def UpdatePrivilege(self, tenant, datastore, allow_create, volume_max_size,
volume_total_size):
logging.info("Updating privilege (datastore=%s) for tenant: %s",
datastore, tenant.name)
error_info = auth_api._tenant_access_set(
name=tenant.name,
datastore=datastore,
allow_create=allow_create,
volume_maxsize_in_MB=volume_max_size,
volume_totalsize_in_MB=volume_total_size)
if error_info:
logging.error("Failed to update privilege for tenant: %s",
error_info.msg)
if error_info.code == ErrorCode.TENANT_NOT_EXIST:
raise vim.fault.NotFound(msg=error_info.msg)
elif error_info.code == ErrorCode.DS_NOT_EXIST or error_info.code == ErrorCode.PRIVILEGE_NOT_FOUND:
raise vmodl.fault.InvalidArgument(invalidProperty="datastore")
elif error_info.code == ErrorCode.PRIVILEGE_INVALID_VOLUME_SIZE:
raise vmodl.fault.InvalidArgument(msg=error_info.msg)
else:
raise vim.fault.VcsFault(msg=error_info.msg)
logging.info("Succssfully updated privilege for tenant: %s",
tenant.name)
def tenant_access_set(args):
""" Handle tenant access set command """
volume_maxsize_in_MB = None
volume_totalsize_in_MB = None
if args.volume_maxsize:
volume_maxsize_in_MB = convert.convert_to_MB(args.volume_maxsize)
if args.volume_totalsize:
volume_totalsize_in_MB = convert.convert_to_MB(args.volume_totalsize)
error_info = auth_api._tenant_access_set(name=args.name,
datastore=args.datastore,
allow_create=args.allow_create,
volume_maxsize_in_MB=volume_maxsize_in_MB,
volume_totalsize_in_MB=volume_totalsize_in_MB)
if error_info:
return operation_fail(error_info.msg)
else:
print("vm-group access set succeeded")
def UpdatePrivilege(self, tenant, datastore, allow_create, volume_max_size, volume_total_size):
logging.info("Updating privilege (datastore=%s) for tenant: %s", datastore, tenant.name)
error_info = auth_api._tenant_access_set(name=tenant.name,
datastore=datastore,
allow_create=allow_create,
volume_maxsize_in_MB=volume_max_size,
volume_totalsize_in_MB=volume_total_size)
if error_info:
logging.error("Failed to update privilege for tenant: %s", error_info.msg)
if error_info.code == ErrorCode.TENANT_NOT_EXIST:
raise vim.fault.NotFound(msg=error_info.msg)
elif error_info.code == ErrorCode.DS_NOT_EXIST or error_info.code == ErrorCode.PRIVILEGE_NOT_FOUND:
raise vmodl.fault.InvalidArgument(invalidProperty="datastore")
elif error_info.code == ErrorCode.PRIVILEGE_INVALID_VOLUME_SIZE:
raise vmodl.fault.InvalidArgument(msg=error_info.msg)
else:
raise vim.fault.VcsFault(msg=error_info.msg)
logging.info("Succssfully updated privilege for tenant: %s", tenant.name)
def test_tenant_access(self):
""" Test AdminCLI command for tenant access management """
# create tenant1 without adding any vms and privileges
error_info, tenant = auth_api._tenant_create(
name=self.tenant1_name,
description="Test tenant1",
vm_list=[self.vm1_name],
privileges=[])
self.assertEqual(None, error_info)
# add first access privilege for tenant
# allow_create = False
# max_volume size = 600MB
# total_volume size = 1GB
volume_maxsize_in_MB = convert.convert_to_MB("600MB")
volume_totalsize_in_MB = convert.convert_to_MB("1GB")
error_info = auth_api._tenant_access_add(name=self.tenant1_name,
datastore=self.datastore_name,
default_datastore=False,
allow_create=False,
volume_maxsize_in_MB=volume_maxsize_in_MB,
volume_totalsize_in_MB=volume_totalsize_in_MB
)
self.assertEqual(None, error_info)
error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
self.assertEqual(None, error_info)
header = vmdkops_admin.tenant_access_ls_headers()
# There are 4 columns for each row, the name of the columns are
# "Datastore", "Allow_create", "Max_volume_size", "Total_size"
# Sample output of a row:
# ['datastore1', 'False', '600.00MB', '1.00GB']
rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)
self.assertEqual(len(header), TENANT_ACCESS_LS_EXPECTED_COLUMN_COUNT)
# tenant aceess privilege should only have a row now
self.assertEqual(len(rows), 1)
expected_output = [self.datastore_name,
"False",
"600.00MB",
"1.00GB"]
actual_output = [rows[0][0],
rows[0][1],
rows[0][2],
rows[0][3]]
self.assertEqual(expected_output, actual_output)
# update the access privileges
# change allow_create to True
# change max_volume size to 1000MB
# change total_volume size to 2GB
volume_maxsize_in_MB = convert.convert_to_MB("1000MB")
volume_totalsize_in_MB = convert.convert_to_MB("3GB")
error_info = auth_api._tenant_access_set(name=self.tenant1_name,
datastore=self.datastore_name,
allow_create="True",
volume_maxsize_in_MB=volume_maxsize_in_MB,
volume_totalsize_in_MB=volume_totalsize_in_MB
)
self.assertEqual(None, error_info)
error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
self.assertEqual(None, error_info)
rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)
self.assertEqual(len(rows), 1)
expected_output = [self.datastore_name,
"True",
"1000.00MB",
"3.00GB"]
actual_output = [rows[0][0],
rows[0][1],
rows[0][2],
rows[0][3]]
self.assertEqual(expected_output, actual_output)
if self.datastore1_name:
# second datastore is available, can test tenant access add with --default_datastore
error_info, tenant_list = auth_api._tenant_ls()
self.assertEqual(None, error_info)
# Two tenants in the list, "_DEFAULT" and "test_tenant1"
# rows[0] is for "_DEFAULT" tenant, and rows[1] is for "test_tenant1"
# There are 5 columns for each row, the name of the columns are
# "Uuid", "Name", "Description", "Default_datastore", "VM_list"
# Sample output of one row:
# [u'9e1be0ce-3d58-40f6-a335-d6e267e34baa', u'test_tenant1', u'Test tenant1', '', 'test_vm1']
rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
# get "default_datastore" from the output
actual_output = rows[1][3]
expected_output = self.datastore_name
self.assertEqual(expected_output, actual_output)
# add second access privilege for tenant
# allow_create = False
# max_volume size = 600MB
# total_volume size = 1GB
volume_maxsize_in_MB = convert.convert_to_MB("600MB")
volume_totalsize_in_MB = convert.convert_to_MB("1GB")
error_info = auth_api._tenant_access_add(name=self.tenant1_name,
datastore=self.datastore1_name,
default_datastore=True,
allow_create=False,
volume_maxsize_in_MB=volume_maxsize_in_MB,
volume_totalsize_in_MB=volume_totalsize_in_MB
)
self.assertEqual(None, error_info)
error_info, tenant_list = auth_api._tenant_ls()
self.assertEqual(None, error_info)
rows = vmdkops_admin.generate_tenant_ls_rows(tenant_list)
# get "default_datastore" from the output
actual_output = rows[1][3]
expected_output = self.datastore1_name
self.assertEqual(expected_output, actual_output)
error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
datastore=self.datastore1_name)
self.assertEqual(error_info, None)
# remove access privileges
error_info = auth_api._tenant_access_rm(name=self.tenant1_name,
datastore=self.datastore_name)
self.assertEqual(None, error_info)
error_info, privileges = auth_api._tenant_access_ls(self.tenant1_name)
self.assertEqual(None, error_info)
rows = vmdkops_admin.generate_tenant_access_ls_rows(privileges)
# no tenant access privilege available for this tenant
self.assertEqual(rows, [])