openstack/tempest
Code Issues Proposed changes

Allow v3 identity to work without the admin domain name

Browse Source 
The problem was that the value of admin_domain_name was required in order to
use identity v3 even if no admin was being used.

A new option auth.default_credentials_domain_name
is used instead of admin_domain_name except when requesting admin creds.
This defaults to 'Default' which is the name keystone uses for compatibility
with v2.
Because tenant_isolation and pre-provisioned credentials are mutually
exclusive, and to avoid having too many config options, the new option is
used instead of tenant_isolation_domain_name as well.

Change-Id: I52f0d4c0cc7e5eafa896776b12315ed6154dfae2
This commit is contained in:
David Kranz 2015-07-28 14:05:20 -04:00
parent 74647862be
commit 87fc7e9ac0
5 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/tempest.conf.sample
View File

@ -123,10 +123,10 @@
# Roles to assign to all users created by tempest (list value) # Roles to assign to all users created by tempest (list value)
#tempest_roles = #tempest_roles =
# Only applicable when identity.auth_version is v3.Domain within which # Default domain used when getting v3 credentials. This is the name
# isolated credentials are provisioned.The default "None" means that # keystone uses for v2 compatibility. (string value)
# the domain from theadmin user is used instead. (string value) # Deprecated group/name - [auth]/tenant_isolation_domain_name
#tenant_isolation_domain_name = <None> #default_credentials_domain_name = Default
# If allow_tenant_isolation is set to True and Neutron is enabled # If allow_tenant_isolation is set to True and Neutron is enabled
# Tempest will try to create a useable network, subnet, and router # Tempest will try to create a useable network, subnet, and router

2
tempest/common/accounts.py
View File

@ -216,7 +216,7 @@ class Accounts(cred_provider.CredentialProvider):
if ('user_domain_name' in init_attributes and 'user_domain_name' if ('user_domain_name' in init_attributes and 'user_domain_name'
not in hash_attributes): not in hash_attributes):
# Allow for the case of domain_name populated from config # Allow for the case of domain_name populated from config
domain_name = CONF.identity.admin_domain_name domain_name = CONF.auth.default_credentials_domain_name
hash_attributes['user_domain_name'] = domain_name hash_attributes['user_domain_name'] = domain_name
if all([getattr(creds, k) == hash_attributes[k] for if all([getattr(creds, k) == hash_attributes[k] for
k in init_attributes]): k in init_attributes]):

6
tempest/common/cred_provider.py
View File

@ -84,9 +84,9 @@ def get_credentials(fill_in=True, identity_version=None, **kwargs):
domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES domain_fields = set(x for x in auth.KeystoneV3Credentials.ATTRIBUTES
if 'domain' in x) if 'domain' in x)
if not domain_fields.intersection(kwargs.keys()): if not domain_fields.intersection(kwargs.keys()):
# TODO(andreaf) It might be better here to use a dedicated config domain_name = CONF.auth.default_credentials_domain_name
# option such as CONF.auth.tenant_isolation_domain_name params['user_domain_name'] = domain_name
params['user_domain_name'] = CONF.identity.admin_domain_name
auth_url = CONF.identity.uri_v3 auth_url = CONF.identity.uri_v3
else: else:
auth_url = CONF.identity.uri auth_url = CONF.identity.uri

4
tempest/common/isolated_creds.py
View File

@ -163,8 +163,8 @@ class IsolatedCreds(cred_provider.CredentialProvider):
self.creds_domain_name = None self.creds_domain_name = None
if self.identity_version == 'v3': if self.identity_version == 'v3':
self.creds_domain_name = ( self.creds_domain_name = (
CONF.auth.tenant_isolation_domain_name or self.default_admin_creds.project_domain_name or
self.default_admin_creds.project_domain_name) CONF.auth.default_credentials_domain_name)
self.creds_client = get_creds_client( self.creds_client = get_creds_client(
self.identity_admin_client, self.creds_domain_name) self.identity_admin_client, self.creds_domain_name)

19
tempest/config.py
View File

@ -67,12 +67,13 @@ AuthGroup = [
cfg.ListOpt('tempest_roles', cfg.ListOpt('tempest_roles',
help="Roles to assign to all users created by tempest", help="Roles to assign to all users created by tempest",
default=[]), default=[]),
cfg.StrOpt('tenant_isolation_domain_name', cfg.StrOpt('default_credentials_domain_name',
default=None, default='Default',
help="Only applicable when identity.auth_version is v3." help="Default domain used when getting v3 credentials. "
"Domain within which isolated credentials are provisioned." "This is the name keystone uses for v2 compatibility.",
"The default \"None\" means that the domain from the" deprecated_opts=[cfg.DeprecatedOpt(
"admin user is used instead."), 'tenant_isolation_domain_name',
group='auth')]),
cfg.BoolOpt('create_isolated_networks', cfg.BoolOpt('create_isolated_networks',
default=True, default=True,
help="If allow_tenant_isolation is set to True and Neutron is " help="If allow_tenant_isolation is set to True and Neutron is "
@ -1257,9 +1258,11 @@ class TempestConfigPrivate(object):
self.baremetal = _CONF.baremetal self.baremetal = _CONF.baremetal
self.input_scenario = _CONF['input-scenario'] self.input_scenario = _CONF['input-scenario']
self.negative = _CONF.negative self.negative = _CONF.negative
_CONF.set_default('domain_name', self.identity.admin_domain_name, _CONF.set_default('domain_name',
self.auth.default_credentials_domain_name,
group='identity') group='identity')
_CONF.set_default('alt_domain_name', self.identity.admin_domain_name, _CONF.set_default('alt_domain_name',
self.auth.default_credentials_domain_name,
group='identity') group='identity')
def __init__(self, parse_conf=True, config_path=None): def __init__(self, parse_conf=True, config_path=None):