) print('Creating a volume snapshot') cinder.volume_snapshots.create(volume.id) tiny = nova.flavors.find(name='m1.tiny') nova.flavors.find(name='m1.small') nic = {'net-id': network['id']} print('Creating a VM') server = nova.servers.create('vm_testdelete', flavor=tiny, image=image_id, key_name='testpublickey', security_groups=['default'], nics=[nic]) # , files=files, config_drive=True) # give some time before assigning the floating ip time.sleep(10) server.add_floating_ip(floatingip.ip) if can_create_shared_images: # create a VM using another tenant, based in a shared image osclients2 = OpenStackClients() second_user = os.environ['USER2'] second_user_tenant = os.environ['USER2_TENANT'] osclients2.set_credential(second_user, os.environ['PASSWORD_USER2'], tenant_name=second_user_tenant) nova = osclients2.get_novaclient() neutron = osclients2.get_neutronclient() net2 = None for net in neutron.list_networks()['networks']: if not net['router:external']: net2 = net['id'] break nics = [{'net-id': net2}] print('Creating a second VM, with a different user') nova.servers.create('vm_testdelete2', flavor=tiny, image=image_shared2.id, nics=nics)
class TestOSClientsOverrideEndpoint(TestCase): """Class to test the endpoint override feature""" def setUp(self): d = defaultdict(list) d['catalog'].append(service) self.access = d self.osclients = OpenStackClients() self.url = 'http://fake.org:9090' self.original_url = service['endpoints'][1]['url'] def restore_catalog(self): """restore catalog""" service['endpoints'][1]['url'] = self.original_url def tearDown(self): """restore objects""" self.restore_catalog() def override_endpoint(self): """method that override the endpoint""" self.osclients.override_endpoint('object-store', 'Spain2', 'admin', self.url) def assertOverrideEndpoint(self): """check that the override has been done""" self.assertEquals(self.osclients.get_admin_endpoint('object-store', 'Spain2'), self.url) def test_override_endpoint_session(self): """test that invoking override endpoint does not create a session""" self.override_endpoint() self.assertFalse(self.osclients._session_v2) self.assertFalse(self.osclients._session_v3) def test_override_endpoint(self): """check that a session catalog is overriden""" mock = MagicMock() config = {'auth.get_access.return_value': self.access} mock.configure_mock(**config) self.osclients._session_v3 = mock self.override_endpoint() self.assertOverrideEndpoint() @patch('fiwareskuld.utils.osclients.session') def test_override_endpoint_multiple(self, mock): """test that override works with an already created session and then with a new one without invoking the method again""" config = {'Session.return_value.auth.get_access.return_value': self.access} mock.configure_mock(**config) session = self.osclients.get_session() self.override_endpoint() self.assertOverrideEndpoint() # invalidate and create a new session; ensure than catalog is again # the original. Setting a new token invalidate the session. The new # one is created at the invocation of get_admin_endpoint. self.restore_catalog() self.osclients.set_token('faketoken') # check again self.assertOverrideEndpoint()
class TestOSClientsOverrideEndpoint(TestCase): """Class to test the endpoint override feature""" def setUp(self): d = defaultdict(list) d['catalog'].append(service) self.access = d self.osclients = OpenStackClients() self.url = 'http://fake.org:9090' self.original_url = service['endpoints'][1]['url'] def restore_catalog(self): """restore catalog""" service['endpoints'][1]['url'] = self.original_url def tearDown(self): """restore objects""" self.restore_catalog() def override_endpoint(self): """method that override the endpoint""" self.osclients.override_endpoint('object-store', 'Spain2', 'admin', self.url) def assertOverrideEndpoint(self): """check that the override has been done""" self.assertEquals( self.osclients.get_admin_endpoint('object-store', 'Spain2'), self.url) def test_override_endpoint_session(self): """test that invoking override endpoint does not create a session""" self.override_endpoint() self.assertFalse(self.osclients._session_v2) self.assertFalse(self.osclients._session_v3) def test_override_endpoint(self): """check that a session catalog is overriden""" mock = MagicMock() config = {'auth.get_access.return_value': self.access} mock.configure_mock(**config) self.osclients._session_v3 = mock self.override_endpoint() self.assertOverrideEndpoint() @patch('fiwareskuld.utils.osclients.session') def test_override_endpoint_multiple(self, mock): """test that override works with an already created session and then with a new one without invoking the method again""" config = { 'Session.return_value.auth.get_access.return_value': self.access } mock.configure_mock(**config) session = self.osclients.get_session() self.override_endpoint() self.assertOverrideEndpoint() # invalidate and create a new session; ensure than catalog is again # the original. Setting a new token invalidate the session. The new # one is created at the invocation of get_admin_endpoint. self.restore_catalog() self.osclients.set_token('faketoken') # check again self.assertOverrideEndpoint()
def __init__(self): """constructor""" osclients = OpenStackClients() neutron = osclients.get_neutronclient() cinder = osclients.get_cinderclient() glance = osclients.get_glanceclient() nova = osclients.get_novaclient() swift = osclients.get_swiftclient() print('Creating a container') swift.put_container('container', dict()) print('Creating two objects') swift.put_object('container', 'object', 'content') swift.put_object('container', 'object2', 'content2') print('Creating a volume') volume = cinder.volumes.create(name='cindervolume', size=1) external_net = None for net in neutron.list_networks()['networks']: if net['router:external']: external_net = net['id'] break properties = {'key1': 'value1'} print('Creating a private image') glance.images.create( container_format='bare', name='testimage1', disk_format='qcow2', data='aaaaa', properties=properties, is_public=False) if can_create_shared_images: download_images() print('Creating a shared image') cirrosfile = open(img_name) image_shared1 = glance.images.create( container_format='bare', name='testimg2', disk_format='qcow2', data=cirrosfile, properties={'key2': 'value2'}, is_public=True) print('Creating another shared image') cirrosfile2 = open(img_name2) image_shared2 = glance.images.create( container_format='bare', name='testima3', disk_format='qcow2', data=cirrosfile2, properties={'key3': 'val3'}, is_public=True) image_id = image_shared1.id else: image_id = glance.images.find(name=image_name) print('Creating a keypair') nova.keypairs.create(name='testpublickey') print('Allocating a new security group') nova.security_groups.create('testsecgroup a security group for testing') print('Reserving a flotaing ip') floatingip = nova.floating_ips.create(pool=external_net) if can_create_networks: print('Creating a router') router = neutron.create_router( {'router': {'name': 'testrouter', 'admin_state_up': True}} )['router'] print('Creating a network') n = neutron.create_network( {'network': {'name': 'testnetwork', 'admin_state_up': True, }}) network = n['network'] print('Creating a subnet') subnet = neutron.create_subnet( {'subnet': {'name': 'testsubnet', 'network_id': network['id'], 'ip_version': 4, 'cidr': '192.168.1.0/24', 'dns_nameservers': ['8.8.8.8']}})['subnet'] """ Only admin users can create shared networks. network2 = neutron.create_network( {'network': {'name': 'testnetwork_shared', 'admin_state_up': True, 'shared': True}})['network'] subnet2 = neutron.create_subnet( {'subnet': {'name': 'testsubnet_shared', 'network_id': network2['id'], 'ip_version': 4, 'cidr': '192.168.2.0/24', 'dns_nameservers': ['8.8.8.8']}})['subnet'] """ print('Adding interface and gateway to router') neutron.add_interface_router(router['id'], {'subnet_id': subnet['id']}) neutron.add_gateway_router(router['id'], {'network_id': external_net}) else: # use any internal network network = None for net in neutron.list_networks()['networks']: if not net['router:external']: network = net break # The volume must be available before creating the snapshot. time.sleep(3) print('Creating a volume snapshot') cinder.volume_snapshots.create(volume.id) tiny = nova.flavors.find(name='m1.tiny') nova.flavors.find(name='m1.small') nic = {'net-id': network['id']} print('Creating a VM') server = nova.servers.create( 'vm_testdelete', flavor=tiny, image=image_id, key_name='testpublickey', security_groups=['default'], nics=[nic]) # , files=files, config_drive=True) # give some time before assigning the floating ip time.sleep(10) server.add_floating_ip(floatingip.ip) if can_create_shared_images: # create a VM using another tenant, based in a shared image osclients2 = OpenStackClients() second_user = os.environ['USER2'] second_user_tenant = os.environ['USER2_TENANT'] osclients2.set_credential(second_user, os.environ['PASSWORD_USER2'], tenant_name=second_user_tenant) nova = osclients2.get_novaclient() neutron = osclients2.get_neutronclient() net2 = None for net in neutron.list_networks()['networks']: if not net['router:external']: net2 = net['id'] break nics = [{'net-id': net2}] print('Creating a second VM, with a different user') nova.servers.create( 'vm_testdelete2', flavor=tiny, image=image_shared2.id, nics=nics)
def test_get_keystoneclient_v3(self): """test_get_keystoneclient_v3 check that we could retrieve a Session client to work with keystone v3""" osclients = OpenStackClients() keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v3.client.Client)
def test_implement_client_with_env(self): """test_implement_client_with_env check that we could implement a client with data from the OS environment.""" osclients = OpenStackClients() self.assertIsNotNone(osclients)
def test_implement_client(self): """test_implement_client check that we could implement an empty client.""" osclients = OpenStackClients() self.assertIsNotNone(osclients)
""" domain = usertocheck.name.partition('@')[2] if domain in settings.DONT_DELETE_DOMAINS: logger.warning( 'User with name %(name)s should not be deleted due to its domain', {'name': usertocheck.name}) return True else: return False logger.debug('Getting expired users') (next_to_expire, expired_users) = ExpiredUsers( username=env['OS_USERNAME'], password=env['OS_PASSWORD'], tenant=env['OS_TENANT_NAME']).get_yellow_red_users() osclients = OpenStackClients() # Use an alternative URL that allow direct access to the keystone admin # endpoint, because the registered one uses an internal IP address. osclients.override_endpoint( 'identity', osclients.region, 'admin', settings.KEYSTONE_ENDPOINT) keystone = osclients.get_keystoneclientv3() # build users map logger.debug('Building user map') users_by_id = dict() for user in keystone.users.list(): users_by_id[user.id] = user