create_object_continue interface in object_client doesn't use
CONF.identity.disable_ssl_certificate_validation, so even if we set
disable_ssl_certificate_validation=true in tempest.conf, sometimes
we will still get "ssl.SSLCertVerificationError:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
unable to get local issuer certificate (_ssl.c:1108)"
So create_object_continue should judge whether to check ssl
certification according to
CONF.identity.disable_ssl_certificate_validation.
Change-Id: I38f4416641e396caf88d16e3b418f0fc7577179d
Closes-Bug: #1907554
Keystone is moving away from using either project-scope or domain-scope
for the main cloud administrator user, and instead moving toward the
admin user having a role assignment on the "system" scope[1]. This will
mean that no particular project or domain is special, and instead the
cloud administrator scopes to the system in order to make
deployment-wide changes. Keystone has now migrated all of its policies
to understand system scope[2], and if a deployment sets
[oslo_policy]/enforce_scope=true in keystone.conf and uses the new
policies, an admin user scoped to the admin project will not be able to
create dynamic credentials for tempest.
This patch adds a new parameter ``[auth]/admin_system`` to indicate that
neither the ``admin_project`` or ``admin_domain`` parameters apply to
the admin user and that the user should instead authenticate with the
system scope. This also adds ``admin_user_domain_name`` so that the
admin user can be found in its domain (namespace) without setting
``domain_name``, and for completeness also adds
``admin_project_domain_name`` so that ``domain_name`` could be omitted
even if using project scope.
[1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html
[2] https://bugs.launchpad.net/keystone/+bugs?field.status%3Alist=FIXRELEASED&field.tag=system-scope
Depends-on: https://review.opendev.org/739262
Change-Id: I840b273c37ca7cc4592c43813abfb424337e2836
The test_attach_scsi_disk_with_config_drive test cases is racy at volume
detach. Nova first detach the volume in cinder then later deletes the
BlockDeviceMapping from the nova DB. Test waits for the volume to become
available and then checks the list of volume attachments in the nova API
then it can see that the attachment is still there.
Closes-Bug: #1907084
Change-Id: I814ae3215f39d1e8407c4ca1c7117a314941c80b
This is to fix the "TypeError: format requires a mapping" in
wait_for_image_imported_to_stores and wait_for_image_copied_to_stores.
Change-Id: I8a33bd4f4ea189ce9247dfecec1e53001682b870
Due to issue described in related bug report, it seems that it may
happen sometimes that tempest will start trying to ssh to the instance
before ssh key will be really configured in the instance and in such
case it may happened that there will be AuthenticationFailure error
always there. Even if ssh key will be configured properly later during
the test.
To workaround that issue and avoid failures of tests, this patch adds
check if the vm is really booted and ready to ssh. It is done by
checking console log of the VM and looking for specific string "login:"
which appears at least in case of Cirros and Ubuntu images used in our
CI jobs.
In case when such string will not be found, test will continue to run
and will still try to ssh to the instance. So in worst case it may slow
ssh to the instance a bit but shouldn't really have any bad impact on
test as before this patch it would probably also wait similar amount of
time but on trying to SSH to the instance.
Similar workaround was introduced in the neutron-tempest-plugin with
[1]. After it was merged number of failed jobs due to ssh "Authentication
failure" issues lower down significantly.
[1] https://review.opendev.org/#/c/758968/
Change-Id: I84a7c2fc389d181388ef821848ffad4bc67f1213
Related-Bug: #1892861
The Python 2.7 Support has been removed by:
https://review.opendev.org/#/c/704096/
So remove hacking rules for compatibility between python 2 and 3
Change-Id: I0e78b982b79674520c7695c0cca7352677d7b7a0
This makes us tolerate up to three ServerFault errors while trying to
do things like clean up resources during tearDown().
Change-Id: I3b2dac90fd6c71d66506d33aa5e35bb362d9bf87
Related-Bug: #1897907
Routed provider networks feature uses the placement API, to test the
feature we need to add the following client methods to the placement
client:
* list_resource_providers
* show_resource_provider
* list_resource_provider_inventories
* list_resource_provider_aggregates
Change-Id: I4e4b104bf4b6b26b02d95b2c9697f4bfdba25ac4
The v2 version of the /users/{}/credentials/OS-EC2 API was already
present, for completeness this patch adds the v3 equivalent.
This API is not documented because it is preferred to use the
/v3/credentials API for this functionality.
Change-Id: Ide90658fa07a3d5a7ba2e52c3ab7377170273b76
For completeness, add tempest clients for keystone's OS-ENDPOINT-POLICY
and OS-EP-FILTER APIs. These are rarely-used APIs, so not adding API
tests at this time.
Change-Id: Ia592d8d3b629af68a963f5050b29de5478bface1
Needed-by: https://review.opendev.org/686305
A volume attached to multiple servers has multiple attachment structures
that are distinguished by their "attachment_id" field, not the "id" one.
So when setting up a waiter watching for an attachment being removed,
the "attachment_id" field must be passed. Thus, when attaching a volume,
it is necessary to wait until the attachment shows up in the volume's
data and then use the "attachment_id" field of that record to pass to
the waiter invoked at tear-down time.
Change-Id: I9ab9f786b23061dd3a6a3482ab9739ba504d2bc0
Closes-Bug: 1894724
This commit makes to use os.path.join instead of using the Unix path
character '/'. This change is not mandatory since we don't support
Windows environments as Tempest execution and, it seems Windows supports
'/' as a path separator. However, using both os.path.join and '/' is a
bit awkward.
Change-Id: I117acb281c352179d526808009e761335bb314fc
This is to add response schema validation for volume manage.
As gmann pointed out in https://review.opendev.org/#/c/616783/,
the response of volume_manage is same as that of show_volume,
so here we use common_show_volume directly.
Change-Id: I5e26d0cca87c303ebb9a2fe93ad0b13b73eb41a6
partially-implements: blueprint volume-response-schema-validation
There were two issues with the previous implementation of
_add_import_for_test_uuid():
1) Sometimes the import line was added to the end of the file.
For example,
- when the import line belonged to the first line,
- when there was no tempest import line.
2) Sometimes the import line was not added to the correct import
group (2nd - related third party imports) defined by the pep8
style guide.
This patch makes sure that both issues 1) and 2) are solved. The
import line is now by default added between the tempest imports.
If there is no tempest import the import line is added to the
second import group.
Change-Id: Icbac702d295f7f75b3259ad68dd2345cc1e4d90b
in order to enhance the cmd to support kubernetes url based
routing over port based routing. Once this is merged I will
submit another patch set to subunit_describe_calls to support
-u --urls (Optional) The path to a JSON file describing the urls
being used by different services. Note Can not be used with -p.
Added test cases for cliff subprocess and found a bug with the
-v. The standard -v --verbose of cliff conflict with this command
so I changed the -v --verbose to -a --all for print header
with printing to stdout I am also getting ready to add test cases
for cliff subprocess support for different options. Bug #1890060
Correct os join in test cases to avoid a conflict with
https://review.opendev.org/#/c/683026
Closes-bug: #1890060
Change-Id: I9459db0dbeda721187ea5f4802c7453c2092dac3
Create tests to check whether the --fix and --package arguments
of check-uuid utility work correctly.
Partially-Implements: blueprint tempest-cli-unit-test-coverage
Change-Id: Iadab5b1f0e0b61de3f5686c964c691dfe8c7ecd5
This is to add response schema validation for volume backups.
Change-Id: I2ab6ecfeb0c48c7ef4a0fc94e670d43dbc3f6650
partially-implements: blueprint volume-response-schema-validation
We replaced usage of third party mock by the standard library in:
https://review.opendev.org/#/c/721021/
There are 2 forgotten occurrences where we still use the third
party mock, the patch fixes that.
Change-Id: I7d00be25bb0b70ce55e27790df33d9134c2a52ae
* adding a patch
* applying a patch
* adding uuid to test - with and without decorator
* adding import line to tests with uuid
Closes-Bug: #1878171
Change-Id: I59e2cb3bd0ee9a8b525b5904fd39eba446205efd
This patch increases test coverage of verify_tempest_config
partially-implements: blueprint tempest-cli-unit-test-coverage
Change-Id: I87966469df42f0fbabfa2b265398a101af414c9f
Concurrency parameter for account-generator command was accepting
negative values and zero.
This patch makes sure that when the account-generator is passed
a negative value or zero, it ends with an error.
Closes-Bug: #1811349
Partially-Implements: blueprint tempest-cli-unit-test-coverage
Change-Id: I4d7de89b2ad3ee91d113da3746fe393d8cce2aa2
'Member' role has been deprecated and replaced by 'member'.
The patch replaces the leftover occurrences of 'Member' by 'member'.
Change-Id: I857655b8568eb2df1bb9bc263117119388d42f01
Closes-Bug: #1330132
Zuul