Remove auth_version config from get_credentials
In preparation for migration to tempest-lib, add a new parameter
to get_credentials to specify the identity version.
Define a wrapper cred_provider.get_credentials that exposes
the same signature auth.get_credetials use to have, and switch
all consumers to use the cred_provider version.
Do not raise InvalidConfiguration from auth module.
Adapt unit tests accordingly, and remove their dependency to
fake configs, to prepare them as well for migration to tempest-lib.
Change-Id: Idd467166b7547b55be4cee076c9913c72b7b5a8d
diff --git a/tempest/api/identity/admin/v3/test_trusts.py b/tempest/api/identity/admin/v3/test_trusts.py
index cd28e96..76124e0 100644
--- a/tempest/api/identity/admin/v3/test_trusts.py
+++ b/tempest/api/identity/admin/v3/test_trusts.py
@@ -14,8 +14,8 @@
import re
from tempest.api.identity import base
-from tempest import auth
from tempest import clients
+from tempest.common import cred_provider
from tempest.common.utils import data_utils
from tempest import config
from tempest import exceptions
@@ -87,7 +87,7 @@
self.assertIsNotNone(self.trustee_user_id)
# Initialize a new client with the trustor credentials
- creds = auth.get_credentials(
+ creds = cred_provider.get_credentials(
username=self.trustor_username,
password=self.trustor_password,
tenant_name=self.trustor_project_name)
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 08bfd4f..b2d96fb 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -14,8 +14,8 @@
# under the License.
-from tempest import auth
from tempest import clients
+from tempest.common import cred_provider
from tempest.common.utils import data_utils
from tempest import config
from tempest import exceptions
@@ -149,11 +149,11 @@
@property
def test_credentials(self):
- return auth.get_credentials(username=self.test_user,
- user_id=self.user['id'],
- password=self.test_password,
- tenant_name=self.test_tenant,
- tenant_id=self.tenant['id'])
+ return cred_provider.get_credentials(username=self.test_user,
+ user_id=self.user['id'],
+ password=self.test_password,
+ tenant_name=self.test_tenant,
+ tenant_id=self.tenant['id'])
def setup_test_user(self):
"""Set up a test user."""
diff --git a/tempest/auth.py b/tempest/auth.py
index 5820893..9645a2e 100644
--- a/tempest/auth.py
+++ b/tempest/auth.py
@@ -44,7 +44,6 @@
:param interface: 'json' or 'xml'. Applicable for tempest client only
(deprecated: only json now supported)
"""
- credentials = self._convert_credentials(credentials)
if self.check_credentials(credentials):
self.credentials = credentials
else:
@@ -54,13 +53,6 @@
self.alt_auth_data = None
self.alt_part = None
- def _convert_credentials(self, credentials):
- # Support dict credentials for backwards compatibility
- if isinstance(credentials, dict):
- return get_credentials(**credentials)
- else:
- return credentials
-
def __str__(self):
return "Creds :{creds}, interface: {interface}, " \
"cached auth data: {cache}".format(
@@ -440,7 +432,11 @@
datetime.datetime.utcnow()
-def get_credentials(fill_in=True, **kwargs):
+def is_identity_version_supported(identity_version):
+ return identity_version in IDENTITY_VERSION
+
+
+def get_credentials(fill_in=True, identity_version='v2', **kwargs):
"""
Builds a credentials object based on the configured auth_version
@@ -448,6 +444,8 @@
details provided by the identity service. When fill_in is not
specified, credentials are not validated. Validation can be invoked
by invoking ``is_valid()``
+ :param identity_version (string): identity API version is used to
+ select the matching auth provider and credentials class
:param kwargs (dict): Dict of credential key/value pairs
Examples:
@@ -458,14 +456,13 @@
Returns credentials including IDs:
>>> get_credentials(username='foo', password='bar', fill_in=True)
"""
- if CONF.identity.auth_version == 'v2':
- credential_class = KeystoneV2Credentials
- auth_provider_class = KeystoneV2AuthProvider
- elif CONF.identity.auth_version == 'v3':
- credential_class = KeystoneV3Credentials
- auth_provider_class = KeystoneV3AuthProvider
- else:
- raise exceptions.InvalidConfiguration('Unsupported auth version')
+ if not is_identity_version_supported(identity_version):
+ raise exceptions.InvalidIdentityVersion(
+ identity_version=identity_version)
+
+ credential_class, auth_provider_class = IDENTITY_VERSION.get(
+ identity_version)
+
creds = credential_class(**kwargs)
# Fill in the credentials fields that were not specified
if fill_in:
@@ -638,3 +635,7 @@
self.project_id is not None,
self.project_name is not None and valid_project_domain])
return all([self.password is not None, valid_user, valid_project])
+
+
+IDENTITY_VERSION = {'v2': (KeystoneV2Credentials, KeystoneV2AuthProvider),
+ 'v3': (KeystoneV3Credentials, KeystoneV3AuthProvider)}
diff --git a/tempest/cmd/cleanup.py b/tempest/cmd/cleanup.py
index 28992b9..c52704a 100755
--- a/tempest/cmd/cleanup.py
+++ b/tempest/cmd/cleanup.py
@@ -54,9 +54,9 @@
import json
import sys
-from tempest import auth
from tempest import clients
from tempest.cmd import cleanup_service
+from tempest.common import cred_provider
from tempest import config
from tempest.openstack.common import log as logging
@@ -159,7 +159,8 @@
kwargs = {"username": CONF.identity.admin_username,
"password": CONF.identity.admin_password,
"tenant_name": tenant['name']}
- mgr = clients.Manager(credentials=auth.get_credentials(**kwargs))
+ mgr = clients.Manager(credentials=cred_provider.get_credentials(
+ **kwargs))
kwargs = {'data': tenant_data,
'is_dry_run': is_dry_run,
'saved_state_json': None,
diff --git a/tempest/common/accounts.py b/tempest/common/accounts.py
index 35a1f86..dd8d498 100644
--- a/tempest/common/accounts.py
+++ b/tempest/common/accounts.py
@@ -17,7 +17,6 @@
import yaml
-from tempest import auth
from tempest.common import cred_provider
from tempest import config
from tempest import exceptions
@@ -123,7 +122,7 @@
if self.isolated_creds.get('primary'):
return self.isolated_creds.get('primary')
creds = self._get_creds()
- primary_credential = auth.get_credentials(**creds)
+ primary_credential = cred_provider.get_credentials(**creds)
self.isolated_creds['primary'] = primary_credential
return primary_credential
@@ -131,7 +130,7 @@
if self.isolated_creds.get('alt'):
return self.isolated_creds.get('alt')
creds = self._get_creds()
- alt_credential = auth.get_credentials(**creds)
+ alt_credential = cred_provider.get_credentials(**creds)
self.isolated_creds['alt'] = alt_credential
return alt_credential
@@ -189,7 +188,7 @@
return self.isolated_creds.get('primary')
if not self.use_default_creds:
creds = self.get_creds(0)
- primary_credential = auth.get_credentials(**creds)
+ primary_credential = cred_provider.get_credentials(**creds)
else:
primary_credential = cred_provider.get_configured_credentials(
'user')
@@ -201,7 +200,7 @@
return self.isolated_creds.get('alt')
if not self.use_default_creds:
creds = self.get_creds(1)
- alt_credential = auth.get_credentials(**creds)
+ alt_credential = cred_provider.get_credentials(**creds)
else:
alt_credential = cred_provider.get_configured_credentials(
'alt_user')
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index 07fd03f..b9ca3aa 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -56,7 +56,7 @@
params[attr] = getattr(_section, prefix + "_" + attr)
# Build and validate credentials. We are reading configured credentials,
# so validate them even if fill_in is False
- credentials = auth.get_credentials(fill_in=fill_in, **params)
+ credentials = get_credentials(fill_in=fill_in, **params)
if not fill_in:
if not credentials.is_valid():
msg = ("The %s credentials are incorrectly set in the config file."
@@ -66,6 +66,15 @@
return credentials
+# Wrapper around auth.get_credentials to use the configured identity version
+# is none is specified
+def get_credentials(fill_in=True, identity_version=None, **kwargs):
+ identity_version = identity_version or CONF.identity.auth_version
+ return auth.get_credentials(fill_in=fill_in,
+ identity_version=identity_version,
+ **kwargs)
+
+
@six.add_metaclass(abc.ABCMeta)
class CredentialProvider(object):
def __init__(self, name, interface='json', password='pass',
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index a663931..7d89cc5 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -14,7 +14,6 @@
import netaddr
-from tempest import auth
from tempest import clients
from tempest.common import cred_provider
from tempest.common.utils import data_utils
@@ -129,7 +128,7 @@
return self._get_credentials(user, tenant)
def _get_credentials(self, user, tenant):
- return auth.get_credentials(
+ return cred_provider.get_credentials(
username=user['name'], user_id=user['id'],
tenant_name=tenant['name'], tenant_id=tenant['id'],
password=self.password)
diff --git a/tempest/exceptions.py b/tempest/exceptions.py
index 7ddeeff..6f57955 100644
--- a/tempest/exceptions.py
+++ b/tempest/exceptions.py
@@ -63,6 +63,10 @@
message = "Invalid service tag"
+class InvalidIdentityVersion(TempestException):
+ message = "Invalid version %(identity_version) of the identity service"
+
+
class TimeoutException(TempestException):
message = "Request timed out"
diff --git a/tempest/stress/driver.py b/tempest/stress/driver.py
index 49fac3d..1c27815 100644
--- a/tempest/stress/driver.py
+++ b/tempest/stress/driver.py
@@ -19,8 +19,8 @@
from six import moves
-from tempest import auth
from tempest import clients
+from tempest.common import cred_provider
from tempest.common import ssh
from tempest.common.utils import data_utils
from tempest import config
@@ -148,9 +148,9 @@
password,
tenant['id'],
"email")
- creds = auth.get_credentials(username=username,
- password=password,
- tenant_name=tenant_name)
+ creds = cred_provider.get_credentials(username=username,
+ password=password,
+ tenant_name=tenant_name)
manager = clients.Manager(credentials=creds)
test_obj = importutils.import_class(test['action'])
diff --git a/tempest/tests/test_auth.py b/tempest/tests/test_auth.py
index 785880d..0317ad6 100644
--- a/tempest/tests/test_auth.py
+++ b/tempest/tests/test_auth.py
@@ -30,7 +30,7 @@
from tempest.tests import fake_identity
-def fake_get_credentials(fill_in=True, **kwargs):
+def fake_get_credentials(fill_in=True, identity_version='v2', **kwargs):
return fake_credentials.FakeCredentials()
@@ -81,11 +81,6 @@
def test_check_credentials_bad_type(self):
self.assertFalse(self.auth_provider.check_credentials([]))
- def test_instantiate_with_dict(self):
- # Dict credentials are only supported for backward compatibility
- auth_provider = self._auth(credentials={})
- self.assertIsInstance(auth_provider.credentials, auth.Credentials)
-
def test_auth_data_property_when_cache_exists(self):
self.auth_provider.cache = 'foo'
self.useFixture(mockpatch.PatchObject(self.auth_provider,
diff --git a/tempest/tests/test_credentials.py b/tempest/tests/test_credentials.py
index 3d0e171..7621f6e 100644
--- a/tempest/tests/test_credentials.py
+++ b/tempest/tests/test_credentials.py
@@ -15,8 +15,6 @@
import copy
-from oslo.config import cfg
-
from tempest import auth
from tempest.common import tempest_fixtures as fixtures
from tempest import config
@@ -78,6 +76,7 @@
identity_response = fake_identity._fake_v2_response
credentials_class = auth.KeystoneV2Credentials
tokenclient_class = v2_client.TokenClientJSON
+ identity_version = 'v2'
def setUp(self):
super(KeystoneV2CredentialsTests, self).setUp()
@@ -85,7 +84,9 @@
self.identity_response)
def _verify_credentials(self, credentials_class, creds_dict, filled=True):
- creds = auth.get_credentials(fill_in=filled, **creds_dict)
+ creds = auth.get_credentials(fill_in=filled,
+ identity_version=self.identity_version,
+ **creds_dict)
self._check(creds, credentials_class, filled)
def test_get_credentials(self):
@@ -156,15 +157,7 @@
credentials_class = auth.KeystoneV3Credentials
identity_response = fake_identity._fake_v3_response
tokenclient_class = v3_client.V3TokenClientJSON
-
- def setUp(self):
- super(KeystoneV3CredentialsTests, self).setUp()
- # Additional config items reset by cfg fixture after each test
- cfg.CONF.set_default('auth_version', 'v3', group='identity')
- # Identity group items
- for prefix in ['', 'alt_', 'admin_']:
- cfg.CONF.set_default(prefix + 'domain_name', 'fake_domain_name',
- group='identity')
+ identity_version = 'v3'
def test_is_not_valid(self):
# NOTE(mtreinish) For a Keystone V3 credential object a project name