From 724e679e93a7a061c69850229c886a01bdd809a1 Mon Sep 17 00:00:00 2001
From: Manpreet Kaur <kaurmanpreet2620@gmail.com>
Date: Mon, 17 Jan 2022 20:01:34 +0530
Subject: [PATCH] FT Setup to test multi-tenant policy in LCM

To validate functional test cases in Zuul environment this
patch adds a new Ansible playbook. This playbook helps in
creating two different OpenStack projects, users to
validate multi tenant policy in Lifecycle Management.

In current design, tacker uses an administrator role user
"nfv_user" to execute functional test cases. Whereas this
patch adds member role (non administrator user) to newly
created users.

Generates OpenStack VIM config files using helper script and
register default VIMs to respective tenants.
Additionally copies newly generated VIM config files to
"tacker/tacker/tests/etc/samples" folder as these are required
in functional test cases.

Partial Implement: blueprint multi-tenant-policy

Change-Id: I20491eb294e5653bcdc2864885f55d04b21696a1
---
 playbooks/devstack/pre.yaml                   |   1 +
 .../setup-multi-tenant-vim/defaults/main.yaml |  15 ++
 roles/setup-multi-tenant-vim/tasks/main.yaml  | 129 ++++++++++++++++++
 3 files changed, 145 insertions(+)
 create mode 100644 roles/setup-multi-tenant-vim/defaults/main.yaml
 create mode 100644 roles/setup-multi-tenant-vim/tasks/main.yaml

diff --git a/playbooks/devstack/pre.yaml b/playbooks/devstack/pre.yaml
index c9df0e033..d10e44314 100644
--- a/playbooks/devstack/pre.yaml
+++ b/playbooks/devstack/pre.yaml
@@ -5,6 +5,7 @@
     - modify-heat-policy
     - setup-default-vim
     - setup-helm
+    - setup-multi-tenant-vim
     - role: bindep
       bindep_profile: test
       bindep_dir: "{{ zuul_work_dir }}"
diff --git a/roles/setup-multi-tenant-vim/defaults/main.yaml b/roles/setup-multi-tenant-vim/defaults/main.yaml
new file mode 100644
index 000000000..da61ae0fc
--- /dev/null
+++ b/roles/setup-multi-tenant-vim/defaults/main.yaml
@@ -0,0 +1,15 @@
+os_username_tenant1: test_user_1
+os_password_tenant1: devstack
+os_project_tenant1: test_tenant_1
+os_domain_tenant1: Default
+os_vim_name_tenant1: VIM_TEST
+os_vim_conf_name_tenant1: local-tenant1-vim.yaml
+os_vim_conf_path_tenant1: /tmp/local-tenant1-vim.yaml
+os_username_tenant2: test_user_2
+os_password_tenant2: devstack
+os_project_tenant2: test_tenant_2
+os_domain_tenant2: Default
+os_vim_name_tenant2: VIM_DEMO
+os_vim_conf_name_tenant2: local-tenant2-vim.yaml
+os_vim_conf_path_tenant2: /tmp/local-tenant2-vim.yaml
+os_member_role: member
diff --git a/roles/setup-multi-tenant-vim/tasks/main.yaml b/roles/setup-multi-tenant-vim/tasks/main.yaml
new file mode 100644
index 000000000..f2bb42576
--- /dev/null
+++ b/roles/setup-multi-tenant-vim/tasks/main.yaml
@@ -0,0 +1,129 @@
+- block:
+  - name: Create first OpenStack project, user and assign role
+    shell: |
+       openstack --os-cloud devstack-admin project create \
+       --domain {{ os_domain_tenant1 }} \
+       --description 'Test multi tenant policy' {{ os_project_tenant1 }}
+       openstack --os-cloud devstack-admin user create \
+       --domain {{ os_domain_tenant1 }} --project {{ os_project_tenant1 }} \
+       --password {{ os_password_tenant1 }} {{ os_username_tenant1 }}
+       openstack --os-cloud devstack-admin role add \
+       --project {{ os_project_tenant1 }} \
+       --user {{ os_username_tenant1 }} {{ os_member_role }}
+
+  - name: Create second OpenStack project, user and assign role
+    shell: |
+       openstack --os-cloud devstack-admin project create \
+       --domain {{ os_domain_tenant2 }} \
+       --description 'Test multi tenant policy' {{ os_project_tenant2 }}
+       openstack --os-cloud devstack-admin user create \
+       --domain {{ os_domain_tenant2 }} --project {{ os_project_tenant2 }} \
+       --password {{ os_password_tenant2 }} {{ os_username_tenant2 }}
+       openstack --os-cloud devstack-admin role add \
+       --project {{ os_project_tenant2 }} \
+       --user {{ os_username_tenant2 }} {{ os_member_role }}
+
+  - name: Get stackenv from devstack environment
+    slurp:
+      src: "{{ devstack_base_dir }}/devstack/.stackenv"
+    register: stackenv
+
+  - name: Set a keystone authentication uri
+    set_fact:
+      auth_uri: "{{
+                stackenv.content
+                | b64decode
+                | regex_replace('\n', ' ')
+                | regex_replace('^.*KEYSTONE_SERVICE_URI=([^ ]+).*$', '\\1')
+                }}"
+
+  - name: Request authentication token for first tenant
+    shell: >
+       openstack --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant1 }}
+       --os-user-domain-name {{ os_domain_tenant1 }}
+       --os-project-name {{ os_project_tenant1 }}
+       --os-username {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       token issue
+
+  - name: Generate OpenStack VIM config for first tenant
+    shell: >
+       {{ zuul_work_dir }}/tools/gen_vim_config.sh --type openstack
+       --os-user {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       --project {{ os_project_tenant1 }}
+       --os-project-domain {{ os_domain_tenant1 }}
+       --os-user-domain {{ os_domain_tenant1 }}
+       --endpoint {{ auth_uri }} --os-disable-cert-verify
+       -o {{ os_vim_conf_path_tenant1 }}
+
+  - name: Cat OpenStack VIM config for first tenant
+    shell: cat {{ os_vim_conf_path_tenant1 }}
+
+  - name: Register OpenStack VIM for first tenant
+    shell: >
+       openstack vim register
+       --os-username {{ os_username_tenant1 }}
+       --os-password {{ os_password_tenant1 }}
+       --os-project-name {{ os_project_tenant1 }}
+       --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant1 }}
+       --os-user-domain-name {{ os_domain_tenant1 }}
+       --config-file {{ os_vim_conf_path_tenant1 }}
+       --is-default
+       --description "VIM for testing multi tenant"
+       {{ os_vim_name_tenant1 }}
+
+  - name: Copy first tenant vim config file
+    copy:
+       remote_src=True
+       src={{ os_vim_conf_path_tenant1 }}
+       dest={{ zuul_work_dir }}/tacker/tests/etc/samples/{{ os_vim_conf_name_tenant1 }}
+
+  - name: Request authentication token for second tenant
+    shell: >
+       openstack --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant2 }}
+       --os-user-domain-name {{ os_domain_tenant2 }}
+       --os-project-name {{ os_project_tenant2 }}
+       --os-username {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       token issue
+
+  - name: Generate OpenStack VIM config for second tenant
+    shell: >
+       {{ zuul_work_dir }}/tools/gen_vim_config.sh --type openstack
+       --os-user {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       --project {{ os_project_tenant2 }}
+       --os-project-domain {{ os_domain_tenant2 }}
+       --os-user-domain {{ os_domain_tenant2 }}
+       --endpoint {{ auth_uri }} --os-disable-cert-verify
+       -o {{ os_vim_conf_path_tenant2 }}
+
+  - name: Cat OpenStack VIM config
+    shell: cat {{ os_vim_conf_path_tenant2 }}
+
+  - name: Register OpenStack VIM for second tenant
+    shell: >
+       openstack vim register
+       --os-username {{ os_username_tenant2 }}
+       --os-password {{ os_password_tenant2 }}
+       --os-project-name {{ os_project_tenant2 }}
+       --os-auth-url {{ auth_uri }}
+       --os-project-domain-name {{ os_domain_tenant2 }}
+       --os-user-domain-name {{ os_domain_tenant2 }}
+       --config-file {{ os_vim_conf_path_tenant2 }}
+       --is-default
+       --description "VIM for testing multi tenant"
+       {{ os_vim_name_tenant2 }}
+
+  - name: Copy second tenant vim config file
+    copy:
+       remote_src=True
+       src={{ os_vim_conf_path_tenant2 }}
+       dest={{ zuul_work_dir }}/tacker/tests/etc/samples/{{ os_vim_conf_name_tenant2 }}
+
+  when:
+    - inventory_hostname == 'controller-tacker'