Allow v3 identity to work without the admin domain name

The problem was that the value of admin_domain_name was required in order to use identity v3 even if no admin was being used. A new option auth.default_credentials_domain_name is used instead of admin_domain_name except when requesting admin creds. This defaults to 'Default' which is the name keystone uses for compatibility with v2. Because tenant_isolation and pre-provisioned credentials are mutually exclusive, and to avoid having too many config options, the new option is used instead of tenant_isolation_domain_name as well. Change-Id: I52f0d4c0cc7e5eafa896776b12315ed6154dfae2
2015-07-28 14:05:20 -04:00 · 2015-07-28 14:05:20 -04:00 · 87fc7e9ac0
parent 74647862be
commit 87fc7e9ac0
5 changed files with 21 additions and 18 deletions
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@ -123,10 +123,10 @@
 # Roles to assign to all users created by tempest (list value)
 #tempest_roles =

-# Only applicable when identity.auth_version is v3.Domain within which
-# isolated credentials are provisioned.The default "None" means that
-# the domain from theadmin user is used instead. (string value)
-#tenant_isolation_domain_name = <None>
+# Default domain used when getting v3 credentials. This is the name
+# keystone uses for v2 compatibility. (string value)
+# Deprecated group/name - [auth]/tenant_isolation_domain_name
+#default_credentials_domain_name = Default

 # If allow_tenant_isolation is set to True and Neutron is enabled
 # Tempest will try to create a useable network, subnet, and router
--- a/tempest/common/accounts.py
+++ b/tempest/common/accounts.py
@ -216,7 +216,7 @@ class Accounts(cred_provider.CredentialProvider):
            if ('user_domain_name' in init_attributes and 'user_domain_name'
                    not in hash_attributes):
                # Allow for the case of domain_name populated from config
-                domain_name = CONF.identity.admin_domain_name
+                domain_name = CONF.auth.default_credentials_domain_name
                hash_attributes['user_domain_name'] = domain_name
            if all([getattr(creds, k) == hash_attributes[k] for
                   k in init_attributes]):
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@ -84,9 +84,9 @@ def get_credentials(fill_in=True, identity_version=None, **kwargs):
        domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
                            if 'domain' in x)
        if not domain_fields.intersection(kwargs.keys()):
-            # TODO(andreaf) It might be better here to use a dedicated config
-            # option such as CONF.auth.tenant_isolation_domain_name
-            params['user_domain_name'] = CONF.identity.admin_domain_name
+            domain_name = CONF.auth.default_credentials_domain_name
+            params['user_domain_name'] = domain_name
+
        auth_url = CONF.identity.uri_v3
    else:
        auth_url = CONF.identity.uri
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@ -163,8 +163,8 @@ class IsolatedCreds(cred_provider.CredentialProvider):
        self.creds_domain_name = None
        if self.identity_version == 'v3':
            self.creds_domain_name = (
-                CONF.auth.tenant_isolation_domain_name or
-                self.default_admin_creds.project_domain_name)
+                self.default_admin_creds.project_domain_name or
+                CONF.auth.default_credentials_domain_name)
        self.creds_client = get_creds_client(
            self.identity_admin_client, self.creds_domain_name)

--- a/tempest/config.py
+++ b/tempest/config.py
@ -67,12 +67,13 @@ AuthGroup = [
    cfg.ListOpt('tempest_roles',
                help="Roles to assign to all users created by tempest",
                default=[]),
-    cfg.StrOpt('tenant_isolation_domain_name',
-               default=None,
-               help="Only applicable when identity.auth_version is v3."
-                    "Domain within which isolated credentials are provisioned."
-                    "The default \"None\" means that the domain from the"
-                    "admin user is used instead."),
+    cfg.StrOpt('default_credentials_domain_name',
+               default='Default',
+               help="Default domain used when getting v3 credentials. "
+                    "This is the name keystone uses for v2 compatibility.",
+               deprecated_opts=[cfg.DeprecatedOpt(
+                                'tenant_isolation_domain_name',
+                                group='auth')]),
    cfg.BoolOpt('create_isolated_networks',
                default=True,
                help="If allow_tenant_isolation is set to True and Neutron is "
@ -1257,9 +1258,11 @@ class TempestConfigPrivate(object):
        self.baremetal = _CONF.baremetal
        self.input_scenario = _CONF['input-scenario']
        self.negative = _CONF.negative
-        _CONF.set_default('domain_name', self.identity.admin_domain_name,
+        _CONF.set_default('domain_name',
+                          self.auth.default_credentials_domain_name,
                          group='identity')
-        _CONF.set_default('alt_domain_name', self.identity.admin_domain_name,
+        _CONF.set_default('alt_domain_name',
+                          self.auth.default_credentials_domain_name,
                          group='identity')

    def __init__(self, parse_conf=True, config_path=None):