Stop validating pre-provisioned credentials

Stop validating pre-provisioned credentials when requested within the credential provider. This drops the need for estabilishing connection to the identity service, and reduces the amount of configuration that has to be passed into the credentials provider for it to work. This work is in preparation to the migration of the pre-provisioned credentials provider to tempest-lib. Change-Id: I825a01ff72cb3a937aafeb2104333db7113ef4d0
2015-10-09 12:09:05 +01:00 · 2015-10-09 12:09:05 +01:00 · c625bcfb52
parent d22ec33640
commit c625bcfb52
3 changed files with 29 additions and 8 deletions
--- a/tempest/common/preprov_creds.py
+++ b/tempest/common/preprov_creds.py
@ -18,6 +18,7 @@ import os
 from oslo_concurrency import lockutils
 from oslo_log import log as logging
 import six
+from tempest_lib import auth
 import yaml

 from tempest import clients
@ -280,7 +281,12 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):

    def _wrap_creds_with_network(self, hash):
        creds_dict = self.hash_dict['creds'][hash]
-        credential = cred_provider.get_credentials(
+        # Make sure a domain scope if defined for users in case of V3
+        creds_dict = self._extend_credentials(creds_dict)
+        # This just builds a Credentials object, it does not validate
+        # nor fill  with missing fields.
+        credential = auth.get_credentials(
+            auth_url=None, fill_in=False,
            identity_version=self.identity_version, **creds_dict)
        net_creds = cred_provider.TestResources(credential)
        net_clients = clients.Manager(credentials=credential)
@ -294,6 +300,16 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
        net_creds.set_resources(network=network)
        return net_creds

+    def _extend_credentials(self, creds_dict):
+        # In case of v3, adds a user_domain_name field to the creds
+        # dict if not defined
+        if self.identity_version == 'v3':
+            user_domain_fields = set(['user_domain_name', 'user_domain_id'])
+            if not user_domain_fields.intersection(set(creds_dict.keys())):
+                _domain = CONF.auth.default_credentials_domain_name
+                creds_dict['user_domain_name'] = _domain
+        return creds_dict
+

 class NonLockingCredentialProvider(PreProvisionedCredentialProvider):
    """Credentials provider which always returns the first and second
@ -323,7 +339,8 @@ class NonLockingCredentialProvider(PreProvisionedCredentialProvider):
        if self._creds.get('primary'):
            return self._creds.get('primary')
        primary_credential = cred_provider.get_configured_credentials(
-            credential_type='user', identity_version=self.identity_version)
+            fill_in=False, credential_type='user',
+            identity_version=self.identity_version)
        self._creds['primary'] = cred_provider.TestResources(
            primary_credential)
        return self._creds['primary']
@ -332,7 +349,7 @@ class NonLockingCredentialProvider(PreProvisionedCredentialProvider):
        if self._creds.get('alt'):
            return self._creds.get('alt')
        alt_credential = cred_provider.get_configured_credentials(
-            credential_type='alt_user',
+            fill_in=False, credential_type='alt_user',
            identity_version=self.identity_version)
        self._creds['alt'] = cred_provider.TestResources(
            alt_credential)
--- a/tempest/manager.py
+++ b/tempest/manager.py
@ -54,7 +54,7 @@ class Manager(object):
        else:
            creds = self.credentials
        # Creates an auth provider for the credentials
-        self.auth_provider = get_auth_provider(creds)
+        self.auth_provider = get_auth_provider(creds, pre_auth=True)
        # FIXME(andreaf) unused
        self.client_attr_names = []

@ -66,7 +66,7 @@ def get_auth_provider_class(credentials):
        return auth.KeystoneV2AuthProvider, CONF.identity.uri


-def get_auth_provider(credentials):
+def get_auth_provider(credentials, pre_auth=False):
    default_params = {
        'disable_ssl_certificate_validation':
            CONF.identity.disable_ssl_certificate_validation,
@ -78,4 +78,8 @@ def get_auth_provider(credentials):
            'Credentials must be specified')
    auth_provider_class, auth_url = get_auth_provider_class(
        credentials)
-    return auth_provider_class(credentials, auth_url, **default_params)
+    _auth_provider = auth_provider_class(credentials, auth_url,
+                                         **default_params)
+    if pre_auth:
+        _auth_provider.set_auth()
+    return _auth_provider
--- a/tempest/scenario/utils.py
+++ b/tempest/scenario/utils.py
@ -19,13 +19,13 @@ import unicodedata

 from oslo_serialization import jsonutils as json
 from tempest_lib.common.utils import misc
+from tempest_lib import exceptions as exc_lib
 import testscenarios
 import testtools

 from tempest import clients
 from tempest.common import credentials
 from tempest import config
-from tempest import exceptions

 CONF = config.CONF

@ -174,7 +174,7 @@ def load_tests_input_scenario_utils(*args):
        scenario_utils = InputScenarioUtils()
        scenario_flavor = scenario_utils.scenario_flavors
        scenario_image = scenario_utils.scenario_images
-    except (exceptions.InvalidConfiguration, TypeError):
+    except (exc_lib.InvalidCredentials, TypeError):
        output = standard_tests
    finally:
        if scenario_utils: