# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import re import time import boto.exception from testtools import TestCase from tempest.common import log as logging import tempest.config LOG = logging.getLogger(__name__) _boto_config = tempest.config.TempestConfig().boto default_timeout = _boto_config.build_timeout default_check_interval = _boto_config.build_interval def state_wait(lfunction, final_set=set(), valid_set=None): #TODO(afazekas): evaluate using ABC here if not isinstance(final_set, set): final_set = set((final_set, )) if not isinstance(valid_set, set) and valid_set is not None: valid_set = set((valid_set, )) start_time = time.time()
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import re import subprocess import tempest.cli from tempest.common import log as logging LOG = logging.getLogger(__name__) class SimpleReadOnlyGlanceClientTest(tempest.cli.ClientTestBase): """Basic, read-only tests for Glance CLI client. Checks return values and output of read-only commands. These tests do not presume any content, nor do they create their own. They only verify the structure of output if present. """ def test_glance_fake_action(self): self.assertRaises(subprocess.CalledProcessError, self.glance, "this-does-not-exist") def test_glance_image_list(self): out = self.glance("image-list")
def decision_maker(): A_I_IMAGES_READY = True # ari,ami,aki S3_CAN_CONNECT_ERROR = None EC2_CAN_CONNECT_ERROR = None secret_matcher = re.compile("[A-Za-z0-9+/]{32,}") # 40 in other system id_matcher = re.compile("[A-Za-z0-9]{20,}") def all_read(*args): return all(map(have_effective_read_access, args)) config = tempest.config.TempestConfig() materials_path = config.boto.s3_materials_path ami_path = materials_path + os.sep + config.boto.ami_manifest aki_path = materials_path + os.sep + config.boto.aki_manifest ari_path = materials_path + os.sep + config.boto.ari_manifest A_I_IMAGES_READY = all_read(ami_path, aki_path, ari_path) boto_logger = logging.getLogger('boto') level = boto_logger.level boto_logger.setLevel(orig_logging.CRITICAL) # suppress logging for these def _cred_sub_check(connection_data): if not id_matcher.match(connection_data["aws_access_key_id"]): raise Exception("Invalid AWS access Key") if not secret_matcher.match(connection_data["aws_secret_access_key"]): raise Exception("Invalid AWS secret Key") raise Exception("Unknown (Authentication?) Error") openstack = tempest.clients.Manager() try: if urlparse.urlparse(config.boto.ec2_url).hostname is None: raise Exception("Failed to get hostname from the ec2_url") ec2client = openstack.ec2api_client try: ec2client.get_all_regions() except exception.BotoServerError as exc: if exc.error_code is None: raise Exception("EC2 target does not looks EC2 service") _cred_sub_check(ec2client.connection_data) except keystoneclient.exceptions.Unauthorized: EC2_CAN_CONNECT_ERROR = "AWS credentials not set," +\ " faild to get them even by keystoneclient" except Exception as exc: EC2_CAN_CONNECT_ERROR = str(exc) try: if urlparse.urlparse(config.boto.s3_url).hostname is None: raise Exception("Failed to get hostname from the s3_url") s3client = openstack.s3_client try: s3client.get_bucket("^INVALID*#()@INVALID.") except exception.BotoServerError as exc: if exc.status == 403: _cred_sub_check(s3client.connection_data) except Exception as exc: S3_CAN_CONNECT_ERROR = str(exc) except keystoneclient.exceptions.Unauthorized: S3_CAN_CONNECT_ERROR = "AWS credentials not set," +\ " faild to get them even by keystoneclient" boto_logger.setLevel(level) return {'A_I_IMAGES_READY': A_I_IMAGES_READY, 'S3_CAN_CONNECT_ERROR': S3_CAN_CONNECT_ERROR, 'EC2_CAN_CONNECT_ERROR': EC2_CAN_CONNECT_ERROR}
class RestClient(object): TYPE = "json" LOG = logging.getLogger(__name__) def __init__(self, config, user, password, auth_url, tenant_name=None): self.config = config self.user = user self.password = password self.auth_url = auth_url self.tenant_name = tenant_name self.service = None self.token = None self.base_url = None self.region = {'compute': self.config.identity.region} self.endpoint_url = 'publicURL' self.strategy = self.config.identity.strategy self.headers = { 'Content-Type': 'application/%s' % self.TYPE, 'Accept': 'application/%s' % self.TYPE } self.build_interval = config.compute.build_interval self.build_timeout = config.compute.build_timeout self.general_header_lc = set( ('cache-control', 'connection', 'date', 'pragma', 'trailer', 'transfer-encoding', 'via', 'warning')) self.response_header_lc = set( ('accept-ranges', 'age', 'etag', 'location', 'proxy-authenticate', 'retry-after', 'server', 'vary', 'www-authenticate')) dscv = self.config.identity.disable_ssl_certificate_validation self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv) def _set_auth(self): """ Sets the token and base_url used in requests based on the strategy type """ if self.strategy == 'keystone': self.token, self.base_url = self.keystone_auth( self.user, self.password, self.auth_url, self.service, self.tenant_name) else: self.token, self.base_url = self.basic_auth( self.user, self.password, self.auth_url) def clear_auth(self): """ Can be called to clear the token and base_url so that the next request will fetch a new token and base_url. """ self.token = None self.base_url = None def get_auth(self): """Returns the token of the current request or sets the token if none. """ if not self.token: self._set_auth() return self.token def basic_auth(self, user, password, auth_url): """ Provides authentication for the target API. """ params = {} params['headers'] = { 'User-Agent': 'Test-Client', 'X-Auth-User': user, 'X-Auth-Key': password } resp, body = self.http_obj.request(auth_url, 'GET', **params) try: return resp['x-auth-token'], resp['x-server-management-url'] except Exception: raise def keystone_auth(self, user, password, auth_url, service, tenant_name): """ Provides authentication via Keystone. """ # Normalize URI to ensure /tokens is in it. if 'tokens' not in auth_url: auth_url = auth_url.rstrip('/') + '/tokens' creds = { 'auth': { 'passwordCredentials': { 'username': user, 'password': password, }, 'tenantName': tenant_name, } } headers = {'Content-Type': 'application/json'} body = json.dumps(creds) self._log_request('POST', auth_url, headers, body) resp, resp_body = self.http_obj.request(auth_url, 'POST', headers=headers, body=body) self._log_response(resp, resp_body) if resp.status == 200: try: auth_data = json.loads(resp_body)['access'] token = auth_data['token']['id'] except Exception, e: print "Failed to obtain token for user: %s" % e raise mgmt_url = None for ep in auth_data['serviceCatalog']: if ep["type"] == service: for _ep in ep['endpoints']: if service in self.region and \ _ep['region'] == self.region[service]: mgmt_url = _ep[self.endpoint_url] if not mgmt_url: mgmt_url = ep['endpoints'][0][self.endpoint_url] break if mgmt_url is None: raise exceptions.EndpointNotFound(service) return token, mgmt_url elif resp.status == 401: raise exceptions.AuthenticationFailure(user=user, password=password)
def decision_maker(): A_I_IMAGES_READY = True # ari,ami,aki S3_CAN_CONNECT_ERROR = None EC2_CAN_CONNECT_ERROR = None secret_matcher = re.compile("[A-Za-z0-9+/]{32,}") # 40 in other system id_matcher = re.compile("[A-Za-z0-9]{20,}") def all_read(*args): return all(map(have_effective_read_access, args)) config = tempest.config.TempestConfig() materials_path = config.boto.s3_materials_path ami_path = materials_path + os.sep + config.boto.ami_manifest aki_path = materials_path + os.sep + config.boto.aki_manifest ari_path = materials_path + os.sep + config.boto.ari_manifest A_I_IMAGES_READY = all_read(ami_path, aki_path, ari_path) boto_logger = logging.getLogger('boto') level = boto_logger.level boto_logger.setLevel(orig_logging.CRITICAL) # suppress logging for these def _cred_sub_check(connection_data): if not id_matcher.match(connection_data["aws_access_key_id"]): raise Exception("Invalid AWS access Key") if not secret_matcher.match(connection_data["aws_secret_access_key"]): raise Exception("Invalid AWS secret Key") raise Exception("Unknown (Authentication?) Error") openstack = tempest.clients.Manager() try: if urlparse.urlparse(config.boto.ec2_url).hostname is None: raise Exception("Failed to get hostname from the ec2_url") ec2client = openstack.ec2api_client try: ec2client.get_all_regions() except exception.BotoServerError as exc: if exc.error_code is None: raise Exception("EC2 target does not looks EC2 service") _cred_sub_check(ec2client.connection_data) except keystoneclient.exceptions.Unauthorized: EC2_CAN_CONNECT_ERROR = "AWS credentials not set," +\ " faild to get them even by keystoneclient" except Exception as exc: EC2_CAN_CONNECT_ERROR = str(exc) try: if urlparse.urlparse(config.boto.s3_url).hostname is None: raise Exception("Failed to get hostname from the s3_url") s3client = openstack.s3_client try: s3client.get_bucket("^INVALID*#()@INVALID.") except exception.BotoServerError as exc: if exc.status == 403: _cred_sub_check(s3client.connection_data) except Exception as exc: S3_CAN_CONNECT_ERROR = str(exc) except keystoneclient.exceptions.Unauthorized: S3_CAN_CONNECT_ERROR = "AWS credentials not set," +\ " faild to get them even by keystoneclient" boto_logger.setLevel(level) return { 'A_I_IMAGES_READY': A_I_IMAGES_READY, 'S3_CAN_CONNECT_ERROR': S3_CAN_CONNECT_ERROR, 'EC2_CAN_CONNECT_ERROR': EC2_CAN_CONNECT_ERROR }