Merge "Add 'Member' role to all created users"
diff --git a/tempest/api/object_storage/base.py b/tempest/api/object_storage/base.py
index 6b18182..ccc0067 100644
--- a/tempest/api/object_storage/base.py
+++ b/tempest/api/object_storage/base.py
@@ -44,9 +44,6 @@
cls.isolated_creds.get_admin_creds())
# Get isolated creds for alt user
cls.os_alt = clients.Manager(cls.isolated_creds.get_alt_creds())
- # Add isolated users to operator role so that they can create a
- # container in swift.
- cls._assign_member_role()
else:
cls.os = clients.Manager()
cls.os_admin = clients.AdminManager()
@@ -80,22 +77,6 @@
super(BaseObjectTest, cls).tearDownClass()
@classmethod
- def _assign_member_role(cls):
- primary_creds = cls.isolated_creds.get_primary_creds()
- alt_creds = cls.isolated_creds.get_alt_creds()
- swift_role = CONF.object_storage.operator_role
- try:
- resp, roles = cls.os_admin.identity_client.list_roles()
- role = next(r for r in roles if r['name'] == swift_role)
- except StopIteration:
- msg = "No role named %s found" % swift_role
- raise exceptions.NotFound(msg)
- for creds in [primary_creds, alt_creds]:
- cls.os_admin.identity_client.assign_user_role(creds.tenant_id,
- creds.user_id,
- role['id'])
-
- @classmethod
def delete_containers(cls, containers, container_client=None,
object_client=None):
"""Remove given containers and all objects in them.
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index b4618ed..8166de5 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -106,12 +106,23 @@
roles = self.identity_admin_client.roles.list()
return roles
- def _assign_user_role(self, tenant, user, role):
+ def _assign_user_role(self, tenant, user, role_name):
+ role = None
+ try:
+ roles = self._list_roles()
+ if self.tempest_client:
+ role = next(r for r in roles if r['name'] == role_name)
+ else:
+ role = next(r for r in roles if r.name == role_name)
+ except StopIteration:
+ msg = 'No "%s" role found' % role_name
+ raise exceptions.NotFound(msg)
if self.tempest_client:
- self.identity_admin_client.assign_user_role(tenant, user, role)
+ self.identity_admin_client.assign_user_role(tenant['id'],
+ user['id'], role['id'])
else:
- self.identity_admin_client.roles.add_user_role(user,
- role, tenant=tenant)
+ self.identity_admin_client.roles.add_user_role(user.id, role.id,
+ tenant.id)
def _delete_user(self, user):
if self.tempest_client:
@@ -149,22 +160,11 @@
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self._create_user(username, self.password,
tenant, email)
+ # NOTE(andrey-mp): user needs this role to create containers in swift
+ swift_operator_role = CONF.object_storage.operator_role
+ self._assign_user_role(tenant, user, swift_operator_role)
if admin:
- role = None
- try:
- roles = self._list_roles()
- admin_role = CONF.identity.admin_role
- if self.tempest_client:
- role = next(r for r in roles if r['name'] == admin_role)
- else:
- role = next(r for r in roles if r.name == admin_role)
- except StopIteration:
- msg = "No admin role found"
- raise exceptions.NotFound(msg)
- if self.tempest_client:
- self._assign_user_role(tenant['id'], user['id'], role['id'])
- else:
- self._assign_user_role(tenant.id, user.id, role.id)
+ self._assign_user_role(tenant, user, CONF.identity.admin_role)
return self._get_credentials(user, tenant)
def _get_credentials(self, user, tenant):
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_tenant_isolation.py
index 485beff..bbc3d15 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_tenant_isolation.py
@@ -42,6 +42,8 @@
self.fake_http = fake_http.fake_httplib2(return_type=200)
self.stubs.Set(http.ClosingHttp, 'request',
fake_identity._fake_v2_response)
+ cfg.CONF.set_default('operator_role', 'FakeRole',
+ group='object-storage')
def test_tempest_client(self):
iso_creds = isolated_creds.IsolatedCreds('test class')
@@ -92,6 +94,31 @@
{'id': id, 'name': name})))
return tenant_fix
+ def _mock_list_roles(self, id, name):
+ roles_fix = self.useFixture(mockpatch.PatchObject(
+ json_iden_client.IdentityClientJSON,
+ 'list_roles',
+ return_value=({'status': 200},
+ [{'id': id, 'name': name},
+ {'id': '1', 'name': 'FakeRole'}])))
+ return roles_fix
+
+ def _mock_assign_user_role(self):
+ tenant_fix = self.useFixture(mockpatch.PatchObject(
+ json_iden_client.IdentityClientJSON,
+ 'assign_user_role',
+ return_value=({'status': 200},
+ {})))
+ return tenant_fix
+
+ def _mock_list_role(self):
+ roles_fix = self.useFixture(mockpatch.PatchObject(
+ json_iden_client.IdentityClientJSON,
+ 'list_roles',
+ return_value=({'status': 200},
+ [{'id': '1', 'name': 'FakeRole'}])))
+ return roles_fix
+
def _mock_network_create(self, iso_creds, id, name):
net_fix = self.useFixture(mockpatch.PatchObject(
iso_creds.network_admin_client,
@@ -121,6 +148,8 @@
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
primary_creds = iso_creds.get_primary_creds()
@@ -135,13 +164,9 @@
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_list_roles('1234', 'admin')
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
- self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClientJSON,
- 'list_roles',
- return_value=({'status': 200},
- [{'id': '1234', 'name': 'admin'}])))
user_mock = mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role')
@@ -150,7 +175,9 @@
with mock.patch.object(json_iden_client.IdentityClientJSON,
'assign_user_role') as user_mock:
admin_creds = iso_creds.get_admin_creds()
- user_mock.assert_called_once_with('1234', '1234', '1234')
+ user_mock.assert_has_calls([
+ mock.call('1234', '1234', '1'),
+ mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant')
# Verify IDs
@@ -162,6 +189,8 @@
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
+ roles_fix = self._mock_list_role()
tenant_fix = self._mock_tenant_create('1234', 'fake_prim_tenant')
user_fix = self._mock_user_create('1234', 'fake_prim_user')
iso_creds.get_primary_creds()
@@ -172,16 +201,11 @@
iso_creds.get_alt_creds()
tenant_fix.cleanUp()
user_fix.cleanUp()
+ roles_fix.cleanUp()
tenant_fix = self._mock_tenant_create('123456', 'fake_admin_tenant')
user_fix = self._mock_user_create('123456', 'fake_admin_user')
- self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClientJSON,
- 'list_roles',
- return_value=({'status': 200},
- [{'id': '123456', 'name': 'admin'}])))
- with mock.patch.object(json_iden_client.IdentityClientJSON,
- 'assign_user_role'):
- iso_creds.get_admin_creds()
+ self._mock_list_roles('123456', 'admin')
+ iso_creds.get_admin_creds()
user_mock = self.patch(
'tempest.services.identity.json.identity_client.'
'IdentityClientJSON.delete_user')
@@ -209,6 +233,8 @@
cfg.CONF.set_default('neutron', False, 'service_available')
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
alt_creds = iso_creds.get_alt_creds()
@@ -222,6 +248,8 @@
def test_network_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_net')
@@ -247,6 +275,8 @@
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
# Create primary tenant and network
+ self._mock_assign_user_role()
+ roles_fix = self._mock_list_role()
user_fix = self._mock_user_create('1234', 'fake_prim_user')
tenant_fix = self._mock_tenant_create('1234', 'fake_prim_tenant')
net_fix = self._mock_network_create(iso_creds, '1234', 'fake_net')
@@ -278,6 +308,7 @@
net_fix.cleanUp()
subnet_fix.cleanUp()
router_fix.cleanUp()
+ roles_fix.cleanUp()
# Create admin tenant and networks
user_fix = self._mock_user_create('123456', 'fake_admin_user')
tenant_fix = self._mock_tenant_create('123456', 'fake_admin_tenant')
@@ -286,14 +317,8 @@
subnet_fix = self._mock_subnet_create(iso_creds, '123456',
'fake_admin_subnet')
router_fix = self._mock_router_create('123456', 'fake_admin_router')
- self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClientJSON,
- 'list_roles',
- return_value=({'status': 200},
- [{'id': '123456', 'name': 'admin'}])))
- with mock.patch.object(json_iden_client.IdentityClientJSON,
- 'assign_user_role'):
- iso_creds.get_admin_creds()
+ self._mock_list_roles('123456', 'admin')
+ iso_creds.get_admin_creds()
self.patch('tempest.services.identity.json.identity_client.'
'IdentityClientJSON.delete_user')
self.patch('tempest.services.identity.json.identity_client.'
@@ -348,6 +373,8 @@
def test_network_alt_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_alt_net')
@@ -372,6 +399,7 @@
def test_network_admin_creation(self, MockRestClient):
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
+ self._mock_assign_user_role()
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
self._mock_network_create(iso_creds, '1234', 'fake_admin_net')
@@ -380,14 +408,8 @@
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClientJSON.'
'add_router_interface_with_subnet_id')
- self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClientJSON,
- 'list_roles',
- return_value=({'status': 200},
- [{'id': '123456', 'name': 'admin'}])))
- with mock.patch.object(json_iden_client.IdentityClientJSON,
- 'assign_user_role'):
- iso_creds.get_admin_creds()
+ self._mock_list_roles('123456', 'admin')
+ iso_creds.get_admin_creds()
router_interface_mock.called_once_with('1234', '1234')
network = iso_creds.get_admin_network()
subnet = iso_creds.get_admin_subnet()
@@ -410,6 +432,8 @@
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
net = mock.patch.object(iso_creds.network_admin_client,
@@ -444,6 +468,8 @@
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
@@ -460,6 +486,8 @@
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
@@ -476,6 +504,8 @@
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password',
network_resources=net_dict)
+ self._mock_assign_user_role()
+ self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,