Drop admin_role CONF dependency from cred provider
Cred providers depend on the admin_role which is read from CONF.
Adding that as a new mandatory parameter in preparation to
migration to tempest-lib.
Change-Id: Ic8ae2d36978635c9c9bade23cfef737dc3fb44b1
Partially-implements: bp tempest-library
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index 089f3af..3575998 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -99,7 +99,7 @@
@six.add_metaclass(abc.ABCMeta)
class CredentialProvider(object):
def __init__(self, identity_version, name=None, network_resources=None,
- credentials_domain=None):
+ credentials_domain=None, admin_role=None):
"""A CredentialProvider supplies credentials to test classes.
:param identity_version: Identity version of the credentials provided
:param name: Name of the calling test. Included in provisioned
@@ -107,11 +107,13 @@
:param network_resources: Network resources required for the
credentials
:param credentials_domain: Domain credentials belong to
+ :param admin_role: Name of the role of the admin account
"""
self.identity_version = identity_version
self.name = name or "test_creds"
self.network_resources = network_resources
self.credentials_domain = credentials_domain or 'Default'
+ self.admin_role = admin_role
if not auth.is_identity_version_supported(self.identity_version):
raise exceptions.InvalidIdentityVersion(
identity_version=self.identity_version)
diff --git a/tempest/common/credentials.py b/tempest/common/credentials.py
index 88ae9ce..76f8afe 100644
--- a/tempest/common/credentials.py
+++ b/tempest/common/credentials.py
@@ -38,17 +38,20 @@
name=name,
network_resources=network_resources,
identity_version=identity_version,
- credentials_domain=CONF.auth.default_credentials_domain_name)
+ credentials_domain=CONF.auth.default_credentials_domain_name,
+ admin_role=CONF.identity.admin_role)
else:
if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)):
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name, identity_version=identity_version,
- credentials_domain=CONF.auth.default_credentials_domain_name)
+ credentials_domain=CONF.auth.default_credentials_domain_name,
+ admin_role=CONF.identity.admin_role)
else:
return preprov_creds.NonLockingCredentialProvider(
- name=name, identity_version=identity_version)
+ name=name, identity_version=identity_version,
+ admin_role=CONF.identity.admin_role)
# We want a helper function here to check and see if admin credentials
@@ -65,7 +68,8 @@
elif (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
- identity_version=identity_version, name='check_admin')
+ identity_version=identity_version, name='check_admin',
+ admin_role=CONF.identity.admin_role)
if not check_accounts.admin_available():
is_admin = False
else:
@@ -91,10 +95,12 @@
if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
- identity_version=identity_version, name='check_alt')
+ identity_version=identity_version, name='check_alt',
+ admin_role=CONF.identity.admin_role)
else:
check_accounts = preprov_creds.NonLockingCredentialProvider(
- identity_version=identity_version, name='check_alt')
+ identity_version=identity_version, name='check_alt',
+ admin_role=CONF.identity.admin_role)
try:
if not check_accounts.is_multi_user():
return False
diff --git a/tempest/common/dynamic_creds.py b/tempest/common/dynamic_creds.py
index 7413c8c..e2df560 100644
--- a/tempest/common/dynamic_creds.py
+++ b/tempest/common/dynamic_creds.py
@@ -31,11 +31,11 @@
class DynamicCredentialProvider(cred_provider.CredentialProvider):
def __init__(self, identity_version, name=None, network_resources=None,
- credentials_domain=None):
+ credentials_domain=None, admin_role=None):
super(DynamicCredentialProvider, self).__init__(
identity_version=identity_version, name=name,
network_resources=network_resources,
- credentials_domain=credentials_domain)
+ credentials_domain=credentials_domain, admin_role=admin_role)
self._creds = {}
self.ports = []
self.default_admin_creds = cred_provider.get_configured_credentials(
@@ -99,7 +99,7 @@
role_assigned = False
if admin:
self.creds_client.assign_user_role(user, project,
- CONF.identity.admin_role)
+ self.admin_role)
role_assigned = True
# Add roles specified in config file
for conf_role in CONF.auth.tempest_roles:
diff --git a/tempest/common/preprov_creds.py b/tempest/common/preprov_creds.py
index c951972..dd27f08 100644
--- a/tempest/common/preprov_creds.py
+++ b/tempest/common/preprov_creds.py
@@ -39,10 +39,11 @@
class PreProvisionedCredentialProvider(cred_provider.CredentialProvider):
- def __init__(self, identity_version, name=None, credentials_domain=None):
+ def __init__(self, identity_version, name=None, credentials_domain=None,
+ admin_role=None):
super(PreProvisionedCredentialProvider, self).__init__(
identity_version=identity_version, name=name,
- credentials_domain=credentials_domain)
+ credentials_domain=credentials_domain, admin_role=admin_role)
if (CONF.auth.test_accounts_file and
os.path.isfile(CONF.auth.test_accounts_file)):
accounts = read_accounts_yaml(CONF.auth.test_accounts_file)
@@ -50,7 +51,7 @@
else:
accounts = {}
self.use_default_creds = True
- self.hash_dict = self.get_hash_dict(accounts)
+ self.hash_dict = self.get_hash_dict(accounts, admin_role)
self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF),
'test_accounts')
self._creds = {}
@@ -64,7 +65,7 @@
return hash_dict
@classmethod
- def get_hash_dict(cls, accounts):
+ def get_hash_dict(cls, accounts, admin_role):
hash_dict = {'roles': {}, 'creds': {}, 'networks': {}}
# Loop over the accounts read from the yaml file
for account in accounts:
@@ -88,8 +89,8 @@
# subdict with the hash
for type in types:
if type == 'admin':
- hash_dict = cls._append_role(CONF.identity.admin_role,
- temp_hash_key, hash_dict)
+ hash_dict = cls._append_role(admin_role, temp_hash_key,
+ hash_dict)
elif type == 'operator':
hash_dict = cls._append_role(
CONF.object_storage.operator_role, temp_hash_key,
@@ -174,9 +175,9 @@
# privlege set which could potentially cause issues on tests where that
# is not expected. So unless the admin role isn't specified do not
# allocate admin.
- admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role,
+ admin_hashes = self.hash_dict['roles'].get(self.admin_role,
None)
- if ((not roles or CONF.identity.admin_role not in roles) and
+ if ((not roles or self.admin_role not in roles) and
admin_hashes):
useable_hashes = [x for x in hashes if x not in admin_hashes]
else:
@@ -267,7 +268,7 @@
self.remove_credentials(creds)
def get_admin_creds(self):
- return self.get_creds_by_roles([CONF.identity.admin_role])
+ return self.get_creds_by_roles([self.admin_role])
def is_role_available(self, role):
if self.use_default_creds:
@@ -278,7 +279,7 @@
return False
def admin_available(self):
- return self.is_role_available(CONF.identity.admin_role)
+ return self.is_role_available(self.admin_role)
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
diff --git a/tempest/tests/common/test_preprov_creds.py b/tempest/tests/common/test_preprov_creds.py
index e813b2e..8a014af 100644
--- a/tempest/tests/common/test_preprov_creds.py
+++ b/tempest/tests/common/test_preprov_creds.py
@@ -37,7 +37,8 @@
class TestPreProvisionedCredentials(base.TestCase):
fixed_params = {'name': 'test class',
- 'identity_version': 'v2'}
+ 'identity_version': 'v2',
+ 'admin_role': 'admin'}
def setUp(self):
super(TestPreProvisionedCredentials, self).setUp()
@@ -103,7 +104,8 @@
def test_get_hash_dict(self):
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
- hash_dict = test_account_class.get_hash_dict(self.test_accounts)
+ hash_dict = test_account_class.get_hash_dict(
+ self.test_accounts, self.fixed_params['admin_role'])
hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list:
self.assertIn(hash, hash_dict['creds'].keys())
@@ -332,7 +334,8 @@
class TestNotLockingAccount(base.TestCase):
fixed_params = {'name': 'test class',
- 'identity_version': 'v2'}
+ 'identity_version': 'v2',
+ 'admin_role': 'admin'}
def setUp(self):
super(TestNotLockingAccount, self).setUp()
diff --git a/tempest/tests/test_dynamic_creds.py b/tempest/tests/test_dynamic_creds.py
index 08b2ab6..59a5523 100644
--- a/tempest/tests/test_dynamic_creds.py
+++ b/tempest/tests/test_dynamic_creds.py
@@ -33,7 +33,8 @@
class TestDynamicCredentialProvider(base.TestCase):
fixed_params = {'name': 'test class',
- 'identity_version': 'v2'}
+ 'identity_version': 'v2',
+ 'admin_role': 'admin'}
def setUp(self):
super(TestDynamicCredentialProvider, self).setUp()