Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / db9721dfecd99421f89ca9e263a97271e5f79ca0^! / .
commitdb9721dfecd99421f89ca9e263a97271e5f79ca0[log] [tgz]
authorMatthew Treinish <mtreinish@kortar.org>Wed Mar 18 14:21:28 2015 -0400
committerMatthew Treinish <mtreinish@kortar.org>Wed Mar 18 22:08:47 2015 -0400
treefe606e84701b4ffab3c0597400a531e9cc51c2b1
parentf731aa355e0b2774b1fec563c0685c88af8fbcdb [diff]
Respect configured credential provider everywhere

This commit changes all the uses of the old AdminManager and Manager()
constructs to use cls.isolated_creds to provide user credentials from
whatever the configured credential provider is being used instead of
assuming it's the non-locking accounts provider without an accounts.yaml
file. As part of this we need to add a heat option for the stack owner
role so that we can request the creds by that role. The heat tests were
previously making an implicit assumption about the configured user having
that role assigned. Which while true in devstack today, it isn't
necessarily the case everywhere.

Depends-On: Id98a83f0a716de0fdb5f36d03407364830e8fa5f
Closes-Bug: #1433723
Change-Id: Ie071cb2cb6add591a60c9d76a12c95b7fb5ee539

diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 0246488..2a35aff 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample

@@ -873,6 +873,9 @@
 # Allowed values: public, admin, internal, publicURL, adminURL, internalURL
 #endpoint_type = publicURL
 
+# Role required for users to be able to manage stacks (string value)
+#stack_owner_role = heat_stack_owner
+
 # Time in seconds between build status checks. (integer value)
 #build_interval = 1
 

diff --git a/tempest/api/baremetal/admin/base.py b/tempest/api/baremetal/admin/base.py
index 2834b2b..cf2484d 100644
--- a/tempest/api/baremetal/admin/base.py
+++ b/tempest/api/baremetal/admin/base.py

@@ -16,6 +16,7 @@
 from tempest_lib import exceptions as lib_exc
 
 from tempest import clients
+from tempest.common import credentials
 from tempest import config
 from tempest import test
 
@@ -69,7 +70,11 @@
     @classmethod
     def setup_credentials(cls):
         super(BaseBaremetalTest, cls).setup_credentials()
-        cls.mgr = clients.AdminManager()
+        if (not hasattr(cls, 'isolated_creds') or
+            not cls.isolated_creds.name == cls.__name__):
+            cls.isolated_creds = credentials.get_isolated_credentials(
+                name=cls.__name__, network_resources=cls.network_resources)
+        cls.mgr = clients.Manager(cls.isolated_creds.get_admin_creds())
 
     @classmethod
     def setup_clients(cls):

diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 543dea1..882ef98 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py

@@ -31,8 +31,8 @@
     @classmethod
     def setup_credentials(cls):
         super(BaseIdentityAdminTest, cls).setup_credentials()
-        cls.os_adm = clients.AdminManager()
-        cls.os = clients.Manager()
+        cls.os = cls.get_client_manager()
+        cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
 
     @classmethod
     def disable_user(cls, user_name):

diff --git a/tempest/api/orchestration/base.py b/tempest/api/orchestration/base.py
index 1877bbf..59fdec0 100644
--- a/tempest/api/orchestration/base.py
+++ b/tempest/api/orchestration/base.py

@@ -18,6 +18,7 @@
 import yaml
 
 from tempest import clients
+from tempest.common import credentials
 from tempest import config
 import tempest.test
 
@@ -38,7 +39,19 @@
     @classmethod
     def setup_credentials(cls):
         super(BaseOrchestrationTest, cls).setup_credentials()
-        cls.os = clients.Manager()
+        if (not hasattr(cls, 'isolated_creds') or
+            not cls.isolated_creds.name == cls.__name__):
+            cls.isolated_creds = credentials.get_isolated_credentials(
+                name=cls.__name__, network_resources=cls.network_resources)
+        stack_owner_role = CONF.orchestration.stack_owner_role
+        if not cls.isolated_creds.is_role_available(stack_owner_role):
+            skip_msg = ("%s skipped because the configured credential provider"
+                        " is not able to provide credentials with the %s role "
+                        "assigned." % (cls.__name__, stack_owner_role))
+            raise cls.skipException(skip_msg)
+        else:
+            cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+                [stack_owner_role]))
 
     @classmethod
     def setup_clients(cls):
@@ -70,7 +83,7 @@
     @classmethod
     def _get_identity_admin_client(cls):
         """Returns an instance of the Identity Admin API client."""
-        manager = clients.AdminManager()
+        manager = clients.Manager(cls.isolated_creds.get_admin_creds())
         admin_client = manager.identity_client
         return admin_client
 

diff --git a/tempest/config.py b/tempest/config.py
index a127194..119de0e 100644
--- a/tempest/config.py
+++ b/tempest/config.py

@@ -690,6 +690,8 @@
                choices=['public', 'admin', 'internal',
                         'publicURL', 'adminURL', 'internalURL'],
                help="The endpoint type to use for the orchestration service."),
+    cfg.StrOpt('stack_owner_role', default='heat_stack_owner',
+               help='Role required for users to be able to manage stacks'),
     cfg.IntOpt('build_interval',
                default=1,
                help="Time in seconds between build status checks."),