Deprecate credential config options
This commit deprecates the original configuration options for providing credentials. This mechanism of providing tempest with credentials to run with has a lot of drawbacks and has been superseded by using an accounts.yaml file. It has been planned for deprecation once we had a periodic/experimental CI job setup to run with test accounts enabled. Now that this has been done we can start the deprecation cycle for the old options. Change-Id: Ia5132c5cb32355d6f26b8acdd92a0e55a2c19f41
This commit is contained in:
parent
36c2e28495
commit
16cf1e558c
doc/source
tempest
@ -75,8 +75,9 @@ tenant/project names for a primary user, an admin user, and an alternate user.
|
||||
To enable and use tenant isolation you only need to configure 2 things:
|
||||
|
||||
#. A set of admin credentials with permissions to create users and
|
||||
tenants/projects. This is specified in the identity section with the
|
||||
admin_username, admin_tenant_name, and admin_password options
|
||||
tenants/projects. This is specified in the auth section with the
|
||||
admin_username, admin_tenant_name, admin_domain_name, and admin_password
|
||||
options
|
||||
#. To enable tenant_isolation in the auth section with the
|
||||
allow_tenant_isolation option.
|
||||
|
||||
@ -125,6 +126,9 @@ unexpected failures in some tests.
|
||||
|
||||
Non-locking test accounts (aka credentials config options)
|
||||
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
||||
**Starting in the Liberty release this mechanism was deprecated and will be
|
||||
removed in a future release**
|
||||
|
||||
When Tempest was refactored to allow for locking test accounts, the original
|
||||
non-tenant isolated case was converted to internally work similarly to the
|
||||
accounts.yaml file. This mechanism was then called the non-locking test accounts
|
||||
|
@ -26,7 +26,7 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
# Type of credentials available from configuration
|
||||
CREDENTIAL_TYPES = {
|
||||
'identity_admin': ('identity', 'admin'),
|
||||
'identity_admin': ('auth', 'admin'),
|
||||
'user': ('identity', None),
|
||||
'alt_user': ('identity', 'alt')
|
||||
}
|
||||
|
@ -82,6 +82,26 @@ AuthGroup = [
|
||||
"creates. However in some neutron configurations, like "
|
||||
"with VLAN provider networks, this doesn't work. So if "
|
||||
"set to False the isolated networks will not be created"),
|
||||
cfg.StrOpt('admin_username',
|
||||
help="Username for an administrative user. This is needed for "
|
||||
"authenticating requests made by tenant isolation to "
|
||||
"create users and projects",
|
||||
deprecated_group='identity'),
|
||||
cfg.StrOpt('admin_tenant_name',
|
||||
help="Tenant name to use for an administrative user. This is "
|
||||
"needed for authenticating requests made by tenant "
|
||||
"isolation to create users and projects",
|
||||
deprecated_group='identity'),
|
||||
cfg.StrOpt('admin_password',
|
||||
help="Password to use for an administrative user. This is "
|
||||
"needed for authenticating requests made by tenant "
|
||||
"isolation to create users and projects",
|
||||
secret=True,
|
||||
deprecated_group='identity'),
|
||||
cfg.StrOpt('admin_domain_name',
|
||||
help="Admin domain name for authentication (Keystone V3)."
|
||||
"The same domain applies to user and project",
|
||||
deprecated_group='identity'),
|
||||
]
|
||||
|
||||
identity_group = cfg.OptGroup(name='identity',
|
||||
@ -137,42 +157,38 @@ IdentityGroup = [
|
||||
deprecated_opts=[cfg.DeprecatedOpt('endpoint_type',
|
||||
group='identity')]),
|
||||
cfg.StrOpt('username',
|
||||
help="Username to use for Nova API requests."),
|
||||
help="Username to use for Nova API requests.",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('tenant_name',
|
||||
help="Tenant name to use for Nova API requests."),
|
||||
help="Tenant name to use for Nova API requests.",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('admin_role',
|
||||
default='admin',
|
||||
help="Role required to administrate keystone."),
|
||||
cfg.StrOpt('password',
|
||||
help="API key to use when authenticating.",
|
||||
secret=True),
|
||||
secret=True,
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('domain_name',
|
||||
help="Domain name for authentication (Keystone V3)."
|
||||
"The same domain applies to user and project"),
|
||||
"The same domain applies to user and project",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('alt_username',
|
||||
help="Username of alternate user to use for Nova API "
|
||||
"requests."),
|
||||
"requests.",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('alt_tenant_name',
|
||||
help="Alternate user's Tenant name to use for Nova API "
|
||||
"requests."),
|
||||
"requests.",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('alt_password',
|
||||
help="API key to use when authenticating as alternate user.",
|
||||
secret=True),
|
||||
secret=True,
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('alt_domain_name',
|
||||
help="Alternate domain name for authentication (Keystone V3)."
|
||||
"The same domain applies to user and project"),
|
||||
cfg.StrOpt('admin_username',
|
||||
help="Administrative Username to use for "
|
||||
"Keystone API requests."),
|
||||
cfg.StrOpt('admin_tenant_name',
|
||||
help="Administrative Tenant name to use for Keystone API "
|
||||
"requests."),
|
||||
cfg.StrOpt('admin_password',
|
||||
help="API key to use when authenticating as admin.",
|
||||
secret=True),
|
||||
cfg.StrOpt('admin_domain_name',
|
||||
help="Admin domain name for authentication (Keystone V3)."
|
||||
"The same domain applies to user and project"),
|
||||
"The same domain applies to user and project",
|
||||
deprecated_for_removal=True),
|
||||
cfg.StrOpt('default_domain_id',
|
||||
default='default',
|
||||
help="ID of the default domain"),
|
||||
|
@ -64,9 +64,9 @@ class TestAdminAvailable(base.TestCase):
|
||||
else:
|
||||
(u, t, p) = (None, None, None)
|
||||
|
||||
cfg.CONF.set_default('admin_username', u, group='identity')
|
||||
cfg.CONF.set_default('admin_tenant_name', t, group='identity')
|
||||
cfg.CONF.set_default('admin_password', p, group='identity')
|
||||
cfg.CONF.set_default('admin_username', u, group='auth')
|
||||
cfg.CONF.set_default('admin_tenant_name', t, group='auth')
|
||||
cfg.CONF.set_default('admin_password', p, group='auth')
|
||||
|
||||
expected = admin_creds is not None or tenant_isolation
|
||||
observed = credentials.is_admin_available()
|
||||
|
@ -123,5 +123,9 @@ class ConfiguredV3CredentialsTests(ConfiguredV2CredentialsTests):
|
||||
cfg.CONF.set_default('auth_version', 'v3', group='identity')
|
||||
# Identity group items
|
||||
for prefix in ['', 'alt_', 'admin_']:
|
||||
if prefix == 'admin_':
|
||||
group = 'auth'
|
||||
else:
|
||||
group = 'identity'
|
||||
cfg.CONF.set_default(prefix + 'domain_name', 'fake_domain_name',
|
||||
group='identity')
|
||||
group=group)
|
||||
|
@ -48,9 +48,13 @@ class ConfigFixture(conf_fixture.Config):
|
||||
for config_option in ['username', 'password', 'tenant_name']:
|
||||
# Identity group items
|
||||
for prefix in ['', 'alt_', 'admin_']:
|
||||
if prefix == 'admin_':
|
||||
group = 'auth'
|
||||
else:
|
||||
group = 'identity'
|
||||
self.conf.set_default(prefix + config_option,
|
||||
'fake_' + config_option,
|
||||
group='identity')
|
||||
group=group)
|
||||
|
||||
|
||||
class FakePrivate(config.TempestConfigPrivate):
|
||||
|
Loading…
x
Reference in New Issue
Block a user