Round 1 of changes for keystone integration.

* Modified request context to allow it to hold all of the relevant data from the auth component.
 * Pulled out access to AuthManager from as many places as possible
 * Massive cleanup of unit tests
 * Made the openstack api fakes use fake Authentication by default

There are now only a few places that are using auth manager:
 * Authentication middleware for ec2 api (will move to stand-alone middleware)
 * Authentication middleware for os api (will be deprecated in favor of keystone)
 * Accounts and Users apis for os (will be switched to keystone or deprecated)
 * Ec2 admin api for users and projects (will be removed)
 * Nova-manage user and project commands (will be deprecated and removed with AuthManager)
 * Tests that test the above sections (will be converted or removed with their relevant section)
 * Tests for auth manager
 * Pipelib (authman can be removed once ec2 stand-alone middleware is in place)
 * xen_api (for getting images from old objectstore. I think this can be removed)

Vish

nova/auth/manager.py

@@ -518,6 +518,14 @@ class AuthManager(object):
             return drv.get_user_roles(User.safe_id(user),
                                       Project.safe_id(project))
 
+    def get_active_roles(self, user, project=None):
+        """Get all active roles for context"""
+        if project:
+            roles = FLAGS.allowed_roles + ['projectmanager']
+        else:
+            roles = FLAGS.global_roles
+        return [role for role in roles if self.has_role(user, role, project)]
+
     def get_project(self, pid):
         """Get project object by id"""
         with self.driver() as drv:
@@ -730,10 +738,6 @@ class AuthManager(object):
         with self.driver() as drv:
             drv.modify_user(uid, access_key, secret_key, admin)
 
-    @staticmethod
-    def get_key_pairs(context):
-        return db.key_pair_get_all_by_user(context.elevated(), context.user_id)
-
     def get_credentials(self, user, project=None, use_dmz=True):
         """Get credential zip for user in project"""
         if not isinstance(user, User):
@@ -785,7 +789,7 @@ class AuthManager(object):
         return read_buffer
 
     def get_environment_rc(self, user, project=None, use_dmz=True):
-        """Get credential zip for user in project"""
+        """Get environment rc for user in project"""
         if not isinstance(user, User):
             user = self.get_user(user)
         if project is None:

nova/log.py

@@ -43,8 +43,8 @@ from nova import version
 FLAGS = flags.FLAGS
 flags.DEFINE_string('logging_context_format_string',
                     '%(asctime)s %(levelname)s %(name)s '
-                    '[%(request_id)s %(user)s '
+                    '[%(request_id)s %(user_id)s '
-                    '%(project)s] %(message)s',
+                    '%(project_id)s] %(message)s',
                     'format string to use for log messages with context')
 flags.DEFINE_string('logging_default_format_string',
                     '%(asctime)s %(levelname)s %(name)s [-] '

nova/tests/hyperv_unittest.py

@@ -23,7 +23,6 @@ from nova import context
 from nova import db
 from nova import flags
 from nova import test
-from nova.auth import manager
 from nova.virt import hyperv
 
 FLAGS = flags.FLAGS
@@ -34,11 +33,9 @@ class HyperVTestCase(test.TestCase):
     """Test cases for the Hyper-V driver"""
     def setUp(self):
         super(HyperVTestCase, self).setUp()
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
+        self.project_id = 'fake'
-                                             admin=True)
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
-        self.context = context.RequestContext(self.user, self.project)
 
     def test_create_destroy(self):
         """Create a VM and destroy it"""

nova/tests/test_access.py

@@ -16,7 +16,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import unittest
 import webob
 
 from nova import context
@@ -41,7 +40,7 @@ class FakeApiRequest(object):
 class AccessTestCase(test.TestCase):
     def _env_for(self, ctxt, action):
         env = {}
-        env['ec2.context'] = ctxt
+        env['nova.context'] = ctxt
         env['ec2.request'] = FakeApiRequest(action)
         return env
 
@@ -93,7 +92,11 @@ class AccessTestCase(test.TestCase):
         super(AccessTestCase, self).tearDown()
 
     def response_status(self, user, methodName):
-        ctxt = context.RequestContext(user, self.project)
+        roles = manager.AuthManager().get_active_roles(user, self.project)
+        ctxt = context.RequestContext(user.id,
+                                      self.project.id,
+                                      is_admin=user.is_admin(),
+                                      roles=roles)
         environ = self._env_for(ctxt, methodName)
         req = webob.Request.blank('/', environ)
         resp = req.get_response(self.mw)
@@ -105,30 +108,26 @@ class AccessTestCase(test.TestCase):
     def shouldDeny(self, user, methodName):
         self.assertEqual(401, self.response_status(user, methodName))
 
-    def test_001_allow_all(self):
+    def test_allow_all(self):
         users = [self.testadmin, self.testpmsys, self.testnet, self.testsys]
         for user in users:
             self.shouldAllow(user, '_allow_all')
 
-    def test_002_allow_none(self):
+    def test_allow_none(self):
         self.shouldAllow(self.testadmin, '_allow_none')
         users = [self.testpmsys, self.testnet, self.testsys]
         for user in users:
             self.shouldDeny(user, '_allow_none')
 
-    def test_003_allow_project_manager(self):
+    def test_allow_project_manager(self):
         for user in [self.testadmin, self.testpmsys]:
             self.shouldAllow(user, '_allow_project_manager')
         for user in [self.testnet, self.testsys]:
             self.shouldDeny(user, '_allow_project_manager')
 
-    def test_004_allow_sys_and_net(self):
+    def test_allow_sys_and_net(self):
         for user in [self.testadmin, self.testnet, self.testsys]:
             self.shouldAllow(user, '_allow_sys_and_net')
         # denied because it doesn't have the per project sysadmin
         for user in [self.testpmsys]:
             self.shouldDeny(user, '_allow_sys_and_net')
-
-if __name__ == "__main__":
-    # TODO: Implement use_fake as an option
-    unittest.main()

nova/tests/test_adminapi.py

@@ -25,7 +25,6 @@ from nova import log as logging
 from nova import rpc
 from nova import test
 from nova import utils
-from nova.auth import manager
 from nova.api.ec2 import admin
 from nova.image import fake
 
@@ -51,11 +50,11 @@ class AdminApiTestCase(test.TestCase):
         self.volume = self.start_service('volume')
         self.image_service = utils.import_object(FLAGS.image_service)
 
-        self.manager = manager.AuthManager()
+        self.user_id = 'admin'
-        self.user = self.manager.create_user('admin', 'admin', 'admin', True)
+        self.project_id = 'admin'
-        self.project = self.manager.create_project('proj', 'admin', 'proj')
+        self.context = context.RequestContext(self.user_id,
-        self.context = context.RequestContext(user=self.user,
+                                              self.project_id,
-                                              project=self.project)
+                                              True)
 
         def fake_show(meh, context, id):
             return {'id': 1, 'properties': {'kernel_id': 1, 'ramdisk_id': 1,
@@ -73,11 +72,6 @@ class AdminApiTestCase(test.TestCase):
 
         self.stubs.Set(rpc, 'cast', finish_cast)
 
-    def tearDown(self):
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        super(AdminApiTestCase, self).tearDown()
-
     def test_block_external_ips(self):
         """Make sure provider firewall rules are created."""
         result = self.api.block_external_addresses(self.context, '1.1.1.1/32')

nova/tests/test_api.py

@@ -30,11 +30,11 @@ import webob
 from nova import context
 from nova import exception
 from nova import test
+from nova import wsgi
 from nova.api import ec2
 from nova.api.ec2 import apirequest
 from nova.api.ec2 import cloud
 from nova.api.ec2 import ec2utils
-from nova.auth import manager
 
 
 class FakeHttplibSocket(object):
@@ -192,10 +192,13 @@ class ApiEc2TestCase(test.TestCase):
     """Unit test for the cloud controller on an EC2 API"""
     def setUp(self):
         super(ApiEc2TestCase, self).setUp()
-        self.manager = manager.AuthManager()
         self.host = '127.0.0.1'
-        self.app = ec2.Authenticate(ec2.Requestify(ec2.Executor(),
+        # NOTE(vish): skipping the Authorizer
-                       'nova.api.ec2.cloud.CloudController'))
+        roles = ['sysadmin', 'netadmin']
+        ctxt = context.RequestContext('fake', 'fake', roles=roles)
+        self.app = wsgi.InjectContext(ctxt,
+                ec2.Requestify(ec2.Authorizer(ec2.Executor()),
+                               'nova.api.ec2.cloud.CloudController'))
 
     def expect_http(self, host=None, is_secure=False, api_version=None):
         """Returns a new EC2 connection"""
@@ -246,39 +249,25 @@ class ApiEc2TestCase(test.TestCase):
         self.expect_http(api_version='2010-10-30')
         self.mox.ReplayAll()
 
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
-
         # Any request should be fine
         self.ec2.get_all_instances()
         self.assertTrue(self.ec2.APIVersion in self.http.getresponsebody(),
                        'The version in the xmlns of the response does '
                        'not match the API version given in the request.')
 
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
     def test_describe_instances(self):
         """Test that, after creating a user and a project, the describe
         instances call to the API works properly"""
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
         self.assertEqual(self.ec2.get_all_instances(), [])
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
 
     def test_terminate_invalid_instance(self):
         """Attempt to terminate an invalid instance"""
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
         self.assertRaises(EC2ResponseError, self.ec2.terminate_instances,
                             "i-00000005")
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
 
     def test_get_all_key_pairs(self):
         """Test that, after creating a user and project and generating
@@ -287,16 +276,12 @@ class ApiEc2TestCase(test.TestCase):
         self.mox.ReplayAll()
         keyname = "".join(random.choice("sdiuisudfsdcnpaqwertasd") \
                           for x in range(random.randint(4, 8)))
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
         # NOTE(vish): create depends on pool, so call helper directly
-        cloud._gen_key(context.get_admin_context(), user.id, keyname)
+        cloud._gen_key(context.get_admin_context(), 'fake', keyname)
 
         rv = self.ec2.get_all_key_pairs()
         results = [k for k in rv if k.name == keyname]
         self.assertEquals(len(results), 1)
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
 
     def test_create_duplicate_key_pair(self):
         """Test that, after successfully generating a keypair,
@@ -305,8 +290,6 @@ class ApiEc2TestCase(test.TestCase):
         self.mox.ReplayAll()
         keyname = "".join(random.choice("sdiuisudfsdcnpaqwertasd") \
                           for x in range(random.randint(4, 8)))
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
         # NOTE(vish): create depends on pool, so call helper directly
         self.ec2.create_key_pair('test')
 
@@ -325,27 +308,16 @@ class ApiEc2TestCase(test.TestCase):
         """Test that we can retrieve security groups"""
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake', admin=True)
-        project = self.manager.create_project('fake', 'fake', 'fake')
 
         rv = self.ec2.get_all_security_groups()
 
         self.assertEquals(len(rv), 1)
         self.assertEquals(rv[0].name, 'default')
 
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
     def test_create_delete_security_group(self):
         """Test that we can create a security group"""
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake', admin=True)
-        project = self.manager.create_project('fake', 'fake', 'fake')
-
-        # At the moment, you need both of these to actually be netadmin
-        self.manager.add_role('fake', 'netadmin')
-        project.add_role('fake', 'netadmin')
 
         security_group_name = "".join(random.choice("sdiuisudfsdcnpaqwertasd")
                                       for x in range(random.randint(4, 8)))
@@ -364,9 +336,6 @@ class ApiEc2TestCase(test.TestCase):
 
         self.ec2.delete_security_group(security_group_name)
 
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
     def test_authorize_revoke_security_group_cidr(self):
         """
         Test that we can add and remove CIDR based rules
@@ -374,12 +343,6 @@ class ApiEc2TestCase(test.TestCase):
         """
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
-
-        # At the moment, you need both of these to actually be netadmin
-        self.manager.add_role('fake', 'netadmin')
-        project.add_role('fake', 'netadmin')
 
         security_group_name = "".join(random.choice("sdiuisudfsdcnpaqwertasd")
                                       for x in range(random.randint(4, 8)))
@@ -426,9 +389,6 @@ class ApiEc2TestCase(test.TestCase):
         self.assertEqual(len(rv), 1)
         self.assertEqual(rv[0].name, 'default')
 
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
         return
 
     def test_authorize_revoke_security_group_cidr_v6(self):
@@ -438,12 +398,6 @@ class ApiEc2TestCase(test.TestCase):
         """
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake')
-        project = self.manager.create_project('fake', 'fake', 'fake')
-
-        # At the moment, you need both of these to actually be netadmin
-        self.manager.add_role('fake', 'netadmin')
-        project.add_role('fake', 'netadmin')
 
         security_group_name = "".join(random.choice("sdiuisudfsdcnpaqwertasd")
                                       for x in range(random.randint(4, 8)))
@@ -489,9 +443,6 @@ class ApiEc2TestCase(test.TestCase):
         self.assertEqual(len(rv), 1)
         self.assertEqual(rv[0].name, 'default')
 
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
         return
 
     def test_authorize_revoke_security_group_foreign_group(self):
@@ -501,12 +452,6 @@ class ApiEc2TestCase(test.TestCase):
         """
         self.expect_http()
         self.mox.ReplayAll()
-        user = self.manager.create_user('fake', 'fake', 'fake', admin=True)
-        project = self.manager.create_project('fake', 'fake', 'fake')
-
-        # At the moment, you need both of these to actually be netadmin
-        self.manager.add_role('fake', 'netadmin')
-        project.add_role('fake', 'netadmin')
 
         rand_string = 'sdiuisudfsdcnpaqwertasd'
         security_group_name = "".join(random.choice(rand_string)
@@ -560,8 +505,3 @@ class ApiEc2TestCase(test.TestCase):
         self.mox.ReplayAll()
 
         self.ec2.delete_security_group(security_group_name)
-
-        self.manager.delete_project(project)
-        self.manager.delete_user(user)
-
-        return

nova/tests/test_auth.py

@@ -102,7 +102,7 @@ class _AuthManagerBaseTestCase(test.TestCase):
             self.assertEqual('classified', u.secret)
             self.assertEqual('private-party', u.access)
 
-    def test_004_signature_is_valid(self):
+    def test_signature_is_valid(self):
         with user_generator(self.manager, name='admin', secret='admin',
                             access='admin'):
             with project_generator(self.manager, name="admin",
@@ -141,15 +141,14 @@ class _AuthManagerBaseTestCase(test.TestCase):
                         '127.0.0.1',
                         '/services/Cloud'))
 
-    def test_005_can_get_credentials(self):
+    def test_can_get_credentials(self):
-        return
+        st = {'access': 'access', 'secret': 'secret'}
-        credentials = self.manager.get_user('test1').get_credentials()
+        with user_and_project_generator(self.manager, user_state=st) as (u, p):
-        self.assertEqual(credentials,
+            credentials = self.manager.get_environment_rc(u, p)
-        'export EC2_ACCESS_KEY="access"\n' +
+            LOG.debug(credentials)
-        'export EC2_SECRET_KEY="secret"\n' +
+            self.assertTrue('export EC2_ACCESS_KEY="access:testproj"\n'
-        'export EC2_URL="http://127.0.0.1:8773/services/Cloud"\n' +
+                            in credentials)
-        'export S3_URL="http://127.0.0.1:3333/"\n' +
+            self.assertTrue('export EC2_SECRET_KEY="secret"\n' in credentials)
-        'export EC2_USER_ID="test1"\n')
 
     def test_can_list_users(self):
         with user_generator(self.manager):

nova/tests/test_cloud.py

@@ -34,7 +34,6 @@ from nova import network
 from nova import rpc
 from nova import test
 from nova import utils
-from nova.auth import manager
 from nova.api.ec2 import cloud
 from nova.api.ec2 import ec2utils
 from nova.image import fake
@@ -62,12 +61,11 @@ class CloudTestCase(test.TestCase):
         self.volume = self.start_service('volume')
         self.image_service = utils.import_object(FLAGS.image_service)
 
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('admin', 'admin', 'admin', True)
+        self.project_id = 'fake'
-        self.project = self.manager.create_project('proj', 'admin', 'proj')
+        self.context = context.RequestContext(self.user_id,
-        self.context = context.RequestContext(user=self.user,
+                                              self.project_id,
-                                              project=self.project)
+                                              True)
-        host = self.network.host
 
         def fake_show(meh, context, id):
             return {'id': 1, 'container_format': 'ami',
@@ -87,17 +85,15 @@ class CloudTestCase(test.TestCase):
         self.stubs.Set(rpc, 'cast', finish_cast)
 
     def tearDown(self):
-        networks = db.project_get_networks(self.context, self.project.id,
+        networks = db.project_get_networks(self.context, self.project_id,
                                            associate=False)
         for network in networks:
             db.network_disassociate(self.context, network['id'])
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
         super(CloudTestCase, self).tearDown()
 
     def _create_key(self, name):
         # NOTE(vish): create depends on pool, so just call helper directly
-        return cloud._gen_key(self.context, self.context.user.id, name)
+        return cloud._gen_key(self.context, self.context.user_id, name)
 
     def test_describe_regions(self):
         """Makes sure describe regions runs without raising an exception"""
@@ -982,7 +978,7 @@ class CloudTestCase(test.TestCase):
         key = RSA.load_key_string(private_key, callback=lambda: None)
         bio = BIO.MemoryBuffer()
         public_key = db.key_pair_get(self.context,
-                                    self.context.user.id,
+                                    self.context.user_id,
                                     'test')['public_key']
         key.save_pub_key_bio(bio)
         converted = crypto.ssl_pub_to_ssh_pub(bio.read())
@@ -1006,7 +1002,7 @@ class CloudTestCase(test.TestCase):
                                                'mytestfprint')
         self.assertTrue(result1)
         keydata = db.key_pair_get(self.context,
-                                  self.context.user.id,
+                                  self.context.user_id,
                                   'testimportkey1')
         self.assertEqual('mytestpubkey', keydata['public_key'])
         self.assertEqual('mytestfprint', keydata['fingerprint'])
@@ -1023,7 +1019,7 @@ class CloudTestCase(test.TestCase):
                                                dummypub)
         self.assertTrue(result2)
         keydata = db.key_pair_get(self.context,
-                                  self.context.user.id,
+                                  self.context.user_id,
                                   'testimportkey2')
         self.assertEqual(dummypub, keydata['public_key'])
         self.assertEqual(dummyfprint, keydata['fingerprint'])

nova/tests/test_compute.py

@@ -19,10 +19,6 @@
 Tests For Compute
 """
 
-import mox
-import stubout
-
-from nova.auth import manager
 from nova import compute
 from nova.compute import instance_types
 from nova.compute import manager as compute_manager
@@ -67,10 +63,9 @@ class ComputeTestCase(test.TestCase):
                    network_manager='nova.network.manager.FlatManager')
         self.compute = utils.import_object(FLAGS.compute_manager)
         self.compute_api = compute.API()
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake')
+        self.project_id = 'fake'
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.context = context.RequestContext('fake', 'fake', False)
         test_notifier.NOTIFICATIONS = []
 
         def fake_show(meh, context, id):
@@ -78,19 +73,14 @@ class ComputeTestCase(test.TestCase):
 
         self.stubs.Set(nova.image.fake._FakeImageService, 'show', fake_show)
 
-    def tearDown(self):
-        self.manager.delete_user(self.user)
-        self.manager.delete_project(self.project)
-        super(ComputeTestCase, self).tearDown()
-
     def _create_instance(self, params={}):
         """Create a test instance"""
         inst = {}
         inst['image_ref'] = 1
         inst['reservation_id'] = 'r-fakeres'
         inst['launch_time'] = '10'
-        inst['user_id'] = self.user.id
+        inst['user_id'] = self.user_id
-        inst['project_id'] = self.project.id
+        inst['project_id'] = self.project_id
         type_id = instance_types.get_instance_type_by_name('m1.tiny')['id']
         inst['instance_type_id'] = type_id
         inst['ami_launch_index'] = 0
@@ -115,8 +105,8 @@ class ComputeTestCase(test.TestCase):
     def _create_group(self):
         values = {'name': 'testgroup',
                   'description': 'testgroup',
-                  'user_id': self.user.id,
+                  'user_id': self.user_id,
-                  'project_id': self.project.id}
+                  'project_id': self.project_id}
         return db.security_group_create(self.context, values)
 
     def _get_dummy_instance(self):
@@ -350,8 +340,8 @@ class ComputeTestCase(test.TestCase):
         self.assertEquals(msg['priority'], 'INFO')
         self.assertEquals(msg['event_type'], 'compute.instance.create')
         payload = msg['payload']
-        self.assertEquals(payload['tenant_id'], self.project.id)
+        self.assertEquals(payload['tenant_id'], self.project_id)
-        self.assertEquals(payload['user_id'], self.user.id)
+        self.assertEquals(payload['user_id'], self.user_id)
         self.assertEquals(payload['instance_id'], instance_id)
         self.assertEquals(payload['instance_type'], 'm1.tiny')
         type_id = instance_types.get_instance_type_by_name('m1.tiny')['id']
@@ -374,8 +364,8 @@ class ComputeTestCase(test.TestCase):
         self.assertEquals(msg['priority'], 'INFO')
         self.assertEquals(msg['event_type'], 'compute.instance.delete')
         payload = msg['payload']
-        self.assertEquals(payload['tenant_id'], self.project.id)
+        self.assertEquals(payload['tenant_id'], self.project_id)
-        self.assertEquals(payload['user_id'], self.user.id)
+        self.assertEquals(payload['user_id'], self.user_id)
         self.assertEquals(payload['instance_id'], instance_id)
         self.assertEquals(payload['instance_type'], 'm1.tiny')
         type_id = instance_types.get_instance_type_by_name('m1.tiny')['id']
@@ -457,8 +447,8 @@ class ComputeTestCase(test.TestCase):
         self.assertEquals(msg['priority'], 'INFO')
         self.assertEquals(msg['event_type'], 'compute.instance.resize.prep')
         payload = msg['payload']
-        self.assertEquals(payload['tenant_id'], self.project.id)
+        self.assertEquals(payload['tenant_id'], self.project_id)
-        self.assertEquals(payload['user_id'], self.user.id)
+        self.assertEquals(payload['user_id'], self.user_id)
         self.assertEquals(payload['instance_id'], instance_id)
         self.assertEquals(payload['instance_type'], 'm1.tiny')
         type_id = instance_types.get_instance_type_by_name('m1.tiny')['id']
@@ -849,7 +839,6 @@ class ComputeTestCase(test.TestCase):
 
     def test_run_kill_vm(self):
         """Detect when a vm is terminated behind the scenes"""
-        self.stubs = stubout.StubOutForTesting()
         self.stubs.Set(compute_manager.ComputeManager,
                 '_report_driver_status', nop_report_driver_status)
 

nova/tests/test_console.py

@@ -26,10 +26,9 @@ from nova import exception
 from nova import flags
 from nova import test
 from nova import utils
-from nova.auth import manager
-from nova.console import manager as console_manager
 
 FLAGS = flags.FLAGS
+flags.DECLARE('console_driver', 'nova.console.manager')
 
 
 class ConsoleTestCase(test.TestCase):
@@ -39,17 +38,11 @@ class ConsoleTestCase(test.TestCase):
         self.flags(console_driver='nova.console.fake.FakeConsoleProxy',
                    stub_compute=True)
         self.console = utils.import_object(FLAGS.console_manager)
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake')
+        self.project_id = 'fake'
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.context = context.get_admin_context()
         self.host = 'test_compute_host'
 
-    def tearDown(self):
-        self.manager.delete_user(self.user)
-        self.manager.delete_project(self.project)
-        super(ConsoleTestCase, self).tearDown()
-
     def _create_instance(self):
         """Create a test instance"""
         inst = {}
@@ -58,8 +51,8 @@ class ConsoleTestCase(test.TestCase):
         inst['image_id'] = 1
         inst['reservation_id'] = 'r-fakeres'
         inst['launch_time'] = '10'
-        inst['user_id'] = self.user.id
+        inst['user_id'] = self.user_id
-        inst['project_id'] = self.project.id
+        inst['project_id'] = self.project_id
         inst['instance_type_id'] = 1
         inst['ami_launch_index'] = 0
         return db.instance_create(self.context, inst)['id']

nova/tests/test_db_api.py

@@ -22,7 +22,6 @@ from nova import test
 from nova import context
 from nova import db
 from nova import flags
-from nova.auth import manager
 
 FLAGS = flags.FLAGS
 
@@ -45,42 +44,35 @@ def _setup_networking(instance_id, ip='1.2.3.4', flo_addr='1.2.1.2'):
     db.fixed_ip_create(ctxt, fixed_ip)
     fix_ref = db.fixed_ip_get_by_address(ctxt, ip)
     db.floating_ip_create(ctxt, {'address': flo_addr,
-                                        'fixed_ip_id': fix_ref.id})
+                                 'fixed_ip_id': fix_ref['id']})
 
 
 class DbApiTestCase(test.TestCase):
     def setUp(self):
         super(DbApiTestCase, self).setUp()
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('admin', 'admin', 'admin', True)
+        self.project_id = 'fake'
-        self.project = self.manager.create_project('proj', 'admin', 'proj')
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.context = context.RequestContext(user=self.user,
-                                              project=self.project)
-
-    def tearDown(self):
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        super(DbApiTestCase, self).tearDown()
 
     def test_instance_get_project_vpn(self):
-        result = db.fixed_ip_get_all(self.context)
         values = {'instance_type_id': FLAGS.default_instance_type,
                   'image_ref': FLAGS.vpn_image_id,
-                  'project_id': self.project.id,
+                  'project_id': self.project_id
                  }
         instance = db.instance_create(self.context, values)
-        result = db.instance_get_project_vpn(self.context, self.project.id)
+        result = db.instance_get_project_vpn(self.context.elevated(),
-        self.assertEqual(instance.id, result.id)
+                                             self.project_id)
+        self.assertEqual(instance['id'], result['id'])
 
     def test_instance_get_project_vpn_joins(self):
-        result = db.fixed_ip_get_all(self.context)
         values = {'instance_type_id': FLAGS.default_instance_type,
                   'image_ref': FLAGS.vpn_image_id,
-                  'project_id': self.project.id,
+                  'project_id': self.project_id
                  }
         instance = db.instance_create(self.context, values)
-        _setup_networking(instance.id)
+        _setup_networking(instance['id'])
-        result = db.instance_get_project_vpn(self.context, self.project.id)
+        result = db.instance_get_project_vpn(self.context.elevated(),
-        self.assertEqual(instance.id, result.id)
+                                             self.project_id)
+        self.assertEqual(instance['id'], result['id'])
         self.assertEqual(result['fixed_ips'][0]['floating_ips'][0].address,
                          '1.2.1.2')

nova/tests/test_libvirt.py

@@ -32,7 +32,6 @@ from nova import flags
 from nova import test
 from nova import utils
 from nova.api.ec2 import cloud
-from nova.auth import manager
 from nova.compute import power_state
 from nova.virt.libvirt import connection
 from nova.virt.libvirt import firewall
@@ -154,36 +153,15 @@ class LibvirtConnTestCase(test.TestCase):
         super(LibvirtConnTestCase, self).setUp()
         connection._late_load_cheetah()
         self.flags(fake_call=True)
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-
+        self.project_id = 'fake'
-        try:
+        self.context = context.RequestContext(self.user_id, self.project_id)
-            pjs = self.manager.get_projects()
-            pjs = [p for p in pjs if p.name == 'fake']
-            if 0 != len(pjs):
-                self.manager.delete_project(pjs[0])
-
-            users = self.manager.get_users()
-            users = [u for u in users if u.name == 'fake']
-            if 0 != len(users):
-                self.manager.delete_user(users[0])
-        except Exception, e:
-            pass
-
-        users = self.manager.get_users()
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
-                                             admin=True)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
         self.network = utils.import_object(FLAGS.network_manager)
         self.context = context.get_admin_context()
         FLAGS.instances_path = ''
         self.call_libvirt_dependant_setup = False
         self.test_ip = '10.11.12.13'
 
-    def tearDown(self):
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        super(LibvirtConnTestCase, self).tearDown()
-
     test_instance = {'memory_kb':     '1024000',
                      'basepath':      '/some/path',
                      'bridge_name':   'br100',
@@ -441,8 +419,8 @@ class LibvirtConnTestCase(test.TestCase):
         self.assertEquals(parameters[1].get('value'), 'fake')
 
     def _check_xml_and_container(self, instance):
-        user_context = context.RequestContext(project=self.project,
+        user_context = context.RequestContext(self.user_id,
-                                              user=self.user)
+                                              self.project_id)
         instance_ref = db.instance_create(user_context, instance)
         _setup_networking(instance_ref['id'], self.test_ip)
 
@@ -470,11 +448,10 @@ class LibvirtConnTestCase(test.TestCase):
 
     def _check_xml_and_uri(self, instance, expect_ramdisk, expect_kernel,
                            rescue=False):
-        user_context = context.RequestContext(project=self.project,
+        user_context = context.RequestContext(self.user_id, self.project_id)
-                                              user=self.user)
         instance_ref = db.instance_create(user_context, instance)
         network_ref = db.project_get_networks(context.get_admin_context(),
-                                             self.project.id)[0]
+                                             self.project_id)[0]
 
         _setup_networking(instance_ref['id'], self.test_ip)
 
@@ -802,11 +779,9 @@ class IptablesFirewallTestCase(test.TestCase):
     def setUp(self):
         super(IptablesFirewallTestCase, self).setUp()
 
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
+        self.project_id = 'fake'
-                                             admin=True)
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
-        self.context = context.RequestContext('fake', 'fake')
         self.network = utils.import_object(FLAGS.network_manager)
 
         class FakeLibvirtConnection(object):
@@ -832,11 +807,6 @@ class IptablesFirewallTestCase(test.TestCase):
         connection.libxml2 = __import__('libxml2')
         return True
 
-    def tearDown(self):
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        super(IptablesFirewallTestCase, self).tearDown()
-
     in_nat_rules = [
       '# Generated by iptables-save v1.4.10 on Sat Feb 19 00:03:19 2011',
       '*nat',
@@ -1119,11 +1089,9 @@ class NWFilterTestCase(test.TestCase):
         class Mock(object):
             pass
 
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
+        self.project_id = 'fake'
-                                             admin=True)
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
-        self.context = context.RequestContext(self.user, self.project)
 
         self.fake_libvirt_connection = Mock()
 
@@ -1131,11 +1099,6 @@ class NWFilterTestCase(test.TestCase):
         self.fw = firewall.NWFilterFirewall(
                                          lambda: self.fake_libvirt_connection)
 
-    def tearDown(self):
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        super(NWFilterTestCase, self).tearDown()
-
     def test_cidr_rule_nwfilter_xml(self):
         cloud_controller = cloud.CloudController()
         cloud_controller.create_security_group(self.context,

nova/tests/test_vmwareapi.py

@@ -19,11 +19,11 @@
 Test suite for VMWareAPI.
 """
 
+from nova import context
 from nova import db
 from nova import flags
 from nova import test
 from nova import utils
-from nova.auth import manager
 from nova.compute import power_state
 from nova.tests.glance import stubs as glance_stubs
 from nova.tests.vmwareapi import db_fakes
@@ -43,10 +43,9 @@ class VMWareAPIVMTestCase(test.TestCase):
         self.flags(vmwareapi_host_ip='test_url',
                    vmwareapi_host_username='test_username',
                    vmwareapi_host_password='test_pass')
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
+        self.project_id = 'fake'
-                                             admin=True)
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
         self.network = utils.import_object(FLAGS.network_manager)
         vmwareapi_fake.reset()
         db_fakes.stub_out_db_instance_api(self.stubs)
@@ -77,14 +76,12 @@ class VMWareAPIVMTestCase(test.TestCase):
     def tearDown(self):
         super(VMWareAPIVMTestCase, self).tearDown()
         vmwareapi_fake.cleanup()
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
 
     def _create_instance_in_the_db(self):
         values = {'name': 1,
                   'id': 1,
-                  'project_id': self.project.id,
+                  'project_id': self.project_id,
-                  'user_id': self.user.id,
+                  'user_id': self.user_id,
                   'image_ref': "1",
                   'kernel_id': "1",
                   'ramdisk_id': "1",

nova/tests/test_xenapi.py

@@ -30,7 +30,6 @@ from nova import flags
 from nova import log as logging
 from nova import test
 from nova import utils
-from nova.auth import manager
 from nova.compute import instance_types
 from nova.compute import power_state
 from nova import exception
@@ -69,7 +68,9 @@ class XenAPIVolumeTestCase(test.TestCase):
     def setUp(self):
         super(XenAPIVolumeTestCase, self).setUp()
         self.stubs = stubout.StubOutForTesting()
-        self.context = context.RequestContext('fake', 'fake', False)
+        self.user_id = 'fake'
+        self.project_id = 'fake'
+        self.context = context.RequestContext(self.user_id, self.project_id)
         FLAGS.target_host = '127.0.0.1'
         FLAGS.xenapi_connection_url = 'test_url'
         FLAGS.xenapi_connection_password = 'test_pass'
@@ -77,7 +78,7 @@ class XenAPIVolumeTestCase(test.TestCase):
         stubs.stub_out_get_target(self.stubs)
         xenapi_fake.reset()
         self.values = {'id': 1,
-                  'project_id': 'fake',
+                  'project_id': self.user_id,
                   'user_id': 'fake',
                   'image_ref': 1,
                   'kernel_id': 2,
@@ -173,10 +174,6 @@ class XenAPIVMTestCase(test.TestCase):
     """Unit tests for VM operations."""
     def setUp(self):
         super(XenAPIVMTestCase, self).setUp()
-        self.manager = manager.AuthManager()
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
-                                             admin=True)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
         self.network = utils.import_object(FLAGS.network_manager)
         self.stubs = stubout.StubOutForTesting()
         self.flags(xenapi_connection_url='test_url',
@@ -195,7 +192,9 @@ class XenAPIVMTestCase(test.TestCase):
         stubs.stub_out_vm_methods(self.stubs)
         glance_stubs.stubout_glance_client(self.stubs)
         fake_utils.stub_out_utils_execute(self.stubs)
-        self.context = context.RequestContext('fake', 'fake', False)
+        self.user_id = 'fake'
+        self.project_id = 'fake'
+        self.context = context.RequestContext(self.user_id, self.project_id)
         self.conn = xenapi_conn.get_connection(False)
 
     def test_parallel_builds(self):
@@ -229,8 +228,8 @@ class XenAPIVMTestCase(test.TestCase):
             instance = db.instance_create(self.context, values)
             self.conn.spawn(instance, network_info)
 
-        gt1 = eventlet.spawn(_do_build, 1, self.project.id, self.user.id)
+        gt1 = eventlet.spawn(_do_build, 1, self.project_id, self.user_id)
-        gt2 = eventlet.spawn(_do_build, 2, self.project.id, self.user.id)
+        gt2 = eventlet.spawn(_do_build, 2, self.project_id, self.user_id)
         gt1.wait()
         gt2.wait()
 
@@ -401,8 +400,8 @@ class XenAPIVMTestCase(test.TestCase):
         stubs.stubout_loopingcall_start(self.stubs)
         if create_record:
             values = {'id': instance_id,
-                      'project_id': self.project.id,
+                      'project_id': self.project_id,
-                      'user_id': self.user.id,
+                      'user_id': self.user_id,
                       'image_ref': image_ref,
                       'kernel_id': kernel_id,
                       'ramdisk_id': ramdisk_id,
@@ -469,12 +468,30 @@ class XenAPIVMTestCase(test.TestCase):
         self._check_vdis(vdi_recs_start, vdi_recs_end)
 
     def test_spawn_raw_objectstore(self):
-        FLAGS.xenapi_image_service = 'objectstore'
+        # TODO(vish): deprecated
-        self._test_spawn(1, None, None)
+        from nova.auth import manager
+        authman = manager.AuthManager()
+        authman.create_user('fake', 'fake')
+        authman.create_project('fake', 'fake')
+        try:
+            FLAGS.xenapi_image_service = 'objectstore'
+            self._test_spawn(1, None, None)
+        finally:
+            authman.delete_project('fake')
+            authman.delete_user('fake')
 
     def test_spawn_objectstore(self):
-        FLAGS.xenapi_image_service = 'objectstore'
+        # TODO(vish): deprecated
-        self._test_spawn(1, 2, 3)
+        from nova.auth import manager
+        authman = manager.AuthManager()
+        authman.create_user('fake', 'fake')
+        authman.create_project('fake', 'fake')
+        try:
+            FLAGS.xenapi_image_service = 'objectstore'
+            self._test_spawn(1, 2, 3)
+        finally:
+            authman.delete_project('fake')
+            authman.delete_user('fake')
 
     @stub_vm_utils_with_vdi_attached_here
     def test_spawn_raw_glance(self):
@@ -626,7 +643,7 @@ class XenAPIVMTestCase(test.TestCase):
                                            host=FLAGS.host,
                                            vpn=None,
                                            instance_type_id=1,
-                                           project_id=self.project.id)
+                                           project_id=self.project_id)
         self._test_spawn(glance_stubs.FakeGlance.IMAGE_MACHINE,
                          glance_stubs.FakeGlance.IMAGE_KERNEL,
                          glance_stubs.FakeGlance.IMAGE_RAMDISK,
@@ -656,21 +673,13 @@ class XenAPIVMTestCase(test.TestCase):
         # Ensure that it will not unrescue a non-rescued instance.
         self.assertRaises(Exception, conn.unrescue, instance, None)
 
-    def tearDown(self):
-        super(XenAPIVMTestCase, self).tearDown()
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        self.vm_info = None
-        self.vm = None
-        self.stubs.UnsetAll()
-
     def _create_instance(self, instance_id=1, spawn=True):
         """Creates and spawns a test instance."""
         stubs.stubout_loopingcall_start(self.stubs)
         values = {
             'id': instance_id,
-            'project_id': self.project.id,
+            'project_id': self.project_id,
-            'user_id': self.user.id,
+            'user_id': self.user_id,
             'image_ref': 1,
             'kernel_id': 2,
             'ramdisk_id': 3,
@@ -752,14 +761,12 @@ class XenAPIMigrateInstance(test.TestCase):
         stubs.stub_out_get_target(self.stubs)
         xenapi_fake.reset()
         xenapi_fake.create_network('fake', FLAGS.flat_network_bridge)
-        self.manager = manager.AuthManager()
+        self.user_id = 'fake'
-        self.user = self.manager.create_user('fake', 'fake', 'fake',
+        self.project_id = 'fake'
-                                             admin=True)
+        self.context = context.RequestContext(self.user_id, self.project_id)
-        self.project = self.manager.create_project('fake', 'fake', 'fake')
-        self.context = context.RequestContext('fake', 'fake', False)
         self.values = {'id': 1,
-                  'project_id': self.project.id,
+                  'project_id': self.project_id,
-                  'user_id': self.user.id,
+                  'user_id': self.user_id,
                   'image_ref': 1,
                   'kernel_id': None,
                   'ramdisk_id': None,
@@ -773,12 +780,6 @@ class XenAPIMigrateInstance(test.TestCase):
         stubs.stubout_get_this_vm_uuid(self.stubs)
         glance_stubs.stubout_glance_client(self.stubs)
 
-    def tearDown(self):
-        super(XenAPIMigrateInstance, self).tearDown()
-        self.manager.delete_project(self.project)
-        self.manager.delete_user(self.user)
-        self.stubs.UnsetAll()
-
     def test_migrate_disk_and_power_off(self):
         instance = db.instance_create(self.context, self.values)
         stubs.stubout_session(self.stubs, stubs.FakeSessionForMigrationTests)