Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 23923f0eba8f79b2a7015dd97b97323c1ab1db02^! / .
commit23923f0eba8f79b2a7015dd97b97323c1ab1db02[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Fri Mar 17 02:15:07 2017 +0000
committerFelipe Monteiro <felipe.monteiro@att.com>Fri Mar 17 02:15:07 2017 +0000
tree33be6a62b9dbc19a35bb49673ae97ab484120498
parente83a257b06a79ff3fc8f8d857f3a7e24728ca118 [diff]
Partially revert removal of time.sleep if v3 auth enabled in conf.

In a previous patch [0], an attempt was made to speed up Patrole
tests by skipping over time.sleep(1) if v3 auth was enabled
in tempest.conf.

However, this resulted in more tests failing than otherwise should
be for non-admin roles (i.e. Member role). This is because:

"Fernet tokens are not subsecond aware and Keystone should only be
 precise to the second. Sleep to ensure we are passing the second
 boundary before attempting to authenticate." [1][2]

This patch guarantees that time.sleep(1) is always executed,
regardless of identity auth version used by Tempest. While this
prolongs the test runs in the gates, this change is necessary
to guarantee correct test execution for non-admin roles.

[0] https://review.openstack.org/#/c/444967/
[1] https://github.com/openstack/tempest/blob/master/tempest/api/identity/v2/test_users.py
[2] https://github.com/openstack/tempest/blob/master/tempest/api/identity/v3/test_users.py

Change-Id: I007190906e710f540ed0e44e76bd17047fcddea4
Closes-Bug: #1673497

diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index abbb435..18f132e 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py

@@ -87,12 +87,18 @@
             raise
 
         finally:
-            if BaseTestCase.get_identity_version() != 'v3':
-                test_obj.auth_provider.clear_auth()
-                # Sleep to avoid 401 errors caused by rounding in timing of
-                # fernet token creation.
-                time.sleep(1)
-                test_obj.auth_provider.set_auth()
+            # NOTE(felipemonteiro): These two comments below are copied from
+            # tempest.api.identity.v2/v3.test_users.
+            #
+            # Reset auth again to verify the password restore does work.
+            # Clear auth restores the original credentials and deletes
+            # cached auth data.
+            test_obj.auth_provider.clear_auth()
+            # Fernet tokens are not subsecond aware and Keystone should only be
+            # precise to the second. Sleep to ensure we are passing the second
+            # boundary before attempting to authenticate.
+            time.sleep(1)
+            test_obj.auth_provider.set_auth()
 
     def _clear_user_roles(cls, user_id, tenant_id):
         roles = cls.creds_client.roles_client.list_user_roles_on_project(