openstack
/
tempest
Code Issues Proposed changes

tempest cleanup - use admin_mgr only 

Avoid using temporary managers and use only the admin one. The tool
has been using the admin_mgr for listing projects, roles, for listing
all resources during initializing a saved state so why don't use it also
for deleting all of the resources?
This wil solve the Unauthorized issue happening when the tool
was requesting credentials for the project from a different
domain.

Closes-bug: #1766582

Change-Id: Ibb5599ce48712b94dbf591e4a30cf3906cb5cdde
This commit is contained in:
Martin Kopec 2019-10-04 14:13:59 +00:00
parent 420155c234
commit 7ca8602380
1 changed files with 1 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
tempest/cmd/cleanup.py
View File

@ -135,8 +135,6 @@ class TempestCleanup(command.Command):
self.admin_project_id = ""
self._init_admin_ids()
self.admin_role_added = []
# available services
self.project_services = cleanup_service.get_project_cleanup_services()
self.global_services = cleanup_service.get_global_cleanup_services()
@ -170,7 +168,6 @@ class TempestCleanup(command.Command):
# Loop through list of projects and clean them up.
for project in projects:
self._add_admin(project['id'])
self._clean_project(project)
kwargs = {'data': self.dry_run_data,
@ -188,15 +185,6 @@ class TempestCleanup(command.Command):
f.write(json.dumps(self.dry_run_data, sort_keys=True,
indent=2, separators=(',', ': ')))
self._remove_admin_user_roles()
def _remove_admin_user_roles(self):
project_ids = self.admin_role_added
LOG.debug("Removing admin user roles where needed for projects: %s",
project_ids)
for project_id in project_ids:
self._remove_admin_role(project_id)
def _clean_project(self, project):
print("Cleaning project: %s " % project['name'])
is_dry_run = self.options.dry_run
@ -209,11 +197,6 @@ class TempestCleanup(command.Command):
project_data = dry_run_data["_projects_to_clean"][project_id] = {}
project_data['name'] = project_name
kwargs = {"username": CONF.auth.admin_username,
"password": CONF.auth.admin_password,
"project_name": project['name']}
mgr = clients.Manager(credentials=credentials.get_credentials(
**kwargs))
kwargs = {'data': project_data,
'is_dry_run': is_dry_run,
'saved_state_json': self.json_data,
@ -222,7 +205,7 @@ class TempestCleanup(command.Command):
'project_id': project_id,
'got_exceptions': self.GOT_EXCEPTIONS}
for service in self.project_services:
svc = service(mgr, **kwargs)
svc = service(self.admin_mgr, **kwargs)
svc.run()
def _init_admin_ids(self):
@ -272,46 +255,6 @@ class TempestCleanup(command.Command):
def get_description(self):
return 'Cleanup after tempest run'
def _add_admin(self, project_id):
rl_cl = self.admin_mgr.roles_v3_client
needs_role = True
roles = rl_cl.list_user_roles_on_project(project_id,
self.admin_id)['roles']
for role in roles:
if role['id'] == self.admin_role_id:
needs_role = False
LOG.debug("User already had admin privilege for this project")
if needs_role:
LOG.debug("Adding admin privilege for : %s", project_id)
rl_cl.create_user_role_on_project(project_id, self.admin_id,
self.admin_role_id)
self.admin_role_added.append(project_id)
def _remove_admin_role(self, project_id):
LOG.debug("Remove admin user role for projectt: %s", project_id)
# Must initialize Admin Manager for each user role
# Otherwise authentication exception is thrown, weird
id_cl = clients.Manager(
credentials.get_configured_admin_credentials()).identity_client
if (self._project_exists(project_id)):
try:
id_cl.delete_role_from_user_on_project(project_id,
self.admin_id,
self.admin_role_id)
except Exception as ex:
LOG.exception("Failed removing role from project which still "
"exists, exception: %s", ex)
def _project_exists(self, project_id):
pr_cl = self.admin_mgr.projects_client
try:
p = pr_cl.show_project(project_id)
LOG.debug("Project is: %s", str(p))
return True
except Exception as ex:
LOG.debug("Project no longer exists? %s", ex)
return False
def _init_state(self):
print("Initializing saved state.")
data = {}