Merge "Fixing spelling error in the message when test is skipped"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 0246488..2a35aff 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -873,6 +873,9 @@
# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
+# Role required for users to be able to manage stacks (string value)
+#stack_owner_role = heat_stack_owner
+
# Time in seconds between build status checks. (integer value)
#build_interval = 1
diff --git a/requirements.txt b/requirements.txt
index 56796d8..e6fc09b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,6 @@
netaddr>=0.7.12
python-ceilometerclient>=1.0.6
python-glanceclient>=0.15.0
-python-keystoneclient>=1.1.0
python-cinderclient>=1.1.0
python-heatclient>=0.3.0
python-ironicclient>=0.2.1
diff --git a/tempest/api/baremetal/admin/base.py b/tempest/api/baremetal/admin/base.py
index 2834b2b..cf2484d 100644
--- a/tempest/api/baremetal/admin/base.py
+++ b/tempest/api/baremetal/admin/base.py
@@ -16,6 +16,7 @@
from tempest_lib import exceptions as lib_exc
from tempest import clients
+from tempest.common import credentials
from tempest import config
from tempest import test
@@ -69,7 +70,11 @@
@classmethod
def setup_credentials(cls):
super(BaseBaremetalTest, cls).setup_credentials()
- cls.mgr = clients.AdminManager()
+ if (not hasattr(cls, 'isolated_creds') or
+ not cls.isolated_creds.name == cls.__name__):
+ cls.isolated_creds = credentials.get_isolated_credentials(
+ name=cls.__name__, network_resources=cls.network_resources)
+ cls.mgr = clients.Manager(cls.isolated_creds.get_admin_creds())
@classmethod
def setup_clients(cls):
diff --git a/tempest/api/data_processing/base.py b/tempest/api/data_processing/base.py
index 5992921..d91fbaa 100644
--- a/tempest/api/data_processing/base.py
+++ b/tempest/api/data_processing/base.py
@@ -66,7 +66,6 @@
cls.client.delete_job_binary_internal)
cls.cleanup_resources(getattr(cls, '_data_sources', []),
cls.client.delete_data_source)
- cls.clear_isolated_creds()
super(BaseDataProcessingTest, cls).resource_cleanup()
@staticmethod
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 543dea1..882ef98 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -31,8 +31,8 @@
@classmethod
def setup_credentials(cls):
super(BaseIdentityAdminTest, cls).setup_credentials()
- cls.os_adm = clients.AdminManager()
- cls.os = clients.Manager()
+ cls.os = cls.get_client_manager()
+ cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
@classmethod
def disable_user(cls, user_name):
diff --git a/tempest/api/image/base.py b/tempest/api/image/base.py
index 728d077..d513b0c 100644
--- a/tempest/api/image/base.py
+++ b/tempest/api/image/base.py
@@ -61,7 +61,6 @@
for image_id in cls.created_images:
cls.client.wait_for_resource_deletion(image_id)
- cls.isolated_creds.clear_isolated_creds()
super(BaseImageTest, cls).resource_cleanup()
@classmethod
diff --git a/tempest/api/network/base.py b/tempest/api/network/base.py
index e057bb8..cc2d21a 100644
--- a/tempest/api/network/base.py
+++ b/tempest/api/network/base.py
@@ -157,7 +157,6 @@
for network in cls.networks:
cls._try_delete_resource(cls.client.delete_network,
network['id'])
- cls.clear_isolated_creds()
super(BaseNetworkTest, cls).resource_cleanup()
@classmethod
diff --git a/tempest/api/object_storage/base.py b/tempest/api/object_storage/base.py
index f75f4c8..c8697e1 100644
--- a/tempest/api/object_storage/base.py
+++ b/tempest/api/object_storage/base.py
@@ -67,11 +67,6 @@
cls.account_client.auth_provider.clear_auth()
@classmethod
- def resource_cleanup(cls):
- cls.isolated_creds.clear_isolated_creds()
- super(BaseObjectTest, cls).resource_cleanup()
-
- @classmethod
def delete_containers(cls, containers, container_client=None,
object_client=None):
"""Remove given containers and all objects in them.
diff --git a/tempest/api/orchestration/base.py b/tempest/api/orchestration/base.py
index 1877bbf..59fdec0 100644
--- a/tempest/api/orchestration/base.py
+++ b/tempest/api/orchestration/base.py
@@ -18,6 +18,7 @@
import yaml
from tempest import clients
+from tempest.common import credentials
from tempest import config
import tempest.test
@@ -38,7 +39,19 @@
@classmethod
def setup_credentials(cls):
super(BaseOrchestrationTest, cls).setup_credentials()
- cls.os = clients.Manager()
+ if (not hasattr(cls, 'isolated_creds') or
+ not cls.isolated_creds.name == cls.__name__):
+ cls.isolated_creds = credentials.get_isolated_credentials(
+ name=cls.__name__, network_resources=cls.network_resources)
+ stack_owner_role = CONF.orchestration.stack_owner_role
+ if not cls.isolated_creds.is_role_available(stack_owner_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, stack_owner_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+ [stack_owner_role]))
@classmethod
def setup_clients(cls):
@@ -70,7 +83,7 @@
@classmethod
def _get_identity_admin_client(cls):
"""Returns an instance of the Identity Admin API client."""
- manager = clients.AdminManager()
+ manager = clients.Manager(cls.isolated_creds.get_admin_creds())
admin_client = manager.identity_client
return admin_client
diff --git a/tempest/api/telemetry/base.py b/tempest/api/telemetry/base.py
index 336e2d4..ed719c2 100644
--- a/tempest/api/telemetry/base.py
+++ b/tempest/api/telemetry/base.py
@@ -101,7 +101,6 @@
cls.cleanup_resources(cls.telemetry_client.delete_alarm, cls.alarm_ids)
cls.cleanup_resources(cls.servers_client.delete_server, cls.server_ids)
cls.cleanup_resources(cls.image_client.delete_image, cls.image_ids)
- cls.clear_isolated_creds()
super(BaseTelemetryTest, cls).resource_cleanup()
def await_samples(self, metric, query):
diff --git a/tempest/api/volume/base.py b/tempest/api/volume/base.py
index 8f3f1a3..157bd44 100644
--- a/tempest/api/volume/base.py
+++ b/tempest/api/volume/base.py
@@ -102,7 +102,6 @@
def resource_cleanup(cls):
cls.clear_snapshots()
cls.clear_volumes()
- cls.clear_isolated_creds()
super(BaseVolumeTest, cls).resource_cleanup()
@classmethod
diff --git a/tempest/config.py b/tempest/config.py
index c459d76..119de0e 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -690,6 +690,8 @@
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
help="The endpoint type to use for the orchestration service."),
+ cfg.StrOpt('stack_owner_role', default='heat_stack_owner',
+ help='Role required for users to be able to manage stacks'),
cfg.IntOpt('build_interval',
default=1,
help="Time in seconds between build status checks."),
@@ -1199,7 +1201,6 @@
_path = None
_extra_log_defaults = [
- ('keystoneclient.session', std_logging.INFO),
('paramiko.transport', std_logging.INFO),
('requests.packages.urllib3.connectionpool', std_logging.WARN),
]
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 81e771c..f8cc17c 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -14,7 +14,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-import os
import subprocess
import netaddr
@@ -24,7 +23,6 @@
from tempest_lib import exceptions as lib_exc
from tempest import clients
-from tempest.common import cred_provider
from tempest.common import credentials
from tempest.common.utils.linux import remote_client
from tempest import config
@@ -50,7 +48,6 @@
cls.manager = clients.Manager(
credentials=cls.credentials()
)
- cls.admin_manager = clients.Manager(cls.admin_credentials())
@classmethod
def setup_clients(cls):
@@ -63,7 +60,6 @@
# Compute image client
cls.images_client = cls.manager.images_client
cls.keypairs_client = cls.manager.keypairs_client
- cls.networks_client = cls.admin_manager.networks_client
# Nova security groups client
cls.security_groups_client = cls.manager.security_groups_client
cls.servers_client = cls.manager.servers_client
@@ -542,6 +538,14 @@
super(NetworkScenarioTest, cls).skip_checks()
if not CONF.service_available.neutron:
raise cls.skipException('Neutron not available')
+ if not credentials.is_admin_available():
+ msg = ("Missing Identity Admin API credentials in configuration.")
+ raise cls.skipException(msg)
+
+ @classmethod
+ def setup_credentials(cls):
+ super(NetworkScenarioTest, cls).setup_credentials()
+ cls.admin_manager = clients.Manager(cls.admin_credentials())
@classmethod
def resource_setup(cls):
@@ -1283,9 +1287,17 @@
"""
@classmethod
+ def skip_checks(cls):
+ super(EncryptionScenarioTest, cls).skip_checks()
+ if not credentials.is_admin_available():
+ msg = ("Missing Identity Admin API credentials in configuration.")
+ raise cls.skipException(msg)
+
+ @classmethod
def setup_clients(cls):
super(EncryptionScenarioTest, cls).setup_clients()
- cls.admin_volume_types_client = cls.admin_manager.volume_types_client
+ admin_manager = clients.Manager(cls.admin_credentials())
+ cls.admin_volume_types_client = admin_manager.volume_types_client
def _wait_for_volume_status(self, status):
self.status_timeout(
@@ -1324,49 +1336,6 @@
control_location=control_location)
-class OrchestrationScenarioTest(ScenarioTest):
- """
- Base class for orchestration scenario tests
- """
-
- @classmethod
- def skip_checks(cls):
- super(OrchestrationScenarioTest, cls).skip_checks()
- if not CONF.service_available.heat:
- raise cls.skipException("Heat support is required")
-
- @classmethod
- def credentials(cls):
- admin_creds = cred_provider.get_configured_credentials(
- 'identity_admin')
- creds = cred_provider.get_configured_credentials('user')
- admin_creds.tenant_name = creds.tenant_name
- return admin_creds
-
- def _load_template(self, base_file, file_name):
- filepath = os.path.join(os.path.dirname(os.path.realpath(base_file)),
- file_name)
- with open(filepath) as f:
- return f.read()
-
- @classmethod
- def _stack_rand_name(cls):
- return data_utils.rand_name(cls.__name__ + '-')
-
- @classmethod
- def _get_default_network(cls):
- networks = cls.networks_client.list_networks()
- for net in networks:
- if net['label'] == CONF.compute.fixed_network_name:
- return net
-
- @staticmethod
- def _stack_output(stack, output_key):
- """Return a stack output value for a given key."""
- return next((o['output_value'] for o in stack['outputs']
- if o['output_key'] == output_key), None)
-
-
class SwiftScenarioTest(ScenarioTest):
"""
Provide harness to do Swift scenario tests.
diff --git a/tempest/tests/test_auth.py b/tempest/tests/test_auth.py
index f54ff4f..eb63b30 100644
--- a/tempest/tests/test_auth.py
+++ b/tempest/tests/test_auth.py
@@ -19,12 +19,10 @@
from oslotest import mockpatch
from tempest import auth
-from tempest import config
from tempest import exceptions
from tempest.services.identity.v2.json import token_client as v2_client
from tempest.services.identity.v3.json import token_client as v3_client
from tempest.tests import base
-from tempest.tests import fake_config
from tempest.tests import fake_credentials
from tempest.tests import fake_http
from tempest.tests import fake_identity
@@ -46,8 +44,6 @@
def setUp(self):
super(BaseAuthTestsSetUp, self).setUp()
- self.useFixture(fake_config.ConfigFixture())
- self.stubs.Set(config, 'TempestConfigPrivate', fake_config.FakePrivate)
self.fake_http = fake_http.fake_httplib2(return_type=200)
self.stubs.Set(auth, 'get_credentials', fake_get_credentials)
self.auth_provider = self._auth(self.credentials,
diff --git a/tempest/thirdparty/boto/test.py b/tempest/thirdparty/boto/test.py
index 90d0838..cd35e7f 100644
--- a/tempest/thirdparty/boto/test.py
+++ b/tempest/thirdparty/boto/test.py
@@ -23,7 +23,6 @@
from boto import ec2
from boto import exception
from boto import s3
-import keystoneclient.exceptions
from oslo_log import log as logging
import six
@@ -83,7 +82,7 @@
except lib_exc.Unauthorized:
EC2_CAN_CONNECT_ERROR = "AWS credentials not set," +\
- " failed to get them even by keystoneclient"
+ " also failed to get it from keystone"
except Exception as exc:
EC2_CAN_CONNECT_ERROR = str(exc)
@@ -98,7 +97,7 @@
_cred_sub_check(s3client.connection_data)
except Exception as exc:
S3_CAN_CONNECT_ERROR = str(exc)
- except keystoneclient.exceptions.Unauthorized:
+ except lib_exc.Unauthorized:
S3_CAN_CONNECT_ERROR = "AWS credentials not set," +\
" failed to get them even by keystoneclient"
boto_logger.logger.setLevel(level)
@@ -280,7 +279,6 @@
LOG.exception("Cleanup failed %s" % func_name)
finally:
del cls._resource_trash_bin[key]
- cls.clear_isolated_creds()
super(BotoTestCase, cls).resource_cleanup()
# NOTE(afazekas): let the super called even on exceptions
# The real exceptions already logged, if the super throws another,