Merge "Add check user access in test_remove_member"
diff --git a/tempest/api/object_storage/base.py b/tempest/api/object_storage/base.py
index eb313d2..535137e 100644
--- a/tempest/api/object_storage/base.py
+++ b/tempest/api/object_storage/base.py
@@ -25,6 +25,38 @@
CONF = config.CONF
+def delete_containers(containers, container_client, object_client):
+ """Remove containers and all objects in them.
+
+ The containers should be visible from the container_client given.
+ Will not throw any error if the containers don't exist.
+ Will not check that object and container deletions succeed.
+ After delete all the objects from a container, it will wait 2
+ seconds before delete the container itself, in order to deployments
+ using HA proxy sync the deletion properly, otherwise, the container
+ might fail to be deleted because it's not empty.
+
+ :param containers: List of containers to be deleted
+ :param container_client: Client to be used to delete containers
+ :param object_client: Client to be used to delete objects
+ """
+ for cont in containers:
+ try:
+ params = {'limit': 9999, 'format': 'json'}
+ resp, objlist = container_client.list_container_contents(
+ cont, params)
+ # delete every object in the container
+ for obj in objlist:
+ test_utils.call_and_ignore_notfound_exc(
+ object_client.delete_object, cont, obj['name'])
+ # sleep 2 seconds to sync the deletion of the objects
+ # in HA deployment
+ time.sleep(2)
+ container_client.delete_container(cont)
+ except lib_exc.NotFound:
+ pass
+
+
class BaseObjectTest(tempest.test.BaseTestCase):
credentials = [['operator', CONF.object_storage.operator_role]]
@@ -98,42 +130,12 @@
return object_name, data
@classmethod
- def delete_containers(cls, container_client=None,
- object_client=None):
- """Remove containers and all objects in them.
-
- The containers should be visible from the container_client given.
- Will not throw any error if the containers don't exist.
- Will not check that object and container deletions succeed.
- After delete all the objects from a container, it will wait 2
- seconds before delete the container itself, in order to deployments
- using HA proxy sync the deletion properly, otherwise, the container
- might fail to be deleted because it's not empty.
-
- :param container_client: if None, use cls.container_client, this means
- that the default testing user will be used (see 'username' in
- 'etc/tempest.conf')
- :param object_client: if None, use cls.object_client
- """
+ def delete_containers(cls, container_client=None, object_client=None):
if container_client is None:
container_client = cls.container_client
if object_client is None:
object_client = cls.object_client
- for cont in cls.containers:
- try:
- params = {'limit': 9999, 'format': 'json'}
- resp, objlist = container_client.list_container_contents(
- cont, params)
- # delete every object in the container
- for obj in objlist:
- test_utils.call_and_ignore_notfound_exc(
- object_client.delete_object, cont, obj['name'])
- # sleep 2 seconds to sync the deletion of the objects
- # in HA deployment
- time.sleep(2)
- container_client.delete_container(cont)
- except lib_exc.NotFound:
- pass
+ delete_containers(cls.containers, container_client, object_client)
def assertHeaders(self, resp, target, method):
"""Check the existence and the format of response headers"""
diff --git a/tempest/api/object_storage/test_account_bulk.py b/tempest/api/object_storage/test_account_bulk.py
index a75ed98..1eda49a 100644
--- a/tempest/api/object_storage/test_account_bulk.py
+++ b/tempest/api/object_storage/test_account_bulk.py
@@ -27,7 +27,10 @@
self.containers = []
def tearDown(self):
- self.delete_containers()
+ # NOTE(andreaf) BulkTests needs to cleanup containers after each
+ # test is executed.
+ base.delete_containers(self.containers, self.container_client,
+ self.object_client)
super(BulkTest, self).tearDown()
def _create_archive(self):
diff --git a/tempest/api/volume/base.py b/tempest/api/volume/base.py
index 9f522bd..a2b9964 100644
--- a/tempest/api/volume/base.py
+++ b/tempest/api/volume/base.py
@@ -200,16 +200,13 @@
@classmethod
def clear_snapshots(cls):
for snapshot in cls.snapshots:
- try:
- cls.snapshots_client.delete_snapshot(snapshot['id'])
- except Exception:
- pass
+ test_utils.call_and_ignore_notfound_exc(
+ cls.snapshots_client.delete_snapshot, snapshot['id'])
for snapshot in cls.snapshots:
- try:
- cls.snapshots_client.wait_for_resource_deletion(snapshot['id'])
- except Exception:
- pass
+ test_utils.call_and_ignore_notfound_exc(
+ cls.snapshots_client.wait_for_resource_deletion,
+ snapshot['id'])
def create_server(self, **kwargs):
name = kwargs.pop(
diff --git a/tempest/api/volume/test_volume_absolute_limits.py b/tempest/api/volume/test_volume_absolute_limits.py
index bc7694a..35e0d56 100644
--- a/tempest/api/volume/test_volume_absolute_limits.py
+++ b/tempest/api/volume/test_volume_absolute_limits.py
@@ -23,6 +23,9 @@
class AbsoluteLimitsV2Tests(base.BaseVolumeTest):
+ # avoid existing volumes of pre-defined tenant
+ force_tenant_isolation = True
+
@classmethod
def resource_setup(cls):
super(AbsoluteLimitsV2Tests, cls).resource_setup()
diff --git a/tempest/clients.py b/tempest/clients.py
index a0ee0c8..4092852 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-import copy
-
from oslo_log import log as logging
from tempest import config
@@ -186,67 +184,52 @@
**params_volume)
def _set_identity_clients(self):
- params = self.parameters['identity']
-
# Clients below use the admin endpoint type of Keystone API v2
- params_v2_admin = copy.copy(params)
- params_v2_admin['endpoint_type'] = CONF.identity.v2_admin_endpoint_type
- self.endpoints_client = identity.v2.EndpointsClient(self.auth_provider,
- **params_v2_admin)
- self.identity_client = identity.v2.IdentityClient(self.auth_provider,
- **params_v2_admin)
- self.tenants_client = identity.v2.TenantsClient(self.auth_provider,
- **params_v2_admin)
- self.roles_client = identity.v2.RolesClient(self.auth_provider,
- **params_v2_admin)
- self.users_client = identity.v2.UsersClient(self.auth_provider,
- **params_v2_admin)
- self.identity_services_client = identity.v2.ServicesClient(
- self.auth_provider, **params_v2_admin)
+ params_v2_admin = {
+ 'endpoint_type': CONF.identity.v2_admin_endpoint_type}
+ self.endpoints_client = self.identity_v2.EndpointsClient(
+ **params_v2_admin)
+ self.identity_client = self.identity_v2.IdentityClient(
+ **params_v2_admin)
+ self.tenants_client = self.identity_v2.TenantsClient(
+ **params_v2_admin)
+ self.roles_client = self.identity_v2.RolesClient(**params_v2_admin)
+ self.users_client = self.identity_v2.UsersClient(**params_v2_admin)
+ self.identity_services_client = self.identity_v2.ServicesClient(
+ **params_v2_admin)
# Clients below use the public endpoint type of Keystone API v2
- params_v2_public = copy.copy(params)
- params_v2_public['endpoint_type'] = (
- CONF.identity.v2_public_endpoint_type)
- self.identity_public_client = identity.v2.IdentityClient(
- self.auth_provider, **params_v2_public)
- self.tenants_public_client = identity.v2.TenantsClient(
- self.auth_provider, **params_v2_public)
- self.users_public_client = identity.v2.UsersClient(
- self.auth_provider, **params_v2_public)
+ params_v2_public = {
+ 'endpoint_type': CONF.identity.v2_public_endpoint_type}
+ self.identity_public_client = self.identity_v2.IdentityClient(
+ **params_v2_public)
+ self.tenants_public_client = self.identity_v2.TenantsClient(
+ **params_v2_public)
+ self.users_public_client = self.identity_v2.UsersClient(
+ **params_v2_public)
# Clients below use the endpoint type of Keystone API v3, which is set
# in endpoint_type
- params_v3 = copy.copy(params)
- params_v3['endpoint_type'] = CONF.identity.v3_endpoint_type
- self.domains_client = identity.v3.DomainsClient(self.auth_provider,
- **params_v3)
- self.identity_v3_client = identity.v3.IdentityClient(
- self.auth_provider, **params_v3)
- self.trusts_client = identity.v3.TrustsClient(self.auth_provider,
- **params_v3)
- self.users_v3_client = identity.v3.UsersClient(self.auth_provider,
- **params_v3)
- self.endpoints_v3_client = identity.v3.EndPointsClient(
- self.auth_provider, **params_v3)
- self.roles_v3_client = identity.v3.RolesClient(self.auth_provider,
- **params_v3)
- self.inherited_roles_client = identity.v3.InheritedRolesClient(
- self.auth_provider, **params_v3)
- self.role_assignments_client = identity.v3.RoleAssignmentsClient(
- self.auth_provider, **params_v3)
- self.identity_services_v3_client = identity.v3.ServicesClient(
- self.auth_provider, **params_v3)
- self.policies_client = identity.v3.PoliciesClient(self.auth_provider,
- **params_v3)
- self.projects_client = identity.v3.ProjectsClient(self.auth_provider,
- **params_v3)
- self.regions_client = identity.v3.RegionsClient(self.auth_provider,
- **params_v3)
- self.credentials_client = identity.v3.CredentialsClient(
- self.auth_provider, **params_v3)
- self.groups_client = identity.v3.GroupsClient(self.auth_provider,
- **params_v3)
+ params_v3 = {'endpoint_type': CONF.identity.v3_endpoint_type}
+ self.domains_client = self.identity_v3.DomainsClient(**params_v3)
+ self.identity_v3_client = self.identity_v3.IdentityClient(**params_v3)
+ self.trusts_client = self.identity_v3.TrustsClient(**params_v3)
+ self.users_v3_client = self.identity_v3.UsersClient(**params_v3)
+ self.endpoints_v3_client = self.identity_v3.EndPointsClient(
+ **params_v3)
+ self.roles_v3_client = self.identity_v3.RolesClient(**params_v3)
+ self.inherited_roles_client = self.identity_v3.InheritedRolesClient(
+ **params_v3)
+ self.role_assignments_client = self.identity_v3.RoleAssignmentsClient(
+ **params_v3)
+ self.identity_services_v3_client = self.identity_v3.ServicesClient(
+ **params_v3)
+ self.policies_client = self.identity_v3.PoliciesClient(**params_v3)
+ self.projects_client = self.identity_v3.ProjectsClient(**params_v3)
+ self.regions_client = self.identity_v3.RegionsClient(**params_v3)
+ self.credentials_client = self.identity_v3.CredentialsClient(
+ **params_v3)
+ self.groups_client = self.identity_v3.GroupsClient(**params_v3)
# Token clients do not use the catalog. They only need default_params.
# They read auth_url, so they should only be set if the corresponding
diff --git a/tempest/lib/services/clients.py b/tempest/lib/services/clients.py
index 0e8e3c6..56271f9 100644
--- a/tempest/lib/services/clients.py
+++ b/tempest/lib/services/clients.py
@@ -41,6 +41,7 @@
return {
'compute': compute,
'identity.v2': identity.v2,
+ 'identity.v3': identity.v3,
'image.v1': image.v1,
'image.v2': image.v2,
'network': network,
@@ -55,7 +56,7 @@
# NOTE(andreaf) This list will exists only as long the remain clients
# are migrated to tempest.lib, and it will then be deleted without
# deprecation or advance notice
- return set(['identity.v3', 'object-storage'])
+ return set(['object-storage'])
def available_modules():