Merge "Allow full v3 authentication"
diff --git a/tempest/api/compute/servers/test_list_server_filters.py b/tempest/api/compute/servers/test_list_server_filters.py
index a694fb5..5c10f30 100644
--- a/tempest/api/compute/servers/test_list_server_filters.py
+++ b/tempest/api/compute/servers/test_list_server_filters.py
@@ -185,7 +185,7 @@
def test_list_servers_detailed_filter_by_image(self):
# Filter the detailed list of servers by image
params = {'image': self.image_ref}
- resp, body = self.client.list_servers_with_detail(params)
+ body = self.client.list_servers_with_detail(params)
servers = body['servers']
self.assertIn(self.s1['id'], map(lambda x: x['id'], servers))
diff --git a/tempest/api/identity/admin/v3/test_default_project_id.py b/tempest/api/identity/admin/v3/test_default_project_id.py
index 4e01835..9841cc8 100644
--- a/tempest/api/identity/admin/v3/test_default_project_id.py
+++ b/tempest/api/identity/admin/v3/test_default_project_id.py
@@ -66,7 +66,7 @@
"doesn't have domain id " + dom_id)
# get roles and find the admin role
- admin_role = self.get_role_by_name("admin")
+ admin_role = self.get_role_by_name(CONF.identity.admin_role)
admin_role_id = admin_role['id']
# grant the admin role to the user on his project
diff --git a/tempest/api_schema/response/compute/v2/images.py b/tempest/api_schema/response/compute/v2/images.py
index 2317e6b..43dae38 100644
--- a/tempest/api_schema/response/compute/v2/images.py
+++ b/tempest/api_schema/response/compute/v2/images.py
@@ -40,11 +40,12 @@
},
'required': ['id', 'links']
},
- 'OS-EXT-IMG-SIZE:size': {'type': 'integer'}
+ 'OS-EXT-IMG-SIZE:size': {'type': 'integer'},
+ 'OS-DCF:diskConfig': {'type': 'string'}
},
# 'server' attributes only comes in response body if image is
- # associated with any server. 'OS-EXT-IMG-SIZE:size' is API
- # extension, So those are not defined as 'required'.
+ # associated with any server. 'OS-EXT-IMG-SIZE:size' & 'OS-DCF:diskConfig'
+ # are API extension, So those are not defined as 'required'.
'required': ['id', 'status', 'updated', 'links', 'name',
'created', 'minDisk', 'minRam', 'progress',
'metadata']
diff --git a/tempest/api_schema/response/compute/v2/servers.py b/tempest/api_schema/response/compute/v2/servers.py
index 83dbb4f..c116bf5 100644
--- a/tempest/api_schema/response/compute/v2/servers.py
+++ b/tempest/api_schema/response/compute/v2/servers.py
@@ -296,15 +296,34 @@
list_servers_detail = copy.deepcopy(servers.base_list_servers_detail)
list_servers_detail['response_body']['properties']['servers']['items'][
'properties'].update({
+ 'key_name': {'type': ['string', 'null']},
'hostId': {'type': 'string'},
'OS-DCF:diskConfig': {'type': 'string'},
'security_groups': {'type': 'array'},
+
+ # NOTE: Non-admin users also can see "OS-SRV-USG" and "OS-EXT-AZ"
+ # attributes.
+ 'OS-SRV-USG:launched_at': {'type': ['string', 'null']},
+ 'OS-SRV-USG:terminated_at': {'type': ['string', 'null']},
+ 'OS-EXT-AZ:availability_zone': {'type': 'string'},
+
+ # NOTE: Admin users only can see "OS-EXT-STS" and "OS-EXT-SRV-ATTR"
+ # attributes.
+ 'OS-EXT-STS:task_state': {'type': ['string', 'null']},
+ 'OS-EXT-STS:vm_state': {'type': 'string'},
+ 'OS-EXT-STS:power_state': {'type': 'integer'},
+ 'OS-EXT-SRV-ATTR:host': {'type': ['string', 'null']},
+ 'OS-EXT-SRV-ATTR:instance_name': {'type': 'string'},
+ 'OS-EXT-SRV-ATTR:hypervisor_hostname': {'type': ['string', 'null']},
+ 'os-extended-volumes:volumes_attached': {'type': 'array'},
'accessIPv4': parameter_types.access_ip_v4,
- 'accessIPv6': parameter_types.access_ip_v6
+ 'accessIPv6': parameter_types.access_ip_v6,
+ 'config_drive': {'type': 'string'}
})
-# NOTE(GMann): OS-DCF:diskConfig, security_groups and accessIPv4/v6
-# are API extensions, and some environments return a response
-# without these attributes. So they are not 'required'.
+# NOTE(GMann): OS-SRV-USG, OS-EXT-AZ, OS-EXT-STS, OS-EXT-SRV-ATTR,
+# os-extended-volumes, OS-DCF and accessIPv4/v6 are API
+# extensions, and some environments return a response without
+# these attributes. So they are not 'required'.
list_servers_detail['response_body']['properties']['servers']['items'][
'required'].append('hostId')
# NOTE(gmann): Update OS-EXT-IPS:type and OS-EXT-IPS-MAC:mac_addr
@@ -320,8 +339,6 @@
rebuild_server = copy.deepcopy(update_server)
rebuild_server['status_code'] = [202]
-del rebuild_server['response_body']['properties']['server'][
- 'properties']['OS-DCF:diskConfig']
rebuild_server_with_admin_pass = copy.deepcopy(rebuild_server)
rebuild_server_with_admin_pass['response_body']['properties']['server'][
diff --git a/tempest/auth.py b/tempest/auth.py
index b82b819..113ad69 100644
--- a/tempest/auth.py
+++ b/tempest/auth.py
@@ -20,9 +20,9 @@
import re
import urlparse
+from oslo_log import log as logging
import six
-from oslo_log import log as logging
from tempest.services.identity.v2.json import token_client as json_v2id
from tempest.services.identity.v3.json import token_client as json_v3id
@@ -445,7 +445,9 @@
return identity_version in IDENTITY_VERSION
-def get_credentials(auth_url, fill_in=True, identity_version='v2', **kwargs):
+def get_credentials(auth_url, fill_in=True, identity_version='v2',
+ disable_ssl_certificate_validation=None, ca_certs=None,
+ trace_requests=None, **kwargs):
"""
Builds a credentials object based on the configured auth_version
@@ -457,6 +459,11 @@
by invoking ``is_valid()``
:param identity_version (string): identity API version is used to
select the matching auth provider and credentials class
+ :param disable_ssl_certificate_validation: whether to enforce SSL
+ certificate validation in SSL API requests to the auth system
+ :param ca_certs: CA certificate bundle for validation of certificates
+ in SSL API requests to the auth system
+ :param trace_requests: trace in log API requests to the auth system
:param kwargs (dict): Dict of credential key/value pairs
Examples:
@@ -477,7 +484,10 @@
creds = credential_class(**kwargs)
# Fill in the credentials fields that were not specified
if fill_in:
- auth_provider = auth_provider_class(creds, auth_url)
+ dsvm = disable_ssl_certificate_validation
+ auth_provider = auth_provider_class(
+ creds, auth_url, disable_ssl_certificate_validation=dsvm,
+ ca_certs=ca_certs, trace_requests=trace_requests)
creds = auth_provider.fill_credentials()
return creds
diff --git a/tempest/cmd/run_stress.py b/tempest/cmd/run_stress.py
index 2bed355..06b338d 100755
--- a/tempest/cmd/run_stress.py
+++ b/tempest/cmd/run_stress.py
@@ -24,9 +24,9 @@
# unittest in python 2.6 does not contain loader, so uses unittest2
from unittest2 import loader
+from oslo_log import log as logging
from testtools import testsuite
-from oslo_log import log as logging
from tempest.stress import driver
LOG = logging.getLogger(__name__)
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index 6be1b6b..4d66ffc 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -31,6 +31,13 @@
'alt_user': ('identity', 'alt')
}
+DEFAULT_PARAMS = {
+ 'disable_ssl_certificate_validation':
+ CONF.identity.disable_ssl_certificate_validation,
+ 'ca_certs': CONF.identity.ca_certificates_file,
+ 'trace_requests': CONF.debug.trace_requests
+}
+
# Read credentials from configuration, builds a Credentials object
# based on the specified or configured version
@@ -46,7 +53,7 @@
if identity_version == 'v3':
conf_attributes.append('domain_name')
# Read the parts of credentials from config
- params = {}
+ params = DEFAULT_PARAMS
section, prefix = CREDENTIAL_TYPES[credential_type]
for attr in conf_attributes:
_section = getattr(CONF, section)
@@ -69,6 +76,7 @@
# Wrapper around auth.get_credentials to use the configured identity version
# is none is specified
def get_credentials(fill_in=True, identity_version=None, **kwargs):
+ params = dict(DEFAULT_PARAMS, **kwargs)
identity_version = identity_version or CONF.identity.auth_version
# In case of "v3" add the domain from config if not specified
if identity_version == 'v3':
@@ -82,7 +90,7 @@
return auth.get_credentials(auth_url,
fill_in=fill_in,
identity_version=identity_version,
- **kwargs)
+ **params)
@six.add_metaclass(abc.ABCMeta)
diff --git a/tempest/common/credentials.py b/tempest/common/credentials.py
index 3794b66..2f7fb73 100644
--- a/tempest/common/credentials.py
+++ b/tempest/common/credentials.py
@@ -58,7 +58,8 @@
is_admin = False
else:
try:
- cred_provider.get_configured_credentials('identity_admin')
+ cred_provider.get_configured_credentials('identity_admin',
+ fill_in=False)
except exceptions.InvalidConfiguration:
is_admin = False
return is_admin
diff --git a/tempest/test.py b/tempest/test.py
index d6858a3..7039f4c 100644
--- a/tempest/test.py
+++ b/tempest/test.py
@@ -94,7 +94,8 @@
'object_storage': CONF.service_available.swift,
'dashboard': CONF.service_available.horizon,
'telemetry': CONF.service_available.ceilometer,
- 'data_processing': CONF.service_available.sahara
+ 'data_processing': CONF.service_available.sahara,
+ 'database': CONF.service_available.trove
}
return service_list
@@ -108,7 +109,7 @@
def decorator(f):
services = ['compute', 'image', 'baremetal', 'volume', 'orchestration',
'network', 'identity', 'object_storage', 'dashboard',
- 'telemetry', 'data_processing']
+ 'telemetry', 'data_processing', 'database']
for service in args:
if service not in services:
raise exceptions.InvalidServiceTag('%s is not a valid '