Merge "Drop admin_role CONF dependency from cred provider"

tempest/common/cred_provider.py

@@ -99,7 +99,7 @@ def get_credentials(fill_in=True, identity_version=None, **kwargs):
 @six.add_metaclass(abc.ABCMeta)
 class CredentialProvider(object):
     def __init__(self, identity_version, name=None, network_resources=None,
-                 credentials_domain=None):
+                 credentials_domain=None, admin_role=None):
         """A CredentialProvider supplies credentials to test classes.
         :param identity_version: Identity version of the credentials provided
         :param name: Name of the calling test. Included in provisioned
@@ -107,11 +107,13 @@ class CredentialProvider(object):
         :param network_resources: Network resources required for the
                                   credentials
         :param credentials_domain: Domain credentials belong to
+        :param admin_role: Name of the role of the admin account
         """
         self.identity_version = identity_version
         self.name = name or "test_creds"
         self.network_resources = network_resources
         self.credentials_domain = credentials_domain or 'Default'
+        self.admin_role = admin_role
         if not auth.is_identity_version_supported(self.identity_version):
             raise exceptions.InvalidIdentityVersion(
                 identity_version=self.identity_version)

tempest/common/credentials.py

@@ -38,17 +38,20 @@ def get_credentials_provider(name, network_resources=None,
             name=name,
             network_resources=network_resources,
             identity_version=identity_version,
-            credentials_domain=CONF.auth.default_credentials_domain_name)
+            credentials_domain=CONF.auth.default_credentials_domain_name,
+            admin_role=CONF.identity.admin_role)
     else:
         if (CONF.auth.test_accounts_file and
                 os.path.isfile(CONF.auth.test_accounts_file)):
             # Most params are not relevant for pre-created accounts
             return preprov_creds.PreProvisionedCredentialProvider(
                 name=name, identity_version=identity_version,
-                credentials_domain=CONF.auth.default_credentials_domain_name)
+                credentials_domain=CONF.auth.default_credentials_domain_name,
+                admin_role=CONF.identity.admin_role)
         else:
             return preprov_creds.NonLockingCredentialProvider(
-                name=name, identity_version=identity_version)
+                name=name, identity_version=identity_version,
+                admin_role=CONF.identity.admin_role)
 
 
 # We want a helper function here to check and see if admin credentials
@@ -65,7 +68,8 @@ def is_admin_available(identity_version):
     elif (CONF.auth.test_accounts_file and
             os.path.isfile(CONF.auth.test_accounts_file)):
         check_accounts = preprov_creds.PreProvisionedCredentialProvider(
-            identity_version=identity_version, name='check_admin')
+            identity_version=identity_version, name='check_admin',
+            admin_role=CONF.identity.admin_role)
         if not check_accounts.admin_available():
             is_admin = False
     else:
@@ -91,10 +95,12 @@ def is_alt_available(identity_version):
     if (CONF.auth.test_accounts_file and
             os.path.isfile(CONF.auth.test_accounts_file)):
         check_accounts = preprov_creds.PreProvisionedCredentialProvider(
-            identity_version=identity_version, name='check_alt')
+            identity_version=identity_version, name='check_alt',
+            admin_role=CONF.identity.admin_role)
     else:
         check_accounts = preprov_creds.NonLockingCredentialProvider(
-            identity_version=identity_version, name='check_alt')
+            identity_version=identity_version, name='check_alt',
+            admin_role=CONF.identity.admin_role)
     try:
         if not check_accounts.is_multi_user():
             return False

tempest/common/dynamic_creds.py

@@ -31,11 +31,11 @@ LOG = logging.getLogger(__name__)
 class DynamicCredentialProvider(cred_provider.CredentialProvider):
 
     def __init__(self, identity_version, name=None, network_resources=None,
-                 credentials_domain=None):
+                 credentials_domain=None, admin_role=None):
         super(DynamicCredentialProvider, self).__init__(
             identity_version=identity_version, name=name,
             network_resources=network_resources,
-            credentials_domain=credentials_domain)
+            credentials_domain=credentials_domain, admin_role=admin_role)
         self._creds = {}
         self.ports = []
         self.default_admin_creds = cred_provider.get_configured_credentials(
@@ -99,7 +99,7 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
         role_assigned = False
         if admin:
             self.creds_client.assign_user_role(user, project,
-                                               CONF.identity.admin_role)
+                                               self.admin_role)
             role_assigned = True
         # Add roles specified in config file
         for conf_role in CONF.auth.tempest_roles:

tempest/common/preprov_creds.py

@@ -39,10 +39,11 @@ def read_accounts_yaml(path):
 
 class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
 
-    def __init__(self, identity_version, name=None, credentials_domain=None):
+    def __init__(self, identity_version, name=None, credentials_domain=None,
+                 admin_role=None):
         super(PreProvisionedCredentialProvider, self).__init__(
             identity_version=identity_version, name=name,
-            credentials_domain=credentials_domain)
+            credentials_domain=credentials_domain, admin_role=admin_role)
         if (CONF.auth.test_accounts_file and
                 os.path.isfile(CONF.auth.test_accounts_file)):
             accounts = read_accounts_yaml(CONF.auth.test_accounts_file)
@@ -50,7 +51,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
         else:
             accounts = {}
             self.use_default_creds = True
-        self.hash_dict = self.get_hash_dict(accounts)
+        self.hash_dict = self.get_hash_dict(accounts, admin_role)
         self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF),
                                          'test_accounts')
         self._creds = {}
@@ -64,7 +65,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
         return hash_dict
 
     @classmethod
-    def get_hash_dict(cls, accounts):
+    def get_hash_dict(cls, accounts, admin_role):
         hash_dict = {'roles': {}, 'creds': {}, 'networks': {}}
         # Loop over the accounts read from the yaml file
         for account in accounts:
@@ -88,8 +89,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
             # subdict with the hash
             for type in types:
                 if type == 'admin':
-                    hash_dict = cls._append_role(CONF.identity.admin_role,
-                                                 temp_hash_key, hash_dict)
+                    hash_dict = cls._append_role(admin_role, temp_hash_key,
+                                                 hash_dict)
                 elif type == 'operator':
                     hash_dict = cls._append_role(
                         CONF.object_storage.operator_role, temp_hash_key,
@@ -174,9 +175,9 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
         # privlege set which could potentially cause issues on tests where that
         # is not expected. So unless the admin role isn't specified do not
         # allocate admin.
-        admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role,
+        admin_hashes = self.hash_dict['roles'].get(self.admin_role,
                                                    None)
-        if ((not roles or CONF.identity.admin_role not in roles) and
+        if ((not roles or self.admin_role not in roles) and
                 admin_hashes):
             useable_hashes = [x for x in hashes if x not in admin_hashes]
         else:
@@ -267,7 +268,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
             self.remove_credentials(creds)
 
     def get_admin_creds(self):
-        return self.get_creds_by_roles([CONF.identity.admin_role])
+        return self.get_creds_by_roles([self.admin_role])
 
     def is_role_available(self, role):
         if self.use_default_creds:
@@ -278,7 +279,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
             return False
 
     def admin_available(self):
-        return self.is_role_available(CONF.identity.admin_role)
+        return self.is_role_available(self.admin_role)
 
     def _wrap_creds_with_network(self, hash):
         creds_dict = self.hash_dict['creds'][hash]

tempest/tests/common/test_preprov_creds.py

@@ -37,7 +37,8 @@ from tempest.tests import fake_identity
 class TestPreProvisionedCredentials(base.TestCase):
 
     fixed_params = {'name': 'test class',
-                    'identity_version': 'v2'}
+                    'identity_version': 'v2',
+                    'admin_role': 'admin'}
 
     def setUp(self):
         super(TestPreProvisionedCredentials, self).setUp()
@@ -103,7 +104,8 @@ class TestPreProvisionedCredentials(base.TestCase):
     def test_get_hash_dict(self):
         test_account_class = preprov_creds.PreProvisionedCredentialProvider(
             **self.fixed_params)
-        hash_dict = test_account_class.get_hash_dict(self.test_accounts)
+        hash_dict = test_account_class.get_hash_dict(
+            self.test_accounts, self.fixed_params['admin_role'])
         hash_list = self._get_hash_list(self.test_accounts)
         for hash in hash_list:
             self.assertIn(hash, hash_dict['creds'].keys())
@@ -332,7 +334,8 @@ class TestPreProvisionedCredentials(base.TestCase):
 class TestNotLockingAccount(base.TestCase):
 
     fixed_params = {'name': 'test class',
-                    'identity_version': 'v2'}
+                    'identity_version': 'v2',
+                    'admin_role': 'admin'}
 
     def setUp(self):
         super(TestNotLockingAccount, self).setUp()

tempest/tests/test_dynamic_creds.py

@@ -33,7 +33,8 @@ from tempest.tests import fake_identity
 class TestDynamicCredentialProvider(base.TestCase):
 
     fixed_params = {'name': 'test class',
-                    'identity_version': 'v2'}
+                    'identity_version': 'v2',
+                    'admin_role': 'admin'}
 
     def setUp(self):
         super(TestDynamicCredentialProvider, self).setUp()