openstack
/
tempest
Code Issues Proposed changes

deprecate use of tenant in configs 

OpenStack has settled (a very long time ago) on project to represent
the container which has users. We should make tempest configs always
use project versions of these names. This deprecates the old tenant
versions of these names, and makes project version the prefered
option.

Change-Id: Ied68c0326cf891a4e6eb3db51dc5f43241e4b8d2
This commit is contained in:
Sean Dague 2016-04-04 10:49:13 -04:00 committed by Andrea Frittoli (andreaf)
parent fbca80d640
commit ed6e586b9f
29 changed files with 183 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HACKING.rst
View File

@ -214,9 +214,9 @@ conditions between tests outside the same class. But there are still a few of
things to watch out for to try to avoid issues when running your tests in
parallel.
- Resources outside of a tenant scope still have the potential to conflict. This
- Resources outside of a project scope still have the potential to conflict. This
is a larger concern for the admin tests since most resources and actions that
require admin privileges are outside of tenants.
require admin privileges are outside of projects.
- Races between methods in the same class are not a problem because
parallelization in tempest is at the test class level, but if there is a json

26
doc/source/configuration.rst
View File

@ -17,7 +17,7 @@ to use when running Tempest. One is a traditional set of configuration options
in the tempest.conf file. These options are clearly labelled in the ``identity``
section and let you specify a set of credentials for a regular user, a global
admin user, and an alternate user, consisting of a username, password, and
project/tenant name.
project name.
The other method to provide credentials is using the accounts.yaml file. This
file is used to specify an arbitrary number of users available to run tests
@ -59,13 +59,13 @@ Dynamic Credentials
Dynamic Credentials (formerly known as Tenant isolation) was originally created
to enable running Tempest in parallel. For each test class it creates a unique
set of user credentials to use for the tests in the class. It can create up to
three sets of username, password, and tenant/project names for a primary user,
an admin user, and an alternate user. To enable and use dynamic credentials you
three sets of username, password, and project names for a primary user,
an admin user, and an alternate user. To enable and use dynamic credentials you
only need to configure two things:
#. A set of admin credentials with permissions to create users and
tenants/projects. This is specified in the ``auth`` section with the
``admin_username``, ``admin_tenant_name``, ``admin_domain_name`` and
projects. This is specified in the ``auth`` section with the
``admin_username``, ``admin_project_name``, ``admin_domain_name`` and
``admin_password`` options
#. To enable dynamic credentials in the ``auth`` section with the
``use_dynamic_credentials`` option.
@ -112,7 +112,7 @@ To enable and use locking test accounts you need do a few things:
#. Set ``use_dynamic_credentials = False`` in the ``auth`` group
It is worth pointing out that each set of credentials in the accounts.yaml
should have a unique tenant. This is required to provide proper isolation
should have a unique project. This is required to provide proper isolation
to the tests using the credentials, and failure to do this will likely cause
unexpected failures in some tests.
@ -123,7 +123,7 @@ Legacy Credentials (aka credentials config options)
removed in a future release.**
When Tempest was refactored to allow for locking test accounts, the original
non-tenant isolated case was converted to internally work similarly to the
non-project isolated case was converted to internally work similarly to the
accounts.yaml file. This mechanism was then called the legacy test accounts
provider. To use the legacy test accounts provider you can specify the sets of
credentials in the configuration file as detailed above with following nine
@ -131,13 +131,13 @@ options in the ``identity`` section:
#. ``username``
#. ``password``
#. ``tenant_name``
#. ``project_name``
#. ``admin_username``
#. ``admin_password``
#. ``admin_tenant_name``
#. ``admin_project_name``
#. ``alt_username``
#. ``alt_password``
#. ``alt_tenant_name``
#. ``alt_project_name``
If using Identity API v3, use the ``domain_name`` option to specify a
domain other than the default domain. The ``auth_version`` setting is
@ -265,7 +265,7 @@ Fixed Network Name
""""""""""""""""""
This is the simplest method of specifying how networks should be used. You can
just specify a single network name/label to use for all server creations. The
limitation with this is that all tenants/projects and users must be able to see
limitation with this is that all projects and users must be able to see
that network name/label if they are to perform a network list and be able to use
it.
@ -287,10 +287,10 @@ Accounts File
"""""""""""""
If you are using an accounts file to provide credentials for running Tempest
then you can leverage it to also specify which network should be used with
server creations on a per tenant/project and user pair basis. This provides
server creations on a per project and user pair basis. This provides
the necessary flexibility to work with more intricate networking configurations
by enabling the user to specify exactly which network to use for which
tenants/projects. You can refer to the accounts.yaml.sample file included in
projects. You can refer to the accounts.yaml.sample file included in
the Tempest repo for the syntax around specifying networks in the file.
However, specifying a network is not required when using an accounts file. If

2
tempest/api/network/admin/test_floating_ips_admin_actions.py
View File

@ -68,7 +68,7 @@ class FloatingIPAdminTestJSON(base.BaseAdminNetworkTest):
body = self.floating_ips_client.list_floatingips()
floating_ip_ids = [f['id'] for f in body['floatingips']]
# Check that nonadmin user doesn't see floating ip created from admin
# and floating ip that is created in another tenant (alt user)
# and floating ip that is created in another project (alt user)
self.assertIn(self.floating_ip['id'], floating_ip_ids)
self.assertNotIn(floating_ip_admin['floatingip']['id'],
floating_ip_ids)

2
tempest/api/network/admin/test_negative_quotas.py
View File

@ -24,7 +24,7 @@ class QuotasNegativeTest(base.BaseAdminNetworkTest):
set network quota and exceed this quota
v2.0 of the API is assumed.
It is also assumed that the per-tenant quota extension API is configured
It is also assumed that the per-project quota extension API is configured
in /etc/neutron/neutron.conf as follows:
quota_driver = neutron.db.quota_db.DbQuotaDriver

18
tempest/api/network/admin/test_quotas.py
View File

@ -24,13 +24,13 @@ from tempest import test
class QuotasTest(base.BaseAdminNetworkTest):
"""Tests the following operations in the Neutron API:
list quotas for tenants who have non-default quota values
show quotas for a specified tenant
update quotas for a specified tenant
reset quotas to default values for a specified tenant
list quotas for projects who have non-default quota values
show quotas for a specified project
update quotas for a specified project
reset quotas to default values for a specified project
v2.0 of the API is assumed.
It is also assumed that the per-tenant quota extension API is configured
It is also assumed that the per-project quota extension API is configured
in /etc/neutron/neutron.conf as follows:
quota_driver = neutron.db.quota_db.DbQuotaDriver
@ -49,7 +49,7 @@ class QuotasTest(base.BaseAdminNetworkTest):
cls.identity_admin_client = cls.os_adm.identity_client
def _check_quotas(self, new_quotas):
# Add a tenant to conduct the test
# Add a project to conduct the test
project = data_utils.rand_name('test_project_')
description = data_utils.rand_name('desc_')
project = self.identity_utils.create_project(name=project,
@ -57,14 +57,14 @@ class QuotasTest(base.BaseAdminNetworkTest):
project_id = project['id']
self.addCleanup(self.identity_utils.delete_project, project_id)
# Change quotas for tenant
# Change quotas for project
quota_set = self.admin_quotas_client.update_quotas(
project_id, **new_quotas)['quota']
self.addCleanup(self._cleanup_quotas, project_id)
for key, value in six.iteritems(new_quotas):
self.assertEqual(value, quota_set[key])
# Confirm our tenant is listed among tenants with non default quotas
# Confirm our project is listed among projects with non default quotas
non_default_quotas = self.admin_quotas_client.list_quotas()
found = False
for qs in non_default_quotas['quotas']:
@ -72,7 +72,7 @@ class QuotasTest(base.BaseAdminNetworkTest):
found = True
self.assertTrue(found)
# Confirm from API quotas were changed as requested for tenant
# Confirm from API quotas were changed as requested for project
quota_set = self.admin_quotas_client.show_quotas(project_id)
quota_set = quota_set['quota']
for key, value in six.iteritems(new_quotas):

18
tempest/api/network/base.py
View File

@ -32,11 +32,11 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
Therefore, v2.x of the Neutron API is assumed. It is also assumed that the
following options are defined in the [network] section of etc/tempest.conf:
tenant_network_cidr with a block of cidr's from which smaller blocks
can be allocated for tenant networks
project_network_cidr with a block of cidr's from which smaller blocks
can be allocated for project networks
tenant_network_mask_bits with the mask bits to be used to partition the
block defined by tenant-network_cidr
project_network_mask_bits with the mask bits to be used to partition
the block defined by project-network_cidr
Finally, it is assumed that the following option is defined in the
[service_available] section of etc/tempest.conf
@ -176,12 +176,12 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
ip_version = ip_version if ip_version is not None else cls._ip_version
gateway_not_set = gateway == ''
if ip_version == 4:
cidr = cidr or netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = mask_bits or CONF.network.tenant_network_mask_bits
cidr = cidr or netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = mask_bits or CONF.network.project_network_mask_bits
elif ip_version == 6:
cidr = (
cidr or netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr))
mask_bits = mask_bits or CONF.network.tenant_network_v6_mask_bits
cidr = (cidr or
netaddr.IPNetwork(CONF.network.project_network_v6_cidr))
mask_bits = mask_bits or CONF.network.project_network_v6_mask_bits
# Find a cidr that is not in use yet and create a subnet with it
for subnet_cidr in cidr.subnet(mask_bits):
if gateway_not_set:

2
tempest/api/network/test_allowed_address_pair.py
View File

@ -100,7 +100,7 @@ class AllowedAddressPairTestJSON(base.BaseNetworkTest):
@test.idempotent_id('4d6d178f-34f6-4bff-a01c-0a2f8fe909e4')
def test_update_port_with_cidr_address_pair(self):
# Update allowed address pair with cidr
cidr = str(netaddr.IPNetwork(CONF.network.tenant_network_cidr))
cidr = str(netaddr.IPNetwork(CONF.network.project_network_cidr))
self._update_port_with_address(cidr)
@test.idempotent_id('b3f20091-6cd5-472b-8487-3516137df933')

2
tempest/api/network/test_extensions.py
View File

@ -31,7 +31,7 @@ class ExtensionsTestJSON(base.BaseNetworkTest):
@test.attr(type='smoke')
@test.idempotent_id('ef28c7e6-e646-4979-9d67-deb207bc5564')
def test_list_show_extensions(self):
# List available extensions for the tenant
# List available extensions for the project
expected_alias = ['security-group', 'l3_agent_scheduler',
'ext-gw-mode', 'binding', 'quotas',
'agent', 'dhcp_agent_scheduler', 'provider',

64
tempest/api/network/test_networks.py
View File

@ -29,12 +29,12 @@ CONF = config.CONF
class NetworksTest(base.BaseNetworkTest):
"""Tests the following operations in the Neutron API:
create a network for a tenant
list tenant's networks
show a tenant network details
create a subnet for a tenant
list tenant's subnets
show a tenant subnet details
create a network for a project
list project's networks
show a project network details
create a subnet for a project
list project's subnets
show a project subnet details
network update
subnet update
delete a network also deletes its subnets
@ -45,15 +45,15 @@ class NetworksTest(base.BaseNetworkTest):
v2.0 of the Neutron API is assumed. It is also assumed that the following
options are defined in the [network] section of etc/tempest.conf:
tenant_network_cidr with a block of cidr's from which smaller blocks
can be allocated for tenant ipv4 subnets
project_network_cidr with a block of cidr's from which smaller blocks
can be allocated for project ipv4 subnets
tenant_network_v6_cidr is the equivalent for ipv6 subnets
project_network_v6_cidr is the equivalent for ipv6 subnets
tenant_network_mask_bits with the mask bits to be used to partition the
block defined by tenant_network_cidr
project_network_mask_bits with the mask bits to be used to partition
the block defined by project_network_cidr
tenant_network_v6_mask_bits is the equivalent for ipv6 subnets
project_network_v6_mask_bits is the equivalent for ipv6 subnets
"""
@classmethod
@ -92,14 +92,14 @@ class NetworksTest(base.BaseNetworkTest):
@classmethod
def _create_subnet_with_last_subnet_block(cls, network, ip_version):
# Derive last subnet CIDR block from tenant CIDR and
# Derive last subnet CIDR block from project CIDR and
# create the subnet with that derived CIDR
if ip_version == 4:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
elif ip_version == 6:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
mask_bits = CONF.network.tenant_network_v6_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
mask_bits = CONF.network.project_network_v6_mask_bits
subnet_cidr = list(cidr.subnet(mask_bits))[-1]
gateway_ip = str(netaddr.IPAddress(subnet_cidr) + 1)
@ -110,11 +110,11 @@ class NetworksTest(base.BaseNetworkTest):
def _get_gateway_from_tempest_conf(cls, ip_version):
"""Return first subnet gateway for configured CIDR """
if ip_version == 4:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
elif ip_version == 6:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
mask_bits = CONF.network.tenant_network_v6_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
mask_bits = CONF.network.project_network_v6_mask_bits
if mask_bits >= cidr.prefixlen:
return netaddr.IPAddress(cidr) + 1
@ -403,16 +403,16 @@ class BulkNetworkOpsTestJSON(base.BaseNetworkTest):
bulk network creation
bulk subnet creation
bulk port creation
list tenant's networks
list project's networks
v2.0 of the Neutron API is assumed. It is also assumed that the following
options are defined in the [network] section of etc/tempest.conf:
tenant_network_cidr with a block of cidr's from which smaller blocks
can be allocated for tenant networks
project_network_cidr with a block of cidr's from which smaller blocks
can be allocated for project networks
tenant_network_mask_bits with the mask bits to be used to partition the
block defined by tenant-network_cidr
project_network_mask_bits with the mask bits to be used to partition
the block defined by project-network_cidr
"""
def _delete_networks(self, created_networks):
@ -464,11 +464,11 @@ class BulkNetworkOpsTestJSON(base.BaseNetworkTest):
networks = [self.create_network(), self.create_network()]
# Creates 2 subnets in one request
if self._ip_version == 4:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
else:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
mask_bits = CONF.network.tenant_network_v6_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
mask_bits = CONF.network.project_network_v6_mask_bits
cidrs = [subnet_cidr for subnet_cidr in cidr.subnet(mask_bits)]
@ -529,7 +529,7 @@ class NetworksIpV6TestJSON(NetworksTest):
@test.idempotent_id('e41a4888-65a6-418c-a095-f7c2ef4ad59a')
def test_create_delete_subnet_with_gw(self):
net = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
net = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
gateway = str(netaddr.IPAddress(net.first + 2))
name = data_utils.rand_name('network-')
network = self.create_network(network_name=name)
@ -539,7 +539,7 @@ class NetworksIpV6TestJSON(NetworksTest):
@test.idempotent_id('ebb4fd95-524f-46af-83c1-0305b239338f')
def test_create_delete_subnet_with_default_gw(self):
net = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
net = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
gateway_ip = str(netaddr.IPAddress(net.first + 1))
name = data_utils.rand_name('network-')
network = self.create_network(network_name=name)

12
tempest/api/network/test_ports.py
View File

@ -90,12 +90,12 @@ class PortsTestJSON(sec_base.BaseSecGroupTest):
def _get_ipaddress_from_tempest_conf(cls):
"""Return subnet with mask bits for configured CIDR """
if cls._ip_version == 4:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
cidr.prefixlen = CONF.network.tenant_network_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
cidr.prefixlen = CONF.network.project_network_mask_bits
elif cls._ip_version == 6:
cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
cidr.prefixlen = CONF.network.tenant_network_v6_mask_bits
cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
cidr.prefixlen = CONF.network.project_network_v6_mask_bits
return cidr
@ -428,11 +428,7 @@ class PortsAdminExtendedAttrsTestJSON(base.BaseAdminNetworkTest):
class PortsIpV6TestJSON(PortsTestJSON):
_ip_version = 6
_tenant_network_cidr = CONF.network.tenant_network_v6_cidr
_tenant_network_mask_bits = CONF.network.tenant_network_v6_mask_bits
class PortsAdminExtendedAttrsIpV6TestJSON(PortsAdminExtendedAttrsTestJSON):
_ip_version = 6
_tenant_network_cidr = CONF.network.tenant_network_v6_cidr
_tenant_network_mask_bits = CONF.network.tenant_network_v6_mask_bits

6
tempest/api/network/test_routers.py
View File

@ -41,9 +41,9 @@ class RoutersTest(base.BaseRouterTest):
@classmethod
def resource_setup(cls):
super(RoutersTest, cls).resource_setup()
cls.tenant_cidr = (CONF.network.tenant_network_cidr
cls.tenant_cidr = (CONF.network.project_network_cidr
if cls._ip_version == 4 else
CONF.network.tenant_network_v6_cidr)
CONF.network.project_network_v6_cidr)
@test.attr(type='smoke')
@test.idempotent_id('f64403e2-8483-4b34-8ccd-b09a87bcc68c')
@ -274,7 +274,7 @@ class RoutersTest(base.BaseRouterTest):
@test.requires_ext(extension='extraroute', service='network')
def test_update_delete_extra_route(self):
# Create different cidr for each subnet to avoid cidr duplicate
# The cidr starts from tenant_cidr
# The cidr starts from project_cidr
next_cidr = netaddr.IPNetwork(self.tenant_cidr)
# Prepare to build several routes
test_routes = []

4
tempest/api/network/test_routers_negative.py
View File

@ -39,9 +39,9 @@ class RoutersNegativeTest(base.BaseRouterTest):
cls.router = cls.create_router(data_utils.rand_name('router-'))
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.tenant_cidr = (CONF.network.tenant_network_cidr
cls.tenant_cidr = (CONF.network.project_network_cidr
if cls._ip_version == 4 else
CONF.network.tenant_network_v6_cidr)
CONF.network.project_network_v6_cidr)
@test.attr(type=['negative'])
@test.idempotent_id('37a94fc0-a834-45b9-bd23-9a81d2fd1e22')

8
tempest/api/network/test_security_groups.py
View File

@ -24,7 +24,7 @@ CONF = config.CONF
class SecGroupTest(base.BaseSecGroupTest):
_tenant_network_cidr = CONF.network.tenant_network_cidr
_project_network_cidr = CONF.network.project_network_cidr
@classmethod
def skip_checks(cls):
@ -71,7 +71,7 @@ class SecGroupTest(base.BaseSecGroupTest):
@test.attr(type='smoke')
@test.idempotent_id('e30abd17-fef9-4739-8617-dc26da88e686')
def test_list_security_groups(self):
# Verify the that security group belonging to tenant exist in list
# Verify the that security group belonging to project exist in list
body = self.security_groups_client.list_security_groups()
security_groups = body['security_groups']
found = None
@ -210,7 +210,7 @@ class SecGroupTest(base.BaseSecGroupTest):
protocol = 'tcp'
port_range_min = 76
port_range_max = 77
ip_prefix = self._tenant_network_cidr
ip_prefix = self._project_network_cidr
self._create_verify_security_group_rule(sg_id, direction,
self.ethertype, protocol,
port_range_min,
@ -239,4 +239,4 @@ class SecGroupTest(base.BaseSecGroupTest):
class SecGroupIPv6Test(SecGroupTest):
_ip_version = 6
_tenant_network_cidr = CONF.network.tenant_network_v6_cidr
_project_network_cidr = CONF.network.project_network_v6_cidr

10
tempest/api/network/test_security_groups_negative.py
View File

@ -24,7 +24,7 @@ CONF = config.CONF
class NegativeSecGroupTest(base.BaseSecGroupTest):
_tenant_network_cidr = CONF.network.tenant_network_cidr
_project_network_cidr = CONF.network.project_network_cidr
@classmethod
def skip_checks(cls):
@ -110,7 +110,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
sg2_body, _ = self._create_security_group()
# Create rule specifying both remote_ip_prefix and remote_group_id
prefix = self._tenant_network_cidr
prefix = self._project_network_cidr
self.assertRaises(
lib_exc.BadRequest,
self.security_group_rules_client.create_security_group_rule,
@ -214,7 +214,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
_ip_version = 6
_tenant_network_cidr = CONF.network.tenant_network_v6_cidr
_project_network_cidr = CONF.network.project_network_v6_cidr
@test.attr(type=['negative'])
@test.idempotent_id('7607439c-af73-499e-bf64-f687fd12a842')
@ -223,9 +223,9 @@ class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
# Create rule with bad remote_ip_prefix
pairs = ({'ethertype': 'IPv6',
'ip_prefix': CONF.network.tenant_network_cidr},
'ip_prefix': CONF.network.project_network_cidr},
{'ethertype': 'IPv4',
'ip_prefix': CONF.network.tenant_network_v6_cidr})
'ip_prefix': CONF.network.project_network_v6_cidr})
for pair in pairs:
self.assertRaisesRegex(
lib_exc.BadRequest,

4
tempest/api/orchestration/stacks/test_neutron_resources.py
View File

@ -58,8 +58,8 @@ class NeutronResourcesTestJSON(base.BaseOrchestrationTest):
cls._create_keypair()['name'])
cls.external_network_id = CONF.network.public_network_id
tenant_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
tenant_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
cls.subnet_cidr = tenant_cidr.subnet(mask_bits).next()
# create the stack

4
tempest/cmd/account_generator.py
View File

@ -292,8 +292,8 @@ def create_network_resources(network_admin_client, networks_admin_client,
return resp_body['network']
def _create_subnet(subnet_name, network_id):
base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
base_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
for subnet_cidr in base_cidr.subnet(mask_bits):
try:
resp_body = subnets_admin_client.\

7
tempest/common/credentials_factory.py
View File

@ -256,7 +256,7 @@ def get_configured_credentials(credential_type, fill_in=True,
if credential_type not in CREDENTIAL_TYPES:
raise exceptions.InvalidCredentials()
conf_attributes = ['username', 'password', 'tenant_name']
conf_attributes = ['username', 'password', 'project_name']
if identity_version == 'v3':
conf_attributes.append('domain_name')
@ -269,6 +269,11 @@ def get_configured_credentials(credential_type, fill_in=True,
params[attr] = getattr(_section, attr)
else:
params[attr] = getattr(_section, prefix + "_" + attr)
# NOTE(andreaf) v2 API still uses tenants, so we must translate project
# to tenant before building the Credentials object
if identity_version == 'v2':
params['tenant_name'] = params.get('project_name')
params.pop('project_name', None)
# Build and validate credentials. We are reading configured credentials,
# so validate them even if fill_in is False
credentials = get_credentials(fill_in=fill_in,

4
tempest/common/dynamic_creds.py
View File

@ -208,8 +208,8 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
return resp_body['network']
def _create_subnet(self, subnet_name, tenant_id, network_id):
base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
mask_bits = CONF.network.tenant_network_mask_bits
base_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
mask_bits = CONF.network.project_network_mask_bits
for subnet_cidr in base_cidr.subnet(mask_bits):
try:
if self.network_resources:

14
tempest/common/preprov_creds.py
View File

@ -331,6 +331,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
# Make sure a domain scope if defined for users in case of V3
# Make sure a tenant is available in case of V2
creds_dict = self._extend_credentials(creds_dict)
# This just builds a Credentials object, it does not validate
# nor fill with missing fields.
@ -356,4 +357,17 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
user_domain_fields = set(['user_domain_name', 'user_domain_id'])
if not user_domain_fields.intersection(set(creds_dict.keys())):
creds_dict['user_domain_name'] = self.credentials_domain
# NOTE(andreaf) In case of v2, replace project with tenant if project
# is provided and tenant is not
if self.identity_version == 'v2':
if ('project_name' in creds_dict and
'tenant_name' in creds_dict and
creds_dict['project_name'] != creds_dict['tenant_name']):
clean_creds = self._sanitize_creds(creds_dict)
msg = 'Cannot specify project and tenant at the same time %s'
raise exceptions.InvalidCredentials(msg % clean_creds)
if ('project_name' in creds_dict and
'tenant_name' not in creds_dict):
creds_dict['tenant_name'] = creds_dict['project_name']
creds_dict.pop('project_name')
return creds_dict

2
tempest/common/utils/linux/remote_client.py
View File

@ -118,7 +118,7 @@ class RemoteClient(object):
def assign_static_ip(self, nic, addr):
cmd = "sudo ip addr add {ip}/{mask} dev {nic}".format(
ip=addr, mask=CONF.network.tenant_network_mask_bits,
ip=addr, mask=CONF.network.project_network_mask_bits,
nic=nic
)
return self.exec_command(cmd)

64
tempest/config.py
View File

@ -56,7 +56,7 @@ AuthGroup = [
"number of concurrent test processes."),
cfg.BoolOpt('use_dynamic_credentials',
default=True,
help="Allows test cases to create/destroy tenants and "
help="Allows test cases to create/destroy projects and "
"users. This option requires that OpenStack Identity "
"API admin credentials are known. If false, isolated "
"test cases and parallel execution, can still be "
@ -81,23 +81,26 @@ AuthGroup = [
default=True,
help="If use_dynamic_credentials is set to True and Neutron "
"is enabled Tempest will try to create a usable network, "
"subnet, and router when needed for each tenant it "
"subnet, and router when needed for each project it "
"creates. However in some neutron configurations, like "
"with VLAN provider networks, this doesn't work. So if "
"set to False the isolated networks will not be created"),
cfg.StrOpt('admin_username',
help="Username for an administrative user. This is needed for "
"authenticating requests made by tenant isolation to "
"authenticating requests made by project isolation to "
"create users and projects",
deprecated_group='identity'),
cfg.StrOpt('admin_tenant_name',
help="Tenant name to use for an administrative user. This is "
"needed for authenticating requests made by tenant "
cfg.StrOpt('admin_project_name',
help="Project name to use for an administrative user. This is "
"needed for authenticating requests made by project "
"isolation to create users and projects",
deprecated_group='identity'),
deprecated_opts=[cfg.DeprecatedOpt('admin_tenant_name',
group='auth'),
cfg.DeprecatedOpt('admin_tenant_name',
group='identity')]),
cfg.StrOpt('admin_password',
help="Password to use for an administrative user. This is "
"needed for authenticating requests made by tenant "
"needed for authenticating requests made by project "
"isolation to create users and projects",
secret=True,
deprecated_group='identity'),
@ -158,8 +161,9 @@ IdentityGroup = [
cfg.StrOpt('username',
help="Username to use for Nova API requests.",
deprecated_for_removal=True),
cfg.StrOpt('tenant_name',
help="Tenant name to use for Nova API requests.",
cfg.StrOpt('project_name',
deprecated_name='tenant_name',
help="Project name to use for Nova API requests.",
deprecated_for_removal=True),
cfg.StrOpt('admin_role',
default='admin',
@ -176,8 +180,9 @@ IdentityGroup = [
help="Username of alternate user to use for Nova API "
"requests.",
deprecated_for_removal=True),
cfg.StrOpt('alt_tenant_name',
help="Alternate user's Tenant name to use for Nova API "
cfg.StrOpt('alt_project_name',
deprecated_name='alt_tenant_name',
help="Alternate user's Project name to use for Nova API "
"requests.",
deprecated_for_removal=True),
cfg.StrOpt('alt_password',
@ -246,10 +251,10 @@ ComputeGroup = [
"no OS-EXT-STS extension available"),
cfg.StrOpt('fixed_network_name',
help="Name of the fixed network that is visible to all test "
"tenants. If multiple networks are available for a tenant"
" this is the network which will be used for creating "
"servers if tempest does not create a network or a "
"network is not specified elsewhere. It may be used for "
"projects. If multiple networks are available for a "
"project, this is the network which will be used for "
"creating servers if tempest does not create a network or "
"s network is not specified elsewhere. It may be used for "
"ssh validation only if floating IPs are disabled."),
cfg.StrOpt('catalog_type',
default='compute',
@ -493,21 +498,26 @@ NetworkGroup = [
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
help="The endpoint type to use for the network service."),
cfg.StrOpt('tenant_network_cidr',
cfg.StrOpt('project_network_cidr',
deprecated_name='tenant_network_cidr',
default="10.100.0.0/16",
help="The cidr block to allocate tenant ipv4 subnets from"),
cfg.IntOpt('tenant_network_mask_bits',
help="The cidr block to allocate project ipv4 subnets from"),
cfg.IntOpt('project_network_mask_bits',
deprecated_name='tenant_network_mask_bits',
default=28,
help="The mask bits for tenant ipv4 subnets"),
cfg.StrOpt('tenant_network_v6_cidr',
help="The mask bits for project ipv4 subnets"),
cfg.StrOpt('project_network_v6_cidr',
deprecated_name='tenant_network_v6_cidr',
default="2003::/48",
help="The cidr block to allocate tenant ipv6 subnets from"),
cfg.IntOpt('tenant_network_v6_mask_bits',
help="The cidr block to allocate project ipv6 subnets from"),
cfg.IntOpt('project_network_v6_mask_bits',
deprecated_name='tenant_network_v6_mask_bits',
default=64,
help="The mask bits for tenant ipv6 subnets"),
cfg.BoolOpt('tenant_networks_reachable',
help="The mask bits for project ipv6 subnets"),
cfg.BoolOpt('project_networks_reachable',
deprecated_name='tenant_networks_reachable',
default=False,
help="Whether tenant networks can be reached directly from "
help="Whether project networks can be reached directly from "
"the test client. This must be set to True when the "
"'fixed' ssh_connect_method is selected."),
cfg.StrOpt('public_network_id',
@ -1003,7 +1013,7 @@ StressGroup = [
default=False,
help='Allows a full cleaning process after a stress test.'
' Caution : this cleanup will remove every objects of'
' every tenant.')
' every project.')
]

12
tempest/scenario/manager.py
View File

@ -217,7 +217,7 @@ class ScenarioTest(tempest.test.BaseTestCase):
networks = kwargs.pop('networks')
# If there are no networks passed to us we look up
# for the tenant's private networks and create a port
# for the project's private networks and create a port
# if there is only one private network. The same behaviour
# as we would expect when passing the call to the clients
# with no networks
@ -764,11 +764,11 @@ class NetworkScenarioTest(ScenarioTest):
if ip_version == 6:
tenant_cidr = netaddr.IPNetwork(
CONF.network.tenant_network_v6_cidr)
num_bits = CONF.network.tenant_network_v6_mask_bits
CONF.network.project_network_v6_cidr)
num_bits = CONF.network.project_network_v6_mask_bits
else:
tenant_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
num_bits = CONF.network.tenant_network_mask_bits
tenant_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
num_bits = CONF.network.project_network_mask_bits
result = None
str_cidr = None
@ -908,7 +908,7 @@ class NetworkScenarioTest(ScenarioTest):
private_key,
should_connect=True,
servers_for_debug=None):
if not CONF.network.tenant_networks_reachable:
if not CONF.network.project_networks_reachable:
msg = 'Tenant networks not configured to be reachable.'
LOG.info(msg)
return

4
tempest/scenario/test_network_advanced_server_ops.py
View File

@ -38,9 +38,9 @@ class TestNetworkAdvancedServerOps(manager.NetworkScenarioTest):
@classmethod
def skip_checks(cls):
super(TestNetworkAdvancedServerOps, cls).skip_checks()
if not (CONF.network.tenant_networks_reachable
if not (CONF.network.project_networks_reachable
or CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)

8
tempest/scenario/test_network_basic_ops.py
View File

@ -59,7 +59,7 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
Determine which types of networks to test as follows:
* Configure tenant network checks (via the
'tenant_networks_reachable' key) if the Tempest host should
'project_networks_reachable' key) if the Tempest host should
have direct connectivity to tenant networks. This is likely to
be the case if Tempest is running on the same host as a
single-node devstack installation with IP namespaces disabled.
@ -81,9 +81,9 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
@classmethod
def skip_checks(cls):
super(TestNetworkBasicOps, cls).skip_checks()
if not (CONF.network.tenant_networks_reachable
if not (CONF.network.project_networks_reachable
or CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
for ext in ['router', 'security-group']:
@ -692,7 +692,7 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
self._setup_network_and_servers()
# NOTE(kevinbenton): we have to use the admin credentials to check
# for the distributed flag because self.router only has a tenant view.
# for the distributed flag because self.router only has a project view.
admin = self.admin_manager.routers_client.show_router(self.router.id)
if admin['router'].get('distributed', False):
msg = "Rescheduling test does not apply to distributed routers."

4
tempest/scenario/test_network_v6.py
View File

@ -44,9 +44,9 @@ class TestGettingAddress(manager.NetworkScenarioTest):
if not (CONF.network_feature_enabled.ipv6
and CONF.network_feature_enabled.ipv6_subnet_attributes):
raise cls.skipException('IPv6 or its attributes not supported')
if not (CONF.network.tenant_networks_reachable
if not (CONF.network.project_networks_reachable
or CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
if CONF.baremetal.driver_enabled:

10
tempest/scenario/test_security_groups_basic_ops.py
View File

@ -130,9 +130,9 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
msg = ('Not currently supported when using vnic_type'
' direct or macvtap')
raise cls.skipException(msg)
if not (CONF.network.tenant_networks_reachable or
if not (CONF.network.project_networks_reachable or
CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
if not test.is_extension_enabled('security-group', 'network'):
@ -194,7 +194,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
client=tenant.manager.security_groups_client
)
# don't use default secgroup since it allows in-tenant traffic
# don't use default secgroup since it allows in-project traffic
def_sg = self._create_empty_security_group(
namestart='secgroup_general-',
tenant_id=tenant.creds.tenant_id,
@ -301,7 +301,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
def _set_access_point(self, tenant):
# creates a server in a secgroup with rule allowing external ssh
# in order to access tenant internal network
# in order to access project internal network
# workaround ip namespace
secgroups = tenant.security_groups.values()
name = 'server-{tenant}-access_point'.format(
@ -468,7 +468,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
if not self.credentials_provider.is_multi_tenant():
raise self.skipException("No secondary tenant defined")
try:
# deploy new tenant
# deploy new project
self._deploy_tenant(self.alt_tenant)
self._verify_network_details(self.alt_tenant)
self._verify_mac_addr(self.alt_tenant)

14
tempest/tests/common/test_admin_available.py
View File

@ -36,19 +36,19 @@ class TestAdminAvailable(base.TestCase):
dynamic_creds, group='auth')
if use_accounts_file:
accounts = [{'username': 'u1',
'tenant_name': 't1',
'project_name': 't1',
'password': 'p'},
{'username': 'u2',
'tenant_name': 't2',
'project_name': 't2',
'password': 'p'}]
if admin_creds == 'role':
accounts.append({'username': 'admin',
'tenant_name': 'admin',
'project_name': 'admin',
'password': 'p',
'roles': ['admin']})
elif admin_creds == 'type':
accounts.append({'username': 'admin',
'tenant_name': 'admin',
'project_name': 'admin',
'password': 'p',
'types': ['admin']})
self.useFixture(mockpatch.Patch(
@ -63,17 +63,17 @@ class TestAdminAvailable(base.TestCase):
return_value=False))
if admin_creds:
username = 'u'
tenant = 't'
project = 't'
password = 'p'
domain = 'd'
else:
username = None
tenant = None
project = None
password = None
domain = None
cfg.CONF.set_default('admin_username', username, group='auth')
cfg.CONF.set_default('admin_tenant_name', tenant, group='auth')
cfg.CONF.set_default('admin_project_name', project, group='auth')
cfg.CONF.set_default('admin_password', password, group='auth')
cfg.CONF.set_default('admin_domain_name', domain, group='auth')

10
tempest/tests/common/test_alt_available.py
View File

@ -36,7 +36,7 @@ class TestAltAvailable(base.TestCase):
dynamic_creds, group='auth')
if use_accounts_file:
accounts = [dict(username="u%s" % ii,
tenant_name="t%s" % ii,
project_name="t%s" % ii,
password="p") for ii in creds]
self.useFixture(mockpatch.Patch(
'tempest.common.preprov_creds.read_accounts_yaml',
@ -52,19 +52,19 @@ class TestAltAvailable(base.TestCase):
for ii in range(0, 2):
if len(creds) > ii:
username = 'u%s' % creds[ii]
tenant = 't%s' % creds[ii]
project = 't%s' % creds[ii]
password = 'p'
domain = 'd'
else:
username = None
tenant = None
project = None
password = None
domain = None
cfg.CONF.set_default('%susername' % cred_prefix[ii], username,
group='identity')
cfg.CONF.set_default('%stenant_name' % cred_prefix[ii], tenant,
group='identity')
cfg.CONF.set_default('%sproject_name' % cred_prefix[ii],
project, group='identity')
cfg.CONF.set_default('%spassword' % cred_prefix[ii], password,
group='identity')
cfg.CONF.set_default('%sdomain_name' % cred_prefix[ii], domain,

2
tempest/tests/fake_config.py
View File

@ -46,7 +46,7 @@ class ConfigFixture(conf_fixture.Config):
lock_path=str(os.environ.get('OS_TEST_LOCK_PATH')),
)
self.conf.set_default('auth_version', 'v2', group='identity')
for config_option in ['username', 'password', 'tenant_name']:
for config_option in ['username', 'password', 'project_name']:
# Identity group items
for prefix in ['', 'alt_', 'admin_']:
if prefix == 'admin_':