arif/zaza-openstack-tests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add function for getting keystone auth from relation

Browse Source
This commit is contained in:
Liam Young
2019-05-13 09:06:40 +00:00
parent 0854288288
commit 6b2c1d26eb
2 changed files with 139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
unit_tests/utilities/test_zaza_utilities_openstack.py
View File

@@ -1001,3 +1001,100 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
openstack_utils.get_keystone_session(_openrc)
self.session.Session.assert_called_once_with(
auth=_auth, verify=_cacert)
def test_get_keystone_session_from_relation(self):
self.patch_object(openstack_utils.juju_utils, "get_relation_from_unit")
self.patch_object(openstack_utils, "get_overcloud_auth")
self.patch_object(openstack_utils, "get_keystone_session")
self.get_relation_from_unit.return_value = {
'admin_domain_id': '49f9d68db8e843ffa81d0909707ce26a',
'admin_token': 'MZB6y8zY',
'api_version': '3',
'auth_host': '10.5.0.61',
'auth_port': '35357',
'auth_protocol': 'http',
'egress-subnets': '10.5.0.61/32',
'ingress-address': '10.5.0.61',
'private-address': '10.5.0.61',
'service_domain': 'service_domain',
'service_domain_id': '63dbff248e144c9db7d062d69b659eb7',
'service_host': '10.5.0.61',
'service_password': 'gkKr6G7M',
'service_port': '5000',
'service_protocol': 'http',
'service_tenant': 'services',
'service_tenant_id': 'd3cade6a28ed45438640164fc69f262c',
'service_username': 's3_swift'}
self.get_overcloud_auth.return_value = {
'OS_AUTH_URL': 'http://10.5.0.61:5000/v3',
'OS_USERNAME': 'admin',
'OS_PASSWORD': 'cheeW4eing5foovu',
'OS_REGION_NAME': 'RegionOne',
'OS_DOMAIN_NAME': 'admin_domain',
'OS_USER_DOMAIN_NAME': 'admin_domain',
'OS_PROJECT_NAME': 'admin',
'OS_PROJECT_DOMAIN_NAME': 'admin_domain',
'API_VERSION': 3}
openstack_utils.get_keystone_session_from_relation('swift-proxy')
self.get_relation_from_unit.assert_called_once_with(
'swift-proxy',
'keystone',
'identity-service')
self.get_keystone_session.assert_called_once_with(
{
'OS_AUTH_URL': 'http://10.5.0.61:5000/v3',
'OS_USERNAME': 's3_swift',
'OS_PASSWORD': 'gkKr6G7M',
'OS_REGION_NAME': 'RegionOne',
'OS_DOMAIN_NAME': 'service_domain',
'OS_USER_DOMAIN_NAME': 'service_domain',
'OS_PROJECT_NAME': 'services',
'OS_TENANT_NAME': 'services',
'OS_PROJECT_DOMAIN_NAME': 'service_domain',
'API_VERSION': 3},
scope='PROJECT',
verify=None)
def test_get_keystone_session_from_relation_v2(self):
self.patch_object(openstack_utils.juju_utils, "get_relation_from_unit")
self.patch_object(openstack_utils, "get_overcloud_auth")
self.patch_object(openstack_utils, "get_keystone_session")
self.get_relation_from_unit.return_value = {
'admin_token': 'Ry8mN6',
'api_version': '2',
'auth_host': '10.5.0.36',
'auth_port': '35357',
'auth_protocol': 'http',
'egress-subnets': '10.5.0.36/32',
'ingress-address': '10.5.0.36',
'private-address': '10.5.0.36',
'service_host': '10.5.0.36',
'service_password': 'CKGsVg2p',
'service_port': '5000',
'service_protocol': 'http',
'service_tenant': 'services',
'service_tenant_id': '78b6f62c2aa2',
'service_username': 's3_swift'}
self.get_overcloud_auth.return_value = {
'OS_AUTH_URL': 'http://10.5.0.36:5000/v2.0',
'OS_TENANT_NAME': 'admin',
'OS_USERNAME': 'admin',
'OS_PASSWORD': 'Eirioxohphahliza',
'OS_REGION_NAME': 'RegionOne',
'API_VERSION': 2}
openstack_utils.get_keystone_session_from_relation('swift-proxy')
self.get_relation_from_unit.assert_called_once_with(
'swift-proxy',
'keystone',
'identity-service')
self.get_keystone_session.assert_called_once_with(
{
'OS_AUTH_URL': 'http://10.5.0.36:5000/v2.0',
'OS_TENANT_NAME': 'services',
'OS_USERNAME': 's3_swift',
'OS_PASSWORD': 'CKGsVg2p',
'OS_REGION_NAME': 'RegionOne',
'API_VERSION': 2,
'OS_PROJECT_NAME': 'services'},
scope='PROJECT',
verify=None)

42
zaza/openstack/utilities/openstack.py
View File

@@ -2045,3 +2045,45 @@ def get_hypervisor_for_guest(nova_client, guest_name):
logging.info('Finding hosting hypervisor')
server = nova_client.servers.find(name=guest_name)
return getattr(server, 'OS-EXT-SRV-ATTR:host')
def get_keystone_session_from_relation(client_app,
identity_app='keystone',
relation_name='identity-service',
scope='PROJECT',
verify=None):
"""Extract credentials information from a relation & return a session.
:param client_app: Name of application receiving credentials.
:type client_app: string
:param identity_app: Name of application providing credentials.
:type identity_app: string
:param relation_name: Name of relation between applications.
:type relation_name: string
:param scope: Authentication scope: PROJECT or DOMAIN
:type scope: string
:param verify: Control TLS certificate verification behaviour
:type verify: any (True - use system certs,
False - do not verify,
None - defer to requests library to find certs,
str - path to a CA cert bundle)
:returns: Keystone session object
:rtype: keystoneauth1.session.Session object
"""
relation = juju_utils.get_relation_from_unit(
client_app,
identity_app,
relation_name)
api_version = int(relation.get('api_version', 2))
creds = get_overcloud_auth()
creds['OS_USERNAME'] = relation['service_username']
creds['OS_PASSWORD'] = relation['service_password']
creds['OS_PROJECT_NAME'] = relation['service_tenant']
creds['OS_TENANT_NAME'] = relation['service_tenant']
if api_version == 3:
creds['OS_DOMAIN_NAME'] = relation['service_domain']
creds['OS_USER_DOMAIN_NAME'] = relation['service_domain']
creds['OS_PROJECT_DOMAIN_NAME'] = relation['service_domain']
return get_keystone_session(creds, scope=scope, verify=verify)