Add config option to disable network isolation
This commit adds a new config option to the auth section, create_isolated_networks, to disable tenant isolation from attempting to create an isolated network stack on each created tenant. This is needed because in certain neutron configurations the extra resource creations are not need or not allowed. Change-Id: I0899a43709a0cb2967376e914248d2ad4a37773a Closes-Bug: #1447829
This commit is contained in:
parent
7068d88a65
commit
2219d3828b
|
@ -310,6 +310,12 @@ isolation it will enable running tests which require a static network and it
|
|||
will additionally be used as a fallback for server creation. However, unlike
|
||||
accounts.yaml this should never be triggered.
|
||||
|
||||
However, there is an option *create_isolated_networks* to disable tenant
|
||||
isolation's automatic provisioning of network resources. If this option is
|
||||
used you will have to either rely on there only being a single/default network
|
||||
available for the server creation, or use *fixed_network_name* to inform
|
||||
Tempest which network to use.
|
||||
|
||||
Configuring Available Services
|
||||
------------------------------
|
||||
OpenStack is really a constellation of several different projects which
|
||||
|
|
|
@ -122,6 +122,14 @@
|
|||
# the domain from theadmin user is used instead. (string value)
|
||||
#tenant_isolation_domain_name = <None>
|
||||
|
||||
# If allow_tenant_isolation is set to True and Neutron is enabled
|
||||
# Tempest will try to create a useable network, subnet, and router
|
||||
# when needed for each tenant it creates. However in some neutron
|
||||
# configurations, like with VLAN provider networks, this doesn't work.
|
||||
# So if set to False the isolated networks will not be created
|
||||
# (boolean value)
|
||||
#create_isolated_networks = true
|
||||
|
||||
|
||||
[baremetal]
|
||||
|
||||
|
|
|
@ -311,7 +311,8 @@ class IsolatedCreds(cred_provider.CredentialProvider):
|
|||
LOG.info("Acquired isolated creds:\n credentials: %s"
|
||||
% credentials)
|
||||
if (CONF.service_available.neutron and
|
||||
not CONF.baremetal.driver_enabled):
|
||||
not CONF.baremetal.driver_enabled and
|
||||
CONF.auth.create_isolated_networks):
|
||||
network, subnet, router = self._create_network_resources(
|
||||
credentials.tenant_id)
|
||||
credentials.set_resources(network=network, subnet=subnet,
|
||||
|
|
|
@ -69,7 +69,15 @@ AuthGroup = [
|
|||
help="Only applicable when identity.auth_version is v3."
|
||||
"Domain within which isolated credentials are provisioned."
|
||||
"The default \"None\" means that the domain from the"
|
||||
"admin user is used instead.")
|
||||
"admin user is used instead."),
|
||||
cfg.BoolOpt('create_isolated_networks',
|
||||
default=True,
|
||||
help="If allow_tenant_isolation is set to True and Neutron is "
|
||||
"enabled Tempest will try to create a useable network, "
|
||||
"subnet, and router when needed for each tenant it "
|
||||
"creates. However in some neutron configurations, like "
|
||||
"with VLAN provider networks, this doesn't work. So if "
|
||||
"set to False the isolated networks will not be created"),
|
||||
]
|
||||
|
||||
identity_group = cfg.OptGroup(name='identity',
|
||||
|
|
|
@ -267,6 +267,36 @@ class TestTenantIsolation(base.TestCase):
|
|||
self.assertEqual(alt_creds.tenant_id, '1234')
|
||||
self.assertEqual(alt_creds.user_id, '1234')
|
||||
|
||||
@mock.patch('tempest_lib.common.rest_client.RestClient')
|
||||
def test_no_network_creation_with_config_set(self, MockRestClient):
|
||||
cfg.CONF.set_default('create_isolated_networks', False, group='auth')
|
||||
iso_creds = isolated_creds.IsolatedCreds(name='test class',
|
||||
password='fake_password')
|
||||
self._mock_assign_user_role()
|
||||
self._mock_list_role()
|
||||
self._mock_user_create('1234', 'fake_prim_user')
|
||||
self._mock_tenant_create('1234', 'fake_prim_tenant')
|
||||
net = mock.patch.object(iso_creds.network_admin_client,
|
||||
'delete_network')
|
||||
net_mock = net.start()
|
||||
subnet = mock.patch.object(iso_creds.network_admin_client,
|
||||
'delete_subnet')
|
||||
subnet_mock = subnet.start()
|
||||
router = mock.patch.object(iso_creds.network_admin_client,
|
||||
'delete_router')
|
||||
router_mock = router.start()
|
||||
|
||||
primary_creds = iso_creds.get_primary_creds()
|
||||
self.assertEqual(net_mock.mock_calls, [])
|
||||
self.assertEqual(subnet_mock.mock_calls, [])
|
||||
self.assertEqual(router_mock.mock_calls, [])
|
||||
network = primary_creds.network
|
||||
subnet = primary_creds.subnet
|
||||
router = primary_creds.router
|
||||
self.assertIsNone(network)
|
||||
self.assertIsNone(subnet)
|
||||
self.assertIsNone(router)
|
||||
|
||||
@mock.patch('tempest_lib.common.rest_client.RestClient')
|
||||
def test_network_creation(self, MockRestClient):
|
||||
iso_creds = isolated_creds.IsolatedCreds(name='test class',
|
||||
|
|
Loading…
Reference in New Issue