Keystone is moving away from using either project-scope or domain-scope
for the main cloud administrator user, and instead moving toward the
admin user having a role assignment on the "system" scope[1]. This will
mean that no particular project or domain is special, and instead the
cloud administrator scopes to the system in order to make
deployment-wide changes. Keystone has now migrated all of its policies
to understand system scope[2], and if a deployment sets
[oslo_policy]/enforce_scope=true in keystone.conf and uses the new
policies, an admin user scoped to the admin project will not be able to
create dynamic credentials for tempest.
This patch adds a new parameter ``[auth]/admin_system`` to indicate that
neither the ``admin_project`` or ``admin_domain`` parameters apply to
the admin user and that the user should instead authenticate with the
system scope. This also adds ``admin_user_domain_name`` so that the
admin user can be found in its domain (namespace) without setting
``domain_name``, and for completeness also adds
``admin_project_domain_name`` so that ``domain_name`` could be omitted
even if using project scope.
[1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html
[2] https://bugs.launchpad.net/keystone/+bugs?field.status%3Alist=FIXRELEASED&field.tag=system-scope
Depends-on: https://review.opendev.org/739262
Change-Id: I840b273c37ca7cc4592c43813abfb424337e2836
The test_attach_scsi_disk_with_config_drive test cases is racy at volume
detach. Nova first detach the volume in cinder then later deletes the
BlockDeviceMapping from the nova DB. Test waits for the volume to become
available and then checks the list of volume attachments in the nova API
then it can see that the attachment is still there.
Closes-Bug: #1907084
Change-Id: I814ae3215f39d1e8407c4ca1c7117a314941c80b
This is to fix the "TypeError: format requires a mapping" in
wait_for_image_imported_to_stores and wait_for_image_copied_to_stores.
Change-Id: I8a33bd4f4ea189ce9247dfecec1e53001682b870
Due to issue described in related bug report, it seems that it may
happen sometimes that tempest will start trying to ssh to the instance
before ssh key will be really configured in the instance and in such
case it may happened that there will be AuthenticationFailure error
always there. Even if ssh key will be configured properly later during
the test.
To workaround that issue and avoid failures of tests, this patch adds
check if the vm is really booted and ready to ssh. It is done by
checking console log of the VM and looking for specific string "login:"
which appears at least in case of Cirros and Ubuntu images used in our
CI jobs.
In case when such string will not be found, test will continue to run
and will still try to ssh to the instance. So in worst case it may slow
ssh to the instance a bit but shouldn't really have any bad impact on
test as before this patch it would probably also wait similar amount of
time but on trying to SSH to the instance.
Similar workaround was introduced in the neutron-tempest-plugin with
[1]. After it was merged number of failed jobs due to ssh "Authentication
failure" issues lower down significantly.
[1] https://review.opendev.org/#/c/758968/
Change-Id: I84a7c2fc389d181388ef821848ffad4bc67f1213
Related-Bug: #1892861
The Python 2.7 Support has been removed by:
https://review.opendev.org/#/c/704096/
So remove hacking rules for compatibility between python 2 and 3
Change-Id: I0e78b982b79674520c7695c0cca7352677d7b7a0
Historically Neutron had API extensions to make it clear what feature
is available and what is not. There are however features without new
API extensions, see [1] and [2].
To avoid having lots of config options that makes it possible in a
branchless tempest to detect if a given feature is available or not on
a given Neutron branch this patch proposes a list config option similar
to api_extensions: available_features.
available_features is a list option with the special all entry, and new
tests that depend on API extensionless features can use this to be
skipped on older branches.
[1] https://review.opendev.org/750355
[2] https://review.opendev.org/743695
Change-Id: I9d4be68db0f18dcaded4bfe78f5a314cb450987a
The instance may have been deleted when calling 'force_delete_server'.
So this patch ignores exception 'lib_exc.NotFound' that avoid
error in tearing down stage.
Change-Id: I29d6d1a41e3fb1bbbdb1f16ef4e54916df2e1ec7
Closes-Bug: #1896865
Adding tests for below scenarios
1. test for import_to_all_stores(--all-stores true)
2. test for import_to_specified_stores(--stores store_list)
Change-Id: I3aa413c624881065a1cf46c6345f9eda923df8eb
A volume attached to multiple servers has multiple attachment structures
that are distinguished by their "attachment_id" field, not the "id" one.
So when setting up a waiter watching for an attachment being removed,
the "attachment_id" field must be passed. Thus, when attaching a volume,
it is necessary to wait until the attachment shows up in the volume's
data and then use the "attachment_id" field of that record to pass to
the waiter invoked at tear-down time.
Change-Id: I9ab9f786b23061dd3a6a3482ab9739ba504d2bc0
Closes-Bug: 1894724
Some tests fail when Accept-Range header is not present in the
response of the API. This is not necesseary as the Accept-Range
header is not mandatory according to RFC [1].
[2] https://tools.ietf.org/html/rfc7233#section-2.3
Closes-Bug: #1885723
Change-Id: I521eb4a332937328b5010df53ddab2af76090202
As explained in [1] it is not legitimate to require a Transfer-Encoding
header in Swift responses. That prevents running some tests
successfully in the case where Swift is behind a proxy/load-balancer
that does not use any Transfer-Encoding in its responses.
This change hence removes the checks for the presence of a
"Transfer-Encoding" header, and replaces them by the use
of the existing check methods, after modifying the
custom_matcher checks on which these methods rely on to accept
either a Content-Length or a Transfer-Encoding header.
Some adaptation was also required to avoid trying to process 'etag'
for DELETE requests.
A side-effect of this change is a code simplification and
cleanup since the specific header checks in the corresponding
tests are replaced by the generic check methods.
[1] https://bugs.launchpad.net/tempest/+bug/1819851/comments/3
Closes-Bug: 1819851
Change-Id: Iaccea41640a53b564f72cee73981e2e61d3e80ae
- Fix noVNC failed TCs tempest.api.compute.servers.test_novnc.NoVNCConsoleTestJSON.test_novnc:
* Current noVNC request miss the / prefix in GET header in the websocket upgrade request.
* Current GET header GET ?token=xxx HTTP/1 can cause "HTTP/1.1 400 Bad Request" error.
* Fix the issue by adding / prefix and
# updated request format is: GET /?token=xxx HTTP/1.1 or GET /websockify HTTP/1.1
Change-Id: I38a91b8e293e39625d08073e2b898451b6126ecb
This change adds a specific waiter for tracking the removal of
attachments from a volume. This should allow callers to track the
detaching of multiattached volumes from instances while the volume
remains in an `in-use` state.
Related-bug: #1858841
Change-Id: I85917f683d2bc81fdf3f6d3351bf56fdb649740e
This patch removes CONF.compute.volume_device_name dependency and
use modified list_disks method to get the newly attached
device name and use that for mkfs rather than the user supplied
device name which is based on assumtion.
Also modfied test_attach_detach testcase and unit test
for remote_client accordingly.
Change-Id: I862d1ba55f45b09385057a51b0b52a851c19287e
Closes-Bug: #1852807
If reclaim_instance_interval > 0 in nova.conf, some testcases will
fail cause of resource's state is 'in-use'. This patch adds the logic
in `wait_for_server_termination` that if the virtual machine state is
SOFT_DELETED, then call `force_delete`.
Change-Id: I406188ac2aa54419fa4e44f547ae80a31b58b858
Closes-Bug: #1850568
This patch removes user provided and libvirt assigned
value as that was based on assumption rather count the
disk name before and after attach/detach based on output
generated using 'lsblk' command in the running instance
with the help of new method list_disks in client and
existing util remote client for remote ssh.
we observer this test case failing when the instance boot
with config drive format "vfat" enabled with two volume
vda and vdb volume disk name, so whatever test case boot with
config drive as well as ephemeral disk was not be able to
use this testcase.
Change-Id: Id3e537bc55089ca5c35fa1f973dd47f2b11147ae
Partial-Bug: #1852807
At the moment, tempest assumes that mke2fs will reside at /usr/sbin.
This is not necessarily true, for which reason it's safer to just
avoid using the full path.
Change-Id: I6455bbc2e5cec14d2520b19fc00d183d02879e4b
The review allows related non-scenario tests which create
volumes and servers to read and use
CONF.compute.compute_volume_common_az.
If the tests don't use the option and tested environment has
multiple availability_zones, the tests fail.
Related-bug: #1647999
Change-Id: Ia0a6fd2175635d4375514d7609646b4516836dc0
Now we can get error messages like "Resource 595f6527-d84c-
4e14-a86f-c7be186a864c failed to delete and is in ERROR status",
and this has two problems:
1. It doesn't indicate which kind of resource, e.g., volume or server
2. For DeleteErrorException raised in volumes_client, the volume
status is error_deleting, not ERROR.
So this is to pass full and accurate message to DeleteErrorException
to avoid the confusion.
Change-Id: I8cfd9f84b888b3380b6109e967b09f7fa74e4051
When extending volume reaches status error_extending, we should
return from wait_for_volume_resource_status immediately instead
of waiting for the TimeoutException.
Change-Id: I3db0325c23ebb8d42fe77f4c28552fe9cf5ed807
Starting in v1.1.0 of noVNC, it no longer forwards a token from the
URI via a cookie and we must instead specify the token as part of the
'path' query parameter.
This adds handling of the 'path' query parameter so the test_novnc
tests will be able to work with a console access url that has the token
in the 'path' query parameter instead of in a cookie and thus work with
noVNC >= v1.1.0.
Related-Bug: #1822676
Change-Id: Ifc0262f869e4d08d2746275438575980213fe9b2
This change introduces a true cinder host to host attached volume
migration test in addition to the existing attached volume retype test.
To enable this two new calls are introduced to the v3 volume client to
allow all volume backends to be listed per project and to also call for
a direct volume migration between backends.
Related-bug: #1803961
Depends-On: I1bdf3431bda2da98380e0dcaa9f952e6768ca3af
Change-Id: I501eb0cd5eb101b4dc553c2cdbc414693dd5b681
autopep8 is an automated code formatting tool for python,
it does not know everything, also not super fast,
but it is faster than I can manually reformat the code.
tools/format.sh will call the formatting,
the tox will check did you called it.
Also adding a tox -eautopep8 way to use it.
autopep8 formats the lines in one way,
where tempest used a another way it was changed.
Change-Id: I6d51b14a5a5b87761071d0927fca23ba1651aa41
We need to know the result of the command run
in get_nic_name_by_ip to see what is getting parsed
since we are returning the empty string in some
cases which results in an error because
/var/run/udhcpc..pid does not exist in the guest.
Change-Id: Ie15ac360a7fd384583607d5bf1d8ce7a3d2c3576
Related-Bug: #1813198
When creating a test server and the volume fails to build
a VolumeResourceBuildErrorException is raised causing a resource
leak on the testing system[1]
This change aims to remove the volume before raising the exception
to the calling test so that the system is properly cleaned up of
testing resources before exiting.
[1] http://paste.openstack.org/show/743062/
Change-Id: Ib064e4f2cb113f98da73db519d855fa892515f66
Several docstrings have incorrect format, what prevents to generate
a documentation using sphinx-apidoc extension.
Change-Id: I66431c7030089173d7635c1e2a72765db21f9780
Previously, Tempest's default for scheduler_available_filters was
'all'. This was different from Nova's default enabled_filters, which
does *not* include all possible filters available in Nova. Thus, in a
deployment where both options were kept at their default value,
Tempest's is_scheduler_filter_enabled() would return True for all
filters, even if those filters weren't enabled in Nova. In addition,
the 'available' wording could be made clearer. This patch deprecates
scheduler_available_filters, replacing it with
scheduler_enabled_filters. The latter has its default value set to
Nova's enabled_filters default.
Related-bug: 1628443
Change-Id: I5c87865dc650d383ee006d36b6d52cdd90577ab9
This is next step patch from https://review.openstack.org/#/c/573118/
which makes all the volume service clients alias with _latest suffix.
As all the volume clients point to v3 service client only, having
alias with _v2_ or _v3_ name are confusing.
This commit provide alias with _latest suffix and use them in
tempest. As old alias are being used in tempest plugins also,
we keep the old alias also and slowly will move each plugins to
start using new alias.
Change-Id: Ib89ab72ab4ada3e8442901f104b0b96072187ef9
The method waits for an interface to be detached from a server.
It will be used in the subsequent patch that tests tagged device
attach and detach (nova API 2.49).
Change-Id: If23bd5947dea345b30a77bc83c5b3dbfa5a4267b
If the VNC is running at a default port and the address returned
is an address which does not contain a port, then the VNC tests
fail to connect because they attempt to call a socket connect
without an IP listed.
In addition, this makes sure that the Host header does not include
a port if we are hitting the default port so things are clean.
Change-Id: Ie5939a4c5789efb759f5a2372435be7f9af33e91
Config option 'resources_prefix' was deprecated. It is
used by only manila plugin which fix has been commited.
This commit removes this config option and hardcode the
resource prefix as 'tempest'
Change-Id: Idce7af97fe6647e3095b2b626fbacb3446694fbc
Depends-On: I9c140b3a9efabeced7fc26cb1f169ebe6789d88b
This commit removes a confusing comment. This "l.58" indicated that
around line 126 - `if multiple_create_request:` condition, originally.
(The condition has been modified from the original one, though.) And, we
shouldn't fix it to 'l.126' because it isn't stable.
Change-Id: Iad059ce8a97da544948e5383461a4cc480067992
Colleen Murphy