From 7fd04bba83b8598606216e605c217c14de21f170 Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Sun, 25 Feb 2018 16:21:22 +0000
Subject: [PATCH] Fix up amulet for queens

* Fix up amulet tests to use keystone v3 clients.
* Remove admin_* and auth_* for Queens l3_agent and metadata
  config files as they no longer appears to be used.

Change-Id: Ib952740b0061f76083307d04a772f613a9ba0002
---
 .../contrib/openstack/amulet/utils.py         |  97 ++++++--
 hooks/charmhelpers/contrib/openstack/utils.py |   2 +-
 templates/queens/l3_agent.ini                 |  30 +++
 templates/queens/metadata_agent.ini           |  15 ++
 tests/basic_deployment.py                     |  49 ++--
 .../contrib/openstack/amulet/deployment.py    |  10 +-
 .../contrib/openstack/amulet/utils.py         | 214 ++++++++++++++++--
 tests/charmhelpers/contrib/openstack/utils.py |   2 +-
 ...xenial-queens => gate-basic-xenial-queens} |   0
 9 files changed, 344 insertions(+), 75 deletions(-)
 create mode 100644 templates/queens/l3_agent.ini
 create mode 100644 templates/queens/metadata_agent.ini
 rename tests/{dev-basic-xenial-queens => gate-basic-xenial-queens} (100%)

diff --git a/hooks/charmhelpers/contrib/openstack/amulet/utils.py b/hooks/charmhelpers/contrib/openstack/amulet/utils.py
index d93cff3c..6864fd35 100644
--- a/hooks/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/amulet/utils.py
@@ -367,13 +367,36 @@ class OpenStackAmuletUtils(AmuletUtils):
                               project_domain_name=None, project_name=None):
         """Authenticate with Keystone"""
         self.log.debug('Authenticating with keystone...')
-        port = 5000
-        if admin_port:
-            port = 35357
-        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
-                                        port)
-        if not api_version or api_version == 2:
-            ep = base_ep + "/v2.0"
+        if not api_version:
+            api_version = 2
+        sess, auth = self.get_keystone_session(
+            keystone_ip=keystone_ip,
+            username=username,
+            password=password,
+            api_version=api_version,
+            admin_port=admin_port,
+            user_domain_name=user_domain_name,
+            domain_name=domain_name,
+            project_domain_name=project_domain_name,
+            project_name=project_name
+        )
+        if api_version == 2:
+            client = keystone_client.Client(session=sess)
+        else:
+            client = keystone_client_v3.Client(session=sess)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(sess)
+        return client
+
+    def get_keystone_session(self, keystone_ip, username, password,
+                             api_version=False, admin_port=False,
+                             user_domain_name=None, domain_name=None,
+                             project_domain_name=None, project_name=None):
+        """Return a keystone session object"""
+        ep = self.get_keystone_endpoint(keystone_ip,
+                                        api_version=api_version,
+                                        admin_port=admin_port)
+        if api_version == 2:
             auth = v2.Password(
                 username=username,
                 password=password,
@@ -381,12 +404,7 @@ class OpenStackAmuletUtils(AmuletUtils):
                 auth_url=ep
             )
             sess = keystone_session.Session(auth=auth)
-            client = keystone_client.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
         else:
-            ep = base_ep + "/v3"
             auth = v3.Password(
                 user_domain_name=user_domain_name,
                 username=username,
@@ -397,10 +415,57 @@ class OpenStackAmuletUtils(AmuletUtils):
                 auth_url=ep
             )
             sess = keystone_session.Session(auth=auth)
-            client = keystone_client_v3.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
+        return (sess, auth)
+
+    def get_keystone_endpoint(self, keystone_ip, api_version=None,
+                              admin_port=False):
+        """Return keystone endpoint"""
+        port = 5000
+        if admin_port:
+            port = 35357
+        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
+                                        port)
+        if api_version == 2:
+            ep = base_ep + "/v2.0"
+        else:
+            ep = base_ep + "/v3"
+        return ep
+
+    def get_default_keystone_session(self, keystone_sentry,
+                                     openstack_release=None):
+        """Return a keystone session object and client object assuming standard
+           default settings
+
+           Example call in amulet tests:
+               self.keystone_session, self.keystone = u.get_default_keystone_session(
+                   self.keystone_sentry,
+                   openstack_release=self._get_openstack_release())
+
+           The session can then be used to auth other clients:
+               neutronclient.Client(session=session)
+               aodh_client.Client(session=session)
+               eyc
+        """
+        self.log.debug('Authenticating keystone admin...')
+        api_version = 2
+        client_class = keystone_client.Client
+        # 11 => xenial_queens
+        if openstack_release and openstack_release >= 11:
+            api_version = 3
+            client_class = keystone_client_v3.Client
+        keystone_ip = keystone_sentry.info['public-address']
+        session, auth = self.get_keystone_session(
+            keystone_ip,
+            api_version=api_version,
+            username='admin',
+            password='openstack',
+            project_name='admin',
+            user_domain_name='admin_domain',
+            project_domain_name='admin_domain')
+        client = client_class(session=session)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(session)
+        return session, client
 
     def authenticate_keystone_admin(self, keystone_sentry, user, password,
                                     tenant=None, api_version=None,
diff --git a/hooks/charmhelpers/contrib/openstack/utils.py b/hooks/charmhelpers/contrib/openstack/utils.py
index b753275d..e7194264 100644
--- a/hooks/charmhelpers/contrib/openstack/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/utils.py
@@ -182,7 +182,7 @@ SWIFT_CODENAMES = OrderedDict([
     ('pike',
         ['2.13.0', '2.15.0']),
     ('queens',
-        ['2.16.0']),
+        ['2.16.0', '2.17.0']),
 ])
 
 # >= Liberty version->codename mapping
diff --git a/templates/queens/l3_agent.ini b/templates/queens/l3_agent.ini
new file mode 100644
index 00000000..94f590fd
--- /dev/null
+++ b/templates/queens/l3_agent.ini
@@ -0,0 +1,30 @@
+# newton
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+interface_driver = openvswitch
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+handle_internal_only_routers = {{ handle_internal_only_router }}
+{% if plugin == 'n1kv' %}
+l3_agent_manager = neutron.agent.l3_agent.L3NATAgentWithStateReport
+external_network_bridge = br-int
+ovs_use_veth = False
+use_namespaces = True
+{% else %}
+ovs_use_veth = True
+{% endif %}
+{% if external_configuration_new -%}
+gateway_external_network_id =
+external_network_bridge =
+{% elif ext_net_id %}
+gateway_external_network_id = {{ ext_net_id }}
+{% else %}
+# Set default to deprecated external networking config
+external_network_bridge = br-ex
+{% endif -%}
+agent_mode = {{ agent_mode }}
+
+[AGENT]
+extensions = fwaas
diff --git a/templates/queens/metadata_agent.ini b/templates/queens/metadata_agent.ini
new file mode 100644
index 00000000..8ddda574
--- /dev/null
+++ b/templates/queens/metadata_agent.ini
@@ -0,0 +1,15 @@
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+# Metadata service seems to cache neutron api url from keystone so trigger
+# restart if it changes: {{ quantum_url }}
+[DEFAULT]
+root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+state_path = /var/lib/neutron
+# Gateway runs a metadata API server locally
+nova_metadata_ip = {{ local_ip }}
+nova_metadata_port = 8775
+metadata_proxy_shared_secret = {{ shared_secret }}
+cache_url = memory://?default_ttl=5
+metadata_workers = {{ workers }}
diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py
index 56696776..93470139 100644
--- a/tests/basic_deployment.py
+++ b/tests/basic_deployment.py
@@ -155,19 +155,12 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
         self.neutron_api_sentry = self.d.sentry['neutron-api'][0]
 
         # Authenticate admin with keystone
-        self.keystone = u.authenticate_keystone_admin(self.keystone_sentry,
-                                                      user='admin',
-                                                      password='openstack',
-                                                      tenant='admin')
+        self.keystone_session, self.keystone = u.get_default_keystone_session(
+            self.keystone_sentry,
+            openstack_release=self._get_openstack_release())
 
         # Authenticate admin with neutron
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')
-        self.neutron = neutronclient.Client(auth_url=ep,
-                                            username='admin',
-                                            password='openstack',
-                                            tenant_name='admin',
-                                            region_name='RegionOne')
+        self.neutron = neutronclient.Client(session=self.keystone_session)
 
     def get_private_address(self, unit):
         """Return the private address of the given sentry unit."""
@@ -220,7 +213,10 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
         }
         actual = self.keystone.service_catalog.get_endpoints()
 
-        ret = u.validate_svc_catalog_endpoint_data(expected, actual)
+        ret = u.validate_svc_catalog_endpoint_data(
+            expected,
+            actual,
+            openstack_release=self._get_openstack_release())
         if ret:
             amulet.raise_status(amulet.FAIL, msg=ret)
 
@@ -237,8 +233,13 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
             'publicurl': u.valid_url,
             'service_id': u.not_null
         }
-        ret = u.validate_endpoint_data(endpoints, admin_port, internal_port,
-                                       public_port, expected)
+        ret = u.validate_endpoint_data(
+            endpoints,
+            admin_port,
+            internal_port,
+            public_port,
+            expected,
+            openstack_release=self._get_openstack_release())
 
         if ret:
             amulet.raise_status(amulet.FAIL,
@@ -657,11 +658,6 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
         """Verify the data in the l3 agent config file."""
         u.log.debug('Checking neutron gateway l3 agent config file data...')
         unit = self.neutron_gateway_sentry
-        ncc_ng_rel = self.nova_cc_sentry.relation(
-            'quantum-network-service',
-            'neutron-gateway:quantum-network-service')
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')
 
         conf = '/etc/neutron/l3_agent.ini'
 
@@ -675,11 +671,6 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
                                 'OVSInterfaceDriver')
         expected = {
             'interface_driver': interface_driver,
-            'auth_url': ep,
-            'auth_region': 'RegionOne',
-            'admin_tenant_name': 'services',
-            'admin_password': ncc_ng_rel['service_password'],
-            'admin_user': ncc_ng_rel['service_username'],
             'root_helper': 'sudo /usr/bin/neutron-rootwrap '
                            '/etc/neutron/rootwrap.conf',
             'ovs_use_veth': 'True',
@@ -745,19 +736,9 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
         u.log.debug('Checking neutron gateway metadata agent '
                     'config file data...')
         unit = self.neutron_gateway_sentry
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')
-        nova_cc_relation = self.nova_cc_sentry.relation(
-            'quantum-network-service',
-            'neutron-gateway:quantum-network-service')
 
         conf = '/etc/neutron/metadata_agent.ini'
         expected = {
-            'auth_url': ep,
-            'auth_region': 'RegionOne',
-            'admin_tenant_name': 'services',
-            'admin_password': nova_cc_relation['service_password'],
-            'admin_user': nova_cc_relation['service_username'],
             'root_helper': 'sudo neutron-rootwrap '
                            '/etc/neutron/rootwrap.conf',
             'state_path': '/var/lib/neutron',
diff --git a/tests/charmhelpers/contrib/openstack/amulet/deployment.py b/tests/charmhelpers/contrib/openstack/amulet/deployment.py
index 5afbbd87..66beeda2 100644
--- a/tests/charmhelpers/contrib/openstack/amulet/deployment.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/deployment.py
@@ -21,6 +21,9 @@ from collections import OrderedDict
 from charmhelpers.contrib.amulet.deployment import (
     AmuletDeployment
 )
+from charmhelpers.contrib.openstack.amulet.utils import (
+    OPENSTACK_RELEASES_PAIRS
+)
 
 DEBUG = logging.DEBUG
 ERROR = logging.ERROR
@@ -271,11 +274,8 @@ class OpenStackAmuletDeployment(AmuletDeployment):
            release.
            """
         # Must be ordered by OpenStack release (not by Ubuntu release):
-        (self.trusty_icehouse, self.trusty_kilo, self.trusty_liberty,
-         self.trusty_mitaka, self.xenial_mitaka, self.xenial_newton,
-         self.yakkety_newton, self.xenial_ocata, self.zesty_ocata,
-         self.xenial_pike, self.artful_pike, self.xenial_queens,
-         self.bionic_queens,) = range(13)
+        for i, os_pair in enumerate(OPENSTACK_RELEASES_PAIRS):
+            setattr(self, os_pair, i)
 
         releases = {
             ('trusty', None): self.trusty_icehouse,
diff --git a/tests/charmhelpers/contrib/openstack/amulet/utils.py b/tests/charmhelpers/contrib/openstack/amulet/utils.py
index d93cff3c..5fdcead0 100644
--- a/tests/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/utils.py
@@ -50,6 +50,13 @@ ERROR = logging.ERROR
 
 NOVA_CLIENT_VERSION = "2"
 
+OPENSTACK_RELEASES_PAIRS = [
+    'trusty_icehouse', 'trusty_kilo', 'trusty_liberty',
+    'trusty_mitaka', 'xenial_mitaka', 'xenial_newton',
+    'yakkety_newton', 'xenial_ocata', 'zesty_ocata',
+    'xenial_pike', 'artful_pike', 'xenial_queens',
+    'bionic_queens']
+
 
 class OpenStackAmuletUtils(AmuletUtils):
     """OpenStack amulet utilities.
@@ -63,7 +70,34 @@ class OpenStackAmuletUtils(AmuletUtils):
         super(OpenStackAmuletUtils, self).__init__(log_level)
 
     def validate_endpoint_data(self, endpoints, admin_port, internal_port,
-                               public_port, expected):
+                               public_port, expected, openstack_release=None):
+        """Validate endpoint data. Pick the correct validator based on
+           OpenStack release. Expected data should be in the v2 format:
+           {
+               'id': id,
+               'region': region,
+               'adminurl': adminurl,
+               'internalurl': internalurl,
+               'publicurl': publicurl,
+               'service_id': service_id}
+
+           """
+        validation_function = self.validate_v2_endpoint_data
+        xenial_queens = OPENSTACK_RELEASES_PAIRS.index('xenial_queens')
+        if openstack_release and openstack_release >= xenial_queens:
+                validation_function = self.validate_v3_endpoint_data
+                expected = {
+                    'id': expected['id'],
+                    'region': expected['region'],
+                    'region_id': 'RegionOne',
+                    'url': self.valid_url,
+                    'interface': self.not_null,
+                    'service_id': expected['service_id']}
+        return validation_function(endpoints, admin_port, internal_port,
+                                   public_port, expected)
+
+    def validate_v2_endpoint_data(self, endpoints, admin_port, internal_port,
+                                  public_port, expected):
         """Validate endpoint data.
 
            Validate actual endpoint data vs expected endpoint data. The ports
@@ -141,7 +175,86 @@ class OpenStackAmuletUtils(AmuletUtils):
         if len(found) != expected_num_eps:
             return 'Unexpected number of endpoints found'
 
-    def validate_svc_catalog_endpoint_data(self, expected, actual):
+    def convert_svc_catalog_endpoint_data_to_v3(self, ep_data):
+        """Convert v2 endpoint data into v3.
+
+           {
+               'service_name1': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+               'service_name2': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+           }
+          """
+        self.log.warn("Endpoint ID and Region ID validation is limited to not "
+                      "null checks after v2 to v3 conversion")
+        for svc in ep_data.keys():
+            assert len(ep_data[svc]) == 1, "Unknown data format"
+            svc_ep_data = ep_data[svc][0]
+            ep_data[svc] = [
+                {
+                    'url': svc_ep_data['adminURL'],
+                    'interface': 'admin',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null},
+                {
+                    'url': svc_ep_data['publicURL'],
+                    'interface': 'public',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null},
+                {
+                    'url': svc_ep_data['internalURL'],
+                    'interface': 'internal',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null}]
+        return ep_data
+
+    def validate_svc_catalog_endpoint_data(self, expected, actual,
+                                           openstack_release=None):
+        """Validate service catalog endpoint data. Pick the correct validator
+           for the OpenStack version. Expected data should be in the v2 format:
+           {
+               'service_name1': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+               'service_name2': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+           }
+
+           """
+        validation_function = self.validate_v2_svc_catalog_endpoint_data
+        xenial_queens = OPENSTACK_RELEASES_PAIRS.index('xenial_queens')
+        if openstack_release and openstack_release >= xenial_queens:
+            validation_function = self.validate_v3_svc_catalog_endpoint_data
+            expected = self.convert_svc_catalog_endpoint_data_to_v3(expected)
+        return validation_function(expected, actual)
+
+    def validate_v2_svc_catalog_endpoint_data(self, expected, actual):
         """Validate service catalog endpoint data.
 
            Validate a list of actual service catalog endpoints vs a list of
@@ -367,13 +480,36 @@ class OpenStackAmuletUtils(AmuletUtils):
                               project_domain_name=None, project_name=None):
         """Authenticate with Keystone"""
         self.log.debug('Authenticating with keystone...')
-        port = 5000
-        if admin_port:
-            port = 35357
-        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
-                                        port)
-        if not api_version or api_version == 2:
-            ep = base_ep + "/v2.0"
+        if not api_version:
+            api_version = 2
+        sess, auth = self.get_keystone_session(
+            keystone_ip=keystone_ip,
+            username=username,
+            password=password,
+            api_version=api_version,
+            admin_port=admin_port,
+            user_domain_name=user_domain_name,
+            domain_name=domain_name,
+            project_domain_name=project_domain_name,
+            project_name=project_name
+        )
+        if api_version == 2:
+            client = keystone_client.Client(session=sess)
+        else:
+            client = keystone_client_v3.Client(session=sess)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(sess)
+        return client
+
+    def get_keystone_session(self, keystone_ip, username, password,
+                             api_version=False, admin_port=False,
+                             user_domain_name=None, domain_name=None,
+                             project_domain_name=None, project_name=None):
+        """Return a keystone session object"""
+        ep = self.get_keystone_endpoint(keystone_ip,
+                                        api_version=api_version,
+                                        admin_port=admin_port)
+        if api_version == 2:
             auth = v2.Password(
                 username=username,
                 password=password,
@@ -381,12 +517,7 @@ class OpenStackAmuletUtils(AmuletUtils):
                 auth_url=ep
             )
             sess = keystone_session.Session(auth=auth)
-            client = keystone_client.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
         else:
-            ep = base_ep + "/v3"
             auth = v3.Password(
                 user_domain_name=user_domain_name,
                 username=username,
@@ -397,10 +528,57 @@ class OpenStackAmuletUtils(AmuletUtils):
                 auth_url=ep
             )
             sess = keystone_session.Session(auth=auth)
-            client = keystone_client_v3.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
+        return (sess, auth)
+
+    def get_keystone_endpoint(self, keystone_ip, api_version=None,
+                              admin_port=False):
+        """Return keystone endpoint"""
+        port = 5000
+        if admin_port:
+            port = 35357
+        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
+                                        port)
+        if api_version == 2:
+            ep = base_ep + "/v2.0"
+        else:
+            ep = base_ep + "/v3"
+        return ep
+
+    def get_default_keystone_session(self, keystone_sentry,
+                                     openstack_release=None):
+        """Return a keystone session object and client object assuming standard
+           default settings
+
+           Example call in amulet tests:
+               self.keystone_session, self.keystone = u.get_default_keystone_session(
+                   self.keystone_sentry,
+                   openstack_release=self._get_openstack_release())
+
+           The session can then be used to auth other clients:
+               neutronclient.Client(session=session)
+               aodh_client.Client(session=session)
+               eyc
+        """
+        self.log.debug('Authenticating keystone admin...')
+        api_version = 2
+        client_class = keystone_client.Client
+        # 11 => xenial_queens
+        if openstack_release and openstack_release >= 11:
+            api_version = 3
+            client_class = keystone_client_v3.Client
+        keystone_ip = keystone_sentry.info['public-address']
+        session, auth = self.get_keystone_session(
+            keystone_ip,
+            api_version=api_version,
+            username='admin',
+            password='openstack',
+            project_name='admin',
+            user_domain_name='admin_domain',
+            project_domain_name='admin_domain')
+        client = client_class(session=session)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(session)
+        return session, client
 
     def authenticate_keystone_admin(self, keystone_sentry, user, password,
                                     tenant=None, api_version=None,
diff --git a/tests/charmhelpers/contrib/openstack/utils.py b/tests/charmhelpers/contrib/openstack/utils.py
index b753275d..e7194264 100644
--- a/tests/charmhelpers/contrib/openstack/utils.py
+++ b/tests/charmhelpers/contrib/openstack/utils.py
@@ -182,7 +182,7 @@ SWIFT_CODENAMES = OrderedDict([
     ('pike',
         ['2.13.0', '2.15.0']),
     ('queens',
-        ['2.16.0']),
+        ['2.16.0', '2.17.0']),
 ])
 
 # >= Liberty version->codename mapping
diff --git a/tests/dev-basic-xenial-queens b/tests/gate-basic-xenial-queens
similarity index 100%
rename from tests/dev-basic-xenial-queens
rename to tests/gate-basic-xenial-queens