Search in sources :

Example 1 with CloudIdentity

use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.

the class CloudIdentityTest method testCloudIdentity.

@Test
public final void testCloudIdentity() {
    CloudIdentity id = new CloudIdentity();
    id.setAdminTenant("AdminTenant");
    id.setId("id");
    // id.setKeystoneUrl ("keystone");
    id.setIdentityUrl("keystone");
    id.setMemberRole("member");
    id.setMsoId("msoId");
    id.setMsoPass(CryptoUtils.encryptCloudConfigPassword("password"));
    id.setTenantMetadata(true);
    id.setIdentityServerType(null);
    id.setIdentityAuthenticationType(null);
    assertTrue(id.getAdminTenant().equals("AdminTenant"));
    assertTrue(id.getId().equals("id"));
    // assertTrue (id.getKeystoneUrl ().equals ("keystone"));
    assertTrue(id.getMemberRole().equals("member"));
    assertTrue(id.getMsoId().equals("msoId"));
    assertTrue(CryptoUtils.decryptCloudConfigPassword(id.getMsoPass()).equals("password"));
    assertTrue(id.getTenantMetadata());
    // assertTrue (id.toString ().contains ("keystone"));
    assertTrue(id.toString().contains("null"));
}
Also used : CloudIdentity(org.onap.so.db.catalog.beans.CloudIdentity) Test(org.junit.Test)

Example 2 with CloudIdentity

use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.

the class CloudIdentityTest method cloneTest.

@Test
public void cloneTest() {
    cloudIdentity = setupCloudIdentity(cloudIdentity, ID, IDENTITY_URL, MSO_ID, MSO_PASS, ADMIN_TENANT, MEMBER_ROLE, TENANT_METADATA, ServerType.ORM, AuthenticationType.USERNAME_PASSWORD);
    CloudIdentity cloudIdentity2 = cloudIdentity.clone();
    assertEquals(cloudIdentity.getClass(), cloudIdentity2.getClass());
}
Also used : CloudIdentity(org.onap.so.db.catalog.beans.CloudIdentity) Test(org.junit.Test)

Example 3 with CloudIdentity

use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.

the class MsoKeystoneUtils method createTenant.

/**
 * Create a tenant with the specified name in the given cloud. If the tenant already exists, an Exception will be
 * thrown. The MSO User will also be added to the "member" list of the new tenant to perform subsequent Nova/Heat
 * commands in the tenant. If the MSO User association fails, the entire transaction will be rolled back.
 * <p>
 * For the AIC Cloud (DCP/LCP): it is not clear that cloudId is needed, as all admin requests go to the centralized
 * identity service in DCP. However, if some artifact must exist in each local LCP instance as well, then it will be
 * needed to access the correct region.
 * <p>
 *
 * @param tenantName The tenant name to create
 * @param cloudSiteId The cloud identifier (may be a region) in which to create the tenant.
 * @return the tenant ID of the newly created tenant
 * @throws MsoTenantAlreadyExists Thrown if the requested tenant already exists
 * @throws MsoOpenstackException Thrown if the Openstack API call returns an exception
 */
public String createTenant(String tenantName, String cloudSiteId, Map<String, String> metadata, boolean backout) throws MsoException {
    // Obtain the cloud site information where we will create the tenant
    Optional<CloudSite> cloudSiteOpt = cloudConfig.getCloudSite(cloudSiteId);
    if (!cloudSiteOpt.isPresent()) {
        LOGGER.error("{} MSOCloudSite {} not found {} ", MessageEnum.RA_CREATE_TENANT_ERR, cloudSiteId, ErrorCode.DataError.getValue());
        throw new MsoCloudSiteNotFound(cloudSiteId);
    }
    Keystone keystoneAdminClient = getKeystoneAdminClient(cloudSiteOpt.get());
    Tenant tenant = null;
    try {
        // Check if the tenant already exists
        tenant = findTenantByName(keystoneAdminClient, tenantName);
        if (tenant != null) {
            // Tenant already exists. Throw an exception
            LOGGER.error("{} Tenant name {} already exists on Cloud site id {}, {}", MessageEnum.RA_TENANT_ALREADY_EXIST, tenantName, cloudSiteId, ErrorCode.DataError.getValue());
            throw new MsoTenantAlreadyExists(tenantName, cloudSiteId);
        }
        // Does not exist, create a new one
        tenant = new Tenant();
        tenant.setName(tenantName);
        tenant.setDescription("SDN Tenant (via MSO)");
        tenant.setEnabled(true);
        OpenStackRequest<Tenant> request = keystoneAdminClient.tenants().create(tenant);
        tenant = executeAndRecordOpenstackRequest(request);
    } catch (OpenStackBaseException e) {
        // Convert Keystone OpenStackResponseException to MsoOpenstackException
        throw keystoneErrorToMsoException(e, "CreateTenant");
    } catch (RuntimeException e) {
        // Catch-all
        throw runtimeExceptionToMsoException(e, "CreateTenant");
    }
    // apply tenant metadata if supported by the cloud site
    try {
        CloudIdentity cloudIdentity = cloudSiteOpt.get().getIdentityService();
        User msoUser = findUserByNameOrId(keystoneAdminClient, cloudIdentity.getMsoId());
        Role memberRole = findRoleByNameOrId(keystoneAdminClient, cloudIdentity.getMemberRole());
        if (msoUser != null && memberRole != null) {
            OpenStackRequest<Void> request = keystoneAdminClient.tenants().addUser(tenant.getId(), msoUser.getId(), memberRole.getId());
            executeAndRecordOpenstackRequest(request);
        }
        if (cloudIdentity.getTenantMetadata() && metadata != null && !metadata.isEmpty()) {
            Metadata tenantMetadata = new Metadata();
            tenantMetadata.setMetadata(metadata);
            OpenStackRequest<Metadata> metaRequest = keystoneAdminClient.tenants().createOrUpdateMetadata(tenant.getId(), tenantMetadata);
            executeAndRecordOpenstackRequest(metaRequest);
        }
    } catch (Exception e) {
        // so roll back the tenant.
        if (!backout) {
            LOGGER.warn("{} Create Tenant errored, Tenant deletion suppressed {} ", MessageEnum.RA_CREATE_TENANT_ERR, ErrorCode.DataError.getValue());
        } else {
            try {
                OpenStackRequest<Void> request = keystoneAdminClient.tenants().delete(tenant.getId());
                executeAndRecordOpenstackRequest(request);
            } catch (Exception e2) {
                // Just log this one. We will report the original exception.
                LOGGER.error("{} Nested exception rolling back tenant {} ", MessageEnum.RA_CREATE_TENANT_ERR, ErrorCode.DataError.getValue(), e2);
            }
        }
        // Propagate the original exception on user/role/tenant mapping
        if (e instanceof OpenStackBaseException) {
            // Convert Keystone Exception to MsoOpenstackException
            throw keystoneErrorToMsoException((OpenStackBaseException) e, "CreateTenantUser");
        } else {
            MsoAdapterException me = new MsoAdapterException(e.getMessage(), e);
            me.addContext("CreateTenantUser");
            throw me;
        }
    }
    return tenant.getId();
}
Also used : MsoCloudSiteNotFound(org.onap.so.openstack.exceptions.MsoCloudSiteNotFound) MsoTenantAlreadyExists(org.onap.so.openstack.exceptions.MsoTenantAlreadyExists) User(com.woorea.openstack.keystone.model.User) OpenStackBaseException(com.woorea.openstack.base.client.OpenStackBaseException) CloudIdentity(org.onap.so.db.catalog.beans.CloudIdentity) Metadata(com.woorea.openstack.keystone.model.Metadata) OpenStackRequest(com.woorea.openstack.base.client.OpenStackRequest) MsoAdapterException(org.onap.so.openstack.exceptions.MsoAdapterException) OpenStackBaseException(com.woorea.openstack.base.client.OpenStackBaseException) MsoOpenstackException(org.onap.so.openstack.exceptions.MsoOpenstackException) OpenStackConnectException(com.woorea.openstack.base.client.OpenStackConnectException) OpenStackResponseException(com.woorea.openstack.base.client.OpenStackResponseException) MsoException(org.onap.so.openstack.exceptions.MsoException) Role(com.woorea.openstack.keystone.model.Role) MsoTenant(org.onap.so.openstack.beans.MsoTenant) Tenant(com.woorea.openstack.keystone.model.Tenant) MsoAdapterException(org.onap.so.openstack.exceptions.MsoAdapterException) Keystone(com.woorea.openstack.keystone.Keystone) CloudSite(org.onap.so.db.catalog.beans.CloudSite)

Example 4 with CloudIdentity

use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.

the class MsoKeystoneUtils method getKeystoneAdminClient.

// -------------------------------------------------------------------
// PRIVATE UTILITY FUNCTIONS FOR USE WITHIN THIS CLASS
/*
     * Get a Keystone Admin client for the Openstack Identity service. This requires an 'admin'-level userId + password
     * along with an 'admin' tenant in the target cloud. These values will be retrieved from properties based on the
     * specified cloud ID. <p> On successful authentication, the Keystone object will be cached for the cloudId so that
     * it can be reused without going back to Openstack every time.
     *
     * @param cloudId
     *
     * @return an authenticated Keystone object
     */
public Keystone getKeystoneAdminClient(CloudSite cloudSite) throws MsoException {
    CloudIdentity cloudIdentity = cloudSite.getIdentityService();
    String adminTenantName = cloudIdentity.getAdminTenant();
    String region = cloudSite.getRegionId();
    MsoTenantUtils tenantUtils = tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
    final String keystoneUrl = tenantUtils.getKeystoneUrl(region, cloudIdentity);
    Keystone keystone = new Keystone(keystoneUrl);
    // Must authenticate against the 'admin' tenant to get the services endpoints
    Access access = null;
    String token = null;
    try {
        Authentication credentials = authenticationMethodFactory.getAuthenticationFor(cloudIdentity);
        OpenStackRequest<Access> request = keystone.tokens().authenticate(credentials).withTenantName(adminTenantName);
        access = executeAndRecordOpenstackRequest(request);
        token = access.getToken().getId();
    } catch (OpenStackResponseException e) {
        if (e.getStatus() == 401) {
            // Authentication error. Can't access admin tenant - something is mis-configured
            String error = "MSO Authentication Failed for " + cloudIdentity.getId();
            throw new MsoAdapterException(error);
        } else {
            throw keystoneErrorToMsoException(e, "TokenAuth");
        }
    } catch (OpenStackConnectException e) {
        // Connection to Openstack failed
        throw keystoneErrorToMsoException(e, "TokenAuth");
    }
    // Get the Identity service URL. Throws runtime exception if not found per region.
    String adminUrl = null;
    try {
        adminUrl = KeystoneUtils.findEndpointURL(access.getServiceCatalog(), "identity", region, "public");
        adminUrl = adminUrl.replaceFirst("5000", "35357");
    } catch (RuntimeException e) {
        String error = "Identity service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
        LOGGER.error("{} Region: {} Cloud identity {} {} Exception in findEndpointURL ", MessageEnum.IDENTITY_SERVICE_NOT_FOUND, region, cloudIdentity.getId(), ErrorCode.DataError.getValue(), e);
        throw new MsoAdapterException(error, e);
    }
    // A new Keystone object is required for the new URL. Use the auth token from above.
    // Note: this doesn't go back to Openstack, it's just a local object.
    keystone = new Keystone(adminUrl);
    keystone.token(token);
    return keystone;
}
Also used : MsoAdapterException(org.onap.so.openstack.exceptions.MsoAdapterException) Keystone(com.woorea.openstack.keystone.Keystone) OpenStackResponseException(com.woorea.openstack.base.client.OpenStackResponseException) Authentication(com.woorea.openstack.keystone.model.Authentication) CloudIdentity(org.onap.so.db.catalog.beans.CloudIdentity) Access(com.woorea.openstack.keystone.model.Access) OpenStackConnectException(com.woorea.openstack.base.client.OpenStackConnectException)

Example 5 with CloudIdentity

use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.

the class MsoNeutronUtils method getNeutronClient.

// -------------------------------------------------------------------
// PRIVATE UTILITY FUNCTIONS FOR USE WITHIN THIS CLASS
/**
 * Get a Neutron (Quantum) client for the Openstack Network service. This requires a 'member'-level userId +
 * password, which will be retrieved from properties based on the specified cloud Id. The tenant in which to operate
 * must also be provided.
 * <p>
 * On successful authentication, the Quantum object will be cached for the tenantID + cloudId so that it can be
 * reused without reauthenticating with Openstack every time.
 *
 * @param cloudSite - a cloud site definition
 * @param tenantId - Openstack tenant ID
 * @return an authenticated Quantum object
 */
private Quantum getNeutronClient(CloudSite cloudSite, String tenantId) throws MsoException {
    String cloudId = cloudSite.getId();
    String region = cloudSite.getRegionId();
    // Obtain an MSO token for the tenant from the identity service
    CloudIdentity cloudIdentity = cloudSite.getIdentityService();
    MsoTenantUtils tenantUtils = tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
    final String keystoneUrl = tenantUtils.getKeystoneUrl(cloudId, cloudIdentity);
    String neutronUrl = null;
    String tokenId = null;
    try {
        if (ServerType.KEYSTONE.equals(cloudIdentity.getIdentityServerType())) {
            Keystone keystoneTenantClient = new Keystone(keystoneUrl);
            Access access = null;
            Authentication credentials = authenticationMethodFactory.getAuthenticationFor(cloudIdentity);
            OpenStackRequest<Access> request = keystoneTenantClient.tokens().authenticate(credentials).withTenantId(tenantId);
            access = executeAndRecordOpenstackRequest(request, true);
            try {
                neutronUrl = KeystoneUtils.findEndpointURL(access.getServiceCatalog(), "network", region, "public");
                if (!neutronUrl.endsWith("/")) {
                    neutronUrl += "/v2.0/";
                }
            } catch (RuntimeException e) {
                // This comes back for not found (probably an incorrect region ID)
                String error = "Network service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
                throw new MsoAdapterException(error, e);
            }
            tokenId = access.getToken().getId();
        } else if (ServerType.KEYSTONE_V3.equals(cloudIdentity.getIdentityServerType())) {
            try {
                KeystoneAuthHolder holder = keystoneV3Authentication.getToken(cloudSite, tenantId, "network");
                tokenId = holder.getId();
                neutronUrl = holder.getServiceUrl();
                if (!neutronUrl.endsWith("/")) {
                    neutronUrl += "/v2.0/";
                }
            } catch (ServiceEndpointNotFoundException e) {
                // This comes back for not found (probably an incorrect region ID)
                String error = "Network service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
                throw new MsoAdapterException(error, e);
            }
        }
    } catch (OpenStackResponseException e) {
        if (e.getStatus() == 401) {
            // Authentication error.
            String error = "Authentication Failure: tenant=" + tenantId + ",cloud=" + cloudIdentity.getId();
            throw new MsoAdapterException(error);
        } else {
            MsoException me = keystoneErrorToMsoException(e, "TokenAuth");
            throw me;
        }
    } catch (OpenStackConnectException e) {
        // Connection to Openstack failed
        MsoIOException me = new MsoIOException(e.getMessage(), e);
        me.addContext("TokenAuth");
        throw me;
    } catch (RuntimeException e) {
        // Catch-all
        MsoException me = runtimeExceptionToMsoException(e, "TokenAuth");
        throw me;
    }
    Quantum neutronClient = new Quantum(neutronUrl);
    neutronClient.token(tokenId);
    return neutronClient;
}
Also used : MsoException(org.onap.so.openstack.exceptions.MsoException) CloudIdentity(org.onap.so.db.catalog.beans.CloudIdentity) Access(com.woorea.openstack.keystone.model.Access) KeystoneAuthHolder(org.onap.so.cloud.authentication.KeystoneAuthHolder) Quantum(com.woorea.openstack.quantum.Quantum) MsoAdapterException(org.onap.so.openstack.exceptions.MsoAdapterException) ServiceEndpointNotFoundException(org.onap.so.cloud.authentication.ServiceEndpointNotFoundException) Keystone(com.woorea.openstack.keystone.Keystone) OpenStackResponseException(com.woorea.openstack.base.client.OpenStackResponseException) KeystoneV3Authentication(org.onap.so.cloud.authentication.KeystoneV3Authentication) Authentication(com.woorea.openstack.keystone.model.Authentication) MsoIOException(org.onap.so.openstack.exceptions.MsoIOException) OpenStackConnectException(com.woorea.openstack.base.client.OpenStackConnectException)

Aggregations

CloudIdentity (org.onap.so.db.catalog.beans.CloudIdentity)26 Test (org.junit.Test)13 CloudSite (org.onap.so.db.catalog.beans.CloudSite)12 Authentication (com.woorea.openstack.keystone.model.Authentication)8 RackspaceAuthentication (org.onap.so.cloud.authentication.models.RackspaceAuthentication)6 OpenStackConnectException (com.woorea.openstack.base.client.OpenStackConnectException)4 OpenStackResponseException (com.woorea.openstack.base.client.OpenStackResponseException)4 UsernamePassword (com.woorea.openstack.keystone.model.authentication.UsernamePassword)4 MsoAdapterException (org.onap.so.openstack.exceptions.MsoAdapterException)4 MsoCloudSiteNotFound (org.onap.so.openstack.exceptions.MsoCloudSiteNotFound)4 Keystone (com.woorea.openstack.keystone.Keystone)3 Access (com.woorea.openstack.keystone.model.Access)3 MsoException (org.onap.so.openstack.exceptions.MsoException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 Identity (com.woorea.openstack.keystone.v3.model.Authentication.Identity)2 Password (com.woorea.openstack.keystone.v3.model.Authentication.Identity.Password)2 User (com.woorea.openstack.keystone.v3.model.Authentication.Identity.Password.User)2 Domain (com.woorea.openstack.keystone.v3.model.Authentication.Identity.Password.User.Domain)2 Scope (com.woorea.openstack.keystone.v3.model.Authentication.Scope)2 Project (com.woorea.openstack.keystone.v3.model.Authentication.Scope.Project)2