From bd8822c954d5513f0da3975b1d43c399ddaf7328 Mon Sep 17 00:00:00 2001
From: Martin Kopec <mkopec@redhat.com>
Date: Wed, 30 Aug 2023 14:34:37 +0000
Subject: [PATCH] Support Admin admin user and role

We didn't take into account that the admin role and user might be
called on with uppercase first letter - Admin - on some systems.
The patch edits the logic so that we accept this admin name or
role.

Story: #2010880
Task: #48601
Change-Id: Ie027de58f77a58f44b31274e6d75dc830d3b717d
---
 config_tempest/tests/test_users.py | 32 ++++++++++++++++++++++++++++++
 config_tempest/users.py            | 28 ++++++++++++++++++++++++--
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/config_tempest/tests/test_users.py b/config_tempest/tests/test_users.py
index 1e28c39b..fa423d5c 100644
--- a/config_tempest/tests/test_users.py
+++ b/config_tempest/tests/test_users.py
@@ -286,6 +286,38 @@ class TestUsers(BaseConfigTempestTest):
             username=self.username,
             role_name=self.role_name)
 
+    @mock.patch('config_tempest.clients.ProjectsClient'
+                '.get_project_by_name')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'users_client.UsersClient.list_users')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'users_client.UsersClient.create_user')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'roles_client.RolesClient.list_roles')
+    @mock.patch('tempest.lib.services.identity.v2.roles_client.'
+                'RolesClient.create_user_role_on_project')
+    def test_give_role_to_user_Admin(
+            self,
+            mock_create_user_role_on_project,
+            mock_list_roles,
+            mock_create_user,
+            mock_list_users,
+            mock_get_project_by_name):
+        mock_get_project_by_name.return_value = {'id': "fake_project_id"}
+        users = self.users
+        users['users'].append(
+            {'name': "Admin", 'id': "Admin_user_id"})
+        roles = self.roles
+        roles['roles'].append(
+            {'name': "Admin", 'id': "Admin_role_id"})
+        mock_list_users.return_value = users
+        mock_list_roles.return_value = roles
+        # using admin as user and role as those are the default values
+        # when discover-tempest-config is executed
+        self.Service.give_role_to_user(
+            username="admin",
+            role_name="admin")
+
     def _check_user_roles(self, user_roles, system_roles):
         self.Service._conf.set('auth', 'tempest_roles', user_roles)
         return self.Service.check_user_roles(system_roles)
diff --git a/config_tempest/users.py b/config_tempest/users.py
index 0b12c68b..a11dbf3e 100644
--- a/config_tempest/users.py
+++ b/config_tempest/users.py
@@ -48,6 +48,28 @@ class Users(object):
 
         self.give_role_to_user(username, role_name='admin')
 
+    def _filter_ids_by_name(self, mode, name, role_name, roles_list):
+        """Filter the id that belongs to the name in the given list.
+
+        :param mode: 'roles' or 'users', depending what we're looking for
+        :param name: Name we want to filter by
+        :param role_name: Name of the role we wanna assign the user
+        :param roles_list: List of roles or users to search in.
+        :return: List containing an id matching the name in the roles_list.
+        :rtype: list
+        """
+        match = [n['id'] for n in roles_list[mode] if n['name'] == name]
+        if not match and role_name == 'admin':
+            # in a few cases there might be the admin role with upper-case
+            # first letter, therefore, let's try Admin
+            name = 'Admin'
+            match = [n['id'] for n in roles_list[mode] if n['name'] == name]
+            if match and mode == 'users':
+                # if we found a match with Admin and we're in the users mode,
+                # change also the admin_username in the tempest.conf
+                self._conf.set('auth', 'admin_username', name)
+        return match
+
     def give_role_to_user(self, username, role_name,
                           role_required=True):
         """Give the user a role in the project.
@@ -59,14 +81,16 @@ class Users(object):
         project_name = self._conf.get('identity', 'project_name')
         proj_id = self.projects_client.get_project_by_name(project_name)['id']
         users = self.users_client.list_users()
-        user_ids = [u['id'] for u in users['users'] if u['name'] == username]
+        user_ids = self._filter_ids_by_name('users', username,
+                                            role_name, users)
         if not user_ids:
             raise Exception("user %s not found" % username)
         user_id = user_ids[0]
 
         roles = self.roles_client.list_roles()
         self.check_user_roles(roles)
-        role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
+        role_ids = self._filter_ids_by_name('roles', role_name,
+                                            role_name, roles)
         if not role_ids:
             if role_required:
                 raise Exception("required role %s not found" % role_name)