def create_user_with_tenant(tenants_client, users_client, username,
password, tenant_name):
"""Create user and tenant if he doesn't exist.
Sets password even for existing user.
"""
LOG.info("Creating user '%s' with tenant '%s' and password '%s'",
username, tenant_name, password)
tenant_description = "Tenant for Tempest %s user" % username
email = "*****@*****.**" % username
# create tenant
try:
tenants_client.create_tenant(tenant_name,
description=tenant_description)
except exceptions.Conflict:
LOG.info("(no change) Tenant '%s' already exists", tenant_name)
tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id']
# create user
try:
users_client.create_user(username, password, tenant_id, email)
except exceptions.Conflict:
LOG.info("User '%s' already exists. Setting password to '%s'",
username, password)
user = identity.get_user_by_username(tenants_client, tenant_id,
username)
users_client.update_user_password(user['id'], password=password)
def create_users(users):
"""Create tenants from resource definition.
Don't create the tenants if they already exist.
"""
global USERS
LOG.info("Creating users")
admin = keystone_admin()
for u in users:
try:
tenant = identity.get_tenant_by_name(admin.tenants, u['tenant'])
except lib_exc.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
try:
identity.get_user_by_username(admin.tenants,
tenant['id'], u['name'])
LOG.warning("User '%s' already exists in this environment"
% u['name'])
except lib_exc.NotFound:
admin.users.create_user(
name=u['name'], password=u['pass'],
tenantId=tenant['id'],
email="%s@%s" % (u['name'], tenant['id']),
enabled=True)
def create_user_with_tenant(tenants_client, users_client, username,
password, tenant_name):
"""Create user and tenant if he doesn't exist.
Sets password even for existing user.
"""
LOG.info("Creating user '%s' with tenant '%s' and password '%s'",
username, tenant_name, password)
tenant_description = "Tenant for Tempest %s user" % username
email = "*****@*****.**" % username
# create tenant
try:
tenants_client.create_tenant(name=tenant_name,
description=tenant_description)
except exceptions.Conflict:
LOG.info("(no change) Tenant '%s' already exists", tenant_name)
tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id']
# create user
try:
users_client.create_user(**{'name': username, 'password': password,
'tenantId': tenant_id, 'email': email})
except exceptions.Conflict:
LOG.info("User '%s' already exists. Setting password to '%s'",
username, password)
user = identity.get_user_by_username(tenants_client, tenant_id,
username)
users_client.update_user_password(user['id'], password=password)
def create_users(users):
"""Create tenants from resource definition.
Don't create the tenants if they already exist.
"""
global USERS
LOG.info("Creating users")
admin = keystone_admin()
for u in users:
try:
tenant = identity.get_tenant_by_name(admin.tenants, u['tenant'])
except lib_exc.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
try:
identity.get_user_by_username(admin.tenants, tenant['id'],
u['name'])
LOG.warning("User '%s' already exists in this environment" %
u['name'])
except lib_exc.NotFound:
admin.users.create_user(u['name'],
u['pass'],
tenant['id'],
"%s@%s" % (u['name'], tenant['id']),
enabled=True)
def destroy_users(users):
admin = keystone_admin()
for user in users:
tenant_id = identity.get_tenant_by_name(admin.tenants,
user['tenant'])['id']
user_id = identity.get_user_by_username(admin.tenants, tenant_id,
user['name'])['id']
admin.users.delete_user(user_id)
def destroy_users(users):
admin = keystone_admin()
for user in users:
tenant_id = identity.get_tenant_by_name(admin.tenants,
user['tenant'])['id']
user_id = identity.get_user_by_username(admin.tenants,
tenant_id, user['name'])['id']
admin.users.delete_user(user_id)
def collect_users(users):
global USERS
LOG.info("Collecting users")
admin = keystone_admin()
for u in users:
tenant = identity.get_tenant_by_name(admin.tenants, u['tenant'])
u['tenant_id'] = tenant['id']
USERS[u['name']] = u
body = identity.get_user_by_username(admin.tenants, tenant['id'],
u['name'])
USERS[u['name']]['id'] = body['id']
def collect_users(users):
global USERS
LOG.info("Collecting users")
admin = keystone_admin()
for u in users:
tenant = identity.get_tenant_by_name(admin.tenants, u['tenant'])
u['tenant_id'] = tenant['id']
USERS[u['name']] = u
body = identity.get_user_by_username(admin.tenants,
tenant['id'], u['name'])
USERS[u['name']]['id'] = body['id']
def _get_network_id(net_name, tenant_name):
am = credentials.AdminManager()
net_cl = am.networks_client
tn_cl = am.tenants_client
networks = net_cl.list_networks()
tenant = identity.get_tenant_by_name(tn_cl, tenant_name)
t_id = tenant['id']
n_id = None
for net in networks['networks']:
if (net['tenant_id'] == t_id and net['name'] == net_name):
n_id = net['id']
break
return n_id
def _get_network_id(net_name, project_name):
am = credentials.AdminManager()
net_cl = am.networks_client
tn_cl = am.tenants_client
networks = net_cl.list_networks()
tenant = identity.get_tenant_by_name(tn_cl, project_name)
t_id = tenant['id']
n_id = None
for net in networks['networks']:
if (net['tenant_id'] == t_id and net['name'] == net_name):
n_id = net['id']
break
return n_id
def _init_admin_ids(self):
id_cl = self.admin_mgr.identity_client
tenant = identity.get_tenant_by_name(id_cl, CONF.auth.admin_tenant_name)
self.admin_tenant_id = tenant["id"]
user = identity.get_user_by_username(id_cl, self.admin_tenant_id, CONF.auth.admin_username)
self.admin_id = user["id"]
roles = id_cl.list_roles()["roles"]
for role in roles:
if role["name"] == CONF.identity.admin_role:
self.admin_role_id = role["id"]
break
def _get_network_id(net_name, project_name):
am = credentials.AdminManager()
net_cl = am.networks_client
tn_cl = am.tenants_client
networks = net_cl.list_networks()
tenant = identity.get_tenant_by_name(tn_cl, project_name)
t_id = tenant["id"]
n_id = None
for net in networks["networks"]:
if net["tenant_id"] == t_id and net["name"] == net_name:
n_id = net["id"]
break
return n_id
def _init_admin_ids(self):
id_cl = self.admin_mgr.identity_client
tenant = identity.get_tenant_by_name(id_cl,
CONF.auth.admin_tenant_name)
self.admin_tenant_id = tenant['id']
user = identity.get_user_by_username(id_cl, self.admin_tenant_id,
CONF.auth.admin_username)
self.admin_id = user['id']
roles = id_cl.list_roles()['roles']
for role in roles:
if role['name'] == CONF.identity.admin_role:
self.admin_role_id = role['id']
break
def _init_admin_ids(self):
tn_cl = self.admin_mgr.tenants_client
rl_cl = self.admin_mgr.roles_client
tenant = identity.get_tenant_by_name(tn_cl,
CONF.auth.admin_tenant_name)
self.admin_tenant_id = tenant['id']
user = identity.get_user_by_username(tn_cl, self.admin_tenant_id,
CONF.auth.admin_username)
self.admin_id = user['id']
roles = rl_cl.list_roles()['roles']
for role in roles:
if role['name'] == CONF.identity.admin_role:
self.admin_role_id = role['id']
break
def give_role_to_user(tenants_client, roles_client, users_client, username,
tenant_name, role_name, role_required=True):
"""Give the user a role in the project (tenant).""",
tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id']
users = users_client.list_users()
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
user_id = user_ids[0]
roles = roles_client.list_roles()
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
if not role_ids:
if role_required:
raise Exception("required role %s not found" % role_name)
LOG.debug("%s role not required" % role_name)
return
role_id = role_ids[0]
try:
roles_client.assign_user_role(tenant_id, user_id, role_id)
LOG.debug("User '%s' was given the '%s' role in project '%s'",
username, role_name, tenant_name)
except exceptions.Conflict:
LOG.debug("(no change) User '%s' already has the '%s' role in"
" project '%s'", username, role_name, tenant_name)
def give_role_to_user(tenants_client, roles_client, users_client, username,
tenant_name, role_name, role_required=True):
"""Give the user a role in the project (tenant).""",
tenant_id = identity.get_tenant_by_name(tenants_client, tenant_name)['id']
users = users_client.list_users()
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
user_id = user_ids[0]
roles = roles_client.list_roles()
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
if not role_ids:
if role_required:
raise Exception("required role %s not found" % role_name)
LOG.debug("%s role not required" % role_name)
return
role_id = role_ids[0]
try:
roles_client.create_user_role_on_project(tenant_id, user_id, role_id)
LOG.debug("User '%s' was given the '%s' role in project '%s'",
username, role_name, tenant_name)
except exceptions.Conflict:
LOG.debug("(no change) User '%s' already has the '%s' role in"
" project '%s'", username, role_name, tenant_name)
def create_resources(opts, resources):
(identity_admin, tenants_admin, roles_admin, users_admin,
neutron_iso_networks, network_admin, networks_admin,
subnets_admin) = get_admin_clients(opts)
roles = roles_admin.list_roles()['roles']
for u in resources['users']:
u['role_ids'] = []
for r in u.get('roles', ()):
try:
role = filter(lambda r_: r_['name'] == r, roles)[0]
except IndexError:
msg = "Role: %s doesn't exist" % r
raise exc.InvalidConfiguration(msg)
u['role_ids'] += [role['id']]
existing = [x['name'] for x in tenants_admin.list_tenants()['tenants']]
for tenant in resources['tenants']:
if tenant not in existing:
tenants_admin.create_tenant(tenant)
else:
LOG.warning("Tenant '%s' already exists in this environment" %
tenant)
LOG.info('Tenants created')
for u in resources['users']:
try:
tenant = identity.get_tenant_by_name(tenants_admin, u['tenant'])
except tempest_lib.exceptions.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
while True:
try:
identity.get_user_by_username(tenants_admin, tenant['id'],
u['name'])
except tempest_lib.exceptions.NotFound:
users_admin.create_user(u['name'],
u['pass'],
tenant['id'],
"%s@%s" % (u['name'], tenant['id']),
enabled=True)
break
else:
LOG.warning("User '%s' already exists in this environment. "
"New name generated" % u['name'])
u['name'] = random_user_name(opts.tag, u['prefix'])
LOG.info('Users created')
if neutron_iso_networks:
for u in resources['users']:
tenant = identity.get_tenant_by_name(tenants_admin, u['tenant'])
network_name, router_name = create_network_resources(
network_admin, networks_admin, subnets_admin, tenant['id'],
u['name'])
u['network'] = network_name
u['router'] = router_name
LOG.info('Networks created')
for u in resources['users']:
try:
tenant = identity.get_tenant_by_name(tenants_admin, u['tenant'])
except tempest_lib.exceptions.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
try:
user = identity.get_user_by_username(tenants_admin, tenant['id'],
u['name'])
except tempest_lib.exceptions.NotFound:
LOG.error("User: %s - not found" % u['user'])
continue
for r in u['role_ids']:
try:
roles_admin.assign_user_role(tenant['id'], user['id'], r)
except tempest_lib.exceptions.Conflict:
# don't care if it's already assigned
pass
LOG.info('Roles assigned')
LOG.info('Resources deployed successfully!')
def __init__(self, conf, admin):
if admin:
username = conf.get_defaulted('identity', 'admin_username')
password = conf.get_defaulted('identity', 'admin_password')
tenant_name = conf.get_defaulted('identity', 'admin_tenant_name')
else:
username = conf.get_defaulted('identity', 'username')
password = conf.get_defaulted('identity', 'password')
tenant_name = conf.get_defaulted('identity', 'tenant_name')
self.identity_region = conf.get_defaulted('identity', 'region')
default_params = {
'disable_ssl_certificate_validation':
conf.get_defaulted('identity',
'disable_ssl_certificate_validation'),
'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file')
}
compute_params = {
'service': conf.get_defaulted('compute', 'catalog_type'),
'region': self.identity_region,
'endpoint_type': conf.get_defaulted('compute', 'endpoint_type')
}
compute_params.update(default_params)
_creds = tempest_lib.auth.KeystoneV2Credentials(
username=username,
password=password,
tenant_name=tenant_name)
auth_provider_params = {
'disable_ssl_certificate_validation':
conf.get_defaulted('identity',
'disable_ssl_certificate_validation'),
'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file')
}
_auth = tempest_lib.auth.KeystoneV2AuthProvider(
_creds, conf.get_defaulted('identity', 'uri'),
**auth_provider_params)
self.auth_provider = _auth
self.identity = identity_client.IdentityClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.tenants = tenants_client.TenantsClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.roles = roles_client.RolesClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.users = users_client.UsersClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.images = images_client.ImagesClientV2(
_auth,
conf.get_defaulted('image', 'catalog_type'),
self.identity_region,
conf.get_defaulted('image', 'endpoint_type'),
**default_params)
self.servers = servers_client.ServersClient(_auth,
**compute_params)
self.flavors = flavors_client.FlavorsClient(_auth,
**compute_params)
self.networks = None
def create_nova_network_client():
if self.networks is None:
self.networks = nova_net_client.NetworksClient(
_auth, **compute_params)
return self.networks
def create_neutron_client():
if self.networks is None:
self.networks = networks_client.NetworksClient(
_auth,
conf.get_defaulted('network', 'catalog_type'),
self.identity_region,
endpoint_type=conf.get_defaulted('network',
'endpoint_type'),
**default_params)
return self.networks
self.get_nova_net_client = create_nova_network_client
self.get_neutron_client = create_neutron_client
# Set admin tenant id needed for keystone v3 tests.
if admin:
tenant_id = identity.get_tenant_by_name(self.tenants,
tenant_name)['id']
conf.set('identity', 'admin_tenant_id', tenant_id)
def destroy_tenants(tenants):
admin = keystone_admin()
for tenant in tenants:
tenant_id = identity.get_tenant_by_name(admin.tenant, tenant)['id']
admin.tenants.delete_tenant(tenant_id)
def __init__(self, conf, admin):
self.identity_version = self.get_identity_version(conf)
if admin:
username = conf.get_defaulted('identity', 'admin_username')
password = conf.get_defaulted('identity', 'admin_password')
tenant_name = conf.get_defaulted('identity', 'admin_tenant_name')
else:
username = conf.get_defaulted('identity', 'username')
password = conf.get_defaulted('identity', 'password')
tenant_name = conf.get_defaulted('identity', 'tenant_name')
self.identity_region = conf.get_defaulted('identity', 'region')
default_params = {
'disable_ssl_certificate_validation':
conf.get_defaulted('identity',
'disable_ssl_certificate_validation'),
'ca_certs': conf.get_defaulted('identity', 'ca_certificates_file')
}
compute_params = {
'service': conf.get_defaulted('compute', 'catalog_type'),
'region': self.identity_region,
'endpoint_type': conf.get_defaulted('compute', 'endpoint_type')
}
compute_params.update(default_params)
if self.identity_version == "v2":
_creds = self.get_credentials(conf, username, tenant_name,
password)
else:
_creds = self.get_credentials(
conf, username, tenant_name, password,
identity_version=self.identity_version)
_auth = self.get_auth_provider(conf, _creds)
self.auth_provider = _auth
if "v2.0" in conf.get("identity", "uri"):
self.identity = identity_client.IdentityClient(
_auth, conf.get_defaulted('identity', 'catalog_type'),
self.identity_region, endpoint_type='adminURL',
**default_params)
else:
self.identity = identity_v3_client.IdentityV3Client(
_auth, conf.get_defaulted('identity', 'catalog_type'),
self.identity_region, endpoint_type='adminURL',
**default_params)
self.tenants = tenants_client.TenantsClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.roles = roles_client.RolesClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.users = users_client.UsersClient(
_auth,
conf.get_defaulted('identity', 'catalog_type'),
self.identity_region,
endpoint_type='adminURL',
**default_params)
self.images = images_client.ImagesClient(
_auth,
conf.get_defaulted('image', 'catalog_type'),
self.identity_region,
**default_params)
self.servers = servers_client.ServersClient(_auth,
**compute_params)
self.flavors = flavors_client.FlavorsClient(_auth,
**compute_params)
self.networks = None
def create_nova_network_client():
if self.networks is None:
self.networks = nova_net_client.NetworksClient(
_auth, **compute_params)
return self.networks
def create_neutron_client():
if self.networks is None:
self.networks = networks_client.NetworksClient(
_auth,
conf.get_defaulted('network', 'catalog_type'),
self.identity_region,
endpoint_type=conf.get_defaulted('network',
'endpoint_type'),
**default_params)
return self.networks
self.get_nova_net_client = create_nova_network_client
self.get_neutron_client = create_neutron_client
# Set admin tenant id needed for keystone v3 tests.
if admin:
tenant_id = identity.get_tenant_by_name(self.tenants,
tenant_name)['id']
conf.set('identity', 'admin_tenant_id', tenant_id)
def create_resources(opts, resources):
(identity_admin, neutron_iso_networks,
network_admin, networks_admin, subnets_admin) = get_admin_clients(opts)
roles = identity_admin.list_roles()['roles']
for u in resources['users']:
u['role_ids'] = []
for r in u.get('roles', ()):
try:
role = filter(lambda r_: r_['name'] == r, roles)[0]
except IndexError:
msg = "Role: %s doesn't exist" % r
raise exc.InvalidConfiguration(msg)
u['role_ids'] += [role['id']]
existing = [x['name'] for x in identity_admin.list_tenants()['tenants']]
for tenant in resources['tenants']:
if tenant not in existing:
identity_admin.create_tenant(tenant)
else:
LOG.warn("Tenant '%s' already exists in this environment" % tenant)
LOG.info('Tenants created')
for u in resources['users']:
try:
tenant = identity.get_tenant_by_name(identity_admin, u['tenant'])
except tempest_lib.exceptions.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
while True:
try:
identity.get_user_by_username(identity_admin,
tenant['id'], u['name'])
except tempest_lib.exceptions.NotFound:
identity_admin.create_user(
u['name'], u['pass'], tenant['id'],
"%s@%s" % (u['name'], tenant['id']),
enabled=True)
break
else:
LOG.warn("User '%s' already exists in this environment. "
"New name generated" % u['name'])
u['name'] = random_user_name(opts.tag, u['prefix'])
LOG.info('Users created')
if neutron_iso_networks:
for u in resources['users']:
tenant = identity.get_tenant_by_name(identity_admin, u['tenant'])
network_name, router_name = create_network_resources(
network_admin, networks_admin, subnets_admin, tenant['id'],
u['name'])
u['network'] = network_name
u['router'] = router_name
LOG.info('Networks created')
for u in resources['users']:
try:
tenant = identity.get_tenant_by_name(identity_admin, u['tenant'])
except tempest_lib.exceptions.NotFound:
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
try:
user = identity.get_user_by_username(identity_admin,
tenant['id'], u['name'])
except tempest_lib.exceptions.NotFound:
LOG.error("User: %s - not found" % u['user'])
continue
for r in u['role_ids']:
try:
identity_admin.assign_user_role(tenant['id'], user['id'], r)
except tempest_lib.exceptions.Conflict:
# don't care if it's already assigned
pass
LOG.info('Roles assigned')
LOG.info('Resources deployed successfully!')
def destroy_tenants(tenants):
admin = keystone_admin()
for tenant in tenants:
tenant_id = identity.get_tenant_by_name(admin.tenant, tenant)['id']
admin.tenants.delete_tenant(tenant_id)
