Merge "Add SRBAC alt manager persona to dynamic credentials"

2025-11-30 19:25:38 +00:00
parent 8ccefd4bea c2bd5af224
commit 7cc9ef2b96
5 changed files with 20 additions and 6 deletions
--- a/releasenotes/notes/add-alt-manager-dynamic-creds-f8f1007862ea5dfb.yaml
+++ b/releasenotes/notes/add-alt-manager-dynamic-creds-f8f1007862ea5dfb.yaml
@@ -0,0 +1,4 @@
 ---
 features:
  - |
    Add alt manager role to the dynamic credentials provider for project scope.
--- a/tempest/lib/common/cred_provider.py
+++ b/tempest/lib/common/cred_provider.py
@@ -99,6 +99,10 @@ class CredentialProvider(object, metaclass=abc.ABCMeta):
    def get_project_manager_creds(self):
        return
    @abc.abstractmethod
    def get_project_alt_manager_creds(self):
        return
    @abc.abstractmethod
    def get_project_member_creds(self):
        return
--- a/tempest/lib/common/dynamic_creds.py
+++ b/tempest/lib/common/dynamic_creds.py
@@ -427,7 +427,8 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
                elif credential_type in [['admin'], ['alt_admin']]:
                    credentials = self._create_creds(
                        admin=True, scope=scope, project_id=project_id)
-                elif credential_type in [['alt_member'], ['alt_reader']]:
+                elif credential_type in [['alt_manager'], ['alt_member'],
                                         ['alt_reader']]:
                    cred_type = credential_type[0][4:]
                    if isinstance(cred_type, str):
                        cred_type = [cred_type]
@@ -511,6 +512,9 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
    def get_project_manager_creds(self):
        return self.get_credentials(['manager'], scope='project')
    def get_project_alt_manager_creds(self):
        return self.get_credentials(['alt_manager'], scope='project')
    def get_project_member_creds(self):
        return self.get_credentials(['member'], scope='project')
--- a/tempest/lib/common/preprov_creds.py
+++ b/tempest/lib/common/preprov_creds.py
@@ -392,6 +392,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
        self._creds['project_manager'] = project_manager
        return project_manager
    def get_project_alt_manager_creds(self):
        # TODO(msava):Implement alt manager hash.
        return
    def get_project_member_creds(self):
        if self._creds.get('project_member'):
            return self._creds.get('project_member')
--- a/tempest/tests/lib/common/test_dynamic_creds.py
+++ b/tempest/tests/lib/common/test_dynamic_creds.py
@@ -248,6 +248,7 @@ class TestDynamicCredentialProvider(base.TestCase):
        creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
        if test_alt_creds:
            admin_func = creds.get_project_alt_admin_creds
            manager_func = creds.get_project_alt_manager_creds
            member_func = creds.get_project_alt_member_creds
            reader_func = creds.get_project_alt_reader_creds
        else:
@@ -290,11 +291,8 @@ class TestDynamicCredentialProvider(base.TestCase):
        # Now request for the project manager creds which should not create new
        # project instead should use the project_id of member_creds already
        # created project.
-        # TODO(gmaan): test test_alt_creds also once alt project
+        self._request_and_check_second_creds(
-        # manager is available.
+            creds, manager_func, member_creds, show_mock, sm_count=3)
        if not test_alt_creds:
            self._request_and_check_second_creds(
                creds, manager_func, member_creds, show_mock, sm_count=3)
    def test_creds_within_same_project(self):
        self._creds_within_same_project()