From 6b2c1d26eb1041ccffe8433af3f24c44165bccdd Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Mon, 13 May 2019 09:06:40 +0000
Subject: [PATCH] Add function for getting keystone auth from relation

---
 .../test_zaza_utilities_openstack.py          | 97 +++++++++++++++++++
 zaza/openstack/utilities/openstack.py         | 42 ++++++++
 2 files changed, 139 insertions(+)

diff --git a/unit_tests/utilities/test_zaza_utilities_openstack.py b/unit_tests/utilities/test_zaza_utilities_openstack.py
index 45565b1..d40ccf8 100644
--- a/unit_tests/utilities/test_zaza_utilities_openstack.py
+++ b/unit_tests/utilities/test_zaza_utilities_openstack.py
@@ -1001,3 +1001,100 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
         openstack_utils.get_keystone_session(_openrc)
         self.session.Session.assert_called_once_with(
             auth=_auth, verify=_cacert)
+
+    def test_get_keystone_session_from_relation(self):
+        self.patch_object(openstack_utils.juju_utils, "get_relation_from_unit")
+        self.patch_object(openstack_utils, "get_overcloud_auth")
+        self.patch_object(openstack_utils, "get_keystone_session")
+        self.get_relation_from_unit.return_value = {
+            'admin_domain_id': '49f9d68db8e843ffa81d0909707ce26a',
+            'admin_token': 'MZB6y8zY',
+            'api_version': '3',
+            'auth_host': '10.5.0.61',
+            'auth_port': '35357',
+            'auth_protocol': 'http',
+            'egress-subnets': '10.5.0.61/32',
+            'ingress-address': '10.5.0.61',
+            'private-address': '10.5.0.61',
+            'service_domain': 'service_domain',
+            'service_domain_id': '63dbff248e144c9db7d062d69b659eb7',
+            'service_host': '10.5.0.61',
+            'service_password': 'gkKr6G7M',
+            'service_port': '5000',
+            'service_protocol': 'http',
+            'service_tenant': 'services',
+            'service_tenant_id': 'd3cade6a28ed45438640164fc69f262c',
+            'service_username': 's3_swift'}
+        self.get_overcloud_auth.return_value = {
+            'OS_AUTH_URL': 'http://10.5.0.61:5000/v3',
+            'OS_USERNAME': 'admin',
+            'OS_PASSWORD': 'cheeW4eing5foovu',
+            'OS_REGION_NAME': 'RegionOne',
+            'OS_DOMAIN_NAME': 'admin_domain',
+            'OS_USER_DOMAIN_NAME': 'admin_domain',
+            'OS_PROJECT_NAME': 'admin',
+            'OS_PROJECT_DOMAIN_NAME': 'admin_domain',
+            'API_VERSION': 3}
+        openstack_utils.get_keystone_session_from_relation('swift-proxy')
+        self.get_relation_from_unit.assert_called_once_with(
+            'swift-proxy',
+            'keystone',
+            'identity-service')
+        self.get_keystone_session.assert_called_once_with(
+            {
+                'OS_AUTH_URL': 'http://10.5.0.61:5000/v3',
+                'OS_USERNAME': 's3_swift',
+                'OS_PASSWORD': 'gkKr6G7M',
+                'OS_REGION_NAME': 'RegionOne',
+                'OS_DOMAIN_NAME': 'service_domain',
+                'OS_USER_DOMAIN_NAME': 'service_domain',
+                'OS_PROJECT_NAME': 'services',
+                'OS_TENANT_NAME': 'services',
+                'OS_PROJECT_DOMAIN_NAME': 'service_domain',
+                'API_VERSION': 3},
+            scope='PROJECT',
+            verify=None)
+
+    def test_get_keystone_session_from_relation_v2(self):
+        self.patch_object(openstack_utils.juju_utils, "get_relation_from_unit")
+        self.patch_object(openstack_utils, "get_overcloud_auth")
+        self.patch_object(openstack_utils, "get_keystone_session")
+        self.get_relation_from_unit.return_value = {
+            'admin_token': 'Ry8mN6',
+            'api_version': '2',
+            'auth_host': '10.5.0.36',
+            'auth_port': '35357',
+            'auth_protocol': 'http',
+            'egress-subnets': '10.5.0.36/32',
+            'ingress-address': '10.5.0.36',
+            'private-address': '10.5.0.36',
+            'service_host': '10.5.0.36',
+            'service_password': 'CKGsVg2p',
+            'service_port': '5000',
+            'service_protocol': 'http',
+            'service_tenant': 'services',
+            'service_tenant_id': '78b6f62c2aa2',
+            'service_username': 's3_swift'}
+        self.get_overcloud_auth.return_value = {
+            'OS_AUTH_URL': 'http://10.5.0.36:5000/v2.0',
+            'OS_TENANT_NAME': 'admin',
+            'OS_USERNAME': 'admin',
+            'OS_PASSWORD': 'Eirioxohphahliza',
+            'OS_REGION_NAME': 'RegionOne',
+            'API_VERSION': 2}
+        openstack_utils.get_keystone_session_from_relation('swift-proxy')
+        self.get_relation_from_unit.assert_called_once_with(
+            'swift-proxy',
+            'keystone',
+            'identity-service')
+        self.get_keystone_session.assert_called_once_with(
+            {
+                'OS_AUTH_URL': 'http://10.5.0.36:5000/v2.0',
+                'OS_TENANT_NAME': 'services',
+                'OS_USERNAME': 's3_swift',
+                'OS_PASSWORD': 'CKGsVg2p',
+                'OS_REGION_NAME': 'RegionOne',
+                'API_VERSION': 2,
+                'OS_PROJECT_NAME': 'services'},
+            scope='PROJECT',
+            verify=None)
diff --git a/zaza/openstack/utilities/openstack.py b/zaza/openstack/utilities/openstack.py
index a8a184e..10da3fb 100644
--- a/zaza/openstack/utilities/openstack.py
+++ b/zaza/openstack/utilities/openstack.py
@@ -2045,3 +2045,45 @@ def get_hypervisor_for_guest(nova_client, guest_name):
     logging.info('Finding hosting hypervisor')
     server = nova_client.servers.find(name=guest_name)
     return getattr(server, 'OS-EXT-SRV-ATTR:host')
+
+
+def get_keystone_session_from_relation(client_app,
+                                       identity_app='keystone',
+                                       relation_name='identity-service',
+                                       scope='PROJECT',
+                                       verify=None):
+    """Extract credentials information from a relation & return a session.
+
+    :param client_app: Name of application receiving credentials.
+    :type client_app: string
+    :param identity_app: Name of application providing credentials.
+    :type identity_app: string
+    :param relation_name: Name of relation between applications.
+    :type relation_name: string
+    :param scope: Authentication scope: PROJECT or DOMAIN
+    :type scope: string
+    :param verify: Control TLS certificate verification behaviour
+    :type verify: any (True  - use system certs,
+                       False - do not verify,
+                       None  - defer to requests library to find certs,
+                       str   - path to a CA cert bundle)
+    :returns: Keystone session object
+    :rtype: keystoneauth1.session.Session object
+    """
+    relation = juju_utils.get_relation_from_unit(
+        client_app,
+        identity_app,
+        relation_name)
+
+    api_version = int(relation.get('api_version', 2))
+    creds = get_overcloud_auth()
+    creds['OS_USERNAME'] = relation['service_username']
+    creds['OS_PASSWORD'] = relation['service_password']
+    creds['OS_PROJECT_NAME'] = relation['service_tenant']
+    creds['OS_TENANT_NAME'] = relation['service_tenant']
+    if api_version == 3:
+        creds['OS_DOMAIN_NAME'] = relation['service_domain']
+        creds['OS_USER_DOMAIN_NAME'] = relation['service_domain']
+        creds['OS_PROJECT_DOMAIN_NAME'] = relation['service_domain']
+
+    return get_keystone_session(creds, scope=scope, verify=verify)