From 39331ca5d21f93655364713e61b877cefbfc1e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= Date: Fri, 23 Sep 2016 13:24:10 -0500 Subject: [PATCH] Use Domains with Keystone v3 in functional tests This patch enables configuration of domains when using Keystone v3 authentication in the functional test suite. Change-Id: If7fbb1924ebb99dc93eacedc371369fe1fa6312f --- etc/barbican/barbican-functional.conf | 8 +- functionaltests/common/auth.py | 6 +- functionaltests/common/client.py | 110 ++++++++++---------------- functionaltests/common/config.py | 2 + 4 files changed, 54 insertions(+), 72 deletions(-) diff --git a/etc/barbican/barbican-functional.conf b/etc/barbican/barbican-functional.conf index ce329b33e..b9ce2bcfb 100644 --- a/etc/barbican/barbican-functional.conf +++ b/etc/barbican/barbican-functional.conf @@ -5,19 +5,23 @@ uri=http://localhost:5000/v3 version=v3 +# Default user credentials username=admin -project_name=admin password=secretadmin +project_name=admin domain_name=Default +# Service user credentials service_admin=service-admin -service_admin_project=service service_admin_password=secretservice +service_admin_project=service +service_admin_domain=Default [rbac_users] # Replace these values that represent additional users for RBAC testing project_a=project_a project_b=project_b +project_domain=Default # users for project_a admin_a=project_a_admin diff --git a/functionaltests/common/auth.py b/functionaltests/common/auth.py index c97d624d6..75b9f0a0e 100644 --- a/functionaltests/common/auth.py +++ b/functionaltests/common/auth.py @@ -22,12 +22,14 @@ STORED_AUTHENTICATION = None class FunctionalTestAuth(auth.AuthBase): - def __init__(self, endpoint, version, username, password, project_name): + def __init__(self, endpoint, version, username, password, + project_name, project_domain): self.endpoint = endpoint self.version = version self.username = username self.password = password self.project_name = project_name + self.project_domain = project_domain self._client = None @@ -64,7 +66,9 @@ class FunctionalTestAuth(auth.AuthBase): self._client = v3_client.Client( username=self.username, password=self.password, + user_domain_name=self.project_domain, project_name=self.project_name, + project_domain_name=self.project_domain, auth_url=self.endpoint ) return self._client.auth_token, self._client.project_id diff --git a/functionaltests/common/client.py b/functionaltests/common/client.py index 596c07fd1..5d53a2cf3 100644 --- a/functionaltests/common/client.py +++ b/functionaltests/common/client.py @@ -38,75 +38,47 @@ class BarbicanClient(object): 'Content-Type': 'application/json', 'Accept': 'application/json' } - self.region = CONF.identity.region - self._default_user_name = CONF.identity.username - self._auth = {} - self._auth[CONF.identity.username] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.identity.username, - password=CONF.identity.password, - project_name=CONF.identity.project_name) - self._auth[CONF.identity.service_admin] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.identity.service_admin, - password=CONF.identity.service_admin_password, - project_name=CONF.identity.service_admin_project) - self._auth[CONF.rbac_users.admin_a] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.admin_a, - password=CONF.rbac_users.admin_a_password, - project_name=CONF.rbac_users.project_a) - self._auth[CONF.rbac_users.creator_a] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.creator_a, - password=CONF.rbac_users.creator_a_password, - project_name=CONF.rbac_users.project_a) - self._auth[CONF.rbac_users.creator_a_2] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.creator_a_2, - password=CONF.rbac_users.creator_a_2_password, - project_name=CONF.rbac_users.project_a) - self._auth[CONF.rbac_users.observer_a] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.observer_a, - password=CONF.rbac_users.observer_a_password, - project_name=CONF.rbac_users.project_a) - self._auth[CONF.rbac_users.auditor_a] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.auditor_a, - password=CONF.rbac_users.auditor_a_password, - project_name=CONF.rbac_users.project_a) - self._auth[CONF.rbac_users.admin_b] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.admin_b, - password=CONF.rbac_users.admin_b_password, - project_name=CONF.rbac_users.project_b) - self._auth[CONF.rbac_users.creator_b] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.creator_b, - password=CONF.rbac_users.creator_b_password, - project_name=CONF.rbac_users.project_b) - self._auth[CONF.rbac_users.observer_b] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.observer_b, - password=CONF.rbac_users.observer_b_password, - project_name=CONF.rbac_users.project_b) - self._auth[CONF.rbac_users.auditor_b] = auth.FunctionalTestAuth( - endpoint=CONF.identity.uri, - version=CONF.identity.version, - username=CONF.rbac_users.auditor_b, - password=CONF.rbac_users.auditor_b_password, - project_name=CONF.rbac_users.project_b) + identity = CONF.identity + self.region = identity.region + self._default_user_name = identity.username + self._auth = dict() + + self._auth[identity.username] = auth.FunctionalTestAuth( + endpoint=identity.uri, + version=identity.version, + username=identity.username, + password=identity.password, + project_name=identity.project_name, + project_domain=identity.domain_name) + + self._auth[identity.service_admin] = auth.FunctionalTestAuth( + endpoint=identity.uri, + version=identity.version, + username=identity.service_admin, + password=identity.service_admin_password, + project_name=identity.service_admin_project, + project_domain=identity.service_admin_domain) + + rbac = CONF.rbac_users + + for user in ['admin_a', 'creator_a', 'creator_a_2', + 'observer_a', 'auditor_a']: + self._auth[getattr(rbac, user)] = auth.FunctionalTestAuth( + endpoint=identity.uri, + version=identity.version, + username=getattr(rbac, user), + password=getattr(rbac, user + '_password'), + project_name=rbac.project_a, + project_domain=rbac.project_domain) + + for user in ['admin_b', 'creator_b', 'observer_b', 'auditor_b']: + self._auth[getattr(rbac, user)] = auth.FunctionalTestAuth( + endpoint=identity.uri, + version=identity.version, + username=getattr(rbac, user), + password=getattr(rbac, user + '_password'), + project_name=rbac.project_b, + project_domain=rbac.project_domain) def get_all_functional_test_user_names(self): retval = [] diff --git a/functionaltests/common/config.py b/functionaltests/common/config.py index 14be4d0df..a83458b7d 100644 --- a/functionaltests/common/config.py +++ b/functionaltests/common/config.py @@ -35,6 +35,7 @@ def setup_config(config_file=''): cfg.StrOpt('region', default='RegionOne'), cfg.StrOpt('service_admin', default='service-admin'), cfg.StrOpt('service_admin_project', default='service'), + cfg.StrOpt('service_admin_domain', default='Default'), cfg.StrOpt('service_admin_password', default='secretservice', secret=True)] TEST_CONF.register_group(identity_group) @@ -44,6 +45,7 @@ def setup_config(config_file=''): rbac_users_options = [ cfg.StrOpt('project_a', default='project_a'), cfg.StrOpt('project_b', default='project_b'), + cfg.StrOpt('project_domain', default='Default'), cfg.StrOpt('admin_a', default='project_a_admin'), cfg.StrOpt('admin_a_password', default='barbican', secret=True), cfg.StrOpt('creator_a', default='project_a_creator'),