openstack/whitebox-tempest-plugin
Code Issues Proposed changes

Use barbican client from barbican-templest-plugin

Browse Source 
Previously we had copy-pasted barbican client code into our own in
order to access secrets. If we install the barbican-tempest-plugin, we
can use their client directly, as explained in [1].

[1] https://docs.openstack.org/tempest/latest/plugins/plugin.html#service-clients

Change-Id: Iccbeef049af5e3a913d7ce56cd29f7dc66517532
This commit is contained in:
Artom Lifshitz 2023-03-27 14:45:56 -04:00
parent 8df1d7fffd
commit d3a8b0ef14
6 changed files with 14 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.zuul.yaml
View File

@ -37,6 +37,7 @@
required-projects: required-projects:
- openstack/whitebox-tempest-plugin - openstack/whitebox-tempest-plugin
- openstack/barbican - openstack/barbican
- openstack/barbican-tempest-plugin
pre-run: playbooks/whitebox/pre.yaml pre-run: playbooks/whitebox/pre.yaml
irrelevant-files: irrelevant-files:
- ^test-requirements.txt$ - ^test-requirements.txt$
@ -51,7 +52,7 @@
devstack_localrc: devstack_localrc:
MAX_COMPUTE_NODES: 2 MAX_COMPUTE_NODES: 2
LIBVIRT_TYPE: kvm LIBVIRT_TYPE: kvm
TEMPEST_PLUGINS: /opt/stack/whitebox-tempest-plugin TEMPEST_PLUGINS: /opt/stack/whitebox-tempest-plugin /opt/stack/barbican-tempest-plugin
WHITEBOX_PRIVKEY_PATH: /home/tempest/.ssh/id_rsa WHITEBOX_PRIVKEY_PATH: /home/tempest/.ssh/id_rsa
WHITEBOX_CPU_MODEL: Nehalem WHITEBOX_CPU_MODEL: Nehalem
WHITEBOX_CPU_MODEL_EXTRA_FLAGS: vme,+ssse3,-mmx WHITEBOX_CPU_MODEL_EXTRA_FLAGS: vme,+ssse3,-mmx

17
whitebox_tempest_plugin/api/compute/test_vtpm.py
View File

@ -15,6 +15,8 @@
from tempest import config from tempest import config
from tempest.exceptions import BuildErrorException from tempest.exceptions import BuildErrorException
from tempest.lib.services import clients
from whitebox_tempest_plugin.api.compute import base from whitebox_tempest_plugin.api.compute import base
CONF = config.CONF CONF = config.CONF
@ -39,10 +41,14 @@ class VTPMTest(base.BaseWhiteboxComputeTest):
@classmethod @classmethod
def setup_clients(cls): def setup_clients(cls):
super(VTPMTest, cls).setup_clients() super(VTPMTest, cls).setup_clients()
os = getattr(cls, 'os_primary') if CONF.identity.auth_version == 'v3':
cls.secret_client = os.secret_v1.SecretClient( auth_uri = CONF.identity.uri_v3
service='key-manager' else:
) auth_uri = CONF.identity.uri
service_clients = clients.ServiceClients(cls.os_primary.credentials,
auth_uri)
cls.os_primary.secrets_client = service_clients.secret_v1.SecretClient(
service='key-manager')
def _vptm_server_creation_check(self, vtpm_model, vtpm_version): def _vptm_server_creation_check(self, vtpm_model, vtpm_version):
"""Test to verify creating server with vTPM device """Test to verify creating server with vTPM device
@ -82,7 +88,8 @@ class VTPMTest(base.BaseWhiteboxComputeTest):
# Get the secret uuid and get secret details from barbican # Get the secret uuid and get secret details from barbican
secret_uuid = secret_uuid = vtpm_secret_element.get('secret') secret_uuid = secret_uuid = vtpm_secret_element.get('secret')
secret_info = self.secret_client.get_secret(secret_uuid) secret_info = self.os_primary.secrets_client.get_secret_metadata(
secret_uuid)
# Confirm the secret is ACTIVE and its description mentions the # Confirm the secret is ACTIVE and its description mentions the
# respective server uuid and it is used for vTPM # respective server uuid and it is used for vTPM

11
whitebox_tempest_plugin/plugin.py
View File

@ -56,14 +56,3 @@ class WhiteboxTempestPlugin(plugins.TempestPlugin):
whitebox_config.database_opts), whitebox_config.database_opts),
(whitebox_config.hardware_group.name, (whitebox_config.hardware_group.name,
whitebox_config.hardware_opts)] whitebox_config.hardware_opts)]
def get_service_clients(self):
v1_params = {
'name': 'secret_v1',
'service_version': 'secret.v1',
'module_path': 'whitebox_tempest_plugin.services.key_manager.json',
'client_names': [
'SecretClient'
]
}
return [v1_params]

22
whitebox_tempest_plugin/services/key_manager/json/__init__.py
View File

@ -1,22 +0,0 @@
# Copyright 2021 Red Hat Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from whitebox_tempest_plugin.services.key_manager.json.secret_client \
import SecretClient
__all__ = [
'SecretClient',
]

30
whitebox_tempest_plugin/services/key_manager/json/base.py
View File

@ -1,30 +0,0 @@
# Copyright 2021 Red Hat Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.lib.common import rest_client
_DEFAULT_SERVICE_TYPE = 'key-manager'
class BarbicanTempestClient(rest_client.RestClient):
def __init__(self, *args, **kwargs):
kwargs['service'] = _DEFAULT_SERVICE_TYPE
super().__init__(*args, **kwargs)
@classmethod
def ref_to_uuid(cls, href):
return href.split('/')[-1]

48
whitebox_tempest_plugin/services/key_manager/json/secret_client.py
View File

@ -1,48 +0,0 @@
# Copyright 2021 Red Hat Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest import config
from whitebox_tempest_plugin.services.key_manager.json import base
CONF = config.CONF
class SecretClient(base.BarbicanTempestClient):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self._secret_ids = set()
def get_secret(self, secret_id):
resp, body = self.get("v1/secrets/%s" % secret_id)
self.expected_success(200, resp.status)
return self._parse_resp(body)
def list_secrets(self, **kwargs):
uri = "v1/secrets"
if kwargs is not None:
uri = '{base}?'.format(base=uri)
for key in kwargs.keys():
uri = '{base}&{name}={value}'.format(
base=uri,
name=key,
value=kwargs[key]
)
resp, body = self.get(uri)
self.expected_success(200, resp.status)
return self._parse_resp(body)