Fix create_system_user so it returns creds

Fix the create_system_user method so it returns the access_key
and secret when a user is created.

This patch also includes the following changes:

* Improve logging of multisite methods to help with debugging issues.
* Fix multisite relations in bundles.

Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/667
Closes-Bug: #1950329
Change-Id: I0528fe7f4a89c69f2790a0e472f6f43e23c2de19

hooks/hooks.py

@@ -707,6 +707,10 @@ def master_relation_joined(relation_id=None):
     secret = leader_get('secret')
 
     if not all((realm, zonegroup, zone)):
+        log('Cannot setup multisite configuration, required config is '
+            'missing. realm, zonegroup and zone charm config options must all '
+            'be set',
+            'WARN')
         return
 
     relation_set(relation_id=relation_id,
@@ -717,9 +721,12 @@ def master_relation_joined(relation_id=None):
                  secret=secret)
 
     if not is_leader():
+        log('Cannot setup multisite configuration, this unit is not the '
+            'leader')
         return
 
     if not leader_get('restart_nonce'):
+        log('No restart_nonce found')
         # NOTE(jamespage):
         # This is an ugly kludge to force creation of the required data
         # items in the .rgw.root pool prior to the radosgw process being
@@ -730,10 +737,12 @@ def master_relation_joined(relation_id=None):
     mutation = False
 
     if realm not in multisite.list_realms():
+        log('Realm {} not found, creating now'.format(realm))
         multisite.create_realm(realm, default=True)
         mutation = True
 
     if zonegroup not in multisite.list_zonegroups():
+        log('Zonegroup {} not found, creating now'.format(zonegroup))
         multisite.create_zonegroup(zonegroup,
                                    endpoints=endpoints,
                                    default=True, master=True,
@@ -741,6 +750,7 @@ def master_relation_joined(relation_id=None):
         mutation = True
 
     if zone not in multisite.list_zones():
+        log('Zone {} not found, creating now'.format(zone))
         multisite.create_zone(zone,
                               endpoints=endpoints,
                               default=True, master=True,
@@ -748,6 +758,7 @@ def master_relation_joined(relation_id=None):
         mutation = True
 
     if MULTISITE_SYSTEM_USER not in multisite.list_users():
+        log('User {} not found, creating now'.format(MULTISITE_SYSTEM_USER))
         access_key, secret = multisite.create_system_user(
             MULTISITE_SYSTEM_USER
         )
@@ -759,9 +770,14 @@ def master_relation_joined(relation_id=None):
         mutation = True
 
     if mutation:
+        log(
+            'Mutation detected. Restarting {}.'.format(service_name()),
+            'INFO')
         multisite.update_period()
         service_restart(service_name())
         leader_set(restart_nonce=str(uuid.uuid4()))
+    else:
+        log('No mutation detected.', 'INFO')
 
     relation_set(relation_id=relation_id,
                  access_key=access_key,
@@ -771,6 +787,8 @@ def master_relation_joined(relation_id=None):
 @hooks.hook('slave-relation-changed')
 def slave_relation_changed(relation_id=None, unit=None):
     if not is_leader():
+        log('Cannot setup multisite configuration, this unit is not the '
+            'leader')
         return
     if not ready_for_service(legacy=False):
         log('unit not ready, deferring multisite configuration')
@@ -801,6 +819,7 @@ def slave_relation_changed(relation_id=None, unit=None):
         return
 
     if not leader_get('restart_nonce'):
+        log('No restart_nonce found')
         # NOTE(jamespage):
         # This is an ugly kludge to force creation of the required data
         # items in the .rgw.root pool prior to the radosgw process being
@@ -811,6 +830,7 @@ def slave_relation_changed(relation_id=None, unit=None):
     mutation = False
 
     if realm not in multisite.list_realms():
+        log('Realm {} not found, pulling now'.format(realm))
         multisite.pull_realm(url=master_data['url'],
                              access_key=master_data['access_key'],
                              secret=master_data['secret'])
@@ -821,6 +841,7 @@ def slave_relation_changed(relation_id=None, unit=None):
         mutation = True
 
     if zone not in multisite.list_zones():
+        log('Zone {} not found, creating now'.format(zone))
         multisite.create_zone(zone,
                               endpoints=endpoints,
                               default=False, master=False,
@@ -830,9 +851,14 @@ def slave_relation_changed(relation_id=None, unit=None):
         mutation = True
 
     if mutation:
+        log(
+            'Mutation detected. Restarting {}.'.format(service_name()),
+            'INFO')
         multisite.update_period()
         service_restart(service_name())
         leader_set(restart_nonce=str(uuid.uuid4()))
+    else:
+        log('No mutation detected.', 'INFO')
 
 
 @hooks.hook('leader-settings-changed')

hooks/multisite.py

@@ -386,7 +386,7 @@ def create_system_user(username):
     :return: access key and secret
     :rtype: (str, str)
     """
-    create_user(username, system_user=True)
+    return create_user(username, system_user=True)
 
 
 def pull_realm(url, access_key, secret):

test-requirements.txt

@@ -7,6 +7,8 @@
 #       requirements.  They are intertwined.  Also, Zaza itself should specify
 #       all of its own requirements and if it doesn't, fix it there.
 #
+pyparsing<3.0.0  # aodhclient is pinned in zaza and needs pyparsing < 3.0.0, but cffi also needs it, so pin here.
+cffi==1.14.6; python_version < '3.6'  # cffi 1.15.0 drops support for py35.
 setuptools<50.0.0  # https://github.com/pypa/setuptools/commit/04e3df22df840c6bb244e9b27bc56750c44b7c85
 
 requests>=2.18.4

tests/bundles/bionic-queens-multisite.yaml

@@ -73,5 +73,5 @@ relations:
   - west-ceph-mon:radosgw
 - - slave-ceph-radosgw:identity-service
   - keystone:identity-service
-- - slave-ceph-radosgw:master
-  - ceph-radosgw:slave
+- - slave-ceph-radosgw:slave
+  - ceph-radosgw:master

tests/bundles/bionic-rocky-multisite.yaml

@@ -73,5 +73,5 @@ relations:
   - west-ceph-mon:radosgw
 - - slave-ceph-radosgw:identity-service
   - keystone:identity-service
-- - slave-ceph-radosgw:master
-  - ceph-radosgw:slave
+- - slave-ceph-radosgw:slave
+  - ceph-radosgw:master

unit_tests/test_multisite.py

@@ -78,6 +78,45 @@ class TestMultisiteHelpers(CharmTestCase):
             '--rgw-realm=newrealm'
         ])
 
+    def test_create_user(self):
+        with open(self._testdata(whoami()), 'rb') as f:
+            self.subprocess.check_output.return_value = f.read()
+            access_key, secret = multisite.create_user(
+                'mrbees',
+            )
+            self.assertEqual(
+                access_key,
+                '41JJQK1HN2NAE5DEZUF9')
+            self.assertEqual(
+                secret,
+                '1qhCgxmUDAJI9saFAVdvUTG5MzMjlpMxr5agaaa4')
+            self.subprocess.check_output.assert_called_with([
+                'radosgw-admin', '--id=rgw.testhost',
+                'user', 'create',
+                '--uid=mrbees',
+                '--display-name=Synchronization User',
+            ], stderr=mock.ANY)
+
+    def test_create_system_user(self):
+        with open(self._testdata(whoami()), 'rb') as f:
+            self.subprocess.check_output.return_value = f.read()
+            access_key, secret = multisite.create_system_user(
+                'mrbees',
+            )
+            self.assertEqual(
+                access_key,
+                '41JJQK1HN2NAE5DEZUF9')
+            self.assertEqual(
+                secret,
+                '1qhCgxmUDAJI9saFAVdvUTG5MzMjlpMxr5agaaa4')
+            self.subprocess.check_output.assert_called_with([
+                'radosgw-admin', '--id=rgw.testhost',
+                'user', 'create',
+                '--uid=mrbees',
+                '--display-name=Synchronization User',
+                '--system'
+            ], stderr=mock.ANY)
+
     def test_create_zonegroup(self):
         with open(self._testdata(whoami()), 'rb') as f:
             self.subprocess.check_output.return_value = f.read()

unit_tests/testdata/test_create_system_user.json

@@ -0,0 +1,38 @@
+{
+    "auid": 0,
+    "bucket_quota": {
+        "check_on_raw": false,
+        "enabled": false,
+        "max_objects": -1,
+        "max_size": -1,
+        "max_size_kb": 0
+    },
+    "caps": [],
+    "default_placement": "",
+    "display_name": "Synchronization User",
+    "email": "",
+    "keys": [
+        {
+            "access_key": "41JJQK1HN2NAE5DEZUF9",
+            "secret_key": "1qhCgxmUDAJI9saFAVdvUTG5MzMjlpMxr5agaaa4",
+            "user": "mrbees"
+        }
+    ],
+    "max_buckets": 1000,
+    "op_mask": "read, write, delete",
+    "placement_tags": [],
+    "subusers": [],
+    "suspended": 0,
+    "swift_keys": [],
+    "system": "true",
+    "temp_url_keys": [],
+    "type": "rgw",
+    "user_id": "mrbees",
+    "user_quota": {
+        "check_on_raw": false,
+        "enabled": false,
+        "max_objects": -1,
+        "max_size": -1,
+        "max_size_kb": 0
+    }
+}

unit_tests/testdata/test_create_user.json

@@ -0,0 +1,38 @@
+{
+    "auid": 0,
+    "bucket_quota": {
+        "check_on_raw": false,
+        "enabled": false,
+        "max_objects": -1,
+        "max_size": -1,
+        "max_size_kb": 0
+    },
+    "caps": [],
+    "default_placement": "",
+    "display_name": "Synchronization User",
+    "email": "",
+    "keys": [
+        {
+            "access_key": "41JJQK1HN2NAE5DEZUF9",
+            "secret_key": "1qhCgxmUDAJI9saFAVdvUTG5MzMjlpMxr5agaaa4",
+            "user": "mrbees"
+        }
+    ],
+    "max_buckets": 1000,
+    "op_mask": "read, write, delete",
+    "placement_tags": [],
+    "subusers": [],
+    "suspended": 0,
+    "swift_keys": [],
+    "system": "true",
+    "temp_url_keys": [],
+    "type": "rgw",
+    "user_id": "mrbees",
+    "user_quota": {
+        "check_on_raw": false,
+        "enabled": false,
+        "max_objects": -1,
+        "max_size": -1,
+        "max_size_kb": 0
+    }
+}