--- /dev/null
+# Copyright 2014 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+"""Remove ML2 Cisco Credentials DB
+
+Revision ID: 4eca4a84f08a
+Revises: 33c3db036fe4
+Create Date: 2014-04-10 19:32:46.697189
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '4eca4a84f08a'
+down_revision = '33c3db036fe4'
+
+# Change to ['*'] if this migration applies to all plugins
+
+migration_for_plugins = [
+ 'neutron.plugins.ml2.plugin.Ml2Plugin'
+]
+
+from alembic import op
+import sqlalchemy as sa
+
+from neutron.db import migration
+
+
+def upgrade(active_plugins=None, options=None):
+ if not migration.should_run(active_plugins, migration_for_plugins):
+ return
+
+ op.drop_table('cisco_ml2_credentials')
+
+
+def downgrade(active_plugins=None, options=None):
+ if not migration.should_run(active_plugins, migration_for_plugins):
+ return
+
+ op.create_table(
+ 'cisco_ml2_credentials',
+ sa.Column('credential_id', sa.string(length=255), nullable=True),
+ sa.Column('tenant_id', sa.string(length=255), nullable=False),
+ sa.Column('credential_name', sa.string(length=255), nullable=False),
+ sa.Column('user_name', sa.string(length=255), nullable=True),
+ sa.Column('password', sa.string(length=255), nullable=True),
+ sa.PrimaryKeyConstraint('tenant_id', 'credential_name')
+ )
-33c3db036fe4
+4eca4a84f08a
+++ /dev/null
-# Copyright (c) 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-from neutron.plugins.ml2.drivers.cisco.nexus import config
-from neutron.plugins.ml2.drivers.cisco.nexus import constants as const
-from neutron.plugins.ml2.drivers.cisco.nexus import exceptions as cexc
-from neutron.plugins.ml2.drivers.cisco.nexus import network_db_v2 as cdb
-
-
-TENANT = const.NETWORK_ADMIN
-
-
-class Store(object):
- """ML2 Cisco Mechanism Driver Credential Store."""
-
- @staticmethod
- def initialize():
- _nexus_dict = config.ML2MechCiscoConfig.nexus_dict
- for ipaddr, keyword in _nexus_dict.keys():
- if keyword == const.USERNAME:
- try:
- cdb.add_credential(TENANT, ipaddr,
- _nexus_dict[ipaddr, const.USERNAME],
- _nexus_dict[ipaddr, const.PASSWORD])
- except cexc.CredentialAlreadyExists:
- # We are quietly ignoring this, since it only happens
- # if this class module is loaded more than once, in which
- # case, the credentials are already populated
- pass
-
- @staticmethod
- def put_credential(cred_name, username, password):
- """Set the username and password."""
- cdb.add_credential(TENANT, cred_name, username, password)
-
- @staticmethod
- def get_username(cred_name):
- """Get the username."""
- credential = cdb.get_credential_name(TENANT, cred_name)
- return credential[const.CREDENTIAL_USERNAME]
-
- @staticmethod
- def get_password(cred_name):
- """Get the password."""
- credential = cdb.get_credential_name(TENANT, cred_name)
- return credential[const.CREDENTIAL_PASSWORD]
-
- @staticmethod
- def get_credential(cred_name):
- """Get the username and password."""
- credential = cdb.get_credential_name(TENANT, cred_name)
- return {const.USERNAME: credential[const.CREDENTIAL_USERNAME],
- const.PASSWORD: credential[const.CREDENTIAL_PASSWORD]}
-
- @staticmethod
- def delete_credential(cred_name):
- """Delete a credential."""
- cdb.remove_credential(TENANT, cred_name)
from neutron.plugins.common import constants as p_const
from neutron.plugins.ml2 import driver_api as api
from neutron.plugins.ml2.drivers.cisco.nexus import config as conf
-from neutron.plugins.ml2.drivers.cisco.nexus import credentials_v2 as cred
from neutron.plugins.ml2.drivers.cisco.nexus import exceptions as excep
from neutron.plugins.ml2.drivers.cisco.nexus import nexus_db_v2 as nxos_db
from neutron.plugins.ml2.drivers.cisco.nexus import nexus_network_driver
self._nexus_switches = conf.ML2MechCiscoConfig.nexus_dict
LOG.debug(_("nexus_switches found = %s"), self._nexus_switches)
- self.credentials = {}
self.driver = nexus_network_driver.CiscoNexusDriver()
- # Initialize credential store after database initialization.
- cred.Store.initialize()
-
def _valid_network_segment(self, segment):
return (cfg.CONF.ml2_cisco.managed_physical_network is None or
cfg.CONF.ml2_cisco.managed_physical_network ==
+++ /dev/null
-# Copyright (c) 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-from sqlalchemy.orm import exc
-
-from neutron.db import api as db
-from neutron.openstack.common import log as logging
-from neutron.openstack.common import uuidutils
-from neutron.plugins.ml2.drivers.cisco.nexus import constants as const
-from neutron.plugins.ml2.drivers.cisco.nexus import exceptions as c_exc
-from neutron.plugins.ml2.drivers.cisco.nexus import network_models_v2
-from neutron.plugins.ml2.drivers.cisco.nexus import nexus_models_v2 # noqa
-
-
-LOG = logging.getLogger(__name__)
-
-
-def get_all_credentials(tenant_id):
- """Lists all the creds for a tenant."""
- session = db.get_session()
- return (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).all())
-
-
-def get_credential(tenant_id, credential_id):
- """Lists the creds for given a cred_id and tenant_id."""
- session = db.get_session()
- try:
- cred = (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).
- filter_by(credential_id=credential_id).one())
- return cred
- except exc.NoResultFound:
- raise c_exc.CredentialNotFound(credential_id=credential_id,
- tenant_id=tenant_id)
-
-
-def get_credential_name(tenant_id, credential_name):
- """Lists the creds for given a cred_name and tenant_id."""
- session = db.get_session()
- try:
- cred = (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).
- filter_by(credential_name=credential_name).one())
- return cred
- except exc.NoResultFound:
- raise c_exc.CredentialNameNotFound(credential_name=credential_name,
- tenant_id=tenant_id)
-
-
-def add_credential(tenant_id, credential_name, user_name, password):
- """Adds a qos to tenant association."""
- session = db.get_session()
- try:
- cred = (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).
- filter_by(credential_name=credential_name).one())
- raise c_exc.CredentialAlreadyExists(credential_name=credential_name,
- tenant_id=tenant_id)
- except exc.NoResultFound:
- cred = network_models_v2.Credential(
- credential_id=uuidutils.generate_uuid(),
- tenant_id=tenant_id,
- credential_name=credential_name,
- user_name=user_name,
- password=password)
- session.add(cred)
- session.flush()
- return cred
-
-
-def remove_credential(tenant_id, credential_id):
- """Removes a credential from a tenant."""
- session = db.get_session()
- try:
- cred = (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).
- filter_by(credential_id=credential_id).one())
- session.delete(cred)
- session.flush()
- return cred
- except exc.NoResultFound:
- pass
-
-
-def update_credential(tenant_id, credential_id,
- new_user_name=None, new_password=None):
- """Updates a credential for a tenant."""
- session = db.get_session()
- try:
- cred = (session.query(network_models_v2.Credential).
- filter_by(tenant_id=tenant_id).
- filter_by(credential_id=credential_id).one())
- if new_user_name:
- cred[const.CREDENTIAL_USERNAME] = new_user_name
- if new_password:
- cred[const.CREDENTIAL_PASSWORD] = new_password
- session.merge(cred)
- session.flush()
- return cred
- except exc.NoResultFound:
- raise c_exc.CredentialNotFound(credential_id=credential_id,
- tenant_id=tenant_id)
+++ /dev/null
-# Copyright (c) 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-import sqlalchemy as sa
-
-from neutron.db import model_base
-
-
-class Credential(model_base.BASEV2):
- """Represents credentials for a tenant to control Cisco switches."""
-
- __tablename__ = 'cisco_ml2_credentials'
-
- credential_id = sa.Column(sa.String(255))
- tenant_id = sa.Column(sa.String(255), primary_key=True)
- credential_name = sa.Column(sa.String(255), primary_key=True)
- user_name = sa.Column(sa.String(255))
- password = sa.Column(sa.String(255))
from neutron.openstack.common import log as logging
from neutron.plugins.ml2.drivers.cisco.nexus import config as conf
from neutron.plugins.ml2.drivers.cisco.nexus import constants as const
-from neutron.plugins.ml2.drivers.cisco.nexus import credentials_v2 as cred
from neutron.plugins.ml2.drivers.cisco.nexus import exceptions as cexc
from neutron.plugins.ml2.drivers.cisco.nexus import nexus_db_v2
from neutron.plugins.ml2.drivers.cisco.nexus import nexus_snippets as snipp
def __init__(self):
self.ncclient = None
self.nexus_switches = conf.ML2MechCiscoConfig.nexus_dict
- self.credentials = {}
self.connections = {}
def _import_ncclient(self):
# the original ncclient exception.
raise cexc.NexusConfigFailed(config=config, exc=e)
- def get_credential(self, nexus_ip):
- """Return credential information for a given Nexus IP address.
-
- If credential doesn't exist then also add to local dictionary.
- """
- if nexus_ip not in self.credentials:
- nexus_username = cred.Store.get_username(nexus_ip)
- nexus_password = cred.Store.get_password(nexus_ip)
- self.credentials[nexus_ip] = {
- const.USERNAME: nexus_username,
- const.PASSWORD: nexus_password
- }
- return self.credentials[nexus_ip]
-
def nxos_connect(self, nexus_host):
"""Make SSH connection to the Nexus Switch."""
if getattr(self.connections.get(nexus_host), 'connected', None):
if not self.ncclient:
self.ncclient = self._import_ncclient()
nexus_ssh_port = int(self.nexus_switches[nexus_host, 'ssh_port'])
- nexus_creds = self.get_credential(nexus_host)
- nexus_user = nexus_creds[const.USERNAME]
- nexus_password = nexus_creds[const.PASSWORD]
+ nexus_user = self.nexus_switches[nexus_host, const.USERNAME]
+ nexus_password = self.nexus_switches[nexus_host, const.PASSWORD]
try:
man = self.ncclient.connect(host=nexus_host,
port=nexus_ssh_port,
+++ /dev/null
-# Copyright (c) 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import collections
-import testtools
-
-from neutron.db import api as db
-from neutron.plugins.ml2.drivers.cisco.nexus import exceptions
-from neutron.plugins.ml2.drivers.cisco.nexus import network_db_v2
-from neutron.tests import base
-
-
-class CiscoNetworkCredentialDbTest(base.BaseTestCase):
-
- """Unit tests for Cisco ML2 mechanism driver credentials database."""
-
- CredObj = collections.namedtuple('CredObj',
- 'tenant_id cred_name user_name pwd')
-
- def setUp(self):
- super(CiscoNetworkCredentialDbTest, self).setUp()
- db.configure_db()
- self.addCleanup(db.clear_db)
-
- def _cred_test_obj(self, tenant_num, cred_num):
- """Create a Credential test object from a pair of numbers."""
- tenant_id = 'tenant_%s' % tenant_num
- cred_name = 'credential_%s_%s' % (tenant_num, cred_num)
- user_name = 'user_%s_%s' % (tenant_num, cred_num)
- pwd = 'password_%s_%s' % (tenant_num, cred_num)
- return self.CredObj(tenant_id, cred_name, user_name, pwd)
-
- def _assert_cred_equal(self, db_cred, test_cred):
- """Assert that a database credential matches a credential test obj."""
- self.assertEqual(db_cred.tenant_id, test_cred.tenant_id)
- self.assertEqual(db_cred.credential_name, test_cred.cred_name)
- self.assertEqual(db_cred.user_name, test_cred.user_name)
- self.assertEqual(db_cred.password, test_cred.pwd)
-
- def _get_credential(self, db_cred):
- """Lists credentials that match a credential's tenant and cred IDs."""
- return network_db_v2.get_credential(db_cred.tenant_id,
- db_cred.credential_id)
-
- def _get_credential_name(self, db_cred):
- """Lists credentials that match a cred's tenant ID and cred name."""
- return network_db_v2.get_credential_name(db_cred.tenant_id,
- db_cred.credential_name)
-
- def _add_credential(self, test_cred):
- """Adds a credential to the database."""
- return network_db_v2.add_credential(test_cred.tenant_id,
- test_cred.cred_name,
- test_cred.user_name,
- test_cred.pwd)
-
- def _remove_credential(self, db_cred):
- """Removes a credential from the database."""
- return network_db_v2.remove_credential(db_cred.tenant_id,
- db_cred.credential_id)
-
- def _update_credential(self, db_cred, new_user_name=None,
- new_password=None):
- """Updates a credential with a new user name and password."""
- return network_db_v2.update_credential(db_cred.tenant_id,
- db_cred.credential_id,
- new_user_name,
- new_password)
-
- def test_credential_add_remove(self):
- """Tests add and removal of credential to/from the database."""
- cred11 = self._cred_test_obj(1, 1)
- cred = self._add_credential(cred11)
- self._assert_cred_equal(cred, cred11)
- cred = self._remove_credential(cred)
- self._assert_cred_equal(cred, cred11)
- cred = self._remove_credential(cred)
- self.assertIsNone(cred)
-
- def test_credential_add_dup(self):
- """Tests addition of a duplicate credential to the database."""
- cred22 = self._cred_test_obj(2, 2)
- cred = self._add_credential(cred22)
- self._assert_cred_equal(cred, cred22)
- with testtools.ExpectedException(exceptions.CredentialAlreadyExists):
- self._add_credential(cred22)
- cred = self._remove_credential(cred)
- self._assert_cred_equal(cred, cred22)
- cred = self._remove_credential(cred)
- self.assertIsNone(cred)
-
- def test_credential_get(self):
- """Tests get of credentials by tenant ID and credential ID."""
- cred11 = self._cred_test_obj(1, 1)
- cred11_db = self._add_credential(cred11)
- cred21 = self._cred_test_obj(2, 1)
- cred21_db = self._add_credential(cred21)
- cred22 = self._cred_test_obj(2, 2)
- cred22_db = self._add_credential(cred22)
-
- cred = self._get_credential(cred11_db)
- self._assert_cred_equal(cred, cred11)
- cred = self._get_credential(cred21_db)
- self._assert_cred_equal(cred, cred21)
- cred = self._get_credential(cred22_db)
- self._assert_cred_equal(cred, cred22)
-
- with testtools.ExpectedException(exceptions.CredentialNotFound):
- network_db_v2.get_credential("dummyTenantId", "dummyCredentialId")
-
- cred_all_t1 = network_db_v2.get_all_credentials(cred11.tenant_id)
- self.assertEqual(len(cred_all_t1), 1)
- cred_all_t2 = network_db_v2.get_all_credentials(cred21.tenant_id)
- self.assertEqual(len(cred_all_t2), 2)
-
- def test_credential_get_name(self):
- """Tests get of credential by tenant ID and credential name."""
- cred11 = self._cred_test_obj(1, 1)
- cred11_db = self._add_credential(cred11)
- cred21 = self._cred_test_obj(2, 1)
- cred21_db = self._add_credential(cred21)
- cred22 = self._cred_test_obj(2, 2)
- cred22_db = self._add_credential(cred22)
- self.assertNotEqual(cred11_db.credential_id, cred21_db.credential_id)
- self.assertNotEqual(cred11_db.credential_id, cred22_db.credential_id)
- self.assertNotEqual(cred21_db.credential_id, cred22_db.credential_id)
-
- cred = self._get_credential_name(cred11_db)
- self._assert_cred_equal(cred, cred11)
- cred = self._get_credential_name(cred21_db)
- self._assert_cred_equal(cred, cred21)
- cred = self._get_credential_name(cred22_db)
- self._assert_cred_equal(cred, cred22)
-
- with testtools.ExpectedException(exceptions.CredentialNameNotFound):
- network_db_v2.get_credential_name("dummyTenantId",
- "dummyCredentialName")
-
- def test_credential_update(self):
- """Tests update of a credential with a new user name and password."""
- cred11 = self._cred_test_obj(1, 1)
- cred11_db = self._add_credential(cred11)
- self._update_credential(cred11_db)
- new_user_name = "new user name"
- new_pwd = "new password"
- new_credential = self._update_credential(
- cred11_db, new_user_name, new_pwd)
- expected_cred = self.CredObj(
- cred11.tenant_id, cred11.cred_name, new_user_name, new_pwd)
- self._assert_cred_equal(new_credential, expected_cred)
- new_credential = self._get_credential(cred11_db)
- self._assert_cred_equal(new_credential, expected_cred)
- with testtools.ExpectedException(exceptions.CredentialNotFound):
- network_db_v2.update_credential(
- "dummyTenantId", "dummyCredentialId", new_user_name, new_pwd)
VLAN_ID_PC),
}
- test_credentials = {
- NEXUS_IP_ADDRESS: {
- constants.USERNAME: 'admin',
- constants.PASSWORD: 'pass1234'
- },
- NEXUS_IP_ADDRESS_PC: {
- constants.USERNAME: 'admin',
- constants.PASSWORD: 'password'
- },
- }
-
def setUp(self):
"""Sets up mock ncclient, and switch and credentials dictionaries."""
super(TestCiscoNexusDevice, self).setUp()
host_name)] = nexus_port
mech_instance._nexus_switches[(ip_addr,
'ssh_port')] = NEXUS_SSH_PORT
+ mech_instance._nexus_switches[(ip_addr,
+ constants.USERNAME)] = 'admin'
+ mech_instance._nexus_switches[(ip_addr,
+ constants.PASSWORD)] = 'password'
mech_instance.driver.nexus_switches = (
mech_instance._nexus_switches)
- mech_instance.driver.credentials = (
- TestCiscoNexusDevice.test_credentials)
-
db.configure_db()
mock.patch.object(mech_cisco_nexus.CiscoNexusMechanismDriver,
Code Review / openstack-build / neutron-build.git / commitdiff