Merge "Use invalid id with rand string instead of special char"
diff --git a/releasenotes/notes/deprecate-allow_port_security_disabled-option-2d3d87f6bd11d03a.yaml b/releasenotes/notes/deprecate-allow_port_security_disabled-option-2d3d87f6bd11d03a.yaml
new file mode 100644
index 0000000..4acdc6d
--- /dev/null
+++ b/releasenotes/notes/deprecate-allow_port_security_disabled-option-2d3d87f6bd11d03a.yaml
@@ -0,0 +1,8 @@
+---
+upgrade:
+ - The default value for the ``allow_port_security_disabled`` option in the
+ ``compute-feature-enabled`` section has been changed from ``False``
+ to ``True``.
+deprecations:
+ - The ``allow_port_security_disabled`` option in the
+ ``compute-feature-enabled`` section is now deprecated.
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 14bf4f8..9515788 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -105,6 +105,15 @@
credentials = ['primary', 'admin']
+ # NOTE(andreaf) Identity tests work with credentials, so it is safer
+ # for them to always use disposable credentials. Forcing dynamic creds
+ # on regular identity tests would be however to restrictive, since it
+ # would prevent any identity test from being executed against clouds where
+ # admin credentials are not available.
+ # Since All admin tests require admin credentials to be
+ # executed, so this will not impact the ability to execute tests.
+ force_tenant_isolation = True
+
@classmethod
def setup_clients(cls):
super(BaseIdentityV2AdminTest, cls).setup_clients()
@@ -165,6 +174,15 @@
credentials = ['primary', 'admin']
+ # NOTE(andreaf) Identity tests work with credentials, so it is safer
+ # for them to always use disposable credentials. Forcing dynamic creds
+ # on regular identity tests would be however to restrictive, since it
+ # would prevent any identity test from being executed against clouds where
+ # admin credentials are not available.
+ # Since All admin tests require admin credentials to be
+ # executed, so this will not impact the ability to execute tests.
+ force_tenant_isolation = True
+
@classmethod
def setup_clients(cls):
super(BaseIdentityV3AdminTest, cls).setup_clients()
diff --git a/tempest/clients.py b/tempest/clients.py
index 8093a72..8d30aaa 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -19,7 +19,6 @@
from tempest.lib import auth
from tempest.lib import exceptions as lib_exc
from tempest.lib.services import clients
-from tempest.lib.services import identity
from tempest.services import object_storage
from tempest.services import orchestration
@@ -237,15 +236,15 @@
# API version is marked as enabled
if CONF.identity_feature_enabled.api_v2:
if CONF.identity.uri:
- self.token_client = identity.v2.TokenClient(
- CONF.identity.uri, **self.default_params)
+ self.token_client = self.identity_v2.TokenClient(
+ auth_url=CONF.identity.uri)
else:
msg = 'Identity v2 API enabled, but no identity.uri set'
raise lib_exc.InvalidConfiguration(msg)
if CONF.identity_feature_enabled.api_v3:
if CONF.identity.uri_v3:
- self.token_v3_client = identity.v3.V3TokenClient(
- CONF.identity.uri_v3, **self.default_params)
+ self.token_v3_client = self.identity_v3.V3TokenClient(
+ auth_url=CONF.identity.uri_v3)
else:
msg = 'Identity v3 API enabled, but no identity.uri_v3 set'
raise lib_exc.InvalidConfiguration(msg)
diff --git a/tempest/config.py b/tempest/config.py
index 4162718..68f2667 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -332,9 +332,12 @@
# NOTE(mriedem): This is a feature toggle for bug 1175464 which is fixed in
# mitaka and newton. This option can be removed after liberty-eol.
cfg.BoolOpt('allow_port_security_disabled',
- default=False,
+ default=True,
help='Does the test environment support creating ports in a '
- 'network where port security is disabled?'),
+ 'network where port security is disabled?',
+ deprecated_for_removal=True,
+ deprecated_reason='This config switch was added for Liberty '
+ 'which is not supported anymore.'),
cfg.BoolOpt('disk_config',
default=True,
help="If false, skip disk config tests"),
diff --git a/tempest/lib/services/clients.py b/tempest/lib/services/clients.py
index 262a894..ec0aaff 100644
--- a/tempest/lib/services/clients.py
+++ b/tempest/lib/services/clients.py
@@ -279,7 +279,7 @@
a dictionary ready to be injected in kwargs.
Exceptions are:
- - Token clients for 'identity' have a very different interface
+ - Token clients for 'identity' must be given an 'auth_url' parameter
- Volume client for 'volume' accepts 'default_volume_size'
- Servers client from 'compute' accepts 'enable_instance_password'
diff --git a/tempest/lib/services/identity/v2/token_client.py b/tempest/lib/services/identity/v2/token_client.py
index c4fd483..458c862 100644
--- a/tempest/lib/services/identity/v2/token_client.py
+++ b/tempest/lib/services/identity/v2/token_client.py
@@ -23,7 +23,22 @@
def __init__(self, auth_url, disable_ssl_certificate_validation=None,
ca_certs=None, trace_requests=None, **kwargs):
+ """Initialises the Token client
+
+ :param auth_url: URL to which the token request is sent
+ :param disable_ssl_certificate_validation: pass-through to rest client
+ :param ca_certs: pass-through to rest client
+ :param trace_requests: pass-through to rest client
+ :param kwargs: any extra parameter to pass through the rest client.
+ region, service and auth_provider will be ignored, if passed,
+ as they are not meaningful for token client
+ """
dscv = disable_ssl_certificate_validation
+ # NOTE(andreaf) region, service and auth_provider are passed
+ # positionally with None. Having them in kwargs would raise a
+ # "multiple values for keyword arguments" error
+ for unwanted_kwargs in ['region', 'service', 'auth_provider']:
+ kwargs.pop(unwanted_kwargs, None)
super(TokenClient, self).__init__(
None, None, None, disable_ssl_certificate_validation=dscv,
ca_certs=ca_certs, trace_requests=trace_requests, **kwargs)
diff --git a/tempest/lib/services/identity/v3/token_client.py b/tempest/lib/services/identity/v3/token_client.py
index 06927f4..33f6f16 100644
--- a/tempest/lib/services/identity/v3/token_client.py
+++ b/tempest/lib/services/identity/v3/token_client.py
@@ -23,7 +23,19 @@
def __init__(self, auth_url, disable_ssl_certificate_validation=None,
ca_certs=None, trace_requests=None, **kwargs):
+ """Initialises the Token client
+
+ :param auth_url: URL to which the token request is sent
+ :param disable_ssl_certificate_validation: pass-through to rest client
+ :param ca_certs: pass-through to rest client
+ :param trace_requests: pass-through to rest client
+ :param kwargs: any extra parameter to pass through the rest client.
+ Three kwargs are forbidden: region, service and auth_provider
+ as they are not meaningful for token client
+ """
dscv = disable_ssl_certificate_validation
+ for unwanted_kwargs in ['region', 'service', 'auth_provider']:
+ kwargs.pop(unwanted_kwargs, None)
super(V3TokenClient, self).__init__(
None, None, None, disable_ssl_certificate_validation=dscv,
ca_certs=ca_certs, trace_requests=trace_requests, **kwargs)