Token authentication for tempest tests
Add token authentication logic for ranger tempest tests Change-Id: I101531cf455294dd3aa78910650b6e217e701d81
This commit is contained in:
stewie925
parent
e5a7860983
commit
dd537c8e76
@ -60,6 +60,12 @@ OrmGroup = [
|
||||
help="Ranger Image Service URL"),
|
||||
cfg.StrOpt("RANGER_RMS_BASE_URL",
|
||||
help="Ranger Region Service URL"),
|
||||
cfg.BoolOpt('verify',
|
||||
default=False,
|
||||
help='Flag for SSL verfiy Enabled/Disabled.'),
|
||||
cfg.BoolOpt('auth_enabled',
|
||||
default=False,
|
||||
help='Token Authentication enabled/disabled'),
|
||||
cfg.ListOpt("flavor_series",
|
||||
default=['xx'],
|
||||
help="Supported flavor series")
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
import requests
|
||||
from tempest import config
|
||||
from tempest.lib import auth
|
||||
from tempest.lib.common import rest_client
|
||||
@ -22,10 +22,120 @@ from tempest.lib.common import rest_client
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class ResponseError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class ConnectionError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class RangerClientBase(rest_client.RestClient):
|
||||
|
||||
rms_url = CONF.ranger.RANGER_RMS_BASE_URL
|
||||
auth_region = CONF.identity.region
|
||||
timeout = 10
|
||||
|
||||
# def get_keystone_ep(rms_url, region_name):
|
||||
def get_keystone_ep(self, rms_url, region_name):
|
||||
"""Get the Keystone EP from RMS.
|
||||
|
||||
:param rms_url: RMS server URL
|
||||
:param region_name: The region name
|
||||
:return: Keystone EP (string), None if it was not found
|
||||
"""
|
||||
try:
|
||||
response = requests.get('%s/v2/orm/regions?regionname=%s' % (
|
||||
rms_url, region_name, ), verify=CONF.ranger.verify)
|
||||
except requests.exceptions.ConnectionError as e:
|
||||
print('Could not connect to RMS, URL: {}'.format(rms_url))
|
||||
return None
|
||||
|
||||
if response.status_code != 200:
|
||||
print('RMS returned status: {}, content: {}'.format(
|
||||
response.status_code, response.content))
|
||||
return None
|
||||
|
||||
# get the identity URL info from the rms region record
|
||||
lcp = response.json()
|
||||
try:
|
||||
for endpoint in lcp['regions'][0]['endpoints']:
|
||||
if endpoint['type'] == 'identity':
|
||||
return endpoint['publicURL']
|
||||
except KeyError:
|
||||
print('Key error while attempting to get keystone endpoint. '
|
||||
'Please investigate.')
|
||||
return None
|
||||
|
||||
# Keystone EP not found in the response
|
||||
print('No identity endpoint was found in the response from RMS')
|
||||
return None
|
||||
|
||||
def get_token(self, timeout, host):
|
||||
headers = {
|
||||
'Content-Type': 'application/json',
|
||||
}
|
||||
url = '%s/v3/auth/tokens'
|
||||
data = '''
|
||||
{
|
||||
"auth":{
|
||||
"identity":{
|
||||
"methods":[
|
||||
"password"
|
||||
],
|
||||
"password":{
|
||||
"user":{
|
||||
"domain":{
|
||||
"name":"%s"
|
||||
},
|
||||
"name":"%s",
|
||||
"password":"%s"
|
||||
}
|
||||
}
|
||||
},
|
||||
"scope":{
|
||||
"project":{
|
||||
"name":"%s",
|
||||
"domain":{
|
||||
"name":"%s"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}'''
|
||||
if not CONF.ranger.auth_enabled:
|
||||
return None
|
||||
|
||||
region = self.auth_region
|
||||
|
||||
keystone_ep = self.get_keystone_ep('{}'.format(host), region)
|
||||
if keystone_ep is None:
|
||||
raise ConnectionError(
|
||||
'Failed in get_token, host: {}, region: {}'.format(host,
|
||||
region))
|
||||
|
||||
url = url % (keystone_ep,)
|
||||
data = data % (CONF.auth.admin_domain_name,
|
||||
CONF.auth.admin_username,
|
||||
CONF.auth.admin_password,
|
||||
CONF.auth.admin_project_name,
|
||||
CONF.auth.admin_domain_name,)
|
||||
|
||||
try:
|
||||
resp = requests.post(url, timeout=timeout, data=data, headers=headers)
|
||||
if resp.status_code != 201:
|
||||
raise ResponseError(
|
||||
'Failed to get token (Reason: {})'.format(
|
||||
resp.status_code))
|
||||
return resp.headers['x-subject-token']
|
||||
|
||||
except Exception as e:
|
||||
print e.message
|
||||
raise ConnectionError(e.message)
|
||||
|
||||
def get_headers(self):
|
||||
headers = {'X-Auth-Region': CONF.identity.region,
|
||||
'X-Auth-Token': self.get_token(self.timeout, self.rms_url),
|
||||
'X-RANGER-Tracking-Id': 'test',
|
||||
'X-RANGER-Requester': CONF.auth.admin_username,
|
||||
'X-RANGER-Client': 'cli',
|
||||
|
||||
@ -29,24 +29,10 @@ class FmsClient(base_client.RangerClientBase):
|
||||
fms_url = CONF.ranger.RANGER_FMS_BASE_URL
|
||||
version = "v1"
|
||||
|
||||
def get_extra_headers(self):
|
||||
headers = {'X-Auth-Region': CONF.identity.region,
|
||||
'X-RANGER-Tracking-Id': 'test',
|
||||
'X-RANGER-Requester': CONF.auth.admin_username,
|
||||
'X-RANGER-Client': 'cli'
|
||||
}
|
||||
return headers
|
||||
|
||||
def create_flavor(self, **kwargs):
|
||||
uri = '%s/%s/orm/flavors' % (self.fms_url, self.version)
|
||||
post_body = {"flavor": kwargs}
|
||||
post_body = json.dumps(post_body)
|
||||
# ex_headers = self.get_headers()
|
||||
# resp, body = self.post(uri, body=post_body,
|
||||
# extra_headers=ex_headers)
|
||||
# body = json.loads(body)
|
||||
# self.validate_response(schema.create_flavor, resp, body)
|
||||
# return rest_client.ResponseBody(resp, body["flavor"])
|
||||
return self.post_request(uri, post_body, schema.create_flavor)
|
||||
|
||||
def get_flavor(self, identifier, para=None):
|
||||
@ -63,12 +49,6 @@ class FmsClient(base_client.RangerClientBase):
|
||||
uri = '%s/%s/orm/flavors' % (self.fms_url, self.version)
|
||||
else:
|
||||
uri = '%s/%s/orm/flavors/%s' % (self.fms_url, self.version, para)
|
||||
# ex_headers = self.get_headers()
|
||||
# resp, body = self.get(url, extra_headers=ex_headers)
|
||||
# self.expected_success(200, resp.status)
|
||||
# body = json.loads(body)
|
||||
# self.validate_response(schema.list_flavors, resp, body)
|
||||
# return rest_client.ResponseBody(resp, body)
|
||||
return self.get_request(uri, schema.list_flavors)
|
||||
|
||||
def delete_region_from_flavor(self, flavor_id, region_id):
|
||||
|
||||
@ -27,16 +27,6 @@ class ImsClient(base_client.RangerClientBase):
|
||||
ims_url = CONF.ranger.RANGER_IMS_BASE_URL
|
||||
version = "v1"
|
||||
|
||||
def get_headers(self):
|
||||
headers = {'Content-Type': 'application/json',
|
||||
'Accept': 'application/json',
|
||||
'X-Auth-Region': CONF.identity.region,
|
||||
'X-RANGER-Tracking-Id': 'test',
|
||||
'X-RANGER-Requester': CONF.auth.admin_username,
|
||||
'X-RANGER-Client': 'cli'
|
||||
}
|
||||
return headers
|
||||
|
||||
def create_image(self, **kwargs):
|
||||
uri = '%s/%s/orm/images' % (self.ims_url, self.version)
|
||||
post_body = {"image": kwargs}
|
||||
|
||||
@ -110,11 +110,18 @@ storage_protocol = iSCSI
|
||||
multi_backend = false
|
||||
|
||||
[ranger]
|
||||
# change uri IP address as needed
|
||||
### set ranger RMS service URL
|
||||
# RANGER_RMS_BASE_URL='https://<ranger-rms-endpoint>:443'
|
||||
### set ranger CMS service URL
|
||||
# RANGER_CMS_BASE_URL='https://<ranger-cms-endpoint>:443'
|
||||
### set ranger FMS service URL
|
||||
# RANGER_FMS_BASE_URL='https://<ranger-fms-endpoint>:443'
|
||||
### set ranger IMS service URL
|
||||
# RANGER_IMS_BASE_URL='https://<ranger-ims-endpoint>:443'
|
||||
### uncomment below to set verify = TRUE
|
||||
# verify=True
|
||||
### uncomment to set token authentication ON
|
||||
# auth_enabled=True
|
||||
catalog_type = ranger
|
||||
# uncomment flavor_series and set it accordingly
|
||||
### uncomment flavor_series and set it accordingly
|
||||
# flavor_series =
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user