Add alt project persona in dynamic credential
Tempest dynamic credential does not support two separate project admin or reader but sometime we need to check the test behavior by requesting API with different project admin or reader role. This commit add support of alt project admin and reader, also provide consistent method name for alt project member role. Change-Id: I11248fd0906d910180be30de7b59231e534b4563
This commit is contained in:
Ghanshyam Mann
parent
ed0a1bbbb0
commit
420586c8b4
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Add project alternate admin, member and reader role for dynamic credentials.
|
||||
@ -85,14 +85,26 @@ class CredentialProvider(object, metaclass=abc.ABCMeta):
|
||||
def get_project_admin_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project_alt_admin_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project_member_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project_alt_member_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project_reader_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project_alt_reader_creds(self):
|
||||
return
|
||||
|
||||
@abc.abstractmethod
|
||||
def clear_creds(self):
|
||||
return
|
||||
|
||||
@ -379,12 +379,15 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
|
||||
credentials = self._creds["%s_%s" % (scope, credential_type[0])]
|
||||
else:
|
||||
if scope:
|
||||
if credential_type == 'admin':
|
||||
if credential_type in [['admin'], ['alt_admin']]:
|
||||
credentials = self._create_creds(
|
||||
admin=True, scope=scope)
|
||||
else:
|
||||
cred_type = credential_type
|
||||
if credential_type in [['alt_member'], ['alt_reader']]:
|
||||
cred_type = credential_type[0][4:]
|
||||
credentials = self._create_creds(
|
||||
roles=credential_type, scope=scope)
|
||||
roles=[cred_type], scope=scope)
|
||||
elif credential_type in ['primary', 'alt', 'admin']:
|
||||
is_admin = (credential_type == 'admin')
|
||||
credentials = self._create_creds(admin=is_admin)
|
||||
@ -443,12 +446,21 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
|
||||
def get_project_admin_creds(self):
|
||||
return self.get_credentials(['admin'], scope='project')
|
||||
|
||||
def get_project_alt_admin_creds(self):
|
||||
return self.get_credentials(['alt_admin'], scope='project')
|
||||
|
||||
def get_project_member_creds(self):
|
||||
return self.get_credentials(['member'], scope='project')
|
||||
|
||||
def get_project_alt_member_creds(self):
|
||||
return self.get_credentials(['alt_member'], scope='project')
|
||||
|
||||
def get_project_reader_creds(self):
|
||||
return self.get_credentials(['reader'], scope='project')
|
||||
|
||||
def get_project_alt_reader_creds(self):
|
||||
return self.get_credentials(['alt_reader'], scope='project')
|
||||
|
||||
def get_creds_by_roles(self, roles, force_new=False):
|
||||
roles = list(set(roles))
|
||||
# The roles list as a str will become the index as the dict key for
|
||||
|
||||
@ -374,6 +374,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
||||
self._creds['project_admin'] = project_admin
|
||||
return project_admin
|
||||
|
||||
def get_project_alt_admin_creds(self):
|
||||
# TODO(gmann): Implement alt admin hash.
|
||||
return
|
||||
|
||||
def get_project_member_creds(self):
|
||||
if self._creds.get('project_member'):
|
||||
return self._creds.get('project_member')
|
||||
@ -381,6 +385,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
||||
self._creds['project_member'] = project_member
|
||||
return project_member
|
||||
|
||||
def get_project_alt_member_creds(self):
|
||||
# TODO(gmann): Implement alt member hash.
|
||||
return
|
||||
|
||||
def get_project_reader_creds(self):
|
||||
if self._creds.get('project_reader'):
|
||||
return self._creds.get('project_reader')
|
||||
@ -388,6 +396,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
|
||||
self._creds['project_reader'] = project_reader
|
||||
return project_reader
|
||||
|
||||
def get_project_alt_reader_creds(self):
|
||||
# TODO(gmann): Implement alt reader hash.
|
||||
return
|
||||
|
||||
def get_creds_by_roles(self, roles, force_new=False):
|
||||
roles = list(set(roles))
|
||||
exist_creds = self._creds.get(str(roles).encode(
|
||||
|
||||
@ -296,6 +296,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
|
||||
identity_version = cls.get_identity_version()
|
||||
# setting force_tenant_isolation to True also needs admin credentials.
|
||||
if ('admin' in cls.credentials or
|
||||
'alt_admin' in cls.credentials or
|
||||
getattr(cls, 'force_tenant_isolation', False)):
|
||||
if not credentials.is_admin_available(
|
||||
identity_version=identity_version):
|
||||
|
||||
@ -213,6 +213,56 @@ class TestDynamicCredentialProvider(base.TestCase):
|
||||
self.assertEqual(admin_creds.tenant_id, '1234')
|
||||
self.assertEqual(admin_creds.user_id, '1234')
|
||||
|
||||
@mock.patch('tempest.lib.common.rest_client.RestClient')
|
||||
def test_project_alt_admin_creds(self, MockRestClient):
|
||||
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
|
||||
self._mock_list_roles('1234', 'admin')
|
||||
self._mock_user_create('1234', 'fake_alt_admin_user')
|
||||
self._mock_tenant_create('1234', 'fake_alt_admin')
|
||||
|
||||
user_mock = mock.patch.object(self.roles_client.RolesClient,
|
||||
'create_user_role_on_project')
|
||||
user_mock.start()
|
||||
self.addCleanup(user_mock.stop)
|
||||
with mock.patch.object(self.roles_client.RolesClient,
|
||||
'create_user_role_on_project') as user_mock:
|
||||
alt_admin_creds = creds.get_project_alt_admin_creds()
|
||||
user_mock.assert_has_calls([
|
||||
mock.call('1234', '1234', '1234')])
|
||||
self.assertEqual(alt_admin_creds.username, 'fake_alt_admin_user')
|
||||
self.assertEqual(alt_admin_creds.project_name, 'fake_alt_admin')
|
||||
# Verify IDs
|
||||
self.assertEqual(alt_admin_creds.project_id, '1234')
|
||||
self.assertEqual(alt_admin_creds.user_id, '1234')
|
||||
|
||||
@mock.patch('tempest.lib.common.rest_client.RestClient')
|
||||
def test_project_alt_member_creds(self, MockRestClient):
|
||||
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
|
||||
self._mock_assign_user_role()
|
||||
self._mock_list_role()
|
||||
self._mock_tenant_create('1234', 'fake_alt_member')
|
||||
self._mock_user_create('1234', 'fake_alt_user')
|
||||
alt_member_creds = creds.get_project_alt_member_creds()
|
||||
self.assertEqual(alt_member_creds.username, 'fake_alt_user')
|
||||
self.assertEqual(alt_member_creds.project_name, 'fake_alt_member')
|
||||
# Verify IDs
|
||||
self.assertEqual(alt_member_creds.project_id, '1234')
|
||||
self.assertEqual(alt_member_creds.user_id, '1234')
|
||||
|
||||
@mock.patch('tempest.lib.common.rest_client.RestClient')
|
||||
def test_project_alt_reader_creds(self, MockRestClient):
|
||||
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
|
||||
self._mock_assign_user_role()
|
||||
self._mock_list_roles('1234', 'reader')
|
||||
self._mock_tenant_create('1234', 'fake_alt_reader')
|
||||
self._mock_user_create('1234', 'fake_alt_user')
|
||||
alt_reader_creds = creds.get_project_alt_reader_creds()
|
||||
self.assertEqual(alt_reader_creds.username, 'fake_alt_user')
|
||||
self.assertEqual(alt_reader_creds.project_name, 'fake_alt_reader')
|
||||
# Verify IDs
|
||||
self.assertEqual(alt_reader_creds.project_id, '1234')
|
||||
self.assertEqual(alt_reader_creds.user_id, '1234')
|
||||
|
||||
@mock.patch('tempest.lib.common.rest_client.RestClient')
|
||||
def test_role_creds(self, MockRestClient):
|
||||
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user