Merge "Rename isolated creds to dynamic creds"
diff --git a/HACKING.rst b/HACKING.rst
index e15e213..3799046 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -136,7 +136,7 @@
Tear-down is also split in a series of steps (teardown stages), which are
stacked for execution only if the corresponding setup stage had been
reached during the setup phase. Tear-down stages are:
-- `clear_isolated_creds` (defined in the base test class)
+- `clear_credentials` (defined in the base test class)
- `resource_cleanup`
Skipping Tests
@@ -206,9 +206,10 @@
-----------------------
Tempest by default runs its tests in parallel this creates the possibility for
interesting interactions between tests which can cause unexpected failures.
-Tenant isolation provides protection from most of the potential race conditions
-between tests outside the same class. But there are still a few of things to
-watch out for to try to avoid issues when running your tests in parallel.
+Dynamic credentials provides protection from most of the potential race
+conditions between tests outside the same class. But there are still a few of
+things to watch out for to try to avoid issues when running your tests in
+parallel.
- Resources outside of a tenant scope still have the potential to conflict. This
is a larger concern for the admin tests since most resources and actions that
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index dd2f56b..f228040 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -63,39 +63,41 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Tempest currently also has 3 different internal methods for providing
-authentication to tests. Tenant isolation, locking test accounts, and
+authentication to tests. Dynamic credentials, locking test accounts, and
non-locking test accounts. Depending on which one is in use the configuration
of tempest is slightly different.
-Tenant Isolation
-""""""""""""""""
-Tenant isolation was originally create to enable running tempest in parallel.
+Dynamic Credentials
+"""""""""""""""""""
+Dynamic Credentials (formerly known as Tenant isolation) was originally created
+to enable running tempest in parallel.
For each test class it creates a unique set of user credentials to use for the
tests in the class. It can create up to 3 sets of username, password, and
tenant/project names for a primary user, an admin user, and an alternate user.
-To enable and use tenant isolation you only need to configure 2 things:
+To enable and use dynamic credentials you only need to configure 2 things:
#. A set of admin credentials with permissions to create users and
tenants/projects. This is specified in the auth section with the
- admin_username, admin_tenant_name, admin_domain_name, and admin_password
+ admin_username, admin_tenant_name, admin_domain_name and admin_password
options
- #. To enable tenant_isolation in the auth section with the
- allow_tenant_isolation option.
+ #. To enable dynamic_creds in the auth section with the
+ use_dynamic_credentials option.
This is also the currently the default credential provider enabled by tempest,
due to it's common use and ease of configuration.
It is worth pointing out that depending on your cloud configuration you might
-need to assign a role to each of the users created Tempest's tenant isolation.
+need to assign a role to each of the users created by Tempest's dynamic
+credentials.
This can be set using the *tempest_roles* option. It takes in a list of role
-names each of which will be assigned to each of the users created by tenant
-isolation. This option will not have any effect when set and tempest is not
-configured to use tenant isolation.
+names each of which will be assigned to each of the users created by dynamic
+credentials. This option will not have any effect when set and tempest is not
+configured to use dynamic credentials.
Locking Test Accounts (aka accounts.yaml or accounts file)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-For a long time using tenant isolation was the only method available if you
+For a long time using dynamic credentials was the only method available if you
wanted to enable parallel execution of tempest tests. However this was
insufficient for certain use cases because of the admin credentials requirement
to create the credential sets on demand. To get around that the accounts.yaml
@@ -103,7 +105,7 @@
using the list of credentials instead of creating them on demand. With locking
test accounts each test class will reserve a set of credentials from the
accounts.yaml before executing any of its tests so that each class is isolated
-like in tenant isolation.
+like with dynamic credentials.
To enable and use locking test accounts you need do a few things:
@@ -117,7 +119,7 @@
#. Provide tempest with the location of your accounts.yaml file with the
test_accounts_file option in the auth section
- #. Set allow_tenant_isolation = False in the auth group
+ #. Set use_dynamic_credentials = False in the auth group
It is worth pointing out that each set of credentials in the accounts.yaml
should have a unique tenant. This is required to provide proper isolation
@@ -149,7 +151,7 @@
And in the auth section:
- #. allow_tenant_isolation = False
+ #. use_dynamic_credentials = False
#. comment out 'test_accounts_file' or keep it as empty
It only makes sense to use it if parallel execution isn't needed, since tempest
@@ -295,28 +297,28 @@
misconfiguration or a missing network in the accounts file.
-With Tenant Isolation
-"""""""""""""""""""""
-With tenant isolation enabled and using nova-network then nothing changes. Your
-only option for configuration is to either set a fixed network name or not.
+With Dynamic Credentials
+""""""""""""""""""""""""
+With dynamic credentials enabled and using nova-network then nothing changes.
+Your only option for configuration is to either set a fixed network name or not.
However, in most cases it shouldn't matter because nova-network should have no
problem booting a server with multiple networks. If this is not the case for
your cloud then using an accounts file is recommended because it provides the
-necessary flexibility to describe your configuration. Tenant isolation is not
+necessary flexibility to describe your configuration. Dynamic credentials is not
able to dynamically allocate things as necessary if neutron is not enabled.
-With neutron and tenant isolation enabled there should not be any additional
+With neutron and dynamic credentials enabled there should not be any additional
configuration necessary to enable Tempest to create servers with working
networking, assuming you have properly configured the network section to work
for your cloud. Tempest will dynamically create the neutron resources necessary
to enable using servers with that network. Also, just as with the accounts
-file, if you specify a fixed network name while using neutron and tenant
-isolation it will enable running tests which require a static network and it
+file, if you specify a fixed network name while using neutron and dynamic
+credentials it will enable running tests which require a static network and it
will additionally be used as a fallback for server creation. However, unlike
accounts.yaml this should never be triggered.
-However, there is an option *create_isolated_networks* to disable tenant
-isolation's automatic provisioning of network resources. If this option is
+However, there is an option *create_isolated_networks* to disable dynamic
+credentials's automatic provisioning of network resources. If this option is
used you will have to either rely on there only being a single/default network
available for the server creation, or use *fixed_network_name* to inform
Tempest which network to use.
diff --git a/tempest/api/volume/admin/test_volume_quotas_negative.py b/tempest/api/volume/admin/test_volume_quotas_negative.py
index ec61cf3..9185553 100644
--- a/tempest/api/volume/admin/test_volume_quotas_negative.py
+++ b/tempest/api/volume/admin/test_volume_quotas_negative.py
@@ -38,7 +38,7 @@
'volumes': 1}
# NOTE(gfidente): no need to restore original quota set
- # after the tests as they only work with tenant isolation.
+ # after the tests as they only work with dynamic credentials.
cls.quotas_client.update_quota_set(
cls.demo_tenant_id,
**cls.shared_quota_set)
diff --git a/tempest/cmd/verify_tempest_config.py b/tempest/cmd/verify_tempest_config.py
index 4fcdf8b..2811070 100755
--- a/tempest/cmd/verify_tempest_config.py
+++ b/tempest/cmd/verify_tempest_config.py
@@ -348,7 +348,7 @@
CONF_PARSER = moves.configparser.SafeConfigParser()
CONF_PARSER.optionxform = str
CONF_PARSER.readfp(conf_file)
- icreds = credentials.get_isolated_credentials('verify_tempest_config')
+ icreds = credentials.get_credentials_provider('verify_tempest_config')
try:
os = clients.Manager(icreds.get_primary_creds())
services = check_service_availability(os, update)
@@ -370,7 +370,7 @@
CONF_PARSER.write(outfile)
outfile.close()
finally:
- icreds.clear_isolated_creds()
+ icreds.clear_creds()
if __name__ == "__main__":
diff --git a/tempest/common/accounts.py b/tempest/common/accounts.py
index 5fab85b..d843fea 100644
--- a/tempest/common/accounts.py
+++ b/tempest/common/accounts.py
@@ -51,7 +51,7 @@
self.hash_dict = self.get_hash_dict(accounts)
self.accounts_dir = os.path.join(lockutils.get_lock_path(CONF),
'test_accounts')
- self.isolated_creds = {}
+ self._creds = {}
@classmethod
def _append_role(cls, role, account_hash, hash_dict):
@@ -230,38 +230,38 @@
LOG.info("%s returned allocated creds:\n%s" % (self.name, clean_creds))
def get_primary_creds(self):
- if self.isolated_creds.get('primary'):
- return self.isolated_creds.get('primary')
+ if self._creds.get('primary'):
+ return self._creds.get('primary')
net_creds = self._get_creds()
- self.isolated_creds['primary'] = net_creds
+ self._creds['primary'] = net_creds
return net_creds
def get_alt_creds(self):
- if self.isolated_creds.get('alt'):
- return self.isolated_creds.get('alt')
+ if self._creds.get('alt'):
+ return self._creds.get('alt')
net_creds = self._get_creds()
- self.isolated_creds['alt'] = net_creds
+ self._creds['alt'] = net_creds
return net_creds
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
- exist_creds = self.isolated_creds.get(six.text_type(roles).encode(
+ exist_creds = self._creds.get(six.text_type(roles).encode(
'utf-8'), None)
# The force kwarg is used to allocate an additional set of creds with
# the same role list. The index used for the previously allocation
- # in the isolated_creds dict will be moved.
+ # in the preprov_creds dict will be moved.
if exist_creds and not force_new:
return exist_creds
elif exist_creds and force_new:
new_index = six.text_type(roles).encode('utf-8') + '-' + \
- six.text_type(len(self.isolated_creds)).encode('utf-8')
- self.isolated_creds[new_index] = exist_creds
+ six.text_type(len(self._creds)).encode('utf-8')
+ self._creds[new_index] = exist_creds
net_creds = self._get_creds(roles=roles)
- self.isolated_creds[six.text_type(roles).encode('utf-8')] = net_creds
+ self._creds[six.text_type(roles).encode('utf-8')] = net_creds
return net_creds
- def clear_isolated_creds(self):
- for creds in self.isolated_creds.values():
+ def clear_creds(self):
+ for creds in self._creds.values():
self.remove_credentials(creds)
def get_admin_creds(self):
@@ -320,36 +320,36 @@
return self._unique_creds('tenant_id')
def get_primary_creds(self):
- if self.isolated_creds.get('primary'):
- return self.isolated_creds.get('primary')
+ if self._creds.get('primary'):
+ return self._creds.get('primary')
primary_credential = cred_provider.get_configured_credentials(
credential_type='user', identity_version=self.identity_version)
- self.isolated_creds['primary'] = cred_provider.TestResources(
+ self._creds['primary'] = cred_provider.TestResources(
primary_credential)
- return self.isolated_creds['primary']
+ return self._creds['primary']
def get_alt_creds(self):
- if self.isolated_creds.get('alt'):
- return self.isolated_creds.get('alt')
+ if self._creds.get('alt'):
+ return self._creds.get('alt')
alt_credential = cred_provider.get_configured_credentials(
credential_type='alt_user',
identity_version=self.identity_version)
- self.isolated_creds['alt'] = cred_provider.TestResources(
+ self._creds['alt'] = cred_provider.TestResources(
alt_credential)
- return self.isolated_creds['alt']
+ return self._creds['alt']
- def clear_isolated_creds(self):
- self.isolated_creds = {}
+ def clear_creds(self):
+ self._creds = {}
def get_admin_creds(self):
creds = cred_provider.get_configured_credentials(
"identity_admin", fill_in=False)
- self.isolated_creds['admin'] = cred_provider.TestResources(creds)
- return self.isolated_creds['admin']
+ self._creds['admin'] = cred_provider.TestResources(creds)
+ return self._creds['admin']
def get_creds_by_roles(self, roles, force_new=False):
msg = "Credentials being specified through the config file can not be"\
" used with tests that specify using credentials by roles. "\
"Either exclude/skip the tests doing this or use either an "\
- "test_accounts_file or tenant isolation."
+ "test_accounts_file or dynamic credentials."
raise exceptions.InvalidConfiguration(msg)
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index 5e80f50..1221fc7 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -128,7 +128,7 @@
return
@abc.abstractmethod
- def clear_isolated_creds(self):
+ def clear_creds(self):
return
@abc.abstractmethod
diff --git a/tempest/common/credentials.py b/tempest/common/credentials.py
index 71d905f..691bd34 100644
--- a/tempest/common/credentials.py
+++ b/tempest/common/credentials.py
@@ -15,7 +15,7 @@
from tempest.common import accounts
from tempest.common import cred_provider
-from tempest.common import isolated_creds
+from tempest.common import dynamic_creds
from tempest import config
from tempest import exceptions
@@ -25,15 +25,15 @@
# Return the right implementation of CredentialProvider based on config
# Dropping interface and password, as they are never used anyways
# TODO(andreaf) Drop them from the CredentialsProvider interface completely
-def get_isolated_credentials(name, network_resources=None,
+def get_credentials_provider(name, network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
- # tenant isolation. A new account will be produced only for that test.
+ # dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
- if CONF.auth.allow_tenant_isolation or force_tenant_isolation:
- return isolated_creds.IsolatedCreds(
+ if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
+ return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version)
@@ -53,8 +53,8 @@
# creds area vailable.
def is_admin_available():
is_admin = True
- # If tenant isolation is enabled admin will be available
- if CONF.auth.allow_tenant_isolation:
+ # If dynamic credentials is enabled admin will be available
+ if CONF.auth.use_dynamic_credentials:
return is_admin
# Check whether test accounts file has the admin specified or not
elif (CONF.auth.test_accounts_file and
@@ -75,8 +75,8 @@
# are available so we can do a single call from skip_checks if alt
# creds area vailable.
def is_alt_available():
- # If tenant isolation is enabled admin will be available
- if CONF.auth.allow_tenant_isolation:
+ # If dynamic credentials is enabled admin will be available
+ if CONF.auth.use_dynamic_credentials:
return True
# Check whether test accounts file has the admin specified or not
if (CONF.auth.test_accounts_file and
diff --git a/tempest/common/isolated_creds.py b/tempest/common/dynamic_creds.py
similarity index 92%
rename from tempest/common/isolated_creds.py
rename to tempest/common/dynamic_creds.py
index 3850e0e..f0b6625 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/dynamic_creds.py
@@ -28,21 +28,21 @@
LOG = logging.getLogger(__name__)
-class IsolatedCreds(cred_provider.CredentialProvider):
+class DynamicCredentialProvider(cred_provider.CredentialProvider):
def __init__(self, identity_version=None, name=None,
network_resources=None):
- super(IsolatedCreds, self).__init__(identity_version, name,
- network_resources)
+ super(DynamicCredentialProvider, self).__init__(
+ identity_version, name, network_resources)
self.network_resources = network_resources
- self.isolated_creds = {}
+ self._creds = {}
self.ports = []
self.default_admin_creds = cred_provider.get_configured_credentials(
'identity_admin', fill_in=True,
identity_version=self.identity_version)
(self.identity_admin_client, self.network_admin_client,
self.networks_admin_client) = self._get_admin_clients()
- # Domain where isolated credentials are provisioned (v3 only).
+ # Domain where dynamic credentials are provisioned (v3 only).
# Use that of the admin account is None is configured.
self.creds_domain_name = None
if self.identity_version == 'v3':
@@ -205,17 +205,17 @@
router_id, subnet_id)
def get_credentials(self, credential_type):
- if self.isolated_creds.get(str(credential_type)):
- credentials = self.isolated_creds[str(credential_type)]
+ if self._creds.get(str(credential_type)):
+ credentials = self._creds[str(credential_type)]
else:
if credential_type in ['primary', 'alt', 'admin']:
is_admin = (credential_type == 'admin')
credentials = self._create_creds(admin=is_admin)
else:
credentials = self._create_creds(roles=credential_type)
- self.isolated_creds[str(credential_type)] = credentials
+ self._creds[str(credential_type)] = credentials
# Maintained until tests are ported
- LOG.info("Acquired isolated creds:\n credentials: %s"
+ LOG.info("Acquired dynamic creds:\n credentials: %s"
% credentials)
if (CONF.service_available.neutron and
not CONF.baremetal.driver_enabled and
@@ -240,15 +240,15 @@
def get_creds_by_roles(self, roles, force_new=False):
roles = list(set(roles))
# The roles list as a str will become the index as the dict key for
- # the created credentials set in the isolated_creds dict.
- exist_creds = self.isolated_creds.get(str(roles))
+ # the created credentials set in the dynamic_creds dict.
+ exist_creds = self._creds.get(str(roles))
# If force_new flag is True 2 cred sets with the same roles are needed
# handle this by creating a separate index for old one to store it
# separately for cleanup
if exist_creds and force_new:
- new_index = str(roles) + '-' + str(len(self.isolated_creds))
- self.isolated_creds[new_index] = exist_creds
- del self.isolated_creds[str(roles)]
+ new_index = str(roles) + '-' + str(len(self._creds))
+ self._creds[new_index] = exist_creds
+ del self._creds[str(roles)]
return self.get_credentials(roles)
def _clear_isolated_router(self, router_id, router_name):
@@ -289,8 +289,8 @@
def _clear_isolated_net_resources(self):
net_client = self.network_admin_client
- for cred in self.isolated_creds:
- creds = self.isolated_creds.get(cred)
+ for cred in self._creds:
+ creds = self._creds.get(cred)
if (not creds or not any([creds.router, creds.network,
creds.subnet])):
continue
@@ -317,11 +317,11 @@
self._clear_isolated_network(creds.network['id'],
creds.network['name'])
- def clear_isolated_creds(self):
- if not self.isolated_creds:
+ def clear_creds(self):
+ if not self._creds:
return
self._clear_isolated_net_resources()
- for creds in six.itervalues(self.isolated_creds):
+ for creds in six.itervalues(self._creds):
try:
self.creds_client.delete_user(creds.user_id)
except lib_exc.NotFound:
@@ -334,7 +334,7 @@
except lib_exc.NotFound:
LOG.warn("tenant with name: %s not found for delete" %
creds.tenant_name)
- self.isolated_creds = {}
+ self._creds = {}
def is_multi_user(self):
return True
diff --git a/tempest/config.py b/tempest/config.py
index 85db089..3c25e1f 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -53,7 +53,7 @@
"at least `2 * CONC` distinct accounts configured in "
" the `test_accounts_file`, with CONC == the "
"number of concurrent test processes."),
- cfg.BoolOpt('allow_tenant_isolation',
+ cfg.BoolOpt('use_dynamic_credentials',
default=True,
help="Allows test cases to create/destroy tenants and "
"users. This option requires that OpenStack Identity "
@@ -61,6 +61,8 @@
"test cases and parallel execution, can still be "
"achieved configuring a list of test accounts",
deprecated_opts=[cfg.DeprecatedOpt('allow_tenant_isolation',
+ group='auth'),
+ cfg.DeprecatedOpt('allow_tenant_isolation',
group='compute'),
cfg.DeprecatedOpt('allow_tenant_isolation',
group='orchestration')]),
@@ -76,9 +78,9 @@
group='auth')]),
cfg.BoolOpt('create_isolated_networks',
default=True,
- help="If allow_tenant_isolation is set to True and Neutron is "
- "enabled Tempest will try to create a usable network, "
- "subnet, and router when needed for each tenant it "
+ help="If use_dynamic_credentials is set to True and Neutron "
+ "is enabled Tempest will try to create a usable network, "
+ "subnet, and router when needed for each tenant it "
"creates. However in some neutron configurations, like "
"with VLAN provider networks, this doesn't work. So if "
"set to False the isolated networks will not be created"),
diff --git a/tempest/scenario/utils.py b/tempest/scenario/utils.py
index 2841060..63847c3 100644
--- a/tempest/scenario/utils.py
+++ b/tempest/scenario/utils.py
@@ -104,11 +104,11 @@
'subnet': False,
'dhcp': False,
}
- self.isolated_creds = credentials.get_isolated_credentials(
+ self.cred_provider = credentials.get_credentials_provider(
name='InputScenarioUtils',
identity_version=CONF.identity.auth_version,
network_resources=network_resources)
- os = clients.Manager(self.isolated_creds.get_primary_creds())
+ os = clients.Manager(self.cred_provider.get_primary_creds())
self.images_client = os.images_client
self.flavors_client = os.flavors_client
self.image_pattern = CONF.input_scenario.image_regex
@@ -120,7 +120,7 @@
return nname
def clear_creds(self):
- self.isolated_creds.clear_isolated_creds()
+ self.cred_provider.clear_creds()
@property
def scenario_images(self):
diff --git a/tempest/test.py b/tempest/test.py
index 142488c..490ee82 100644
--- a/tempest/test.py
+++ b/tempest/test.py
@@ -224,7 +224,7 @@
Tear-down is also split in a series of steps (teardown stages), which are
stacked for execution only if the corresponding setup stage had been
reached during the setup phase. Tear-down stages are:
- - clear_isolated_creds (defined in the base test class)
+ - clear_credentials (defined in the base test class)
- resource_cleanup
"""
@@ -258,7 +258,7 @@
cls.skip_checks()
try:
# Allocation of all required credentials and client managers
- cls.teardowns.append(('credentials', cls.clear_isolated_creds))
+ cls.teardowns.append(('credentials', cls.clear_credentials))
cls.setup_credentials()
# Shortcuts to clients
cls.setup_clients()
@@ -467,7 +467,7 @@
identity_version = getattr(cls, 'identity_version', None)
identity_version = identity_version or CONF.identity.auth_version
- cls._creds_provider = credentials.get_isolated_credentials(
+ cls._creds_provider = credentials.get_credentials_provider(
name=cls.__name__, network_resources=cls.network_resources,
force_tenant_isolation=force_tenant_isolation,
identity_version=identity_version)
@@ -515,12 +515,12 @@
return clients.Manager(credentials=creds, service=cls._service)
@classmethod
- def clear_isolated_creds(cls):
+ def clear_credentials(cls):
"""
- Clears isolated creds if set
+ Clears creds if set
"""
if hasattr(cls, '_creds_provider'):
- cls._creds_provider.clear_isolated_creds()
+ cls._creds_provider.clear_creds()
@classmethod
def set_validation_resources(cls, keypair=None, floating_ip=None,
@@ -589,7 +589,7 @@
:return: network dict including 'id' and 'name'
"""
- # Make sure isolated_creds exists and get a network client
+ # Make sure cred_provider exists and get a network client
networks_client = cls.get_client_manager().compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the
diff --git a/tempest/tests/common/test_admin_available.py b/tempest/tests/common/test_admin_available.py
index 9f47ccc..cd02597 100644
--- a/tempest/tests/common/test_admin_available.py
+++ b/tempest/tests/common/test_admin_available.py
@@ -30,7 +30,7 @@
def run_test(self, tenant_isolation, use_accounts_file, admin_creds):
- cfg.CONF.set_default('allow_tenant_isolation',
+ cfg.CONF.set_default('use_dynamic_credentials',
tenant_isolation, group='auth')
if use_accounts_file:
accounts = [{'username': 'u1',
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_dynamic_creds.py
similarity index 83%
rename from tempest/tests/test_tenant_isolation.py
rename to tempest/tests/test_dynamic_creds.py
index 5aba2c7..5f57268 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_dynamic_creds.py
@@ -17,7 +17,7 @@
from oslotest import mockpatch
from tempest_lib.services.identity.v2 import token_client as json_token_client
-from tempest.common import isolated_creds
+from tempest.common import dynamic_creds
from tempest.common import service_client
from tempest import config
from tempest import exceptions
@@ -30,10 +30,10 @@
from tempest.tests import fake_identity
-class TestTenantIsolation(base.TestCase):
+class TestDynamicCredentialProvider(base.TestCase):
def setUp(self):
- super(TestTenantIsolation, self).setUp()
+ super(TestDynamicCredentialProvider, self).setUp()
self.useFixture(fake_config.ConfigFixture())
self.stubs.Set(config, 'TempestConfigPrivate', fake_config.FakePrivate)
self.fake_http = fake_http.fake_httplib2(return_type=200)
@@ -44,10 +44,10 @@
self._mock_list_ec2_credentials('fake_user_id', 'fake_tenant_id')
def test_tempest_client(self):
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
- self.assertTrue(isinstance(iso_creds.identity_admin_client,
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
+ self.assertTrue(isinstance(creds.identity_admin_client,
json_iden_client.IdentityClient))
- self.assertTrue(isinstance(iso_creds.network_admin_client,
+ self.assertTrue(isinstance(creds.network_admin_client,
json_network_client.NetworkClient))
def _mock_user_create(self, id, name):
@@ -142,12 +142,12 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_primary_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
- primary_creds = iso_creds.get_primary_creds()
+ primary_creds = creds.get_primary_creds()
self.assertEqual(primary_creds.username, 'fake_prim_user')
self.assertEqual(primary_creds.tenant_name, 'fake_prim_tenant')
# Verify IDs
@@ -157,7 +157,7 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_admin_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_list_roles('1234', 'admin')
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
@@ -168,7 +168,7 @@
self.addCleanup(user_mock.stop)
with mock.patch.object(json_iden_client.IdentityClient,
'assign_user_role') as user_mock:
- admin_creds = iso_creds.get_admin_creds()
+ admin_creds = creds.get_admin_creds()
user_mock.assert_has_calls([
mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
@@ -180,7 +180,7 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_role_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
- iso_creds = isolated_creds.IsolatedCreds('v2', 'test class')
+ creds = dynamic_creds.DynamicCredentialProvider('v2', 'test class')
self._mock_list_2_roles()
self._mock_user_create('1234', 'fake_role_user')
self._mock_tenant_create('1234', 'fake_role_tenant')
@@ -191,7 +191,8 @@
self.addCleanup(user_mock.stop)
with mock.patch.object(json_iden_client.IdentityClient,
'assign_user_role') as user_mock:
- role_creds = iso_creds.get_creds_by_roles(roles=['role1', 'role2'])
+ role_creds = creds.get_creds_by_roles(
+ roles=['role1', 'role2'])
calls = user_mock.mock_calls
# Assert that the role creation is called with the 2 specified roles
self.assertEqual(len(calls), 2)
@@ -208,26 +209,26 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_all_cred_cleanup(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
- iso_creds.get_primary_creds()
+ creds.get_primary_creds()
self._mock_tenant_create('12345', 'fake_alt_tenant')
self._mock_user_create('12345', 'fake_alt_user')
- iso_creds.get_alt_creds()
+ creds.get_alt_creds()
self._mock_tenant_create('123456', 'fake_admin_tenant')
self._mock_user_create('123456', 'fake_admin_user')
self._mock_list_roles('123456', 'admin')
- iso_creds.get_admin_creds()
+ creds.get_admin_creds()
user_mock = self.patch(
'tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_user')
tenant_mock = self.patch(
'tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_tenant')
- iso_creds.clear_isolated_creds()
+ creds.clear_creds()
# Verify user delete calls
calls = user_mock.mock_calls
self.assertEqual(len(calls), 3)
@@ -248,12 +249,12 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_alt_creds(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
- alt_creds = iso_creds.get_alt_creds()
+ alt_creds = creds.get_alt_creds()
self.assertEqual(alt_creds.username, 'fake_alt_user')
self.assertEqual(alt_creds.tenant_name, 'fake_alt_tenant')
# Verify IDs
@@ -263,22 +264,22 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_no_network_creation_with_config_set(self, MockRestClient):
cfg.CONF.set_default('create_isolated_networks', False, group='auth')
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
- net = mock.patch.object(iso_creds.networks_admin_client,
+ net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
- subnet = mock.patch.object(iso_creds.network_admin_client,
+ subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
- router = mock.patch.object(iso_creds.network_admin_client,
+ router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
- primary_creds = iso_creds.get_primary_creds()
+ primary_creds = creds.get_primary_creds()
self.assertEqual(net_mock.mock_calls, [])
self.assertEqual(subnet_mock.mock_calls, [])
self.assertEqual(router_mock.mock_calls, [])
@@ -291,18 +292,18 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_creation(self, MockRestClient):
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
- self._mock_network_create(iso_creds, '1234', 'fake_net')
- self._mock_subnet_create(iso_creds, '1234', 'fake_subnet')
+ self._mock_network_create(creds, '1234', 'fake_net')
+ self._mock_subnet_create(creds, '1234', 'fake_subnet')
self._mock_router_create('1234', 'fake_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
- primary_creds = iso_creds.get_primary_creds()
+ primary_creds = creds.get_primary_creds()
router_interface_mock.called_once_with('1234', '1234')
network = primary_creds.network
subnet = primary_creds.subnet
@@ -322,73 +323,71 @@
"description": args['name'],
"security_group_rules": [],
"id": "sg-%s" % args['tenant_id']}]}
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
# Create primary tenant and network
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
- self._mock_network_create(iso_creds, '1234', 'fake_net')
- self._mock_subnet_create(iso_creds, '1234', 'fake_subnet')
+ self._mock_network_create(creds, '1234', 'fake_net')
+ self._mock_subnet_create(creds, '1234', 'fake_subnet')
self._mock_router_create('1234', 'fake_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
- iso_creds.get_primary_creds()
+ creds.get_primary_creds()
router_interface_mock.called_once_with('1234', '1234')
router_interface_mock.reset_mock()
# Create alternate tenant and network
self._mock_user_create('12345', 'fake_alt_user')
self._mock_tenant_create('12345', 'fake_alt_tenant')
- self._mock_network_create(iso_creds, '12345', 'fake_alt_net')
- self._mock_subnet_create(iso_creds, '12345',
- 'fake_alt_subnet')
+ self._mock_network_create(creds, '12345', 'fake_alt_net')
+ self._mock_subnet_create(creds, '12345', 'fake_alt_subnet')
self._mock_router_create('12345', 'fake_alt_router')
- iso_creds.get_alt_creds()
+ creds.get_alt_creds()
router_interface_mock.called_once_with('12345', '12345')
router_interface_mock.reset_mock()
# Create admin tenant and networks
self._mock_user_create('123456', 'fake_admin_user')
self._mock_tenant_create('123456', 'fake_admin_tenant')
- self._mock_network_create(iso_creds, '123456',
- 'fake_admin_net')
- self._mock_subnet_create(iso_creds, '123456',
- 'fake_admin_subnet')
+ self._mock_network_create(creds, '123456', 'fake_admin_net')
+ self._mock_subnet_create(creds, '123456', 'fake_admin_subnet')
self._mock_router_create('123456', 'fake_admin_router')
self._mock_list_roles('123456', 'admin')
- iso_creds.get_admin_creds()
+ creds.get_admin_creds()
self.patch('tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_user')
self.patch('tempest.services.identity.v2.json.identity_client.'
'IdentityClient.delete_tenant')
- net = mock.patch.object(iso_creds.networks_admin_client,
+ net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
- subnet = mock.patch.object(iso_creds.network_admin_client,
+ subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
- router = mock.patch.object(iso_creds.network_admin_client,
+ router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
remove_router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'remove_router_interface_with_subnet_id')
return_values = ({'status': 200}, {'ports': []})
- port_list_mock = mock.patch.object(iso_creds.network_admin_client,
+ port_list_mock = mock.patch.object(creds.network_admin_client,
'list_ports',
return_value=return_values)
port_list_mock.start()
- secgroup_list_mock = mock.patch.object(iso_creds.network_admin_client,
- 'list_security_groups',
- side_effect=side_effect)
+ secgroup_list_mock = mock.patch.object(
+ creds.network_admin_client,
+ 'list_security_groups',
+ side_effect=side_effect)
secgroup_list_mock.start()
return_values = (fake_http.fake_httplib({}, status=204), {})
remove_secgroup_mock = self.patch(
'tempest.services.network.json.network_client.'
'NetworkClient.delete', return_value=return_values)
- iso_creds.clear_isolated_creds()
+ creds.clear_creds()
# Verify default security group delete
calls = remove_secgroup_mock.mock_calls
self.assertEqual(len(calls), 3)
@@ -432,18 +431,18 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_alt_creation(self, MockRestClient):
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_alt_user')
self._mock_tenant_create('1234', 'fake_alt_tenant')
- self._mock_network_create(iso_creds, '1234', 'fake_alt_net')
- self._mock_subnet_create(iso_creds, '1234', 'fake_alt_subnet')
+ self._mock_network_create(creds, '1234', 'fake_alt_net')
+ self._mock_subnet_create(creds, '1234', 'fake_alt_subnet')
self._mock_router_create('1234', 'fake_alt_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
- alt_creds = iso_creds.get_alt_creds()
+ alt_creds = creds.get_alt_creds()
router_interface_mock.called_once_with('1234', '1234')
network = alt_creds.network
subnet = alt_creds.subnet
@@ -457,18 +456,18 @@
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_network_admin_creation(self, MockRestClient):
- iso_creds = isolated_creds.IsolatedCreds(name='test class')
+ creds = dynamic_creds.DynamicCredentialProvider(name='test class')
self._mock_assign_user_role()
self._mock_user_create('1234', 'fake_admin_user')
self._mock_tenant_create('1234', 'fake_admin_tenant')
- self._mock_network_create(iso_creds, '1234', 'fake_admin_net')
- self._mock_subnet_create(iso_creds, '1234', 'fake_admin_subnet')
+ self._mock_network_create(creds, '1234', 'fake_admin_net')
+ self._mock_subnet_create(creds, '1234', 'fake_admin_subnet')
self._mock_router_create('1234', 'fake_admin_router')
router_interface_mock = self.patch(
'tempest.services.network.json.network_client.NetworkClient.'
'add_router_interface_with_subnet_id')
self._mock_list_roles('123456', 'admin')
- admin_creds = iso_creds.get_admin_creds()
+ admin_creds = creds.get_admin_creds()
router_interface_mock.called_once_with('1234', '1234')
network = admin_creds.network
subnet = admin_creds.subnet
@@ -488,23 +487,23 @@
'subnet': False,
'dhcp': False,
}
- iso_creds = isolated_creds.IsolatedCreds(name='test class',
- network_resources=net_dict)
+ creds = dynamic_creds.DynamicCredentialProvider(
+ name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
- net = mock.patch.object(iso_creds.networks_admin_client,
+ net = mock.patch.object(creds.networks_admin_client,
'delete_network')
net_mock = net.start()
- subnet = mock.patch.object(iso_creds.network_admin_client,
+ subnet = mock.patch.object(creds.network_admin_client,
'delete_subnet')
subnet_mock = subnet.start()
- router = mock.patch.object(iso_creds.network_admin_client,
+ router = mock.patch.object(creds.network_admin_client,
'delete_router')
router_mock = router.start()
- primary_creds = iso_creds.get_primary_creds()
+ primary_creds = creds.get_primary_creds()
self.assertEqual(net_mock.mock_calls, [])
self.assertEqual(subnet_mock.mock_calls, [])
self.assertEqual(router_mock.mock_calls, [])
@@ -523,14 +522,14 @@
'subnet': False,
'dhcp': False,
}
- iso_creds = isolated_creds.IsolatedCreds(name='test class',
- network_resources=net_dict)
+ creds = dynamic_creds.DynamicCredentialProvider(
+ name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
- iso_creds.get_primary_creds)
+ creds.get_primary_creds)
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_subnet_without_network(self, MockRestClient):
@@ -540,14 +539,14 @@
'subnet': True,
'dhcp': False,
}
- iso_creds = isolated_creds.IsolatedCreds(name='test class',
- network_resources=net_dict)
+ creds = dynamic_creds.DynamicCredentialProvider(
+ name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
- iso_creds.get_primary_creds)
+ creds.get_primary_creds)
@mock.patch('tempest_lib.common.rest_client.RestClient')
def test_dhcp_without_subnet(self, MockRestClient):
@@ -557,11 +556,11 @@
'subnet': False,
'dhcp': True,
}
- iso_creds = isolated_creds.IsolatedCreds(name='test class',
- network_resources=net_dict)
+ creds = dynamic_creds.DynamicCredentialProvider(
+ name='test class', network_resources=net_dict)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self.assertRaises(exceptions.InvalidConfiguration,
- iso_creds.get_primary_creds)
+ creds.get_primary_creds)