Accommodate v2 and v3 auth for integration tests

devstack has moved default Keystone API version to v3[1].

[1] f4ce44bf3f

Though the above patch has been reverted, this would help
if devstack removes v2 support in the future.

Change-Id: I393750d00b3712a015e48a3cf38ab5f95bb61dae
Closes-Bug: #1539692
This commit is contained in:
Rabi Mishra 2016-01-29 22:23:21 +05:30
parent 6e660e9033
commit e80d27213c
5 changed files with 85 additions and 43 deletions

View File

@ -15,13 +15,49 @@ import os
import ceilometerclient.client import ceilometerclient.client
import cinderclient.client import cinderclient.client
import heatclient.client import heatclient.client
from keystoneclient.auth.identity.generic import password
import keystoneclient.client
import keystoneclient.exceptions import keystoneclient.exceptions
import keystoneclient.v2_0.client from keystoneclient import session
import neutronclient.v2_0.client import neutronclient.v2_0.client
import novaclient.client import novaclient.client
import swiftclient import swiftclient
class KeystoneWrapperClient(object):
"""Wrapper object for keystone client
This Wraps keystone client,so we can encpasulate certain
added properties like auth_token, project_id etc.
"""
def __init__(self, auth_plugin, verify=True):
self.auth_plugin = auth_plugin
self.session = session.Session(
auth=auth_plugin,
verify=verify)
@property
def auth_token(self):
return self.auth_plugin.get_token(self.session)
@property
def auth_ref(self):
return self.auth_plugin.get_access(self.session)
@property
def project_id(self):
return self.auth_plugin.get_project_id(self.session)
def get_endpoint_url(self, service_type, region=None):
kwargs = {
'service_type': service_type,
'endpoint_type': 'publicURL'}
if region:
kwargs.update({'attr': 'region',
'filter_value': region})
return self.auth_ref.service_catalog.url_for(**kwargs)
class ClientManager(object): class ClientManager(object):
"""Provides access to the official python clients for calling various APIs. """Provides access to the official python clients for calling various APIs.
@ -36,6 +72,8 @@ class ClientManager(object):
def __init__(self, conf): def __init__(self, conf):
self.conf = conf self.conf = conf
self.v2_auth_url = self.conf.auth_url.replace('/v3', '/v2.0')
self.auth_version = self.conf.auth_url.split('/v')[1]
self.identity_client = self._get_identity_client() self.identity_client = self._get_identity_client()
self.orchestration_client = self._get_orchestration_client() self.orchestration_client = self._get_orchestration_client()
self.compute_client = self._get_compute_client() self.compute_client = self._get_compute_client()
@ -45,20 +83,15 @@ class ClientManager(object):
self.metering_client = self._get_metering_client() self.metering_client = self._get_metering_client()
def _get_orchestration_client(self): def _get_orchestration_client(self):
region = self.conf.region
endpoint = os.environ.get('HEAT_URL') endpoint = os.environ.get('HEAT_URL')
if os.environ.get('OS_NO_CLIENT_AUTH') == 'True': if os.environ.get('OS_NO_CLIENT_AUTH') == 'True':
token = None token = None
else: else:
keystone = self._get_identity_client() token = self.identity_client.auth_token
token = keystone.auth_token
try: try:
if endpoint is None: if endpoint is None:
endpoint = keystone.service_catalog.url_for( endpoint = self.identity_client.get_endpoint_url(
attr='region', 'orchestration', self.conf.region)
filter_value=region,
service_type='orchestration',
endpoint_type='publicURL')
except keystoneclient.exceptions.EndpointNotFound: except keystoneclient.exceptions.EndpointNotFound:
return None return None
else: else:
@ -70,12 +103,22 @@ class ClientManager(object):
password=self.conf.password) password=self.conf.password)
def _get_identity_client(self): def _get_identity_client(self):
return keystoneclient.v2_0.client.Client( domain = self.conf.domain_name
username=self.conf.username, kwargs = {
password=self.conf.password, 'username': self.conf.username,
tenant_name=self.conf.tenant_name, 'password': self.conf.password,
auth_url=self.conf.auth_url, 'tenant_name': self.conf.tenant_name,
insecure=self.conf.disable_ssl_certificate_validation) 'auth_url': self.conf.auth_url
}
# keystone v2 can't ignore domain details
if self.auth_version == '3':
kwargs.update({
'project_domain_name': domain,
'user_domain_name': domain})
auth = password.Password(**kwargs)
return KeystoneWrapperClient(
auth,
not self.conf.disable_ssl_certificate_validation)
def _get_compute_client(self): def _get_compute_client(self):
@ -86,7 +129,8 @@ class ClientManager(object):
self.conf.username, self.conf.username,
self.conf.password, self.conf.password,
self.conf.tenant_name, self.conf.tenant_name,
self.conf.auth_url # novaclient can not use v3 url
self.v2_auth_url
) )
# Create our default Nova client to use in testing # Create our default Nova client to use in testing
@ -101,7 +145,6 @@ class ClientManager(object):
http_log_debug=True) http_log_debug=True)
def _get_network_client(self): def _get_network_client(self):
auth_url = self.conf.auth_url
dscv = self.conf.disable_ssl_certificate_validation dscv = self.conf.disable_ssl_certificate_validation
return neutronclient.v2_0.client.Client( return neutronclient.v2_0.client.Client(
@ -109,11 +152,11 @@ class ClientManager(object):
password=self.conf.password, password=self.conf.password,
tenant_name=self.conf.tenant_name, tenant_name=self.conf.tenant_name,
endpoint_type='publicURL', endpoint_type='publicURL',
auth_url=auth_url, # neutronclient can not use v3 url
auth_url=self.v2_auth_url,
insecure=dscv) insecure=dscv)
def _get_volume_client(self): def _get_volume_client(self):
auth_url = self.conf.auth_url
region = self.conf.region region = self.conf.region
endpoint_type = 'publicURL' endpoint_type = 'publicURL'
dscv = self.conf.disable_ssl_certificate_validation dscv = self.conf.disable_ssl_certificate_validation
@ -122,7 +165,8 @@ class ClientManager(object):
self.conf.username, self.conf.username,
self.conf.password, self.conf.password,
self.conf.tenant_name, self.conf.tenant_name,
auth_url, # cinderclient can not use v3 url
self.v2_auth_url,
region_name=region, region_name=region,
endpoint_type=endpoint_type, endpoint_type=endpoint_type,
insecure=dscv, insecure=dscv,
@ -131,7 +175,7 @@ class ClientManager(object):
def _get_object_client(self): def _get_object_client(self):
dscv = self.conf.disable_ssl_certificate_validation dscv = self.conf.disable_ssl_certificate_validation
args = { args = {
'auth_version': '2.0', 'auth_version': self.auth_version,
'tenant_name': self.conf.tenant_name, 'tenant_name': self.conf.tenant_name,
'user': self.conf.username, 'user': self.conf.username,
'key': self.conf.password, 'key': self.conf.password,
@ -143,15 +187,10 @@ class ClientManager(object):
def _get_metering_client(self): def _get_metering_client(self):
dscv = self.conf.disable_ssl_certificate_validation dscv = self.conf.disable_ssl_certificate_validation
domain = self.conf.domain_name
keystone = self._get_identity_client()
try: try:
endpoint = keystone.service_catalog.url_for( endpoint = self.identity_client.get_endpoint_url('metering',
attr='region', self.conf.region)
filter_value=self.conf.region,
service_type='metering',
endpoint_type='publicURL')
except keystoneclient.exceptions.EndpointNotFound: except keystoneclient.exceptions.EndpointNotFound:
return None return None
else: else:
@ -165,6 +204,12 @@ class ClientManager(object):
'endpoint_type': 'publicURL', 'endpoint_type': 'publicURL',
'service_type': 'metering', 'service_type': 'metering',
} }
# ceilometerclient can't ignore domain details for
# v2 auth_url
if self.auth_version == '3':
args.update(
{'user_domain_name': domain,
'project_domain_name': domain})
return ceilometerclient.client.Client(self.CEILOMETER_VERSION, return ceilometerclient.client.Client(self.CEILOMETER_VERSION,
endpoint, **args) endpoint, **args)

View File

@ -32,10 +32,14 @@ IntegrationTestGroup = [
help="Tenant name to use for API requests."), help="Tenant name to use for API requests."),
cfg.StrOpt('auth_url', cfg.StrOpt('auth_url',
default=os.environ.get('OS_AUTH_URL'), default=os.environ.get('OS_AUTH_URL'),
help="Full URI of the OpenStack Identity API (Keystone), v2"), help="Full URI of the OpenStack Identity API (Keystone)"),
cfg.StrOpt('domain_name',
default='default',
help="User/project domain name, if keystone v3 auth_url"
"is used"),
cfg.StrOpt('region', cfg.StrOpt('region',
default=os.environ.get('OS_REGION_NAME'), default=os.environ.get('OS_REGION_NAME'),
help="The region name to us"), help="The region name to use"),
cfg.StrOpt('instance_type', cfg.StrOpt('instance_type',
help="Instance type for tests. Needs to be big enough for a " help="Instance type for tests. Needs to be big enough for a "
"full OS plus the test workload"), "full OS plus the test workload"),
@ -48,10 +52,6 @@ IntegrationTestGroup = [
cfg.StrOpt('minimal_image_ref', cfg.StrOpt('minimal_image_ref',
help="Name of minimal (e.g cirros) image to use when " help="Name of minimal (e.g cirros) image to use when "
"launching test instances."), "launching test instances."),
cfg.StrOpt('auth_version',
default='v2',
help="Identity API version to be used for authentication "
"for API tests."),
cfg.BoolOpt('disable_ssl_certificate_validation', cfg.BoolOpt('disable_ssl_certificate_validation',
default=False, default=False,
help="Set to True if using self-signed SSL certificates."), help="Set to True if using self-signed SSL certificates."),
@ -124,6 +124,7 @@ IntegrationTestGroup = [
cfg.StrOpt('heat-config-notify-script', cfg.StrOpt('heat-config-notify-script',
default=('heat-config-notify'), default=('heat-config-notify'),
help="Path to the script heat-config-notify"), help="Path to the script heat-config-notify"),
] ]

View File

@ -77,7 +77,7 @@ Outputs:
def setUp(self): def setUp(self):
super(AwsStackTest, self).setUp() super(AwsStackTest, self).setUp()
self.object_container_name = test.rand_name() self.object_container_name = test.rand_name()
self.project_id = self.identity_client.auth_ref.project_id self.project_id = self.identity_client.project_id
self.swift_key = hashlib.sha224( self.swift_key = hashlib.sha224(
str(random.getrandbits(256))).hexdigest()[:32] str(random.getrandbits(256))).hexdigest()[:32]
key_header = 'x-container-meta-temp-url-key' key_header = 'x-container-meta-temp-url-key'

View File

@ -42,13 +42,9 @@ resources:
"Sahara resources availability.") "Sahara resources availability.")
def _is_sahara_deployed(self): def _is_sahara_deployed(self):
keystone = self.identity_client
try: try:
keystone.service_catalog.url_for( self.identity_client.get_endpoint_url('data-processing',
attr='region', self.conf.region)
filter_value=self.conf.region,
service_type='data-processing',
endpoint_type='publicURL')
except keystoneclient.exceptions.EndpointNotFound: except keystoneclient.exceptions.EndpointNotFound:
return False return False
return True return True

View File

@ -43,7 +43,7 @@ parameters:
def setUp(self): def setUp(self):
super(StackPreviewTest, self).setUp() super(StackPreviewTest, self).setUp()
self.client = self.orchestration_client self.client = self.orchestration_client
self.project_id = self.identity_client.auth_ref.project_id self.project_id = self.identity_client.project_id
def _assert_resource(self, res, stack_name): def _assert_resource(self, res, stack_name):
self.assertEqual(stack_name, res['stack_name']) self.assertEqual(stack_name, res['stack_name'])