[Apic Mapping] TScP with Admin owned Resources
TSCP for APIC mapping, with ability to have the plumbing resources owned by a particular admin user Partially implements blueprint node-centric-chain-plugin Change-Id: Id90ecd78e7dd5c692a4f98655a727a16f74ed73e
This commit is contained in:
parent
6c8e5c8641
commit
8413820614
@ -0,0 +1,92 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystoneclient import exceptions as k_exceptions
|
||||
from keystoneclient.v2_0 import client as keyclient
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
|
||||
from gbpservice.common import utils
|
||||
from gbpservice.neutron.services.servicechain.plugins.ncp.node_plumbers import(
|
||||
traffic_stitching_plumber as tscp)
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
TSCP_OPTS = [
|
||||
cfg.StrOpt('plumbing_resource_owner_user',
|
||||
help=_("Username of the Openstack keystone user who owns the "
|
||||
"resources created by the traffic stitching plumber")),
|
||||
cfg.StrOpt('plumbing_resource_owner_password',
|
||||
help=_("Openstack keystone password for the user who "
|
||||
"owns the resources created by the traffic stitching "
|
||||
"plumber"),
|
||||
secret=True),
|
||||
cfg.StrOpt('plumbing_resource_owner_tenant_name',
|
||||
help=_("Name of the Tenant that will own the plumber created "
|
||||
" resources"),)
|
||||
]
|
||||
|
||||
cfg.CONF.register_opts(TSCP_OPTS, "admin_owned_resources_apic_tscp")
|
||||
|
||||
|
||||
class AdminOwnedResourcesApicTSCP(tscp.TrafficStitchingPlumber):
|
||||
"""Traffic Stitching Plumber for APIC with Admin owned resources.
|
||||
|
||||
This plumber for APIC mapping provides the ability to choose the user and
|
||||
who owns the resources created by the plumber.
|
||||
"""
|
||||
|
||||
def initialize(self):
|
||||
self._resource_owner_tenant_id = None
|
||||
super(AdminOwnedResourcesApicTSCP, self).initialize()
|
||||
|
||||
@property
|
||||
def resource_owner_tenant_id(self):
|
||||
if not self._resource_owner_tenant_id:
|
||||
self._resource_owner_tenant_id = (
|
||||
self._get_resource_owner_tenant_id())
|
||||
return self._resource_owner_tenant_id
|
||||
|
||||
def plug_services(self, context, deployment):
|
||||
context = self._get_resource_owner_context(context)
|
||||
super(AdminOwnedResourcesApicTSCP, self).plug_services(
|
||||
context, deployment)
|
||||
|
||||
def unplug_services(self, context, deployment):
|
||||
context = self._get_resource_owner_context(context)
|
||||
super(AdminOwnedResourcesApicTSCP, self).unplug_services(
|
||||
context, deployment)
|
||||
|
||||
def _get_resource_owner_tenant_id(self):
|
||||
user, pwd, tenant, auth_url = utils.get_keystone_creds()
|
||||
keystoneclient = keyclient.Client(username=user, password=pwd,
|
||||
auth_url=auth_url)
|
||||
try:
|
||||
tenant = keystoneclient.tenants.find(name=tenant)
|
||||
return tenant.id
|
||||
except k_exceptions.NotFound:
|
||||
with excutils.save_and_reraise_exception(reraise=True):
|
||||
LOG.error(_('No tenant with name %s exists.'), tenant)
|
||||
except k_exceptions.NoUniqueMatch:
|
||||
with excutils.save_and_reraise_exception(reraise=True):
|
||||
LOG.error(_('Multiple tenants matches found for %s'), tenant)
|
||||
|
||||
def _get_resource_owner_context(self, context):
|
||||
resource_owner_context = context.elevated()
|
||||
resource_owner_context.tenant_id = self.resource_owner_tenant_id
|
||||
user, pwd, _, auth_url = utils.get_keystone_creds()
|
||||
keystoneclient = keyclient.Client(username=user, password=pwd,
|
||||
auth_url=auth_url)
|
||||
resource_owner_context.auth_token = keystoneclient.get_token(
|
||||
self.resource_owner_tenant_id)
|
||||
return resource_owner_context
|
@ -0,0 +1,50 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import mock
|
||||
from neutron.common import config # noqa
|
||||
|
||||
from gbpservice.neutron.services.servicechain.plugins.ncp.node_plumbers import(
|
||||
admin_owned_resources_apic_tscp as admin_tscp)
|
||||
from gbpservice.neutron.tests.unit.services.servicechain.ncp import (
|
||||
test_tscp_apic_mapping as test_tscp_apic_mapping)
|
||||
|
||||
|
||||
class AdminOwnedResourcesTscpTestCase(
|
||||
test_tscp_apic_mapping.ApicMappingStitchingPlumberGBPTestCase):
|
||||
|
||||
def setUp(self):
|
||||
user = 'user'
|
||||
password = 'password'
|
||||
tenant_name = 'tenant_name',
|
||||
uri = 'http://127.0.0.1:35357/v2.0/'
|
||||
config.cfg.CONF.set_override('admin_user', user,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_password', password,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_tenant_name', tenant_name,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('auth_uri', uri,
|
||||
group='keystone_authtoken')
|
||||
super(AdminOwnedResourcesTscpTestCase, self).setUp(
|
||||
plumber='admin_owned_resources_apic_plumber')
|
||||
admin_tscp.keyclient = mock.Mock()
|
||||
res = mock.patch('gbpservice.neutron.services.servicechain.plugins.'
|
||||
'ncp.node_plumbers.admin_owned_resources_apic_tscp.'
|
||||
'AdminOwnedResourcesApicTSCP.'
|
||||
'_get_resource_owner_tenant_id').start()
|
||||
res.return_value = "1234"
|
||||
|
||||
|
||||
class TestApicChains(AdminOwnedResourcesTscpTestCase,
|
||||
test_tscp_apic_mapping.TestApicChains):
|
||||
pass
|
@ -32,10 +32,10 @@ from gbpservice.neutron.tests.unit.services.servicechain.ncp import (
|
||||
class ApicMappingStitchingPlumberGBPTestCase(
|
||||
test_apic.ApicMappingTestCase):
|
||||
|
||||
def setUp(self):
|
||||
def setUp(self, plumber='stitching_plumber'):
|
||||
cfg.CONF.set_override(
|
||||
'extension_drivers', ['proxy_group'], group='group_policy')
|
||||
cfg.CONF.set_override('node_plumber', 'stitching_plumber',
|
||||
cfg.CONF.set_override('node_plumber', plumber,
|
||||
group='node_composition_plugin')
|
||||
super(ApicMappingStitchingPlumberGBPTestCase, self).setUp(
|
||||
sc_plugin=base.SC_PLUGIN_KLASS)
|
||||
|
@ -72,6 +72,7 @@ gbpservice.neutron.servicechain.ncp_drivers =
|
||||
gbpservice.neutron.servicechain.ncp_plumbers =
|
||||
dummy_plumber = gbpservice.neutron.services.servicechain.plugins.ncp.node_plumbers.dummy_plumber:NoopPlumber
|
||||
stitching_plumber = gbpservice.neutron.services.servicechain.plugins.ncp.node_plumbers.traffic_stitching_plumber:TrafficStitchingPlumber
|
||||
admin_owned_resources_apic_plumber = gbpservice.neutron.services.servicechain.plugins.ncp.node_plumbers.admin_owned_resources_apic_tscp:AdminOwnedResourcesApicTSCP
|
||||
|
||||
[build_sphinx]
|
||||
source-dir = doc/source
|
||||
|
Loading…
Reference in New Issue
Block a user