0e085cdf85
* each service class was moved to a new file * Service and VersionedService were moved from api_discovery to service_base.py * api_discovery.py is removed and methods for discovery were moved to a newly created class Services - class holds methods related to instantiating services, discovering their versions and extensions, configuring them * constants were moved to an independent file - constants.py Change-Id: I00880f4bd30cc4d1609c20aecca820854312b1e7
119 lines
4.9 KiB
Python
119 lines
4.9 KiB
Python
# Copyright 2016, 2018 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from constants import LOG
|
|
from tempest.lib import exceptions
|
|
|
|
|
|
class Users(object):
|
|
def __init__(self, tenants_client, roles_client, users_client, conf):
|
|
"""Init.
|
|
|
|
:type tenants_client: ProjectsClient object
|
|
:type roles_client: RolesClient object from tempest lib
|
|
:type users_client: UsersClient object from tempest lib
|
|
:type conf: TempestConf object
|
|
"""
|
|
self.tenants_client = tenants_client
|
|
self.roles_client = roles_client
|
|
self.users_client = users_client
|
|
self._conf = conf
|
|
|
|
def create_tempest_users(self, orchestration=False):
|
|
"""Create users necessary for Tempest if they don't exist already.
|
|
|
|
:type orchestration: boolean
|
|
"""
|
|
sec = 'identity'
|
|
self.create_user_with_tenant(self._conf.get(sec, 'username'),
|
|
self._conf.get(sec, 'password'),
|
|
self._conf.get(sec, 'tenant_name'))
|
|
|
|
self.create_user_with_tenant(self._conf.get(sec, 'alt_username'),
|
|
self._conf.get(sec, 'alt_password'),
|
|
self._conf.get(sec, 'alt_tenant_name'))
|
|
|
|
username = self._conf.get_defaulted('auth', 'admin_username')
|
|
if username is None:
|
|
username = self._conf.get_defaulted('identity', 'admin_username')
|
|
|
|
self.give_role_to_user(username, role_name='admin')
|
|
|
|
# Prior to juno, and with earlier juno defaults, users needed to have
|
|
# the heat_stack_owner role to use heat stack apis. We assign that role
|
|
# to the user if the role is present.
|
|
if orchestration:
|
|
self.give_role_to_user(self._conf.get('identity', 'username'),
|
|
role_name='heat_stack_owner',
|
|
role_required=False)
|
|
|
|
def give_role_to_user(self, username, role_name,
|
|
role_required=True):
|
|
"""Give the user a role in the project (tenant).
|
|
|
|
:type username: string
|
|
:type role_name: string
|
|
:type role_required: boolean
|
|
"""
|
|
tenant_name = self._conf.get('identity', 'tenant_name')
|
|
tenant_id = self.tenants_client.get_project_by_name(tenant_name)['id']
|
|
users = self.users_client.list_users()
|
|
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
|
|
user_id = user_ids[0]
|
|
roles = self.roles_client.list_roles()
|
|
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
|
|
if not role_ids:
|
|
if role_required:
|
|
raise Exception("required role %s not found" % role_name)
|
|
LOG.debug("%s role not required", role_name)
|
|
return
|
|
role_id = role_ids[0]
|
|
try:
|
|
self.roles_client.create_user_role_on_project(tenant_id, user_id,
|
|
role_id)
|
|
LOG.debug("User '%s' was given the '%s' role in project '%s'",
|
|
username, role_name, tenant_name)
|
|
except exceptions.Conflict:
|
|
LOG.debug("(no change) User '%s' already has the '%s' role in"
|
|
" project '%s'", username, role_name, tenant_name)
|
|
|
|
def create_user_with_tenant(self, username, password, tenant_name):
|
|
"""Create a user and a tenant if it doesn't exist.
|
|
|
|
:type username: string
|
|
:type password: string
|
|
:type tenant_name: string
|
|
"""
|
|
LOG.info("Creating user '%s' with tenant '%s' and password '%s'",
|
|
username, tenant_name, password)
|
|
tenant_description = "Tenant for Tempest %s user" % username
|
|
email = "%s@test.com" % username
|
|
# create a tenant
|
|
try:
|
|
self.tenants_client.create_project(name=tenant_name,
|
|
description=tenant_description)
|
|
except exceptions.Conflict:
|
|
LOG.info("(no change) Tenant '%s' already exists", tenant_name)
|
|
|
|
tenant_id = self.tenants_client.get_project_by_name(tenant_name)['id']
|
|
|
|
params = {'name': username, 'password': password,
|
|
'tenantId': tenant_id, 'email': email}
|
|
# create a user
|
|
try:
|
|
self.users_client.create_user(**params)
|
|
except exceptions.Conflict:
|
|
LOG.info("User '%s' already exists.", username)
|