Respect configured credential provider everywhere
This commit changes all the uses of the old AdminManager and Manager() constructs to use cls.isolated_creds to provide user credentials from whatever the configured credential provider is being used instead of assuming it's the non-locking accounts provider without an accounts.yaml file. As part of this we need to add a heat option for the stack owner role so that we can request the creds by that role. The heat tests were previously making an implicit assumption about the configured user having that role assigned. Which while true in devstack today, it isn't necessarily the case everywhere. Depends-On: Id98a83f0a716de0fdb5f36d03407364830e8fa5f Closes-Bug: #1433723 Change-Id: Ie071cb2cb6add591a60c9d76a12c95b7fb5ee539
This commit is contained in:
parent
f731aa355e
commit
db9721dfec
@ -873,6 +873,9 @@
|
||||
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
|
||||
#endpoint_type = publicURL
|
||||
|
||||
# Role required for users to be able to manage stacks (string value)
|
||||
#stack_owner_role = heat_stack_owner
|
||||
|
||||
# Time in seconds between build status checks. (integer value)
|
||||
#build_interval = 1
|
||||
|
||||
|
@ -16,6 +16,7 @@ from tempest_lib.common.utils import data_utils
|
||||
from tempest_lib import exceptions as lib_exc
|
||||
|
||||
from tempest import clients
|
||||
from tempest.common import credentials
|
||||
from tempest import config
|
||||
from tempest import test
|
||||
|
||||
@ -69,7 +70,11 @@ class BaseBaremetalTest(test.BaseTestCase):
|
||||
@classmethod
|
||||
def setup_credentials(cls):
|
||||
super(BaseBaremetalTest, cls).setup_credentials()
|
||||
cls.mgr = clients.AdminManager()
|
||||
if (not hasattr(cls, 'isolated_creds') or
|
||||
not cls.isolated_creds.name == cls.__name__):
|
||||
cls.isolated_creds = credentials.get_isolated_credentials(
|
||||
name=cls.__name__, network_resources=cls.network_resources)
|
||||
cls.mgr = clients.Manager(cls.isolated_creds.get_admin_creds())
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
|
@ -31,8 +31,8 @@ class BaseIdentityAdminTest(tempest.test.BaseTestCase):
|
||||
@classmethod
|
||||
def setup_credentials(cls):
|
||||
super(BaseIdentityAdminTest, cls).setup_credentials()
|
||||
cls.os_adm = clients.AdminManager()
|
||||
cls.os = clients.Manager()
|
||||
cls.os = cls.get_client_manager()
|
||||
cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
|
||||
|
||||
@classmethod
|
||||
def disable_user(cls, user_name):
|
||||
|
@ -18,6 +18,7 @@ from tempest_lib import exceptions as lib_exc
|
||||
import yaml
|
||||
|
||||
from tempest import clients
|
||||
from tempest.common import credentials
|
||||
from tempest import config
|
||||
import tempest.test
|
||||
|
||||
@ -38,7 +39,19 @@ class BaseOrchestrationTest(tempest.test.BaseTestCase):
|
||||
@classmethod
|
||||
def setup_credentials(cls):
|
||||
super(BaseOrchestrationTest, cls).setup_credentials()
|
||||
cls.os = clients.Manager()
|
||||
if (not hasattr(cls, 'isolated_creds') or
|
||||
not cls.isolated_creds.name == cls.__name__):
|
||||
cls.isolated_creds = credentials.get_isolated_credentials(
|
||||
name=cls.__name__, network_resources=cls.network_resources)
|
||||
stack_owner_role = CONF.orchestration.stack_owner_role
|
||||
if not cls.isolated_creds.is_role_available(stack_owner_role):
|
||||
skip_msg = ("%s skipped because the configured credential provider"
|
||||
" is not able to provide credentials with the %s role "
|
||||
"assigned." % (cls.__name__, stack_owner_role))
|
||||
raise cls.skipException(skip_msg)
|
||||
else:
|
||||
cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
|
||||
[stack_owner_role]))
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
@ -70,7 +83,7 @@ class BaseOrchestrationTest(tempest.test.BaseTestCase):
|
||||
@classmethod
|
||||
def _get_identity_admin_client(cls):
|
||||
"""Returns an instance of the Identity Admin API client."""
|
||||
manager = clients.AdminManager()
|
||||
manager = clients.Manager(cls.isolated_creds.get_admin_creds())
|
||||
admin_client = manager.identity_client
|
||||
return admin_client
|
||||
|
||||
|
@ -690,6 +690,8 @@ OrchestrationGroup = [
|
||||
choices=['public', 'admin', 'internal',
|
||||
'publicURL', 'adminURL', 'internalURL'],
|
||||
help="The endpoint type to use for the orchestration service."),
|
||||
cfg.StrOpt('stack_owner_role', default='heat_stack_owner',
|
||||
help='Role required for users to be able to manage stacks'),
|
||||
cfg.IntOpt('build_interval',
|
||||
default=1,
|
||||
help="Time in seconds between build status checks."),
|
||||
|
Loading…
x
Reference in New Issue
Block a user