Merge "Log the credentials used to clear networks"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index b70b446..3c6eb44 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -578,6 +578,10 @@
# (string value)
#auth_version = v2
+# Specify a CA bundle file to use in verifying a TLS (https) server
+# certificate. (string value)
+#ca_certificates_file = <None>
+
# Catalog type of the Identity service. (string value)
#catalog_type = identity
diff --git a/tempest/api/identity/admin/v3/test_default_project_id.py b/tempest/api/identity/admin/v3/test_default_project_id.py
new file mode 100644
index 0000000..8ffd1ed
--- /dev/null
+++ b/tempest/api/identity/admin/v3/test_default_project_id.py
@@ -0,0 +1,84 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest import auth
+from tempest import clients
+from tempest.common.utils import data_utils
+from tempest import test
+
+
+class TestDefaultProjectId (base.BaseIdentityV3AdminTest):
+ _interface = 'json'
+
+ @classmethod
+ def resource_setup(cls):
+ cls.set_network_resources()
+ super(TestDefaultProjectId, cls).resource_setup()
+
+ def _delete_domain(self, domain_id):
+ # It is necessary to disable the domain before deleting,
+ # or else it would result in unauthorized error
+ self.client.update_domain(domain_id, enabled=False)
+ self.client.delete_domain(domain_id)
+
+ @test.attr(type='smoke')
+ def test_default_project_id(self):
+ # create a domain
+ dom_name = data_utils.rand_name('dom')
+ _, domain_body = self.client.create_domain(dom_name)
+ dom_id = domain_body['id']
+ self.addCleanup(self._delete_domain, dom_id)
+
+ # create a project in the domain
+ proj_name = data_utils.rand_name('proj')
+ _, proj_body = self.client.create_project(proj_name, domain_id=dom_id)
+ proj_id = proj_body['id']
+ self.addCleanup(self.client.delete_project, proj_id)
+ self.assertEqual(proj_body['domain_id'], dom_id,
+ "project " + proj_name +
+ "doesn't have domain id " + dom_id)
+
+ # create a user in the domain, with the previous project as his
+ # default project
+ user_name = data_utils.rand_name('user')
+ _, user_body = self.client.create_user(user_name, password=user_name,
+ domain_id=dom_id,
+ default_project_id=proj_id)
+ user_id = user_body['id']
+ self.addCleanup(self.client.delete_user, user_id)
+ self.assertEqual(user_body['domain_id'], dom_id,
+ "user " + user_name +
+ "doesn't have domain id " + dom_id)
+
+ # get roles and find the admin role
+ admin_role = self.get_role_by_name("admin")
+ admin_role_id = admin_role['id']
+
+ # grant the admin role to the user on his project
+ self.client.assign_user_role_on_project(proj_id, user_id,
+ admin_role_id)
+
+ # create a new client with user's credentials (NOTE: unscoped token!)
+ creds = auth.KeystoneV3Credentials(username=user_name,
+ password=user_name,
+ domain_name=dom_name)
+ auth_provider = auth.KeystoneV3AuthProvider(creds)
+ creds = auth_provider.fill_credentials()
+ admin_client = clients.Manager(interface=self._interface,
+ credentials=creds)
+
+ # verify the user's token and see that it is scoped to the project
+ token, auth_data = admin_client.auth_provider.get_auth()
+ _, result = admin_client.identity_v3_client.get_token(token)
+ self.assertEqual(result['project']['domain']['id'], dom_id)
+ self.assertEqual(result['project']['id'], proj_id)
diff --git a/tempest/api/volume/base.py b/tempest/api/volume/base.py
index 0e3cd92..52e48f3 100644
--- a/tempest/api/volume/base.py
+++ b/tempest/api/volume/base.py
@@ -145,10 +145,6 @@
pass
-class BaseVolumeV1Test(BaseVolumeTest):
- _api_version = 1
-
-
class BaseVolumeAdminTest(BaseVolumeTest):
"""Base test case class for all Volume Admin API tests."""
@classmethod
@@ -222,7 +218,3 @@
except exceptions.NotFound:
# The qos_specs may have already been deleted which is OK.
pass
-
-
-class BaseVolumeV1AdminTest(BaseVolumeAdminTest):
- _api_version = 1
diff --git a/tempest/common/rest_client.py b/tempest/common/rest_client.py
index ac1217c..4c3905c 100644
--- a/tempest/common/rest_client.py
+++ b/tempest/common/rest_client.py
@@ -123,8 +123,9 @@
'retry-after', 'server',
'vary', 'www-authenticate'))
dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
self.http_obj = http.ClosingHttp(
- disable_ssl_certificate_validation=dscv)
+ disable_ssl_certificate_validation=dscv, ca_certs=ca_certs)
def _get_type(self):
return self.TYPE
diff --git a/tempest/config.py b/tempest/config.py
index b467f83..03346c9 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -71,6 +71,10 @@
cfg.BoolOpt('disable_ssl_certificate_validation',
default=False,
help="Set to True if using self-signed SSL certificates."),
+ cfg.StrOpt('ca_certificates_file',
+ default=None,
+ help='Specify a CA bundle file to use in verifying a '
+ 'TLS (https) server certificate.'),
cfg.StrOpt('uri',
help="Full URI of the OpenStack Identity API (Keystone), v2"),
cfg.StrOpt('uri_v3',
diff --git a/tempest/scenario/test_large_ops.py b/tempest/scenario/test_large_ops.py
index e9fa960..60fd2bd 100644
--- a/tempest/scenario/test_large_ops.py
+++ b/tempest/scenario/test_large_ops.py
@@ -84,7 +84,7 @@
self.image,
flavor_id,
min_count=CONF.scenario.large_ops_number,
- security_groups=[secgroup])
+ security_groups=[{'name': secgroup['name']}])
# needed because of bug 1199788
params = {'name': name}
_, server_list = self.servers_client.list_servers(params)
diff --git a/tempest/scenario/test_load_balancer_basic.py b/tempest/scenario/test_load_balancer_basic.py
index 7240208..4b2dacd 100644
--- a/tempest/scenario/test_load_balancer_basic.py
+++ b/tempest/scenario/test_load_balancer_basic.py
@@ -123,7 +123,7 @@
def _create_server(self, name):
keypair = self.create_keypair()
- security_groups = [self.security_group]
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'networks': [
{'uuid': self.network['id']},
diff --git a/tempest/scenario/test_network_advanced_server_ops.py b/tempest/scenario/test_network_advanced_server_ops.py
index ad7f18c..61c710e 100644
--- a/tempest/scenario/test_network_advanced_server_ops.py
+++ b/tempest/scenario/test_network_advanced_server_ops.py
@@ -65,7 +65,7 @@
{'uuid': network.id},
],
'key_name': self.keypair['name'],
- 'security_groups': [security_group],
+ 'security_groups': [{'name': security_group['name']}],
}
server_name = data_utils.rand_name('server-smoke')
self.server = self.create_server(name=server_name,
diff --git a/tempest/scenario/test_network_basic_ops.py b/tempest/scenario/test_network_basic_ops.py
index bac955d..9618124 100644
--- a/tempest/scenario/test_network_basic_ops.py
+++ b/tempest/scenario/test_network_basic_ops.py
@@ -146,7 +146,7 @@
def _create_server(self, name, network):
keypair = self.create_keypair()
self.keypairs[keypair['name']] = keypair
- security_groups = [self.security_group]
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'networks': [
{'uuid': network.id},
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 747850b..7e6805c 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -230,12 +230,13 @@
self._set_compute_context(tenant)
if security_groups is None:
security_groups = [tenant.security_groups['default']]
+ security_groups_names = [{'name': s['name']} for s in security_groups]
create_kwargs = {
'networks': [
{'uuid': tenant.network.id},
],
'key_name': tenant.keypair['name'],
- 'security_groups': security_groups,
+ 'security_groups': security_groups_names,
'tenant_id': tenant.creds.tenant_id
}
server = self.create_server(name=name, create_kwargs=create_kwargs)
diff --git a/tempest/scenario/test_server_basic_ops.py b/tempest/scenario/test_server_basic_ops.py
index eb636f7..7e512a9 100644
--- a/tempest/scenario/test_server_basic_ops.py
+++ b/tempest/scenario/test_server_basic_ops.py
@@ -68,7 +68,7 @@
def boot_instance(self):
# Create server with image and flavor from input scenario
- security_groups = [self.security_group]
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'key_name': self.keypair['name'],
'security_groups': security_groups
diff --git a/tempest/scenario/test_shelve_instance.py b/tempest/scenario/test_shelve_instance.py
index 3ee71dd..8882177 100644
--- a/tempest/scenario/test_shelve_instance.py
+++ b/tempest/scenario/test_shelve_instance.py
@@ -67,10 +67,11 @@
self.keypair = self.create_keypair()
self.security_group = self._create_security_group()
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'key_name': self.keypair['name'],
- 'security_groups': [self.security_group]
+ 'security_groups': security_groups
}
server = self.create_server(image=CONF.compute.image_ref,
create_kwargs=create_kwargs)
diff --git a/tempest/scenario/test_snapshot_pattern.py b/tempest/scenario/test_snapshot_pattern.py
index 9a99da4..159585b 100644
--- a/tempest/scenario/test_snapshot_pattern.py
+++ b/tempest/scenario/test_snapshot_pattern.py
@@ -37,7 +37,7 @@
"""
def _boot_image(self, image_id):
- security_groups = [self.security_group]
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'key_name': self.keypair['name'],
'security_groups': security_groups
diff --git a/tempest/scenario/test_stamp_pattern.py b/tempest/scenario/test_stamp_pattern.py
index ee2c737..cfc1d37 100644
--- a/tempest/scenario/test_stamp_pattern.py
+++ b/tempest/scenario/test_stamp_pattern.py
@@ -61,7 +61,7 @@
status)
def _boot_image(self, image_id):
- security_groups = [self.security_group]
+ security_groups = [{'name': self.security_group['name']}]
create_kwargs = {
'key_name': self.keypair['name'],
'security_groups': security_groups
diff --git a/tempest/scenario/test_swift_basic_ops.py b/tempest/scenario/test_swift_basic_ops.py
index fcb9505..312fbc6 100644
--- a/tempest/scenario/test_swift_basic_ops.py
+++ b/tempest/scenario/test_swift_basic_ops.py
@@ -65,7 +65,10 @@
obj_name, _ = self.upload_object_to_container(container_name)
obj_url = '%s/%s/%s' % (self.object_client.base_url,
container_name, obj_name)
- http_client = http.ClosingHttp()
+ dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
+ http_client = http.ClosingHttp(
+ disable_ssl_certificate_validation=dscv, ca_certs=ca_certs)
resp, _ = http_client.request(obj_url, 'GET')
self.assertEqual(resp.status, 401)
self.change_container_acl(container_name, '.r:*')
diff --git a/tempest/services/botoclients.py b/tempest/services/botoclients.py
index 7af904b..f581e89 100644
--- a/tempest/services/botoclients.py
+++ b/tempest/services/botoclients.py
@@ -38,6 +38,7 @@
# FIXME(andreaf) replace credentials and auth_url with auth_provider
insecure_ssl = CONF.identity.disable_ssl_certificate_validation
+ ca_cert = CONF.identity.ca_certificates_file
self.connection_timeout = str(CONF.boto.http_socket_timeout)
self.num_retries = str(CONF.boto.num_retries)
@@ -46,7 +47,8 @@
"password": password,
"auth_url": auth_url,
"tenant_name": tenant_name,
- "insecure": insecure_ssl}
+ "insecure": insecure_ssl,
+ "cacert": ca_cert}
def _keystone_aws_get(self):
# FIXME(andreaf) Move EC2 credentials to AuthProvider
diff --git a/tempest/services/identity/v3/json/identity_client.py b/tempest/services/identity/v3/json/identity_client.py
index 5ad416c..6ac4901 100644
--- a/tempest/services/identity/v3/json/identity_client.py
+++ b/tempest/services/identity/v3/json/identity_client.py
@@ -36,8 +36,10 @@
"""Creates a user."""
en = kwargs.get('enabled', True)
description = kwargs.get('description', None)
+ default_project_id = kwargs.get('default_project_id')
post_body = {
'project_id': project_id,
+ 'default_project_id': default_project_id,
'description': description,
'domain_id': domain_id,
'email': email,
@@ -57,6 +59,11 @@
email = kwargs.get('email', body['email'])
en = kwargs.get('enabled', body['enabled'])
project_id = kwargs.get('project_id', body['project_id'])
+ if 'default_project_id' in body.keys():
+ default_project_id = kwargs.get('default_project_id',
+ body['default_project_id'])
+ else:
+ default_project_id = kwargs.get('default_project_id')
description = kwargs.get('description', body['description'])
domain_id = kwargs.get('domain_id', body['domain_id'])
post_body = {
@@ -64,6 +71,7 @@
'email': email,
'enabled': en,
'project_id': project_id,
+ 'default_project_id': default_project_id,
'id': user_id,
'domain_id': domain_id,
'description': description
diff --git a/tempest/services/image/v1/json/image_client.py b/tempest/services/image/v1/json/image_client.py
index d0d32e5..d60c9d9 100644
--- a/tempest/services/image/v1/json/image_client.py
+++ b/tempest/services/image/v1/json/image_client.py
@@ -106,9 +106,10 @@
def _get_http(self):
dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
return glance_http.HTTPClient(auth_provider=self.auth_provider,
filters=self.filters,
- insecure=dscv)
+ insecure=dscv, ca_certs=ca_certs)
def _create_with_data(self, headers, data):
resp, body_iter = self.http.raw_request('POST', '/v1/images',
diff --git a/tempest/services/image/v2/json/image_client.py b/tempest/services/image/v2/json/image_client.py
index 4865073..7421508 100644
--- a/tempest/services/image/v2/json/image_client.py
+++ b/tempest/services/image/v2/json/image_client.py
@@ -35,9 +35,10 @@
def _get_http(self):
dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
return glance_http.HTTPClient(auth_provider=self.auth_provider,
filters=self.filters,
- insecure=dscv)
+ insecure=dscv, ca_certs=ca_certs)
def _validate_schema(self, body, type='image'):
if type in ['image', 'images']:
diff --git a/tempest/services/object_storage/account_client.py b/tempest/services/object_storage/account_client.py
index 4417e3b..a2044ef 100644
--- a/tempest/services/object_storage/account_client.py
+++ b/tempest/services/object_storage/account_client.py
@@ -181,7 +181,11 @@
def request(self, method, url, extra_headers=False, headers=None,
body=None):
"""A simple HTTP request interface."""
- self.http_obj = http.ClosingHttp()
+ dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
+ self.http_obj = http.ClosingHttp(
+ disable_ssl_certificate_validation=dscv,
+ ca_certs=ca_certs)
if headers is None:
headers = {}
elif extra_headers:
diff --git a/tempest/services/object_storage/object_client.py b/tempest/services/object_storage/object_client.py
index 2231407..7a69fa8 100644
--- a/tempest/services/object_storage/object_client.py
+++ b/tempest/services/object_storage/object_client.py
@@ -197,8 +197,10 @@
body=None):
"""A simple HTTP request interface."""
dscv = CONF.identity.disable_ssl_certificate_validation
+ ca_certs = CONF.identity.ca_certificates_file
self.http_obj = http.ClosingHttp(
- disable_ssl_certificate_validation=dscv)
+ disable_ssl_certificate_validation=dscv,
+ ca_certs=ca_certs)
if headers is None:
headers = {}
elif extra_headers: