Token authentication for tempest tests

Add token authentication logic for ranger tempest tests

Change-Id: I101531cf455294dd3aa78910650b6e217e701d81

ranger-tempest-plugin/ranger_tempest_plugin/config.py

@@ -60,6 +60,12 @@ OrmGroup = [
                help="Ranger Image Service URL"),
     cfg.StrOpt("RANGER_RMS_BASE_URL",
                help="Ranger Region Service URL"),
+    cfg.BoolOpt('verify',
+                default=False,
+                help='Flag for SSL verfiy Enabled/Disabled.'),
+    cfg.BoolOpt('auth_enabled',
+                default=False,
+                help='Token Authentication enabled/disabled'),
     cfg.ListOpt("flavor_series",
                 default=['xx'],
                 help="Supported flavor series")

ranger-tempest-plugin/ranger_tempest_plugin/services/base_client.py

@@ -14,7 +14,7 @@
 #    under the License.
 
 import json
-
+import requests
 from tempest import config
 from tempest.lib import auth
 from tempest.lib.common import rest_client
@@ -22,10 +22,120 @@ from tempest.lib.common import rest_client
 CONF = config.CONF
 
 
+class ResponseError(Exception):
+    pass
+
+
+class ConnectionError(Exception):
+    pass
+
+
 class RangerClientBase(rest_client.RestClient):
 
+    rms_url = CONF.ranger.RANGER_RMS_BASE_URL
+    auth_region = CONF.identity.region
+    timeout = 10
+
+    # def get_keystone_ep(rms_url, region_name):
+    def get_keystone_ep(self, rms_url, region_name):
+        """Get the Keystone EP from RMS.
+
+        :param rms_url: RMS server URL
+        :param region_name: The region name
+        :return: Keystone EP (string), None if it was not found
+        """
+        try:
+            response = requests.get('%s/v2/orm/regions?regionname=%s' % (
+                rms_url, region_name, ), verify=CONF.ranger.verify)
+        except requests.exceptions.ConnectionError as e:
+            print('Could not connect to RMS, URL: {}'.format(rms_url))
+            return None
+
+        if response.status_code != 200:
+            print('RMS returned status: {}, content: {}'.format(
+                response.status_code, response.content))
+            return None
+
+        # get the identity URL info from the rms region record
+        lcp = response.json()
+        try:
+            for endpoint in lcp['regions'][0]['endpoints']:
+                if endpoint['type'] == 'identity':
+                    return endpoint['publicURL']
+        except KeyError:
+            print('Key error while attempting to get keystone endpoint. '
+                  'Please investigate.')
+            return None
+
+        # Keystone EP not found in the response
+        print('No identity endpoint was found in the response from RMS')
+        return None
+
+    def get_token(self, timeout, host):
+        headers = {
+            'Content-Type': 'application/json',
+        }
+        url = '%s/v3/auth/tokens'
+        data = '''
+{
+   "auth":{
+      "identity":{
+         "methods":[
+            "password"
+         ],
+         "password":{
+            "user":{
+               "domain":{
+                  "name":"%s"
+               },
+               "name":"%s",
+               "password":"%s"
+            }
+         }
+      },
+      "scope":{
+         "project":{
+            "name":"%s",
+            "domain":{
+               "name":"%s"
+            }
+         }
+      }
+   }
+}'''
+        if not CONF.ranger.auth_enabled:
+            return None
+
+        region = self.auth_region
+
+        keystone_ep = self.get_keystone_ep('{}'.format(host), region)
+        if keystone_ep is None:
+            raise ConnectionError(
+                'Failed in get_token, host: {}, region: {}'.format(host,
+                                                                   region))
+
+        url = url % (keystone_ep,)
+        data = data % (CONF.auth.admin_domain_name,
+                       CONF.auth.admin_username,
+                       CONF.auth.admin_password,
+                       CONF.auth.admin_project_name,
+                       CONF.auth.admin_domain_name,)
+
+        try:
+            resp = requests.post(url, timeout=timeout, data=data, headers=headers)
+            if resp.status_code != 201:
+                raise ResponseError(
+                    'Failed to get token (Reason: {})'.format(
+                        resp.status_code))
+            return resp.headers['x-subject-token']
+
+        except Exception as e:
+            print e.message
+            raise ConnectionError(e.message)
+
     def get_headers(self):
         headers = {'X-Auth-Region': CONF.identity.region,
+                   'X-Auth-Token': self.get_token(self.timeout, self.rms_url),
                    'X-RANGER-Tracking-Id': 'test',
                    'X-RANGER-Requester': CONF.auth.admin_username,
                    'X-RANGER-Client': 'cli',

ranger-tempest-plugin/ranger_tempest_plugin/services/fms_client.py

@@ -29,24 +29,10 @@ class FmsClient(base_client.RangerClientBase):
     fms_url = CONF.ranger.RANGER_FMS_BASE_URL
     version = "v1"
 
-    def get_extra_headers(self):
-        headers = {'X-Auth-Region': CONF.identity.region,
-                   'X-RANGER-Tracking-Id': 'test',
-                   'X-RANGER-Requester': CONF.auth.admin_username,
-                   'X-RANGER-Client': 'cli'
-                   }
-        return headers
-
     def create_flavor(self, **kwargs):
         uri = '%s/%s/orm/flavors' % (self.fms_url, self.version)
         post_body = {"flavor": kwargs}
         post_body = json.dumps(post_body)
-        # ex_headers = self.get_headers()
-        # resp, body = self.post(uri, body=post_body,
-        #                       extra_headers=ex_headers)
-        # body = json.loads(body)
-        # self.validate_response(schema.create_flavor, resp, body)
-        # return rest_client.ResponseBody(resp, body["flavor"])
         return self.post_request(uri, post_body, schema.create_flavor)
 
     def get_flavor(self, identifier, para=None):
@@ -63,12 +49,6 @@ class FmsClient(base_client.RangerClientBase):
             uri = '%s/%s/orm/flavors' % (self.fms_url, self.version)
         else:
             uri = '%s/%s/orm/flavors/%s' % (self.fms_url, self.version, para)
-        # ex_headers = self.get_headers()
-        # resp, body = self.get(url, extra_headers=ex_headers)
-        # self.expected_success(200, resp.status)
-        # body = json.loads(body)
-        # self.validate_response(schema.list_flavors, resp, body)
-        # return rest_client.ResponseBody(resp, body)
         return self.get_request(uri, schema.list_flavors)
 
     def delete_region_from_flavor(self, flavor_id, region_id):

ranger-tempest-plugin/ranger_tempest_plugin/services/ims_client.py

@@ -27,16 +27,6 @@ class ImsClient(base_client.RangerClientBase):
     ims_url = CONF.ranger.RANGER_IMS_BASE_URL
     version = "v1"
 
-    def get_headers(self):
-        headers = {'Content-Type': 'application/json',
-                   'Accept': 'application/json',
-                   'X-Auth-Region': CONF.identity.region,
-                   'X-RANGER-Tracking-Id': 'test',
-                   'X-RANGER-Requester': CONF.auth.admin_username,
-                   'X-RANGER-Client': 'cli'
-                   }
-        return headers
-
     def create_image(self, **kwargs):
         uri = '%s/%s/orm/images' % (self.ims_url, self.version)
         post_body = {"image": kwargs}

ranger-tempest-plugin/tempest_setup/tempest.conf

@@ -110,11 +110,18 @@ storage_protocol = iSCSI
 multi_backend = false
 
 [ranger]
-# change uri IP address as needed
+### set ranger RMS service URL
 # RANGER_RMS_BASE_URL='https://<ranger-rms-endpoint>:443'
+### set ranger CMS service URL
 # RANGER_CMS_BASE_URL='https://<ranger-cms-endpoint>:443'
+### set ranger FMS service URL
 # RANGER_FMS_BASE_URL='https://<ranger-fms-endpoint>:443'
+### set ranger IMS service URL
 # RANGER_IMS_BASE_URL='https://<ranger-ims-endpoint>:443'
+### uncomment below to set verify = TRUE
+# verify=True
+### uncomment to set token authentication ON
+# auth_enabled=True
 catalog_type = ranger
-# uncomment flavor_series and set it accordingly
+### uncomment flavor_series and set it accordingly
 # flavor_series =