commit feff1cc786d5b38b630c66b6808e4974ab22ac4e
author Mykyta Karpin <mkarpin@mirantis.com> Mon May 21 15:56:22 2018 +0000
committer Mykyta Karpin <mkarpin@mirantis.com> Tue May 22 09:09:20 2018 +0000
tree 705daa733d2b7bf96ad26d8aa39417ffe4f77a56
parent 576db5f15adf6d16fc32780f74812bcb6c61ad48

Add ability to enable static credentials mode in tempest

For some test cases (Barbican, Ldap) we need to have an ability
to set tempest to work with static credentials.

Change-Id: If93445cc27b087d4f3a1a0dbb456b3c7acef0923
Related-Prod: https://mirantis.jira.com/browse/PROD-18731

metadata/service/tempest/test_accounts.yml

diff --git a/metadata/service/tempest/test_accounts.yml b/metadata/service/tempest/test_accounts.yml
new file mode 100644
index 0000000..db80c3c
--- /dev/null
+++ b/metadata/service/tempest/test_accounts.yml
@@ -0,0 +1,23 @@
+parameters:
+  _param:
+    runtest_tempest_test_accounts_cfg_path: ${_param:runtest_tempest_cfg_dir}/accounts.yaml
+    runtest_tempest_test_accounts_enabled: True
+    runtest_tempest_test_accounts_admin_access_enabled: False
+    runtest_tempest_test_accounts_prefix: Tempest_Test
+    runtest_tempest_concurrency: 2
+    runtest_tempest_use_dynamic_credentials: False
+    runtest_tempest_test_accounts_file: /root/tempest/accounts.yaml
+    runtest_tempest_test_accounts_roles:
+      - Member
+  runtest:
+    tempest:
+      concurrency: ${_param:runtest_tempest_concurrency}
+      auth:
+        create_isolated_networks: false
+        test_accounts_file: ${_param:runtest_tempest_test_accounts_file}
+      test_accounts:
+        enabled: ${_param:runtest_tempest_test_accounts_enabled}
+        cfg_path: ${_param:runtest_tempest_test_accounts_cfg_path}
+        admin_access_enabled: ${_param:runtest_tempest_test_accounts_admin_access_enabled}
+        prefix: ${_param:runtest_tempest_test_accounts_prefix}
+        roles: ${_param:runtest_tempest_test_accounts_roles}

runtest/files/test_accounts.yml

diff --git a/runtest/files/test_accounts.yml b/runtest/files/test_accounts.yml
new file mode 100644
index 0000000..12d5235
--- /dev/null
+++ b/runtest/files/test_accounts.yml
@@ -0,0 +1,35 @@
+{%- from "runtest/map.jinja" import tempest with context %}
+{%- from "keystone/map.jinja" import client as kclient with context %}
+{%- set prefix = tempest.test_accounts.get('prefix', 'Test') %}
+{%- set projects_num = tempest.get('concurrency', 2)*2 %}
+
+{%- for n in range(0,projects_num) %}
+{%-   set project_index = n|string %}
+{%-   set project_name = prefix + '_project_' + project_index %}
+{%-   set user_name = prefix + '_user_' + project_index %}
+{%-   set network_name = prefix + '_net_' + project_index %}
+{%-   set router_name = prefix + '_router_' + project_index %}
+
+{%- if tempest.test_accounts.get('admin_access_enabled', False) %}
+{%- set identity_name = tempest.get('keystone_profile_admin', 'admin_identity') %}
+{%- set admin_project = kclient.get('os_client_config',{}).get('cfgs', {}).get('root', {}).get('content',{}).get('clouds',{}).get(identity_name, {}).get('auth', {}).get('project_name', 'admin') %}
+{%- set admin_user_name = prefix + '_admin_' + project_index %}
+- username: {{ admin_user_name }}
+  project_name: {{ admin_project }}
+  password: 'secret'
+  roles:
+    - 'admin'
+{%- endif %}
+
+- username: {{ user_name }}
+  project_name: {{ project_name }}
+  password: 'workshop'
+  roles:
+{%- for role_name in tempest.test_accounts.get('roles', ['Member']) %}
+    - {{ role_name }}
+{%- endfor %}
+  resources:
+    network: {{ network_name }}
+    router: {{ router_name }}
+{%- endfor %}
+

runtest/test_accounts.sls

diff --git a/runtest/test_accounts.sls b/runtest/test_accounts.sls
new file mode 100644
index 0000000..15eb858
--- /dev/null
+++ b/runtest/test_accounts.sls
@@ -0,0 +1,107 @@
+{%- from "runtest/map.jinja" import tempest with context %}
+{%- from "keystone/map.jinja" import client as kclient with context %}
+{%- if tempest.get('test_accounts', {}).get('enabled', False) %}
+
+{% set prefix = tempest.get('test_accounts', {}).get('prefix', 'Test') %}
+{% set identity_name = tempest.get('keystone_profile_admin', 'admin_identity') %}
+
+{%- macro load_accounts_file() %}{% include 'runtest/files/test_accounts.yml' %}{% endmacro %}
+{%- set accounts_yaml = load_accounts_file()|load_yaml %}
+{%- set count = 1 %}
+
+{%- for account in accounts_yaml %}
+
+{% set project_name = account['project_name'] %}
+{% set user_name = account['username'] %}
+{% set roles = account['roles'] %}
+{% set network_name = account.get('resources', {}).get('network', '') %}
+{% set router_name = account.get('resources', {}).get('router', '') %}
+{% set admin_project = kclient.get('os_client_config',{}).get('cfgs', {}).get('root', {}).get('content',{}).get('clouds',{}).get(identity_name, {}).get('auth', {}).get('project_name', 'admin') %}
+
+{%- if project_name != admin_project %}
+keystone_project_{{ project_name }}:
+  keystonev3.project_present:
+  - cloud_name: {{ identity_name }}
+  - name: {{ project_name }}
+  - description: {{ project_name }} for Openstack Testing
+  - enabled: True
+{% endif %}
+
+keystone_user_{{ user_name }}:
+  keystonev3.user_present:
+  - cloud_name: {{ identity_name }}
+  - name: {{ user_name }}
+  - default_project_id: {{ project_name }}
+  - enabled: true
+  - password: {{ account['password'] }}
+  - email: {{ user_name }}@test.tst
+
+{%- for role_name in roles %}
+keystone_user_{{ user_name }}_role_{{ role_name }}_assigned:
+  keystonev3.user_role_assigned:
+    - name: {{ user_name }}
+    - role_id: {{ role_name }}
+    - cloud_name: {{ identity_name }}
+    - project_id: {{ project_name }}
+{%- endfor %}
+
+{% if network_name %}
+{% set subnet_name = network_name + '_subnet' %}
+{% set subnet_prefix = '10.199.' + count|string %}
+{% set count = count + 1 %}
+
+neutron_openstack_network_{{ network_name }}:
+  neutronng.network_present:
+    - name: {{ network_name }}
+    - profile: {{ identity_name }}
+    - tenant: {{ project_name }}
+    - router_external: False
+    - admin_state_up: True
+    - shared: False
+
+neutron_openstack_subnet_{{ subnet_name }}:
+  neutronng.subnet_present:
+    - name: {{ subnet_name }}
+    - network_name: {{ network_name }}
+    - profile: {{ identity_name }}
+    - tenant: {{ project_name }}
+    - cidr: {{ subnet_prefix + '.0/24' }}
+    - enable_dhcp: True
+    - allocation_pools:
+      - start: {{ subnet_prefix + '.10' }}
+        end: {{ subnet_prefix + '.254' }}
+    - gateway_ip: {{ subnet_prefix + '.1' }}
+    - require:
+      - neutronng: neutron_openstack_network_{{ network_name }}
+{% endif %}
+
+{% if router_name %}
+neutron_openstack_router_{{ router_name }}:
+  neutronng.router_present:
+    - name: {{ router_name }}
+    - interfaces:
+      - {{ subnet_name }}
+    - gateway_network: {{ tempest.get('network', {}).get('floating_network_name', 'public') }}
+    - profile: {{ identity_name }}
+    - tenant: {{ project_name }}
+    - admin_state_up: True
+    - require:
+      - neutronng: neutron_openstack_subnet_{{ subnet_name }}
+{% endif %}
+
+{%- endfor %}
+
+generate_test_accounts_file:
+  file.managed:
+    - name: {{ tempest.test_accounts.cfg_path }}
+    - contents: |
+        {{ accounts_yaml |yaml(False)|indent(8) }}
+
+{%- if tempest.test_target is defined %}
+copy_test_accounts_file:
+  cmd.run:
+    - name: salt-cp {{ tempest.test_target }} {{ tempest.test_accounts.cfg_path}} {{ tempest.test_accounts.cfg_path }}
+    - require:
+      - file: generate_test_accounts_file
+{%- endif %}
+{%- endif %}