We already added scope support for 'admin', 'member',
and 'reader' role. This commit is to adds the scope
support for specific roles, basically in get_creds_by_roles().
Test can now request the scope along with the number of roles
using the scope as prefix in credential type. Fpr example:
credentials = [['my_role', 'role1'], # this will be old style and project scoped
['project_my_role', 'role1'], # this will be project scoped
['domain_my_role', 'role1'], # this will be domain scoped
['system_my_role', 'role1']] # this will be system scoped
and below is how test can access the credential manager of respective
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Signed-off-by: Sean McGinnis <email@example.com>
The credentials_factory module loads a few bit configuration
at module import time when the DEFAULT_PARAMS variable is defined.
This is not a good idea as it forces configuration to be loaded
even during test discovery. Besides DEFAULT_PARAMS was out of
date as it did not include http_timeout.
Replacing the DEFAULT_PARAMS variable with calls to
Not loading CONF at test discovery time uncovered the fact that
the account generator unit tests were depending on oslo log
configuration parameters to be there. Mocking the log setup
step fixed the issue.
Unit test that require configuration should use the configuration
fixture and set_default so that configuration changes stay isolated
to the specific test.
Tests in test_base_test break this rule and cause race conditions
in other tests, fixing that.
This commit migrates the preprovisioned credentials provider from
tempest/common into tempest/lib. As part of this 2 dependencies are
also migrated to lib: the InvalidTestResource exception class and the
Dynamic credential providers generate TestResource objects, which
behave like Credentials but also include network resources.
We used to pass those directly into client managers, but that has
several issues: the interface of the client manager is confusing,
because it accepts two different type of objects in one parameter.
Having the client manager depending on the dynamic credential provider
is a problem because in turn that depends on the client manager,
which may lead to circular dependencies when trying to make those
stable interfaces for tempest.lib.
Finally TestResources seem to confused developers, since a number of tests
ignored the possibility of getting Credential fields from TestResources
directly, and went through the inner credentials atttribute.
I think the best approach for now is to pass auth.Credentials objects
only into the client manager. The client manager does not use the
network resources anyways.
We plan to refactor the link between credential provider and network
resources anyways, so it's better to have that outside of client
Partially-implements: bp client-manager-refactor
The recent commit I45d73891f3c0829a2378a032dfc02e5ac0ee34b7
deduplicated the base test class methods from the tempest.lib
reintegration. However the surviving base class was put in the wrong
namespace. The base class is just that a base to build the individual
test subclass off of. It's very confusing for that to not live in the
base tests namespace. While the code in lib is supposed to be self
contained there isn't a reason to do that here for the unit tests,
especially because in this case the import heiarchy becomes more
confusing with the base living in a submodule. This commit moves the
base class to the base tempest.tests namespace where it really
Within get_tenant_network(), a client manager was always retrieved, but
because no arguments were passed, it always retrieved the client manager
for the primary credentials. The credentials for the tenant network to
retrieve needs to be passed in so the appropriate client manager can be