From: Adam Israel Date: Thu, 25 Apr 2019 21:17:05 +0000 (-0400) Subject: Add Juju Public Key X-Git-Tag: v6.0.0~11 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F24%2F7424%2F4;p=osm%2FN2VC.git Add Juju Public Key This commit adds the requirement to provide the Juju public key to N2VC - Updates integration testing to use public key - Updates N2VC to accept juju_public_key and ca-cert - Updated docstring of N2VC constructor Change-Id: I4cad1f8c39024137a23060000d7502aad56ac644 Signed-off-by: Adam Israel --- diff --git a/README.md b/README.md index bed6c90..dc0f747 100644 --- a/README.md +++ b/README.md @@ -55,12 +55,19 @@ A basic test has been written to exercise the functionality of the library, and Export a few environment variables so the test knows where to find the VCA, and the compiled pingpong charm from the devops repository. ```bash +# The directory where the Juju configuration is stored +export VCA_PATH=~/.local/share/juju + # You can find the ip of the VCA by running `juju status -m controller` and looking for the DNS for Machine 0 -export VCA_HOST= +export VCA_HOST=`juju show-controller --format=json | jq -r '.osm["details"]["api-endpoints"][0]'|awk -F: '{print $1}'` export VCA_PORT=17070 + # You can find these variables in ~/.local/share/juju/accounts.yaml export VCA_USER=admin export VCA_SECRET=PASSWORD + +export LXD_HOST=`ifconfig lxdbr0 | grep 'inet '| cut -d: -f2 | awk '{ print $2}'` +export LXD_SECRET= ``` ### Run the test(s) diff --git a/n2vc/vnf.py b/n2vc/vnf.py index a486f27..38a9d15 100644 --- a/n2vc/vnf.py +++ b/n2vc/vnf.py @@ -147,22 +147,34 @@ class N2VC: secret=None, artifacts=None, loop=None, + juju_public_key=None, + ca_cert=None, ): """Initialize N2VC - - :param vcaconfig dict A dictionary containing the VCA configuration - - :param artifacts str The directory where charms required by a vnfd are + :param log obj: The logging object to log to + :param server str: The IP Address or Hostname of the Juju controller + :param port int: The port of the Juju Controller + :param user str: The Juju username to authenticate with + :param secret str: The Juju password to authenticate with + :param artifacts str: The directory where charms required by a vnfd are stored. + :param loop obj: The loop to use. + :param juju_public_key str: The contents of the Juju public SSH key + :param ca_cert str: The CA certificate to use to authenticate + :Example: - n2vc = N2VC(vcaconfig={ - 'secret': 'MzI3MDJhOTYxYmM0YzRjNTJiYmY1Yzdm', - 'user': 'admin', - 'ip-address': '10.44.127.137', - 'port': 17070, - 'artifacts': '/path/to/charms' - }) + client = n2vc.vnf.N2VC( + log=log, + server='10.1.1.28', + port=17070, + user='admin', + secret='admin', + artifacts='/app/storage/myvnf/charms', + loop=loop, + juju_public_key='', + ca_cert='', + ) """ # Initialize instance-level variables @@ -189,6 +201,12 @@ class N2VC: self.username = "" self.secret = "" + self.juju_public_key = juju_public_key + if juju_public_key: + self._create_juju_public_key(juju_public_key) + + self.ca_cert = ca_cert + if log: self.log = log else: @@ -221,6 +239,25 @@ class N2VC: """Close any open connections.""" yield self.logout() + def _create_juju_public_key(self, public_key): + """Recreate the Juju public key on disk. + + Certain libjuju commands expect to be run from the same machine as Juju + is bootstrapped to. This method will write the public key to disk in + that location: ~/.local/share/juju/ssh/juju_id_rsa.pub + """ + if public_key is None or len(public_key) == 0: + return + + path = "{}/.local/share/juju/ssh".format( + os.path.expanduser('~'), + ) + if not os.path.exists(path): + os.makedirs(path) + + with open('{}/juju_id_rsa.pub'.format(path), 'w') as f: + f.write(public_key) + def notify_callback(self, model_name, application_name, status, message, callback=None, *callback_args): try: @@ -1089,7 +1126,6 @@ class N2VC: self.log.debug("JujuApi: Logging into controller") - cacert = None self.controller = Controller(loop=self.loop) if self.secret: @@ -1105,7 +1141,7 @@ class N2VC: endpoint=self.endpoint, username=self.user, password=self.secret, - cacert=cacert, + cacert=self.ca_cert, ) self.refcount['controller'] += 1 else: diff --git a/tests/base.py b/tests/base.py index a0a2b78..912eab9 100644 --- a/tests/base.py +++ b/tests/base.py @@ -22,17 +22,6 @@ logging.getLogger("urllib3").setLevel(logging.WARNING) here = os.path.dirname(os.path.realpath(__file__)) -def is_bootstrapped(): - result = subprocess.run(['juju', 'switch'], stdout=subprocess.PIPE) - return ( - result.returncode == 0 and len(result.stdout.decode().strip()) > 0) - - -bootstrapped = pytest.mark.skipif( - not is_bootstrapped(), - reason='bootstrapped Juju environment required') - - class CleanController(): """ Context manager that automatically connects and disconnects from @@ -130,6 +119,26 @@ def get_n2vc(loop=None): vca_charms = os.getenv('VCA_CHARMS', None) vca_secret = os.getenv('VCA_SECRET', None) + # Get the Juju Public key + juju_public_key = get_juju_public_key() + if juju_public_key: + debug("Reading Juju public key @ {}".format(juju_public_key)) + with open(juju_public_key, 'r') as f: + juju_public_key = f.read() + debug("Found public key: {}".format(juju_public_key)) + else: + raise Exception("No Juju Public Key found") + + # Get the ca-cert + # os.path.expanduser("~/.config/lxc") + # with open("{}/agent.conf".format(AGENT_PATH), "r") as f: + # try: + # y = yaml.safe_load(f) + # self.cacert = y['cacert'] + # except yaml.YAMLError as exc: + # log("Unable to find Juju ca-cert.") + # raise exc + client = n2vc.vnf.N2VC( log=log, server=vca_host, @@ -137,7 +146,8 @@ def get_n2vc(loop=None): user=vca_user, secret=vca_secret, artifacts=vca_charms, - loop=loop + loop=loop, + juju_public_key=juju_public_key, ) return client @@ -157,6 +167,9 @@ def create_lxd_container(public_key=None, name="test_name"): name = name.replace("_", "-").replace(".", "") client = get_lxd_client() + if not client: + raise Exception("Unable to connect to LXD") + test_machine = "test-{}-{}".format( uuid.uuid4().hex[-4:], name, @@ -389,7 +402,7 @@ def find_juju_ssh_keys(): """Find the Juju ssh keys.""" paths = [] - paths.append(os.path.expanduser("~/.local/share/juju/ssh/")) + paths.append(os.path.expanduser("~/.local/share/juju/ssh")) for path in paths: if os.path.exists(path): @@ -405,8 +418,41 @@ def get_juju_private_key(): return keys[0] -def get_lxd_client(host="127.0.0.1", port="8443", verify=False): +def get_juju_public_key(): + """Find the Juju public key.""" + paths = [] + + if 'VCA_PATH' in os.environ: + paths.append("{}/ssh".format(os.environ["VCA_PATH"])) + + paths.append(os.path.expanduser("~/.local/share/juju/ssh")) + paths.append("/root/.local/share/juju/ssh") + + for path in paths: + if os.path.exists(path): + public = os.path.expanduser("{}/juju_id_rsa.pub".format(path)) + if os.path.exists(public): + return public + return None + + +def get_lxd_client(host=None, port="8443", verify=False): """ Get the LXD client.""" + + if host is None: + if 'LXD_HOST' in os.environ: + host = os.environ['LXD_HOST'] + else: + host = '127.0.0.1' + + passwd = None + if 'LXD_SECRET' in os.environ: + passwd = os.environ['LXD_SECRET'] + + # debug("Connecting to LXD remote {} w/authentication ({})".format( + # host, + # passwd + # )) client = None (crt, key) = find_lxd_config() @@ -417,6 +463,16 @@ def get_lxd_client(host="127.0.0.1", port="8443", verify=False): verify=verify, ) + # If the LXD server has a pasword set, authenticate with it. + if not client.trusted and passwd: + try: + client.authenticate(passwd) + if not client.trusted: + raise Exception("Unable to authenticate with LXD remote") + except pylxd.exceptions.LXDAPIException as ex: + if 'Certificate already in trust store' in ex: + pass + return client @@ -429,9 +485,15 @@ class TestN2VC(object): """TODO: 1. Validator Validation - Automatically validate the descriptors we're using here, unless the test author explicitly wants to skip them. Useful to make sure tests aren't being run against invalid descriptors, validating functionality that may fail against a properly written descriptor. + Automatically validate the descriptors we're using here, unless the test + author explicitly wants to skip them. Useful to make sure tests aren't + being run against invalid descriptors, validating functionality that may + fail against a properly written descriptor. - We need to have a flag (instance variable) that controls this behavior. It may be necessary to skip validation and run against a descriptor implementing features that have not yet been released in the Information Model. + We need to have a flag (instance variable) that controls this behavior. It + may be necessary to skip validation and run against a descriptor + implementing features that have not yet been released in the Information + Model. """ """ @@ -481,6 +543,7 @@ class TestN2VC(object): # Build the charm(s) needed for this test for charm in self.get_charm_names(): + # debug("Building charm {}".format(charm)) self.get_charm(charm) # A bit of a hack, in order to allow the N2VC callback to run parallel @@ -586,11 +649,14 @@ class TestN2VC(object): Returns: The path to the built charm or None if `charm build` failed. """ - # Make sure the charm snap is installed + charm_cmd = None try: subprocess.check_call(['which', 'charm']) + charm_cmd = "charm build" except subprocess.CalledProcessError: + # charm_cmd = "charm-build" + # debug("Using legacy charm-build") raise Exception("charm snap not installed.") if charm not in self.artifacts: @@ -599,15 +665,21 @@ class TestN2VC(object): # Currently, the snap-installed command only has write access # to the $HOME (changing in an upcoming release) so writing to # /tmp isn't possible at the moment. - builds = get_charm_path() + builds = get_charm_path() if not os.path.exists("{}/builds/{}".format(builds, charm)): - cmd = "charm build --no-local-layers {}/{} -o {}/".format( + cmd = "{} --no-local-layers {}/{} -o {}/".format( + charm_cmd, get_layer_path(), charm, builds, ) - subprocess.check_call(shlex.split(cmd)) + # debug(cmd) + + env = os.environ.copy() + env["CHARM_BUILD_DIR"] = builds + + subprocess.check_call(shlex.split(cmd), env=env) except subprocess.CalledProcessError as e: # charm build will return error code 100 if the charm fails diff --git a/tests/charms/layers/metrics-ci/README.ex b/tests/charms/layers/metrics-ci/README.ex deleted file mode 100755 index b6816b2..0000000 --- a/tests/charms/layers/metrics-ci/README.ex +++ /dev/null @@ -1,65 +0,0 @@ -# Overview - -Describe the intended usage of this charm and anything unique about how this -charm relates to others here. - -This README will be displayed in the Charm Store, it should be either Markdown -or RST. Ideal READMEs include instructions on how to use the charm, expected -usage, and charm features that your audience might be interested in. For an -example of a well written README check out Hadoop: -http://jujucharms.com/charms/precise/hadoop - -Use this as a Markdown reference if you need help with the formatting of this -README: http://askubuntu.com/editing-help - -This charm provides [service][]. Add a description here of what the service -itself actually does. - -Also remember to check the [icon guidelines][] so that your charm looks good -in the Juju GUI. - -# Usage - -Step by step instructions on using the charm: - -juju deploy servicename - -and so on. If you're providing a web service or something that the end user -needs to go to, tell them here, especially if you're deploying a service that -might listen to a non-default port. - -You can then browse to http://ip-address to configure the service. - -## Scale out Usage - -If the charm has any recommendations for running at scale, outline them in -examples here. For example if you have a memcached relation that improves -performance, mention it here. - -## Known Limitations and Issues - -This not only helps users but gives people a place to start if they want to help -you add features to your charm. - -# Configuration - -The configuration options will be listed on the charm store, however If you're -making assumptions or opinionated decisions in the charm (like setting a default -administrator password), you should detail that here so the user knows how to -change it immediately, etc. - -# Contact Information - -Though this will be listed in the charm store itself don't assume a user will -know that, so include that information here: - -## Upstream Project Name - - - Upstream website - - Upstream bug tracker - - Upstream mailing list or contact information - - Feel free to add things if it's useful for users - - -[service]: http://example.com -[icon guidelines]: https://jujucharms.com/docs/stable/authors-charm-icon diff --git a/tests/charms/layers/metrics-ci/README.md b/tests/charms/layers/metrics-ci/README.md new file mode 100755 index 0000000..a765b72 --- /dev/null +++ b/tests/charms/layers/metrics-ci/README.md @@ -0,0 +1,3 @@ +# Overview + +Metrics collection via machine charm \ No newline at end of file diff --git a/tests/charms/layers/metrics-proxy-ci/README.ex b/tests/charms/layers/metrics-proxy-ci/README.ex deleted file mode 100644 index b6816b2..0000000 --- a/tests/charms/layers/metrics-proxy-ci/README.ex +++ /dev/null @@ -1,65 +0,0 @@ -# Overview - -Describe the intended usage of this charm and anything unique about how this -charm relates to others here. - -This README will be displayed in the Charm Store, it should be either Markdown -or RST. Ideal READMEs include instructions on how to use the charm, expected -usage, and charm features that your audience might be interested in. For an -example of a well written README check out Hadoop: -http://jujucharms.com/charms/precise/hadoop - -Use this as a Markdown reference if you need help with the formatting of this -README: http://askubuntu.com/editing-help - -This charm provides [service][]. Add a description here of what the service -itself actually does. - -Also remember to check the [icon guidelines][] so that your charm looks good -in the Juju GUI. - -# Usage - -Step by step instructions on using the charm: - -juju deploy servicename - -and so on. If you're providing a web service or something that the end user -needs to go to, tell them here, especially if you're deploying a service that -might listen to a non-default port. - -You can then browse to http://ip-address to configure the service. - -## Scale out Usage - -If the charm has any recommendations for running at scale, outline them in -examples here. For example if you have a memcached relation that improves -performance, mention it here. - -## Known Limitations and Issues - -This not only helps users but gives people a place to start if they want to help -you add features to your charm. - -# Configuration - -The configuration options will be listed on the charm store, however If you're -making assumptions or opinionated decisions in the charm (like setting a default -administrator password), you should detail that here so the user knows how to -change it immediately, etc. - -# Contact Information - -Though this will be listed in the charm store itself don't assume a user will -know that, so include that information here: - -## Upstream Project Name - - - Upstream website - - Upstream bug tracker - - Upstream mailing list or contact information - - Feel free to add things if it's useful for users - - -[service]: http://example.com -[icon guidelines]: https://jujucharms.com/docs/stable/authors-charm-icon diff --git a/tests/charms/layers/metrics-proxy-ci/README.md b/tests/charms/layers/metrics-proxy-ci/README.md new file mode 100644 index 0000000..e96f02f --- /dev/null +++ b/tests/charms/layers/metrics-proxy-ci/README.md @@ -0,0 +1,3 @@ +# Overview + +Test charm for metrics collection via proxy. \ No newline at end of file diff --git a/tests/charms/layers/native-ci/metadata.yaml b/tests/charms/layers/native-ci/metadata.yaml index 0460e48..ba6ffe9 100644 --- a/tests/charms/layers/native-ci/metadata.yaml +++ b/tests/charms/layers/native-ci/metadata.yaml @@ -4,9 +4,9 @@ description: A native VNF charm maintainer: Adam Israel subordinate: false series: ['xenial'] -provides: - db: - interface: mysql -requires: - app: - interface: mysql +# provides: +# db: +# interface: mysql +# requires: +# app: +# interface: mysql diff --git a/tests/charms/layers/native-ci/reactive/native-ci.py b/tests/charms/layers/native-ci/reactive/native-ci.py index 9e5fe67..a339ef0 100644 --- a/tests/charms/layers/native-ci/reactive/native-ci.py +++ b/tests/charms/layers/native-ci/reactive/native-ci.py @@ -44,19 +44,19 @@ def testint(): clear_flag('actions.testint') -@when('db.joined') -def provides_db(db): - """Simulate providing database credentials.""" - db.configure( - database="mydb", - user="myuser", - password="mypassword", - host="myhost", - slave="myslave", - ) - - -@when('db.available') -def requires_db(db): - """Simulate receiving database credentials.""" - pass +# @when('db.joined') +# def provides_db(db): +# """Simulate providing database credentials.""" +# db.configure( +# database="mydb", +# user="myuser", +# password="mypassword", +# host="myhost", +# slave="myslave", +# ) + + +# @when('db.available') +# def requires_db(db): +# """Simulate receiving database credentials.""" +# pass diff --git a/tests/charms/layers/simple/README.md b/tests/charms/layers/simple/README.md index f9d6eed..5504db4 100644 --- a/tests/charms/layers/simple/README.md +++ b/tests/charms/layers/simple/README.md @@ -1,53 +1,3 @@ # Overview -This is an example charm as demonstrated in the OSM [Hackfest](https://osm.etsi.org/wikipub/index.php/OSM_workshops_and_events) series. - -This is intended to provide a well-documented example of the proxy charm written by Hackfest participants. - -# Prerequisites - -There are two ways that you can exercise this charm: install the latest stable release of OSM or use Juju directly. - -The workshop materials and tutorials cover using charms as part of OSM. You can follow that approach, but this README will focus on using Juju directly. We highly recommend that vendors and charm developers use this approach for the initial development of the charm. - -## Ubuntu 16.04 or higher - -We recommend using Ubuntu 16.04 or higher for the development and testing of charms. It is assumed that you have installed Ubuntu either on physical hardware or in a Virtual Machine. - -## Install LXD and Juju - -We will be installing the required software via snap. Snaps are containerised software packages, preferred because they are easy to create and install, will automatically update to the latest stable version, and contain bundled dependencies. - -``` -snap install lxd -snap install juju -snap install charm -``` - -# Usage - - -## Known Limitations and Issues - -This not only helps users but gives people a place to start if they want to help -you add features to your charm. - -# Configuration - -The configuration options will be listed on the charm store, however If you're -making assumptions or opinionated decisions in the charm (like setting a default -administrator password), you should detail that here so the user knows how to -change it immediately, etc. - -# Contact Information - -## Upstream Project Name - - - Upstream website - - Upstream bug tracker - - Upstream mailing list or contact information - - Feel free to add things if it's useful for users - - -[service]: http://example.com -[icon guidelines]: https://jujucharms.com/docs/stable/authors-charm-icon +A simple charm \ No newline at end of file diff --git a/tests/charms/layers/simple/reactive/simple.py b/tests/charms/layers/simple/reactive/simple.py index 802d60c..af6644b 100644 --- a/tests/charms/layers/simple/reactive/simple.py +++ b/tests/charms/layers/simple/reactive/simple.py @@ -11,6 +11,7 @@ from charms.reactive import ( when_not, ) import charms.sshproxy +import os @when('sshproxy.configured') @@ -31,6 +32,10 @@ def install_simple_proxy_charm(): @when('actions.touch') def touch(): + if not in_action_context(): + clear_flag('actions.touch') + return + err = '' try: filename = action_get('filename') @@ -42,3 +47,8 @@ def touch(): action_set({'output': result}) finally: clear_flag('actions.touch') + + +def in_action_context(): + """Determine whether we're running on an action context.""" + return 'JUJU_ACTION_UUID' in os.environ diff --git a/tox.ini b/tox.ini index c54d27d..481bb9d 100644 --- a/tox.ini +++ b/tox.ini @@ -14,14 +14,18 @@ markers = [testenv] basepython=python3 usedevelop=True + # for testing with other python versions commands = py.test --ignore modules/ --ignore tests/charms/ --tb native -ra -v -s -n auto -k 'not integration' -m 'not serial' {posargs} passenv = HOME + VCA_PATH VCA_HOST VCA_PORT VCA_USER VCA_SECRET + LXD_HOST + LXD_SECRET # These are needed so executing `charm build` succeeds TERM TERMINFO