Added system scope support for static accounts
We have special locking for project scope accounts.
Now we should separate system admin accounts from project accounts.
Related-PROD: https://mirantis.jira.com/browse/PRODX-25578
Change-Id: Id1e5be6dfaa5dd01920074467cbab1255361196c
(cherry picked from commit 0b8bfec57516d7c817414fecb7b1ecf8dbfcaf0e)
diff --git a/tempest/lib/common/preprov_creds.py b/tempest/lib/common/preprov_creds.py
index 4da1a7e..2938a9d 100644
--- a/tempest/lib/common/preprov_creds.py
+++ b/tempest/lib/common/preprov_creds.py
@@ -154,7 +154,8 @@
temp_hash_key = temp_hash.hexdigest()
hash_dict['creds'][temp_hash_key] = account
for role in roles:
- hash_dict = cls._append_role(role, temp_hash_key, hash_dict)
+ hash_dict = cls._append_role(role, temp_hash_key,
+ hash_dict)
if scope:
hash_dict = cls._append_scoped_role(
scope, role, temp_hash_key, hash_dict)
@@ -192,7 +193,9 @@
'Unknown resource type %s, ignoring this field',
resource
)
- hash_dict = cls._append_project(account, temp_hash_key, hash_dict)
+ if scope == 'project':
+ hash_dict = cls._append_project(account, temp_hash_key,
+ hash_dict)
return hash_dict
def is_multi_user(self):
@@ -210,16 +213,18 @@
return False
def _process_project(self, hash_, used_projects=None, use=True):
+ project = self.hash_dict['creds'][hash_].get('project_name')
+ if not project:
+ project = self.hash_dict['creds'][hash_].get('tenant_name')
+ if not project:
+ return
if used_projects is None:
used_projects = self._get_used_projects()
- if 'tenant_name' in self.hash_dict['creds'][hash_]:
- project = self.hash_dict['creds'][hash_]['tenant_name']
- else:
- project = self.hash_dict['creds'][hash_]['project_name']
method = 'append' if use else 'remove'
getattr(used_projects, method)(project)
with open(self._used_projects_file, 'w') as file:
file.write('\n'.join(used_projects) + '\n')
+ return project
def _get_used_projects(self):
used_projects = []
@@ -306,11 +311,14 @@
return temp_creds
def _get_creds(self, roles=None, scope=None):
- useable_hashes = self._get_match_hash_list(roles, scope)
- if not useable_hashes:
+ usable_hashes = self._get_match_hash_list(roles, scope)
+ if not usable_hashes:
msg = 'No users configured for type/roles %s' % roles
raise lib_exc.InvalidCredentials(msg)
- free_hash = self._get_free_hash(useable_hashes)
+ if scope == 'system':
+ free_hash = next(iter(usable_hashes))
+ else:
+ free_hash = self._get_free_hash(usable_hashes)
clean_creds = self._sanitize_creds(
self.hash_dict['creds'][free_hash])
LOG.info('%s allocated creds for roles %s in scope %s:\n%s',
@@ -319,15 +327,15 @@
@lockutils.synchronized('test_accounts_io', external=True)
def remove_hash(self, hash_string):
- self._process_project(hash_string, use=False)
- hash_path = os.path.join(self.accounts_dir, hash_string)
- if not os.path.isfile(hash_path):
- LOG.warning('Expected an account lock file %s to remove, but '
- 'one did not exist', hash_path)
- else:
- os.remove(hash_path)
- if not os.listdir(self.accounts_dir):
- os.rmdir(self.accounts_dir)
+ if self._process_project(hash_string, use=False):
+ hash_path = os.path.join(self.accounts_dir, hash_string)
+ if not os.path.isfile(hash_path):
+ LOG.warning('Expected an account lock file %s to remove, but '
+ 'one did not exist', hash_path)
+ else:
+ os.remove(hash_path)
+ if not os.listdir(self.accounts_dir):
+ os.rmdir(self.accounts_dir)
def get_hash(self, creds):
for _hash in self.hash_dict['creds']:
@@ -558,7 +566,8 @@
accounts with and without networks
:return: boolean value
"""
- if separate_projects_by_network_existence:
+ if ({'project_name', 'tenant_name'} & account.keys()) and \
+ separate_projects_by_network_existence:
is_network_in_resources = 'network' in account.get('resources', {})
return is_network_in_resources ==\
tests_require_projects_with_networks