Reset ntp_client cached token in override_role context
As bug [0] shows we have incorrect behaviour with client, when its
allowed to perform forbidden action beacause of cached token.
This patchset expands RbacUtilsMixin with `get_auth_providers` so
we can define additional auth_providers on testcase level.
Using it we reset cached auth data for neutron-tempest-plugin
client in *PluginRbacTest tests.
[0] https://storyboard.openstack.org/#!/story/2003296
Change-Id: Ie444f1e0be1c9a5ff7fc8a968269b73f510685e3
Story: 2003296
Task: 24245
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 02b9297..9a9f864 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -137,7 +137,9 @@
with excutils.save_and_reraise_exception():
LOG.exception(exp)
finally:
- test_obj.os_primary.auth_provider.clear_auth()
+ auth_providers = test_obj.get_auth_providers()
+ for provider in auth_providers:
+ provider.clear_auth()
# Fernet tokens are not subsecond aware so sleep to ensure we are
# passing the second boundary before attempting to authenticate.
# Only sleep if a token revocation occurred as a result of role
@@ -145,7 +147,9 @@
# ``[identity] admin_role`` == ``[patrole] rbac_test_role``.
if not role_already_present:
time.sleep(1)
- test_obj.os_primary.auth_provider.set_auth()
+
+ for provider in auth_providers:
+ provider.set_auth()
def _get_roles_by_name(self):
available_roles = self.admin_roles_client.list_roles()['roles']
@@ -219,6 +223,15 @@
"""
@classmethod
+ def get_auth_providers(cls):
+ """Returns list of auth_providers used within test.
+
+ Tests may redefine this method to include their own or third party
+ client auth_providers.
+ """
+ return [cls.os_primary.auth_provider]
+
+ @classmethod
def skip_rbac_checks(cls):
if not CONF.patrole.enable_rbac:
deprecation_msg = ("The `[patrole].enable_rbac` option is "
diff --git a/patrole_tempest_plugin/tests/api/network/rbac_base.py b/patrole_tempest_plugin/tests/api/network/rbac_base.py
index 6c57a0c..9d3e28b 100644
--- a/patrole_tempest_plugin/tests/api/network/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/network/rbac_base.py
@@ -40,6 +40,15 @@
"""
@classmethod
+ def get_auth_providers(cls):
+ """Register auth_provider from neutron-tempest-plugin.
+ """
+ providers = super(BaseNetworkPluginRbacTest, cls).get_auth_providers()
+ if cls.is_neutron_tempest_plugin_avaliable():
+ providers.append(cls.ntp_client.auth_provider)
+ return providers
+
+ @classmethod
def skip_checks(cls):
super(BaseNetworkPluginRbacTest, cls).skip_checks()
diff --git a/patrole_tempest_plugin/tests/unit/fixtures.py b/patrole_tempest_plugin/tests/unit/fixtures.py
index 4e3387e..1c47985 100644
--- a/patrole_tempest_plugin/tests/unit/fixtures.py
+++ b/patrole_tempest_plugin/tests/unit/fixtures.py
@@ -77,7 +77,9 @@
}
self.mock_test_obj = mock.Mock(
__name__='patrole_unit_test', spec=test.BaseTestCase,
- os_primary=mock.Mock(), **test_obj_kwargs)
+ os_primary=mock.Mock(),
+ get_auth_providers=mock.Mock(return_value=[mock.Mock()]),
+ **test_obj_kwargs)
# Mock out functionality that can't be used by unit tests. Mocking out
# time.sleep is a test optimization.
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index 4937318..c5264aa 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -57,9 +57,9 @@
roles_client.create_user_role_on_project.assert_called_once_with(
self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID, 'admin_id')
- mock_test_obj.os_primary.auth_provider.clear_auth\
+ mock_test_obj.get_auth_providers()[0].clear_auth\
.assert_called_once_with()
- mock_test_obj.os_primary.auth_provider.set_auth\
+ mock_test_obj.get_auth_providers()[0].set_auth\
.assert_called_once_with()
mock_time.sleep.assert_called_once_with(1)
@@ -86,9 +86,9 @@
mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
'member_id')
])
- mock_test_obj.os_primary.auth_provider.clear_auth.assert_has_calls(
+ mock_test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
[mock.call()] * 2)
- mock_test_obj.os_primary.auth_provider.set_auth.assert_has_calls(
+ mock_test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
[mock.call()] * 2)
mock_time.sleep.assert_has_calls([mock.call(1)] * 2)
@@ -120,9 +120,9 @@
mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
'admin_id')
])
- mock_test_obj.os_primary.auth_provider.clear_auth.assert_has_calls(
+ mock_test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
[mock.call()] * 3)
- mock_test_obj.os_primary.auth_provider.set_auth.assert_has_calls(
+ mock_test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
[mock.call()] * 3)
mock_time.sleep.assert_has_calls([mock.call(1)] * 3)