openstack/tempest
Code Issues Proposed changes

Rename isolated creds to dynamic creds

Browse Source 
Renaming the isolated_creds module to dynamic_creds module, and rename
the IsolatedCreds class to DynamicCredentialProvider in preparation
to migration to tempest-lib.

Partially implements bp tempest-library

Change-Id: I78a4884e980ef7d0103639cb3792a54c69fb7761
This commit is contained in:
Andrea Frittoli (andreaf) 2015-05-22 10:16:57 -07:00
parent fab1370144
commit 17209bb083
13 changed files with 181 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
HACKING.rst
View File

@ -136,7 +136,7 @@ by test classes. Set-up stages are:
Tear-down is also split in a series of steps (teardown stages), which are
stacked for execution only if the corresponding setup stage had been
reached during the setup phase. Tear-down stages are:
- `clear_isolated_creds` (defined in the base test class)
- `clear_credentials` (defined in the base test class)
- `resource_cleanup`
Skipping Tests
@ -206,9 +206,10 @@ Parallel Test Execution
-----------------------
Tempest by default runs its tests in parallel this creates the possibility for
interesting interactions between tests which can cause unexpected failures.
Tenant isolation provides protection from most of the potential race conditions
between tests outside the same class. But there are still a few of things to
watch out for to try to avoid issues when running your tests in parallel.
Dynamic credentials provides protection from most of the potential race
conditions between tests outside the same class. But there are still a few of
things to watch out for to try to avoid issues when running your tests in
parallel.
- Resources outside of a tenant scope still have the potential to conflict. This
is a larger concern for the admin tests since most resources and actions that

54
doc/source/configuration.rst
View File

@ -63,39 +63,41 @@ Credential Provider Mechanisms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Tempest currently also has 3 different internal methods for providing
authentication to tests. Tenant isolation, locking test accounts, and
authentication to tests. Dynamic credentials, locking test accounts, and
non-locking test accounts. Depending on which one is in use the configuration
of tempest is slightly different.
Tenant Isolation
""""""""""""""""
Tenant isolation was originally create to enable running tempest in parallel.
Dynamic Credentials
"""""""""""""""""""
Dynamic Credentials (formerly known as Tenant isolation) was originally created
to enable running tempest in parallel.
For each test class it creates a unique set of user credentials to use for the
tests in the class. It can create up to 3 sets of username, password, and
tenant/project names for a primary user, an admin user, and an alternate user.
To enable and use tenant isolation you only need to configure 2 things:
To enable and use dynamic credentials you only need to configure 2 things:
#. A set of admin credentials with permissions to create users and
tenants/projects. This is specified in the auth section with the
admin_username, admin_tenant_name, admin_domain_name, and admin_password
admin_username, admin_tenant_name, admin_domain_name and admin_password
options
#. To enable tenant_isolation in the auth section with the
allow_tenant_isolation option.
#. To enable dynamic_creds in the auth section with the
use_dynamic_credentials option.
This is also the currently the default credential provider enabled by tempest,
due to it's common use and ease of configuration.
It is worth pointing out that depending on your cloud configuration you might
need to assign a role to each of the users created Tempest's tenant isolation.
need to assign a role to each of the users created by Tempest's dynamic
credentials.
This can be set using the *tempest_roles* option. It takes in a list of role
names each of which will be assigned to each of the users created by tenant
isolation. This option will not have any effect when set and tempest is not
configured to use tenant isolation.
names each of which will be assigned to each of the users created by dynamic
credentials. This option will not have any effect when set and tempest is not
configured to use dynamic credentials.
Locking Test Accounts (aka accounts.yaml or accounts file)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
For a long time using tenant isolation was the only method available if you
For a long time using dynamic credentials was the only method available if you
wanted to enable parallel execution of tempest tests. However this was
insufficient for certain use cases because of the admin credentials requirement
to create the credential sets on demand. To get around that the accounts.yaml
@ -103,7 +105,7 @@ file was introduced and with that a new internal credential provider to enable
using the list of credentials instead of creating them on demand. With locking
test accounts each test class will reserve a set of credentials from the
accounts.yaml before executing any of its tests so that each class is isolated
like in tenant isolation.
like with dynamic credentials.
To enable and use locking test accounts you need do a few things:
@ -117,7 +119,7 @@ To enable and use locking test accounts you need do a few things:
#. Provide tempest with the location of your accounts.yaml file with the
test_accounts_file option in the auth section
#. Set allow_tenant_isolation = False in the auth group
#. Set use_dynamic_credentials = False in the auth group
It is worth pointing out that each set of credentials in the accounts.yaml
should have a unique tenant. This is required to provide proper isolation
@ -149,7 +151,7 @@ options in the identity section:
And in the auth section:
#. allow_tenant_isolation = False
#. use_dynamic_credentials = False
#. comment out 'test_accounts_file' or keep it as empty
It only makes sense to use it if parallel execution isn't needed, since tempest
@ -295,28 +297,28 @@ fixed network name is provided it will serve as a fallback in case of a
misconfiguration or a missing network in the accounts file.
With Tenant Isolation
"""""""""""""""""""""
With tenant isolation enabled and using nova-network then nothing changes. Your
only option for configuration is to either set a fixed network name or not.
With Dynamic Credentials
""""""""""""""""""""""""
With dynamic credentials enabled and using nova-network then nothing changes.
Your only option for configuration is to either set a fixed network name or not.
However, in most cases it shouldn't matter because nova-network should have no
problem booting a server with multiple networks. If this is not the case for
your cloud then using an accounts file is recommended because it provides the
necessary flexibility to describe your configuration. Tenant isolation is not
necessary flexibility to describe your configuration. Dynamic credentials is not
able to dynamically allocate things as necessary if neutron is not enabled.
With neutron and tenant isolation enabled there should not be any additional
With neutron and dynamic credentials enabled there should not be any additional
configuration necessary to enable Tempest to create servers with working
networking, assuming you have properly configured the network section to work
for your cloud. Tempest will dynamically create the neutron resources necessary
to enable using servers with that network. Also, just as with the accounts
file, if you specify a fixed network name while using neutron and tenant
isolation it will enable running tests which require a static network and it
file, if you specify a fixed network name while using neutron and dynamic
credentials it will enable running tests which require a static network and it
will additionally be used as a fallback for server creation. However, unlike
accounts.yaml this should never be triggered.
However, there is an option *create_isolated_networks* to disable tenant
isolation's automatic provisioning of network resources. If this option is
However, there is an option *create_isolated_networks* to disable dynamic
credentials's automatic provisioning of network resources. If this option is
used you will have to either rely on there only being a single/default network
available for the server creation, or use *fixed_network_name* to inform
Tempest which network to use.

2
tempest/api/volume/admin/test_volume_quotas_negative.py
View File

@ -35,7 +35,7 @@ class BaseVolumeQuotasNegativeV2TestJSON(base.BaseVolumeAdminTest):
'volumes': 1, 'snapshots': 1}
# NOTE(gfidente): no need to restore original quota set
# after the tests as they only work with tenant isolation.
# after the tests as they only work with dynamic credentials.
cls.quotas_client.update_quota_set(
cls.demo_tenant_id,
**cls.shared_quota_set)

4
tempest/cmd/verify_tempest_config.py
View File

@ -348,7 +348,7 @@ def main():
CONF_PARSER = moves.configparser.SafeConfigParser()
CONF_PARSER.optionxform = str
CONF_PARSER.readfp(conf_file)
icreds = credentials.get_isolated_credentials('verify_tempest_config')
icreds = credentials.get_credentials_provider('verify_tempest_config')
try:
os = clients.Manager(icreds.get_primary_creds())
services = check_service_availability(os, update)
@ -370,7 +370,7 @@ def main():
CONF_PARSER.write(outfile)
outfile.close()
finally:
icreds.clear_isolated_creds()
icreds.clear_creds()
if __name__ == "__main__":

54
tempest/common/accounts.py
View File

@ -51,7 +51,7 @@ class Accounts(cred_provider.CredentialProvider):
self.hash_dict = self.get_hash_dict(accounts)
self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF),
'test_accounts')
self.isolated_creds = {}
self._creds = {}
@classmethod
def _append_role(cls, role, account_hash, hash_dict):
@ -230,38 +230,38 @@ class Accounts(cred_provider.CredentialProvider):
LOG.info("%s returned allocated creds:\n%s" % (self.name, clean_creds))
def get_primary_creds(self):
if self.isolated_creds.get('primary'):
return self.isolated_creds.get('primary')
if self._creds.get('primary'):
return self._creds.get('primary')
net_creds = self._get_creds()
self.isolated_creds['primary'] = net_creds
self._creds['primary'] = net_creds
return net_creds
def get_alt_creds(self):
if self.isolated_creds.get('alt'):
return self.isolated_creds.get('alt')
if self._creds.get('alt'):
return self._creds.get('alt')
net_creds = self._get_creds()
self.isolated_creds['alt'] = net_creds
self._creds['alt'] = net_creds
return net_creds
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
exist_creds = self.isolated_creds.get(six.text_type(roles).encode(
exist_creds = self._creds.get(six.text_type(roles).encode(
'utf-8'), None)
# The force kwarg is used to allocate an additional set of creds with
# the same role list. The index used for the previously allocation
# in the isolated_creds dict will be moved.
# in the preprov_creds dict will be moved.
if exist_creds and not force_new:
return exist_creds
elif exist_creds and force_new:
new_index = six.text_type(roles).encode('utf-8') + '-' + \
six.text_type(len(self.isolated_creds)).encode('utf-8')
self.isolated_creds[new_index] = exist_creds
six.text_type(len(self._creds)).encode('utf-8')
self._creds[new_index] = exist_creds
net_creds = self._get_creds(roles=roles)
self.isolated_creds[six.text_type(roles).encode('utf-8')] = net_creds
self._creds[six.text_type(roles).encode('utf-8')] = net_creds
return net_creds
def clear_isolated_creds(self):
for creds in self.isolated_creds.values():
def clear_creds(self):
for creds in self._creds.values():
self.remove_credentials(creds)
def get_admin_creds(self):
@ -320,36 +320,36 @@ class NotLockingAccounts(Accounts):
return self._unique_creds('tenant_id')
def get_primary_creds(self):
if self.isolated_creds.get('primary'):
return self.isolated_creds.get('primary')
if self._creds.get('primary'):
return self._creds.get('primary')
primary_credential = cred_provider.get_configured_credentials(
credential_type='user', identity_version=self.identity_version)
self.isolated_creds['primary'] = cred_provider.TestResources(
self._creds['primary'] = cred_provider.TestResources(
primary_credential)
return self.isolated_creds['primary']
return self._creds['primary']
def get_alt_creds(self):
if self.isolated_creds.get('alt'):
return self.isolated_creds.get('alt')
if self._creds.get('alt'):
return self._creds.get('alt')
alt_credential = cred_provider.get_configured_credentials(
credential_type='alt_user',
identity_version=self.identity_version)
self.isolated_creds['alt'] = cred_provider.TestResources(
self._creds['alt'] = cred_provider.TestResources(
alt_credential)
return self.isolated_creds['alt']
return self._creds['alt']
def clear_isolated_creds(self):
self.isolated_creds = {}
def clear_creds(self):
self._creds = {}
def get_admin_creds(self):
creds = cred_provider.get_configured_credentials(
"identity_admin", fill_in=False)
self.isolated_creds['admin'] = cred_provider.TestResources(creds)
return self.isolated_creds['admin']
self._creds['admin'] = cred_provider.TestResources(creds)
return self._creds['admin']
def get_creds_by_roles(self, roles, force_new=False):
msg = "Credentials being specified through the config file can not be"\
" used with tests that specify using credentials by roles. "\
"Either exclude/skip the tests doing this or use either an "\
"test_accounts_file or tenant isolation."
"test_accounts_file or dynamic credentials."
raise exceptions.InvalidConfiguration(msg)

2
tempest/common/cred_provider.py
View File

@ -128,7 +128,7 @@ class CredentialProvider(object):
return
@abc.abstractmethod
def clear_isolated_creds(self):
def clear_creds(self):
return
@abc.abstractmethod

18
tempest/common/credentials.py
View File

@ -15,7 +15,7 @@ import os
from tempest.common import accounts
from tempest.common import cred_provider
from tempest.common import isolated_creds
from tempest.common import dynamic_creds
from tempest import config
from tempest import exceptions
@ -25,15 +25,15 @@ CONF = config.CONF
# Return the right implementation of CredentialProvider based on config
# Dropping interface and password, as they are never used anyways
# TODO(andreaf) Drop them from the CredentialsProvider interface completely
def get_isolated_credentials(name, network_resources=None,
def get_credentials_provider(name, network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# tenant isolation. A new account will be produced only for that test.
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
if CONF.auth.allow_tenant_isolation or force_tenant_isolation:
return isolated_creds.IsolatedCreds(
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version)
@ -53,8 +53,8 @@ def get_isolated_credentials(name, network_resources=None,
# creds area vailable.
def is_admin_available():
is_admin = True
# If tenant isolation is enabled admin will be available
if CONF.auth.allow_tenant_isolation:
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return is_admin
# Check whether test accounts file has the admin specified or not
elif (CONF.auth.test_accounts_file and
@ -75,8 +75,8 @@ def is_admin_available():
# are available so we can do a single call from skip_checks if alt
# creds area vailable.
def is_alt_available():
# If tenant isolation is enabled admin will be available
if CONF.auth.allow_tenant_isolation:
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return True
# Check whether test accounts file has the admin specified or not
if (CONF.auth.test_accounts_file and

40
tempest/common/isolated_creds.py → tempest/common/dynamic_creds.py
View File

@ -28,21 +28,21 @@ CONF = config.CONF
LOG = logging.getLogger(__name__)
class IsolatedCreds(cred_provider.CredentialProvider):
class DynamicCredentialProvider(cred_provider.CredentialProvider):
def __init__(self, identity_version=None, name=None,
network_resources=None):
super(IsolatedCreds, self).__init__(identity_version, name,
network_resources)
super(DynamicCredentialProvider, self).__init__(
identity_version, name, network_resources)
self.network_resources = network_resources
self.isolated_creds = {}
self._creds = {}
self.ports = []
self.default_admin_creds = cred_provider.get_configured_credentials(
'identity_admin', fill_in=True,
identity_version=self.identity_version)
(self.identity_admin_client, self.network_admin_client,
self.networks_admin_client) = self._get_admin_clients()
# Domain where isolated credentials are provisioned (v3 only).
# Domain where dynamic credentials are provisioned (v3 only).
# Use that of the admin account is None is configured.
self.creds_domain_name = None
if self.identity_version == 'v3':
@ -205,17 +205,17 @@ class IsolatedCreds(cred_provider.CredentialProvider):
router_id, subnet_id)
def get_credentials(self, credential_type):
if self.isolated_creds.get(str(credential_type)):
credentials = self.isolated_creds[str(credential_type)]
if self._creds.get(str(credential_type)):
credentials = self._creds[str(credential_type)]
else:
if credential_type in ['primary', 'alt', 'admin']:
is_admin = (credential_type == 'admin')
credentials = self._create_creds(admin=is_admin)
else:
credentials = self._create_creds(roles=credential_type)
self.isolated_creds[str(credential_type)] = credentials
self._creds[str(credential_type)] = credentials
# Maintained until tests are ported
LOG.info("Acquired isolated creds:\n credentials: %s"
LOG.info("Acquired dynamic creds:\n credentials: %s"
% credentials)
if (CONF.service_available.neutron and
not CONF.baremetal.driver_enabled and
@ -240,15 +240,15 @@ class IsolatedCreds(cred_provider.CredentialProvider):
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
# The roles list as a str will become the index as the dict key for
# the created credentials set in the isolated_creds dict.
exist_creds = self.isolated_creds.get(str(roles))
# the created credentials set in the dynamic_creds dict.
exist_creds = self._creds.get(str(roles))
# If force_new flag is True 2 cred sets with the same roles are needed
# handle this by creating a separate index for old one to store it
# separately for cleanup
if exist_creds and force_new:
new_index = str(roles) + '-' + str(len(self.isolated_creds))
self.isolated_creds[new_index] = exist_creds
del self.isolated_creds[str(roles)]
new_index = str(roles) + '-' + str(len(self._creds))
self._creds[new_index] = exist_creds
del self._creds[str(roles)]
return self.get_credentials(roles)
def _clear_isolated_router(self, router_id, router_name):
@ -289,8 +289,8 @@ class IsolatedCreds(cred_provider.CredentialProvider):
def _clear_isolated_net_resources(self):
net_client = self.network_admin_client
for cred in self.isolated_creds:
creds = self.isolated_creds.get(cred)
for cred in self._creds:
creds = self._creds.get(cred)
if (not creds or not any([creds.router, creds.network,
creds.subnet])):
continue
@ -317,11 +317,11 @@ class IsolatedCreds(cred_provider.CredentialProvider):
self._clear_isolated_network(creds.network['id'],
creds.network['name'])
def clear_isolated_creds(self):
if not self.isolated_creds:
def clear_creds(self):
if not self._creds:
return
self._clear_isolated_net_resources()
for creds in six.itervalues(self.isolated_creds):
for creds in six.itervalues(self._creds):
try:
self.creds_client.delete_user(creds.user_id)
except lib_exc.NotFound:
@ -334,7 +334,7 @@ class IsolatedCreds(cred_provider.CredentialProvider):
except lib_exc.NotFound:
LOG.warn("tenant with name: %s not found for delete" %
creds.tenant_name)
self.isolated_creds = {}
self._creds = {}
def is_multi_user(self):
return True

10
tempest/config.py
View File

@ -53,7 +53,7 @@ AuthGroup = [
"at least `2 * CONC` distinct accounts configured in "
" the `test_accounts_file`, with CONC == the "
"number of concurrent test processes."),
cfg.BoolOpt('allow_tenant_isolation',
cfg.BoolOpt('use_dynamic_credentials',
default=True,
help="Allows test cases to create/destroy tenants and "
"users. This option requires that OpenStack Identity "
@ -61,6 +61,8 @@ AuthGroup = [
"test cases and parallel execution, can still be "
"achieved configuring a list of test accounts",
deprecated_opts=[cfg.DeprecatedOpt('allow_tenant_isolation',
group='auth'),
cfg.DeprecatedOpt('allow_tenant_isolation',
group='compute'),
cfg.DeprecatedOpt('allow_tenant_isolation',
group='orchestration')]),
@ -76,9 +78,9 @@ AuthGroup = [
group='auth')]),
cfg.BoolOpt('create_isolated_networks',
default=True,
help="If allow_tenant_isolation is set to True and Neutron is "
"enabled Tempest will try to create a usable network, "
"subnet, and router when needed for each tenant it "
help="If use_dynamic_credentials is set to True and Neutron "
"is enabled Tempest will try to create a usable network, "
"subnet, and router when needed for each tenant it "
"creates. However in some neutron configurations, like "
"with VLAN provider networks, this doesn't work. So if "
"set to False the isolated networks will not be created"),

6
tempest/scenario/utils.py
View File

@ -104,11 +104,11 @@ class InputScenarioUtils(object):
'subnet': False,
'dhcp': False,
}
self.isolated_creds = credentials.get_isolated_credentials(
self.cred_provider = credentials.get_credentials_provider(
name='InputScenarioUtils',
identity_version=CONF.identity.auth_version,
network_resources=network_resources)
os = clients.Manager(self.isolated_creds.get_primary_creds())
os = clients.Manager(self.cred_provider.get_primary_creds())
self.images_client = os.images_client
self.flavors_client = os.flavors_client
self.image_pattern = CONF.input_scenario.image_regex
@ -120,7 +120,7 @@ class InputScenarioUtils(object):
return nname
def clear_creds(self):
self.isolated_creds.clear_isolated_creds()
self.cred_provider.clear_creds()
@property
def scenario_images(self):

14
tempest/test.py
View File

@ -224,7 +224,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
Tear-down is also split in a series of steps (teardown stages), which are
stacked for execution only if the corresponding setup stage had been
reached during the setup phase. Tear-down stages are:
- clear_isolated_creds (defined in the base test class)
- clear_credentials (defined in the base test class)
- resource_cleanup
"""
@ -258,7 +258,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
cls.skip_checks()
try:
# Allocation of all required credentials and client managers
cls.teardowns.append(('credentials', cls.clear_isolated_creds))
cls.teardowns.append(('credentials', cls.clear_credentials))
cls.setup_credentials()
# Shortcuts to clients
cls.setup_clients()
@ -467,7 +467,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
identity_version = getattr(cls, 'identity_version', None)
identity_version = identity_version or CONF.identity.auth_version
cls._creds_provider = credentials.get_isolated_credentials(
cls._creds_provider = credentials.get_credentials_provider(
name=cls.__name__, network_resources=cls.network_resources,
force_tenant_isolation=force_tenant_isolation,
identity_version=identity_version)
@ -515,12 +515,12 @@ class BaseTestCase(testtools.testcase.WithAttributes,
return clients.Manager(credentials=creds, service=cls._service)
@classmethod
def clear_isolated_creds(cls):
def clear_credentials(cls):
"""
Clears isolated creds if set
Clears creds if set
"""
if hasattr(cls, '_creds_provider'):
cls._creds_provider.clear_isolated_creds()
cls._creds_provider.clear_creds()
@classmethod
def set_validation_resources(cls, keypair=None, floating_ip=None,
@ -589,7 +589,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
:return: network dict including 'id' and 'name'
"""
# Make sure isolated_creds exists and get a network client
# Make sure cred_provider exists and get a network client
networks_client = cls.get_client_manager().compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the

2
tempest/tests/common/test_admin_available.py
View File

@ -30,7 +30,7 @@ class TestAdminAvailable(base.TestCase):
def run_test(self, tenant_isolation, use_accounts_file, admin_creds):
cfg.CONF.set_default('allow_tenant_isolation',
cfg.CONF.set_default('use_dynamic_credentials',
tenant_isolation, group='auth')
if use_accounts_file:
accounts = [{'username': 'u1',

143
tempest/tests/test_tenant_isolation.py → tempest/tests/test_dynamic_creds.py
View File

@ -17,7 +17,7 @@ from oslo_config import cfg
from oslotest import mockpatch
from tempest_lib.services.identity.v2 import token_client as json_token_client
from tempest.common import isolated_creds
from tempest.common import dynamic_creds
from tempest.common import service_client
from tempest import config
from tempest import exceptions
@ -30,10 +30,10 @@ from tempest.tests import fake_http
from tempest.tests import fake_identity
class TestTenantIsolation(base.TestCase):
class TestDynamicCredentialProvider(base.TestCase):
def setUp(self):
super(TestTenantIsolation, self).setUp()
super(TestDynamicCredentialProvider, self).setUp()
self.useFixture(fake_config.ConfigFixture())
self.stubs.Set(config, 'TempestConfigPrivate', fake_config.FakePrivate)
self.fake_http = fake_http.fake_httplib2(return_type=200)
@ -44,10 +44,10 @@ class TestTenantIsolation(base.TestCase):
self._mock_list_ec2_credentials('fake_user_id', 'fake_tenant_id')
def test_tempest_client(self):
iso_creds = isolated_creds.IsolatedCreds(name='test class')
self.assertTrue(isinstance(iso_creds.identity_admin_client,
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self.assertTrue(isinstance(creds.identity_admin_client,
json_iden_client.IdentityClient))
self.assertTrue(isinstance(iso_creds.network_admin_client,
self.assertTrue(isinstance(creds.network_admin_client,
json_network_client.NetworkClient))
def _mock_user_create(self, id, name):
@ -142,12 +142,12 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_primary_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
primary_creds = iso_creds.get_primary_creds()
primary_creds = creds.get_primary_creds()
self.assertEqual(primary_creds.username, 'fake_prim_user')
self.assertEqual(primary_creds.tenant_name, 'fake_prim_tenant')
# Verify IDs
@ -157,7 +157,7 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_admin_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_list_roles('1234', 'admin')
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
@ -168,7 +168,7 @@ class TestTenantIsolation(base.TestCase):
self.addCleanup(user_mock.stop)
with mock.patch.object(json_iden_client.IdentityClient,
'assign_user_role') as user_mock:
admin_creds = iso_creds.get_admin_creds()
admin_creds = creds.get_admin_creds()
user_mock.assert_has_calls([
mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
@ -180,7 +180,7 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_role_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('v2', 'test class')
creds = dynamic_creds.DynamicCredentialProvider('v2', 'test class')
self._mock_list_2_roles()
self._mock_user_create('1234', 'fake_role_user')
self._mock_tenant_create('1234', 'fake_role_tenant')
@ -191,7 +191,8 @@ class TestTenantIsolation(base.TestCase):
self.addCleanup(user_mock.stop)
with mock.patch.object(json_iden_client.IdentityClient,
'assign_user_role') as user_mock:
role_creds = iso_creds.get_creds_by_roles(roles=['role1', 'role2'])
role_creds = creds.get_creds_by_roles(
roles=['role1', 'role2'])
calls = user_mock.mock_calls
# Assert that the role creation is called with the 2 specified roles
self.assertEqual(len(calls), 2)
@ -208,26 +209,26 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_all_cred_cleanup(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
iso_creds.get_primary_creds()
creds.get_primary_creds()
self._mock_tenant_create('12345', 'fake_alt_tenant')
self._mock_user_create('12345', 'fake_alt_user')
iso_creds.get_alt_creds()
creds.get_alt_creds()
self._mock_tenant_create('123456', 'fake_admin_tenant')
self._mock_user_create('123456', 'fake_admin_user')
self._mock_list_roles('123456', 'admin')
iso_creds.get_admin_creds()
creds.get_admin_creds()
user_mock = self.patch(
'tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_user')
tenant_mock = self.patch(
'tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_tenant')
iso_creds.clear_isolated_creds()
creds.clear_creds()
# Verify user delete calls
calls = user_mock.mock_calls
self.assertEqual(len(calls), 3)
@ -248,12 +249,12 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_alt_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
alt_creds = iso_creds.get_alt_creds()
alt_creds = creds.get_alt_creds()
self.assertEqual(alt_creds.username, 'fake_alt_user')
self.assertEqual(alt_creds.tenant_name, 'fake_alt_tenant')
# Verify IDs
@ -263,22 +264,22 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_no_network_creation_with_config_set(self, MockRestClient):
cfg.CONF.set_default('create_isolated_networks', False, group='auth')
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
net = mock.patch.object(iso_creds.networks_admin_client,
net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
subnet = mock.patch.object(iso_creds.network_admin_client,
subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
router = mock.patch.object(iso_creds.network_admin_client,
router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
primary_creds = iso_creds.get_primary_creds()
primary_creds = creds.get_primary_creds()
self.assertEqual(net_mock.mock_calls, [])
self.assertEqual(subnet_mock.mock_calls, [])
self.assertEqual(router_mock.mock_calls, [])
@ -291,18 +292,18 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_net')
self._mock_subnet_create(iso_creds, '1234', 'fake_subnet')
self._mock_network_create(creds, '1234', 'fake_net')
self._mock_subnet_create(creds, '1234', 'fake_subnet')
self._mock_router_create('1234', 'fake_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
primary_creds = iso_creds.get_primary_creds()
primary_creds = creds.get_primary_creds()
router_interface_mock.called_once_with('1234', '1234')
network = primary_creds.network
subnet = primary_creds.subnet
@ -322,73 +323,71 @@ class TestTenantIsolation(base.TestCase):
"description": args['name'],
"security_group_rules": [],
"id": "sg-%s" % args['tenant_id']}]}
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
# Create primary tenant and network
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_net')
self._mock_subnet_create(iso_creds, '1234', 'fake_subnet')
self._mock_network_create(creds, '1234', 'fake_net')
self._mock_subnet_create(creds, '1234', 'fake_subnet')
self._mock_router_create('1234', 'fake_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
iso_creds.get_primary_creds()
creds.get_primary_creds()
router_interface_mock.called_once_with('1234', '1234')
router_interface_mock.reset_mock()
# Create alternate tenant and network
self._mock_user_create('12345', 'fake_alt_user')
self._mock_tenant_create('12345', 'fake_alt_tenant')
self._mock_network_create(iso_creds, '12345', 'fake_alt_net')
self._mock_subnet_create(iso_creds, '12345',
'fake_alt_subnet')
self._mock_network_create(creds, '12345', 'fake_alt_net')
self._mock_subnet_create(creds, '12345', 'fake_alt_subnet')
self._mock_router_create('12345', 'fake_alt_router')
iso_creds.get_alt_creds()
creds.get_alt_creds()
router_interface_mock.called_once_with('12345', '12345')
router_interface_mock.reset_mock()
# Create admin tenant and networks
self._mock_user_create('123456', 'fake_admin_user')
self._mock_tenant_create('123456', 'fake_admin_tenant')
self._mock_network_create(iso_creds, '123456',
'fake_admin_net')
self._mock_subnet_create(iso_creds, '123456',
'fake_admin_subnet')
self._mock_network_create(creds, '123456', 'fake_admin_net')
self._mock_subnet_create(creds, '123456', 'fake_admin_subnet')
self._mock_router_create('123456', 'fake_admin_router')
self._mock_list_roles('123456', 'admin')
iso_creds.get_admin_creds()
creds.get_admin_creds()
self.patch('tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_user')
self.patch('tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_tenant')
net = mock.patch.object(iso_creds.networks_admin_client,
net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
subnet = mock.patch.object(iso_creds.network_admin_client,
subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
router = mock.patch.object(iso_creds.network_admin_client,
router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
remove_router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'remove_router_interface_with_subnet_id')
return_values = ({'status': 200}, {'ports': []})
port_list_mock = mock.patch.object(iso_creds.network_admin_client,
port_list_mock = mock.patch.object(creds.network_admin_client,
'list_ports',
return_value=return_values)
port_list_mock.start()
secgroup_list_mock = mock.patch.object(iso_creds.network_admin_client,
'list_security_groups',
side_effect=side_effect)
secgroup_list_mock = mock.patch.object(
creds.network_admin_client,
'list_security_groups',
side_effect=side_effect)
secgroup_list_mock.start()
return_values = (fake_http.fake_httplib({}, status=204), {})
remove_secgroup_mock = self.patch(
'tempest.services.network.json.network_client.'
'NetworkClient.delete', return_value=return_values)
iso_creds.clear_isolated_creds()
creds.clear_creds()
# Verify default security group delete
calls = remove_secgroup_mock.mock_calls
self.assertEqual(len(calls), 3)
@ -432,18 +431,18 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_alt_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_alt_net')
self._mock_subnet_create(iso_creds, '1234', 'fake_alt_subnet')
self._mock_network_create(creds, '1234', 'fake_alt_net')
self._mock_subnet_create(creds, '1234', 'fake_alt_subnet')
self._mock_router_create('1234', 'fake_alt_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
alt_creds = iso_creds.get_alt_creds()
alt_creds = creds.get_alt_creds()
router_interface_mock.called_once_with('1234', '1234')
network = alt_creds.network
subnet = alt_creds.subnet
@ -457,18 +456,18 @@ class TestTenantIsolation(base.TestCase):
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_admin_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds(name='test class')
creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_admin_net')
self._mock_subnet_create(iso_creds, '1234', 'fake_admin_subnet')
self._mock_network_create(creds, '1234', 'fake_admin_net')
self._mock_subnet_create(creds, '1234', 'fake_admin_subnet')
self._mock_router_create('1234', 'fake_admin_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
self._mock_list_roles('123456', 'admin')
admin_creds = iso_creds.get_admin_creds()
admin_creds = creds.get_admin_creds()
router_interface_mock.called_once_with('1234', '1234')
network = admin_creds.network
subnet = admin_creds.subnet
@ -488,23 +487,23 @@ class TestTenantIsolation(base.TestCase):
'subnet': False,
'dhcp': False,
}
iso_creds = isolated_creds.IsolatedCreds(name='test class',
network_resources=net_dict)
creds = dynamic_creds.DynamicCredentialProvider(
name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
net = mock.patch.object(iso_creds.networks_admin_client,
net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
subnet = mock.patch.object(iso_creds.network_admin_client,
subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
router = mock.patch.object(iso_creds.network_admin_client,
router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
primary_creds = iso_creds.get_primary_creds()
primary_creds = creds.get_primary_creds()
self.assertEqual(net_mock.mock_calls, [])
self.assertEqual(subnet_mock.mock_calls, [])
self.assertEqual(router_mock.mock_calls, [])
@ -523,14 +522,14 @@ class TestTenantIsolation(base.TestCase):
'subnet': False,
'dhcp': False,
}
iso_creds = isolated_creds.IsolatedCreds(name='test class',
network_resources=net_dict)
creds = dynamic_creds.DynamicCredentialProvider(
name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
iso_creds.get_primary_creds)
creds.get_primary_creds)
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_subnet_without_network(self, MockRestClient):
@ -540,14 +539,14 @@ class TestTenantIsolation(base.TestCase):
'subnet': True,
'dhcp': False,
}
iso_creds = isolated_creds.IsolatedCreds(name='test class',
network_resources=net_dict)
creds = dynamic_creds.DynamicCredentialProvider(
name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
iso_creds.get_primary_creds)
creds.get_primary_creds)
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_dhcp_without_subnet(self, MockRestClient):
@ -557,11 +556,11 @@ class TestTenantIsolation(base.TestCase):
'subnet': False,
'dhcp': True,
}
iso_creds = isolated_creds.IsolatedCreds(name='test class',
network_resources=net_dict)
creds = dynamic_creds.DynamicCredentialProvider(
name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
iso_creds.get_primary_creds)
creds.get_primary_creds)