From a0710668324415497b3ae1b3968156333cc58644 Mon Sep 17 00:00:00 2001 From: Anna Pankiewicz Date: Tue, 24 Jul 2018 14:56:42 -0500 Subject: [PATCH] Support immutable user source If the keystone user source is immutable, such as an LDAP active directory implementation, tempest tests that try to create, delete or modify a user will fail. Instead of failing, we would like them to skip. Proposed is an additional config setting in the auth group called immutable_user_source that is defaulted to false. To handle this on a test by test basis and avoid modifying behavior that depends on the identity base class, we propose using a testtools decorator to skip tests based on the new config setting. One test class so far has been adjusted to use the decorator, and if the config setting is set to true, the tests will skip accordingly. Co-Authored-By: Michael Beaver Partial-Bug: 1777047 Change-Id: Idc09d6272386f026a899787c2151745916a7228d --- ...mmutable-user-source-support-dd17772a997075e0.yaml | 11 +++++++++++ tempest/api/identity/admin/v3/test_users.py | 8 ++++++++ tempest/config.py | 8 +++++++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/add-immutable-user-source-support-dd17772a997075e0.yaml diff --git a/releasenotes/notes/add-immutable-user-source-support-dd17772a997075e0.yaml b/releasenotes/notes/add-immutable-user-source-support-dd17772a997075e0.yaml new file mode 100644 index 0000000000..931d689667 --- /dev/null +++ b/releasenotes/notes/add-immutable-user-source-support-dd17772a997075e0.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + Add a new config setting ``immutable_user_source`` in the + ``[identity-feature-enabled]`` group that defaults to false. + This setting, combined with the usage of the ``@testtools.skipIf()`` + decorator, will allow tests that require user creation, deletion, + or modification to skip instead of failing in environments that + are LDAP-backed. In such environments, the user source is read-only, + so this feature flag is needed to allow such tests to gracefully skip + without having to blacklist them. diff --git a/tempest/api/identity/admin/v3/test_users.py b/tempest/api/identity/admin/v3/test_users.py index 3813568a81..8955a93ed9 100644 --- a/tempest/api/identity/admin/v3/test_users.py +++ b/tempest/api/identity/admin/v3/test_users.py @@ -28,6 +28,14 @@ CONF = config.CONF class UsersV3TestJSON(base.BaseIdentityV3AdminTest): + @classmethod + def skip_checks(cls): + super(UsersV3TestJSON, cls).skip_checks() + if CONF.identity_feature_enabled.immutable_user_source: + raise cls.skipException('Skipped because environment has an ' + 'immutable user source and solely ' + 'provides read-only access to users.') + @decorators.idempotent_id('b537d090-afb9-4519-b95d-270b0708e87e') def test_user_update(self): # Test case to check if updating of user attributes is successful. diff --git a/tempest/config.py b/tempest/config.py index e08ac4c6c7..e453b239cb 100644 --- a/tempest/config.py +++ b/tempest/config.py @@ -242,7 +242,13 @@ IdentityFeatureGroup = [ cfg.BoolOpt('application_credentials', default=False, help='Does the environment have application credentials ' - 'enabled?') + 'enabled?'), + cfg.BoolOpt('immutable_user_source', + default=False, + help='Set to True if the environment has a read-only ' + 'user source. This will skip all tests that attempt to ' + 'create, delete, or modify users. This should not be set ' + 'to True if using dynamic credentials') ] compute_group = cfg.OptGroup(name='compute',