From 878d5ab9d173ecf4f3847dd0e2273aaba4b8011e Mon Sep 17 00:00:00 2001 From: Andrea Frittoli Date: Fri, 30 Jan 2015 13:22:50 +0000 Subject: [PATCH] Remove auth_version config from get_credentials In preparation for migration to tempest-lib, add a new parameter to get_credentials to specify the identity version. Define a wrapper cred_provider.get_credentials that exposes the same signature auth.get_credetials use to have, and switch all consumers to use the cred_provider version. Do not raise InvalidConfiguration from auth module. Adapt unit tests accordingly, and remove their dependency to fake configs, to prepare them as well for migration to tempest-lib. Change-Id: Idd467166b7547b55be4cee076c9913c72b7b5a8d --- tempest/api/identity/admin/v3/test_trusts.py | 4 +-- tempest/api/identity/base.py | 12 +++---- tempest/auth.py | 35 ++++++++++---------- tempest/cmd/cleanup.py | 5 +-- tempest/common/accounts.py | 9 +++-- tempest/common/cred_provider.py | 11 +++++- tempest/common/isolated_creds.py | 3 +- tempest/exceptions.py | 4 +++ tempest/stress/driver.py | 8 ++--- tempest/tests/test_auth.py | 7 +--- tempest/tests/test_credentials.py | 17 +++------- 11 files changed, 58 insertions(+), 57 deletions(-) diff --git a/tempest/api/identity/admin/v3/test_trusts.py b/tempest/api/identity/admin/v3/test_trusts.py index cd28e96f15..76124e0759 100644 --- a/tempest/api/identity/admin/v3/test_trusts.py +++ b/tempest/api/identity/admin/v3/test_trusts.py @@ -14,8 +14,8 @@ import datetime import re from tempest.api.identity import base -from tempest import auth from tempest import clients +from tempest.common import cred_provider from tempest.common.utils import data_utils from tempest import config from tempest import exceptions @@ -87,7 +87,7 @@ class BaseTrustsV3Test(base.BaseIdentityV3AdminTest): self.assertIsNotNone(self.trustee_user_id) # Initialize a new client with the trustor credentials - creds = auth.get_credentials( + creds = cred_provider.get_credentials( username=self.trustor_username, password=self.trustor_password, tenant_name=self.trustor_project_name) diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py index 08bfd4f6dd..b2d96fb413 100644 --- a/tempest/api/identity/base.py +++ b/tempest/api/identity/base.py @@ -14,8 +14,8 @@ # under the License. -from tempest import auth from tempest import clients +from tempest.common import cred_provider from tempest.common.utils import data_utils from tempest import config from tempest import exceptions @@ -149,11 +149,11 @@ class DataGenerator(object): @property def test_credentials(self): - return auth.get_credentials(username=self.test_user, - user_id=self.user['id'], - password=self.test_password, - tenant_name=self.test_tenant, - tenant_id=self.tenant['id']) + return cred_provider.get_credentials(username=self.test_user, + user_id=self.user['id'], + password=self.test_password, + tenant_name=self.test_tenant, + tenant_id=self.tenant['id']) def setup_test_user(self): """Set up a test user.""" diff --git a/tempest/auth.py b/tempest/auth.py index 5820893fff..9645a2edb3 100644 --- a/tempest/auth.py +++ b/tempest/auth.py @@ -44,7 +44,6 @@ class AuthProvider(object): :param interface: 'json' or 'xml'. Applicable for tempest client only (deprecated: only json now supported) """ - credentials = self._convert_credentials(credentials) if self.check_credentials(credentials): self.credentials = credentials else: @@ -54,13 +53,6 @@ class AuthProvider(object): self.alt_auth_data = None self.alt_part = None - def _convert_credentials(self, credentials): - # Support dict credentials for backwards compatibility - if isinstance(credentials, dict): - return get_credentials(**credentials) - else: - return credentials - def __str__(self): return "Creds :{creds}, interface: {interface}, " \ "cached auth data: {cache}".format( @@ -440,7 +432,11 @@ class KeystoneV3AuthProvider(KeystoneAuthProvider): datetime.datetime.utcnow() -def get_credentials(fill_in=True, **kwargs): +def is_identity_version_supported(identity_version): + return identity_version in IDENTITY_VERSION + + +def get_credentials(fill_in=True, identity_version='v2', **kwargs): """ Builds a credentials object based on the configured auth_version @@ -448,6 +444,8 @@ def get_credentials(fill_in=True, **kwargs): details provided by the identity service. When fill_in is not specified, credentials are not validated. Validation can be invoked by invoking ``is_valid()`` + :param identity_version (string): identity API version is used to + select the matching auth provider and credentials class :param kwargs (dict): Dict of credential key/value pairs Examples: @@ -458,14 +456,13 @@ def get_credentials(fill_in=True, **kwargs): Returns credentials including IDs: >>> get_credentials(username='foo', password='bar', fill_in=True) """ - if CONF.identity.auth_version == 'v2': - credential_class = KeystoneV2Credentials - auth_provider_class = KeystoneV2AuthProvider - elif CONF.identity.auth_version == 'v3': - credential_class = KeystoneV3Credentials - auth_provider_class = KeystoneV3AuthProvider - else: - raise exceptions.InvalidConfiguration('Unsupported auth version') + if not is_identity_version_supported(identity_version): + raise exceptions.InvalidIdentityVersion( + identity_version=identity_version) + + credential_class, auth_provider_class = IDENTITY_VERSION.get( + identity_version) + creds = credential_class(**kwargs) # Fill in the credentials fields that were not specified if fill_in: @@ -638,3 +635,7 @@ class KeystoneV3Credentials(Credentials): self.project_id is not None, self.project_name is not None and valid_project_domain]) return all([self.password is not None, valid_user, valid_project]) + + +IDENTITY_VERSION = {'v2': (KeystoneV2Credentials, KeystoneV2AuthProvider), + 'v3': (KeystoneV3Credentials, KeystoneV3AuthProvider)} diff --git a/tempest/cmd/cleanup.py b/tempest/cmd/cleanup.py index 28992b90dc..c52704a881 100755 --- a/tempest/cmd/cleanup.py +++ b/tempest/cmd/cleanup.py @@ -54,9 +54,9 @@ import argparse import json import sys -from tempest import auth from tempest import clients from tempest.cmd import cleanup_service +from tempest.common import cred_provider from tempest import config from tempest.openstack.common import log as logging @@ -159,7 +159,8 @@ class Cleanup(object): kwargs = {"username": CONF.identity.admin_username, "password": CONF.identity.admin_password, "tenant_name": tenant['name']} - mgr = clients.Manager(credentials=auth.get_credentials(**kwargs)) + mgr = clients.Manager(credentials=cred_provider.get_credentials( + **kwargs)) kwargs = {'data': tenant_data, 'is_dry_run': is_dry_run, 'saved_state_json': None, diff --git a/tempest/common/accounts.py b/tempest/common/accounts.py index 35a1f86e9c..dd8d49857a 100644 --- a/tempest/common/accounts.py +++ b/tempest/common/accounts.py @@ -17,7 +17,6 @@ import os import yaml -from tempest import auth from tempest.common import cred_provider from tempest import config from tempest import exceptions @@ -123,7 +122,7 @@ class Accounts(cred_provider.CredentialProvider): if self.isolated_creds.get('primary'): return self.isolated_creds.get('primary') creds = self._get_creds() - primary_credential = auth.get_credentials(**creds) + primary_credential = cred_provider.get_credentials(**creds) self.isolated_creds['primary'] = primary_credential return primary_credential @@ -131,7 +130,7 @@ class Accounts(cred_provider.CredentialProvider): if self.isolated_creds.get('alt'): return self.isolated_creds.get('alt') creds = self._get_creds() - alt_credential = auth.get_credentials(**creds) + alt_credential = cred_provider.get_credentials(**creds) self.isolated_creds['alt'] = alt_credential return alt_credential @@ -189,7 +188,7 @@ class NotLockingAccounts(Accounts): return self.isolated_creds.get('primary') if not self.use_default_creds: creds = self.get_creds(0) - primary_credential = auth.get_credentials(**creds) + primary_credential = cred_provider.get_credentials(**creds) else: primary_credential = cred_provider.get_configured_credentials( 'user') @@ -201,7 +200,7 @@ class NotLockingAccounts(Accounts): return self.isolated_creds.get('alt') if not self.use_default_creds: creds = self.get_creds(1) - alt_credential = auth.get_credentials(**creds) + alt_credential = cred_provider.get_credentials(**creds) else: alt_credential = cred_provider.get_configured_credentials( 'alt_user') diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py index 07fd03f0be..b9ca3aa6c2 100644 --- a/tempest/common/cred_provider.py +++ b/tempest/common/cred_provider.py @@ -56,7 +56,7 @@ def get_configured_credentials(credential_type, fill_in=True, params[attr] = getattr(_section, prefix + "_" + attr) # Build and validate credentials. We are reading configured credentials, # so validate them even if fill_in is False - credentials = auth.get_credentials(fill_in=fill_in, **params) + credentials = get_credentials(fill_in=fill_in, **params) if not fill_in: if not credentials.is_valid(): msg = ("The %s credentials are incorrectly set in the config file." @@ -66,6 +66,15 @@ def get_configured_credentials(credential_type, fill_in=True, return credentials +# Wrapper around auth.get_credentials to use the configured identity version +# is none is specified +def get_credentials(fill_in=True, identity_version=None, **kwargs): + identity_version = identity_version or CONF.identity.auth_version + return auth.get_credentials(fill_in=fill_in, + identity_version=identity_version, + **kwargs) + + @six.add_metaclass(abc.ABCMeta) class CredentialProvider(object): def __init__(self, name, interface='json', password='pass', diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py index a663931b23..7d89cc574e 100644 --- a/tempest/common/isolated_creds.py +++ b/tempest/common/isolated_creds.py @@ -14,7 +14,6 @@ import netaddr -from tempest import auth from tempest import clients from tempest.common import cred_provider from tempest.common.utils import data_utils @@ -129,7 +128,7 @@ class IsolatedCreds(cred_provider.CredentialProvider): return self._get_credentials(user, tenant) def _get_credentials(self, user, tenant): - return auth.get_credentials( + return cred_provider.get_credentials( username=user['name'], user_id=user['id'], tenant_name=tenant['name'], tenant_id=tenant['id'], password=self.password) diff --git a/tempest/exceptions.py b/tempest/exceptions.py index 7ddeeff9ba..6f579558fa 100644 --- a/tempest/exceptions.py +++ b/tempest/exceptions.py @@ -63,6 +63,10 @@ class InvalidServiceTag(TempestException): message = "Invalid service tag" +class InvalidIdentityVersion(TempestException): + message = "Invalid version %(identity_version) of the identity service" + + class TimeoutException(TempestException): message = "Request timed out" diff --git a/tempest/stress/driver.py b/tempest/stress/driver.py index 49fac3d374..1c27815159 100644 --- a/tempest/stress/driver.py +++ b/tempest/stress/driver.py @@ -19,8 +19,8 @@ import time from six import moves -from tempest import auth from tempest import clients +from tempest.common import cred_provider from tempest.common import ssh from tempest.common.utils import data_utils from tempest import config @@ -148,9 +148,9 @@ def stress_openstack(tests, duration, max_runs=None, stop_on_error=False): password, tenant['id'], "email") - creds = auth.get_credentials(username=username, - password=password, - tenant_name=tenant_name) + creds = cred_provider.get_credentials(username=username, + password=password, + tenant_name=tenant_name) manager = clients.Manager(credentials=creds) test_obj = importutils.import_class(test['action']) diff --git a/tempest/tests/test_auth.py b/tempest/tests/test_auth.py index 785880d05d..0317ad6400 100644 --- a/tempest/tests/test_auth.py +++ b/tempest/tests/test_auth.py @@ -30,7 +30,7 @@ from tempest.tests import fake_http from tempest.tests import fake_identity -def fake_get_credentials(fill_in=True, **kwargs): +def fake_get_credentials(fill_in=True, identity_version='v2', **kwargs): return fake_credentials.FakeCredentials() @@ -81,11 +81,6 @@ class TestBaseAuthProvider(BaseAuthTestsSetUp): def test_check_credentials_bad_type(self): self.assertFalse(self.auth_provider.check_credentials([])) - def test_instantiate_with_dict(self): - # Dict credentials are only supported for backward compatibility - auth_provider = self._auth(credentials={}) - self.assertIsInstance(auth_provider.credentials, auth.Credentials) - def test_auth_data_property_when_cache_exists(self): self.auth_provider.cache = 'foo' self.useFixture(mockpatch.PatchObject(self.auth_provider, diff --git a/tempest/tests/test_credentials.py b/tempest/tests/test_credentials.py index 3d0e1716f3..7621f6eb0d 100644 --- a/tempest/tests/test_credentials.py +++ b/tempest/tests/test_credentials.py @@ -15,8 +15,6 @@ import copy -from oslo.config import cfg - from tempest import auth from tempest.common import tempest_fixtures as fixtures from tempest import config @@ -78,6 +76,7 @@ class KeystoneV2CredentialsTests(CredentialsTests): identity_response = fake_identity._fake_v2_response credentials_class = auth.KeystoneV2Credentials tokenclient_class = v2_client.TokenClientJSON + identity_version = 'v2' def setUp(self): super(KeystoneV2CredentialsTests, self).setUp() @@ -85,7 +84,9 @@ class KeystoneV2CredentialsTests(CredentialsTests): self.identity_response) def _verify_credentials(self, credentials_class, creds_dict, filled=True): - creds = auth.get_credentials(fill_in=filled, **creds_dict) + creds = auth.get_credentials(fill_in=filled, + identity_version=self.identity_version, + **creds_dict) self._check(creds, credentials_class, filled) def test_get_credentials(self): @@ -156,15 +157,7 @@ class KeystoneV3CredentialsTests(KeystoneV2CredentialsTests): credentials_class = auth.KeystoneV3Credentials identity_response = fake_identity._fake_v3_response tokenclient_class = v3_client.V3TokenClientJSON - - def setUp(self): - super(KeystoneV3CredentialsTests, self).setUp() - # Additional config items reset by cfg fixture after each test - cfg.CONF.set_default('auth_version', 'v3', group='identity') - # Identity group items - for prefix in ['', 'alt_', 'admin_']: - cfg.CONF.set_default(prefix + 'domain_name', 'fake_domain_name', - group='identity') + identity_version = 'v3' def test_is_not_valid(self): # NOTE(mtreinish) For a Keystone V3 credential object a project name