Add alt project persona in dynamic credential

Tempest dynamic credential does not support two
separate project admin or reader but sometime we need to
check the test behavior by requesting API with
different project admin or reader role.

This commit add support of alt project admin and reader,
also provide consistent method name for alt project member
role.

Change-Id: I11248fd0906d910180be30de7b59231e534b4563
This commit is contained in:
Ghanshyam Mann 2021-01-29 13:23:18 -06:00
parent ed0a1bbbb0
commit 420586c8b4
6 changed files with 93 additions and 2 deletions

View File

@ -0,0 +1,4 @@
---
features:
- |
Add project alternate admin, member and reader role for dynamic credentials.

View File

@ -85,14 +85,26 @@ class CredentialProvider(object, metaclass=abc.ABCMeta):
def get_project_admin_creds(self):
return
@abc.abstractmethod
def get_project_alt_admin_creds(self):
return
@abc.abstractmethod
def get_project_member_creds(self):
return
@abc.abstractmethod
def get_project_alt_member_creds(self):
return
@abc.abstractmethod
def get_project_reader_creds(self):
return
@abc.abstractmethod
def get_project_alt_reader_creds(self):
return
@abc.abstractmethod
def clear_creds(self):
return

View File

@ -379,12 +379,15 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
credentials = self._creds["%s_%s" % (scope, credential_type[0])]
else:
if scope:
if credential_type == 'admin':
if credential_type in [['admin'], ['alt_admin']]:
credentials = self._create_creds(
admin=True, scope=scope)
else:
cred_type = credential_type
if credential_type in [['alt_member'], ['alt_reader']]:
cred_type = credential_type[0][4:]
credentials = self._create_creds(
roles=credential_type, scope=scope)
roles=[cred_type], scope=scope)
elif credential_type in ['primary', 'alt', 'admin']:
is_admin = (credential_type == 'admin')
credentials = self._create_creds(admin=is_admin)
@ -443,12 +446,21 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
def get_project_admin_creds(self):
return self.get_credentials(['admin'], scope='project')
def get_project_alt_admin_creds(self):
return self.get_credentials(['alt_admin'], scope='project')
def get_project_member_creds(self):
return self.get_credentials(['member'], scope='project')
def get_project_alt_member_creds(self):
return self.get_credentials(['alt_member'], scope='project')
def get_project_reader_creds(self):
return self.get_credentials(['reader'], scope='project')
def get_project_alt_reader_creds(self):
return self.get_credentials(['alt_reader'], scope='project')
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
# The roles list as a str will become the index as the dict key for

View File

@ -374,6 +374,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self._creds['project_admin'] = project_admin
return project_admin
def get_project_alt_admin_creds(self):
# TODO(gmann): Implement alt admin hash.
return
def get_project_member_creds(self):
if self._creds.get('project_member'):
return self._creds.get('project_member')
@ -381,6 +385,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self._creds['project_member'] = project_member
return project_member
def get_project_alt_member_creds(self):
# TODO(gmann): Implement alt member hash.
return
def get_project_reader_creds(self):
if self._creds.get('project_reader'):
return self._creds.get('project_reader')
@ -388,6 +396,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self._creds['project_reader'] = project_reader
return project_reader
def get_project_alt_reader_creds(self):
# TODO(gmann): Implement alt reader hash.
return
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
exist_creds = self._creds.get(str(roles).encode(

View File

@ -296,6 +296,7 @@ class BaseTestCase(testtools.testcase.WithAttributes,
identity_version = cls.get_identity_version()
# setting force_tenant_isolation to True also needs admin credentials.
if ('admin' in cls.credentials or
'alt_admin' in cls.credentials or
getattr(cls, 'force_tenant_isolation', False)):
if not credentials.is_admin_available(
identity_version=identity_version):

View File

@ -213,6 +213,56 @@ class TestDynamicCredentialProvider(base.TestCase):
self.assertEqual(admin_creds.tenant_id, '1234')
self.assertEqual(admin_creds.user_id, '1234')
@mock.patch('tempest.lib.common.rest_client.RestClient')
def test_project_alt_admin_creds(self, MockRestClient):
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self._mock_list_roles('1234', 'admin')
self._mock_user_create('1234', 'fake_alt_admin_user')
self._mock_tenant_create('1234', 'fake_alt_admin')
user_mock = mock.patch.object(self.roles_client.RolesClient,
'create_user_role_on_project')
user_mock.start()
self.addCleanup(user_mock.stop)
with mock.patch.object(self.roles_client.RolesClient,
'create_user_role_on_project') as user_mock:
alt_admin_creds = creds.get_project_alt_admin_creds()
user_mock.assert_has_calls([
mock.call('1234', '1234', '1234')])
self.assertEqual(alt_admin_creds.username, 'fake_alt_admin_user')
self.assertEqual(alt_admin_creds.project_name, 'fake_alt_admin')
# Verify IDs
self.assertEqual(alt_admin_creds.project_id, '1234')
self.assertEqual(alt_admin_creds.user_id, '1234')
@mock.patch('tempest.lib.common.rest_client.RestClient')
def test_project_alt_member_creds(self, MockRestClient):
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_alt_member')
self._mock_user_create('1234', 'fake_alt_user')
alt_member_creds = creds.get_project_alt_member_creds()
self.assertEqual(alt_member_creds.username, 'fake_alt_user')
self.assertEqual(alt_member_creds.project_name, 'fake_alt_member')
# Verify IDs
self.assertEqual(alt_member_creds.project_id, '1234')
self.assertEqual(alt_member_creds.user_id, '1234')
@mock.patch('tempest.lib.common.rest_client.RestClient')
def test_project_alt_reader_creds(self, MockRestClient):
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self._mock_assign_user_role()
self._mock_list_roles('1234', 'reader')
self._mock_tenant_create('1234', 'fake_alt_reader')
self._mock_user_create('1234', 'fake_alt_user')
alt_reader_creds = creds.get_project_alt_reader_creds()
self.assertEqual(alt_reader_creds.username, 'fake_alt_user')
self.assertEqual(alt_reader_creds.project_name, 'fake_alt_reader')
# Verify IDs
self.assertEqual(alt_reader_creds.project_id, '1234')
self.assertEqual(alt_reader_creds.user_id, '1234')
@mock.patch('tempest.lib.common.rest_client.RestClient')
def test_role_creds(self, MockRestClient):
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)