Merge "Fix server schema for OS-EXT-IPS extension attributes"
diff --git a/etc/accounts.yaml.sample b/etc/accounts.yaml.sample
index 54fdcad..64ff8a7 100644
--- a/etc/accounts.yaml.sample
+++ b/etc/accounts.yaml.sample
@@ -9,3 +9,27 @@
- username: 'user_2'
tenant_name: 'test_tenant_2'
password: 'test_password'
+
+# To specify which roles a user has list them under the roles field
+- username: 'multi_role_user'
+ tenant_name: 'test_tenant_42'
+ password: 'test_password'
+ roles:
+ - 'fun_role'
+ - 'not_an_admin'
+ - 'an_admin'
+
+# To specify a user has a role specified in the config file you can use the
+# type field to specify it, valid values are admin, operator, and reseller_admin
+- username: 'swift_pseudo_admin_user_1'
+ tenant_name: 'admin_tenant_1'
+ password: 'test_password'
+ types:
+ - 'reseller_admin'
+ - 'operator'
+
+- username: 'admin_user_1'
+ tenant_name: 'admin_tenant_1'
+ password: 'test_password'
+ types:
+ - 'admin'
diff --git a/tempest/api/compute/admin/test_aggregates_negative.py b/tempest/api/compute/admin/test_aggregates_negative.py
index 02e2b0b..25a2f7a 100644
--- a/tempest/api/compute/admin/test_aggregates_negative.py
+++ b/tempest/api/compute/admin/test_aggregates_negative.py
@@ -45,7 +45,7 @@
def test_aggregate_create_as_user(self):
# Regular user is not allowed to create an aggregate.
aggregate_name = data_utils.rand_name(self.aggregate_name_prefix)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.create_aggregate,
name=aggregate_name)
@@ -86,7 +86,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.delete_aggregate,
aggregate['id'])
@@ -94,7 +94,7 @@
@test.idempotent_id('b7d475a6-5dcd-4ff4-b70a-cd9de66a6672')
def test_aggregate_list_as_user(self):
# Regular user is not allowed to list aggregates.
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.list_aggregates)
@test.attr(type=['negative', 'gate'])
@@ -105,7 +105,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.get_aggregate,
aggregate['id'])
@@ -149,7 +149,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.add_host,
aggregate['id'], self.host)
@@ -178,7 +178,7 @@
self.client.add_host(aggregate['id'], self.host)
self.addCleanup(self.client.remove_host, aggregate['id'], self.host)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.remove_host,
aggregate['id'], self.host)
diff --git a/tempest/api/compute/admin/test_availability_zone_negative.py b/tempest/api/compute/admin/test_availability_zone_negative.py
index caecddc..69bee39 100644
--- a/tempest/api/compute/admin/test_availability_zone_negative.py
+++ b/tempest/api/compute/admin/test_availability_zone_negative.py
@@ -35,5 +35,5 @@
# List of availability zones and available services with
# non-administrator user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_availability_zone_list_detail)
diff --git a/tempest/api/compute/admin/test_fixed_ips_negative.py b/tempest/api/compute/admin/test_fixed_ips_negative.py
index df3c390..39ceda3 100644
--- a/tempest/api/compute/admin/test_fixed_ips_negative.py
+++ b/tempest/api/compute/admin/test_fixed_ips_negative.py
@@ -45,7 +45,7 @@
@test.idempotent_id('9f17f47d-daad-4adc-986e-12370c93e407')
@test.services('network')
def test_list_fixed_ip_details_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.get_fixed_ip_details, self.ip)
@test.attr(type=['negative', 'gate'])
@@ -53,7 +53,7 @@
@test.services('network')
def test_set_reserve_with_non_admin_user(self):
body = {"reserve": "None"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reserve_fixed_ip,
self.ip, body)
@@ -62,7 +62,7 @@
@test.services('network')
def test_set_unreserve_with_non_admin_user(self):
body = {"unreserve": "None"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reserve_fixed_ip,
self.ip, body)
diff --git a/tempest/api/compute/admin/test_flavors_access_negative.py b/tempest/api/compute/admin/test_flavors_access_negative.py
index af53985..9c55143 100644
--- a/tempest/api/compute/admin/test_flavors_access_negative.py
+++ b/tempest/api/compute/admin/test_flavors_access_negative.py
@@ -70,7 +70,7 @@
new_flavor_id,
is_public='False')
self.addCleanup(self.client.delete_flavor, new_flavor['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.add_flavor_access,
new_flavor['id'],
self.tenant_id)
@@ -91,7 +91,7 @@
self.client.add_flavor_access(new_flavor['id'], self.tenant_id)
self.addCleanup(self.client.remove_flavor_access,
new_flavor['id'], self.tenant_id)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.remove_flavor_access,
new_flavor['id'],
self.tenant_id)
diff --git a/tempest/api/compute/admin/test_flavors_extra_specs_negative.py b/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
index 979fdd3..a802736 100644
--- a/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
+++ b/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
@@ -63,7 +63,7 @@
def test_flavor_non_admin_set_keys(self):
# Test to SET flavor extra spec as a user without admin privileges.
specs = {"key1": "value1", "key2": "value2"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.set_flavor_extra_spec,
self.flavor['id'],
specs)
@@ -76,7 +76,7 @@
body = self.client.set_flavor_extra_spec(
self.flavor['id'], specs)
self.assertEqual(body['key1'], 'value1')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.
update_flavor_extra_spec,
self.flavor['id'],
@@ -89,7 +89,7 @@
specs = {"key1": "value1", "key2": "value2"}
self.client.set_flavor_extra_spec(self.flavor['id'], specs)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.unset_flavor_extra_spec,
self.flavor['id'],
'key1')
diff --git a/tempest/api/compute/admin/test_flavors_negative.py b/tempest/api/compute/admin/test_flavors_negative.py
index 042c270..0104ee6 100644
--- a/tempest/api/compute/admin/test_flavors_negative.py
+++ b/tempest/api/compute/admin/test_flavors_negative.py
@@ -91,7 +91,7 @@
flavor_name = data_utils.rand_name(self.flavor_name_prefix)
new_flavor_id = str(uuid.uuid4())
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.create_flavor,
flavor_name, self.ram, self.vcpus, self.disk,
new_flavor_id, ephemeral=self.ephemeral,
@@ -101,7 +101,7 @@
@test.idempotent_id('a9a6dc02-8c14-4e05-a1ca-3468d4214882')
def test_delete_flavor_as_user(self):
# only admin user can delete a flavor
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.delete_flavor,
self.flavor_ref_alt)
diff --git a/tempest/api/compute/admin/test_hosts_negative.py b/tempest/api/compute/admin/test_hosts_negative.py
index 3c070ce..1ecd14f 100644
--- a/tempest/api/compute/admin/test_hosts_negative.py
+++ b/tempest/api/compute/admin/test_hosts_negative.py
@@ -40,7 +40,7 @@
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('dd032027-0210-4d9c-860e-69b1b8deed5f')
def test_list_hosts_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_hosts)
@test.attr(type=['negative', 'gate'])
@@ -55,7 +55,7 @@
def test_show_host_detail_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.show_host_detail,
hostname)
@@ -64,7 +64,7 @@
def test_update_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_host,
hostname,
status='enable',
@@ -142,7 +142,7 @@
def test_startup_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.startup_host,
hostname)
@@ -160,7 +160,7 @@
def test_shutdown_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.shutdown_host,
hostname)
@@ -178,6 +178,6 @@
def test_reboot_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reboot_host,
hostname)
diff --git a/tempest/api/compute/admin/test_hypervisor_negative.py b/tempest/api/compute/admin/test_hypervisor_negative.py
index 556424a..8c967de 100644
--- a/tempest/api/compute/admin/test_hypervisor_negative.py
+++ b/tempest/api/compute/admin/test_hypervisor_negative.py
@@ -55,7 +55,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_show_details,
hypers[0]['id'])
@@ -66,7 +66,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_servers,
hypers[0]['id'])
@@ -84,7 +84,7 @@
@test.idempotent_id('e2b061bb-13f9-40d8-9d6e-d5bf17595849')
def test_get_hypervisor_stats_with_non_admin_user(self):
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_stats)
@test.attr(type=['negative', 'gate'])
@@ -104,7 +104,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_uptime,
hypers[0]['id'])
@@ -113,7 +113,7 @@
def test_get_hypervisor_list_with_non_admin_user(self):
# List of hypervisor and available services with non admin user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_list)
@test.attr(type=['negative', 'gate'])
@@ -121,7 +121,7 @@
def test_get_hypervisor_list_details_with_non_admin_user(self):
# List of hypervisor details and available services with non admin user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_list_details)
@test.attr(type=['negative', 'gate'])
@@ -141,6 +141,6 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.search_hypervisor,
hypers[0]['hypervisor_hostname'])
diff --git a/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py b/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
index 6b5a82f..b1be1ed 100644
--- a/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
+++ b/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
@@ -33,11 +33,11 @@
@test.idempotent_id('a9d33178-d2c9-4131-ad3b-f4ca8d0308a2')
def test_instance_usage_audit_logs_with_nonadmin_user(self):
# the instance_usage_audit_logs API just can be accessed by admin user
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.instance_usages_audit_log_client.
list_instance_usage_audit_logs)
now = datetime.datetime.now()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.instance_usages_audit_log_client.
get_instance_usage_audit_log,
urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S")))
diff --git a/tempest/api/compute/admin/test_quotas_negative.py b/tempest/api/compute/admin/test_quotas_negative.py
index 73428df..323b0cb 100644
--- a/tempest/api/compute/admin/test_quotas_negative.py
+++ b/tempest/api/compute/admin/test_quotas_negative.py
@@ -40,7 +40,7 @@
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('733abfe8-166e-47bb-8363-23dbd7ff3476')
def test_update_quota_normal_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.client.update_quota_set,
self.demo_tenant_id,
ram=0)
@@ -61,7 +61,7 @@
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
cores=default_vcpu_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@test.attr(type=['negative', 'gate'])
@@ -78,7 +78,7 @@
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
ram=default_mem_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@test.attr(type=['negative', 'gate'])
@@ -94,7 +94,7 @@
instances=instances_quota)
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
instances=default_instances_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@decorators.skip_because(bug="1186354",
@@ -121,7 +121,7 @@
# Check we cannot create anymore
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.sg_client.create_security_group,
"sg-overlimit", "sg-desc")
@@ -161,6 +161,6 @@
# Check we cannot create SG rule anymore
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.OverLimit, lib_exc.Unauthorized),
+ self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
self.sg_client.create_security_group_rule,
secgroup_id, ip_protocol, 1025, 1025)
diff --git a/tempest/api/compute/admin/test_servers_negative.py b/tempest/api/compute/admin/test_servers_negative.py
index cafbf81..46de5f7 100644
--- a/tempest/api/compute/admin/test_servers_negative.py
+++ b/tempest/api/compute/admin/test_servers_negative.py
@@ -72,7 +72,7 @@
ram, vcpus, disk,
flavor_id)
self.addCleanup(self.flavors_client.delete_flavor, flavor_id)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.resize,
self.servers[0]['id'],
flavor_ref['id'])
@@ -94,7 +94,7 @@
ram, vcpus, disk,
flavor_id)
self.addCleanup(self.flavors_client.delete_flavor, flavor_id)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.resize,
self.servers[0]['id'],
flavor_ref['id'])
@@ -123,7 +123,7 @@
@test.idempotent_id('e84e2234-60d2-42fa-8b30-e2d3049724ac')
def test_get_server_diagnostics_by_non_admin(self):
# Non-admin user can not view server diagnostics according to policy
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_adm_client.get_server_diagnostics,
self.s1_id)
diff --git a/tempest/api/compute/admin/test_services_negative.py b/tempest/api/compute/admin/test_services_negative.py
index b8974ca..f97b343 100644
--- a/tempest/api/compute/admin/test_services_negative.py
+++ b/tempest/api/compute/admin/test_services_negative.py
@@ -33,7 +33,7 @@
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('1126d1f8-266e-485f-a687-adc547492646')
def test_list_services_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_services)
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/compute/admin/test_simple_tenant_usage_negative.py b/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
index 8801e85..38657a4 100644
--- a/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
+++ b/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
@@ -64,5 +64,5 @@
params = {'start': self.start,
'end': self.end,
'detailed': int(bool(True))}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.client.list_tenant_usages, params)
diff --git a/tempest/api/compute/limits/test_absolute_limits_negative.py b/tempest/api/compute/limits/test_absolute_limits_negative.py
index 507f24e..843dc1a 100644
--- a/tempest/api/compute/limits/test_absolute_limits_negative.py
+++ b/tempest/api/compute/limits/test_absolute_limits_negative.py
@@ -53,5 +53,5 @@
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server, meta=meta_data)
diff --git a/tempest/api/compute/servers/test_delete_server.py b/tempest/api/compute/servers/test_delete_server.py
index 8842899..6155958 100644
--- a/tempest/api/compute/servers/test_delete_server.py
+++ b/tempest/api/compute/servers/test_delete_server.py
@@ -123,7 +123,7 @@
device = '/dev/%s' % CONF.compute.volume_device_name
server = self.create_test_server(wait_until='ACTIVE')
- volume = volumes_client.create_volume(1)
+ volume = volumes_client.create_volume()
self.addCleanup(volumes_client.delete_volume, volume['id'])
volumes_client.wait_for_volume_status(volume['id'], 'available')
self.client.attach_volume(server['id'],
diff --git a/tempest/api/compute/servers/test_server_metadata_negative.py b/tempest/api/compute/servers/test_server_metadata_negative.py
index 0eb3800..19913d9 100644
--- a/tempest/api/compute/servers/test_server_metadata_negative.py
+++ b/tempest/api/compute/servers/test_server_metadata_negative.py
@@ -141,14 +141,14 @@
req_metadata = {}
for num in range(1, quota_metadata + 2):
req_metadata['key' + str(num)] = 'val' + str(num)
- self.assertRaises((lib_exc.OverLimit, lib_exc.Unauthorized),
+ self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
self.client.set_server_metadata,
self.server_id, req_metadata)
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised while exceeding metadata items limit for
# tenant.
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.update_server_metadata,
self.server_id, req_metadata)
diff --git a/tempest/api/compute/servers/test_server_personality.py b/tempest/api/compute/servers/test_server_personality.py
index 4a28dfb..b08dbf1 100644
--- a/tempest/api/compute/servers/test_server_personality.py
+++ b/tempest/api/compute/servers/test_server_personality.py
@@ -45,7 +45,7 @@
'contents': base64.b64encode(file_contents)})
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server, personality=personality)
@test.attr(type='gate')
diff --git a/tempest/api/compute/servers/test_server_rescue_negative.py b/tempest/api/compute/servers/test_server_rescue_negative.py
index 6e23334..7564758 100644
--- a/tempest/api/compute/servers/test_server_rescue_negative.py
+++ b/tempest/api/compute/servers/test_server_rescue_negative.py
@@ -58,7 +58,7 @@
def _create_volume(self):
volume = self.volumes_extensions_client.create_volume(
- 1, display_name=data_utils.rand_name(
+ CONF.volume.volume_size, display_name=data_utils.rand_name(
self.__class__.__name__ + '_volume'))
self.addCleanup(self.delete_volume, volume['id'])
self.volumes_extensions_client.wait_for_volume_status(
diff --git a/tempest/api/compute/test_live_block_migration.py b/tempest/api/compute/test_live_block_migration.py
index a933f81..d2221e1 100644
--- a/tempest/api/compute/test_live_block_migration.py
+++ b/tempest/api/compute/test_live_block_migration.py
@@ -115,7 +115,7 @@
actual_host = self._get_host_for_server(server_id)
target_host = self._get_host_other_than(actual_host)
- volume = self.volumes_client.create_volume(1, display_name='test')
+ volume = self.volumes_client.create_volume(display_name='test')
self.volumes_client.wait_for_volume_status(volume['id'],
'available')
diff --git a/tempest/api/compute/volumes/test_attach_volume.py b/tempest/api/compute/volumes/test_attach_volume.py
index 43d2302..12d5b0e 100644
--- a/tempest/api/compute/volumes/test_attach_volume.py
+++ b/tempest/api/compute/volumes/test_attach_volume.py
@@ -70,7 +70,7 @@
# Create a volume and wait for it to become ready
self.volume = self.volumes_client.create_volume(
- 1, display_name='test')
+ CONF.volume.volume_size, display_name='test')
self.addCleanup(self._delete_volume)
self.volumes_client.wait_for_volume_status(self.volume['id'],
'available')
diff --git a/tempest/api/compute/volumes/test_volumes_get.py b/tempest/api/compute/volumes/test_volumes_get.py
index 207476d..5f84c73 100644
--- a/tempest/api/compute/volumes/test_volumes_get.py
+++ b/tempest/api/compute/volumes/test_volumes_get.py
@@ -46,8 +46,7 @@
v_name = data_utils.rand_name('Volume')
metadata = {'Type': 'work'}
# Create volume
- volume = self.client.create_volume(size=1,
- display_name=v_name,
+ volume = self.client.create_volume(display_name=v_name,
metadata=metadata)
self.addCleanup(self.delete_volume, volume['id'])
self.assertIn('id', volume)
diff --git a/tempest/api/compute/volumes/test_volumes_list.py b/tempest/api/compute/volumes/test_volumes_list.py
index 501e9ed..bd126d8 100644
--- a/tempest/api/compute/volumes/test_volumes_list.py
+++ b/tempest/api/compute/volumes/test_volumes_list.py
@@ -53,8 +53,7 @@
v_name = data_utils.rand_name('volume')
metadata = {'Type': 'work'}
try:
- volume = cls.client.create_volume(size=1,
- display_name=v_name,
+ volume = cls.client.create_volume(display_name=v_name,
metadata=metadata)
cls.client.wait_for_volume_status(volume['id'], 'available')
volume = cls.client.get_volume(volume['id'])
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
index be9fb52..0885eab 100644
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ b/tempest/api/identity/admin/v2/test_roles_negative.py
@@ -35,7 +35,7 @@
@test.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
def test_list_roles_by_unauthorized_user(self):
# Non-administrator user should not be able to list roles
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_roles)
@test.attr(type=['negative', 'gate'])
@@ -58,7 +58,7 @@
def test_create_role_by_unauthorized_user(self):
# Non-administrator user should not be able to create role
role_name = data_utils.rand_name(name='role-')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_role, role_name)
@test.attr(type=['negative', 'gate'])
@@ -91,7 +91,7 @@
body = self.client.create_role(role_name)
self.data.roles.append(body)
role_id = body.get('id')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_role, role_id)
@test.attr(type=['negative', 'gate'])
@@ -123,7 +123,7 @@
# Non-administrator user should not be authorized to
# assign a role to user
(user, tenant, role) = self._get_role_params()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.assign_user_role,
tenant['id'], user['id'], role['id'])
@@ -175,7 +175,7 @@
self.client.assign_user_role(tenant['id'],
user['id'],
role['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.remove_user_role,
tenant['id'], user['id'], role['id'])
@@ -225,7 +225,7 @@
# a user's roles
(user, tenant, role) = self._get_role_params()
self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_user_roles, tenant['id'],
user['id'])
diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py
index 8346a3d..952b625 100644
--- a/tempest/api/identity/admin/v2/test_tenant_negative.py
+++ b/tempest/api/identity/admin/v2/test_tenant_negative.py
@@ -27,7 +27,7 @@
@test.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
def test_list_tenants_by_unauthorized_user(self):
# Non-administrator user should not be able to list tenants
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_tenants)
@test.attr(type=['negative', 'gate'])
@@ -46,7 +46,7 @@
tenant_name = data_utils.rand_name(name='tenant-')
tenant = self.client.create_tenant(tenant_name)
self.data.tenants.append(tenant)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_tenant, tenant['id'])
@test.attr(type=['negative', 'gate'])
@@ -89,7 +89,7 @@
def test_create_tenant_by_unauthorized_user(self):
# Non-administrator user should not be authorized to create a tenant
tenant_name = data_utils.rand_name(name='tenant-')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_tenant, tenant_name)
@test.attr(type=['negative', 'gate'])
@@ -132,7 +132,7 @@
tenant_name = data_utils.rand_name(name='tenant-')
tenant = self.client.create_tenant(tenant_name)
self.data.tenants.append(tenant)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_tenant, tenant['id'])
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
index f40621b..0336ef1 100644
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ b/tempest/api/identity/admin/v2/test_users_negative.py
@@ -35,7 +35,7 @@
def test_create_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to create a user
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_user, self.alt_user,
self.alt_password, self.data.tenant['id'],
self.alt_email)
@@ -131,7 +131,7 @@
def test_update_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to update user
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_user, self.alt_user)
@test.attr(type=['negative', 'gate'])
@@ -139,7 +139,7 @@
def test_delete_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to delete a user
self.data.setup_test_user()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_user,
self.data.user['id'])
@@ -220,7 +220,7 @@
def test_get_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to get user list
self.data.setup_test_user()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.get_users)
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/identity/admin/v3/test_projects_negative.py b/tempest/api/identity/admin/v3/test_projects_negative.py
index bc92900..897eecc 100644
--- a/tempest/api/identity/admin/v3/test_projects_negative.py
+++ b/tempest/api/identity/admin/v3/test_projects_negative.py
@@ -26,7 +26,7 @@
@test.idempotent_id('24c49279-45dd-4155-887a-cb738c2385aa')
def test_list_projects_by_unauthorized_user(self):
# Non-admin user should not be able to list projects
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_projects)
@test.attr(type=['negative', 'gate'])
@@ -46,7 +46,7 @@
# Non-admin user should not be authorized to create a project
project_name = data_utils.rand_name('project-')
self.assertRaises(
- lib_exc.Unauthorized, self.non_admin_client.create_project,
+ lib_exc.Forbidden, self.non_admin_client.create_project,
project_name)
@test.attr(type=['negative', 'gate'])
@@ -72,7 +72,7 @@
project = self.client.create_project(project_name)
self.data.projects.append(project)
self.assertRaises(
- lib_exc.Unauthorized, self.non_admin_client.delete_project,
+ lib_exc.Forbidden, self.non_admin_client.delete_project,
project['id'])
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/image/v2/test_images_member_negative.py b/tempest/api/image/v2/test_images_member_negative.py
index a0c59ff..c07db0e 100644
--- a/tempest/api/image/v2/test_images_member_negative.py
+++ b/tempest/api/image/v2/test_images_member_negative.py
@@ -37,7 +37,7 @@
self.alt_tenant_id)
self.assertEqual(member['status'], 'pending')
self.assertNotIn(image_id, self._list_image_ids_as_alt())
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.os_img_client.update_member_status,
image_id, self.alt_tenant_id, 'accepted')
self.assertNotIn(image_id, self._list_image_ids_as_alt())
diff --git a/tempest/api/network/admin/test_external_network_extension.py b/tempest/api/network/admin/test_external_network_extension.py
index 20b4e31..d942641 100644
--- a/tempest/api/network/admin/test_external_network_extension.py
+++ b/tempest/api/network/admin/test_external_network_extension.py
@@ -101,7 +101,8 @@
self.addCleanup(self._try_delete_resource,
client.delete_network,
external_network['id'])
- subnet = self.create_subnet(external_network, client=client)
+ subnet = self.create_subnet(external_network, client=client,
+ enable_dhcp=False)
body = client.create_floatingip(
floating_network_id=external_network['id'])
created_floating_ip = body['floatingip']
diff --git a/tempest/api/network/test_security_groups.py b/tempest/api/network/test_security_groups.py
index 8479013..79d2046 100644
--- a/tempest/api/network/test_security_groups.py
+++ b/tempest/api/network/test_security_groups.py
@@ -176,7 +176,7 @@
sg_id = group_create_body['security_group']['id']
direction = 'ingress'
protocol = 'icmp'
- icmp_type_codes = [(3, 2), (2, 3), (3, 0), (2, None)]
+ icmp_type_codes = [(3, 2), (3, 0), (8, 0), (0, 0), (11, None)]
for icmp_type, icmp_code in icmp_type_codes:
self._create_verify_security_group_rule(sg_id, direction,
self.ethertype, protocol,
diff --git a/tempest/api/object_storage/base.py b/tempest/api/object_storage/base.py
index 6a025d9..f75f4c8 100644
--- a/tempest/api/object_storage/base.py
+++ b/tempest/api/object_storage/base.py
@@ -15,7 +15,6 @@
from tempest_lib import exceptions as lib_exc
-from tempest.api.identity import base
from tempest import clients
from tempest.common import credentials
from tempest.common import custom_matchers
@@ -38,29 +37,25 @@
def setup_credentials(cls):
cls.set_network_resources()
super(BaseObjectTest, cls).setup_credentials()
-
cls.isolated_creds = credentials.get_isolated_credentials(
cls.__name__, network_resources=cls.network_resources)
- # Get isolated creds for normal user
- cls.os = clients.Manager(cls.isolated_creds.get_primary_creds())
- # Get isolated creds for admin user
- cls.os_admin = clients.Manager(cls.isolated_creds.get_admin_creds())
- cls.data = SwiftDataGenerator(cls.os_admin.identity_client)
- # Get isolated creds for alt user
- cls.os_alt = clients.Manager(cls.isolated_creds.get_alt_creds())
+ operator_role = CONF.object_storage.operator_role
+ if not cls.isolated_creds.is_role_available(operator_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, operator_role))
+ raise cls.skipException(skip_msg)
+ else:
+ # Get isolated creds for normal user
+ cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+ [operator_role]))
@classmethod
def setup_clients(cls):
super(BaseObjectTest, cls).setup_clients()
-
cls.object_client = cls.os.object_client
cls.container_client = cls.os.container_client
cls.account_client = cls.os.account_client
- cls.token_client = cls.os_admin.token_client
- cls.identity_admin_client = cls.os_admin.identity_client
- cls.object_client_alt = cls.os_alt.object_client
- cls.container_client_alt = cls.os_alt.container_client
- cls.identity_client_alt = cls.os_alt.identity_client
@classmethod
def resource_setup(cls):
@@ -70,12 +65,9 @@
cls.object_client.auth_provider.clear_auth()
cls.container_client.auth_provider.clear_auth()
cls.account_client.auth_provider.clear_auth()
- cls.object_client_alt.auth_provider.clear_auth()
- cls.container_client_alt.auth_provider.clear_auth()
@classmethod
def resource_cleanup(cls):
- cls.data.teardown_all()
cls.isolated_creds.clear_isolated_creds()
super(BaseObjectTest, cls).resource_cleanup()
@@ -119,28 +111,3 @@
self.assertThat(resp, custom_matchers.ExistsAllResponseHeaders(
target, method))
self.assertThat(resp, custom_matchers.AreAllWellFormatted())
-
-
-class SwiftDataGenerator(base.DataGenerator):
-
- def setup_test_user(self, reseller=False):
- super(SwiftDataGenerator, self).setup_test_user()
- if reseller:
- role_name = CONF.object_storage.reseller_admin_role
- else:
- role_name = CONF.object_storage.operator_role
- role_id = self._get_role_id(role_name)
- self._assign_role(role_id)
-
- def _get_role_id(self, role_name):
- try:
- roles = self.client.list_roles()
- return next(r['id'] for r in roles if r['name'] == role_name)
- except StopIteration:
- msg = "Role name '%s' is not found" % role_name
- raise lib_exc.NotFound(msg)
-
- def _assign_role(self, role_id):
- self.client.assign_user_role(self.tenant['id'],
- self.user['id'],
- role_id)
diff --git a/tempest/api/object_storage/test_account_quotas.py b/tempest/api/object_storage/test_account_quotas.py
index 9b379f4..74bc519 100644
--- a/tempest/api/object_storage/test_account_quotas.py
+++ b/tempest/api/object_storage/test_account_quotas.py
@@ -26,8 +26,16 @@
@classmethod
def setup_credentials(cls):
super(AccountQuotasTest, cls).setup_credentials()
- cls.data.setup_test_user(reseller=True)
- cls.os_reselleradmin = clients.Manager(cls.data.test_credentials)
+ reseller_admin_role = CONF.object_storage.reseller_admin_role
+ if not cls.isolated_creds.is_role_available(reseller_admin_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, reseller_admin_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_reselleradmin = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[reseller_admin_role]))
@classmethod
def resource_setup(cls):
diff --git a/tempest/api/object_storage/test_account_quotas_negative.py b/tempest/api/object_storage/test_account_quotas_negative.py
index 7d4008c..cfcdae4 100644
--- a/tempest/api/object_storage/test_account_quotas_negative.py
+++ b/tempest/api/object_storage/test_account_quotas_negative.py
@@ -29,8 +29,16 @@
@classmethod
def setup_credentials(cls):
super(AccountQuotasNegativeTest, cls).setup_credentials()
- cls.data.setup_test_user(reseller=True)
- cls.os_reselleradmin = clients.Manager(cls.data.test_credentials)
+ reseller_admin_role = CONF.object_storage.reseller_admin_role
+ if not cls.isolated_creds.is_role_available(reseller_admin_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, reseller_admin_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_reselleradmin = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[reseller_admin_role]))
@classmethod
def resource_setup(cls):
@@ -86,12 +94,12 @@
"""
# Not able to remove quota
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.create_account_metadata,
{"Quota-Bytes": ""})
# Not able to modify quota
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.create_account_metadata,
{"Quota-Bytes": "100"})
diff --git a/tempest/api/object_storage/test_account_services.py b/tempest/api/object_storage/test_account_services.py
index 63d0425..14ccc12 100644
--- a/tempest/api/object_storage/test_account_services.py
+++ b/tempest/api/object_storage/test_account_services.py
@@ -32,6 +32,13 @@
containers = []
@classmethod
+ def setup_credentials(cls):
+ super(AccountTest, cls).setup_credentials()
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
def resource_setup(cls):
super(AccountTest, cls).resource_setup()
for i in moves.xrange(ord('a'), ord('f') + 1):
@@ -63,12 +70,9 @@
# To test listing no containers, create new user other than
# the base user of this instance.
- self.data.setup_test_user()
-
- os_test_user = clients.Manager(self.data.test_credentials)
resp, container_list = \
- os_test_user.account_client.list_account_containers()
+ self.os_operator.account_client.list_account_containers()
# When sending a request to an account which has not received a PUT
# container request, the response does not contain 'accept-ranges'
diff --git a/tempest/api/object_storage/test_account_services_negative.py b/tempest/api/object_storage/test_account_services_negative.py
index f329675..4a482da 100644
--- a/tempest/api/object_storage/test_account_services_negative.py
+++ b/tempest/api/object_storage/test_account_services_negative.py
@@ -16,20 +16,27 @@
from tempest.api.object_storage import base
from tempest import clients
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class AccountNegativeTest(base.BaseObjectTest):
+ @classmethod
+ def setup_credentials(cls):
+ super(AccountNegativeTest, cls).setup_credentials()
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('070e6aca-6152-4867-868d-1118d68fb38c')
def test_list_containers_with_non_authorized_user(self):
# list containers using non-authorized user
- # create user
- self.data.setup_test_user()
- test_os = clients.Manager(self.data.test_credentials)
- test_auth_provider = test_os.auth_provider
+ test_auth_provider = self.os_operator.auth_provider
# Get auth for the test user
test_auth_provider.auth_data
@@ -44,6 +51,6 @@
params = {'format': 'json'}
# list containers with non-authorized user token
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.list_account_containers,
params=params)
diff --git a/tempest/api/object_storage/test_container_acl.py b/tempest/api/object_storage/test_container_acl.py
index 6368bec..2c00022 100644
--- a/tempest/api/object_storage/test_container_acl.py
+++ b/tempest/api/object_storage/test_container_acl.py
@@ -16,21 +16,25 @@
from tempest.api.object_storage import base
from tempest import clients
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectTestACLs(base.BaseObjectTest):
@classmethod
def setup_credentials(cls):
super(ObjectTestACLs, cls).setup_credentials()
- cls.data.setup_test_user()
- cls.test_os = clients.Manager(cls.data.test_credentials)
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
@classmethod
def resource_setup(cls):
super(ObjectTestACLs, cls).resource_setup()
- cls.test_auth_data = cls.test_os.auth_provider.auth_data
+ cls.test_auth_data = cls.os_operator.auth_provider.auth_data
def setUp(self):
super(ObjectTestACLs, self).setUp()
@@ -46,8 +50,9 @@
def test_read_object_with_rights(self):
# attempt to read object using authorized user
# update X-Container-Read metadata ACL
- cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user}
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
+ cont_headers = {'X-Container-Read': tenant_name + ':' + username}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
metadata_prefix='')
@@ -71,8 +76,9 @@
def test_write_object_with_rights(self):
# attempt to write object using authorized user
# update X-Container-Write metadata ACL
- cont_headers = {'X-Container-Write':
- self.data.test_tenant + ':' + self.data.test_user}
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
+ cont_headers = {'X-Container-Write': tenant_name + ':' + username}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
metadata_prefix='')
diff --git a/tempest/api/object_storage/test_container_acl_negative.py b/tempest/api/object_storage/test_container_acl_negative.py
index 5892340..18939f0 100644
--- a/tempest/api/object_storage/test_container_acl_negative.py
+++ b/tempest/api/object_storage/test_container_acl_negative.py
@@ -17,21 +17,25 @@
from tempest.api.object_storage import base
from tempest import clients
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectACLsNegativeTest(base.BaseObjectTest):
@classmethod
def setup_credentials(cls):
super(ObjectACLsNegativeTest, cls).setup_credentials()
- cls.data.setup_test_user()
- cls.test_os = clients.Manager(cls.data.test_credentials)
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
@classmethod
def resource_setup(cls):
super(ObjectACLsNegativeTest, cls).resource_setup()
- cls.test_auth_data = cls.test_os.auth_provider.auth_data
+ cls.test_auth_data = cls.os_operator.auth_provider.auth_data
def setUp(self):
super(ObjectACLsNegativeTest, self).setUp()
@@ -84,7 +88,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name, object_name, 'data', headers={})
@@ -102,7 +106,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.get_object,
self.container_name, object_name)
@@ -120,7 +124,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.delete_object,
self.container_name, object_name)
@@ -144,7 +148,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.get_object,
self.container_name, object_name)
@@ -164,7 +168,7 @@
auth_data=self.test_auth_data
)
object_name = data_utils.rand_name(name='Object')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name,
object_name, 'data', headers={})
@@ -174,8 +178,10 @@
def test_write_object_without_write_rights(self):
# attempt to write object using non-authorized user
# update X-Container-Read and X-Container-Write metadata ACL
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user,
+ tenant_name + ':' + username,
'X-Container-Write': ''}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
@@ -187,7 +193,7 @@
auth_data=self.test_auth_data
)
object_name = data_utils.rand_name(name='Object')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name,
object_name, 'data', headers={})
@@ -197,8 +203,10 @@
def test_delete_object_without_write_rights(self):
# attempt to delete object using non-authorized user
# update X-Container-Read and X-Container-Write metadata ACL
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user,
+ tenant_name + ':' + username,
'X-Container-Write': ''}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
@@ -214,7 +222,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.delete_object,
self.container_name,
object_name)
diff --git a/tempest/api/object_storage/test_container_sync.py b/tempest/api/object_storage/test_container_sync.py
index 71f1275..ae42da6 100644
--- a/tempest/api/object_storage/test_container_sync.py
+++ b/tempest/api/object_storage/test_container_sync.py
@@ -19,6 +19,7 @@
import urlparse
from tempest.api.object_storage import base
+from tempest import clients
from tempest.common.utils import data_utils
from tempest import config
from tempest import test
@@ -36,6 +37,18 @@
clients = {}
@classmethod
+ def setup_credentials(cls):
+ super(ContainerSyncTest, cls).setup_credentials()
+ cls.os_alt = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+ [CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
+ def setup_clients(cls):
+ super(ContainerSyncTest, cls).setup_clients()
+ cls.object_client_alt = cls.os_alt.object_client
+ cls.container_client_alt = cls.os_alt.container_client
+
+ @classmethod
def resource_setup(cls):
super(ContainerSyncTest, cls).resource_setup()
cls.containers = []
diff --git a/tempest/api/object_storage/test_object_services.py b/tempest/api/object_storage/test_object_services.py
index a4d0377..f9220cf 100644
--- a/tempest/api/object_storage/test_object_services.py
+++ b/tempest/api/object_storage/test_object_services.py
@@ -23,12 +23,17 @@
import six
from tempest.api.object_storage import base
+from tempest import clients
from tempest.common import custom_matchers
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectTest(base.BaseObjectTest):
+
@classmethod
def resource_setup(cls):
super(ObjectTest, cls).resource_setup()
@@ -1016,6 +1021,19 @@
class PublicObjectTest(base.BaseObjectTest):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(PublicObjectTest, cls).setup_credentials()
+ cls.os_alt = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
+ def setup_clients(cls):
+ super(PublicObjectTest, cls).setup_clients()
+ cls.identity_client_alt = cls.os_alt.identity_client
+
def setUp(self):
super(PublicObjectTest, self).setUp()
self.container_name = data_utils.rand_name(name='TestContainer')
diff --git a/tempest/api/volume/admin/test_multi_backend.py b/tempest/api/volume/admin/test_multi_backend.py
index 97dd104..2e4b614 100644
--- a/tempest/api/volume/admin/test_multi_backend.py
+++ b/tempest/api/volume/admin/test_multi_backend.py
@@ -70,8 +70,7 @@
params = {self.name_field: vol_name, 'volume_type': type_name}
- self.volume = self.admin_volume_client.create_volume(size=1,
- **params)
+ self.volume = self.admin_volume_client.create_volume(**params)
if with_prefix:
self.volume_id_list_with_prefix.append(self.volume['id'])
else:
diff --git a/tempest/api/volume/admin/test_snapshots_actions.py b/tempest/api/volume/admin/test_snapshots_actions.py
index 469f13e..4834be1 100644
--- a/tempest/api/volume/admin/test_snapshots_actions.py
+++ b/tempest/api/volume/admin/test_snapshots_actions.py
@@ -34,7 +34,7 @@
cls.name_field = cls.special_fields['name_field']
params = {cls.name_field: vol_name}
cls.volume = \
- cls.volumes_client.create_volume(size=1, **params)
+ cls.volumes_client.create_volume(**params)
cls.volumes_client.wait_for_volume_status(cls.volume['id'],
'available')
diff --git a/tempest/api/volume/admin/test_volume_quotas.py b/tempest/api/volume/admin/test_volume_quotas.py
index 27375de..cd91552 100644
--- a/tempest/api/volume/admin/test_volume_quotas.py
+++ b/tempest/api/volume/admin/test_volume_quotas.py
@@ -84,7 +84,7 @@
quota_usage = self.quotas_client.get_quota_usage(
self.demo_tenant_id)
- volume = self.create_volume(size=1)
+ volume = self.create_volume()
self.addCleanup(self.admin_volume_client.delete_volume,
volume['id'])
diff --git a/tempest/api/volume/admin/test_volume_quotas_negative.py b/tempest/api/volume/admin/test_volume_quotas_negative.py
index 67edd09..98b7143 100644
--- a/tempest/api/volume/admin/test_volume_quotas_negative.py
+++ b/tempest/api/volume/admin/test_volume_quotas_negative.py
@@ -48,8 +48,7 @@
@test.idempotent_id('bf544854-d62a-47f2-a681-90f7a47d86b6')
def test_quota_volumes(self):
self.assertRaises(lib_exc.OverLimit,
- self.volumes_client.create_volume,
- size=1)
+ self.volumes_client.create_volume)
@test.attr(type='negative')
@test.idempotent_id('02bbf63f-6c05-4357-9d98-2926a94064ff')
@@ -73,8 +72,7 @@
self.demo_tenant_id,
**new_quota_set)
self.assertRaises(lib_exc.OverLimit,
- self.volumes_client.create_volume,
- size=1)
+ self.volumes_client.create_volume)
new_quota_set = {'gigabytes': 2, 'volumes': 1, 'snapshots': 2}
self.quotas_client.update_quota_set(
diff --git a/tempest/api/volume/admin/test_volume_types.py b/tempest/api/volume/admin/test_volume_types.py
index 8705f6f..01242f9 100644
--- a/tempest/api/volume/admin/test_volume_types.py
+++ b/tempest/api/volume/admin/test_volume_types.py
@@ -60,7 +60,7 @@
'volume_type': volume_types[0]['id']}
# Create volume
- volume = self.volumes_client.create_volume(size=1, **params)
+ volume = self.volumes_client.create_volume(**params)
self.addCleanup(self._delete_volume, volume['id'])
self.assertEqual(volume_types[0]['name'], volume["volume_type"])
self.assertEqual(volume[self.name_field], vol_name,
diff --git a/tempest/api/volume/admin/test_volume_types_negative.py b/tempest/api/volume/admin/test_volume_types_negative.py
index eb46a54..d2bf777 100644
--- a/tempest/api/volume/admin/test_volume_types_negative.py
+++ b/tempest/api/volume/admin/test_volume_types_negative.py
@@ -31,8 +31,7 @@
params = {self.name_field: str(uuid.uuid4()),
'volume_type': str(uuid.uuid4())}
self.assertRaises(lib_exc.NotFound,
- self.volumes_client.create_volume, size=1,
- **params)
+ self.volumes_client.create_volume, **params)
@test.attr(type='gate')
@test.idempotent_id('878b4e57-faa2-4659-b0d1-ce740a06ae81')
diff --git a/tempest/api/volume/admin/test_volumes_actions.py b/tempest/api/volume/admin/test_volumes_actions.py
index b0013e6..dc96839 100644
--- a/tempest/api/volume/admin/test_volumes_actions.py
+++ b/tempest/api/volume/admin/test_volumes_actions.py
@@ -34,8 +34,7 @@
cls.name_field = cls.special_fields['name_field']
params = {cls.name_field: vol_name}
- cls.volume = cls.client.create_volume(size=1,
- **params)
+ cls.volume = cls.client.create_volume(**params)
cls.client.wait_for_volume_status(cls.volume['id'], 'available')
@classmethod
@@ -61,8 +60,7 @@
# Create a temp volume for force delete tests
vol_name = utils.rand_name('Volume')
params = {self.name_field: vol_name}
- temp_volume = self.client.create_volume(size=1,
- **params)
+ temp_volume = self.client.create_volume(**params)
self.client.wait_for_volume_status(temp_volume['id'], 'available')
return temp_volume
diff --git a/tempest/api/volume/base.py b/tempest/api/volume/base.py
index c672607..4f94f34 100644
--- a/tempest/api/volume/base.py
+++ b/tempest/api/volume/base.py
@@ -106,7 +106,7 @@
super(BaseVolumeTest, cls).resource_cleanup()
@classmethod
- def create_volume(cls, size=1, **kwargs):
+ def create_volume(cls, size=None, **kwargs):
"""Wrapper utility that returns a test volume."""
name = data_utils.rand_name('Volume')
diff --git a/tempest/api/volume/test_volumes_get.py b/tempest/api/volume/test_volumes_get.py
index 007b0db..d03bd8d 100644
--- a/tempest/api/volume/test_volumes_get.py
+++ b/tempest/api/volume/test_volumes_get.py
@@ -108,7 +108,7 @@
new_v_desc = data_utils.rand_name('@#$%^* description')
params = {self.descrip_field: new_v_desc,
'availability_zone': volume['availability_zone']}
- new_volume = self.client.create_volume(size=1, **params)
+ new_volume = self.client.create_volume(**params)
self.assertIn('id', new_volume)
self.addCleanup(self._delete_volume, new_volume['id'])
self.client.wait_for_volume_status(new_volume['id'], 'available')
diff --git a/tempest/api/volume/test_volumes_snapshots.py b/tempest/api/volume/test_volumes_snapshots.py
index 3c1cce3..b6cdd6b 100644
--- a/tempest/api/volume/test_volumes_snapshots.py
+++ b/tempest/api/volume/test_volumes_snapshots.py
@@ -181,7 +181,6 @@
snapshot = self.create_snapshot(self.volume_origin['id'])
# NOTE(gfidente): size is required also when passing snapshot_id
volume = self.volumes_client.create_volume(
- size=1,
snapshot_id=snapshot['id'])
self.volumes_client.wait_for_volume_status(volume['id'], 'available')
self.volumes_client.delete_volume(volume['id'])
diff --git a/tempest/cli/__init__.py b/tempest/cli/__init__.py
index 76aafd8..6733204 100644
--- a/tempest/cli/__init__.py
+++ b/tempest/cli/__init__.py
@@ -68,6 +68,14 @@
class ClientTestBase(test.BaseTestCase):
+
+ @classmethod
+ def skip_checks(cls):
+ super(ClientTestBase, cls).skip_checks()
+ if not CONF.identity_feature_enabled.api_v2:
+ raise cls.skipException("CLI clients rely on identity v2 API, "
+ "which is configured as not available")
+
@classmethod
def resource_setup(cls):
if not CONF.cli.enabled:
diff --git a/tempest/cli/simple_read_only/identity/__init__.py b/tempest/cli/simple_read_only/identity/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/cli/simple_read_only/identity/__init__.py
+++ /dev/null
diff --git a/tempest/cli/simple_read_only/identity/test_keystone.py b/tempest/cli/simple_read_only/identity/test_keystone.py
deleted file mode 100644
index 10a26d5..0000000
--- a/tempest/cli/simple_read_only/identity/test_keystone.py
+++ /dev/null
@@ -1,155 +0,0 @@
-# Copyright 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import re
-
-from tempest_lib import exceptions
-
-from tempest import cli
-from tempest import config
-from tempest.openstack.common import log as logging
-from tempest import test
-
-CONF = config.CONF
-
-
-LOG = logging.getLogger(__name__)
-
-
-class SimpleReadOnlyKeystoneClientTest(cli.ClientTestBase):
- """Basic, read-only tests for Keystone CLI client.
-
- Checks return values and output of read-only commands.
- These tests do not presume any content, nor do they create
- their own. They only verify the structure of output if present.
- """
-
- def keystone(self, *args, **kwargs):
- return self.clients.keystone(*args, **kwargs)
-
- @test.idempotent_id('19c3ae95-3c19-4bba-8ba3-48ad19939b71')
- def test_admin_fake_action(self):
- self.assertRaises(exceptions.CommandFailed,
- self.keystone,
- 'this-does-not-exist')
-
- @test.idempotent_id('a1100917-c7c5-4887-a4da-f7d7f13194f5')
- def test_admin_catalog_list(self):
- out = self.keystone('catalog')
- catalog = self.parser.details_multiple(out, with_label=True)
- for svc in catalog:
- if svc.get('__label'):
- self.assertTrue(svc['__label'].startswith('Service:'),
- msg=('Invalid beginning of service block: '
- '%s' % svc['__label']))
- # check that region and publicURL exists. One might also
- # check for adminURL and internalURL. id seems to be optional
- # and is missing in the catalog backend
- self.assertIn('publicURL', svc.keys())
- self.assertIn('region', svc.keys())
-
- @test.idempotent_id('35c73506-eab6-4abc-956e-42da90aba8ec')
- def test_admin_endpoint_list(self):
- out = self.keystone('endpoint-list')
- endpoints = self.parser.listing(out)
- self.assertTableStruct(endpoints, [
- 'id', 'region', 'publicurl', 'internalurl',
- 'adminurl', 'service_id'])
-
- @test.idempotent_id('f17cb155-bd16-4f32-9956-1b073752fc07')
- def test_admin_endpoint_service_match(self):
- endpoints = self.parser.listing(self.keystone('endpoint-list'))
- services = self.parser.listing(self.keystone('service-list'))
- svc_by_id = {}
- for svc in services:
- svc_by_id[svc['id']] = svc
- for endpoint in endpoints:
- self.assertIn(endpoint['service_id'], svc_by_id)
-
- @test.idempotent_id('be7176f2-9c34-4d84-bb7d-b4bc85d06a33')
- def test_admin_role_list(self):
- roles = self.parser.listing(self.keystone('role-list'))
- self.assertTableStruct(roles, ['id', 'name'])
-
- @test.idempotent_id('96a4de8d-aa9e-4ca5-89f0-985809eccd66')
- def test_admin_service_list(self):
- services = self.parser.listing(self.keystone('service-list'))
- self.assertTableStruct(services, ['id', 'name', 'type', 'description'])
-
- @test.idempotent_id('edb45480-0f7b-49eb-8f95-7562cbba96da')
- def test_admin_tenant_list(self):
- tenants = self.parser.listing(self.keystone('tenant-list'))
- self.assertTableStruct(tenants, ['id', 'name', 'enabled'])
-
- @test.idempotent_id('25a2753d-6bd1-40c0-addc-32864b00cb2d')
- def test_admin_user_list(self):
- users = self.parser.listing(self.keystone('user-list'))
- self.assertTableStruct(users, [
- 'id', 'name', 'enabled', 'email'])
-
- @test.idempotent_id('f92bf8d4-b27b-47c9-8450-e27c57758de9')
- def test_admin_user_role_list(self):
- user_roles = self.parser.listing(self.keystone('user-role-list'))
- self.assertTableStruct(user_roles, [
- 'id', 'name', 'user_id', 'tenant_id'])
-
- @test.idempotent_id('14a2687b-3ce1-404c-9f78-a0e28e2f8f7b')
- def test_admin_discover(self):
- discovered = self.keystone('discover')
- self.assertIn('Keystone found at http', discovered)
- self.assertIn('supports version', discovered)
-
- @test.idempotent_id('9a567c8c-3787-4e5f-9c30-bed55f2b75c0')
- def test_admin_help(self):
- help_text = self.keystone('help')
- lines = help_text.split('\n')
- self.assertFirstLineStartsWith(lines, 'usage: keystone')
-
- commands = []
- cmds_start = lines.index('Positional arguments:')
- cmds_end = lines.index('Optional arguments:')
- command_pattern = re.compile('^ {4}([a-z0-9\-\_]+)')
- for line in lines[cmds_start:cmds_end]:
- match = command_pattern.match(line)
- if match:
- commands.append(match.group(1))
- commands = set(commands)
- wanted_commands = set(('catalog', 'endpoint-list', 'help',
- 'token-get', 'discover', 'bootstrap'))
- self.assertFalse(wanted_commands - commands)
-
- @test.idempotent_id('a7b9e1fe-db31-4846-82c5-52a7aa9863c3')
- def test_admin_bashcompletion(self):
- self.keystone('bash-completion')
-
- @test.idempotent_id('5328c681-df8b-4874-a65c-8fa278f0af8f')
- def test_admin_ec2_credentials_list(self):
- creds = self.keystone('ec2-credentials-list')
- creds = self.parser.listing(creds)
- self.assertTableStruct(creds, ['tenant', 'access', 'secret'])
-
- # Optional arguments:
-
- @test.idempotent_id('af95e809-ce95-4505-8627-170d803b1d13')
- def test_admin_version(self):
- self.keystone('', flags='--version')
-
- @test.idempotent_id('9e26521f-7bfa-4d8e-9d61-fd364f0c20c0')
- def test_admin_debug_list(self):
- self.keystone('catalog', flags='--debug')
-
- @test.idempotent_id('097b3a52-725f-4df7-84b6-277a2b6f6e38')
- def test_admin_timeout(self):
- self.keystone('catalog', flags='--timeout %d' % CONF.cli.timeout)
diff --git a/tempest/clients.py b/tempest/clients.py
index 63bc117..e5f41eb 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -301,7 +301,8 @@
'build_timeout': CONF.volume.build_timeout
})
self.volumes_extensions_client = VolumesExtensionsClientJSON(
- self.auth_provider, **params_volume)
+ self.auth_provider, default_volume_size=CONF.volume.volume_size,
+ **params_volume)
def _set_database_clients(self):
self.database_flavors_client = DatabaseFlavorsClientJSON(
diff --git a/tempest/common/accounts.py b/tempest/common/accounts.py
index e21a85e..8766e7d 100644
--- a/tempest/common/accounts.py
+++ b/tempest/common/accounts.py
@@ -49,12 +49,46 @@
self.isolated_creds = {}
@classmethod
+ def _append_role(cls, role, account_hash, hash_dict):
+ if role in hash_dict['roles']:
+ hash_dict['roles'][role].append(account_hash)
+ else:
+ hash_dict['roles'][role] = [account_hash]
+ return hash_dict
+
+ @classmethod
def get_hash_dict(cls, accounts):
- hash_dict = {}
+ hash_dict = {'roles': {}, 'creds': {}}
+ # Loop over the accounts read from the yaml file
for account in accounts:
+ roles = []
+ types = []
+ if 'roles' in account:
+ roles = account.pop('roles')
+ if 'types' in account:
+ types = account.pop('types')
temp_hash = hashlib.md5()
temp_hash.update(str(account))
- hash_dict[temp_hash.hexdigest()] = account
+ temp_hash_key = temp_hash.hexdigest()
+ hash_dict['creds'][temp_hash_key] = account
+ for role in roles:
+ hash_dict = cls._append_role(role, temp_hash_key,
+ hash_dict)
+ # If types are set for the account append the matching role
+ # subdict with the hash
+ for type in types:
+ if type == 'admin':
+ hash_dict = cls._append_role(CONF.identity.admin_role,
+ temp_hash_key, hash_dict)
+ elif type == 'operator':
+ hash_dict = cls._append_role(
+ CONF.object_storage.operator_role, temp_hash_key,
+ hash_dict)
+ elif type == 'reseller_admin':
+ hash_dict = cls._append_role(
+ CONF.object_storage.reseller_admin_role,
+ temp_hash_key,
+ hash_dict)
return hash_dict
def is_multi_user(self):
@@ -63,7 +97,7 @@
raise exceptions.InvalidConfiguration(
"Account file %s doesn't exist" % CONF.auth.test_accounts_file)
else:
- return len(self.hash_dict) > 1
+ return len(self.hash_dict['creds']) > 1
def is_multi_tenant(self):
return self.is_multi_user()
@@ -78,6 +112,8 @@
@lockutils.synchronized('test_accounts_io', external=True)
def _get_free_hash(self, hashes):
+ # Cast as a list because in some edge cases a set will be passed in
+ hashes = list(hashes)
if not os.path.isdir(self.accounts_dir):
os.mkdir(self.accounts_dir)
# Create File from first hash (since none are in use)
@@ -97,12 +133,46 @@
'the credentials for this allocation request' % ','.join(names))
raise exceptions.InvalidConfiguration(msg)
- def _get_creds(self):
+ def _get_match_hash_list(self, roles=None):
+ hashes = []
+ if roles:
+ # Loop over all the creds for each role in the subdict and generate
+ # a list of cred lists for each role
+ for role in roles:
+ temp_hashes = self.hash_dict['roles'].get(role, None)
+ if not temp_hashes:
+ raise exceptions.InvalidConfiguration(
+ "No credentials with role: %s specified in the "
+ "accounts ""file" % role)
+ hashes.append(temp_hashes)
+ # Take the list of lists and do a boolean and between each list to
+ # find the creds which fall under all the specified roles
+ temp_list = set(hashes[0])
+ for hash_list in hashes[1:]:
+ temp_list = temp_list & set(hash_list)
+ hashes = temp_list
+ else:
+ hashes = self.hash_dict['creds'].keys()
+ # NOTE(mtreinish): admin is a special case because of the increased
+ # privlege set which could potentially cause issues on tests where that
+ # is not expected. So unless the admin role isn't specified do not
+ # allocate admin.
+ admin_hashes = self.hash_dict['roles'].get(CONF.identity.admin_role,
+ None)
+ if ((not roles or CONF.identity.admin_role not in roles) and
+ admin_hashes):
+ useable_hashes = [x for x in hashes if x not in admin_hashes]
+ else:
+ useable_hashes = hashes
+ return useable_hashes
+
+ def _get_creds(self, roles=None):
if self.use_default_creds:
raise exceptions.InvalidConfiguration(
"Account file %s doesn't exist" % CONF.auth.test_accounts_file)
- free_hash = self._get_free_hash(self.hash_dict.keys())
- return self.hash_dict[free_hash]
+ useable_hashes = self._get_match_hash_list(roles)
+ free_hash = self._get_free_hash(useable_hashes)
+ return self.hash_dict['creds'][free_hash]
@lockutils.synchronized('test_accounts_io', external=True)
def remove_hash(self, hash_string):
@@ -116,10 +186,10 @@
os.rmdir(self.accounts_dir)
def get_hash(self, creds):
- for _hash in self.hash_dict:
- # Comparing on the attributes that were read from the YAML
- if all([getattr(creds, k) == self.hash_dict[_hash][k] for k in
- creds.get_init_attributes()]):
+ for _hash in self.hash_dict['creds']:
+ # Comparing on the attributes that are expected in the YAML
+ if all([getattr(creds, k) == self.hash_dict['creds'][_hash][k] for
+ k in creds.get_init_attributes()]):
return _hash
raise AttributeError('Invalid credentials %s' % creds)
@@ -143,14 +213,39 @@
self.isolated_creds['alt'] = alt_credential
return alt_credential
+ def get_creds_by_roles(self, roles, force_new=False):
+ roles = list(set(roles))
+ exist_creds = self.isolated_creds.get(str(roles), None)
+ # The force kwarg is used to allocate an additional set of creds with
+ # the same role list. The index used for the previously allocation
+ # in the isolated_creds dict will be moved.
+ if exist_creds and not force_new:
+ return exist_creds
+ elif exist_creds and force_new:
+ new_index = str(roles) + '-' + str(len(self.isolated_creds))
+ self.isolated_creds[new_index] = exist_creds
+ creds = self._get_creds(roles=roles)
+ role_credential = cred_provider.get_credentials(**creds)
+ self.isolated_creds[str(roles)] = role_credential
+ return role_credential
+
def clear_isolated_creds(self):
for creds in self.isolated_creds.values():
self.remove_credentials(creds)
def get_admin_creds(self):
- msg = ('If admin credentials are available tenant_isolation should be'
- ' used instead')
- raise NotImplementedError(msg)
+ return self.get_creds_by_roles([CONF.identity.admin_role])
+
+ def is_role_available(self, role):
+ if self.use_default_creds:
+ return False
+ else:
+ if self.hash_dict['roles'].get(role):
+ return True
+ return False
+
+ def admin_available(self):
+ return self.is_role_available(CONF.identity.admin_role)
class NotLockingAccounts(Accounts):
@@ -173,7 +268,7 @@
raise exceptions.InvalidConfiguration(msg)
else:
# TODO(andreaf) Add a uniqueness check here
- return len(self.hash_dict) > 1
+ return len(self.hash_dict['creds']) > 1
def is_multi_user(self):
return self._unique_creds('username')
@@ -181,16 +276,17 @@
def is_multi_tenant(self):
return self._unique_creds('tenant_id')
- def get_creds(self, id):
+ def get_creds(self, id, roles=None):
try:
+ hashes = self._get_match_hash_list(roles)
# No need to sort the dict as within the same python process
# the HASH seed won't change, so subsequent calls to keys()
# will return the same result
- _hash = self.hash_dict.keys()[id]
+ _hash = hashes[id]
except IndexError:
msg = 'Insufficient number of users provided'
raise exceptions.InvalidConfiguration(msg)
- return self.hash_dict[_hash]
+ return self.hash_dict['creds'][_hash]
def get_primary_creds(self):
if self.isolated_creds.get('primary'):
@@ -220,5 +316,35 @@
self.isolated_creds = {}
def get_admin_creds(self):
- return cred_provider.get_configured_credentials(
- "identity_admin", fill_in=False)
+ if not self.use_default_creds:
+ return self.get_creds_by_roles([CONF.identity.admin_role])
+ else:
+ creds = cred_provider.get_configured_credentials(
+ "identity_admin", fill_in=False)
+ self.isolated_creds['admin'] = creds
+ return creds
+
+ def get_creds_by_roles(self, roles, force_new=False):
+ roles = list(set(roles))
+ exist_creds = self.isolated_creds.get(str(roles), None)
+ index = 0
+ if exist_creds and not force_new:
+ return exist_creds
+ elif exist_creds and force_new:
+ new_index = str(roles) + '-' + str(len(self.isolated_creds))
+ self.isolated_creds[new_index] = exist_creds
+ # Figure out how many existing creds for this roles set are present
+ # use this as the index the returning hash list to ensure separate
+ # creds are returned with force_new being True
+ for creds_names in self.isolated_creds:
+ if str(roles) in creds_names:
+ index = index + 1
+ if not self.use_default_creds:
+ creds = self.get_creds(index, roles=roles)
+ role_credential = cred_provider.get_credentials(**creds)
+ self.isolated_creds[str(roles)] = role_credential
+ else:
+ msg = "Default credentials can not be used with specifying "\
+ "credentials by roles"
+ raise exceptions.InvalidConfiguration(msg)
+ return role_credential
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index 033410e..ea628f6 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -113,3 +113,11 @@
@abc.abstractmethod
def is_multi_tenant(self):
return
+
+ @abc.abstractmethod
+ def get_creds_by_roles(self, roles, force_new=False):
+ return
+
+ @abc.abstractmethod
+ def is_role_available(self, role):
+ return
diff --git a/tempest/common/credentials.py b/tempest/common/credentials.py
index 40761c8..3794b66 100644
--- a/tempest/common/credentials.py
+++ b/tempest/common/credentials.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import os
+
from tempest.common import accounts
from tempest.common import cred_provider
from tempest.common import isolated_creds
@@ -46,24 +48,17 @@
# creds area vailable.
def is_admin_available():
is_admin = True
- # In the case of a pre-provisioned account, if even if creds were
- # configured, the admin credentials won't be available
- if (CONF.auth.locking_credentials_provider and
- not CONF.auth.allow_tenant_isolation):
- is_admin = False
+ # If tenant isolation is enabled admin will be available
+ if CONF.auth.allow_tenant_isolation:
+ return is_admin
+ # Check whether test accounts file has the admin specified or not
+ elif os.path.isfile(CONF.auth.test_accounts_file):
+ check_accounts = accounts.Accounts(name='check_admin')
+ if not check_accounts.admin_available():
+ is_admin = False
else:
try:
cred_provider.get_configured_credentials('identity_admin')
- # NOTE(mtreinish) This should never be caught because of the if above.
- # NotImplementedError is only raised if admin credentials are requested
- # and the locking test accounts cred provider is being used.
- except NotImplementedError:
- is_admin = False
- # NOTE(mtreinish): This will be raised by the non-locking accounts
- # provider if there aren't admin credentials provided in the config
- # file. This exception originates from the auth call to get configured
- # credentials
except exceptions.InvalidConfiguration:
is_admin = False
-
return is_admin
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index 3eed689..72a3183 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -79,8 +79,15 @@
except StopIteration:
msg = 'No "%s" role found' % role_name
raise lib_exc.NotFound(msg)
- self.identity_admin_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
+ try:
+ self.identity_admin_client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ except lib_exc.Conflict:
+ LOG.warning('Trying to add %s for user %s in tenant %s but they '
+ ' were already granted that role' % (role_name,
+ user['name'],
+ tenant['name']))
def _delete_user(self, user):
self.identity_admin_client.delete_user(user)
@@ -90,7 +97,7 @@
self._cleanup_default_secgroup(tenant)
self.identity_admin_client.delete_tenant(tenant)
- def _create_creds(self, suffix="", admin=False):
+ def _create_creds(self, suffix="", admin=False, roles=None):
"""Create random credentials under the following schema.
If the name contains a '.' is the full class path of something, and
@@ -114,15 +121,15 @@
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self._create_user(username, self.password,
tenant, email)
- if CONF.service_available.swift:
- # NOTE(andrey-mp): user needs this role to create containers
- # in swift
- swift_operator_role = CONF.object_storage.operator_role
- self._assign_user_role(tenant, user, swift_operator_role)
if admin:
self._assign_user_role(tenant, user, CONF.identity.admin_role)
- for role in CONF.auth.tempest_roles:
- self._assign_user_role(tenant, user, role)
+ # Add roles specified in config file
+ for conf_role in CONF.auth.tempest_roles:
+ self._assign_user_role(tenant, user, conf_role)
+ # Add roles requested by caller
+ if roles:
+ for role in roles:
+ self._assign_user_role(tenant, user, role)
return self._get_credentials(user, tenant)
def _get_credentials(self, user, tenant):
@@ -247,12 +254,15 @@
return self.isolated_net_resources.get('alt')[2]
def get_credentials(self, credential_type):
- if self.isolated_creds.get(credential_type):
- credentials = self.isolated_creds[credential_type]
+ if self.isolated_creds.get(str(credential_type)):
+ credentials = self.isolated_creds[str(credential_type)]
else:
- is_admin = (credential_type == 'admin')
- credentials = self._create_creds(admin=is_admin)
- self.isolated_creds[credential_type] = credentials
+ if credential_type in ['primary', 'alt', 'admin']:
+ is_admin = (credential_type == 'admin')
+ credentials = self._create_creds(admin=is_admin)
+ else:
+ credentials = self._create_creds(roles=credential_type)
+ self.isolated_creds[str(credential_type)] = credentials
# Maintained until tests are ported
LOG.info("Acquired isolated creds:\n credentials: %s"
% credentials)
@@ -260,7 +270,7 @@
not CONF.baremetal.driver_enabled):
network, subnet, router = self._create_network_resources(
credentials.tenant_id)
- self.isolated_net_resources[credential_type] = (
+ self.isolated_net_resources[str(credential_type)] = (
network, subnet, router,)
LOG.info("Created isolated network resources for : \n"
+ " credentials: %s" % credentials)
@@ -275,6 +285,26 @@
def get_alt_creds(self):
return self.get_credentials('alt')
+ def get_creds_by_roles(self, roles, force_new=False):
+ roles = list(set(roles))
+ # The roles list as a str will become the index as the dict key for
+ # the created credentials set in the isolated_creds dict.
+ exist_creds = self.isolated_creds.get(str(roles))
+ # If force_new flag is True 2 cred sets with the same roles are needed
+ # handle this by creating a separate index for old one to store it
+ # separately for cleanup
+ if exist_creds and force_new:
+ new_index = str(roles) + '-' + str(len(self.isolated_creds))
+ self.isolated_creds[new_index] = exist_creds
+ del self.isolated_creds[str(roles)]
+ # Handle isolated neutron resouces if they exist too
+ if CONF.service_available.neutron:
+ exist_net = self.isolated_net_resources.get(str(roles))
+ if exist_net:
+ self.isolated_net_resources[new_index] = exist_net
+ del self.isolated_net_resources[str(roles)]
+ return self.get_credentials(roles)
+
def _clear_isolated_router(self, router_id, router_name):
net_client = self.network_admin_client
try:
@@ -357,3 +387,6 @@
def is_multi_tenant(self):
return True
+
+ def is_role_available(self, role):
+ return True
diff --git a/tempest/common/service_client.py b/tempest/common/service_client.py
index fde05af..ad6610a 100644
--- a/tempest/common/service_client.py
+++ b/tempest/common/service_client.py
@@ -13,7 +13,6 @@
# under the License.
from tempest_lib.common import rest_client
-from tempest_lib import exceptions as lib_exceptions
from tempest import config
@@ -47,24 +46,6 @@
super(ServiceClient, self).__init__(auth_provider, service, region,
**params)
- def request(self, method, url, extra_headers=False, headers=None,
- body=None):
- # TODO(oomichi): This translation is just for avoiding a single
- # huge patch to migrate rest_client module to tempest-lib.
- # Ideally(in the future), we need to remove this translation and
- # replace each API tests with tempest-lib's exceptions.
- try:
- return super(ServiceClient, self).request(
- method, url,
- extra_headers=extra_headers,
- headers=headers, body=body)
- # TODO(oomichi): This is just a workaround for failing gate tests
- # when separating Forbidden from Unauthorized in tempest-lib.
- # We will need to remove this translation and replace negative tests
- # with lib_exceptions.Forbidden in the future.
- except lib_exceptions.Forbidden as ex:
- raise lib_exceptions.Unauthorized(ex)
-
class ResponseBody(dict):
"""Class that wraps an http response and dict body into a single value.
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 968c8ca..45c7ddd 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -207,7 +207,7 @@
self.assertEqual(server['name'], name)
return server
- def create_volume(self, size=1, name=None, snapshot_id=None,
+ def create_volume(self, size=None, name=None, snapshot_id=None,
imageRef=None, volume_type=None, wait_on_delete=True):
if name is None:
name = data_utils.rand_name(self.__class__.__name__)
@@ -1372,10 +1372,20 @@
raise cls.skipException(skip_msg)
cls.set_network_resources()
super(SwiftScenarioTest, cls).resource_setup()
+ operator_role = CONF.object_storage.operator_role
+ if not cls.isolated_creds.is_role_available(operator_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, operator_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ [operator_role]))
# Clients for Swift
- cls.account_client = cls.manager.account_client
- cls.container_client = cls.manager.container_client
- cls.object_client = cls.manager.object_client
+ cls.account_client = cls.os_operator.account_client
+ cls.container_client = cls.os_operator.container_client
+ cls.object_client = cls.os_operator.object_client
def get_swift_stat(self):
"""get swift status for our user account."""
diff --git a/tempest/scenario/orchestration/__init__.py b/tempest/scenario/orchestration/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/scenario/orchestration/__init__.py
+++ /dev/null
diff --git a/tempest/scenario/orchestration/cfn_init_signal.yaml b/tempest/scenario/orchestration/cfn_init_signal.yaml
deleted file mode 100644
index c95aabf..0000000
--- a/tempest/scenario/orchestration/cfn_init_signal.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
-HeatTemplateFormatVersion: '2012-12-12'
-Description: |
- Template which uses a wait condition to confirm that a minimal
- cfn-init and cfn-signal has worked
-Parameters:
- key_name:
- Type: String
- flavor:
- Type: String
- image:
- Type: String
- network:
- Type: String
- timeout:
- Type: Number
-Resources:
- CfnUser:
- Type: AWS::IAM::User
- SmokeSecurityGroup:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupDescription: Enable only ping and SSH access
- SecurityGroupIngress:
- - {CidrIp: 0.0.0.0/0, FromPort: '-1', IpProtocol: icmp, ToPort: '-1'}
- - {CidrIp: 0.0.0.0/0, FromPort: '22', IpProtocol: tcp, ToPort: '22'}
- SmokeKeys:
- Type: AWS::IAM::AccessKey
- Properties:
- UserName: {Ref: CfnUser}
- SmokeServer:
- Type: OS::Nova::Server
- Metadata:
- AWS::CloudFormation::Init:
- config:
- files:
- /tmp/smoke-status:
- content: smoke test complete
- /etc/cfn/cfn-credentials:
- content:
- Fn::Replace:
- - SmokeKeys: {Ref: SmokeKeys}
- SecretAccessKey:
- 'Fn::GetAtt': [SmokeKeys, SecretAccessKey]
- - |
- AWSAccessKeyId=SmokeKeys
- AWSSecretKey=SecretAccessKey
- mode: '000400'
- owner: root
- group: root
- Properties:
- image: {Ref: image}
- flavor: {Ref: flavor}
- key_name: {Ref: key_name}
- security_groups:
- - {Ref: SmokeSecurityGroup}
- networks:
- - uuid: {Ref: network}
- user_data:
- Fn::Replace:
- - WaitHandle: {Ref: WaitHandle}
- - |
- #!/bin/bash -v
- /opt/aws/bin/cfn-init
- /opt/aws/bin/cfn-signal -e 0 --data "`cat /tmp/smoke-status`" \
- --id smoke_status "WaitHandle"
- WaitHandle:
- Type: AWS::CloudFormation::WaitConditionHandle
- WaitCondition:
- Type: AWS::CloudFormation::WaitCondition
- DependsOn: SmokeServer
- Properties:
- Handle: {Ref: WaitHandle}
- Timeout: {Ref: timeout}
-Outputs:
- WaitConditionStatus:
- Description: Contents of /tmp/smoke-status on SmokeServer
- Value:
- Fn::GetAtt: [WaitCondition, Data]
- SmokeServerIp:
- Description: IP address of server
- Value:
- Fn::GetAtt: [SmokeServer, first_address]
diff --git a/tempest/scenario/orchestration/test_server_cfn_init.py b/tempest/scenario/orchestration/test_server_cfn_init.py
deleted file mode 100644
index 53f7843..0000000
--- a/tempest/scenario/orchestration/test_server_cfn_init.py
+++ /dev/null
@@ -1,134 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import json
-
-from tempest_lib import decorators
-
-from tempest import config
-from tempest import exceptions
-from tempest.openstack.common import log as logging
-from tempest.scenario import manager
-from tempest import test
-
-CONF = config.CONF
-LOG = logging.getLogger(__name__)
-
-
-class CfnInitScenarioTest(manager.OrchestrationScenarioTest):
-
- def setUp(self):
- super(CfnInitScenarioTest, self).setUp()
- if not CONF.orchestration.image_ref:
- raise self.skipException("No image available to test")
- self.client = self.orchestration_client
- self.template_name = 'cfn_init_signal.yaml'
-
- def assign_keypair(self):
- self.stack_name = self._stack_rand_name()
- if CONF.orchestration.keypair_name:
- self.keypair = None
- self.keypair_name = CONF.orchestration.keypair_name
- else:
- self.keypair = self.create_keypair()
- self.keypair_name = self.keypair['name']
-
- def launch_stack(self):
- net = self._get_default_network()
- self.parameters = {
- 'key_name': self.keypair_name,
- 'flavor': CONF.orchestration.instance_type,
- 'image': CONF.orchestration.image_ref,
- 'timeout': CONF.orchestration.build_timeout,
- 'network': net['id'],
- }
-
- # create the stack
- self.template = self._load_template(__file__, self.template_name)
- stack = self.client.create_stack(
- name=self.stack_name,
- template=self.template,
- parameters=self.parameters)
- stack = stack['stack']
-
- self.stack = self.client.get_stack(stack['id'])
- self.stack_identifier = '%s/%s' % (self.stack_name, self.stack['id'])
- self.addCleanup(self.delete_wrapper,
- self.orchestration_client.delete_stack,
- self.stack_identifier)
-
- def check_stack(self):
- sid = self.stack_identifier
- self.client.wait_for_resource_status(
- sid, 'WaitHandle', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeSecurityGroup', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeKeys', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'CfnUser', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeServer', 'CREATE_COMPLETE')
-
- server_resource = self.client.get_resource(sid, 'SmokeServer')
- server_id = server_resource['physical_resource_id']
- server = self.servers_client.get_server(server_id)
- server_ip =\
- server['addresses'][CONF.compute.network_for_ssh][0]['addr']
-
- if not self.ping_ip_address(
- server_ip, ping_timeout=CONF.orchestration.build_timeout):
- self._log_console_output(servers=[server])
- self.fail(
- "(CfnInitScenarioTest:test_server_cfn_init) Timed out waiting "
- "for %s to become reachable" % server_ip)
-
- try:
- self.client.wait_for_resource_status(
- sid, 'WaitCondition', 'CREATE_COMPLETE')
- except (exceptions.StackResourceBuildErrorException,
- exceptions.TimeoutException) as e:
- raise e
- finally:
- # attempt to log the server console regardless of WaitCondition
- # going to complete. This allows successful and failed cloud-init
- # logs to be compared
- self._log_console_output(servers=[server])
-
- self.client.wait_for_stack_status(sid, 'CREATE_COMPLETE')
-
- stack = self.client.get_stack(sid)
-
- # This is an assert of great significance, as it means the following
- # has happened:
- # - cfn-init read the provided metadata and wrote out a file
- # - a user was created and credentials written to the server
- # - a cfn-signal was built which was signed with provided credentials
- # - the wait condition was fulfilled and the stack has changed state
- wait_status = json.loads(
- self._stack_output(stack, 'WaitConditionStatus'))
- self.assertEqual('smoke test complete', wait_status['smoke_status'])
-
- if self.keypair:
- # Check that the user can authenticate with the generated
- # keypair
- self.get_remote_client(server_ip, username='ec2-user',
- log_console_of_servers=[server])
-
- @test.attr(type='slow')
- @decorators.skip_because(bug='1374175')
- @test.idempotent_id('2be9be1f-8106-4ee2-a7ba-444c7557db2f')
- @test.services('orchestration', 'compute')
- def test_server_cfn_init(self):
- self.assign_keypair()
- self.launch_stack()
- self.check_stack()
diff --git a/tempest/scenario/test_load_balancer_basic.py b/tempest/scenario/test_load_balancer_basic.py
index 6f6036f..2dfabe3 100644
--- a/tempest/scenario/test_load_balancer_basic.py
+++ b/tempest/scenario/test_load_balancer_basic.py
@@ -262,6 +262,8 @@
port_id=port_id)
self.floating_ips.setdefault(vip.id, [])
self.floating_ips[vip.id].append(floating_ip)
+ # Check for floating ip status before you check load-balancer
+ self.check_floating_ip_status(floating_ip, "ACTIVE")
def _create_load_balancer(self):
self._create_pool()
diff --git a/tempest/scenario/test_network_advanced_server_ops.py b/tempest/scenario/test_network_advanced_server_ops.py
index 6e82a41..19a8716 100644
--- a/tempest/scenario/test_network_advanced_server_ops.py
+++ b/tempest/scenario/test_network_advanced_server_ops.py
@@ -84,10 +84,11 @@
should_connect=should_connect,
servers_for_debug=[self.server])
floating_ip = self.floating_ip.floating_ip_address
+ # Check FloatingIP status before checking the connectivity
+ self.check_floating_ip_status(self.floating_ip, 'ACTIVE')
self.check_public_network_connectivity(floating_ip, username,
private_key, should_connect,
servers=[self.server])
- self.check_floating_ip_status(self.floating_ip, 'ACTIVE')
def _wait_server_status_and_check_network_connectivity(self):
self.servers_client.wait_for_server_status(self.server['id'], 'ACTIVE')
diff --git a/tempest/scenario/test_network_basic_ops.py b/tempest/scenario/test_network_basic_ops.py
index 4199b2c..81bec51 100644
--- a/tempest/scenario/test_network_basic_ops.py
+++ b/tempest/scenario/test_network_basic_ops.py
@@ -190,12 +190,13 @@
if should_connect:
private_key = self._get_server_key(server)
floatingip_status = 'ACTIVE'
+ # Check FloatingIP Status before initiating a connection
+ if should_check_floating_ip_status:
+ self.check_floating_ip_status(floating_ip, floatingip_status)
# call the common method in the parent class
super(TestNetworkBasicOps, self).check_public_network_connectivity(
ip_address, ssh_login, private_key, should_connect, msg,
self.servers)
- if should_check_floating_ip_status:
- self.check_floating_ip_status(floating_ip, floatingip_status)
def _disassociate_floating_ips(self):
floating_ip, server = self.floating_ip_tuple
diff --git a/tempest/scenario/test_swift_telemetry_middleware.py b/tempest/scenario/test_swift_telemetry_middleware.py
index 8305641..16c3976 100644
--- a/tempest/scenario/test_swift_telemetry_middleware.py
+++ b/tempest/scenario/test_swift_telemetry_middleware.py
@@ -53,7 +53,7 @@
skip_msg = "Ceilometer feature for fast work mysql is disabled"
raise cls.skipException(skip_msg)
super(TestSwiftTelemetry, cls).resource_setup()
- cls.telemetry_client = cls.manager.telemetry_client
+ cls.telemetry_client = cls.os_operator.telemetry_client
def _confirm_notifications(self, container_name, obj_name):
"""
diff --git a/tempest/services/compute/json/volumes_extensions_client.py b/tempest/services/compute/json/volumes_extensions_client.py
index a9cada8..b2d5cf9 100644
--- a/tempest/services/compute/json/volumes_extensions_client.py
+++ b/tempest/services/compute/json/volumes_extensions_client.py
@@ -26,6 +26,12 @@
class VolumesExtensionsClientJSON(service_client.ServiceClient):
+ def __init__(self, auth_provider, service, region,
+ default_volume_size=1, **kwargs):
+ super(VolumesExtensionsClientJSON, self).__init__(
+ auth_provider, service, region, **kwargs)
+ self.default_volume_size = default_volume_size
+
def list_volumes(self, params=None):
"""List all the volumes created."""
url = 'os-volumes'
@@ -56,7 +62,7 @@
self.validate_response(schema.create_get_volume, resp, body)
return service_client.ResponseBody(resp, body['volume'])
- def create_volume(self, size, **kwargs):
+ def create_volume(self, size=None, **kwargs):
"""
Creates a new Volume.
size(Required): Size of volume in GB.
@@ -64,6 +70,8 @@
display_name: Optional Volume Name.
metadata: A dictionary of values to be used as metadata.
"""
+ if size is None:
+ size = self.default_volume_size
post_body = {
'size': size
}
diff --git a/tempest/stress/actions/volume_attach_delete.py b/tempest/stress/actions/volume_attach_delete.py
index 2e1d623..a5e393f 100644
--- a/tempest/stress/actions/volume_attach_delete.py
+++ b/tempest/stress/actions/volume_attach_delete.py
@@ -29,7 +29,6 @@
name = data_utils.rand_name("volume")
self.logger.info("creating volume: %s" % name)
volume = self.manager.volumes_client.create_volume(
- size=1,
display_name=name)
self.manager.volumes_client.wait_for_volume_status(volume['id'],
'available')
diff --git a/tempest/stress/actions/volume_attach_verify.py b/tempest/stress/actions/volume_attach_verify.py
index c013af3..a6abd82 100644
--- a/tempest/stress/actions/volume_attach_verify.py
+++ b/tempest/stress/actions/volume_attach_verify.py
@@ -78,7 +78,6 @@
self.logger.info("creating volume: %s" % name)
volumes_client = self.manager.volumes_client
self.volume = volumes_client.create_volume(
- size=1,
display_name=name)
volumes_client.wait_for_volume_status(self.volume['id'],
'available')
diff --git a/tempest/stress/actions/volume_create_delete.py b/tempest/stress/actions/volume_create_delete.py
index 93402d9..4870055 100644
--- a/tempest/stress/actions/volume_create_delete.py
+++ b/tempest/stress/actions/volume_create_delete.py
@@ -20,8 +20,7 @@
name = data_utils.rand_name("volume")
self.logger.info("creating %s" % name)
volumes_client = self.manager.volumes_client
- volume = volumes_client.create_volume(size=1,
- display_name=name)
+ volume = volumes_client.create_volume(display_name=name)
vol_id = volume['id']
volumes_client.wait_for_volume_status(vol_id, 'available')
self.logger.info("created %s" % volume['id'])
diff --git a/tempest/tests/common/test_accounts.py b/tempest/tests/common/test_accounts.py
index 1e6b651..58e3c0c 100644
--- a/tempest/tests/common/test_accounts.py
+++ b/tempest/tests/common/test_accounts.py
@@ -51,7 +51,19 @@
{'username': 'test_user5', 'tenant_name': 'test_tenant5',
'password': 'p'},
{'username': 'test_user6', 'tenant_name': 'test_tenant6',
- 'password': 'p'},
+ 'password': 'p', 'roles': ['role1', 'role2']},
+ {'username': 'test_user7', 'tenant_name': 'test_tenant7',
+ 'password': 'p', 'roles': ['role2', 'role3']},
+ {'username': 'test_user8', 'tenant_name': 'test_tenant8',
+ 'password': 'p', 'roles': ['role4', 'role1']},
+ {'username': 'test_user9', 'tenant_name': 'test_tenant9',
+ 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
+ {'username': 'test_user10', 'tenant_name': 'test_tenant10',
+ 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
+ {'username': 'test_user11', 'tenant_name': 'test_tenant11',
+ 'password': 'p', 'roles': [cfg.CONF.identity.admin_role]},
+ {'username': 'test_user12', 'tenant_name': 'test_tenant12',
+ 'password': 'p', 'roles': [cfg.CONF.identity.admin_role]},
]
self.useFixture(mockpatch.Patch(
'tempest.common.accounts.read_accounts_yaml',
@@ -64,7 +76,8 @@
for account in accounts_list:
hash = hashlib.md5()
hash.update(str(account))
- hash_list.append(hash.hexdigest())
+ temp_hash = hash.hexdigest()
+ hash_list.append(temp_hash)
return hash_list
def test_get_hash(self):
@@ -83,8 +96,8 @@
hash_dict = test_account_class.get_hash_dict(self.test_accounts)
hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list:
- self.assertIn(hash, hash_dict.keys())
- self.assertIn(hash_dict[hash], self.test_accounts)
+ self.assertIn(hash, hash_dict['creds'].keys())
+ self.assertIn(hash_dict['creds'][hash], self.test_accounts)
def test_create_hash_file_previous_file(self):
# Emulate the lock existing on the filesystem
@@ -201,6 +214,62 @@
test_accounts_class = accounts.Accounts('test_name')
self.assertFalse(test_accounts_class.is_multi_user())
+ def test__get_creds_by_roles_one_role(self):
+ self.useFixture(mockpatch.Patch(
+ 'tempest.common.accounts.read_accounts_yaml',
+ return_value=self.test_accounts))
+ test_accounts_class = accounts.Accounts('test_name')
+ hashes = test_accounts_class.hash_dict['roles']['role4']
+ temp_hash = hashes[0]
+ get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
+ test_accounts_class, '_get_free_hash', return_value=temp_hash))
+ # Test a single role returns all matching roles
+ test_accounts_class._get_creds(roles=['role4'])
+ calls = get_free_hash_mock.mock.mock_calls
+ self.assertEqual(len(calls), 1)
+ args = calls[0][1][0]
+ for i in hashes:
+ self.assertIn(i, args)
+
+ def test__get_creds_by_roles_list_role(self):
+ self.useFixture(mockpatch.Patch(
+ 'tempest.common.accounts.read_accounts_yaml',
+ return_value=self.test_accounts))
+ test_accounts_class = accounts.Accounts('test_name')
+ hashes = test_accounts_class.hash_dict['roles']['role4']
+ hashes2 = test_accounts_class.hash_dict['roles']['role2']
+ hashes = list(set(hashes) & set(hashes2))
+ temp_hash = hashes[0]
+ get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
+ test_accounts_class, '_get_free_hash', return_value=temp_hash))
+ # Test an intersection of multiple roles
+ test_accounts_class._get_creds(roles=['role2', 'role4'])
+ calls = get_free_hash_mock.mock.mock_calls
+ self.assertEqual(len(calls), 1)
+ args = calls[0][1][0]
+ for i in hashes:
+ self.assertIn(i, args)
+
+ def test__get_creds_by_roles_no_admin(self):
+ self.useFixture(mockpatch.Patch(
+ 'tempest.common.accounts.read_accounts_yaml',
+ return_value=self.test_accounts))
+ test_accounts_class = accounts.Accounts('test_name')
+ hashes = test_accounts_class.hash_dict['creds'].keys()
+ admin_hashes = test_accounts_class.hash_dict['roles'][
+ cfg.CONF.identity.admin_role]
+ temp_hash = hashes[0]
+ get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
+ test_accounts_class, '_get_free_hash', return_value=temp_hash))
+ # Test an intersection of multiple roles
+ test_accounts_class._get_creds()
+ calls = get_free_hash_mock.mock.mock_calls
+ self.assertEqual(len(calls), 1)
+ args = calls[0][1][0]
+ self.assertEqual(len(args), 10)
+ for i in admin_hashes:
+ self.assertNotIn(i, args)
+
class TestNotLockingAccount(base.TestCase):
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_tenant_isolation.py
index ab76a93..a420a8f 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_tenant_isolation.py
@@ -75,6 +75,17 @@
{'id': '1', 'name': 'FakeRole'}]))))
return roles_fix
+ def _mock_list_2_roles(self):
+ roles_fix = self.useFixture(mockpatch.PatchObject(
+ json_iden_client.IdentityClientJSON,
+ 'list_roles',
+ return_value=(service_client.ResponseBodyList
+ (200,
+ [{'id': '1234', 'name': 'role1'},
+ {'id': '1', 'name': 'FakeRole'},
+ {'id': '12345', 'name': 'role2'}]))))
+ return roles_fix
+
def _mock_assign_user_role(self):
tenant_fix = self.useFixture(mockpatch.PatchObject(
json_iden_client.IdentityClientJSON,
@@ -145,7 +156,6 @@
'assign_user_role') as user_mock:
admin_creds = iso_creds.get_admin_creds()
user_mock.assert_has_calls([
- mock.call('1234', '1234', '1'),
mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant')
@@ -154,6 +164,34 @@
self.assertEqual(admin_creds.user_id, '1234')
@mock.patch('tempest_lib.common.rest_client.RestClient')
+ def test_role_creds(self, MockRestClient):
+ cfg.CONF.set_default('neutron', False, 'service_available')
+ iso_creds = isolated_creds.IsolatedCreds('test class',
+ password='fake_password')
+ self._mock_list_2_roles()
+ self._mock_user_create('1234', 'fake_role_user')
+ self._mock_tenant_create('1234', 'fake_role_tenant')
+
+ user_mock = mock.patch.object(json_iden_client.IdentityClientJSON,
+ 'assign_user_role')
+ user_mock.start()
+ self.addCleanup(user_mock.stop)
+ with mock.patch.object(json_iden_client.IdentityClientJSON,
+ 'assign_user_role') as user_mock:
+ role_creds = iso_creds.get_creds_by_roles(roles=['role1', 'role2'])
+ calls = user_mock.mock_calls
+ # Assert that the role creation is called with the 2 specified roles
+ self.assertEqual(len(calls), 2)
+ args = map(lambda x: x[1], calls)
+ self.assertIn(('1234', '1234', '1234'), args)
+ self.assertIn(('1234', '1234', '12345'), args)
+ self.assertEqual(role_creds.username, 'fake_role_user')
+ self.assertEqual(role_creds.tenant_name, 'fake_role_tenant')
+ # Verify IDs
+ self.assertEqual(role_creds.tenant_id, '1234')
+ self.assertEqual(role_creds.user_id, '1234')
+
+ @mock.patch('tempest_lib.common.rest_client.RestClient')
def test_all_cred_cleanup(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
diff --git a/tempest/thirdparty/boto/test_ec2_instance_run.py b/tempest/thirdparty/boto/test_ec2_instance_run.py
index 39767a4..4a2bd23 100644
--- a/tempest/thirdparty/boto/test_ec2_instance_run.py
+++ b/tempest/thirdparty/boto/test_ec2_instance_run.py
@@ -249,7 +249,8 @@
self.addResourceCleanUp(self.destroy_reservation,
reservation)
- volume = self.ec2_client.create_volume(1, self.zone)
+ volume = self.ec2_client.create_volume(CONF.volume.volume_size,
+ self.zone)
LOG.debug("Volume created - status: %s", volume.status)
self.addResourceCleanUp(self.destroy_volume_wait, volume)
diff --git a/tempest/thirdparty/boto/test_ec2_volumes.py b/tempest/thirdparty/boto/test_ec2_volumes.py
index 318e8e3..9a6d13f 100644
--- a/tempest/thirdparty/boto/test_ec2_volumes.py
+++ b/tempest/thirdparty/boto/test_ec2_volumes.py
@@ -49,7 +49,7 @@
@test.idempotent_id('663f0077-c743-48ad-8ae0-46821cbc0918')
def test_create_get_delete(self):
# EC2 Create, get, delete Volume
- volume = self.client.create_volume(1, self.zone)
+ volume = self.client.create_volume(CONF.volume.volume_size, self.zone)
cuk = self.addResourceCleanUp(self.client.delete_volume, volume.id)
self.assertIn(volume.status, self.valid_volume_status)
retrieved = self.client.get_all_volumes((volume.id,))
@@ -62,14 +62,15 @@
@test.idempotent_id('c6b60d7a-1af7-4f8e-af21-d539d9496149')
def test_create_volume_from_snapshot(self):
# EC2 Create volume from snapshot
- volume = self.client.create_volume(1, self.zone)
+ volume = self.client.create_volume(CONF.volume.volume_size, self.zone)
self.addResourceCleanUp(self.client.delete_volume, volume.id)
self.assertVolumeStatusWait(volume, "available")
snap = self.client.create_snapshot(volume.id)
self.addResourceCleanUp(self.destroy_snapshot_wait, snap)
self.assertSnapshotStatusWait(snap, "completed")
- svol = self.client.create_volume(1, self.zone, snapshot=snap)
+ svol = self.client.create_volume(CONF.volume.volume_size, self.zone,
+ snapshot=snap)
cuk = self.addResourceCleanUp(svol.delete)
self.assertVolumeStatusWait(svol, "available")
svol.delete()