def delete_user(self, user): kc = KeystoneCommands(username=self.inputs.stack_user, password=self.inputs.stack_password, tenant=self.inputs.project_name, auth_url=self.auth_url, insecure=self.insecure) kc.delete_user(user)
def __init__(self, username, password, project_id, project_name, auth_url, endpoint_type, region_name, scope, cert, key, cacert, domain_name, insecure, logger): self.logger = logger prj = project_id.replace('-', '') self._ks = KeystoneCommands(username=username, password=password, tenant=project_name, domain_name=domain_name, auth_url=auth_url, region_name=region_name, scope=scope, cert=cert, key=key, cacert=cacert, insecure=insecure, logger=logger) self._qh = neuc.Client( '2.0', session=self._ks.get_session(scope='project'), region_name=region_name) self._nh = novac.Client( '2', session=self._ks.get_session(scope='project'), region_name=region_name)
def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, logger=self.logger)
def add_user_to_project(self, user, project): kc = KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= self.auth_url, insecure=self.insecure) try: kc.add_user_to_tenant(project, user, 'admin') except Exception as e: self.logger.info("%s user already added to project"%(user))
def add_user_to_project(self, user, project): kc = KeystoneCommands(username=self.inputs.stack_user, password=self.inputs.stack_password, tenant=self.inputs.project_name, auth_url=self.auth_url, insecure=self.insecure) try: kc.add_user_to_tenant(project, user, 'admin') except Exception as e: self.logger.info("%s user already added to project" % (user))
def create_user(self, user, password): kc = KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= self.auth_url, insecure=self.insecure) try: kc.create_user(user,password,email='', tenant_name=self.inputs.stack_tenant,enabled=True) except: self.logger.info("%s user already created"%(self.user))
def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope)
def create_user(self, user, password): kc = KeystoneCommands(username=self.inputs.stack_user, password=self.inputs.stack_password, tenant=self.inputs.project_name, auth_url=self.auth_url, insecure=self.insecure) try: kc.create_user(user, password, email='', tenant_name=self.inputs.stack_tenant, enabled=True) except: self.logger.info("%s user already created" % (self.user))
def verify_service_enabled(self, service): kc = KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= self.auth_url, insecure=self.insecure) try: for svc in kc.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False
def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name)
def __init__(self, username, password, project_name, inputs, openstack_ip): self.inputs = inputs self.logger = self.inputs.logger auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + openstack_ip + ':5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) kc = KeystoneCommands(username=username, password=password, tenant=project_name, auth_url=auth_url, insecure=insecure) self.project_id = kc.get_id().replace('-', '') self.obj = client.Client('2.0', username=username, password=password, tenant_id=self.project_id, auth_url=auth_url, insecure=insecure)
class OpenstackAuth(OrchestratorAuth): def __init__(self, user, passwd, project_name, inputs, logger): self.inputs = inputs self.user = user self.passwd = passwd self.project = project_name self.logger = logger self.insecure = bool(os.getenv('OS_INSECURE',True)) self.auth_url = os.getenv('OS_AUTH_URL') or \ 'http://%s:5000/v2.0' % (self.inputs.openstack_ip) self.domain = 'default-domain' self.reauth() def reauth(self): self.keystone = KeystoneCommands(username= self.user, password= self.passwd, tenant= self.project, auth_url= self.auth_url, insecure=self.insecure) def get_project_id(self, domain_name=None, project_name=None): if not project_name or project_name == self.project: return self.keystone.get_id() else: return self.keystone.get_project_id(project_name) def create_project(self, name): return self.keystone.create_project(name) def delete_project(self, name): try: self.keystone.delete_project(name) except ks_exceptions.ClientException, e: # TODO Remove this workaround if 'Unable to add token to revocation list' in str(e): self.logger.warn('Exception %s while deleting project' % ( str(e)))
def __init__( self, username, password, project_name, inputs, openstack_ip): self.inputs = inputs self.logger = self.inputs.logger auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + openstack_ip + ':5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) kc = KeystoneCommands(username=username, password=password, tenant=project_name, auth_url=auth_url, insecure=insecure) self.project_id = kc.get_id().replace('-','') self.obj = client.Client('2.0', username=username, password=password, tenant_id=self.project_id, auth_url=auth_url, insecure=insecure)
class OpenstackAuth(OrchestratorAuth): def __init__(self, user, passwd, project_name, inputs, logger): self.inputs = inputs self.user = user self.passwd = passwd self.project = project_name self.logger = logger self.insecure = bool(os.getenv('OS_INSECURE', True)) self.auth_url = os.getenv('OS_AUTH_URL') or \ 'http://%s:5000/v2.0' % (self.inputs.openstack_ip) self.domain = 'default-domain' self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, auth_url=self.auth_url, insecure=self.insecure) def get_project_id(self, domain_name=None, project_name=None): if not project_name or project_name == self.project: return self.keystone.get_id() else: return self.keystone.get_project_id(project_name) def create_project(self, name): return self.keystone.create_project(name) def delete_project(self, name): try: self.keystone.delete_project(name) except ks_exceptions.ClientException, e: # TODO Remove this workaround if 'Unable to add token to revocation list' in str(e): self.logger.warn('Exception %s while deleting project' % (str(e)))
def delete_user(self,user=None): if user: user = user else: user = self.user insecure = bool(os.getenv('OS_INSECURE',True)) try: self.auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + self.inputs.openstack_ip + ':5000/v2.0' self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure) except Exception as e: self.logger.warn("Failed - Keystone client instance") self.key_stone_clients.delete_user(user)
def setUpClass(cls): super(BaseMultitenancyTest, cls).setUpClass() cls.quantum_h= cls.connections.quantum_h cls.nova_h = cls.connections.nova_h cls.vnc_lib= cls.connections.vnc_lib cls.agent_inspect= cls.connections.agent_inspect cls.cn_inspect= cls.connections.cn_inspect auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + cls.inputs.auth_ip + ':5000/v2.0' insecure = bool(os.getenv('OS_INSECURE',True)) cls.key_stone_clients = KeystoneCommands( username=cls.inputs.admin_user, password = cls.inputs.admin_password, tenant = cls.inputs.admin_tenant, auth_url=auth_url, insecure=insecure)
def create_and_attach_user_to_tenant(self): insecure = bool(os.getenv('OS_INSECURE',True)) try: auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + self.inputs.openstack_ip + ':5000/v2.0' self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure) try: self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True) except: self.logger.info("%s user already created"%(self.user)) try: self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin') except Exception as e: self.logger.info("%s user already added to project"%(self.user)) try: self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin') except Exception as e: self.logger.info("Admin user already added to project") time.sleep(4) except Exception as e: self.logger.info("Failed - Keystone client instance")
class OpenstackAuth(OrchestratorAuth): def __init__(self, user, passwd, project_name, inputs=None, logger=None, auth_url=None): self.inputs = inputs self.user = user self.passwd = passwd self.project = project_name self.logger = logger or logging.getLogger(__name__) self.insecure = bool(os.getenv('OS_INSECURE',True)) if inputs: self.auth_url = 'http://%s:5000/v2.0' % (self.inputs.openstack_ip) else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, auth_url=self.auth_url, insecure=self.insecure) def get_project_id(self, name=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name) def create_project(self, name): return self.keystone.create_project(name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password): try: self.keystone.create_user(user,password,email='', tenant_name=self.inputs.stack_tenant,enabled=True) except: self.logger.info("%s user already created"%(self.user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project"%(user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone
class IsolatedCreds(fixtures.Fixture): def __init__(self,project_name,inputs,ini_file = None ,logger = None): # self.project_name = project_name self.project_name = get_random_name(project_name) self.user = project_name self.password = project_name self.inputs = inputs self.ini_file = ini_file self.logger = logger def setUp(self): super(IsolatedCreds, self).setUp() self.connections= ContrailConnections(self.inputs, self.logger) self.vnc_lib= self.connections.vnc_lib # self.logger= self.inputs.logger def create_tenant(self): self.project = None time.sleep(4) try: self.project = project_test.ProjectFixture(project_name = self.project_name, vnc_lib_h= self.vnc_lib,username= self.user,password= self.password, connections= self.connections) self.project.setUp() except Exception as e: self.logger.warn("got exception as %s"%(e)) finally: return self.project def delete_tenant(self): self.project.cleanUp() def delete_user(self,user=None): if user: user = user else: user = self.user insecure = bool(os.getenv('OS_INSECURE',True)) try: self.auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + self.inputs.openstack_ip + ':5000/v2.0' self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure) except Exception as e: self.logger.warn("Failed - Keystone client instance") self.key_stone_clients.delete_user(user) def create_and_attach_user_to_tenant(self): insecure = bool(os.getenv('OS_INSECURE',True)) try: auth_url = os.getenv('OS_AUTH_URL') or \ 'http://' + self.inputs.openstack_ip + ':5000/v2.0' self.key_stone_clients= KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= auth_url, insecure=insecure) try: self.key_stone_clients.create_user(self.user,self.password,email='',tenant_name=self.inputs.stack_tenant,enabled=True) except: self.logger.info("%s user already created"%(self.user)) try: self.key_stone_clients.add_user_to_tenant(self.project_name,self.user , 'admin') except Exception as e: self.logger.info("%s user already added to project"%(self.user)) try: self.key_stone_clients.add_user_to_tenant(self.project_name,'admin' , 'admin') except Exception as e: self.logger.info("Admin user already added to project") time.sleep(4) except Exception as e: self.logger.info("Failed - Keystone client instance") def get_inputs(self): self.project_inputs= self.useFixture(ContrailTestInit(self.ini_file, stack_user=self.project.username, stack_password=self.project.password, project_fq_name=['default-domain',self.project_name],logger = self.logger)) return self.project_inputs def get_conections(self): self.project_connections= ContrailConnections(self.project_inputs,project_name= self.project_name, username=self.project.username ,password= self.project.password, logger = self.logger) return self.project_connections def get_admin_inputs(self): admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger) return admin.get_inputs() def get_admin_connections(self): admin = AdminCreds(ADMIN_TENANT , self.inputs , self.ini_file , self.logger) return admin.get_conections() def cleanUp(self): super(IsolatedCreds, self).cleanUp()
def _create_prov_file(self): ''' Creates json data for a single node only. Optional Env variables: openstack creds: * OS_USERNAME (default: admin) * OS_PASSWORD (default: contrail123) * OS_TENANT_NAME (default: admin) * OS_DOMAIN_NAME (default: default-domain) * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0) * OS_INSECURE (default: True) login creds: * USERNAME (default: root) * PASSWORD (default: c0ntrail123) contrail service: * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint) ''' pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)' if self.orchestrator.lower() != 'openstack': raise Exception('Please specify testbed info in $PARAMS_FILE ' 'under "Basic" section, keyword "provFile"') if self.orchestrator.lower() == 'openstack': auth_url = os.getenv('OS_AUTH_URL', None) or \ 'http://127.0.0.1:5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) keystone = KeystoneCommands( self.stack_user, self.stack_password, self.stack_tenant, auth_url, region_name=self.region_name, insecure=insecure, logger=self.logger) match = re.match(pattern, keystone.get_endpoint('identity')[0]) self.auth_ip = match.group('ip') self.auth_port = match.group('port') # Assume contrail-config runs in the same node as neutron-server discovery = os.getenv('DISCOVERY_IP', None) or \ (keystone and re.match(pattern, keystone.get_endpoint('network')[0]).group('ip')) ds_client = VerificationDsSrv(discovery) services = ds_client.get_ds_services().info cfgm = database = services['config'] collector = services['analytics'] bgp = services['control-node'] openstack = [self.auth_ip] if self.auth_ip else [] computes = self.get_computes(cfgm[0]) data = {'hosts': list()} hosts = cfgm + database + collector + bgp + computes + openstack username = os.getenv('USERNAME', 'root') password = os.getenv('PASSWORD', 'c0ntrail123') for host in set(hosts): with settings( host_string='%s@%s' % (username, host), password=password, warn_only=True): hname = run('hostname') hdict = { 'ip': host, 'data-ip': host, 'control-ip': host, 'username': username, 'password': password, 'name': hname, 'roles': [], } if host in cfgm: hdict['roles'].append({'type': 'cfgm'}) if host in collector: hdict['roles'].append({'type': 'collector'}) if host in database: hdict['roles'].append({'type': 'database'}) if host in bgp: hdict['roles'].append({'type': 'bgp'}) if host in computes: hdict['roles'].append({'type': 'compute'}) if host in openstack: hdict['roles'].append({'type': 'openstack'}) data['hosts'].append(hdict) tempfile = NamedTemporaryFile(delete=False) with open(tempfile.name, 'w') as fd: json.dump(data, fd) return tempfile.name
def _create_prov_file(self): ''' Creates json data for a single node only. Optional Env variables: openstack creds: * OS_USERNAME (default: admin) * OS_PASSWORD (default: contrail123) * OS_TENANT_NAME (default: admin) * OS_DOMAIN_NAME (default: default-domain) * OS_AUTH_URL (default: http://127.0.0.1:5000/v2.0) * OS_INSECURE (default: True) login creds: * USERNAME (default: root) * PASSWORD (default: c0ntrail123) contrail service: * DISCOVERY_IP (default: neutron-server ip fetched from keystone endpoint) ''' pattern = 'http[s]?://(?P<ip>\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?P<port>\d+)' if self.orchestrator.lower() != 'openstack': raise Exception('Please specify testbed info in $PARAMS_FILE ' 'under "Basic" section, keyword "provFile"') if self.orchestrator.lower() == 'openstack': auth_url = os.getenv('OS_AUTH_URL', None) or \ 'http://127.0.0.1:5000/v2.0' insecure = bool(os.getenv('OS_INSECURE', True)) keystone = KeystoneCommands(self.stack_user, self.stack_password, self.stack_tenant, auth_url, region_name=self.region_name, insecure=insecure, logger=self.logger) match = re.match(pattern, keystone.get_endpoint('identity')[0]) self.auth_ip = match.group('ip') self.auth_port = match.group('port') # Assume contrail-config runs in the same node as neutron-server discovery = os.getenv('DISCOVERY_IP', None) or \ (keystone and re.match(pattern, keystone.get_endpoint('network')[0]).group('ip')) ds_client = VerificationDsSrv(discovery) services = ds_client.get_ds_services().info cfgm = database = services['config'] collector = services['analytics'] bgp = services['control-node'] openstack = [self.auth_ip] if self.auth_ip else [] computes = self.get_computes(cfgm[0]) data = {'hosts': list()} hosts = cfgm + database + collector + bgp + computes + openstack username = os.getenv('USERNAME', 'root') password = os.getenv('PASSWORD', 'c0ntrail123') for host in set(hosts): with settings(host_string='%s@%s' % (username, host), password=password, warn_only=True): hname = run('hostname') hdict = { 'ip': host, 'data-ip': host, 'control-ip': host, 'username': username, 'password': password, 'name': hname, 'roles': [], } if host in cfgm: hdict['roles'].append({'type': 'cfgm'}) if host in collector: hdict['roles'].append({'type': 'collector'}) if host in database: hdict['roles'].append({'type': 'database'}) if host in bgp: hdict['roles'].append({'type': 'bgp'}) if host in computes: hdict['roles'].append({'type': 'compute'}) if host in openstack: hdict['roles'].append({'type': 'openstack'}) data['hosts'].append(hdict) tempfile = NamedTemporaryFile(delete=False) with open(tempfile.name, 'w') as fd: json.dump(data, fd) return tempfile.name
class OpenstackAuth(OrchestratorAuth): def __init__(self, user, passwd, project_name, inputs=None, logger=None, auth_url=None, region_name=None): self.inputs = inputs self.user = user self.passwd = passwd self.project = project_name self.logger = logger or contrail_logging.getLogger(__name__) self.insecure = bool(os.getenv('OS_INSECURE', True)) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, logger=self.logger) def get_project_id(self, name=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name) def create_project(self, name): return self.keystone.create_project(name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password): try: self.keystone.create_user(user, password, email='', tenant_name=self.inputs.stack_tenant, enabled=True) except: self.logger.info("%s user already present" % (self.user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project" % (user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone
class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None,scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self,scope='domain'): return self.keystone.get_session(scope) def get_client(self,scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self,domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self,domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description,enabled=enabled) def get_domain(self,domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user,password,email='', tenant_name=tenant_name or self.inputs.stack_tenant,enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present"%(self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain"%(user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project"%(user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_from_tenant(project, user, role) except Exception as e: self.logger.exception("%s user already removed from project"%(user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self,group,domain_name): try: self.keystone.create_group(group,domain_name) except Exception as e: self.logger.info("%s user group already present"%(group)) def delete_group(self,name): return self.keystone.delete_group(name=name) def add_user_to_group(self,user,group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s"%(user, group)) def remove_user_from_group(self,user,group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s"%(user, group)) def add_group_to_domain(self,group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain"%(group,project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain"%(group,domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project"%(group,tenant)) def remove_group_from_tenant(self,project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project"%(group,tenant))
class OpenstackAuth(OrchestratorAuth): def __init__(self, username, password, project_name, inputs=None, logger=None, auth_url=None, region_name=None, certfile=None, keyfile=None, cacert=None, insecure=True, domain_name=None, scope='domain'): self.inputs = inputs self.user = username self.passwd = password self.project = project_name self.scope = scope self.logger = logger or contrail_logging.getLogger(__name__) if inputs: self.auth_url = inputs.auth_url self.region_name = inputs.region_name self.domain_name = domain_name or self.inputs.admin_domain self.keystone_certfile = self.inputs.keystonecertfile self.keystone_keyfile = self.inputs.keystonekeyfile self.certbundle = self.inputs.certbundle self.insecure = self.inputs.insecure self.scope = 'project' if inputs.use_project_scoped_token else scope else: self.auth_url = auth_url or os.getenv('OS_AUTH_URL') self.region_name = region_name or os.getenv('OS_REGION_NAME') self.domain_name = domain_name or os.getenv('OS_DOMAIN_NAME') self.keystone_certfile = certfile self.keystone_keyfile = keyfile self.insecure = insecure self.certbundle = cacert self.reauth() def reauth(self): self.keystone = KeystoneCommands(username=self.user, password=self.passwd, tenant=self.project, domain_name=self.domain_name, auth_url=self.auth_url, insecure=self.insecure, region_name=self.region_name, cert=self.keystone_certfile, key=self.keystone_keyfile, cacert=self.certbundle, logger=self.logger, scope=self.scope) def get_domain_id(self, name='Default'): return self.keystone.get_domain_id(name) def get_project_id(self, name=None, domain_id=None): if not name or name == self.project: return self.keystone.get_id() return self.keystone.get_project_id(name, domain_id) def get_session(self, scope='domain'): return self.keystone.get_session(scope) def get_client(self, scope='domain'): return self.keystone.get_client(scope) def get_endpoint(self, service, interface='public'): return self.keystone.get_endpoint(service, interface) def get_token(self): return self.keystone.get_token() def create_domain(self, domain_name): return self.keystone.create_domain(domain_name) def delete_domain(self, domain_name): self.keystone.delete_domain(domain_name) def update_domain(self, domain_id, domain_name, description, enabled): return self.keystone.update_domain(domain_id=domain_id, domain_name=domain_name, description=description, enabled=enabled) def get_domain(self, domain_id): return self.keystone.get_domain(domain_id=domain_id) def create_project(self, name, domain_name=None): return self.keystone.create_project(name, domain_name) def delete_project(self, name): self.keystone.delete_project(name) def delete_user(self, user): self.keystone.delete_user(user) def create_user(self, user, password, tenant_name=None, domain_name=None): try: self.keystone.create_user(user, password, email='', tenant_name=tenant_name or self.inputs.stack_tenant, enabled=True, domain_name=domain_name) except: self.logger.info("%s user already present" % (self.user)) def get_user_id(self, user): user_obj = self.keystone.get_user_dct(user) return user_obj.id if user_obj else None def create_role(self, role): self.keystone.create_role(role) def delete_role(self, role): self.keystone.delete_role(role) def add_user_to_domain(self, user, role='admin', domain=None): try: self.keystone.add_user_to_domain(user, role, domain) except Exception as e: self.logger.info("%s user already added to domain" % (user)) def add_user_to_project(self, user, project, role='admin'): try: self.keystone.add_user_to_tenant(project, user, role) except Exception as e: self.logger.info("%s user already added to project" % (user)) def remove_user_from_project(self, user, role, project): try: self.keystone.remove_user_role(user, role, project) except Exception as e: self.logger.exception("%s user already removed from project" % (user)) def verify_service_enabled(self, service): try: for svc in self.keystone.services_list(): if service in svc.name: return True else: continue return False except Exception as e: return False def get_auth_h(self): return self.keystone def create_user_group(self, group, domain_name): try: self.keystone.create_group(group, domain_name) except Exception as e: self.logger.info("%s user group already present" % (group)) def delete_group(self, name): return self.keystone.delete_group(name=name) def add_user_to_group(self, user, group): try: self.keystone.add_user_to_group(user, group) except Exception as e: self.logger.info("%s user already added to group %s" % (user, group)) def remove_user_from_group(self, user, group): try: self.keystone.remove_user_from_group(user, group) except Exception as e: self.logger.info("%s user already removed from group %s" % (user, group)) def add_group_to_domain(self, group, role='admin', domain=None): try: self.keystone.add_group_to_domain(group, role='admin', domain=domain) except Exception as e: self.logger.info("%s group already added to domain" % (group, project)) def remove_group_from_domain(self, group, role, domain=None): try: self.keystone.remove_group_from_domain(group, role, domain=None) except Exception as e: self.logger.info("%s group already removed from domain" % (group, domain)) def add_group_to_tenant(self, project, group, role='admin'): try: self.keystone.add_group_to_tenant(project, group, role='admin') except Exception as e: self.logger.info("%s group already added to project" % (group, tenant)) def remove_group_from_tenant(self, project, group, role): try: self.keystone.remove_group_from_tenant(project, group, role) except Exception as e: self.logger.info("%s group already removed from project" % (group, tenant))
class OpenstackDriver(OsVmMixin, OsVnMixin, OsSubnetMixin, OsPolicyMixin): ''' Api Driver class for Openstack Apis. This class wraps/abstracts all openstack apis, nova, neutron, etc. Any and all openstack libs calls must be added in this class. Provides create, read, update and delete methods for resources. Note: For resources defined in contrail-schema, the create & update methods expect resource desc (kwargs) to be in-sync with structure defined in contrail-schema (i.e, contrailv2 heat template). ''' def __init__(self, username, password, project_id, project_name, auth_url, endpoint_type, region_name, scope, cert, key, cacert, domain_name, insecure, logger): self.logger = logger prj = project_id.replace('-', '') self._ks = KeystoneCommands(username=username, password=password, tenant=project_name, domain_name=domain_name, auth_url=auth_url, region_name=region_name, scope=scope, cert=cert, key=key, cacert=cacert, insecure=insecure, logger=logger) self._qh = neuc.Client( '2.0', session=self._ks.get_session(scope='project'), region_name=region_name) self._nh = novac.Client( '2', session=self._ks.get_session(scope='project'), region_name=region_name) @property def keystone_handle(self): return self._ks @property def quantum_handle(self): return self._qh @property def nova_handle(self): return self._nh def get_zones(self): try: zones = self._nh.availability_zones.list() return filter(lambda x: x.zoneName != 'internal', zones) except novaException.Forbidden: return None def get_hosts(self, zone=None): computes = self._get_nova_services(binary='nova-compute') if zone: computes = filter(lambda x: x.zone == zone.zoneName, computes) return computes def _get_nova_services(self, **kwargs): try: svcs = self._nh.services.list(**kwargs) svcs = filter(lambda x: x.state != 'down' and \ x.status != 'disabled', svcs) return svcs except novaException.Forbidden: return None def get_hypervisor(self, **kwargs): if kwargs: try: return self._nh.hypervisors.find(**kwargs) except novaException.NotFound: return None else: return self._nh.hypervisors.list() def get_flavor(self, name): try: return self._nh.flavors.find(name=name) except novaException.NotFound: return None def create_flavor(self, name, vcpus, ram, disk): self._nh.flavors.create(name=name, vcpus=vcpus, ram=ram, disk=disk) flavor = self.get_flavor(name) return flavor def get_image(self, name_or_id): try: return self._nh.images.get(name_or_id) except novaException.NotFound: try: return self._nh.images.find(name=name_or_id) except novaException.NotFound: return None
def delete_user(self, user): kc = KeystoneCommands(username= self.inputs.stack_user, password= self.inputs.stack_password, tenant= self.inputs.project_name, auth_url= self.auth_url, insecure=self.insecure) kc.delete_user(user)