FT Setup to test multi-tenant policy in LCM

To validate functional test cases in Zuul environment this patch adds a new Ansible playbook. This playbook helps in creating two different OpenStack projects, users to validate multi tenant policy in Lifecycle Management. In current design, tacker uses an administrator role user "nfv_user" to execute functional test cases. Whereas this patch adds member role (non administrator user) to newly created users. Generates OpenStack VIM config files using helper script and register default VIMs to respective tenants. Additionally copies newly generated VIM config files to "tacker/tacker/tests/etc/samples" folder as these are required in functional test cases. Partial Implement: blueprint multi-tenant-policy Change-Id: I20491eb294e5653bcdc2864885f55d04b21696a1
2022-01-17 20:01:34 +05:30 · 2022-01-17 20:01:34 +05:30 · 724e679e93
parent 0ae606932e
commit 724e679e93
3 changed files with 145 additions and 0 deletions
--- a/playbooks/devstack/pre.yaml
+++ b/playbooks/devstack/pre.yaml
@ -5,6 +5,7 @@
    - modify-heat-policy
    - setup-default-vim
    - setup-helm
+    - setup-multi-tenant-vim
    - role: bindep
      bindep_profile: test
      bindep_dir: "{{ zuul_work_dir }}"
--- a/roles/setup-multi-tenant-vim/defaults/main.yaml
+++ b/roles/setup-multi-tenant-vim/defaults/main.yaml
@ -0,0 +1,15 @@
+os_username_tenant1: test_user_1
+os_password_tenant1: devstack
+os_project_tenant1: test_tenant_1
+os_domain_tenant1: Default
+os_vim_name_tenant1: VIM_TEST
+os_vim_conf_name_tenant1: local-tenant1-vim.yaml
+os_vim_conf_path_tenant1: /tmp/local-tenant1-vim.yaml
+os_username_tenant2: test_user_2
+os_password_tenant2: devstack
+os_project_tenant2: test_tenant_2
+os_domain_tenant2: Default
+os_vim_name_tenant2: VIM_DEMO
+os_vim_conf_name_tenant2: local-tenant2-vim.yaml
+os_vim_conf_path_tenant2: /tmp/local-tenant2-vim.yaml
+os_member_role: member
--- a/roles/setup-multi-tenant-vim/tasks/main.yaml
+++ b/roles/setup-multi-tenant-vim/tasks/main.yaml
@ -0,0 +1,129 @@
+- block:
+  - name: Create first OpenStack project, user and assign role
+    shell: |
+       openstack --os-cloud devstack-admin project create \
+       --domain {{ os_domain_tenant1 }} \
+       --description 'Test multi tenant policy' {{ os_project_tenant1 }}
+       openstack --os-cloud devstack-admin user create \
+       --domain {{ os_domain_tenant1 }} --project {{ os_project_tenant1 }} \
+       --password {{ os_password_tenant1 }} {{ os_username_tenant1 }}
+       openstack --os-cloud devstack-admin role add \
+       --project {{ os_project_tenant1 }} \
+       --user {{ os_username_tenant1 }} {{ os_member_role }}
+
+  - name: Create second OpenStack project, user and assign role
+    shell: |
+       openstack --os-cloud devstack-admin project create \
+       --domain {{ os_domain_tenant2 }} \
+       --description 'Test multi tenant policy' {{ os_project_tenant2 }}
+       openstack --os-cloud devstack-admin user create \
+       --domain {{ os_domain_tenant2 }} --project {{ os_project_tenant2 }} \
+       --password {{ os_password_tenant2 }} {{ os_username_tenant2 }}
+       openstack --os-cloud devstack-admin role add \
+       --project {{ os_project_tenant2 }} \
+       --user {{ os_username_tenant2 }} {{ os_member_role }}
+
+  - name: Get stackenv from devstack environment
+    slurp:
+      src: "{{ devstack_base_dir }}/devstack/.stackenv"
+    register: stackenv
+
+  - name: Set a keystone authentication uri
+    set_fact:
+      auth_uri: "{{
+                stackenv.content
+                | b64decode
+                | regex_replace('\n', ' ')
+                | regex_replace('^.*KEYSTONE_SERVICE_URI=([^ ]+).*$', '\\1')
+                }}"
+
+  - name: Request authentication token for first tenant
+    shell: >
+       openstack --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant1 }}
+       --os-user-domain-name {{ os_domain_tenant1 }}
+       --os-project-name {{ os_project_tenant1 }}
+       --os-username {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       token issue
+
+  - name: Generate OpenStack VIM config for first tenant
+    shell: >
+       {{ zuul_work_dir }}/tools/gen_vim_config.sh --type openstack
+       --os-user {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       --project {{ os_project_tenant1 }}
+       --os-project-domain {{ os_domain_tenant1 }}
+       --os-user-domain {{ os_domain_tenant1 }}
+       --endpoint {{ auth_uri }} --os-disable-cert-verify
+       -o {{ os_vim_conf_path_tenant1 }}
+
+  - name: Cat OpenStack VIM config for first tenant
+    shell: cat {{ os_vim_conf_path_tenant1 }}
+
+  - name: Register OpenStack VIM for first tenant
+    shell: >
+       openstack vim register
+       --os-username {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       --os-project-name {{ os_project_tenant1 }}
+       --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant1 }}
+       --os-user-domain-name {{ os_domain_tenant1 }}
+       --config-file {{ os_vim_conf_path_tenant1 }}
+       --is-default
+       --description "VIM for testing multi tenant"
+       {{ os_vim_name_tenant1 }}
+
+  - name: Copy first tenant vim config file
+    copy:
+       remote_src=True
+       src={{ os_vim_conf_path_tenant1 }}
+       dest={{ zuul_work_dir }}/tacker/tests/etc/samples/{{ os_vim_conf_name_tenant1 }}
+
+  - name: Request authentication token for second tenant
+    shell: >
+       openstack --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant2 }}
+       --os-user-domain-name {{ os_domain_tenant2 }}
+       --os-project-name {{ os_project_tenant2 }}
+       --os-username {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       token issue
+
+  - name: Generate OpenStack VIM config for second tenant
+    shell: >
+       {{ zuul_work_dir }}/tools/gen_vim_config.sh --type openstack
+       --os-user {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       --project {{ os_project_tenant2 }}
+       --os-project-domain {{ os_domain_tenant2 }}
+       --os-user-domain {{ os_domain_tenant2 }}
+       --endpoint {{ auth_uri }} --os-disable-cert-verify
+       -o {{ os_vim_conf_path_tenant2 }}
+
+  - name: Cat OpenStack VIM config
+    shell: cat {{ os_vim_conf_path_tenant2 }}
+
+  - name: Register OpenStack VIM for second tenant
+    shell: >
+       openstack vim register
+       --os-username {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       --os-project-name {{ os_project_tenant2 }}
+       --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant2 }}
+       --os-user-domain-name {{ os_domain_tenant2 }}
+       --config-file {{ os_vim_conf_path_tenant2 }}
+       --is-default
+       --description "VIM for testing multi tenant"
+       {{ os_vim_name_tenant2 }}
+
+  - name: Copy second tenant vim config file
+    copy:
+       remote_src=True
+       src={{ os_vim_conf_path_tenant2 }}
+       dest={{ zuul_work_dir }}/tacker/tests/etc/samples/{{ os_vim_conf_name_tenant2 }}
+
+  when:
+    - inventory_hostname == 'controller-tacker'