From ef13f406b95cceaed5ce8d125574ec11399ec50d Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Thu, 4 Mar 2021 17:12:10 +0000 Subject: [PATCH] Update dynamic creds to properly handle types during creation A recent change modified how credential_types are passed into _create_creds: https://review.opendev.org/c/openstack/tempest/+/773177 This change updates the code to check for types and only cast creds to a list if it's a string. It also adds a condition to only create a project role assignment if the credential type is project-scoped. Otherwise, this fails with system-scoped credentials. Change-Id: I010434e1a97520cc7a55384af55e0b61ee4e2556 --- tempest/lib/common/dynamic_creds.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tempest/lib/common/dynamic_creds.py b/tempest/lib/common/dynamic_creds.py index 5e2308ee18..b641542d7d 100644 --- a/tempest/lib/common/dynamic_creds.py +++ b/tempest/lib/common/dynamic_creds.py @@ -228,8 +228,9 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider): roles_to_assign = [r for r in roles] if admin: roles_to_assign.append(self.admin_role) - self.creds_client.assign_user_role( - user, project, self.identity_admin_role) + if scope == 'project': + self.creds_client.assign_user_role( + user, project, self.identity_admin_role) if (self.identity_version == 'v3' and self.identity_admin_domain_scope): self.creds_client.assign_user_role_on_domain( @@ -386,8 +387,10 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider): cred_type = credential_type if credential_type in [['alt_member'], ['alt_reader']]: cred_type = credential_type[0][4:] + if isinstance(cred_type, str): + cred_type = [cred_type] credentials = self._create_creds( - roles=[cred_type], scope=scope) + roles=cred_type, scope=scope) elif credential_type in ['primary', 'alt', 'admin']: is_admin = (credential_type == 'admin') credentials = self._create_creds(admin=is_admin)