Skip network creation for system and domain scoped token

For 'domain' and 'system' scoped token, there is no project_id so we cannot create the network which need project id as one of the parameter. In Xena PTG[1], we have discussed about project mapped resource creation/managing with system token - L77-140 https://etherpad.opendev.org/p/nova-xena-ptg - https://etherpad.opendev.org/p/consuming-system-scope Once we sort out the network ceration or need for system, domain scoped token then we can update the newtork creation in Tempest. Change-Id: If6ae6465369c9018c716d48555fd99fc90ce0e59
2021-06-25 11:50:03 -05:00 · 2021-06-25 11:50:03 -05:00 · 5dcdd41dda
parent e638ce8b52
commit 5dcdd41dda
1 changed files with 17 additions and 7 deletions
--- a/tempest/lib/common/dynamic_creds.py
+++ b/tempest/lib/common/dynamic_creds.py
@ -407,13 +407,23 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
            # Maintained until tests are ported
            LOG.info("Acquired dynamic creds:\n"
                     " credentials: %s", credentials)
-            if (self.neutron_available and self.create_networks):
-                network, subnet, router = self._create_network_resources(
-                    credentials.tenant_id)
-                credentials.set_resources(network=network, subnet=subnet,
-                                          router=router)
-                LOG.info("Created isolated network resources for:\n"
-                         " credentials: %s", credentials)
+            # NOTE(gmann): For 'domain' and 'system' scoped token, there is no
+            # project_id so we are skipping the network creation for both
+            # scope. How these scoped token can create the network, Nova
+            # server or other project mapped resources is one of the open
+            # question and discussed a lot in Xena cycle PTG. Once we sort
+            # out that then if needed we can update the network creation here.
+            if (not scope or scope == 'project'):
+                if (self.neutron_available and self.create_networks):
+                    network, subnet, router = self._create_network_resources(
+                        credentials.tenant_id)
+                    credentials.set_resources(network=network, subnet=subnet,
+                                              router=router)
+                    LOG.info("Created isolated network resources for:\n"
+                             " credentials: %s", credentials)
+            else:
+                LOG.info("Network resources are not created for scope: %s",
+                         scope)
        return credentials

    # TODO(gmann): Remove this method in favor of get_project_member_creds()