8bbdb1660f
Moves authentication from rest_client to an external auth_provider, assigned to the client by the client manager. The auth provider can decorate a request based on credentials (coming from the client manager) and filters (region, service, endpoint_type) given by the client. The auth provider can also return the raw auth_data, which in the Keystone implementation is a tuple (token, auth_data). The auth provider allows mixing multiple credentials when decorating a request, possibly using empty or invalid credentials, to facilitate negative tests. The auth provider caches auth data, so that all API requests for a specific set of credentials only require a single call to obtain a token, unless the token expires or is forcefully deleted from the auth provder. Two implementations of the auth provider are included: Keystonev2 and Keystonev3. The Manager object behaves as factory of auth_providers, building the correct one based on the configured auth_version, and on the interface type (JSON or XML). Fixes endpoint selection for v3 auth. Drops unused basic_auth. Extends TokenClients to provide both token and auth data, and accept different combinations of credentials for v3. Removes redundant server_client_v3_auth. Adapts tempest unit tests to work with modified rest client. Introduces a configuration parameter for authentication version to be used. That is used when instantiating the client manager, and it applies to all clients used by api tests. Next steps (next patches): - move to credentials as dict (as opposed to tuple) - expose a get_client method from the client manager and create clients only when requested - remove redundant CustomizedHeader object storage clients - supports keystone v3 in tenant isolation - use Auth Provider in scenario tests - use Auth Provider in CLI tests - implement parsing of catalog XML format (?) Partially implements: bp multi-keystone-api-version-tests Change-Id: Icfa921e9051c01f339f8d2471b12d6ec950cc456 |
||
---|---|---|
.. | ||
api | ||
cli | ||
common | ||
hacking | ||
openstack | ||
scenario | ||
services | ||
stress | ||
test_discover | ||
tests | ||
thirdparty | ||
README.rst | ||
__init__.py | ||
auth.py | ||
clients.py | ||
config.py | ||
exceptions.py | ||
manager.py | ||
test.py |
README.rst
Tempest Field Guide Overview
Tempest is designed to be useful for a large number of different environments. This includes being useful for gating commits to OpenStack core projects, being used to validate OpenStack cloud implementations for both correctness, as well as a burn in tool for OpenStack clouds.
As such Tempest tests come in many flavors, each with their own rules and guidelines. Below is the proposed Havana restructuring for Tempest to make this clear.
api/ - API tests
cli/ - CLI tests
scenario/ - complex scenario tests
stress/ - stress tests
thirdparty/ - 3rd party api tests
Each of these directories contains different types of tests. What belongs in each directory, the rules and examples for good tests, are documented in a README.rst file in the directory.
api
API tests are validation tests for the OpenStack API. They should not use the existing python clients for OpenStack, but should instead use the tempest implementations of clients. This allows us to test both XML and JSON. Having raw clients also lets us pass invalid JSON and XML to the APIs and see the results, something we could not get with the native clients.
When it makes sense, API testing should be moved closer to the projects themselves, possibly as functional tests in their unit test frameworks.
cli
CLI tests use the openstack CLI to interact with the OpenStack cloud. CLI testing in unit tests is somewhat difficult because unlike server testing, there is no access to server code to instantiate. Tempest seems like a logical place for this, as it prereqs having a running OpenStack cloud.
scenario
Scenario tests are complex "through path" tests for OpenStack functionality. They are typically a series of steps where complicated state requiring multiple services is set up exercised, and torn down.
Scenario tests can and should use the OpenStack python clients.
stress
Stress tests are designed to stress an OpenStack environment by running a high workload against it and seeing what breaks. Tools may be provided to help detect breaks (stack traces in the logs).
TODO: old stress tests deleted, new_stress that david is working on moves into here.
thirdparty
Many openstack components include 3rdparty API support. It is completely legitimate for Tempest to include tests of 3rdparty APIs, but those should be kept separate from the normal OpenStack validation.