def create_user_with_tenant(tenants_client, users_client, username, password, tenant_name): """Create user and tenant if he doesn't exist. Sets password even for existing user. """ LOG.info("Creating user '%s' with tenant '%s' and password '%s'", username, tenant_name, password) tenant_description = "Tenant for Tempest %s user" % username email = "*****@*****.**" % username # create tenant try: tenants_client.create_tenant(tenant_name, description=tenant_description) except exceptions.Conflict: LOG.info("(no change) Tenant '%s' already exists", tenant_name) tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id'] # create user try: users_client.create_user(username, password, tenant_id, email) except exceptions.Conflict: LOG.info("User '%s' already exists. Setting password to '%s'", username, password) user = identity.get_user_by_username(tenants_client, tenant_id, username) users_client.update_user_password(user['id'], password=password)
def create_users(users): """Create tenants from resource definition. Don't create the tenants if they already exist. """ global USERS LOG.info("Creating users") admin = keystone_admin() for u in users: try: tenant = identity.get_tenant_by_name(admin.tenants, u['tenant']) except lib_exc.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue try: identity.get_user_by_username(admin.tenants, tenant['id'], u['name']) LOG.warning("User '%s' already exists in this environment" % u['name']) except lib_exc.NotFound: admin.users.create_user( name=u['name'], password=u['pass'], tenantId=tenant['id'], email="%s@%s" % (u['name'], tenant['id']), enabled=True)
def create_user_with_tenant(tenants_client, users_client, username, password, tenant_name): """Create user and tenant if he doesn't exist. Sets password even for existing user. """ LOG.info("Creating user '%s' with tenant '%s' and password '%s'", username, tenant_name, password) tenant_description = "Tenant for Tempest %s user" % username email = "*****@*****.**" % username # create tenant try: tenants_client.create_tenant(name=tenant_name, description=tenant_description) except exceptions.Conflict: LOG.info("(no change) Tenant '%s' already exists", tenant_name) tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id'] # create user try: users_client.create_user(**{'name': username, 'password': password, 'tenantId': tenant_id, 'email': email}) except exceptions.Conflict: LOG.info("User '%s' already exists. Setting password to '%s'", username, password) user = identity.get_user_by_username(tenants_client, tenant_id, username) users_client.update_user_password(user['id'], password=password)
def create_users(users): """Create tenants from resource definition. Don't create the tenants if they already exist. """ global USERS LOG.info("Creating users") admin = keystone_admin() for u in users: try: tenant = identity.get_tenant_by_name(admin.tenants, u['tenant']) except lib_exc.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue try: identity.get_user_by_username(admin.tenants, tenant['id'], u['name']) LOG.warning("User '%s' already exists in this environment" % u['name']) except lib_exc.NotFound: admin.users.create_user(u['name'], u['pass'], tenant['id'], "%s@%s" % (u['name'], tenant['id']), enabled=True)
def destroy_users(users): admin = keystone_admin() for user in users: tenant_id = identity.get_tenant_by_name(admin.tenants, user['tenant'])['id'] user_id = identity.get_user_by_username(admin.tenants, tenant_id, user['name'])['id'] admin.users.delete_user(user_id)
def collect_users(users): global USERS LOG.info("Collecting users") admin = keystone_admin() for u in users: tenant = identity.get_tenant_by_name(admin.tenants, u['tenant']) u['tenant_id'] = tenant['id'] USERS[u['name']] = u body = identity.get_user_by_username(admin.tenants, tenant['id'], u['name']) USERS[u['name']]['id'] = body['id']
def _get_network_id(net_name, tenant_name): am = credentials.AdminManager() net_cl = am.networks_client tn_cl = am.tenants_client networks = net_cl.list_networks() tenant = identity.get_tenant_by_name(tn_cl, tenant_name) t_id = tenant['id'] n_id = None for net in networks['networks']: if (net['tenant_id'] == t_id and net['name'] == net_name): n_id = net['id'] break return n_id
def _get_network_id(net_name, project_name): am = credentials.AdminManager() net_cl = am.networks_client tn_cl = am.tenants_client networks = net_cl.list_networks() tenant = identity.get_tenant_by_name(tn_cl, project_name) t_id = tenant['id'] n_id = None for net in networks['networks']: if (net['tenant_id'] == t_id and net['name'] == net_name): n_id = net['id'] break return n_id
def _init_admin_ids(self): id_cl = self.admin_mgr.identity_client tenant = identity.get_tenant_by_name(id_cl, CONF.auth.admin_tenant_name) self.admin_tenant_id = tenant["id"] user = identity.get_user_by_username(id_cl, self.admin_tenant_id, CONF.auth.admin_username) self.admin_id = user["id"] roles = id_cl.list_roles()["roles"] for role in roles: if role["name"] == CONF.identity.admin_role: self.admin_role_id = role["id"] break
def _get_network_id(net_name, project_name): am = credentials.AdminManager() net_cl = am.networks_client tn_cl = am.tenants_client networks = net_cl.list_networks() tenant = identity.get_tenant_by_name(tn_cl, project_name) t_id = tenant["id"] n_id = None for net in networks["networks"]: if net["tenant_id"] == t_id and net["name"] == net_name: n_id = net["id"] break return n_id
def _init_admin_ids(self): id_cl = self.admin_mgr.identity_client tenant = identity.get_tenant_by_name(id_cl, CONF.auth.admin_tenant_name) self.admin_tenant_id = tenant['id'] user = identity.get_user_by_username(id_cl, self.admin_tenant_id, CONF.auth.admin_username) self.admin_id = user['id'] roles = id_cl.list_roles()['roles'] for role in roles: if role['name'] == CONF.identity.admin_role: self.admin_role_id = role['id'] break
def _init_admin_ids(self): tn_cl = self.admin_mgr.tenants_client rl_cl = self.admin_mgr.roles_client tenant = identity.get_tenant_by_name(tn_cl, CONF.auth.admin_tenant_name) self.admin_tenant_id = tenant['id'] user = identity.get_user_by_username(tn_cl, self.admin_tenant_id, CONF.auth.admin_username) self.admin_id = user['id'] roles = rl_cl.list_roles()['roles'] for role in roles: if role['name'] == CONF.identity.admin_role: self.admin_role_id = role['id'] break
def give_role_to_user(tenants_client, roles_client, users_client, username, tenant_name, role_name, role_required=True): """Give the user a role in the project (tenant).""", tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id'] users = users_client.list_users() user_ids = [u['id'] for u in users['users'] if u['name'] == username] user_id = user_ids[0] roles = roles_client.list_roles() role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name] if not role_ids: if role_required: raise Exception("required role %s not found" % role_name) LOG.debug("%s role not required" % role_name) return role_id = role_ids[0] try: roles_client.assign_user_role(tenant_id, user_id, role_id) LOG.debug("User '%s' was given the '%s' role in project '%s'", username, role_name, tenant_name) except exceptions.Conflict: LOG.debug("(no change) User '%s' already has the '%s' role in" " project '%s'", username, role_name, tenant_name)
def give_role_to_user(tenants_client, roles_client, users_client, username, tenant_name, role_name, role_required=True): """Give the user a role in the project (tenant).""", tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id'] users = users_client.list_users() user_ids = [u['id'] for u in users['users'] if u['name'] == username] user_id = user_ids[0] roles = roles_client.list_roles() role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name] if not role_ids: if role_required: raise Exception("required role %s not found" % role_name) LOG.debug("%s role not required" % role_name) return role_id = role_ids[0] try: roles_client.create_user_role_on_project(tenant_id, user_id, role_id) LOG.debug("User '%s' was given the '%s' role in project '%s'", username, role_name, tenant_name) except exceptions.Conflict: LOG.debug("(no change) User '%s' already has the '%s' role in" " project '%s'", username, role_name, tenant_name)
def create_resources(opts, resources): (identity_admin, tenants_admin, roles_admin, users_admin, neutron_iso_networks, network_admin, networks_admin, subnets_admin) = get_admin_clients(opts) roles = roles_admin.list_roles()['roles'] for u in resources['users']: u['role_ids'] = [] for r in u.get('roles', ()): try: role = filter(lambda r_: r_['name'] == r, roles)[0] except IndexError: msg = "Role: %s doesn't exist" % r raise exc.InvalidConfiguration(msg) u['role_ids'] += [role['id']] existing = [x['name'] for x in tenants_admin.list_tenants()['tenants']] for tenant in resources['tenants']: if tenant not in existing: tenants_admin.create_tenant(tenant) else: LOG.warning("Tenant '%s' already exists in this environment" % tenant) LOG.info('Tenants created') for u in resources['users']: try: tenant = identity.get_tenant_by_name(tenants_admin, u['tenant']) except tempest_lib.exceptions.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue while True: try: identity.get_user_by_username(tenants_admin, tenant['id'], u['name']) except tempest_lib.exceptions.NotFound: users_admin.create_user(u['name'], u['pass'], tenant['id'], "%s@%s" % (u['name'], tenant['id']), enabled=True) break else: LOG.warning("User '%s' already exists in this environment. " "New name generated" % u['name']) u['name'] = random_user_name(opts.tag, u['prefix']) LOG.info('Users created') if neutron_iso_networks: for u in resources['users']: tenant = identity.get_tenant_by_name(tenants_admin, u['tenant']) network_name, router_name = create_network_resources( network_admin, networks_admin, subnets_admin, tenant['id'], u['name']) u['network'] = network_name u['router'] = router_name LOG.info('Networks created') for u in resources['users']: try: tenant = identity.get_tenant_by_name(tenants_admin, u['tenant']) except tempest_lib.exceptions.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue try: user = identity.get_user_by_username(tenants_admin, tenant['id'], u['name']) except tempest_lib.exceptions.NotFound: LOG.error("User: %s - not found" % u['user']) continue for r in u['role_ids']: try: roles_admin.assign_user_role(tenant['id'], user['id'], r) except tempest_lib.exceptions.Conflict: # don't care if it's already assigned pass LOG.info('Roles assigned') LOG.info('Resources deployed successfully!')
def __init__(self, conf, admin): if admin: username = conf.get_defaulted('identity', 'admin_username') password = conf.get_defaulted('identity', 'admin_password') tenant_name = conf.get_defaulted('identity', 'admin_tenant_name') else: username = conf.get_defaulted('identity', 'username') password = conf.get_defaulted('identity', 'password') tenant_name = conf.get_defaulted('identity', 'tenant_name') self.identity_region = conf.get_defaulted('identity', 'region') default_params = { 'disable_ssl_certificate_validation': conf.get_defaulted('identity', 'disable_ssl_certificate_validation'), 'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file') } compute_params = { 'service': conf.get_defaulted('compute', 'catalog_type'), 'region': self.identity_region, 'endpoint_type': conf.get_defaulted('compute', 'endpoint_type') } compute_params.update(default_params) _creds = tempest_lib.auth.KeystoneV2Credentials( username=username, password=password, tenant_name=tenant_name) auth_provider_params = { 'disable_ssl_certificate_validation': conf.get_defaulted('identity', 'disable_ssl_certificate_validation'), 'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file') } _auth = tempest_lib.auth.KeystoneV2AuthProvider( _creds, conf.get_defaulted('identity', 'uri'), **auth_provider_params) self.auth_provider = _auth self.identity = identity_client.IdentityClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.tenants = tenants_client.TenantsClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.roles = roles_client.RolesClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.users = users_client.UsersClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.images = images_client.ImagesClientV2( _auth, conf.get_defaulted('image', 'catalog_type'), self.identity_region, conf.get_defaulted('image', 'endpoint_type'), **default_params) self.servers = servers_client.ServersClient(_auth, **compute_params) self.flavors = flavors_client.FlavorsClient(_auth, **compute_params) self.networks = None def create_nova_network_client(): if self.networks is None: self.networks = nova_net_client.NetworksClient( _auth, **compute_params) return self.networks def create_neutron_client(): if self.networks is None: self.networks = networks_client.NetworksClient( _auth, conf.get_defaulted('network', 'catalog_type'), self.identity_region, endpoint_type=conf.get_defaulted('network', 'endpoint_type'), **default_params) return self.networks self.get_nova_net_client = create_nova_network_client self.get_neutron_client = create_neutron_client # Set admin tenant id needed for keystone v3 tests. if admin: tenant_id = identity.get_tenant_by_name(self.tenants, tenant_name)['id'] conf.set('identity', 'admin_tenant_id', tenant_id)
def destroy_tenants(tenants): admin = keystone_admin() for tenant in tenants: tenant_id = identity.get_tenant_by_name(admin.tenant, tenant)['id'] admin.tenants.delete_tenant(tenant_id)
def __init__(self, conf, admin): self.identity_version = self.get_identity_version(conf) if admin: username = conf.get_defaulted('identity', 'admin_username') password = conf.get_defaulted('identity', 'admin_password') tenant_name = conf.get_defaulted('identity', 'admin_tenant_name') else: username = conf.get_defaulted('identity', 'username') password = conf.get_defaulted('identity', 'password') tenant_name = conf.get_defaulted('identity', 'tenant_name') self.identity_region = conf.get_defaulted('identity', 'region') default_params = { 'disable_ssl_certificate_validation': conf.get_defaulted('identity', 'disable_ssl_certificate_validation'), 'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file') } compute_params = { 'service': conf.get_defaulted('compute', 'catalog_type'), 'region': self.identity_region, 'endpoint_type': conf.get_defaulted('compute', 'endpoint_type') } compute_params.update(default_params) if self.identity_version == "v2": _creds = self.get_credentials(conf, username, tenant_name, password) else: _creds = self.get_credentials( conf, username, tenant_name, password, identity_version=self.identity_version) _auth = self.get_auth_provider(conf, _creds) self.auth_provider = _auth if "v2.0" in conf.get("identity", "uri"): self.identity = identity_client.IdentityClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) else: self.identity = identity_v3_client.IdentityV3Client( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.tenants = tenants_client.TenantsClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.roles = roles_client.RolesClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.users = users_client.UsersClient( _auth, conf.get_defaulted('identity', 'catalog_type'), self.identity_region, endpoint_type='adminURL', **default_params) self.images = images_client.ImagesClient( _auth, conf.get_defaulted('image', 'catalog_type'), self.identity_region, **default_params) self.servers = servers_client.ServersClient(_auth, **compute_params) self.flavors = flavors_client.FlavorsClient(_auth, **compute_params) self.networks = None def create_nova_network_client(): if self.networks is None: self.networks = nova_net_client.NetworksClient( _auth, **compute_params) return self.networks def create_neutron_client(): if self.networks is None: self.networks = networks_client.NetworksClient( _auth, conf.get_defaulted('network', 'catalog_type'), self.identity_region, endpoint_type=conf.get_defaulted('network', 'endpoint_type'), **default_params) return self.networks self.get_nova_net_client = create_nova_network_client self.get_neutron_client = create_neutron_client # Set admin tenant id needed for keystone v3 tests. if admin: tenant_id = identity.get_tenant_by_name(self.tenants, tenant_name)['id'] conf.set('identity', 'admin_tenant_id', tenant_id)
def create_resources(opts, resources): (identity_admin, neutron_iso_networks, network_admin, networks_admin, subnets_admin) = get_admin_clients(opts) roles = identity_admin.list_roles()['roles'] for u in resources['users']: u['role_ids'] = [] for r in u.get('roles', ()): try: role = filter(lambda r_: r_['name'] == r, roles)[0] except IndexError: msg = "Role: %s doesn't exist" % r raise exc.InvalidConfiguration(msg) u['role_ids'] += [role['id']] existing = [x['name'] for x in identity_admin.list_tenants()['tenants']] for tenant in resources['tenants']: if tenant not in existing: identity_admin.create_tenant(tenant) else: LOG.warn("Tenant '%s' already exists in this environment" % tenant) LOG.info('Tenants created') for u in resources['users']: try: tenant = identity.get_tenant_by_name(identity_admin, u['tenant']) except tempest_lib.exceptions.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue while True: try: identity.get_user_by_username(identity_admin, tenant['id'], u['name']) except tempest_lib.exceptions.NotFound: identity_admin.create_user( u['name'], u['pass'], tenant['id'], "%s@%s" % (u['name'], tenant['id']), enabled=True) break else: LOG.warn("User '%s' already exists in this environment. " "New name generated" % u['name']) u['name'] = random_user_name(opts.tag, u['prefix']) LOG.info('Users created') if neutron_iso_networks: for u in resources['users']: tenant = identity.get_tenant_by_name(identity_admin, u['tenant']) network_name, router_name = create_network_resources( network_admin, networks_admin, subnets_admin, tenant['id'], u['name']) u['network'] = network_name u['router'] = router_name LOG.info('Networks created') for u in resources['users']: try: tenant = identity.get_tenant_by_name(identity_admin, u['tenant']) except tempest_lib.exceptions.NotFound: LOG.error("Tenant: %s - not found" % u['tenant']) continue try: user = identity.get_user_by_username(identity_admin, tenant['id'], u['name']) except tempest_lib.exceptions.NotFound: LOG.error("User: %s - not found" % u['user']) continue for r in u['role_ids']: try: identity_admin.assign_user_role(tenant['id'], user['id'], r) except tempest_lib.exceptions.Conflict: # don't care if it's already assigned pass LOG.info('Roles assigned') LOG.info('Resources deployed successfully!')