deprecate use of tenant in configs

OpenStack has settled (a very long time ago) on project to represent
the container which has users. We should make tempest configs always
use project versions of these names. This deprecates the old tenant
versions of these names, and makes project version the prefered
option.

Change-Id: Ied68c0326cf891a4e6eb3db51dc5f43241e4b8d2

HACKING.rst

@@ -214,9 +214,9 @@ conditions between tests outside the same class. But there are still a few of
 things to watch out for to try to avoid issues when running your tests in
 parallel.
 
-- Resources outside of a tenant scope still have the potential to conflict. This
+- Resources outside of a project scope still have the potential to conflict. This
   is a larger concern for the admin tests since most resources and actions that
-  require admin privileges are outside of tenants.
+  require admin privileges are outside of projects.
 
 - Races between methods in the same class are not a problem because
   parallelization in tempest is at the test class level, but if there is a json

doc/source/configuration.rst

@@ -17,7 +17,7 @@ to use when running Tempest. One is a traditional set of configuration options
 in the tempest.conf file. These options are clearly labelled in the ``identity``
 section and let you specify a set of credentials for a regular user, a global
 admin user, and an alternate user, consisting of a username, password, and
-project/tenant name.
+project name.
 
 The other method to provide credentials is using the accounts.yaml file. This
 file is used to specify an arbitrary number of users available to run tests
@@ -59,13 +59,13 @@ Dynamic Credentials
 Dynamic Credentials (formerly known as Tenant isolation) was originally created
 to enable running Tempest in parallel.  For each test class it creates a unique
 set of user credentials to use for the tests in the class. It can create up to
-three sets of username, password, and tenant/project names for a primary user,
+three sets of username, password, and project names for a primary user,
-an admin user, and an alternate user.  To enable and use dynamic credentials you
+an admin user, and an alternate user. To enable and use dynamic credentials you
 only need to configure two things:
 
  #. A set of admin credentials with permissions to create users and
-    tenants/projects. This is specified in the ``auth`` section with the
+    projects. This is specified in the ``auth`` section with the
-    ``admin_username``, ``admin_tenant_name``, ``admin_domain_name`` and
+    ``admin_username``, ``admin_project_name``, ``admin_domain_name`` and
     ``admin_password`` options
  #. To enable dynamic credentials in the ``auth`` section with the
     ``use_dynamic_credentials`` option.
@@ -112,7 +112,7 @@ To enable and use locking test accounts you need do a few things:
  #. Set ``use_dynamic_credentials = False`` in the ``auth`` group
 
 It is worth pointing out that each set of credentials in the accounts.yaml
-should have a unique tenant. This is required to provide proper isolation
+should have a unique project. This is required to provide proper isolation
 to the tests using the credentials, and failure to do this will likely cause
 unexpected failures in some tests.
 
@@ -123,7 +123,7 @@ Legacy Credentials (aka credentials config options)
 removed in a future release.**
 
 When Tempest was refactored to allow for locking test accounts, the original
-non-tenant isolated case was converted to internally work similarly to the
+non-project isolated case was converted to internally work similarly to the
 accounts.yaml file. This mechanism was then called the legacy test accounts
 provider. To use the legacy test accounts provider you can specify the sets of
 credentials in the configuration file as detailed above with following nine
@@ -131,13 +131,13 @@ options in the ``identity`` section:
 
  #. ``username``
  #. ``password``
- #. ``tenant_name``
+ #. ``project_name``
  #. ``admin_username``
  #. ``admin_password``
- #. ``admin_tenant_name``
+ #. ``admin_project_name``
  #. ``alt_username``
  #. ``alt_password``
- #. ``alt_tenant_name``
+ #. ``alt_project_name``
 
 If using Identity API v3, use the ``domain_name`` option to specify a
 domain other than the default domain.  The ``auth_version`` setting is
@@ -265,7 +265,7 @@ Fixed Network Name
 """"""""""""""""""
 This is the simplest method of specifying how networks should be used. You can
 just specify a single network name/label to use for all server creations. The
-limitation with this is that all tenants/projects and users must be able to see
+limitation with this is that all projects and users must be able to see
 that network name/label if they are to perform a network list and be able to use
 it.
 
@@ -287,10 +287,10 @@ Accounts File
 """""""""""""
 If you are using an accounts file to provide credentials for running Tempest
 then you can leverage it to also specify which network should be used with
-server creations on a per tenant/project and user pair basis. This provides
+server creations on a per project and user pair basis. This provides
 the necessary flexibility to work with more intricate networking configurations
 by enabling the user to specify exactly which network to use for which
-tenants/projects. You can refer to the accounts.yaml.sample file included in
+projects. You can refer to the accounts.yaml.sample file included in
 the Tempest repo for the syntax around specifying networks in the file.
 
 However, specifying a network is not required when using an accounts file. If

tempest/api/network/admin/test_floating_ips_admin_actions.py

@@ -68,7 +68,7 @@ class FloatingIPAdminTestJSON(base.BaseAdminNetworkTest):
         body = self.floating_ips_client.list_floatingips()
         floating_ip_ids = [f['id'] for f in body['floatingips']]
         # Check that nonadmin user doesn't see floating ip created from admin
-        # and floating ip that is created in another tenant (alt user)
+        # and floating ip that is created in another project (alt user)
         self.assertIn(self.floating_ip['id'], floating_ip_ids)
         self.assertNotIn(floating_ip_admin['floatingip']['id'],
                          floating_ip_ids)

tempest/api/network/admin/test_negative_quotas.py

@@ -24,7 +24,7 @@ class QuotasNegativeTest(base.BaseAdminNetworkTest):
         set network quota and exceed this quota
 
     v2.0 of the API is assumed.
-    It is also assumed that the per-tenant quota extension API is configured
+    It is also assumed that the per-project quota extension API is configured
     in /etc/neutron/neutron.conf as follows:
 
         quota_driver = neutron.db.quota_db.DbQuotaDriver

tempest/api/network/admin/test_quotas.py

@@ -24,13 +24,13 @@ from tempest import test
 class QuotasTest(base.BaseAdminNetworkTest):
     """Tests the following operations in the Neutron API:
 
-        list quotas for tenants who have non-default quota values
+        list quotas for projects who have non-default quota values
-        show quotas for a specified tenant
+        show quotas for a specified project
-        update quotas for a specified tenant
+        update quotas for a specified project
-        reset quotas to default values for a specified tenant
+        reset quotas to default values for a specified project
 
     v2.0 of the API is assumed.
-    It is also assumed that the per-tenant quota extension API is configured
+    It is also assumed that the per-project quota extension API is configured
     in /etc/neutron/neutron.conf as follows:
 
         quota_driver = neutron.db.quota_db.DbQuotaDriver
@@ -49,7 +49,7 @@ class QuotasTest(base.BaseAdminNetworkTest):
         cls.identity_admin_client = cls.os_adm.identity_client
 
     def _check_quotas(self, new_quotas):
-        # Add a tenant to conduct the test
+        # Add a project to conduct the test
         project = data_utils.rand_name('test_project_')
         description = data_utils.rand_name('desc_')
         project = self.identity_utils.create_project(name=project,
@@ -57,14 +57,14 @@ class QuotasTest(base.BaseAdminNetworkTest):
         project_id = project['id']
         self.addCleanup(self.identity_utils.delete_project, project_id)
 
-        # Change quotas for tenant
+        # Change quotas for project
         quota_set = self.admin_quotas_client.update_quotas(
             project_id, **new_quotas)['quota']
         self.addCleanup(self._cleanup_quotas, project_id)
         for key, value in six.iteritems(new_quotas):
             self.assertEqual(value, quota_set[key])
 
-        # Confirm our tenant is listed among tenants with non default quotas
+        # Confirm our project is listed among projects with non default quotas
         non_default_quotas = self.admin_quotas_client.list_quotas()
         found = False
         for qs in non_default_quotas['quotas']:
@@ -72,7 +72,7 @@ class QuotasTest(base.BaseAdminNetworkTest):
                 found = True
         self.assertTrue(found)
 
-        # Confirm from API quotas were changed as requested for tenant
+        # Confirm from API quotas were changed as requested for project
         quota_set = self.admin_quotas_client.show_quotas(project_id)
         quota_set = quota_set['quota']
         for key, value in six.iteritems(new_quotas):

tempest/api/network/base.py

@@ -32,11 +32,11 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
     Therefore, v2.x of the Neutron API is assumed. It is also assumed that the
     following options are defined in the [network] section of etc/tempest.conf:
 
-        tenant_network_cidr with a block of cidr's from which smaller blocks
+        project_network_cidr with a block of cidr's from which smaller blocks
-        can be allocated for tenant networks
+        can be allocated for project networks
 
-        tenant_network_mask_bits with the mask bits to be used to partition the
+        project_network_mask_bits with the mask bits to be used to partition
-        block defined by tenant-network_cidr
+        the block defined by project-network_cidr
 
     Finally, it is assumed that the following option is defined in the
     [service_available] section of etc/tempest.conf
@@ -176,12 +176,12 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
         ip_version = ip_version if ip_version is not None else cls._ip_version
         gateway_not_set = gateway == ''
         if ip_version == 4:
-            cidr = cidr or netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            cidr = cidr or netaddr.IPNetwork(CONF.network.project_network_cidr)
-            mask_bits = mask_bits or CONF.network.tenant_network_mask_bits
+            mask_bits = mask_bits or CONF.network.project_network_mask_bits
         elif ip_version == 6:
-            cidr = (
+            cidr = (cidr or
-                cidr or netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr))
+                    netaddr.IPNetwork(CONF.network.project_network_v6_cidr))
-            mask_bits = mask_bits or CONF.network.tenant_network_v6_mask_bits
+            mask_bits = mask_bits or CONF.network.project_network_v6_mask_bits
         # Find a cidr that is not in use yet and create a subnet with it
         for subnet_cidr in cidr.subnet(mask_bits):
             if gateway_not_set:

tempest/api/network/test_allowed_address_pair.py

@@ -100,7 +100,7 @@ class AllowedAddressPairTestJSON(base.BaseNetworkTest):
     @test.idempotent_id('4d6d178f-34f6-4bff-a01c-0a2f8fe909e4')
     def test_update_port_with_cidr_address_pair(self):
         # Update allowed address pair with cidr
-        cidr = str(netaddr.IPNetwork(CONF.network.tenant_network_cidr))
+        cidr = str(netaddr.IPNetwork(CONF.network.project_network_cidr))
         self._update_port_with_address(cidr)
 
     @test.idempotent_id('b3f20091-6cd5-472b-8487-3516137df933')

tempest/api/network/test_extensions.py

@@ -31,7 +31,7 @@ class ExtensionsTestJSON(base.BaseNetworkTest):
     @test.attr(type='smoke')
     @test.idempotent_id('ef28c7e6-e646-4979-9d67-deb207bc5564')
     def test_list_show_extensions(self):
-        # List available extensions for the tenant
+        # List available extensions for the project
         expected_alias = ['security-group', 'l3_agent_scheduler',
                           'ext-gw-mode', 'binding', 'quotas',
                           'agent', 'dhcp_agent_scheduler', 'provider',

tempest/api/network/test_networks.py

@@ -29,12 +29,12 @@ CONF = config.CONF
 class NetworksTest(base.BaseNetworkTest):
     """Tests the following operations in the Neutron API:
 
-        create a network for a tenant
+        create a network for a project
-        list tenant's networks
+        list project's networks
-        show a tenant network details
+        show a project network details
-        create a subnet for a tenant
+        create a subnet for a project
-        list tenant's subnets
+        list project's subnets
-        show a tenant subnet details
+        show a project subnet details
         network update
         subnet update
         delete a network also deletes its subnets
@@ -45,15 +45,15 @@ class NetworksTest(base.BaseNetworkTest):
     v2.0 of the Neutron API is assumed. It is also assumed that the following
     options are defined in the [network] section of etc/tempest.conf:
 
-        tenant_network_cidr with a block of cidr's from which smaller blocks
+        project_network_cidr with a block of cidr's from which smaller blocks
-        can be allocated for tenant ipv4 subnets
+        can be allocated for project ipv4 subnets
 
-        tenant_network_v6_cidr is the equivalent for ipv6 subnets
+        project_network_v6_cidr is the equivalent for ipv6 subnets
 
-        tenant_network_mask_bits with the mask bits to be used to partition the
+        project_network_mask_bits with the mask bits to be used to partition
-        block defined by tenant_network_cidr
+        the block defined by project_network_cidr
 
-        tenant_network_v6_mask_bits is the equivalent for ipv6 subnets
+        project_network_v6_mask_bits is the equivalent for ipv6 subnets
     """
 
     @classmethod
@@ -92,14 +92,14 @@ class NetworksTest(base.BaseNetworkTest):
 
     @classmethod
     def _create_subnet_with_last_subnet_block(cls, network, ip_version):
-        # Derive last subnet CIDR block from tenant CIDR and
+        # Derive last subnet CIDR block from project CIDR and
         # create the subnet with that derived CIDR
         if ip_version == 4:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-            mask_bits = CONF.network.tenant_network_mask_bits
+            mask_bits = CONF.network.project_network_mask_bits
         elif ip_version == 6:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
-            mask_bits = CONF.network.tenant_network_v6_mask_bits
+            mask_bits = CONF.network.project_network_v6_mask_bits
 
         subnet_cidr = list(cidr.subnet(mask_bits))[-1]
         gateway_ip = str(netaddr.IPAddress(subnet_cidr) + 1)
@@ -110,11 +110,11 @@ class NetworksTest(base.BaseNetworkTest):
     def _get_gateway_from_tempest_conf(cls, ip_version):
         """Return first subnet gateway for configured CIDR """
         if ip_version == 4:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-            mask_bits = CONF.network.tenant_network_mask_bits
+            mask_bits = CONF.network.project_network_mask_bits
         elif ip_version == 6:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
-            mask_bits = CONF.network.tenant_network_v6_mask_bits
+            mask_bits = CONF.network.project_network_v6_mask_bits
 
         if mask_bits >= cidr.prefixlen:
             return netaddr.IPAddress(cidr) + 1
@@ -403,16 +403,16 @@ class BulkNetworkOpsTestJSON(base.BaseNetworkTest):
         bulk network creation
         bulk subnet creation
         bulk port creation
-        list tenant's networks
+        list project's networks
 
     v2.0 of the Neutron API is assumed. It is also assumed that the following
     options are defined in the [network] section of etc/tempest.conf:
 
-        tenant_network_cidr with a block of cidr's from which smaller blocks
+        project_network_cidr with a block of cidr's from which smaller blocks
-        can be allocated for tenant networks
+        can be allocated for project networks
 
-        tenant_network_mask_bits with the mask bits to be used to partition the
+        project_network_mask_bits with the mask bits to be used to partition
-        block defined by tenant-network_cidr
+        the block defined by project-network_cidr
     """
 
     def _delete_networks(self, created_networks):
@@ -464,11 +464,11 @@ class BulkNetworkOpsTestJSON(base.BaseNetworkTest):
         networks = [self.create_network(), self.create_network()]
         # Creates 2 subnets in one request
         if self._ip_version == 4:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-            mask_bits = CONF.network.tenant_network_mask_bits
+            mask_bits = CONF.network.project_network_mask_bits
         else:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
-            mask_bits = CONF.network.tenant_network_v6_mask_bits
+            mask_bits = CONF.network.project_network_v6_mask_bits
 
         cidrs = [subnet_cidr for subnet_cidr in cidr.subnet(mask_bits)]
 
@@ -529,7 +529,7 @@ class NetworksIpV6TestJSON(NetworksTest):
 
     @test.idempotent_id('e41a4888-65a6-418c-a095-f7c2ef4ad59a')
     def test_create_delete_subnet_with_gw(self):
-        net = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+        net = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
         gateway = str(netaddr.IPAddress(net.first + 2))
         name = data_utils.rand_name('network-')
         network = self.create_network(network_name=name)
@@ -539,7 +539,7 @@ class NetworksIpV6TestJSON(NetworksTest):
 
     @test.idempotent_id('ebb4fd95-524f-46af-83c1-0305b239338f')
     def test_create_delete_subnet_with_default_gw(self):
-        net = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+        net = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
         gateway_ip = str(netaddr.IPAddress(net.first + 1))
         name = data_utils.rand_name('network-')
         network = self.create_network(network_name=name)

tempest/api/network/test_ports.py

@@ -90,12 +90,12 @@ class PortsTestJSON(sec_base.BaseSecGroupTest):
     def _get_ipaddress_from_tempest_conf(cls):
         """Return subnet with mask bits for configured CIDR """
         if cls._ip_version == 4:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-            cidr.prefixlen = CONF.network.tenant_network_mask_bits
+            cidr.prefixlen = CONF.network.project_network_mask_bits
 
         elif cls._ip_version == 6:
-            cidr = netaddr.IPNetwork(CONF.network.tenant_network_v6_cidr)
+            cidr = netaddr.IPNetwork(CONF.network.project_network_v6_cidr)
-            cidr.prefixlen = CONF.network.tenant_network_v6_mask_bits
+            cidr.prefixlen = CONF.network.project_network_v6_mask_bits
 
         return cidr
 
@@ -428,11 +428,7 @@ class PortsAdminExtendedAttrsTestJSON(base.BaseAdminNetworkTest):
 
 class PortsIpV6TestJSON(PortsTestJSON):
     _ip_version = 6
-    _tenant_network_cidr = CONF.network.tenant_network_v6_cidr
-    _tenant_network_mask_bits = CONF.network.tenant_network_v6_mask_bits
 
 
 class PortsAdminExtendedAttrsIpV6TestJSON(PortsAdminExtendedAttrsTestJSON):
     _ip_version = 6
-    _tenant_network_cidr = CONF.network.tenant_network_v6_cidr
-    _tenant_network_mask_bits = CONF.network.tenant_network_v6_mask_bits

tempest/api/network/test_routers.py

@@ -41,9 +41,9 @@ class RoutersTest(base.BaseRouterTest):
     @classmethod
     def resource_setup(cls):
         super(RoutersTest, cls).resource_setup()
-        cls.tenant_cidr = (CONF.network.tenant_network_cidr
+        cls.tenant_cidr = (CONF.network.project_network_cidr
                            if cls._ip_version == 4 else
-                           CONF.network.tenant_network_v6_cidr)
+                           CONF.network.project_network_v6_cidr)
 
     @test.attr(type='smoke')
     @test.idempotent_id('f64403e2-8483-4b34-8ccd-b09a87bcc68c')
@@ -274,7 +274,7 @@ class RoutersTest(base.BaseRouterTest):
     @test.requires_ext(extension='extraroute', service='network')
     def test_update_delete_extra_route(self):
         # Create different cidr for each subnet to avoid cidr duplicate
-        # The cidr starts from tenant_cidr
+        # The cidr starts from project_cidr
         next_cidr = netaddr.IPNetwork(self.tenant_cidr)
         # Prepare to build several routes
         test_routes = []

tempest/api/network/test_routers_negative.py

@@ -39,9 +39,9 @@ class RoutersNegativeTest(base.BaseRouterTest):
         cls.router = cls.create_router(data_utils.rand_name('router-'))
         cls.network = cls.create_network()
         cls.subnet = cls.create_subnet(cls.network)
-        cls.tenant_cidr = (CONF.network.tenant_network_cidr
+        cls.tenant_cidr = (CONF.network.project_network_cidr
                            if cls._ip_version == 4 else
-                           CONF.network.tenant_network_v6_cidr)
+                           CONF.network.project_network_v6_cidr)
 
     @test.attr(type=['negative'])
     @test.idempotent_id('37a94fc0-a834-45b9-bd23-9a81d2fd1e22')

tempest/api/network/test_security_groups.py

@@ -24,7 +24,7 @@ CONF = config.CONF
 
 
 class SecGroupTest(base.BaseSecGroupTest):
-    _tenant_network_cidr = CONF.network.tenant_network_cidr
+    _project_network_cidr = CONF.network.project_network_cidr
 
     @classmethod
     def skip_checks(cls):
@@ -71,7 +71,7 @@ class SecGroupTest(base.BaseSecGroupTest):
     @test.attr(type='smoke')
     @test.idempotent_id('e30abd17-fef9-4739-8617-dc26da88e686')
     def test_list_security_groups(self):
-        # Verify the that security group belonging to tenant exist in list
+        # Verify the that security group belonging to project exist in list
         body = self.security_groups_client.list_security_groups()
         security_groups = body['security_groups']
         found = None
@@ -210,7 +210,7 @@ class SecGroupTest(base.BaseSecGroupTest):
         protocol = 'tcp'
         port_range_min = 76
         port_range_max = 77
-        ip_prefix = self._tenant_network_cidr
+        ip_prefix = self._project_network_cidr
         self._create_verify_security_group_rule(sg_id, direction,
                                                 self.ethertype, protocol,
                                                 port_range_min,
@@ -239,4 +239,4 @@ class SecGroupTest(base.BaseSecGroupTest):
 
 class SecGroupIPv6Test(SecGroupTest):
     _ip_version = 6
-    _tenant_network_cidr = CONF.network.tenant_network_v6_cidr
+    _project_network_cidr = CONF.network.project_network_v6_cidr

tempest/api/network/test_security_groups_negative.py

@@ -24,7 +24,7 @@ CONF = config.CONF
 
 
 class NegativeSecGroupTest(base.BaseSecGroupTest):
-    _tenant_network_cidr = CONF.network.tenant_network_cidr
+    _project_network_cidr = CONF.network.project_network_cidr
 
     @classmethod
     def skip_checks(cls):
@@ -110,7 +110,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
         sg2_body, _ = self._create_security_group()
 
         # Create rule specifying both remote_ip_prefix and remote_group_id
-        prefix = self._tenant_network_cidr
+        prefix = self._project_network_cidr
         self.assertRaises(
             lib_exc.BadRequest,
             self.security_group_rules_client.create_security_group_rule,
@@ -214,7 +214,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
 
 class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
     _ip_version = 6
-    _tenant_network_cidr = CONF.network.tenant_network_v6_cidr
+    _project_network_cidr = CONF.network.project_network_v6_cidr
 
     @test.attr(type=['negative'])
     @test.idempotent_id('7607439c-af73-499e-bf64-f687fd12a842')
@@ -223,9 +223,9 @@ class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
 
         # Create rule with bad remote_ip_prefix
         pairs = ({'ethertype': 'IPv6',
-                  'ip_prefix': CONF.network.tenant_network_cidr},
+                  'ip_prefix': CONF.network.project_network_cidr},
                  {'ethertype': 'IPv4',
-                  'ip_prefix': CONF.network.tenant_network_v6_cidr})
+                  'ip_prefix': CONF.network.project_network_v6_cidr})
         for pair in pairs:
             self.assertRaisesRegex(
                 lib_exc.BadRequest,

tempest/api/orchestration/stacks/test_neutron_resources.py

@@ -58,8 +58,8 @@ class NeutronResourcesTestJSON(base.BaseOrchestrationTest):
                             cls._create_keypair()['name'])
         cls.external_network_id = CONF.network.public_network_id
 
-        tenant_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+        tenant_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-        mask_bits = CONF.network.tenant_network_mask_bits
+        mask_bits = CONF.network.project_network_mask_bits
         cls.subnet_cidr = tenant_cidr.subnet(mask_bits).next()
 
         # create the stack

tempest/cmd/account_generator.py

@@ -292,8 +292,8 @@ def create_network_resources(network_admin_client, networks_admin_client,
         return resp_body['network']
 
     def _create_subnet(subnet_name, network_id):
-        base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+        base_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-        mask_bits = CONF.network.tenant_network_mask_bits
+        mask_bits = CONF.network.project_network_mask_bits
         for subnet_cidr in base_cidr.subnet(mask_bits):
             try:
                 resp_body = subnets_admin_client.\

tempest/common/credentials_factory.py

@@ -256,7 +256,7 @@ def get_configured_credentials(credential_type, fill_in=True,
 
     if credential_type not in CREDENTIAL_TYPES:
         raise exceptions.InvalidCredentials()
-    conf_attributes = ['username', 'password', 'tenant_name']
+    conf_attributes = ['username', 'password', 'project_name']
 
     if identity_version == 'v3':
         conf_attributes.append('domain_name')
@@ -269,6 +269,11 @@ def get_configured_credentials(credential_type, fill_in=True,
             params[attr] = getattr(_section, attr)
         else:
             params[attr] = getattr(_section, prefix + "_" + attr)
+    # NOTE(andreaf) v2 API still uses tenants, so we must translate project
+    # to tenant before building the Credentials object
+    if identity_version == 'v2':
+        params['tenant_name'] = params.get('project_name')
+        params.pop('project_name', None)
     # Build and validate credentials. We are reading configured credentials,
     # so validate them even if fill_in is False
     credentials = get_credentials(fill_in=fill_in,

tempest/common/dynamic_creds.py

@@ -208,8 +208,8 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
         return resp_body['network']
 
     def _create_subnet(self, subnet_name, tenant_id, network_id):
-        base_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+        base_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-        mask_bits = CONF.network.tenant_network_mask_bits
+        mask_bits = CONF.network.project_network_mask_bits
         for subnet_cidr in base_cidr.subnet(mask_bits):
             try:
                 if self.network_resources:

tempest/common/preprov_creds.py

@@ -331,6 +331,7 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
     def _wrap_creds_with_network(self, hash):
         creds_dict = self.hash_dict['creds'][hash]
         # Make sure a domain scope if defined for users in case of V3
+        # Make sure a tenant is available in case of V2
         creds_dict = self._extend_credentials(creds_dict)
         # This just builds a Credentials object, it does not validate
         # nor fill  with missing fields.
@@ -356,4 +357,17 @@ class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
             user_domain_fields = set(['user_domain_name', 'user_domain_id'])
             if not user_domain_fields.intersection(set(creds_dict.keys())):
                 creds_dict['user_domain_name'] = self.credentials_domain
+        # NOTE(andreaf) In case of v2, replace project with tenant if project
+        # is provided and tenant is not
+        if self.identity_version == 'v2':
+            if ('project_name' in creds_dict and
+                    'tenant_name' in creds_dict and
+                    creds_dict['project_name'] != creds_dict['tenant_name']):
+                clean_creds = self._sanitize_creds(creds_dict)
+                msg = 'Cannot specify project and tenant at the same time %s'
+                raise exceptions.InvalidCredentials(msg % clean_creds)
+            if ('project_name' in creds_dict and
+                    'tenant_name' not in creds_dict):
+                creds_dict['tenant_name'] = creds_dict['project_name']
+                creds_dict.pop('project_name')
         return creds_dict

tempest/common/utils/linux/remote_client.py

@@ -118,7 +118,7 @@ class RemoteClient(object):
 
     def assign_static_ip(self, nic, addr):
         cmd = "sudo ip addr add {ip}/{mask} dev {nic}".format(
-            ip=addr, mask=CONF.network.tenant_network_mask_bits,
+            ip=addr, mask=CONF.network.project_network_mask_bits,
             nic=nic
         )
         return self.exec_command(cmd)

tempest/config.py

@@ -56,7 +56,7 @@ AuthGroup = [
                     "number of concurrent test processes."),
     cfg.BoolOpt('use_dynamic_credentials',
                 default=True,
-                help="Allows test cases to create/destroy tenants and "
+                help="Allows test cases to create/destroy projects and "
                      "users. This option requires that OpenStack Identity "
                      "API admin credentials are known. If false, isolated "
                      "test cases and parallel execution, can still be "
@@ -81,23 +81,26 @@ AuthGroup = [
                 default=True,
                 help="If use_dynamic_credentials is set to True and Neutron "
                      "is enabled Tempest will try to create a usable network, "
-                     "subnet, and router when needed for each tenant it "
+                     "subnet, and router when needed for each project it "
                      "creates. However in some neutron configurations, like "
                      "with VLAN provider networks, this doesn't work. So if "
                      "set to False the isolated networks will not be created"),
     cfg.StrOpt('admin_username',
                help="Username for an administrative user. This is needed for "
-                    "authenticating requests made by tenant isolation to "
+                    "authenticating requests made by project isolation to "
                     "create users and projects",
                deprecated_group='identity'),
-    cfg.StrOpt('admin_tenant_name',
+    cfg.StrOpt('admin_project_name',
-               help="Tenant name to use for an  administrative user. This is "
+               help="Project name to use for an  administrative user. This is "
-                    "needed for authenticating requests made by tenant "
+                    "needed for authenticating requests made by project "
                     "isolation to create users and projects",
-               deprecated_group='identity'),
+               deprecated_opts=[cfg.DeprecatedOpt('admin_tenant_name',
+                                                  group='auth'),
+                                cfg.DeprecatedOpt('admin_tenant_name',
+                                                  group='identity')]),
     cfg.StrOpt('admin_password',
                help="Password to use for an  administrative user. This is "
-                    "needed for authenticating requests made by tenant "
+                    "needed for authenticating requests made by project "
                     "isolation to create users and projects",
                secret=True,
                deprecated_group='identity'),
@@ -158,8 +161,9 @@ IdentityGroup = [
     cfg.StrOpt('username',
                help="Username to use for Nova API requests.",
                deprecated_for_removal=True),
-    cfg.StrOpt('tenant_name',
+    cfg.StrOpt('project_name',
-               help="Tenant name to use for Nova API requests.",
+               deprecated_name='tenant_name',
+               help="Project name to use for Nova API requests.",
                deprecated_for_removal=True),
     cfg.StrOpt('admin_role',
                default='admin',
@@ -176,8 +180,9 @@ IdentityGroup = [
                help="Username of alternate user to use for Nova API "
                     "requests.",
                deprecated_for_removal=True),
-    cfg.StrOpt('alt_tenant_name',
+    cfg.StrOpt('alt_project_name',
-               help="Alternate user's Tenant name to use for Nova API "
+               deprecated_name='alt_tenant_name',
+               help="Alternate user's Project name to use for Nova API "
                     "requests.",
                deprecated_for_removal=True),
     cfg.StrOpt('alt_password',
@@ -246,10 +251,10 @@ ComputeGroup = [
                     "no OS-EXT-STS extension available"),
     cfg.StrOpt('fixed_network_name',
                help="Name of the fixed network that is visible to all test "
-                    "tenants. If multiple networks are available for a tenant"
+                    "projects. If multiple networks are available for a "
-                    " this is the network which will be used for creating "
+                    "project, this is the network which will be used for "
-                    "servers if tempest does not create a network or a "
+                    "creating servers if tempest does not create a network or "
-                    "network is not specified elsewhere. It may be used for "
+                    "s network is not specified elsewhere. It may be used for "
                     "ssh validation only if floating IPs are disabled."),
     cfg.StrOpt('catalog_type',
                default='compute',
@@ -493,21 +498,26 @@ NetworkGroup = [
                choices=['public', 'admin', 'internal',
                         'publicURL', 'adminURL', 'internalURL'],
                help="The endpoint type to use for the network service."),
-    cfg.StrOpt('tenant_network_cidr',
+    cfg.StrOpt('project_network_cidr',
+               deprecated_name='tenant_network_cidr',
                default="10.100.0.0/16",
-               help="The cidr block to allocate tenant ipv4 subnets from"),
+               help="The cidr block to allocate project ipv4 subnets from"),
-    cfg.IntOpt('tenant_network_mask_bits',
+    cfg.IntOpt('project_network_mask_bits',
+               deprecated_name='tenant_network_mask_bits',
                default=28,
-               help="The mask bits for tenant ipv4 subnets"),
+               help="The mask bits for project ipv4 subnets"),
-    cfg.StrOpt('tenant_network_v6_cidr',
+    cfg.StrOpt('project_network_v6_cidr',
+               deprecated_name='tenant_network_v6_cidr',
                default="2003::/48",
-               help="The cidr block to allocate tenant ipv6 subnets from"),
+               help="The cidr block to allocate project ipv6 subnets from"),
-    cfg.IntOpt('tenant_network_v6_mask_bits',
+    cfg.IntOpt('project_network_v6_mask_bits',
+               deprecated_name='tenant_network_v6_mask_bits',
                default=64,
-               help="The mask bits for tenant ipv6 subnets"),
+               help="The mask bits for project ipv6 subnets"),
-    cfg.BoolOpt('tenant_networks_reachable',
+    cfg.BoolOpt('project_networks_reachable',
+                deprecated_name='tenant_networks_reachable',
                 default=False,
-                help="Whether tenant networks can be reached directly from "
+                help="Whether project networks can be reached directly from "
                      "the test client. This must be set to True when the "
                      "'fixed' ssh_connect_method is selected."),
     cfg.StrOpt('public_network_id',
@@ -1003,7 +1013,7 @@ StressGroup = [
                 default=False,
                 help='Allows a full cleaning process after a stress test.'
                      ' Caution : this cleanup will remove every objects of'
-                     ' every tenant.')
+                     ' every project.')
 ]
 
 

tempest/scenario/manager.py

@@ -217,7 +217,7 @@ class ScenarioTest(tempest.test.BaseTestCase):
                 networks = kwargs.pop('networks')
 
             # If there are no networks passed to us we look up
-            # for the tenant's private networks and create a port
+            # for the project's private networks and create a port
             # if there is only one private network. The same behaviour
             # as we would expect when passing the call to the clients
             # with no networks
@@ -764,11 +764,11 @@ class NetworkScenarioTest(ScenarioTest):
 
         if ip_version == 6:
             tenant_cidr = netaddr.IPNetwork(
-                CONF.network.tenant_network_v6_cidr)
+                CONF.network.project_network_v6_cidr)
-            num_bits = CONF.network.tenant_network_v6_mask_bits
+            num_bits = CONF.network.project_network_v6_mask_bits
         else:
-            tenant_cidr = netaddr.IPNetwork(CONF.network.tenant_network_cidr)
+            tenant_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr)
-            num_bits = CONF.network.tenant_network_mask_bits
+            num_bits = CONF.network.project_network_mask_bits
 
         result = None
         str_cidr = None
@@ -908,7 +908,7 @@ class NetworkScenarioTest(ScenarioTest):
                                            private_key,
                                            should_connect=True,
                                            servers_for_debug=None):
-        if not CONF.network.tenant_networks_reachable:
+        if not CONF.network.project_networks_reachable:
             msg = 'Tenant networks not configured to be reachable.'
             LOG.info(msg)
             return

tempest/scenario/test_network_advanced_server_ops.py

@@ -38,9 +38,9 @@ class TestNetworkAdvancedServerOps(manager.NetworkScenarioTest):
     @classmethod
     def skip_checks(cls):
         super(TestNetworkAdvancedServerOps, cls).skip_checks()
-        if not (CONF.network.tenant_networks_reachable
+        if not (CONF.network.project_networks_reachable
                 or CONF.network.public_network_id):
-            msg = ('Either tenant_networks_reachable must be "true", or '
+            msg = ('Either project_networks_reachable must be "true", or '
                    'public_network_id must be defined.')
             raise cls.skipException(msg)
 

tempest/scenario/test_network_basic_ops.py

@@ -59,7 +59,7 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
      Determine which types of networks to test as follows:
 
      * Configure tenant network checks (via the
-       'tenant_networks_reachable' key) if the Tempest host should
+       'project_networks_reachable' key) if the Tempest host should
        have direct connectivity to tenant networks.  This is likely to
        be the case if Tempest is running on the same host as a
        single-node devstack installation with IP namespaces disabled.
@@ -81,9 +81,9 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
     @classmethod
     def skip_checks(cls):
         super(TestNetworkBasicOps, cls).skip_checks()
-        if not (CONF.network.tenant_networks_reachable
+        if not (CONF.network.project_networks_reachable
                 or CONF.network.public_network_id):
-            msg = ('Either tenant_networks_reachable must be "true", or '
+            msg = ('Either project_networks_reachable must be "true", or '
                    'public_network_id must be defined.')
             raise cls.skipException(msg)
         for ext in ['router', 'security-group']:
@@ -692,7 +692,7 @@ class TestNetworkBasicOps(manager.NetworkScenarioTest):
         self._setup_network_and_servers()
 
         # NOTE(kevinbenton): we have to use the admin credentials to check
-        # for the distributed flag because self.router only has a tenant view.
+        # for the distributed flag because self.router only has a project view.
         admin = self.admin_manager.routers_client.show_router(self.router.id)
         if admin['router'].get('distributed', False):
             msg = "Rescheduling test does not apply to distributed routers."

tempest/scenario/test_network_v6.py

@@ -44,9 +44,9 @@ class TestGettingAddress(manager.NetworkScenarioTest):
         if not (CONF.network_feature_enabled.ipv6
                 and CONF.network_feature_enabled.ipv6_subnet_attributes):
             raise cls.skipException('IPv6 or its attributes not supported')
-        if not (CONF.network.tenant_networks_reachable
+        if not (CONF.network.project_networks_reachable
                 or CONF.network.public_network_id):
-            msg = ('Either tenant_networks_reachable must be "true", or '
+            msg = ('Either project_networks_reachable must be "true", or '
                    'public_network_id must be defined.')
             raise cls.skipException(msg)
         if CONF.baremetal.driver_enabled:

tempest/scenario/test_security_groups_basic_ops.py

@@ -130,9 +130,9 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
             msg = ('Not currently supported when using vnic_type'
                    ' direct or macvtap')
             raise cls.skipException(msg)
-        if not (CONF.network.tenant_networks_reachable or
+        if not (CONF.network.project_networks_reachable or
                 CONF.network.public_network_id):
-            msg = ('Either tenant_networks_reachable must be "true", or '
+            msg = ('Either project_networks_reachable must be "true", or '
                    'public_network_id must be defined.')
             raise cls.skipException(msg)
         if not test.is_extension_enabled('security-group', 'network'):
@@ -194,7 +194,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
             client=tenant.manager.security_groups_client
         )
 
-        # don't use default secgroup since it allows in-tenant traffic
+        # don't use default secgroup since it allows in-project traffic
         def_sg = self._create_empty_security_group(
             namestart='secgroup_general-',
             tenant_id=tenant.creds.tenant_id,
@@ -301,7 +301,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
 
     def _set_access_point(self, tenant):
         # creates a server in a secgroup with rule allowing external ssh
-        # in order to access tenant internal network
+        # in order to access project internal network
         # workaround ip namespace
         secgroups = tenant.security_groups.values()
         name = 'server-{tenant}-access_point'.format(
@@ -468,7 +468,7 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
         if not self.credentials_provider.is_multi_tenant():
             raise self.skipException("No secondary tenant defined")
         try:
-            # deploy new tenant
+            # deploy new project
             self._deploy_tenant(self.alt_tenant)
             self._verify_network_details(self.alt_tenant)
             self._verify_mac_addr(self.alt_tenant)

tempest/tests/common/test_admin_available.py

@@ -36,19 +36,19 @@ class TestAdminAvailable(base.TestCase):
                              dynamic_creds, group='auth')
         if use_accounts_file:
             accounts = [{'username': 'u1',
-                         'tenant_name': 't1',
+                         'project_name': 't1',
                          'password': 'p'},
                         {'username': 'u2',
-                         'tenant_name': 't2',
+                         'project_name': 't2',
                          'password': 'p'}]
             if admin_creds == 'role':
                 accounts.append({'username': 'admin',
-                                 'tenant_name': 'admin',
+                                 'project_name': 'admin',
                                  'password': 'p',
                                  'roles': ['admin']})
             elif admin_creds == 'type':
                 accounts.append({'username': 'admin',
-                                 'tenant_name': 'admin',
+                                 'project_name': 'admin',
                                  'password': 'p',
                                  'types': ['admin']})
             self.useFixture(mockpatch.Patch(
@@ -63,17 +63,17 @@ class TestAdminAvailable(base.TestCase):
                                             return_value=False))
             if admin_creds:
                 username = 'u'
-                tenant = 't'
+                project = 't'
                 password = 'p'
                 domain = 'd'
             else:
                 username = None
-                tenant = None
+                project = None
                 password = None
                 domain = None
 
             cfg.CONF.set_default('admin_username', username, group='auth')
-            cfg.CONF.set_default('admin_tenant_name', tenant, group='auth')
+            cfg.CONF.set_default('admin_project_name', project, group='auth')
             cfg.CONF.set_default('admin_password', password, group='auth')
             cfg.CONF.set_default('admin_domain_name', domain, group='auth')
 

tempest/tests/common/test_alt_available.py

@@ -36,7 +36,7 @@ class TestAltAvailable(base.TestCase):
                              dynamic_creds, group='auth')
         if use_accounts_file:
             accounts = [dict(username="u%s" % ii,
-                             tenant_name="t%s" % ii,
+                             project_name="t%s" % ii,
                              password="p") for ii in creds]
             self.useFixture(mockpatch.Patch(
                 'tempest.common.preprov_creds.read_accounts_yaml',
@@ -52,19 +52,19 @@ class TestAltAvailable(base.TestCase):
             for ii in range(0, 2):
                 if len(creds) > ii:
                     username = 'u%s' % creds[ii]
-                    tenant = 't%s' % creds[ii]
+                    project = 't%s' % creds[ii]
                     password = 'p'
                     domain = 'd'
                 else:
                     username = None
-                    tenant = None
+                    project = None
                     password = None
                     domain = None
 
                 cfg.CONF.set_default('%susername' % cred_prefix[ii], username,
                                      group='identity')
-                cfg.CONF.set_default('%stenant_name' % cred_prefix[ii], tenant,
+                cfg.CONF.set_default('%sproject_name' % cred_prefix[ii],
-                                     group='identity')
+                                     project, group='identity')
                 cfg.CONF.set_default('%spassword' % cred_prefix[ii], password,
                                      group='identity')
                 cfg.CONF.set_default('%sdomain_name' % cred_prefix[ii], domain,

tempest/tests/fake_config.py

@@ -46,7 +46,7 @@ class ConfigFixture(conf_fixture.Config):
             lock_path=str(os.environ.get('OS_TEST_LOCK_PATH')),
         )
         self.conf.set_default('auth_version', 'v2', group='identity')
-        for config_option in ['username', 'password', 'tenant_name']:
+        for config_option in ['username', 'password', 'project_name']:
             # Identity group items
             for prefix in ['', 'alt_', 'admin_']:
                 if prefix == 'admin_':