def get_tenant_network(cls, credentials_type='primary'):
"""Get the network to be used in testing
:param credentials_type: The type of credentials for which to get the
tenant network
:return: network dict including 'id' and 'name'
"""
# Get a manager for the given credentials_type, but at least
# always fall back on getting the manager for primary credentials
if isinstance(credentials_type, six.string_types):
manager = cls.get_client_manager(credential_type=credentials_type)
elif isinstance(credentials_type, list):
manager = cls.get_client_manager(roles=credentials_type[1:])
else:
manager = cls.get_client_manager()
# Make sure cred_provider exists and get a network client
networks_client = manager.compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the
# network configured in fixed_network_name, even if they can use it
# for their servers, so using an admin network client to validate
# the network name
if (not CONF.service_available.neutron and
credentials.is_admin_available(
identity_version=cls.get_identity_version())):
admin_creds = cred_provider.get_admin_creds()
admin_manager = clients.Manager(admin_creds.credentials)
networks_client = admin_manager.compute_networks_client
return fixed_network.get_tenant_network(
cred_provider, networks_client, CONF.compute.fixed_network_name)
def skip_checks(cls):
"""Class level skip checks.
Subclasses verify in here all conditions that might prevent the
execution of the entire test class.
Checks implemented here may not make use API calls, and should rely on
configuration alone.
In general skip checks that require an API call are discouraged.
If one is really needed it may be implemented either in the
resource_setup or at test level.
"""
identity_version = cls.get_identity_version()
if 'admin' in cls.credentials and not credentials.is_admin_available(
identity_version=identity_version):
msg = "Missing Identity Admin API credentials in configuration."
raise cls.skipException(msg)
if 'alt' in cls.credentials and not credentials.is_alt_available(
identity_version=identity_version):
msg = "Missing a 2nd set of API credentials in configuration."
raise cls.skipException(msg)
if hasattr(cls, 'identity_version'):
if cls.identity_version == 'v2':
if not CONF.identity_feature_enabled.api_v2:
raise cls.skipException("Identity api v2 is not enabled")
elif cls.identity_version == 'v3':
if not CONF.identity_feature_enabled.api_v3:
raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls):
"""Class level skip checks.
Subclasses verify in here all conditions that might prevent the
execution of the entire test class.
Checks implemented here may not make use API calls, and should rely on
configuration alone.
In general skip checks that require an API call are discouraged.
If one is really needed it may be implemented either in the
resource_setup or at test level.
"""
identity_version = cls.get_identity_version()
if 'admin' in cls.credentials and not credentials.is_admin_available(
identity_version=identity_version):
msg = "Missing Identity Admin API credentials in configuration."
raise cls.skipException(msg)
if 'alt' in cls.credentials and not credentials.is_alt_available(
identity_version=identity_version):
msg = "Missing a 2nd set of API credentials in configuration."
raise cls.skipException(msg)
if hasattr(cls, 'identity_version'):
if cls.identity_version == 'v2':
if not CONF.identity_feature_enabled.api_v2:
raise cls.skipException("Identity api v2 is not enabled")
elif cls.identity_version == 'v3':
if not CONF.identity_feature_enabled.api_v3:
raise cls.skipException("Identity api v3 is not enabled")
def get_tenant_network(cls, credentials_type='primary'):
"""Get the network to be used in testing
:param credentials_type: The type of credentials for which to get the
tenant network
:return: network dict including 'id' and 'name'
"""
# Get a manager for the given credentials_type, but at least
# always fall back on getting the manager for primary credentials
if isinstance(credentials_type, six.string_types):
manager = cls.get_client_manager(credential_type=credentials_type)
elif isinstance(credentials_type, list):
manager = cls.get_client_manager(roles=credentials_type[1:])
else:
manager = cls.get_client_manager()
# Make sure cred_provider exists and get a network client
networks_client = manager.compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the
# network configured in fixed_network_name, even if they can use it
# for their servers, so using an admin network client to validate
# the network name
if (not CONF.service_available.neutron and
credentials.is_admin_available(
identity_version=cls.get_identity_version())):
admin_creds = cred_provider.get_admin_creds()
admin_manager = clients.Manager(admin_creds.credentials)
networks_client = admin_manager.compute_networks_client
return fixed_network.get_tenant_network(
cred_provider, networks_client, CONF.compute.fixed_network_name)
def skip_checks(cls):
super(AutoAllocateNetworkTest, cls).skip_checks()
identity_version = cls.get_identity_version()
if not credentials.is_admin_available(identity_version=identity_version):
msg = "Missing Identity Admin API credentials in configuration."
raise cls.skipException(msg)
if not CONF.service_available.neutron:
raise cls.skipException("Neutron is required")
if not test.is_extension_enabled("auto-allocated-topology", "network"):
raise cls.skipException("auto-allocated-topology extension is not available")
def skip_checks(cls):
"""Class level skip checks.
Subclasses verify in here all conditions that might prevent the
execution of the entire test class. Skipping here prevents any other
class fixture from being executed i.e. no credentials or other
resource allocation will happen.
Tests defined in the test class will no longer appear in test results.
The `setUpClass` for the entire test class will be marked as SKIPPED
instead.
At this stage no test credentials are available, so skip checks
should rely on configuration alone. This is deliberate since skips
based on the result of an API call are discouraged.
The following checks are implemented in `test.py` already:
- check that alt credentials are available when requested by the test
- check that admin credentials are available when requested by the test
- check that the identity version specified by the test is marked as
enabled in the configuration
Overriders of skip_checks must always invoke skip_check on `super`
first.
Example::
@classmethod
def skip_checks(cls):
super(Example, cls).skip_checks()
if not CONF.service_available.my_service:
skip_msg = ("%s skipped as my_service is not available")
raise cls.skipException(skip_msg % cls.__name__)
"""
cls.__skip_checks_called = True
identity_version = cls.get_identity_version()
# setting force_tenant_isolation to True also needs admin credentials.
if ('admin' in cls.credentials or 'alt_admin' in cls.credentials
or getattr(cls, 'force_tenant_isolation', False)):
if not credentials.is_admin_available(
identity_version=identity_version):
raise cls.skipException(
"Missing Identity Admin API credentials in configuration.")
if 'alt' in cls.credentials and not credentials.is_alt_available(
identity_version=identity_version):
msg = "Missing a 2nd set of API credentials in configuration."
raise cls.skipException(msg)
if hasattr(cls, 'identity_version'):
if cls.identity_version == 'v2':
if not CONF.identity_feature_enabled.api_v2:
raise cls.skipException("Identity api v2 is not enabled")
elif cls.identity_version == 'v3':
if not CONF.identity_feature_enabled.api_v3:
raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls):
"""Class level skip checks.
Subclasses verify in here all conditions that might prevent the
execution of the entire test class. Skipping here prevents any other
class fixture from being executed i.e. no credentials or other
resource allocation will happen.
Tests defined in the test class will no longer appear in test results.
The `setUpClass` for the entire test class will be marked as SKIPPED
instead.
At this stage no test credentials are available, so skip checks
should rely on configuration alone. This is deliberate since skips
based on the result of an API call are discouraged.
The following checks are implemented in `test.py` already:
- check that alt credentials are available when requested by the test
- check that admin credentials are available when requested by the test
- check that the identity version specified by the test is marked as
enabled in the configuration
Overriders of skip_checks must always invoke skip_check on `super`
first.
Example::
@classmethod
def skip_checks(cls):
super(Example, cls).skip_checks()
if not CONF.service_available.my_service:
skip_msg = ("%s skipped as my_service is not available")
raise cls.skipException(skip_msg % cls.__name__)
"""
cls.__skip_checks_called = True
identity_version = cls.get_identity_version()
# setting force_tenant_isolation to True also needs admin credentials.
if ('admin' in cls.credentials or
getattr(cls, 'force_tenant_isolation', False)):
if not credentials.is_admin_available(
identity_version=identity_version):
raise cls.skipException(
"Missing Identity Admin API credentials in configuration.")
if 'alt' in cls.credentials and not credentials.is_alt_available(
identity_version=identity_version):
msg = "Missing a 2nd set of API credentials in configuration."
raise cls.skipException(msg)
if hasattr(cls, 'identity_version'):
if cls.identity_version == 'v2':
if not CONF.identity_feature_enabled.api_v2:
raise cls.skipException("Identity api v2 is not enabled")
elif cls.identity_version == 'v3':
if not CONF.identity_feature_enabled.api_v3:
raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls):
super(AutoAllocateNetworkTest, cls).skip_checks()
identity_version = cls.get_identity_version()
if not credentials.is_admin_available(
identity_version=identity_version):
msg = "Missing Identity Admin API credentials in configuration."
raise cls.skipException(msg)
if not CONF.service_available.neutron:
raise cls.skipException('Neutron is required')
if not test.is_extension_enabled('auto-allocated-topology', 'network'):
raise cls.skipException(
'auto-allocated-topology extension is not available')
def run_test(self, dynamic_creds, use_accounts_file, admin_creds):
cfg.CONF.set_default('use_dynamic_credentials',
dynamic_creds, group='auth')
if use_accounts_file:
accounts = [{'username': '******',
'tenant_name': 't1',
'password': '******'},
{'username': '******',
'tenant_name': 't2',
'password': '******'}]
if admin_creds == 'role':
accounts.append({'username': '******',
'tenant_name': 'admin',
'password': '******',
'roles': ['admin']})
elif admin_creds == 'type':
accounts.append({'username': '******',
'tenant_name': 'admin',
'password': '******',
'types': ['admin']})
self.useFixture(mockpatch.Patch(
'tempest.common.preprov_creds.read_accounts_yaml',
return_value=accounts))
cfg.CONF.set_default('test_accounts_file',
use_accounts_file, group='auth')
self.useFixture(mockpatch.Patch('os.path.isfile',
return_value=True))
else:
self.useFixture(mockpatch.Patch('os.path.isfile',
return_value=False))
if admin_creds:
username = '******'
tenant = 't'
password = '******'
domain = 'd'
else:
username = None
tenant = None
password = None
domain = None
cfg.CONF.set_default('admin_username', username, group='auth')
cfg.CONF.set_default('admin_tenant_name', tenant, group='auth')
cfg.CONF.set_default('admin_password', password, group='auth')
cfg.CONF.set_default('admin_domain_name', domain, group='auth')
expected = admin_creds is not None or dynamic_creds
observed = credentials.is_admin_available(
identity_version=self.identity_version)
self.assertEqual(expected, observed)
def run_test(self, dynamic_creds, use_accounts_file, admin_creds):
cfg.CONF.set_default('use_dynamic_credentials',
dynamic_creds, group='auth')
if use_accounts_file:
accounts = [{'username': '******',
'project_name': 't1',
'password': '******'},
{'username': '******',
'project_name': 't2',
'password': '******'}]
if admin_creds == 'role':
accounts.append({'username': '******',
'project_name': 'admin',
'password': '******',
'roles': ['admin']})
elif admin_creds == 'type':
accounts.append({'username': '******',
'project_name': 'admin',
'password': '******',
'types': ['admin']})
self.useFixture(fixtures.MockPatch(
'tempest.lib.common.preprov_creds.read_accounts_yaml',
return_value=accounts))
cfg.CONF.set_default('test_accounts_file',
use_accounts_file, group='auth')
self.useFixture(fixtures.MockPatch('os.path.isfile',
return_value=True))
else:
self.useFixture(fixtures.MockPatch('os.path.isfile',
return_value=False))
if admin_creds:
username = '******'
project = 't'
password = '******'
domain = 'd'
else:
username = None
project = None
password = None
domain = None
cfg.CONF.set_default('admin_username', username, group='auth')
cfg.CONF.set_default('admin_project_name', project, group='auth')
cfg.CONF.set_default('admin_password', password, group='auth')
cfg.CONF.set_default('admin_domain_name', domain, group='auth')
expected = admin_creds is not None or dynamic_creds
observed = credentials.is_admin_available(
identity_version=self.identity_version)
self.assertEqual(expected, observed)
def switch_role(self, test_obj, toggle_rbac_role=False):
self.user_id = test_obj.auth_provider.credentials.user_id
self.project_id = test_obj.auth_provider.credentials.tenant_id
self.token = test_obj.auth_provider.get_token()
self.identity_version = test_obj.get_identity_version()
if not credentials.is_admin_available(
identity_version=self.identity_version):
msg = "Missing Identity Admin API credentials in configuration."
raise rbac_exceptions.RbacResourceSetupFailed(msg)
self.roles_client = test_obj.os_admin.roles_v3_client
LOG.debug('Switching role to: %s', toggle_rbac_role)
try:
if not self.admin_role_id or not self.rbac_role_id:
self._get_roles()
self._validate_switch_role(test_obj, toggle_rbac_role)
if toggle_rbac_role:
self._add_role_to_user(self.rbac_role_id)
else:
self._add_role_to_user(self.admin_role_id)
except Exception as exp:
LOG.error(exp)
raise
finally:
# NOTE(felipemonteiro): These two comments below are copied from
# tempest.api.identity.v2/v3.test_users.
#
# Reset auth again to verify the password restore does work.
# Clear auth restores the original credentials and deletes
# cached auth data.
test_obj.auth_provider.clear_auth()
# Fernet tokens are not subsecond aware and Keystone should only be
# precise to the second. Sleep to ensure we are passing the second
# boundary before attempting to authenticate. If token is of type
# uuid, then do not sleep.
if not uuid_utils.is_uuid_like(self.token):
time.sleep(1)
test_obj.auth_provider.set_auth()
def get_tenant_network(cls):
"""Get the network to be used in testing
:return: network dict including 'id' and 'name'
"""
# Make sure cred_provider exists and get a network client
networks_client = cls.get_client_manager().compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the
# network configured in fixed_network_name, even if the can use it
# for their servers, so using an admin network client to validate
# the network name
if not CONF.service_available.neutron and credentials.is_admin_available(
identity_version=cls.get_identity_version()
):
admin_creds = cred_provider.get_admin_creds()
admin_manager = clients.Manager(admin_creds)
networks_client = admin_manager.compute_networks_client
return fixed_network.get_tenant_network(cred_provider, networks_client, CONF.compute.fixed_network_name)
def get_tenant_network(cls):
"""Get the network to be used in testing
:return: network dict including 'id' and 'name'
"""
# Make sure cred_provider exists and get a network client
networks_client = cls.get_client_manager().compute_networks_client
cred_provider = cls._get_credentials_provider()
# In case of nova network, isolated tenants are not able to list the
# network configured in fixed_network_name, even if they can use it
# for their servers, so using an admin network client to validate
# the network name
if (not CONF.service_available.neutron and
credentials.is_admin_available(
identity_version=cls.get_identity_version())):
admin_creds = cred_provider.get_admin_creds()
admin_manager = clients.Manager(admin_creds)
networks_client = admin_manager.compute_networks_client
return fixed_network.get_tenant_network(
cred_provider, networks_client, CONF.compute.fixed_network_name)
def execute(self, description):
"""Execute a http call
Execute a http call on an api that are expected to
result in client errors. First it uses invalid resources that are part
of the url, and then invalid data for queries and http request bodies.
:param description: A json file or dictionary with the following
entries:
name (required) name for the api
http-method (required) one of HEAD,GET,PUT,POST,PATCH,DELETE
url (required) the url to be appended to the catalog url with '%s'
for each resource mentioned
resources: (optional) A list of resource names such as "server",
"flavor", etc. with an element for each '%s' in the url. This
method will call self.get_resource for each element when
constructing the positive test case template so negative
subclasses are expected to return valid resource ids when
appropriate.
json-schema (optional) A valid json schema that will be used to
create invalid data for the api calls. For "GET" and "HEAD",
the data is used to generate query strings appended to the url,
otherwise for the body of the http call.
"""
LOG.info("Executing %s" % description["name"])
LOG.debug(description)
generator = importutils.import_class(
CONF.negative.test_generator)()
schema = description.get("json-schema", None)
method = description["http-method"]
url = description["url"]
expected_result = None
if "default_result_code" in description:
expected_result = description["default_result_code"]
resources = [self.get_resource(r) for
r in description.get("resources", [])]
if hasattr(self, "resource"):
# Note(mkoderer): The resources list already contains an invalid
# entry (see get_resource).
# We just send a valid json-schema with it
valid_schema = None
if schema:
valid_schema = \
valid.ValidTestGenerator().generate_valid(schema)
new_url, body = self._http_arguments(valid_schema, url, method)
elif hasattr(self, "_negtest_name"):
schema_under_test = \
valid.ValidTestGenerator().generate_valid(schema)
local_expected_result = \
generator.generate_payload(self, schema_under_test)
if local_expected_result is not None:
expected_result = local_expected_result
new_url, body = \
self._http_arguments(schema_under_test, url, method)
else:
raise Exception("testscenarios are not active. Please make sure "
"that your test runner supports the load_tests "
"mechanism")
if "admin_client" in description and description["admin_client"]:
if not credentials.is_admin_available(
identity_version=self.get_identity_version()):
msg = ("Missing Identity Admin API credentials in"
"configuration.")
raise self.skipException(msg)
creds = self.credentials_provider.get_admin_creds()
os_adm = clients.Manager(credentials=creds)
client = os_adm.negative_client
else:
client = self.client
resp, resp_body = client.send_request(method, new_url,
resources, body=body)
self._check_negative_response(expected_result, resp.status, resp_body)
def execute(self, description):
"""Execute a http call
Execute a http call on an api that are expected to
result in client errors. First it uses invalid resources that are part
of the url, and then invalid data for queries and http request bodies.
:param description: A json file or dictionary with the following
entries:
name (required) name for the api
http-method (required) one of HEAD,GET,PUT,POST,PATCH,DELETE
url (required) the url to be appended to the catalog url with '%s'
for each resource mentioned
resources: (optional) A list of resource names such as "server",
"flavor", etc. with an element for each '%s' in the url. This
method will call self.get_resource for each element when
constructing the positive test case template so negative
subclasses are expected to return valid resource ids when
appropriate.
json-schema (optional) A valid json schema that will be used to
create invalid data for the api calls. For "GET" and "HEAD",
the data is used to generate query strings appended to the url,
otherwise for the body of the http call.
"""
LOG.info("Executing %s" % description["name"])
LOG.debug(description)
generator = importutils.import_class(
CONF.negative.test_generator)()
schema = description.get("json-schema", None)
method = description["http-method"]
url = description["url"]
expected_result = None
if "default_result_code" in description:
expected_result = description["default_result_code"]
resources = [self.get_resource(r) for
r in description.get("resources", [])]
if hasattr(self, "resource"):
# Note(mkoderer): The resources list already contains an invalid
# entry (see get_resource).
# We just send a valid json-schema with it
valid_schema = None
if schema:
valid_schema = \
valid.ValidTestGenerator().generate_valid(schema)
new_url, body = self._http_arguments(valid_schema, url, method)
elif hasattr(self, "_negtest_name"):
schema_under_test = \
valid.ValidTestGenerator().generate_valid(schema)
local_expected_result = \
generator.generate_payload(self, schema_under_test)
if local_expected_result is not None:
expected_result = local_expected_result
new_url, body = \
self._http_arguments(schema_under_test, url, method)
else:
raise Exception("testscenarios are not active. Please make sure "
"that your test runner supports the load_tests "
"mechanism")
if "admin_client" in description and description["admin_client"]:
if not credentials.is_admin_available(
identity_version=self.get_identity_version()):
msg = ("Missing Identity Admin API credentials in"
"configuration.")
raise self.skipException(msg)
creds = self.credentials_provider.get_admin_creds()
os_adm = clients.Manager(credentials=creds)
client = os_adm.negative_client
else:
client = self.client
resp, resp_body = client.send_request(method, new_url,
resources, body=body)
self._check_negative_response(expected_result, resp.status, resp_body)
