Add SRBAC alt manager persona to dynamic credentials

Since the introduction of the base capability has been extended
as a result of an OpenStack community goal to include a ``manager``
role in the project scope.

Adding support to the dynamic credentials provider for ``manager``
persona for project scope.

Depends-On: I4149e99bdc50194dd4067f5f3e2f3019e48b5a59
Change-Id: I29a14118126efd3bfb168b25df36911433cad2d9

releasenotes/notes/add-alt-manager-dynamic-creds-f8f1007862ea5dfb.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add alt manager role to the dynamic credentials provider for project scope.

tempest/lib/common/cred_provider.py

@@ -99,6 +99,10 @@ class CredentialProvider(object, metaclass=abc.ABCMeta):
     def get_project_manager_creds(self):
         return
 
+    @abc.abstractmethod
+    def get_project_alt_manager_creds(self):
+        return
+
     @abc.abstractmethod
     def get_project_member_creds(self):
         return

tempest/lib/common/dynamic_creds.py

@@ -427,7 +427,8 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
                 elif credential_type in [['admin'], ['alt_admin']]:
                     credentials = self._create_creds(
                         admin=True, scope=scope, project_id=project_id)
-                elif credential_type in [['alt_member'], ['alt_reader']]:
+                elif credential_type in [['alt_manager'], ['alt_member'],
+                                         ['alt_reader']]:
                     cred_type = credential_type[0][4:]
                     if isinstance(cred_type, str):
                         cred_type = [cred_type]
@@ -511,6 +512,9 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
     def get_project_manager_creds(self):
         return self.get_credentials(['manager'], scope='project')
 
+    def get_project_alt_manager_creds(self):
+        return self.get_credentials(['alt_manager'], scope='project')
+
     def get_project_member_creds(self):
         return self.get_credentials(['member'], scope='project')
 

tempest/lib/common/preprov_creds.py

@@ -392,6 +392,10 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
         self._creds['project_manager'] = project_manager
         return project_manager
 
+    def get_project_alt_manager_creds(self):
+        # TODO(msava):Implement alt manager hash.
+        return
+
     def get_project_member_creds(self):
         if self._creds.get('project_member'):
             return self._creds.get('project_member')

tempest/tests/lib/common/test_dynamic_creds.py

@@ -248,6 +248,7 @@ class TestDynamicCredentialProvider(base.TestCase):
         creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
         if test_alt_creds:
             admin_func = creds.get_project_alt_admin_creds
+            manager_func = creds.get_project_alt_manager_creds
             member_func = creds.get_project_alt_member_creds
             reader_func = creds.get_project_alt_reader_creds
         else:
@@ -290,11 +291,8 @@ class TestDynamicCredentialProvider(base.TestCase):
         # Now request for the project manager creds which should not create new
         # project instead should use the project_id of member_creds already
         # created project.
-        # TODO(gmaan): test test_alt_creds also once alt project
-        # manager is available.
-        if not test_alt_creds:
-            self._request_and_check_second_creds(
-                creds, manager_func, member_creds, show_mock, sm_count=3)
+        self._request_and_check_second_creds(
+            creds, manager_func, member_creds, show_mock, sm_count=3)
 
     def test_creds_within_same_project(self):
         self._creds_within_same_project()