Add config option to disable network isolation
This commit adds a new config option to the auth section,
create_isolated_networks, to disable tenant isolation from attempting
to create an isolated network stack on each created tenant. This is
needed because in certain neutron configurations the extra resource
creations are not need or not allowed.
Change-Id: I0899a43709a0cb2967376e914248d2ad4a37773a
Closes-Bug: #1447829
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index b434fdc..eab7487 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -310,6 +310,12 @@
will additionally be used as a fallback for server creation. However, unlike
accounts.yaml this should never be triggered.
+However, there is an option *create_isolated_networks* to disable tenant
+isolation's automatic provisioning of network resources. If this option is
+used you will have to either rely on there only being a single/default network
+available for the server creation, or use *fixed_network_name* to inform
+Tempest which network to use.
+
Configuring Available Services
------------------------------
OpenStack is really a constellation of several different projects which
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 168560a..b3aca42 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -122,6 +122,14 @@
# the domain from theadmin user is used instead. (string value)
#tenant_isolation_domain_name = <None>
+# If allow_tenant_isolation is set to True and Neutron is enabled
+# Tempest will try to create a useable network, subnet, and router
+# when needed for each tenant it creates. However in some neutron
+# configurations, like with VLAN provider networks, this doesn't work.
+# So if set to False the isolated networks will not be created
+# (boolean value)
+#create_isolated_networks = true
+
[baremetal]
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index fee1467..5ded3ee 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -311,7 +311,8 @@
LOG.info("Acquired isolated creds:\n credentials: %s"
% credentials)
if (CONF.service_available.neutron and
- not CONF.baremetal.driver_enabled):
+ not CONF.baremetal.driver_enabled and
+ CONF.auth.create_isolated_networks):
network, subnet, router = self._create_network_resources(
credentials.tenant_id)
credentials.set_resources(network=network, subnet=subnet,
diff --git a/tempest/config.py b/tempest/config.py
index e365b2b..603ccd2 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -69,7 +69,15 @@
help="Only applicable when identity.auth_version is v3."
"Domain within which isolated credentials are provisioned."
"The default \"None\" means that the domain from the"
- "admin user is used instead.")
+ "admin user is used instead."),
+ cfg.BoolOpt('create_isolated_networks',
+ default=True,
+ help="If allow_tenant_isolation is set to True and Neutron is "
+ "enabled Tempest will try to create a useable network, "
+ "subnet, and router when needed for each tenant it "
+ "creates. However in some neutron configurations, like "
+ "with VLAN provider networks, this doesn't work. So if "
+ "set to False the isolated networks will not be created"),
]
identity_group = cfg.OptGroup(name='identity',
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_tenant_isolation.py
index 47e6abd..72a63c3 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_tenant_isolation.py
@@ -268,6 +268,36 @@
self.assertEqual(alt_creds.user_id, '1234')
@mock.patch('tempest_lib.common.rest_client.RestClient')
+ def test_no_network_creation_with_config_set(self, MockRestClient):
+ cfg.CONF.set_default('create_isolated_networks', False, group='auth')
+ iso_creds = isolated_creds.IsolatedCreds(name='test class',
+ password='fake_password')
+ self._mock_assign_user_role()
+ self._mock_list_role()
+ self._mock_user_create('1234', 'fake_prim_user')
+ self._mock_tenant_create('1234', 'fake_prim_tenant')
+ net = mock.patch.object(iso_creds.network_admin_client,
+ 'delete_network')
+ net_mock = net.start()
+ subnet = mock.patch.object(iso_creds.network_admin_client,
+ 'delete_subnet')
+ subnet_mock = subnet.start()
+ router = mock.patch.object(iso_creds.network_admin_client,
+ 'delete_router')
+ router_mock = router.start()
+
+ primary_creds = iso_creds.get_primary_creds()
+ self.assertEqual(net_mock.mock_calls, [])
+ self.assertEqual(subnet_mock.mock_calls, [])
+ self.assertEqual(router_mock.mock_calls, [])
+ network = primary_creds.network
+ subnet = primary_creds.subnet
+ router = primary_creds.router
+ self.assertIsNone(network)
+ self.assertIsNone(subnet)
+ self.assertIsNone(router)
+
+ @mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds(name='test class',
password='fake_password')