From 1cd062efde836bfa643a593394be83b3b8dd9bcf Mon Sep 17 00:00:00 2001 From: Liam Young Date: Sun, 25 Feb 2018 22:36:05 +0000 Subject: [PATCH] Fix up amulet for queens Switch to use Keystone v3 clients for Queens Change-Id: Ic93b430fa12f9d283c507a51a58e0468b7d4a850 --- tests/basic_deployment.py | 130 ++++++++++++++---- ...xenial-queens => gate-basic-xenial-queens} | 0 2 files changed, 102 insertions(+), 28 deletions(-) rename tests/{dev-basic-xenial-queens => gate-basic-xenial-queens} (100%) diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py index 4d774de4..000023cd 100644 --- a/tests/basic_deployment.py +++ b/tests/basic_deployment.py @@ -26,6 +26,10 @@ from charmhelpers.contrib.openstack.amulet.utils import ( ) from charmhelpers.contrib.openstack.utils import CompareOpenStackReleases +import keystoneclient +from keystoneclient.v3 import client as keystone_client_v3 +import glanceclient +from novaclient import client as nova_client from novaclient import exceptions @@ -186,46 +190,95 @@ class NovaCCBasicDeployment(OpenStackAmuletDeployment): self._get_openstack_release_string())) # Authenticate admin with keystone - self.keystone = u.authenticate_keystone_admin(self.keystone_sentry, - user='admin', - password='openstack', - tenant='admin') + self.keystone_session, self.keystone = u.get_default_keystone_session( + self.keystone_sentry, + openstack_release=self._get_openstack_release()) # Authenticate admin with glance endpoint - self.glance = u.authenticate_glance_admin(self.keystone) + self.glance = glanceclient.Client('1', session=self.keystone_session) # Authenticate admin with nova endpoint - self.nova = u.authenticate_nova_user(self.keystone, - user='admin', - password='openstack', - tenant='admin') + self.nova = nova_client.Client(2, session=self.keystone_session) + + keystone_ip = self.keystone_sentry.info['public-address'] # Create a demo tenant/role/user self.demo_tenant = 'demoTenant' self.demo_role = 'demoRole' self.demo_user = 'demoUser' + self.demo_project = 'demoProject' + self.demo_domain = 'demoDomain' + if self._get_openstack_release() >= self.xenial_queens: + self.create_users_v3() + self.demo_user_session, auth = u.get_keystone_session( + keystone_ip, + self.demo_user, + 'password', + api_version=3, + user_domain_name=self.demo_domain, + project_domain_name=self.demo_domain, + project_name=self.demo_project + ) + self.keystone_demo = keystone_client_v3.Client( + session=self.demo_user_session) + self.nova_demo = nova_client.Client( + 2, + session=self.demo_user_session) + else: + self.create_users_v2() + # Authenticate demo user with keystone + self.keystone_demo = \ + u.authenticate_keystone_user( + self.keystone, user=self.demo_user, + password='password', + tenant=self.demo_tenant) + # Authenticate demo user with nova-api + self.nova_demo = u.authenticate_nova_user(self.keystone, + user=self.demo_user, + password='password', + tenant=self.demo_tenant) + + def create_users_v3(self): + try: + self.keystone.projects.find(name=self.demo_project) + except keystoneclient.exceptions.NotFound: + domain = self.keystone.domains.create( + self.demo_domain, + description='Demo Domain', + enabled=True + ) + project = self.keystone.projects.create( + self.demo_project, + domain, + description='Demo Project', + enabled=True, + ) + user = self.keystone.users.create( + self.demo_user, + domain=domain.id, + project=self.demo_project, + password='password', + email='demov3@demo.com', + description='Demo', + enabled=True) + role = self.keystone.roles.find(name='Admin') + self.keystone.roles.grant( + role.id, + user=user.id, + project=project.id) + + def create_users_v2(self): if not u.tenant_exists(self.keystone, self.demo_tenant): tenant = self.keystone.tenants.create(tenant_name=self.demo_tenant, description='demo tenant', enabled=True) + self.keystone.roles.create(name=self.demo_role) self.keystone.users.create(name=self.demo_user, password='password', tenant_id=tenant.id, email='demo@demo.com') - # Authenticate demo user with keystone - self.keystone_demo = \ - u.authenticate_keystone_user(self.keystone, user=self.demo_user, - password='password', - tenant=self.demo_tenant) - - # Authenticate demo user with nova-api - self.nova_demo = u.authenticate_nova_user(self.keystone, - user=self.demo_user, - password='password', - tenant=self.demo_tenant) - def test_100_services(self): """Verify the expected services are running on the corresponding service units.""" @@ -285,9 +338,12 @@ class NovaCCBasicDeployment(OpenStackAmuletDeployment): expected = {'s3': [endpoint_vol], 'compute': [endpoint_vol], 'ec2': [endpoint_vol], 'identity': [endpoint_id]} - actual = self.keystone_demo.service_catalog.get_endpoints() + actual = self.keystone.service_catalog.get_endpoints() - ret = u.validate_svc_catalog_endpoint_data(expected, actual) + ret = u.validate_svc_catalog_endpoint_data( + expected, + actual, + openstack_release=self._get_openstack_release()) if ret: amulet.raise_status(amulet.FAIL, msg=ret) @@ -307,8 +363,14 @@ class NovaCCBasicDeployment(OpenStackAmuletDeployment): 'service_id': u.not_null } - ret = u.validate_endpoint_data(endpoints, admin_port, internal_port, - public_port, expected) + ret = u.validate_endpoint_data( + endpoints, + admin_port, + internal_port, + public_port, + expected, + openstack_release=self._get_openstack_release()) + if ret: message = 'osapi endpoint: {}'.format(ret) amulet.raise_status(amulet.FAIL, msg=message) @@ -582,10 +644,10 @@ class NovaCCBasicDeployment(OpenStackAmuletDeployment): # Since >= liberty endpoint_type was replaced by interface # https://github.com/openstack/keystoneauth/commit/d227f6d237c4309b21a32a115fc5b09b9ba46ef0 try: - ks_ep = self.keystone_demo.service_catalog.url_for( + ks_ep = self.keystone.service_catalog.url_for( service_type='identity', interface='publicURL') except TypeError: - ks_ep = self.keystone_demo.service_catalog.url_for( + ks_ep = self.keystone.service_catalog.url_for( service_type='identity', endpoint_type='publicURL') ks_ec2 = "{}/ec2tokens".format(ks_ep) @@ -691,7 +753,19 @@ class NovaCCBasicDeployment(OpenStackAmuletDeployment): 'lock_path': '/var/lock/nova', } - if self._get_openstack_release() >= self.trusty_mitaka: + if self._get_openstack_release() >= self.xenial_queens: + expected['keystone_authtoken'] = { + 'auth_uri': ks_uri.rstrip('/'), + 'auth_url': id_uri.rstrip('/'), + 'auth_type': 'password', + 'project_domain_name': 'service_domain', + 'user_domain_name': 'service_domain', + 'project_name': 'services', + 'username': ks_ncc_rel['service_username'], + 'password': ks_ncc_rel['service_password'], + 'signing_dir': '/var/cache/nova' + } + elif self._get_openstack_release() >= self.trusty_mitaka: expected['keystone_authtoken'] = { 'auth_uri': ks_uri.rstrip('/'), 'auth_url': id_uri.rstrip('/'), diff --git a/tests/dev-basic-xenial-queens b/tests/gate-basic-xenial-queens similarity index 100% rename from tests/dev-basic-xenial-queens rename to tests/gate-basic-xenial-queens