Merge "Fixes test_images_member_rbac missing os credentials for image v2."

commit: f0b44d8fd474c8d6381160b06dab83c153110e5a [log] [tgz]
author: Jenkins <jenkins@review.openstack.org> Tue Mar 14 19:24:36 2017 +0000
committer: Gerrit Code Review <review@openstack.org> Tue Mar 14 19:24:36 2017 +0000
tree: b4588d38d65d938bafb0e689adab74e22f492ba8
parent: 3642309e96c6deba99200d9bcb56f5d1bf27f3ba [diff]
parent: dbea7df218bb351b62bdd4bf0dbf587cd76032dd [diff]
diff --git a/contrib/post_test_hook.sh b/contrib/post_test_hook.sh
index 3961474..b864a9b 100644
--- a/contrib/post_test_hook.sh
+++ b/contrib/post_test_hook.sh

@@ -50,6 +50,7 @@
 # Set additional, necessary CONF values
 iniset $TEMPEST_CONFIG auth use_dynamic_credentials True
 iniset $TEMPEST_CONFIG auth tempest_roles Member
+iniset $TEMPEST_CONFIG identity auth_version v3
 
 # Give permissions back to Tempest.
 sudo chown -R tempest:stack $BASE/new/tempest

diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index ae018de..abbb435 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py

@@ -87,11 +87,12 @@
             raise
 
         finally:
-            test_obj.auth_provider.clear_auth()
-            # Sleep to avoid 401 errors caused by rounding in timing of fernet
-            # token creation.
-            time.sleep(1)
-            test_obj.auth_provider.set_auth()
+            if BaseTestCase.get_identity_version() != 'v3':
+                test_obj.auth_provider.clear_auth()
+                # Sleep to avoid 401 errors caused by rounding in timing of
+                # fernet token creation.
+                time.sleep(1)
+                test_obj.auth_provider.set_auth()
 
     def _clear_user_roles(cls, user_id, tenant_id):
         roles = cls.creds_client.roles_client.list_user_roles_on_project(

diff --git a/patrole_tempest_plugin/tests/api/compute/rbac_base.py b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
index de544bb..625b5cf 100644
--- a/patrole_tempest_plugin/tests/api/compute/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/compute/rbac_base.py

@@ -38,6 +38,7 @@
         super(BaseV2ComputeRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
 
 class BaseV2ComputeAdminRbacTest(compute_base.BaseV2ComputeAdminTest):
@@ -56,6 +57,7 @@
         super(BaseV2ComputeAdminRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
     @classmethod
     def resource_setup(cls):

diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_actions.py b/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py
similarity index 87%
rename from patrole_tempest_plugin/tests/api/compute/test_instance_actions.py
rename to patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py
index a1f12d6..e35f60c 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_instance_actions.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py

@@ -13,14 +13,12 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from tempest import config
 from tempest.lib import decorators
+from tempest import test
 
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
 
-CONF = config.CONF
-
 
 class InstanceActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
 
@@ -32,9 +30,9 @@
     @classmethod
     def skip_checks(cls):
         super(InstanceActionsRbacTest, cls).skip_checks()
-        if not CONF.compute_feature_enabled.api_extensions:
+        if not test.is_extension_enabled('os-instance-actions', 'compute'):
             raise cls.skipException(
-                '%s skipped as no compute extensions enabled' % cls.__name__)
+                '%s skipped as os-instance-actions not enabled' % cls.__name__)
 
     @classmethod
     def resource_setup(cls):
@@ -51,6 +49,7 @@
         service="nova",
         rule="os_compute_api:os-instance-actions")
     def test_list_instance_actions(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
         self.client.list_instance_actions(self.server['id'])
 
     @decorators.idempotent_id('eb04c439-4215-4029-9ccb-5b3c041bfc25')
@@ -58,5 +57,6 @@
         service="nova",
         rule="os_compute_api:os-instance-actions:events")
     def test_get_instance_action(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
         self.client.show_instance_action(
             self.server['id'], self.request_id)['instanceAction']

diff --git a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
index e7cca4a..ffee5c0 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py

@@ -41,6 +41,7 @@
         cls.tenants_client = cls.os.tenants_client
         cls.users_client = cls.os.users_client
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
     def _create_service(self):
         name = data_utils.rand_name('service')

diff --git a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
index 3f045f2..7a67459 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py

@@ -44,6 +44,7 @@
         cls.groups_client = cls.os.groups_client
         cls.policies_client = cls.os.policies_client
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
     def _create_service(self):
         """Creates a service for test."""

diff --git a/patrole_tempest_plugin/tests/api/image/rbac_base.py b/patrole_tempest_plugin/tests/api/image/rbac_base.py
index daea89c..b4fed7d 100644
--- a/patrole_tempest_plugin/tests/api/image/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/image/rbac_base.py

@@ -35,6 +35,7 @@
         super(BaseV1ImageRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
 
 class BaseV2ImageRbacTest(image_base.BaseV2ImageTest):
@@ -53,3 +54,4 @@
         super(BaseV2ImageRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)

diff --git a/patrole_tempest_plugin/tests/api/network/rbac_base.py b/patrole_tempest_plugin/tests/api/network/rbac_base.py
index af5d110..de5ed88 100644
--- a/patrole_tempest_plugin/tests/api/network/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/network/rbac_base.py

@@ -37,3 +37,4 @@
         super(BaseNetworkRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)

diff --git a/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py b/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py
index 562c66e..f90decc 100644
--- a/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py

@@ -35,6 +35,7 @@
         super(BaseOrchestrationRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
     def tearDown(self):
         self.rbac_utils.switch_role(self, switchToRbacRole=False)

diff --git a/patrole_tempest_plugin/tests/api/volume/rbac_base.py b/patrole_tempest_plugin/tests/api/volume/rbac_base.py
index 005986d..c762473 100644
--- a/patrole_tempest_plugin/tests/api/volume/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/volume/rbac_base.py

@@ -35,6 +35,7 @@
         super(BaseVolumeRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
 
 
 class BaseVolumeAdminRbacTest(vol_base.BaseVolumeAdminTest):
@@ -53,6 +54,7 @@
         super(BaseVolumeAdminRbacTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.rbac_utils = rbac_utils()
+        cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
         version_checker = {
             1: [cls.os.volume_hosts_client, cls.os.volume_types_client],
             2: [cls.os.volume_hosts_v2_client, cls.os.volume_types_v2_client]
commit	f0b44d8fd474c8d6381160b06dab83c153110e5a	[log] [tgz]
author	Jenkins <jenkins@review.openstack.org>	Tue Mar 14 19:24:36 2017 +0000
committer	Gerrit Code Review <review@openstack.org>	Tue Mar 14 19:24:36 2017 +0000
tree	b4588d38d65d938bafb0e689adab74e22f492ba8
parent	3642309e96c6deba99200d9bcb56f5d1bf27f3ba [diff]
parent	dbea7df218bb351b62bdd4bf0dbf587cd76032dd [diff]