Allow flavor creation for non admin projects
Heat's recent policy changes reduced the scope of context_is_admin to be super user privileged which affects Tacker for auto flavor creation. Handle devstack script changes to modify OS::Nova::Flavor rule to 'admin' role only in heat's policy.json. Modify manual installation guide to incorporate these additional steps. Co-Authored-By: Bharath Thiruveedula <bharath_ves@hotmail.com> Change-Id: I7aceb21cbfaa6c45efa5c815a9bf7a0a26babc77 Closes-Bug: #1595311
This commit is contained in:
parent
ae9d314d71
commit
496f946ef3
@ -92,6 +92,8 @@ TACKER_NOVA_API_INSECURE=${TACKER_NOVA_API_INSECURE:-False}
|
||||
# Tell Tempest this project is present
|
||||
# TEMPEST_SERVICES+=,tacker
|
||||
|
||||
HEAT_CONF_DIR=/etc/heat
|
||||
|
||||
# Functions
|
||||
# ---------
|
||||
# Test if any Tacker services are enabled
|
||||
@ -407,3 +409,9 @@ function tacker_register_default_vim {
|
||||
echo $default_vim_id
|
||||
iniset $TACKER_CONF nfvo_vim default_vim $DEFAULT_VIM_NAME
|
||||
}
|
||||
|
||||
function modify_heat_flavor_policy_rule {
|
||||
local policy_file=$HEAT_CONF_DIR/policy.json
|
||||
# Allow non-admin projects with 'admin' roles to create flavors in Heat
|
||||
sed -i 's/"resource_types:OS::Nova::Flavor": "rule:context_is_admin"/"resource_types:OS::Nova::Flavor": "role:admin"/' $policy_file
|
||||
}
|
@ -30,6 +30,8 @@ if is_service_enabled tacker; then
|
||||
start_tacker_api
|
||||
echo_summary "Installing tacker horizon"
|
||||
tacker_horizon_install
|
||||
echo_summary "Modifying Heat policy.json file"
|
||||
modify_heat_flavor_policy_rule
|
||||
echo_summary "Setup initial tacker network"
|
||||
tacker_create_initial_network
|
||||
echo_summary "Upload OpenWrt image"
|
||||
|
@ -52,6 +52,14 @@ services after the below entry has been added.
|
||||
|
||||
..
|
||||
|
||||
5). Modify heat's policy.json file under /etc/heat/policy.json file to allow
|
||||
users in non-admin projects with 'admin' roles to create flavors.
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
"resource_types:OS::Nova::Flavor": "role:admin"
|
||||
..
|
||||
|
||||
Installing Tacker server
|
||||
========================
|
||||
|
||||
|
@ -17,9 +17,11 @@ import time
|
||||
from novaclient import client as nova_client
|
||||
from oslo_config import cfg
|
||||
from tempest_lib.tests import base
|
||||
import yaml
|
||||
|
||||
from tacker.common.exceptions import TackerException
|
||||
from tacker.tests import constants
|
||||
from tacker.tests.utils import read_file
|
||||
from tacker import version
|
||||
|
||||
from tackerclient.v1_0 import client as tacker_client
|
||||
@ -32,22 +34,6 @@ class BaseTackerTest(base.TestCase):
|
||||
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
core_opts = [
|
||||
cfg.StrOpt('username', default='tacker',
|
||||
help=('Username to use for tacker API requests')),
|
||||
cfg.StrOpt('password', default = 'devstack',
|
||||
help=('Password to use for tacker API requests')),
|
||||
cfg.StrOpt('project_name', default = 'service',
|
||||
help=('Project name to use for tacker API requests')),
|
||||
cfg.StrOpt('auth_uri', default='http://127.0.0.1:5000',
|
||||
help=('The keystone auth URI')),
|
||||
]
|
||||
|
||||
keystone_authtoken = cfg.OptGroup(name='keystone_authtoken',
|
||||
title='keystone options')
|
||||
# Register the configuration options
|
||||
cfg.CONF.register_opts(core_opts, group=keystone_authtoken)
|
||||
|
||||
kwargs = {}
|
||||
|
||||
cfg.CONF(args=['--config-file', '/etc/tacker/tacker.conf'],
|
||||
@ -57,24 +43,27 @@ class BaseTackerTest(base.TestCase):
|
||||
|
||||
cls.client = cls.tackerclient()
|
||||
|
||||
@classmethod
|
||||
def get_credentials(cls):
|
||||
vim_params = yaml.load(read_file('local-vim.yaml'))
|
||||
vim_params['auth_url'] += '/v2.0'
|
||||
return vim_params
|
||||
|
||||
@classmethod
|
||||
def tackerclient(cls):
|
||||
username = cfg.CONF.keystone_authtoken.username
|
||||
password = cfg.CONF.keystone_authtoken.password
|
||||
tenant_name = cfg.CONF.keystone_authtoken.project_name
|
||||
auth_uri = cfg.CONF.keystone_authtoken.auth_uri + '/v2.0'
|
||||
return tacker_client.Client(username=username, password=password,
|
||||
tenant_name=tenant_name,
|
||||
auth_url=auth_uri)
|
||||
vim_params = cls.get_credentials()
|
||||
return tacker_client.Client(username=vim_params['username'],
|
||||
password=vim_params['password'],
|
||||
tenant_name=vim_params['project_name'],
|
||||
auth_url=vim_params['auth_url'])
|
||||
|
||||
@classmethod
|
||||
def novaclient(cls):
|
||||
username = 'nfv_user'
|
||||
password = 'devstack'
|
||||
tenant_name = 'nfv'
|
||||
auth_uri = cfg.CONF.keystone_authtoken.auth_uri + '/v2.0'
|
||||
return nova_client.Client('2', username, password, tenant_name,
|
||||
auth_uri)
|
||||
vim_params = cls.get_credentials()
|
||||
return nova_client.Client('2', vim_params['username'],
|
||||
vim_params['password'],
|
||||
vim_params['project_name'],
|
||||
vim_params['auth_url'])
|
||||
|
||||
@classmethod
|
||||
def wait_until_vnf_status(cls, vnf_id, target_status, timeout,
|
||||
|
@ -68,17 +68,19 @@ class VnfTestToscaCreate(base.BaseTackerTest):
|
||||
class VnfTestToscaCreateFlavorCreation(base.BaseTackerTest):
|
||||
def test_create_delete_vnf_tosca_no_monitoring(self):
|
||||
data = dict()
|
||||
vnfd_name = 'tosca_vnfd_with_auto_flavor'
|
||||
data['tosca'] = read_file('sample-tosca-vnfd-flavor.yaml')
|
||||
toscal = data['tosca']
|
||||
tosca_arg = {'vnfd': {'attributes': {'vnfd': toscal}}}
|
||||
tosca_arg = {'vnfd': {'name': vnfd_name, 'attributes': {'vnfd':
|
||||
toscal}}}
|
||||
|
||||
# Create vnfd with tosca template
|
||||
vnfd_instance = self.client.create_vnfd(body=tosca_arg)
|
||||
self.assertIsNotNone(vnfd_instance)
|
||||
|
||||
# Create vnf with vnfd_id
|
||||
vnf_name = 'tosca_vnf_with_auto_flavor'
|
||||
vnfd_id = vnfd_instance['vnfd']['id']
|
||||
vnf_name = 'test_tosca_vnf_with_cirros_no_monitoring'
|
||||
vnf_arg = {'vnf': {'vnfd_id': vnfd_id, 'name': vnf_name}}
|
||||
vnf_instance = self.client.create_vnf(body=vnf_arg)
|
||||
|
||||
@ -121,9 +123,11 @@ class VnfTestToscaCreateFlavorCreation(base.BaseTackerTest):
|
||||
class VnfTestToscaCreateImageCreation(base.BaseTackerTest):
|
||||
def test_create_delete_vnf_tosca_no_monitoring(self):
|
||||
data = dict()
|
||||
vnfd_name = 'tosca_vnfd_with_auto_image'
|
||||
data['tosca'] = read_file('sample-tosca-vnfd-image.yaml')
|
||||
toscal = data['tosca']
|
||||
tosca_arg = {'vnfd': {'attributes': {'vnfd': toscal}}}
|
||||
tosca_arg = {'vnfd': {'name': vnfd_name, 'attributes': {'vnfd':
|
||||
toscal}}}
|
||||
|
||||
# Create vnfd with tosca template
|
||||
vnfd_instance = self.client.create_vnfd(body=tosca_arg)
|
||||
@ -131,7 +135,7 @@ class VnfTestToscaCreateImageCreation(base.BaseTackerTest):
|
||||
|
||||
# Create vnf with vnfd_id
|
||||
vnfd_id = vnfd_instance['vnfd']['id']
|
||||
vnf_name = 'test_tosca_vnf_with_cirros_no_monitoring'
|
||||
vnf_name = 'tosca_vnf_with_auto_image'
|
||||
vnf_arg = {'vnf': {'vnfd_id': vnfd_id, 'name': vnf_name}}
|
||||
vnf_instance = self.client.create_vnf(body=vnf_arg)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user