openstack/tempest
Code Issues Proposed changes

Merge "Drop admin_role CONF dependency from cred provider"

Browse Source
This commit is contained in:
Jenkins 2015-10-30 03:01:13 +00:00 committed by Gerrit Code Review
commit 5401fadd9d
6 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tempest/common/cred_provider.py
View File

@ -99,7 +99,7 @@ def get_credentials(fill_in=True, identity_version=None, **kwargs):
@six.add_metaclass(abc.ABCMeta) @six.add_metaclass(abc.ABCMeta)
class CredentialProvider(object): class CredentialProvider(object):
def __init__(self, identity_version, name=None, network_resources=None, def __init__(self, identity_version, name=None, network_resources=None,
credentials_domain=None): credentials_domain=None, admin_role=None):
"""A CredentialProvider supplies credentials to test classes. """A CredentialProvider supplies credentials to test classes.
:param identity_version: Identity version of the credentials provided :param identity_version: Identity version of the credentials provided
:param name: Name of the calling test. Included in provisioned :param name: Name of the calling test. Included in provisioned
@ -107,11 +107,13 @@ class CredentialProvider(object):
:param network_resources: Network resources required for the :param network_resources: Network resources required for the
credentials credentials
:param credentials_domain: Domain credentials belong to :param credentials_domain: Domain credentials belong to
:param admin_role: Name of the role of the admin account
""" """
self.identity_version = identity_version self.identity_version = identity_version
self.name = name or "test_creds" self.name = name or "test_creds"
self.network_resources = network_resources self.network_resources = network_resources
self.credentials_domain = credentials_domain or 'Default' self.credentials_domain = credentials_domain or 'Default'
self.admin_role = admin_role
if not auth.is_identity_version_supported(self.identity_version): if not auth.is_identity_version_supported(self.identity_version):
raise exceptions.InvalidIdentityVersion( raise exceptions.InvalidIdentityVersion(
identity_version=self.identity_version) identity_version=self.identity_version)

18
tempest/common/credentials.py
View File

@ -38,17 +38,20 @@ def get_credentials_provider(name, network_resources=None,
name=name, name=name,
network_resources=network_resources, network_resources=network_resources,
identity_version=identity_version, identity_version=identity_version,
credentials_domain=CONF.auth.default_credentials_domain_name) credentials_domain=CONF.auth.default_credentials_domain_name,
admin_role=CONF.identity.admin_role)
else: else:
if (CONF.auth.test_accounts_file and if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)): os.path.isfile(CONF.auth.test_accounts_file)):
# Most params are not relevant for pre-created accounts # Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider( return preprov_creds.PreProvisionedCredentialProvider(
name=name, identity_version=identity_version, name=name, identity_version=identity_version,
credentials_domain=CONF.auth.default_credentials_domain_name) credentials_domain=CONF.auth.default_credentials_domain_name,
admin_role=CONF.identity.admin_role)
else: else:
return preprov_creds.NonLockingCredentialProvider( return preprov_creds.NonLockingCredentialProvider(
name=name, identity_version=identity_version) name=name, identity_version=identity_version,
admin_role=CONF.identity.admin_role)
# We want a helper function here to check and see if admin credentials # We want a helper function here to check and see if admin credentials
@ -65,7 +68,8 @@ def is_admin_available(identity_version):
elif (CONF.auth.test_accounts_file and elif (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)): os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider( check_accounts = preprov_creds.PreProvisionedCredentialProvider(
identity_version=identity_version, name='check_admin') identity_version=identity_version, name='check_admin',
admin_role=CONF.identity.admin_role)
if not check_accounts.admin_available(): if not check_accounts.admin_available():
is_admin = False is_admin = False
else: else:
@ -91,10 +95,12 @@ def is_alt_available(identity_version):
if (CONF.auth.test_accounts_file and if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)): os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider( check_accounts = preprov_creds.PreProvisionedCredentialProvider(
identity_version=identity_version, name='check_alt') identity_version=identity_version, name='check_alt',
admin_role=CONF.identity.admin_role)
else: else:
check_accounts = preprov_creds.NonLockingCredentialProvider( check_accounts = preprov_creds.NonLockingCredentialProvider(
identity_version=identity_version, name='check_alt') identity_version=identity_version, name='check_alt',
admin_role=CONF.identity.admin_role)
try: try:
if not check_accounts.is_multi_user(): if not check_accounts.is_multi_user():
return False return False

6
tempest/common/dynamic_creds.py
View File

@ -31,11 +31,11 @@ LOG = logging.getLogger(__name__)
class DynamicCredentialProvider(cred_provider.CredentialProvider): class DynamicCredentialProvider(cred_provider.CredentialProvider):
def __init__(self, identity_version, name=None, network_resources=None, def __init__(self, identity_version, name=None, network_resources=None,
credentials_domain=None): credentials_domain=None, admin_role=None):
super(DynamicCredentialProvider, self).__init__( super(DynamicCredentialProvider, self).__init__(
identity_version=identity_version, name=name, identity_version=identity_version, name=name,
network_resources=network_resources, network_resources=network_resources,
credentials_domain=credentials_domain) credentials_domain=credentials_domain, admin_role=admin_role)
self._creds = {} self._creds = {}
self.ports = [] self.ports = []
self.default_admin_creds = cred_provider.get_configured_credentials( self.default_admin_creds = cred_provider.get_configured_credentials(
@ -99,7 +99,7 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
role_assigned = False role_assigned = False
if admin: if admin:
self.creds_client.assign_user_role(user, project, self.creds_client.assign_user_role(user, project,
CONF.identity.admin_role) self.admin_role)
role_assigned = True role_assigned = True
# Add roles specified in config file # Add roles specified in config file
for conf_role in CONF.auth.tempest_roles: for conf_role in CONF.auth.tempest_roles:

21
tempest/common/preprov_creds.py
View File

@ -39,10 +39,11 @@ def read_accounts_yaml(path):
class PreProvisionedCredentialProvider(cred_provider.CredentialProvider): class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
def __init__(self, identity_version, name=None, credentials_domain=None): def __init__(self, identity_version, name=None, credentials_domain=None,
admin_role=None):
super(PreProvisionedCredentialProvider, self).__init__( super(PreProvisionedCredentialProvider, self).__init__(
identity_version=identity_version, name=name, identity_version=identity_version, name=name,
credentials_domain=credentials_domain) credentials_domain=credentials_domain, admin_role=admin_role)
if (CONF.auth.test_accounts_file and if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)): os.path.isfile(CONF.auth.test_accounts_file)):
accounts = read_accounts_yaml(CONF.auth.test_accounts_file) accounts = read_accounts_yaml(CONF.auth.test_accounts_file)
@ -50,7 +51,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
else: else:
accounts = {} accounts = {}
self.use_default_creds = True self.use_default_creds = True
self.hash_dict = self.get_hash_dict(accounts) self.hash_dict = self.get_hash_dict(accounts, admin_role)
self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF), self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF),
'test_accounts') 'test_accounts')
self._creds = {} self._creds = {}
@ -64,7 +65,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
return hash_dict return hash_dict
@classmethod @classmethod
def get_hash_dict(cls, accounts): def get_hash_dict(cls, accounts, admin_role):
hash_dict = {'roles': {}, 'creds': {}, 'networks': {}} hash_dict = {'roles': {}, 'creds': {}, 'networks': {}}
# Loop over the accounts read from the yaml file # Loop over the accounts read from the yaml file
for account in accounts: for account in accounts:
@ -88,8 +89,8 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
# subdict with the hash # subdict with the hash
for type in types: for type in types:
if type == 'admin': if type == 'admin':
hash_dict = cls._append_role(CONF.identity.admin_role, hash_dict = cls._append_role(admin_role, temp_hash_key,
temp_hash_key, hash_dict) hash_dict)
elif type == 'operator': elif type == 'operator':
hash_dict = cls._append_role( hash_dict = cls._append_role(
CONF.object_storage.operator_role, temp_hash_key, CONF.object_storage.operator_role, temp_hash_key,
@ -174,9 +175,9 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
# privlege set which could potentially cause issues on tests where that # privlege set which could potentially cause issues on tests where that
# is not expected. So unless the admin role isn't specified do not # is not expected. So unless the admin role isn't specified do not
# allocate admin. # allocate admin.
admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role, admin_hashes = self.hash_dict['roles'].get(self.admin_role,
None) None)
if ((not roles or CONF.identity.admin_role not in roles) and if ((not roles or self.admin_role not in roles) and
admin_hashes): admin_hashes):
useable_hashes = [x for x in hashes if x not in admin_hashes] useable_hashes = [x for x in hashes if x not in admin_hashes]
else: else:
@ -267,7 +268,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
self.remove_credentials(creds) self.remove_credentials(creds)
def get_admin_creds(self): def get_admin_creds(self):
return self.get_creds_by_roles([CONF.identity.admin_role]) return self.get_creds_by_roles([self.admin_role])
def is_role_available(self, role): def is_role_available(self, role):
if self.use_default_creds: if self.use_default_creds:
@ -278,7 +279,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
return False return False
def admin_available(self): def admin_available(self):
return self.is_role_available(CONF.identity.admin_role) return self.is_role_available(self.admin_role)
def _wrap_creds_with_network(self, hash): def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash] creds_dict = self.hash_dict['creds'][hash]

9
tempest/tests/common/test_preprov_creds.py
View File

@ -37,7 +37,8 @@ from tempest.tests import fake_identity
class TestPreProvisionedCredentials(base.TestCase): class TestPreProvisionedCredentials(base.TestCase):
fixed_params = {'name': 'test class', fixed_params = {'name': 'test class',
'identity_version': 'v2'} 'identity_version': 'v2',
'admin_role': 'admin'}
def setUp(self): def setUp(self):
super(TestPreProvisionedCredentials, self).setUp() super(TestPreProvisionedCredentials, self).setUp()
@ -103,7 +104,8 @@ class TestPreProvisionedCredentials(base.TestCase):
def test_get_hash_dict(self): def test_get_hash_dict(self):
test_account_class = preprov_creds.PreProvisionedCredentialProvider( test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params) **self.fixed_params)
hash_dict = test_account_class.get_hash_dict(self.test_accounts) hash_dict = test_account_class.get_hash_dict(
self.test_accounts, self.fixed_params['admin_role'])
hash_list = self._get_hash_list(self.test_accounts) hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list: for hash in hash_list:
self.assertIn(hash, hash_dict['creds'].keys()) self.assertIn(hash, hash_dict['creds'].keys())
@ -332,7 +334,8 @@ class TestPreProvisionedCredentials(base.TestCase):
class TestNotLockingAccount(base.TestCase): class TestNotLockingAccount(base.TestCase):
fixed_params = {'name': 'test class', fixed_params = {'name': 'test class',
'identity_version': 'v2'} 'identity_version': 'v2',
'admin_role': 'admin'}
def setUp(self): def setUp(self):
super(TestNotLockingAccount, self).setUp() super(TestNotLockingAccount, self).setUp()

3
tempest/tests/test_dynamic_creds.py
View File

@ -33,7 +33,8 @@ from tempest.tests import fake_identity
class TestDynamicCredentialProvider(base.TestCase): class TestDynamicCredentialProvider(base.TestCase):
fixed_params = {'name': 'test class', fixed_params = {'name': 'test class',
'identity_version': 'v2'} 'identity_version': 'v2',
'admin_role': 'admin'}
def setUp(self): def setUp(self):
super(TestDynamicCredentialProvider, self).setUp() super(TestDynamicCredentialProvider, self).setUp()