Reset ntp_client cached token in override_role context
As bug [0] shows we have incorrect behaviour with client, when its
allowed to perform forbidden action beacause of cached token.
This patchset expands RbacUtilsMixin with `get_auth_providers` so
we can define additional auth_providers on testcase level.
Using it we reset cached auth data for neutron-tempest-plugin
client in *PluginRbacTest tests.
[0] https://storyboard.openstack.org/#!/story/2003296
Change-Id: Ie444f1e0be1c9a5ff7fc8a968269b73f510685e3
Story: 2003296
Task: 24245
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 02b9297..9a9f864 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -137,7 +137,9 @@
with excutils.save_and_reraise_exception():
LOG.exception(exp)
finally:
- test_obj.os_primary.auth_provider.clear_auth()
+ auth_providers = test_obj.get_auth_providers()
+ for provider in auth_providers:
+ provider.clear_auth()
# Fernet tokens are not subsecond aware so sleep to ensure we are
# passing the second boundary before attempting to authenticate.
# Only sleep if a token revocation occurred as a result of role
@@ -145,7 +147,9 @@
# ``[identity] admin_role`` == ``[patrole] rbac_test_role``.
if not role_already_present:
time.sleep(1)
- test_obj.os_primary.auth_provider.set_auth()
+
+ for provider in auth_providers:
+ provider.set_auth()
def _get_roles_by_name(self):
available_roles = self.admin_roles_client.list_roles()['roles']
@@ -219,6 +223,15 @@
"""
@classmethod
+ def get_auth_providers(cls):
+ """Returns list of auth_providers used within test.
+
+ Tests may redefine this method to include their own or third party
+ client auth_providers.
+ """
+ return [cls.os_primary.auth_provider]
+
+ @classmethod
def skip_rbac_checks(cls):
if not CONF.patrole.enable_rbac:
deprecation_msg = ("The `[patrole].enable_rbac` option is "