tempest cleanup - use admin_mgr only
Avoid using temporary managers and use only the admin one. The tool has been using the admin_mgr for listing projects, roles, for listing all resources during initializing a saved state so why don't use it also for deleting all of the resources? This wil solve the Unauthorized issue happening when the tool was requesting credentials for the project from a different domain. Closes-bug: #1766582 Change-Id: Ibb5599ce48712b94dbf591e4a30cf3906cb5cdde
This commit is contained in:
parent
420155c234
commit
7ca8602380
|
@ -135,8 +135,6 @@ class TempestCleanup(command.Command):
|
|||
self.admin_project_id = ""
|
||||
self._init_admin_ids()
|
||||
|
||||
self.admin_role_added = []
|
||||
|
||||
# available services
|
||||
self.project_services = cleanup_service.get_project_cleanup_services()
|
||||
self.global_services = cleanup_service.get_global_cleanup_services()
|
||||
|
@ -170,7 +168,6 @@ class TempestCleanup(command.Command):
|
|||
|
||||
# Loop through list of projects and clean them up.
|
||||
for project in projects:
|
||||
self._add_admin(project['id'])
|
||||
self._clean_project(project)
|
||||
|
||||
kwargs = {'data': self.dry_run_data,
|
||||
|
@ -188,15 +185,6 @@ class TempestCleanup(command.Command):
|
|||
f.write(json.dumps(self.dry_run_data, sort_keys=True,
|
||||
indent=2, separators=(',', ': ')))
|
||||
|
||||
self._remove_admin_user_roles()
|
||||
|
||||
def _remove_admin_user_roles(self):
|
||||
project_ids = self.admin_role_added
|
||||
LOG.debug("Removing admin user roles where needed for projects: %s",
|
||||
project_ids)
|
||||
for project_id in project_ids:
|
||||
self._remove_admin_role(project_id)
|
||||
|
||||
def _clean_project(self, project):
|
||||
print("Cleaning project: %s " % project['name'])
|
||||
is_dry_run = self.options.dry_run
|
||||
|
@ -209,11 +197,6 @@ class TempestCleanup(command.Command):
|
|||
project_data = dry_run_data["_projects_to_clean"][project_id] = {}
|
||||
project_data['name'] = project_name
|
||||
|
||||
kwargs = {"username": CONF.auth.admin_username,
|
||||
"password": CONF.auth.admin_password,
|
||||
"project_name": project['name']}
|
||||
mgr = clients.Manager(credentials=credentials.get_credentials(
|
||||
**kwargs))
|
||||
kwargs = {'data': project_data,
|
||||
'is_dry_run': is_dry_run,
|
||||
'saved_state_json': self.json_data,
|
||||
|
@ -222,7 +205,7 @@ class TempestCleanup(command.Command):
|
|||
'project_id': project_id,
|
||||
'got_exceptions': self.GOT_EXCEPTIONS}
|
||||
for service in self.project_services:
|
||||
svc = service(mgr, **kwargs)
|
||||
svc = service(self.admin_mgr, **kwargs)
|
||||
svc.run()
|
||||
|
||||
def _init_admin_ids(self):
|
||||
|
@ -272,46 +255,6 @@ class TempestCleanup(command.Command):
|
|||
def get_description(self):
|
||||
return 'Cleanup after tempest run'
|
||||
|
||||
def _add_admin(self, project_id):
|
||||
rl_cl = self.admin_mgr.roles_v3_client
|
||||
needs_role = True
|
||||
roles = rl_cl.list_user_roles_on_project(project_id,
|
||||
self.admin_id)['roles']
|
||||
for role in roles:
|
||||
if role['id'] == self.admin_role_id:
|
||||
needs_role = False
|
||||
LOG.debug("User already had admin privilege for this project")
|
||||
if needs_role:
|
||||
LOG.debug("Adding admin privilege for : %s", project_id)
|
||||
rl_cl.create_user_role_on_project(project_id, self.admin_id,
|
||||
self.admin_role_id)
|
||||
self.admin_role_added.append(project_id)
|
||||
|
||||
def _remove_admin_role(self, project_id):
|
||||
LOG.debug("Remove admin user role for projectt: %s", project_id)
|
||||
# Must initialize Admin Manager for each user role
|
||||
# Otherwise authentication exception is thrown, weird
|
||||
id_cl = clients.Manager(
|
||||
credentials.get_configured_admin_credentials()).identity_client
|
||||
if (self._project_exists(project_id)):
|
||||
try:
|
||||
id_cl.delete_role_from_user_on_project(project_id,
|
||||
self.admin_id,
|
||||
self.admin_role_id)
|
||||
except Exception as ex:
|
||||
LOG.exception("Failed removing role from project which still "
|
||||
"exists, exception: %s", ex)
|
||||
|
||||
def _project_exists(self, project_id):
|
||||
pr_cl = self.admin_mgr.projects_client
|
||||
try:
|
||||
p = pr_cl.show_project(project_id)
|
||||
LOG.debug("Project is: %s", str(p))
|
||||
return True
|
||||
except Exception as ex:
|
||||
LOG.debug("Project no longer exists? %s", ex)
|
||||
return False
|
||||
|
||||
def _init_state(self):
|
||||
print("Initializing saved state.")
|
||||
data = {}
|
||||
|
|
Loading…
Reference in New Issue