295 lines
12 KiB
Python
295 lines
12 KiB
Python
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import uuid
|
|
|
|
import mock
|
|
from oslo_config import cfg
|
|
import webob
|
|
|
|
from nova.api.openstack.compute.contrib import evacuate as evacuate_v2
|
|
from nova.api.openstack.compute.plugins.v3 import evacuate as evacuate_v21
|
|
from nova.api.openstack import extensions
|
|
from nova.compute import api as compute_api
|
|
from nova.compute import vm_states
|
|
from nova import exception
|
|
from nova import test
|
|
from nova.tests.unit.api.openstack import fakes
|
|
from nova.tests.unit import fake_instance
|
|
|
|
|
|
CONF = cfg.CONF
|
|
CONF.import_opt('password_length', 'nova.utils')
|
|
|
|
|
|
def fake_compute_api(*args, **kwargs):
|
|
return True
|
|
|
|
|
|
def fake_compute_api_get(self, context, instance_id, want_objects=False,
|
|
**kwargs):
|
|
# BAD_UUID is something that does not exist
|
|
if instance_id == 'BAD_UUID':
|
|
raise exception.InstanceNotFound(instance_id=instance_id)
|
|
else:
|
|
return fake_instance.fake_instance_obj(context, id=1, uuid=instance_id,
|
|
task_state=None, host='host1',
|
|
vm_state=vm_states.ACTIVE)
|
|
|
|
|
|
def fake_service_get_by_compute_host(self, context, host):
|
|
if host == 'bad-host':
|
|
raise exception.ComputeHostNotFound(host=host)
|
|
else:
|
|
return {
|
|
'host_name': host,
|
|
'service': 'compute',
|
|
'zone': 'nova'
|
|
}
|
|
|
|
|
|
class EvacuateTestV21(test.NoDBTestCase):
|
|
validation_error = exception.ValidationError
|
|
_methods = ('resize', 'evacuate')
|
|
|
|
def setUp(self):
|
|
super(EvacuateTestV21, self).setUp()
|
|
self.stubs.Set(compute_api.API, 'get', fake_compute_api_get)
|
|
self.stubs.Set(compute_api.HostAPI, 'service_get_by_compute_host',
|
|
fake_service_get_by_compute_host)
|
|
self.UUID = uuid.uuid4()
|
|
for _method in self._methods:
|
|
self.stubs.Set(compute_api.API, _method, fake_compute_api)
|
|
self._set_up_controller()
|
|
self.admin_req = fakes.HTTPRequest.blank('', use_admin_context=True)
|
|
self.req = fakes.HTTPRequest.blank('')
|
|
|
|
def _set_up_controller(self):
|
|
self.controller = evacuate_v21.EvacuateController()
|
|
self.controller_no_ext = self.controller
|
|
|
|
def _get_evacuate_response(self, json_load, uuid=None):
|
|
base_json_load = {'evacuate': json_load}
|
|
response = self.controller._evacuate(self.admin_req, uuid or self.UUID,
|
|
body=base_json_load)
|
|
|
|
return response
|
|
|
|
def _check_evacuate_failure(self, exception, body, uuid=None,
|
|
controller=None):
|
|
controller = controller or self.controller
|
|
body = {'evacuate': body}
|
|
self.assertRaises(exception,
|
|
controller._evacuate,
|
|
self.admin_req, uuid or self.UUID, body=body)
|
|
|
|
def test_evacuate_with_valid_instance(self):
|
|
admin_pass = 'MyNewPass'
|
|
res = self._get_evacuate_response({'host': 'my-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': admin_pass})
|
|
|
|
self.assertEqual(admin_pass, res['adminPass'])
|
|
|
|
def test_evacuate_with_invalid_instance(self):
|
|
self._check_evacuate_failure(webob.exc.HTTPNotFound,
|
|
{'host': 'my-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'},
|
|
uuid='BAD_UUID')
|
|
|
|
def test_evacuate_with_active_service(self):
|
|
def fake_evacuate(*args, **kwargs):
|
|
raise exception.ComputeServiceInUse("Service still in use")
|
|
|
|
self.stubs.Set(compute_api.API, 'evacuate', fake_evacuate)
|
|
self._check_evacuate_failure(webob.exc.HTTPBadRequest,
|
|
{'host': 'my-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_no_target(self):
|
|
admin_pass = 'MyNewPass'
|
|
res = self._get_evacuate_response({'onSharedStorage': 'False',
|
|
'adminPass': admin_pass})
|
|
|
|
self.assertEqual(admin_pass, res['adminPass'])
|
|
|
|
def test_evacuate_instance_without_on_shared_storage(self):
|
|
self._check_evacuate_failure(self.validation_error,
|
|
{'host': 'my-host',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_invalid_characters_host(self):
|
|
host = 'abc!#'
|
|
self._check_evacuate_failure(self.validation_error,
|
|
{'host': host,
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_too_long_host(self):
|
|
host = 'a' * 256
|
|
self._check_evacuate_failure(self.validation_error,
|
|
{'host': host,
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_invalid_on_shared_storage(self):
|
|
self._check_evacuate_failure(self.validation_error,
|
|
{'host': 'my-host',
|
|
'onSharedStorage': 'foo',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_bad_target(self):
|
|
self._check_evacuate_failure(webob.exc.HTTPNotFound,
|
|
{'host': 'bad-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_target(self):
|
|
admin_pass = 'MyNewPass'
|
|
res = self._get_evacuate_response({'host': 'my-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': admin_pass})
|
|
|
|
self.assertEqual(admin_pass, res['adminPass'])
|
|
|
|
@mock.patch('nova.objects.Instance.save')
|
|
def test_evacuate_shared_and_pass(self, mock_save):
|
|
self._check_evacuate_failure(webob.exc.HTTPBadRequest,
|
|
{'host': 'bad-host',
|
|
'onSharedStorage': 'True',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
@mock.patch('nova.objects.Instance.save')
|
|
def test_evacuate_not_shared_pass_generated(self, mock_save):
|
|
res = self._get_evacuate_response({'host': 'my-host',
|
|
'onSharedStorage': 'False'})
|
|
self.assertEqual(CONF.password_length, len(res['adminPass']))
|
|
|
|
@mock.patch('nova.objects.Instance.save')
|
|
def test_evacuate_shared(self, mock_save):
|
|
self._get_evacuate_response({'host': 'my-host',
|
|
'onSharedStorage': 'True'})
|
|
|
|
def test_not_admin(self):
|
|
body = {'evacuate': {'host': 'my-host',
|
|
'onSharedStorage': 'False'}}
|
|
self.assertRaises(exception.PolicyNotAuthorized,
|
|
self.controller._evacuate,
|
|
self.req, self.UUID, body=body)
|
|
|
|
def test_evacuate_to_same_host(self):
|
|
self._check_evacuate_failure(webob.exc.HTTPBadRequest,
|
|
{'host': 'host1',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'})
|
|
|
|
def test_evacuate_instance_with_empty_host(self):
|
|
self._check_evacuate_failure(self.validation_error,
|
|
{'host': '',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'},
|
|
controller=self.controller_no_ext)
|
|
|
|
@mock.patch('nova.objects.Instance.save')
|
|
def test_evacuate_instance_with_underscore_in_hostname(self, mock_save):
|
|
admin_pass = 'MyNewPass'
|
|
# NOTE: The hostname grammar in RFC952 does not allow for
|
|
# underscores in hostnames. However, we should test that it
|
|
# is supported because it sometimes occurs in real systems.
|
|
res = self._get_evacuate_response({'host': 'underscore_hostname',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': admin_pass})
|
|
|
|
self.assertEqual(admin_pass, res['adminPass'])
|
|
|
|
def test_evacuate_disable_password_return(self):
|
|
self._test_evacuate_enable_instance_password_conf(False)
|
|
|
|
def test_evacuate_enable_password_return(self):
|
|
self._test_evacuate_enable_instance_password_conf(True)
|
|
|
|
@mock.patch('nova.objects.Instance.save')
|
|
def _test_evacuate_enable_instance_password_conf(self, mock_save,
|
|
enable_pass):
|
|
self.flags(enable_instance_password=enable_pass)
|
|
|
|
res = self._get_evacuate_response({'host': 'underscore_hostname',
|
|
'onSharedStorage': 'False'})
|
|
if enable_pass:
|
|
self.assertIn('adminPass', res)
|
|
else:
|
|
self.assertIsNone(res.get('adminPass'))
|
|
|
|
|
|
class EvacuateTestV2(EvacuateTestV21):
|
|
validation_error = webob.exc.HTTPBadRequest
|
|
|
|
def _set_up_controller(self):
|
|
ext_mgr = extensions.ExtensionManager()
|
|
ext_mgr.extensions = {'os-extended-evacuate-find-host': 'fake'}
|
|
self.controller = evacuate_v2.Controller(ext_mgr)
|
|
ext_mgr_no_ext = extensions.ExtensionManager()
|
|
ext_mgr_no_ext.extensions = {}
|
|
self.controller_no_ext = evacuate_v2.Controller(ext_mgr_no_ext)
|
|
|
|
def test_no_target_fails_if_extension_not_loaded(self):
|
|
self._check_evacuate_failure(webob.exc.HTTPBadRequest,
|
|
{'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'},
|
|
controller=self.controller_no_ext)
|
|
|
|
def test_evacuate_instance_with_too_long_host(self):
|
|
pass
|
|
|
|
def test_evacuate_instance_with_invalid_characters_host(self):
|
|
pass
|
|
|
|
def test_evacuate_instance_with_invalid_on_shared_storage(self):
|
|
pass
|
|
|
|
def test_evacuate_disable_password_return(self):
|
|
pass
|
|
|
|
def test_evacuate_enable_password_return(self):
|
|
pass
|
|
|
|
def tet_evacuate_with_non_admin(self):
|
|
self.assertRaises(exception.AdminRequired, self.controller.evacuate,
|
|
self.req, fakes.FAKE_UUID, {})
|
|
|
|
|
|
class EvacuatePolicyEnforcementv21(test.NoDBTestCase):
|
|
|
|
def setUp(self):
|
|
super(EvacuatePolicyEnforcementv21, self).setUp()
|
|
self.controller = evacuate_v21.EvacuateController()
|
|
|
|
def test_evacuate_policy_failed(self):
|
|
rule_name = "os_compute_api:os-evacuate"
|
|
self.policy.set_rules({rule_name: "project:non_fake"})
|
|
req = fakes.HTTPRequest.blank('')
|
|
body = {'evacuate': {'host': 'my-host',
|
|
'onSharedStorage': 'False',
|
|
'adminPass': 'MyNewPass'
|
|
}}
|
|
exc = self.assertRaises(
|
|
exception.PolicyNotAuthorized,
|
|
self.controller._evacuate, req, fakes.FAKE_UUID,
|
|
body=body)
|
|
self.assertEqual(
|
|
"Policy doesn't allow %s to be performed." % rule_name,
|
|
exc.format_message())
|