def get_configured_credentials(credential_type, fill_in=True, identity_version=None): identity_version = identity_version or CONF.identity.auth_version if identity_version not in ('v2', 'v3'): raise exceptions.InvalidConfiguration('Unsupported auth version: %s' % identity_version) if credential_type not in CREDENTIAL_TYPES: raise exceptions.InvalidCredentials() conf_attributes = ['username', 'password', 'tenant_name'] if identity_version == 'v3': conf_attributes.append('domain_name') # Read the parts of credentials from config params = DEFAULT_PARAMS.copy() section, prefix = CREDENTIAL_TYPES[credential_type] for attr in conf_attributes: _section = getattr(CONF, section) if prefix is None: params[attr] = getattr(_section, attr) else: params[attr] = getattr(_section, prefix + "_" + attr) # Build and validate credentials. We are reading configured credentials, # so validate them even if fill_in is False credentials = get_credentials(fill_in=fill_in, identity_version=identity_version, **params) if not fill_in: if not credentials.is_valid(): msg = ("The %s credentials are incorrectly set in the config file." " Double check that all required values are assigned" % credential_type) raise exceptions.InvalidConfiguration(msg) return credentials
def _set_identity_clients(self): params = { 'service': CONF.identity.catalog_type, 'region': CONF.identity.region, 'endpoint_type': 'adminURL' } params.update(self.default_params_with_timeout_values) self.identity_client = IdentityClientJSON(self.auth_provider, **params) self.identity_v3_client = IdentityV3ClientJSON(self.auth_provider, **params) self.endpoints_client = EndPointClientJSON(self.auth_provider, **params) self.service_client = ServiceClientJSON(self.auth_provider, **params) self.policy_client = PolicyClientJSON(self.auth_provider, **params) self.region_client = RegionClientJSON(self.auth_provider, **params) self.credentials_client = CredentialsClientJSON( self.auth_provider, **params) # Token clients do not use the catalog. They only need default_params. # They read auth_url, so they should only be set if the corresponding # API version is marked as enabled if CONF.identity_feature_enabled.api_v2: if CONF.identity.uri: self.token_client = TokenClientJSON(CONF.identity.uri, **self.default_params) else: msg = 'Identity v2 API enabled, but no identity.uri set' raise exceptions.InvalidConfiguration(msg) if CONF.identity_feature_enabled.api_v3: if CONF.identity.uri_v3: self.token_v3_client = V3TokenClientJSON( CONF.identity.uri_v3, **self.default_params) else: msg = 'Identity v3 API enabled, but no identity.uri_v3 set' raise exceptions.InvalidConfiguration(msg)
def get_network_from_name(name, compute_networks_client): """Get a full network dict from just a network name :param str name: the name of the network to use :param NetworksClientJSON compute_networks_client: The network client object to use for making the network lists api request :returns: The full dictionary for the network in question :rtype: dict :raises InvalidConfiguration: If the name provided is invalid, the networks list returns a 404, there are no found networks, or the found network is invalid """ caller = misc_utils.find_test_caller() if not name: raise exceptions.InvalidConfiguration() try: networks = compute_networks_client.list_networks(name=name) except lib_exc.NotFound: # In case of nova network, if the fixed_network_name is not # owned by the tenant, and the network client is not an admin # one, list_networks will not find it msg = ('Unable to find network %s. ' 'Starting instance without specifying a network.' % name) if caller: msg = '(%s) %s' % (caller, msg) LOG.info(msg) raise exceptions.InvalidConfiguration() # Check that a network exists, else raise an InvalidConfigurationException if len(networks) == 1: network = sorted(networks)[0] elif len(networks) > 1: msg = ("Network with name: %s had multiple matching networks in the " "list response: %s\n Unable to specify a single network" % (name, networks)) if caller: msg = '(%s) %s' % (caller, msg) LOG.warn(msg) raise exceptions.InvalidConfiguration() else: msg = "Network with name: %s not found" % name if caller: msg = '(%s) %s' % (caller, msg) LOG.warn(msg) raise exceptions.InvalidConfiguration() # To be consistent between neutron and nova network always use name even # if label is used in the api response. If neither is present than then # the returned network is invalid. name = network.get('name') or network.get('label') if not name: msg = "Network found from list doesn't contain a valid name or label" if caller: msg = '(%s) %s' % (caller, msg) LOG.warn(msg) raise exceptions.InvalidConfiguration() network['name'] = name return network
def _get_match_hash_list(self, roles=None): hashes = [] if roles: # Loop over all the creds for each role in the subdict and generate # a list of cred lists for each role for role in roles: temp_hashes = self.hash_dict['roles'].get(role, None) if not temp_hashes: raise exceptions.InvalidConfiguration( "No credentials with role: %s specified in the " "accounts " "file" % role) hashes.append(temp_hashes) # Take the list of lists and do a boolean and between each list to # find the creds which fall under all the specified roles temp_list = set(hashes[0]) for hash_list in hashes[1:]: temp_list = temp_list & set(hash_list) hashes = temp_list else: hashes = self.hash_dict['creds'].keys() # NOTE(mtreinish): admin is a special case because of the increased # privlege set which could potentially cause issues on tests where that # is not expected. So unless the admin role isn't specified do not # allocate admin. admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role, None) if ((not roles or CONF.identity.admin_role not in roles) and admin_hashes): useable_hashes = [x for x in hashes if x not in admin_hashes] else: useable_hashes = hashes return useable_hashes
def is_multi_user(self): # Default credentials is not a valid option with locking Account if self.use_default_creds: raise exceptions.InvalidConfiguration( "Account file %s doesn't exist" % CONF.auth.test_accounts_file) else: return len(self.hash_dict['creds']) > 1
def _get_creds(self, roles=None): if self.use_default_creds: raise exceptions.InvalidConfiguration( "Account file %s doesn't exist" % CONF.auth.test_accounts_file) useable_hashes = self._get_match_hash_list(roles) free_hash = self._get_free_hash(useable_hashes) clean_creds = self._sanitize_creds(self.hash_dict['creds'][free_hash]) LOG.info('%s allocated creds:\n%s' % (self.name, clean_creds)) return self._wrap_creds_with_network(free_hash)
def _unique_creds(self, cred_arg=None): """Verify that the configured credentials are valid and distinct """ try: user = self.get_primary_creds() alt_user = self.get_alt_creds() return getattr(user, cred_arg) != getattr(alt_user, cred_arg) except exceptions.InvalidCredentials as ic: msg = "At least one of the configured credentials is " \ "not valid: %s" % ic.message raise exceptions.InvalidConfiguration(msg)
def __init__(self, identity_client, domain_name): super(V3CredsClient, self).__init__(identity_client) try: # Domain names must be unique, in any case a list is returned, # selecting the first (and only) element self.creds_domain = self.identity_client.list_domains( params={'name': domain_name})[0] except lib_exc.NotFound: # TODO(andrea) we could probably create the domain on the fly msg = "Configured domain %s could not be found" % domain_name raise exceptions.InvalidConfiguration(msg)
def _create_network_resources(self, tenant_id): network = None subnet = None router = None # Make sure settings if self.network_resources: if self.network_resources['router']: if (not self.network_resources['subnet'] or not self.network_resources['network']): raise exceptions.InvalidConfiguration( 'A router requires a subnet and network') elif self.network_resources['subnet']: if not self.network_resources['network']: raise exceptions.InvalidConfiguration( 'A subnet requires a network') elif self.network_resources['dhcp']: raise exceptions.InvalidConfiguration('DHCP requires a subnet') data_utils.rand_name_root = data_utils.rand_name(self.name) if not self.network_resources or self.network_resources['network']: network_name = data_utils.rand_name_root + "-network" network = self._create_network(network_name, tenant_id) try: if not self.network_resources or self.network_resources['subnet']: subnet_name = data_utils.rand_name_root + "-subnet" subnet = self._create_subnet(subnet_name, tenant_id, network['id']) if not self.network_resources or self.network_resources['router']: router_name = data_utils.rand_name_root + "-router" router = self._create_router(router_name, tenant_id) self._add_router_interface(router['id'], subnet['id']) except Exception: if router: self._clear_isolated_router(router['id'], router['name']) if subnet: self._clear_isolated_subnet(subnet['id'], subnet['name']) if network: self._clear_isolated_network(network['id'], network['name']) raise return network, subnet, router
def __init__(self, auth_url, disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None): dscv = disable_ssl_certificate_validation super(V3TokenClientJSON, self).__init__( None, None, None, disable_ssl_certificate_validation=dscv, ca_certs=ca_certs, trace_requests=trace_requests) if not auth_url: raise exceptions.InvalidConfiguration('you must specify a v3 uri ' 'if using the v3 identity ' 'api') if 'auth/tokens' not in auth_url: auth_url = auth_url.rstrip('/') + '/auth/tokens' self.auth_url = auth_url
def renew_lease(self, fixed_ip=None): """Wrapper method for renewing DHCP lease via given client Supporting: * udhcpc * dhclient """ # TODO(yfried): add support for dhcpcd supported_clients = ['udhcpc', 'dhclient'] dhcp_client = CONF.scenario.dhcp_client if dhcp_client not in supported_clients: raise exceptions.InvalidConfiguration( '%s DHCP client unsupported' % dhcp_client) if dhcp_client == 'udhcpc' and not fixed_ip: raise ValueError("need to set 'fixed_ip' for udhcpc client") return getattr(self, '_renew_lease_' + dhcp_client)(fixed_ip=fixed_ip)
def _get_free_hash(self, hashes): # Cast as a list because in some edge cases a set will be passed in hashes = list(hashes) if not os.path.isdir(self.accounts_dir): os.mkdir(self.accounts_dir) # Create File from first hash (since none are in use) self._create_hash_file(hashes[0]) return hashes[0] names = [] for _hash in hashes: res = self._create_hash_file(_hash) if res: return _hash else: path = os.path.join(os.path.join(self.accounts_dir, _hash)) with open(path, 'r') as fd: names.append(fd.read()) msg = ('Insufficient number of users provided. %s have allocated all ' 'the credentials for this allocation request' % ','.join(names)) raise exceptions.InvalidConfiguration(msg)
def get_creds_by_roles(self, roles, force_new=False): msg = "Credentials being specified through the config file can not be"\ " used with tests that specify using credentials by roles. "\ "Either exclude/skip the tests doing this or use either an "\ "test_accounts_file or tenant isolation." raise exceptions.InvalidConfiguration(msg)