def test_get_keystoneclient_v3_with_trust_id(self): """test_get_keystoneclient_v3_with_trust_id check that we could retrieve a Session client to work with keystone v3 and using trust_id""" osclients = OpenStackClients() trust_id = "randomid0000000000000000000000001" osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, trust_id=trust_id) keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v3.client.Client)
def test_get_keystoneclient_v2_with_tenant_id(self): """test_get_keystoneclient_v2_with_tenant_id check that we could retrieve a Session client to work with keystone v2 and using tenant_id""" osclients = OpenStackClients() osclients.use_v3 = False osclients.set_credential(self.OS_USERNAME, self.OS_PASSWORD, tenant_id=self.OS_TENANT_ID) keystoneClient = osclients.get_keystoneclient() self.assertIsInstance(keystoneClient, keystoneclient.v2_0.client.Client)
def test_get_session_without_username_nor_token(self): """test_get_session_without_username check that we could not retrieve a session without username""" osclients = OpenStackClients() osclients.set_credential("", self.OS_PASSWORD, tenant_id=self.OS_TENANT_ID) # Checking v3 try: osclients.get_session() except Exception as ex: self.assertRaises(ex) # Checking v2 osclients.use_v3 = False try: osclients.get_session() except Exception as ex: self.assertRaises(ex)
class UserResources(object): """Class to list, delete user resources. Also provides a method to stop all the VM of the tenant. This class works creating a instance with the credential of the user owner of the resources. It does not use an admin credential!!!""" def __init__(self, username, password, tenant_id=None, tenant_name=None, trust_id=None): """ Constructor of the class. Tenant_id or tenant_name or tust_id must be provided. There are two ways of using this class: -passing the user, password, tenant_id or tenant_name of the user whose resources are being deleted -passing the user and password of the trustee, and the trust_id generated to impersonate the trustor. :param username: the user name whose resources are deleted or the user name of the trustee :param password: the password of the user whose resources are deleted or the password of the trustee :param tenant_id: the tenant id of the user whose resources must be deleted. :param tenant_name: the tenant name of the user whose resources must be deleted :param trust_id: the trust_id used to impersonate the user whose resources must be deleted :return: nothing """ self.logger = logging.getLogger(__name__) self.clients = OpenStackClients() if tenant_id: self.clients.set_credential(username, password, tenant_id=tenant_id) elif tenant_name: self.clients.set_credential(username, password, tenant_name=tenant_name) elif trust_id: self.clients.set_credential(username, password, trust_id=trust_id) self.trust_id = trust_id else: raise( 'Either tenant_id or tenant_name or trust_id must be provided') region = self.clients.region self.clients.override_endpoint( 'identity', region, 'admin', settings.KEYSTONE_ENDPOINT) self.user_id = self.clients.get_session().get_user_id() session = self.clients.get_session() self.user_name = username self.nova = NovaResources(self.clients) self.cinder = CinderResources(self.clients) self.glance = GlanceResources(self.clients) try: self.neutron = NeutronResources(self.clients) except Exception: # The region does not support Neutron # It would be better to check the endpoint self.neutron = None try: self.blueprints = BluePrintResources(self.clients) except Exception: # The region does not support PaaS Manager # It would be better to check the endpoint self.blueprints = None try: self.swift = SwiftResources(self.clients) except Exception: # The region does not support Swift # It would be better to check the endpoint self.swift = None # Images in use is a set used to avoid deleting formerly glance images # in use by other tenants self.imagesinuse = set() # Regions the user has access self.regions_available = set() self.regions_available.update(self.clients.get_regions('compute')) def change_region(self, region): """ change the region. All the clients need to be updated, but the session does not. :param region: the name of the region :return: nothing. """ self.clients.set_region(region) self.clients.override_endpoint( 'identity', region, 'admin', settings.KEYSTONE_ENDPOINT) self.nova.on_region_changed() self.glance.on_region_changed() try: if self.swift: self.swift.on_region_changed() else: self.swift = SwiftResources(self.clients) except Exception: # The region does not support swift self.swift = None self.cinder.on_region_changed() try: if self.blueprints: self.blueprint.on_region_changed() else: self.blueprints = BluePrintResources(self.clients) except Exception: # The region has not configured paas manager self.blueprints = None try: if self.neutron: self.neutron.on_region_changed() else: self.neutron = NeutronResources(self.clients) except Exception: # The region does not support neutron self.neutron = None def delete_tenant_resources_pri_1(self): """Delete here all the elements that do not depend of others are deleted first""" try: self.nova.delete_user_keypairs() except Exception, e: msg = 'Deletion of keypairs failed. Reason: ' self.logger.error(msg + str(e)) # Snapshots must be deleted before the volumes, because a snapshot # depends of a volume. try: self.cinder.delete_tenant_volume_snapshots() except Exception, e: msg = 'Deletion of volume snaphosts failed. Reason: ' self.logger.error(msg + str(e))
def test_set_credential_to_osclients(self): """test_set_credential_to_osclients check that we could set credentials using method set_credential""" username = "******" password = "******" tenant_name = "new_user cloud" tenant_id = "00000000000000000000000000000002" trust_id = "randomid0000000000000000000000001" # FIRST CHECK: Credentials from ENV osclients = OpenStackClients() self.assertEqual(osclients._OpenStackClients__username, self.OS_USERNAME) self.assertEqual(osclients._OpenStackClients__tenant_id, self.OS_TENANT_ID) # SECOND CHECK: updating Credentials with tenant_id osclients.set_credential(username, password, tenant_id=tenant_id) self.assertEqual(osclients._OpenStackClients__tenant_id, tenant_id) # THIRD CHECK: updating Credentials with tenant_name osclients.set_credential(username, password, tenant_name=tenant_name) self.assertEqual(osclients._OpenStackClients__tenant_name, tenant_name) # FOURTH CHECK: updating Credentials with trust_id osclients.set_credential(username, password, trust_id=trust_id) self.assertEqual(osclients._OpenStackClients__trust_id, trust_id) # FIFTH CHECK: updating Credentials without trust_id, tenant_id and tenant_name osclients.set_credential(username, password) self.assertIsNone(osclients._OpenStackClients__trust_id) self.assertIsNone(osclients._OpenStackClients__tenant_name) self.assertIsNone(osclients._OpenStackClients__tenant_id) # Creating a client to check that set_credential destroy the session with v3 novaclient = osclients.get_novaclient() self.assertIsNotNone(osclients._session_v3) osclients.set_credential(username, password) self.assertIsNone(osclients._session_v3) # Creating a client to check that set_credential destroy the session with v2 osclients.use_v3 = False novaclient = osclients.get_novaclient() self.assertIsNotNone(osclients._session_v2) osclients.set_credential(username, password) self.assertIsNone(osclients._session_v2)
# reset the password p2 = Popen(["curl", "http://169.254.169.254/openstack/latest/meta_data.json"], stdout=PIPE) metadatajson, err = p2.communicate() meta = json.loads(metadatajson)["meta"] keystone_ip = meta["keystone_ip"] region = meta["Region"] region2 = meta["region_keystone"] if region2: os.environ['OS_REGION_NAME'] = region2 wait_net_service(keystone_ip, 5000, timeout=720) osclients = OpenStackClients('http://{0}:5000/v3/'.format(keystone_ip)) osclients.set_credential('idm', 'idm', 'idm') # create idm region user password_changer = PasswordChanger(osclients) idm = password_changer.get_user_byname("idm") idm = password_changer.get_user_byname('idm') # new_password = password_changer.reset_password(idm) new_password = '******' credential = """export OS_AUTH_URL=http://{0}:5000/v3/ export OS_AUTH_URL_V2=http://{0}:5000/v2.0/ export OS_USERNAME={2} export OS_TENANT_NAME=idm export OS_PROJECT_DOMAIN_NAME=default
class ServersFacade(object): def __init__(self, target): """Create a new Facade for the specified target (a target is shared between regions using the same credential)""" self.osclients = OpenStackClients(target['keystone_url']) self.osclients.set_credential(target['user'], target['password'], target['tenant']) if target.get('use_keystone_v3', False): self.osclients.set_keystone_version(True) else: self.osclients.set_keystone_version(False) self.session = self.osclients.get_session() self.target = target # This is a default value self.images_dir = '/var/lib/glance/images' self.logger = logger_cli def _get_glanceclient(self, region): """helper method, to get a glanceclient for the region""" self.osclients.set_region(region) return self.osclients.get_glanceclient() def get_regions(self): """It returns the list of regions on the specified target. :return: a list of region names. """ return self.osclients.get_regions('image') def get_imagelist(self, regionobj): """return a image list from the glance of the specified region :param regionobj: The GlanceSyncRegion object of the region to list :return: a list of GlanceSyncImage objects """ client = self._get_glanceclient(regionobj.region) try: target = regionobj.target # We need a Pool to implement a timeout. Unfortunately # setting client.images.client.timeout does nothing. if 'list_images_timeout' in target: timeout = target['list_images_timeout'] else: timeout = _default_timeout pool = Pool(1) result = pool.apply_async(_getrawimagelist, (client,)) images = result.get(timeout=timeout) image_list = list() for image in images: i = GlanceSyncImage( image['name'], image['id'], regionobj.fullname, image['owner'], image['is_public'], image['checksum'], image['size'], image['status'], image['properties'], image) image_list.append(i) except TimeoutError: msg = regionobj.fullname + \ ': Timeout while retrieving image list.' self.logger.error(msg) raise GlanceFacadeException(msg) except Exception, e: cause = str(e) if not cause: cause = repr(e) msg = regionobj.fullname + \ ': Error retrieving image list. Cause: ' + cause self.logger.error(msg) raise GlanceFacadeException(msg) return image_list
class ServersFacade(object): def __init__(self, target): """Create a new Facade for the specified target (a target is shared between regions using the same credential)""" self.osclients = OpenStackClients(target['keystone_url']) self.osclients.set_credential(target['user'], target['password'], target['tenant']) if target.get('use_keystone_v3', False): self.osclients.set_keystone_version(True) else: self.osclients.set_keystone_version(False) self.session = self.osclients.get_session() self.target = target # This is a default value self.images_dir = '/var/lib/glance/images' self.logger = logger_cli def _get_glanceclient(self, region): """helper method, to get a glanceclient for the region""" self.osclients.set_region(region) return self.osclients.get_glanceclient() def get_regions(self): """It returns the list of regions on the specified target. :return: a list of region names. """ return self.osclients.get_regions('image') def get_imagelist(self, regionobj): """return a image list from the glance of the specified region :param regionobj: The GlanceSyncRegion object of the region to list :return: a list of GlanceSyncImage objects """ client = self._get_glanceclient(regionobj.region) try: target = regionobj.target # We need a Pool to implement a timeout. Unfortunately # setting client.images.client.timeout does nothing. if 'list_images_timeout' in target: timeout = target['list_images_timeout'] else: timeout = _default_timeout pool = Pool(1) result = pool.apply_async(_getrawimagelist, (client, )) images = result.get(timeout=timeout) image_list = list() for image in images: i = GlanceSyncImage(image['name'], image['id'], regionobj.fullname, image['owner'], image['is_public'], image['checksum'], image['size'], image['status'], image['properties'], image) image_list.append(i) except TimeoutError: msg = regionobj.fullname + \ ': Timeout while retrieving image list.' self.logger.error(msg) raise GlanceFacadeException(msg) except Exception, e: cause = str(e) if not cause: cause = repr(e) msg = regionobj.fullname + \ ': Error retrieving image list. Cause: ' + cause self.logger.error(msg) raise GlanceFacadeException(msg) return image_list
# reset the password p2 = Popen(["curl", "http://169.254.169.254/openstack/latest/meta_data.json"], stdout=PIPE) metadatajson, err = p2.communicate() meta = json.loads(metadatajson)["meta"] keystone_ip = meta["keystone_ip"] region = meta["Region"] region2 = meta["region_keystone"] if region2: os.environ['OS_REGION_NAME'] = region2 wait_net_service(keystone_ip, 5000, timeout=720) osclients = OpenStackClients('http://{0}:5000/v3/'.format(keystone_ip)) osclients.set_credential('idm', 'idm', 'idm') # create idm region user password_changer = PasswordChanger(osclients) idm = password_changer.get_user_byname("idm") idm = password_changer.get_user_byname('idm') # new_password = password_changer.reset_password(idm) new_password = '******' credential = """export OS_AUTH_URL=http://{0}:5000/v3/ export OS_AUTH_URL_V2=http://{0}:5000/v2.0/ export OS_USERNAME={2} export OS_TENANT_NAME=idm export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default