def modify_user_role(self,
context,
user,
role,
project=None,
operation='add',
**kwargs):
"""Add or remove a role for a user and project."""
if operation == 'add':
if project:
msg = _("Adding role %(role)s to user %(user)s"
" for project %(project)s") % locals()
LOG.audit(msg, context=context)
else:
msg = _("Adding sitewide role %(role)s to"
" user %(user)s") % locals()
LOG.audit(msg, context=context)
manager.AuthManager().add_role(user, role, project)
elif operation == 'remove':
if project:
msg = _("Removing role %(role)s from user %(user)s"
" for project %(project)s") % locals()
LOG.audit(msg, context=context)
else:
msg = _("Removing sitewide role %(role)s"
" from user %(user)s") % locals()
LOG.audit(msg, context=context)
manager.AuthManager().remove_role(user, role, project)
else:
raise exception.ApiError(_('operation must be add or remove'))
return True
def spawn(self, instance):
""" Create a new VM and start it."""
vm = self._lookup(instance.name)
if vm is not None:
raise exception.InstanceExists(name=instance.name)
user = manager.AuthManager().get_user(instance['user_id'])
project = manager.AuthManager().get_project(instance['project_id'])
#Fetch the file, assume it is a VHD file.
base_vhd_filename = os.path.join(FLAGS.instances_path, instance.name)
vhdfile = "%s.vhd" % (base_vhd_filename)
images.fetch(instance['image_id'], vhdfile, user, project)
try:
self._create_vm(instance)
self._create_disk(instance['name'], vhdfile)
self._create_nic(instance['name'], instance['mac_address'])
LOG.debug(_('Starting VM %s '), instance.name)
self._set_vm_state(instance['name'], 'Enabled')
LOG.info(_('Started VM %s '), instance.name)
except Exception as exn:
LOG.exception(_('spawn vm failed: %s'), exn)
self.destroy(instance)
def generate_x509_for_user(self, context, name, project=None, **kwargs):
"""Generates and returns an x509 certificate for a single user.
Is usually called from a client that will wrap this with
access and secret key info, and return a zip file.
"""
if project is None:
project = name
project = manager.AuthManager().get_project(project)
user = manager.AuthManager().get_user(name)
msg = _("Getting x509 for user: %(name)s"
" on project: %(project)s") % locals()
LOG.audit(msg, context=context)
return user_dict(user, base64.b64encode(project.get_credentials(user)))
def modify_project_member(self, context, user, project, operation,
**kwargs):
"""Add or remove a user from a project."""
if operation == 'add':
msg = _("Adding user %(user)s to project %(project)s") % locals()
LOG.audit(msg, context=context)
manager.AuthManager().add_to_project(user, project)
elif operation == 'remove':
msg = _("Removing user %(user)s from"
" project %(project)s") % locals()
LOG.audit(msg, context=context)
manager.AuthManager().remove_from_project(user, project)
else:
raise exception.ApiError(_('operation must be add or remove'))
return True
def setUp(self):
super(XenAPIMigrateInstance, self).setUp()
self.stubs = stubout.StubOutForTesting()
FLAGS.target_host = '127.0.0.1'
FLAGS.xenapi_connection_url = 'test_url'
FLAGS.xenapi_connection_password = '******'
db_fakes.stub_out_db_instance_api(self.stubs)
stubs.stub_out_get_target(self.stubs)
xenapi_fake.reset()
xenapi_fake.create_network('fake', FLAGS.flat_network_bridge)
self.manager = manager.AuthManager()
self.user = self.manager.create_user('fake',
'fake',
'fake',
admin=True)
self.project = self.manager.create_project('fake', 'fake', 'fake')
self.context = context.RequestContext('fake', 'fake', False)
self.values = {
'id': 1,
'project_id': self.project.id,
'user_id': self.user.id,
'image_id': 1,
'kernel_id': None,
'ramdisk_id': None,
'local_gb': 5,
'instance_type_id': '3', # m1.large
'mac_address': 'aa:bb:cc:dd:ee:ff',
'os_type': 'linux'
}
fake_utils.stub_out_utils_execute(self.stubs)
stubs.stub_out_migration_methods(self.stubs)
stubs.stubout_get_this_vm_uuid(self.stubs)
glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance)
def setUp(self):
super(CloudTestCase, self).setUp()
self.flags(connection_type='fake', images_path=IMAGES_PATH)
self.conn = rpc.Connection.instance()
# set up our cloud
self.cloud = cloud.CloudController()
# set up services
self.compute = self.start_service('compute')
self.scheduter = self.start_service('scheduler')
self.network = self.start_service('network')
self.manager = manager.AuthManager()
self.user = self.manager.create_user('admin', 'admin', 'admin', True)
self.project = self.manager.create_project('proj', 'admin', 'proj')
self.context = context.RequestContext(user=self.user,
project=self.project)
host = self.network.get_network_host(self.context.elevated())
def fake_show(meh, context, id):
return {'id': 1, 'properties': {'kernel_id': 1, 'ramdisk_id': 1}}
self.stubs.Set(local.LocalImageService, 'show', fake_show)
self.stubs.Set(local.LocalImageService, 'show_by_name', fake_show)
def describe_user_roles(self, context, user, project=None, **kwargs):
"""Returns a list of roles for the given user.
Omitting project will return any global roles that the user has.
Specifying project will return only project specific roles.
"""
roles = manager.AuthManager().get_user_roles(user, project=project)
return {'roles': [{'role': r} for r in roles]}
def setUp(self):
super(XenAPIVMTestCase, self).setUp()
self.manager = manager.AuthManager()
self.user = self.manager.create_user('fake',
'fake',
'fake',
admin=True)
self.project = self.manager.create_project('fake', 'fake', 'fake')
self.network = utils.import_object(FLAGS.network_manager)
self.stubs = stubout.StubOutForTesting()
self.flags(xenapi_connection_url='test_url',
xenapi_connection_password='******',
instance_name_template='%d')
xenapi_fake.reset()
xenapi_fake.create_local_srs()
xenapi_fake.create_local_pifs()
db_fakes.stub_out_db_instance_api(self.stubs)
xenapi_fake.create_network('fake', FLAGS.flat_network_bridge)
stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests)
stubs.stubout_get_this_vm_uuid(self.stubs)
stubs.stubout_stream_disk(self.stubs)
stubs.stubout_is_vdi_pv(self.stubs)
self.stubs.Set(VMOps, 'reset_network', reset_network)
stubs.stub_out_vm_methods(self.stubs)
glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance)
fake_utils.stub_out_utils_execute(self.stubs)
self.context = context.RequestContext('fake', 'fake', False)
self.conn = xenapi_conn.get_connection(False)
def setUp(self):
"""Setup users, projects, and start a test server."""
super(S3APITestCase, self).setUp()
self.flags(auth_driver='nova.auth.ldapdriver.FakeLdapDriver',
buckets_path=os.path.join(OSS_TEMPDIR, 'buckets'),
s3_host='127.0.0.1')
self.auth_manager = manager.AuthManager()
self.admin_user = self.auth_manager.create_user('admin', admin=True)
self.admin_project = self.auth_manager.create_project('admin',
self.admin_user)
shutil.rmtree(FLAGS.buckets_path)
os.mkdir(FLAGS.buckets_path)
router = s3server.S3Application(FLAGS.buckets_path)
server = wsgi.Server()
server.start(router, FLAGS.s3_port, host=FLAGS.s3_host)
if not boto.config.has_section('Boto'):
boto.config.add_section('Boto')
boto.config.set('Boto', 'num_retries', '0')
conn = s3.S3Connection(aws_access_key_id=self.admin_user.access,
aws_secret_access_key=self.admin_user.secret,
host=FLAGS.s3_host,
port=FLAGS.s3_port,
is_secure=False,
calling_format=s3.OrdinaryCallingFormat())
self.conn = conn
def get_http_connection(host, is_secure):
"""Get a new S3 connection, don't attempt to reuse connections."""
return self.conn.new_http_connection(host, is_secure)
self.conn.get_http_connection = get_http_connection
def setUp(self):
super(XenAPIMigrateInstance, self).setUp()
self.stubs = stubout.StubOutForTesting()
FLAGS.target_host = '127.0.0.1'
FLAGS.xenapi_connection_url = 'test_url'
FLAGS.xenapi_connection_password = '******'
db_fakes.stub_out_db_instance_api(self.stubs)
stubs.stub_out_get_target(self.stubs)
xenapi_fake.reset()
self.manager = manager.AuthManager()
self.user = self.manager.create_user('fake',
'fake',
'fake',
admin=True)
self.project = self.manager.create_project('fake', 'fake', 'fake')
self.values = {
'name': 1,
'id': 1,
'project_id': self.project.id,
'user_id': self.user.id,
'image_id': 1,
'kernel_id': None,
'ramdisk_id': None,
'instance_type': 'm1.large',
'mac_address': 'aa:bb:cc:dd:ee:ff',
'os_type': 'linux'
}
stubs.stub_out_migration_methods(self.stubs)
glance_stubs.stubout_glance_client(self.stubs, glance_stubs.FakeGlance)
def setUp(self):
super(ApiEc2TestCase, self).setUp()
self.manager = manager.AuthManager()
self.host = '127.0.0.1'
self.app = ec2.Authenticate(
ec2.Requestify(ec2.Executor(),
'nova.api.ec2.cloud.CloudController'))
def deregister_user(self, context, name, **_kwargs):
"""Deletes a single user (NOT undoable.)
Should throw an exception if the user has instances,
volumes, or buckets remaining.
"""
LOG.audit(_("Deleting user: %s"), name, context=context)
manager.AuthManager().delete_user(name)
return True
def index(self, req):
user = req.environ.get('user')
return {
'projects': [
project_dict(u)
for u in auth_manager.AuthManager().get_projects(user=user)
]
}
def describe_projects(self, context, user=None, **kwargs):
"""Returns all projects - should be changed to deal with a list."""
return {
'projectSet': [
project_dict(u)
for u in manager.AuthManager().get_projects(user=user)
]
}
def setUp(self):
super(HyperVTestCase, self).setUp()
self.manager = manager.AuthManager()
self.user = self.manager.create_user('fake',
'fake',
'fake',
admin=True)
self.project = self.manager.create_project('fake', 'fake', 'fake')
self.context = context.RequestContext(self.user, self.project)
def __init__(self, auth_url):
self.auth_manager = manager.AuthManager()
self.auth_url = auth_url
self.project_name = None
self.test_user = None
self.setup()
def response_status(self, user, methodName):
roles = manager.AuthManager().get_active_roles(user, self.project)
ctxt = context.RequestContext(user.id,
self.project.id,
is_admin=user.is_admin(),
roles=roles)
environ = self._env_for(ctxt, methodName)
req = webob.Request.blank('/', environ)
resp = req.get_response(self.mw)
return resp.status_int
def modify_project(self, context, name, manager_user, description=None,
**kwargs):
"""Modifies a project"""
msg = _("Modify project: %(name)s managed by"
" %(manager_user)s") % locals()
LOG.audit(msg, context=context)
manager.AuthManager().modify_project(name,
manager_user=manager_user,
description=description)
return True
def user(self):
# NOTE(vish): Delay import of manager, so that we can import this
# file from manager.
from nova.auth import manager
if not self._user:
try:
self._user = manager.AuthManager().get_user(self.user_id)
except exception.NotFound:
pass
return self._user
def delete(self):
nova_manager = manager.AuthManager()
if os.access(os.path.join(self.conf.dbdir, self.name), os.R_OK):
shutil.rmtree(os.path.join(self.conf.dbdir, self.name))
print ' deleted nova project key and environment'
try:
nova_manager.delete_project(self.name)
print ' deleted nova project'
except exception.ProjectNotFound as ex:
print ex
def setUp(self):
super(ConsoleTestCase, self).setUp()
self.flags(console_driver='nova.console.fake.FakeConsoleProxy',
stub_compute=True)
self.console = utils.import_object(FLAGS.console_manager)
self.manager = manager.AuthManager()
self.user = self.manager.create_user('fake', 'fake', 'fake')
self.project = self.manager.create_project('fake', 'fake', 'fake')
self.context = context.get_admin_context()
self.host = 'test_compute_host'
def tearDown(self):
um = manager.AuthManager()
# Delete the test project
um.delete_project('testproj')
# Delete the test user
um.delete_user('testadmin')
um.delete_user('testpmsys')
um.delete_user('testnet')
um.delete_user('testsys')
super(AccessTestCase, self).tearDown()
def project(self):
# NOTE(vish): Delay import of manager, so that we can import this
# file from manager.
from nova.auth import manager
if not self._project:
try:
auth_manager = manager.AuthManager()
self._project = auth_manager.get_project(self.project_id)
except exception.NotFound:
pass
return self._project
def register_project(self, context, name, manager_user, description=None,
member_users=None, **kwargs):
"""Creates a new project"""
msg = _("Create project %(name)s managed by"
" %(manager_user)s") % locals()
LOG.audit(msg, context=context)
return project_dict(
manager.AuthManager().create_project(
name,
manager_user,
description=None,
member_users=None))
def __init__(self):
self.auth_manager = manager.AuthManager()
self.wsgi_server = None
self.wsgi_apps = []
self.api_service = None
self.services = []
self.auth_url = None
self.project_name = None
self.setup()
def update(self, req, id, body):
context = req.environ['nova.context']
name = id
manager_user = body['project'].get('manager_user')
description = body['project'].get('description')
msg = _("Modify project: %(name)s managed by"
" %(manager_user)s") % locals()
LOG.audit(msg, context=context)
auth_manager.AuthManager().modify_project(name,
manager_user=manager_user,
description=description)
return exc.HTTPAccepted()
def test_spawn_objectstore(self):
# TODO(vish): deprecated
from nova.auth import manager
authman = manager.AuthManager()
authman.create_user('fake', 'fake')
authman.create_project('fake', 'fake')
try:
FLAGS.xenapi_image_service = 'objectstore'
self._test_spawn(1, 2, 3)
finally:
authman.delete_project('fake')
authman.delete_user('fake')
def _conn(context):
# TODO(vish): is there a better way to get creds to sign
# for the user?
access = manager.AuthManager().get_access_key(context.user,
context.project)
secret = str(context.user.secret)
calling = boto.s3.connection.OrdinaryCallingFormat()
return boto.s3.connection.S3Connection(aws_access_key_id=access,
aws_secret_access_key=secret,
is_secure=False,
calling_format=calling,
port=FLAGS.s3_port,
host=FLAGS.s3_host)
def update(self, req, id):
context = req.environ['nova.context']
env = self._deserialize(req.body, req.get_content_type())
name = id
manager_user = env['project'].get('manager_user')
description = env['project'].get('description')
msg = _("Modify project: %(name)s managed by"
" %(manager_user)s") % locals()
LOG.audit(msg, context=context)
auth_manager.AuthManager().modify_project(name,
manager_user=manager_user,
description=description)
return exc.HTTPAccepted()
def index(self, req):
if urlparse.parse_qs(req.environ['QUERY_STRING']).get('defaults', False):
return {'quota_set_list': [self._format_quota_set('__defaults__',
quota._get_default_quotas())]}
else:
context = req.environ['nova.context']
user = req.environ.get('user')
projects = auth_manager.AuthManager().get_projects(user=user)
quota_set_list = [self._format_quota_set(project.name,
quota.get_project_quotas(context, project.name))
for project in projects]
return {'quota_set_list': quota_set_list}
