use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.
the class CloudIdentityTest method testCloudIdentity.
@Test
public final void testCloudIdentity() {
CloudIdentity id = new CloudIdentity();
id.setAdminTenant("AdminTenant");
id.setId("id");
// id.setKeystoneUrl ("keystone");
id.setIdentityUrl("keystone");
id.setMemberRole("member");
id.setMsoId("msoId");
id.setMsoPass(CryptoUtils.encryptCloudConfigPassword("password"));
id.setTenantMetadata(true);
id.setIdentityServerType(null);
id.setIdentityAuthenticationType(null);
assertTrue(id.getAdminTenant().equals("AdminTenant"));
assertTrue(id.getId().equals("id"));
// assertTrue (id.getKeystoneUrl ().equals ("keystone"));
assertTrue(id.getMemberRole().equals("member"));
assertTrue(id.getMsoId().equals("msoId"));
assertTrue(CryptoUtils.decryptCloudConfigPassword(id.getMsoPass()).equals("password"));
assertTrue(id.getTenantMetadata());
// assertTrue (id.toString ().contains ("keystone"));
assertTrue(id.toString().contains("null"));
}
use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.
the class CloudIdentityTest method cloneTest.
@Test
public void cloneTest() {
cloudIdentity = setupCloudIdentity(cloudIdentity, ID, IDENTITY_URL, MSO_ID, MSO_PASS, ADMIN_TENANT, MEMBER_ROLE, TENANT_METADATA, ServerType.ORM, AuthenticationType.USERNAME_PASSWORD);
CloudIdentity cloudIdentity2 = cloudIdentity.clone();
assertEquals(cloudIdentity.getClass(), cloudIdentity2.getClass());
}
use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.
the class MsoKeystoneUtils method createTenant.
/**
* Create a tenant with the specified name in the given cloud. If the tenant already exists, an Exception will be
* thrown. The MSO User will also be added to the "member" list of the new tenant to perform subsequent Nova/Heat
* commands in the tenant. If the MSO User association fails, the entire transaction will be rolled back.
* <p>
* For the AIC Cloud (DCP/LCP): it is not clear that cloudId is needed, as all admin requests go to the centralized
* identity service in DCP. However, if some artifact must exist in each local LCP instance as well, then it will be
* needed to access the correct region.
* <p>
*
* @param tenantName The tenant name to create
* @param cloudSiteId The cloud identifier (may be a region) in which to create the tenant.
* @return the tenant ID of the newly created tenant
* @throws MsoTenantAlreadyExists Thrown if the requested tenant already exists
* @throws MsoOpenstackException Thrown if the Openstack API call returns an exception
*/
public String createTenant(String tenantName, String cloudSiteId, Map<String, String> metadata, boolean backout) throws MsoException {
// Obtain the cloud site information where we will create the tenant
Optional<CloudSite> cloudSiteOpt = cloudConfig.getCloudSite(cloudSiteId);
if (!cloudSiteOpt.isPresent()) {
LOGGER.error("{} MSOCloudSite {} not found {} ", MessageEnum.RA_CREATE_TENANT_ERR, cloudSiteId, ErrorCode.DataError.getValue());
throw new MsoCloudSiteNotFound(cloudSiteId);
}
Keystone keystoneAdminClient = getKeystoneAdminClient(cloudSiteOpt.get());
Tenant tenant = null;
try {
// Check if the tenant already exists
tenant = findTenantByName(keystoneAdminClient, tenantName);
if (tenant != null) {
// Tenant already exists. Throw an exception
LOGGER.error("{} Tenant name {} already exists on Cloud site id {}, {}", MessageEnum.RA_TENANT_ALREADY_EXIST, tenantName, cloudSiteId, ErrorCode.DataError.getValue());
throw new MsoTenantAlreadyExists(tenantName, cloudSiteId);
}
// Does not exist, create a new one
tenant = new Tenant();
tenant.setName(tenantName);
tenant.setDescription("SDN Tenant (via MSO)");
tenant.setEnabled(true);
OpenStackRequest<Tenant> request = keystoneAdminClient.tenants().create(tenant);
tenant = executeAndRecordOpenstackRequest(request);
} catch (OpenStackBaseException e) {
// Convert Keystone OpenStackResponseException to MsoOpenstackException
throw keystoneErrorToMsoException(e, "CreateTenant");
} catch (RuntimeException e) {
// Catch-all
throw runtimeExceptionToMsoException(e, "CreateTenant");
}
// apply tenant metadata if supported by the cloud site
try {
CloudIdentity cloudIdentity = cloudSiteOpt.get().getIdentityService();
User msoUser = findUserByNameOrId(keystoneAdminClient, cloudIdentity.getMsoId());
Role memberRole = findRoleByNameOrId(keystoneAdminClient, cloudIdentity.getMemberRole());
if (msoUser != null && memberRole != null) {
OpenStackRequest<Void> request = keystoneAdminClient.tenants().addUser(tenant.getId(), msoUser.getId(), memberRole.getId());
executeAndRecordOpenstackRequest(request);
}
if (cloudIdentity.getTenantMetadata() && metadata != null && !metadata.isEmpty()) {
Metadata tenantMetadata = new Metadata();
tenantMetadata.setMetadata(metadata);
OpenStackRequest<Metadata> metaRequest = keystoneAdminClient.tenants().createOrUpdateMetadata(tenant.getId(), tenantMetadata);
executeAndRecordOpenstackRequest(metaRequest);
}
} catch (Exception e) {
// so roll back the tenant.
if (!backout) {
LOGGER.warn("{} Create Tenant errored, Tenant deletion suppressed {} ", MessageEnum.RA_CREATE_TENANT_ERR, ErrorCode.DataError.getValue());
} else {
try {
OpenStackRequest<Void> request = keystoneAdminClient.tenants().delete(tenant.getId());
executeAndRecordOpenstackRequest(request);
} catch (Exception e2) {
// Just log this one. We will report the original exception.
LOGGER.error("{} Nested exception rolling back tenant {} ", MessageEnum.RA_CREATE_TENANT_ERR, ErrorCode.DataError.getValue(), e2);
}
}
// Propagate the original exception on user/role/tenant mapping
if (e instanceof OpenStackBaseException) {
// Convert Keystone Exception to MsoOpenstackException
throw keystoneErrorToMsoException((OpenStackBaseException) e, "CreateTenantUser");
} else {
MsoAdapterException me = new MsoAdapterException(e.getMessage(), e);
me.addContext("CreateTenantUser");
throw me;
}
}
return tenant.getId();
}
use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.
the class MsoKeystoneUtils method getKeystoneAdminClient.
// -------------------------------------------------------------------
// PRIVATE UTILITY FUNCTIONS FOR USE WITHIN THIS CLASS
/*
* Get a Keystone Admin client for the Openstack Identity service. This requires an 'admin'-level userId + password
* along with an 'admin' tenant in the target cloud. These values will be retrieved from properties based on the
* specified cloud ID. <p> On successful authentication, the Keystone object will be cached for the cloudId so that
* it can be reused without going back to Openstack every time.
*
* @param cloudId
*
* @return an authenticated Keystone object
*/
public Keystone getKeystoneAdminClient(CloudSite cloudSite) throws MsoException {
CloudIdentity cloudIdentity = cloudSite.getIdentityService();
String adminTenantName = cloudIdentity.getAdminTenant();
String region = cloudSite.getRegionId();
MsoTenantUtils tenantUtils = tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
final String keystoneUrl = tenantUtils.getKeystoneUrl(region, cloudIdentity);
Keystone keystone = new Keystone(keystoneUrl);
// Must authenticate against the 'admin' tenant to get the services endpoints
Access access = null;
String token = null;
try {
Authentication credentials = authenticationMethodFactory.getAuthenticationFor(cloudIdentity);
OpenStackRequest<Access> request = keystone.tokens().authenticate(credentials).withTenantName(adminTenantName);
access = executeAndRecordOpenstackRequest(request);
token = access.getToken().getId();
} catch (OpenStackResponseException e) {
if (e.getStatus() == 401) {
// Authentication error. Can't access admin tenant - something is mis-configured
String error = "MSO Authentication Failed for " + cloudIdentity.getId();
throw new MsoAdapterException(error);
} else {
throw keystoneErrorToMsoException(e, "TokenAuth");
}
} catch (OpenStackConnectException e) {
// Connection to Openstack failed
throw keystoneErrorToMsoException(e, "TokenAuth");
}
// Get the Identity service URL. Throws runtime exception if not found per region.
String adminUrl = null;
try {
adminUrl = KeystoneUtils.findEndpointURL(access.getServiceCatalog(), "identity", region, "public");
adminUrl = adminUrl.replaceFirst("5000", "35357");
} catch (RuntimeException e) {
String error = "Identity service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
LOGGER.error("{} Region: {} Cloud identity {} {} Exception in findEndpointURL ", MessageEnum.IDENTITY_SERVICE_NOT_FOUND, region, cloudIdentity.getId(), ErrorCode.DataError.getValue(), e);
throw new MsoAdapterException(error, e);
}
// A new Keystone object is required for the new URL. Use the auth token from above.
// Note: this doesn't go back to Openstack, it's just a local object.
keystone = new Keystone(adminUrl);
keystone.token(token);
return keystone;
}
use of org.onap.so.db.catalog.beans.CloudIdentity in project so by onap.
the class MsoNeutronUtils method getNeutronClient.
// -------------------------------------------------------------------
// PRIVATE UTILITY FUNCTIONS FOR USE WITHIN THIS CLASS
/**
* Get a Neutron (Quantum) client for the Openstack Network service. This requires a 'member'-level userId +
* password, which will be retrieved from properties based on the specified cloud Id. The tenant in which to operate
* must also be provided.
* <p>
* On successful authentication, the Quantum object will be cached for the tenantID + cloudId so that it can be
* reused without reauthenticating with Openstack every time.
*
* @param cloudSite - a cloud site definition
* @param tenantId - Openstack tenant ID
* @return an authenticated Quantum object
*/
private Quantum getNeutronClient(CloudSite cloudSite, String tenantId) throws MsoException {
String cloudId = cloudSite.getId();
String region = cloudSite.getRegionId();
// Obtain an MSO token for the tenant from the identity service
CloudIdentity cloudIdentity = cloudSite.getIdentityService();
MsoTenantUtils tenantUtils = tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
final String keystoneUrl = tenantUtils.getKeystoneUrl(cloudId, cloudIdentity);
String neutronUrl = null;
String tokenId = null;
try {
if (ServerType.KEYSTONE.equals(cloudIdentity.getIdentityServerType())) {
Keystone keystoneTenantClient = new Keystone(keystoneUrl);
Access access = null;
Authentication credentials = authenticationMethodFactory.getAuthenticationFor(cloudIdentity);
OpenStackRequest<Access> request = keystoneTenantClient.tokens().authenticate(credentials).withTenantId(tenantId);
access = executeAndRecordOpenstackRequest(request, true);
try {
neutronUrl = KeystoneUtils.findEndpointURL(access.getServiceCatalog(), "network", region, "public");
if (!neutronUrl.endsWith("/")) {
neutronUrl += "/v2.0/";
}
} catch (RuntimeException e) {
// This comes back for not found (probably an incorrect region ID)
String error = "Network service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
throw new MsoAdapterException(error, e);
}
tokenId = access.getToken().getId();
} else if (ServerType.KEYSTONE_V3.equals(cloudIdentity.getIdentityServerType())) {
try {
KeystoneAuthHolder holder = keystoneV3Authentication.getToken(cloudSite, tenantId, "network");
tokenId = holder.getId();
neutronUrl = holder.getServiceUrl();
if (!neutronUrl.endsWith("/")) {
neutronUrl += "/v2.0/";
}
} catch (ServiceEndpointNotFoundException e) {
// This comes back for not found (probably an incorrect region ID)
String error = "Network service not found: region=" + region + ",cloud=" + cloudIdentity.getId();
throw new MsoAdapterException(error, e);
}
}
} catch (OpenStackResponseException e) {
if (e.getStatus() == 401) {
// Authentication error.
String error = "Authentication Failure: tenant=" + tenantId + ",cloud=" + cloudIdentity.getId();
throw new MsoAdapterException(error);
} else {
MsoException me = keystoneErrorToMsoException(e, "TokenAuth");
throw me;
}
} catch (OpenStackConnectException e) {
// Connection to Openstack failed
MsoIOException me = new MsoIOException(e.getMessage(), e);
me.addContext("TokenAuth");
throw me;
} catch (RuntimeException e) {
// Catch-all
MsoException me = runtimeExceptionToMsoException(e, "TokenAuth");
throw me;
}
Quantum neutronClient = new Quantum(neutronUrl);
neutronClient.token(tokenId);
return neutronClient;
}
Aggregations