def get_tenant_network(cls, credentials_type='primary'): """Get the network to be used in testing :param credentials_type: The type of credentials for which to get the tenant network :return: network dict including 'id' and 'name' """ # Get a manager for the given credentials_type, but at least # always fall back on getting the manager for primary credentials if isinstance(credentials_type, six.string_types): manager = cls.get_client_manager(credential_type=credentials_type) elif isinstance(credentials_type, list): manager = cls.get_client_manager(roles=credentials_type[1:]) else: manager = cls.get_client_manager() # Make sure cred_provider exists and get a network client networks_client = manager.compute_networks_client cred_provider = cls._get_credentials_provider() # In case of nova network, isolated tenants are not able to list the # network configured in fixed_network_name, even if they can use it # for their servers, so using an admin network client to validate # the network name if (not CONF.service_available.neutron and credentials.is_admin_available( identity_version=cls.get_identity_version())): admin_creds = cred_provider.get_admin_creds() admin_manager = clients.Manager(admin_creds.credentials) networks_client = admin_manager.compute_networks_client return fixed_network.get_tenant_network( cred_provider, networks_client, CONF.compute.fixed_network_name)
def skip_checks(cls): """Class level skip checks. Subclasses verify in here all conditions that might prevent the execution of the entire test class. Checks implemented here may not make use API calls, and should rely on configuration alone. In general skip checks that require an API call are discouraged. If one is really needed it may be implemented either in the resource_setup or at test level. """ identity_version = cls.get_identity_version() if 'admin' in cls.credentials and not credentials.is_admin_available( identity_version=identity_version): msg = "Missing Identity Admin API credentials in configuration." raise cls.skipException(msg) if 'alt' in cls.credentials and not credentials.is_alt_available( identity_version=identity_version): msg = "Missing a 2nd set of API credentials in configuration." raise cls.skipException(msg) if hasattr(cls, 'identity_version'): if cls.identity_version == 'v2': if not CONF.identity_feature_enabled.api_v2: raise cls.skipException("Identity api v2 is not enabled") elif cls.identity_version == 'v3': if not CONF.identity_feature_enabled.api_v3: raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls): """Class level skip checks. Subclasses verify in here all conditions that might prevent the execution of the entire test class. Checks implemented here may not make use API calls, and should rely on configuration alone. In general skip checks that require an API call are discouraged. If one is really needed it may be implemented either in the resource_setup or at test level. """ identity_version = cls.get_identity_version() if 'admin' in cls.credentials and not credentials.is_admin_available( identity_version=identity_version): msg = "Missing Identity Admin API credentials in configuration." raise cls.skipException(msg) if 'alt' in cls.credentials and not credentials.is_alt_available( identity_version=identity_version): msg = "Missing a 2nd set of API credentials in configuration." raise cls.skipException(msg) if hasattr(cls, 'identity_version'): if cls.identity_version == 'v2': if not CONF.identity_feature_enabled.api_v2: raise cls.skipException("Identity api v2 is not enabled") elif cls.identity_version == 'v3': if not CONF.identity_feature_enabled.api_v3: raise cls.skipException("Identity api v3 is not enabled")
def get_tenant_network(cls, credentials_type='primary'): """Get the network to be used in testing :param credentials_type: The type of credentials for which to get the tenant network :return: network dict including 'id' and 'name' """ # Get a manager for the given credentials_type, but at least # always fall back on getting the manager for primary credentials if isinstance(credentials_type, six.string_types): manager = cls.get_client_manager(credential_type=credentials_type) elif isinstance(credentials_type, list): manager = cls.get_client_manager(roles=credentials_type[1:]) else: manager = cls.get_client_manager() # Make sure cred_provider exists and get a network client networks_client = manager.compute_networks_client cred_provider = cls._get_credentials_provider() # In case of nova network, isolated tenants are not able to list the # network configured in fixed_network_name, even if they can use it # for their servers, so using an admin network client to validate # the network name if (not CONF.service_available.neutron and credentials.is_admin_available( identity_version=cls.get_identity_version())): admin_creds = cred_provider.get_admin_creds() admin_manager = clients.Manager(admin_creds.credentials) networks_client = admin_manager.compute_networks_client return fixed_network.get_tenant_network( cred_provider, networks_client, CONF.compute.fixed_network_name)
def skip_checks(cls): super(AutoAllocateNetworkTest, cls).skip_checks() identity_version = cls.get_identity_version() if not credentials.is_admin_available(identity_version=identity_version): msg = "Missing Identity Admin API credentials in configuration." raise cls.skipException(msg) if not CONF.service_available.neutron: raise cls.skipException("Neutron is required") if not test.is_extension_enabled("auto-allocated-topology", "network"): raise cls.skipException("auto-allocated-topology extension is not available")
def skip_checks(cls): """Class level skip checks. Subclasses verify in here all conditions that might prevent the execution of the entire test class. Skipping here prevents any other class fixture from being executed i.e. no credentials or other resource allocation will happen. Tests defined in the test class will no longer appear in test results. The `setUpClass` for the entire test class will be marked as SKIPPED instead. At this stage no test credentials are available, so skip checks should rely on configuration alone. This is deliberate since skips based on the result of an API call are discouraged. The following checks are implemented in `test.py` already: - check that alt credentials are available when requested by the test - check that admin credentials are available when requested by the test - check that the identity version specified by the test is marked as enabled in the configuration Overriders of skip_checks must always invoke skip_check on `super` first. Example:: @classmethod def skip_checks(cls): super(Example, cls).skip_checks() if not CONF.service_available.my_service: skip_msg = ("%s skipped as my_service is not available") raise cls.skipException(skip_msg % cls.__name__) """ cls.__skip_checks_called = True identity_version = cls.get_identity_version() # setting force_tenant_isolation to True also needs admin credentials. if ('admin' in cls.credentials or 'alt_admin' in cls.credentials or getattr(cls, 'force_tenant_isolation', False)): if not credentials.is_admin_available( identity_version=identity_version): raise cls.skipException( "Missing Identity Admin API credentials in configuration.") if 'alt' in cls.credentials and not credentials.is_alt_available( identity_version=identity_version): msg = "Missing a 2nd set of API credentials in configuration." raise cls.skipException(msg) if hasattr(cls, 'identity_version'): if cls.identity_version == 'v2': if not CONF.identity_feature_enabled.api_v2: raise cls.skipException("Identity api v2 is not enabled") elif cls.identity_version == 'v3': if not CONF.identity_feature_enabled.api_v3: raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls): """Class level skip checks. Subclasses verify in here all conditions that might prevent the execution of the entire test class. Skipping here prevents any other class fixture from being executed i.e. no credentials or other resource allocation will happen. Tests defined in the test class will no longer appear in test results. The `setUpClass` for the entire test class will be marked as SKIPPED instead. At this stage no test credentials are available, so skip checks should rely on configuration alone. This is deliberate since skips based on the result of an API call are discouraged. The following checks are implemented in `test.py` already: - check that alt credentials are available when requested by the test - check that admin credentials are available when requested by the test - check that the identity version specified by the test is marked as enabled in the configuration Overriders of skip_checks must always invoke skip_check on `super` first. Example:: @classmethod def skip_checks(cls): super(Example, cls).skip_checks() if not CONF.service_available.my_service: skip_msg = ("%s skipped as my_service is not available") raise cls.skipException(skip_msg % cls.__name__) """ cls.__skip_checks_called = True identity_version = cls.get_identity_version() # setting force_tenant_isolation to True also needs admin credentials. if ('admin' in cls.credentials or getattr(cls, 'force_tenant_isolation', False)): if not credentials.is_admin_available( identity_version=identity_version): raise cls.skipException( "Missing Identity Admin API credentials in configuration.") if 'alt' in cls.credentials and not credentials.is_alt_available( identity_version=identity_version): msg = "Missing a 2nd set of API credentials in configuration." raise cls.skipException(msg) if hasattr(cls, 'identity_version'): if cls.identity_version == 'v2': if not CONF.identity_feature_enabled.api_v2: raise cls.skipException("Identity api v2 is not enabled") elif cls.identity_version == 'v3': if not CONF.identity_feature_enabled.api_v3: raise cls.skipException("Identity api v3 is not enabled")
def skip_checks(cls): super(AutoAllocateNetworkTest, cls).skip_checks() identity_version = cls.get_identity_version() if not credentials.is_admin_available( identity_version=identity_version): msg = "Missing Identity Admin API credentials in configuration." raise cls.skipException(msg) if not CONF.service_available.neutron: raise cls.skipException('Neutron is required') if not test.is_extension_enabled('auto-allocated-topology', 'network'): raise cls.skipException( 'auto-allocated-topology extension is not available')
def run_test(self, dynamic_creds, use_accounts_file, admin_creds): cfg.CONF.set_default('use_dynamic_credentials', dynamic_creds, group='auth') if use_accounts_file: accounts = [{'username': '******', 'tenant_name': 't1', 'password': '******'}, {'username': '******', 'tenant_name': 't2', 'password': '******'}] if admin_creds == 'role': accounts.append({'username': '******', 'tenant_name': 'admin', 'password': '******', 'roles': ['admin']}) elif admin_creds == 'type': accounts.append({'username': '******', 'tenant_name': 'admin', 'password': '******', 'types': ['admin']}) self.useFixture(mockpatch.Patch( 'tempest.common.preprov_creds.read_accounts_yaml', return_value=accounts)) cfg.CONF.set_default('test_accounts_file', use_accounts_file, group='auth') self.useFixture(mockpatch.Patch('os.path.isfile', return_value=True)) else: self.useFixture(mockpatch.Patch('os.path.isfile', return_value=False)) if admin_creds: username = '******' tenant = 't' password = '******' domain = 'd' else: username = None tenant = None password = None domain = None cfg.CONF.set_default('admin_username', username, group='auth') cfg.CONF.set_default('admin_tenant_name', tenant, group='auth') cfg.CONF.set_default('admin_password', password, group='auth') cfg.CONF.set_default('admin_domain_name', domain, group='auth') expected = admin_creds is not None or dynamic_creds observed = credentials.is_admin_available( identity_version=self.identity_version) self.assertEqual(expected, observed)
def run_test(self, dynamic_creds, use_accounts_file, admin_creds): cfg.CONF.set_default('use_dynamic_credentials', dynamic_creds, group='auth') if use_accounts_file: accounts = [{'username': '******', 'project_name': 't1', 'password': '******'}, {'username': '******', 'project_name': 't2', 'password': '******'}] if admin_creds == 'role': accounts.append({'username': '******', 'project_name': 'admin', 'password': '******', 'roles': ['admin']}) elif admin_creds == 'type': accounts.append({'username': '******', 'project_name': 'admin', 'password': '******', 'types': ['admin']}) self.useFixture(fixtures.MockPatch( 'tempest.lib.common.preprov_creds.read_accounts_yaml', return_value=accounts)) cfg.CONF.set_default('test_accounts_file', use_accounts_file, group='auth') self.useFixture(fixtures.MockPatch('os.path.isfile', return_value=True)) else: self.useFixture(fixtures.MockPatch('os.path.isfile', return_value=False)) if admin_creds: username = '******' project = 't' password = '******' domain = 'd' else: username = None project = None password = None domain = None cfg.CONF.set_default('admin_username', username, group='auth') cfg.CONF.set_default('admin_project_name', project, group='auth') cfg.CONF.set_default('admin_password', password, group='auth') cfg.CONF.set_default('admin_domain_name', domain, group='auth') expected = admin_creds is not None or dynamic_creds observed = credentials.is_admin_available( identity_version=self.identity_version) self.assertEqual(expected, observed)
def switch_role(self, test_obj, toggle_rbac_role=False): self.user_id = test_obj.auth_provider.credentials.user_id self.project_id = test_obj.auth_provider.credentials.tenant_id self.token = test_obj.auth_provider.get_token() self.identity_version = test_obj.get_identity_version() if not credentials.is_admin_available( identity_version=self.identity_version): msg = "Missing Identity Admin API credentials in configuration." raise rbac_exceptions.RbacResourceSetupFailed(msg) self.roles_client = test_obj.os_admin.roles_v3_client LOG.debug('Switching role to: %s', toggle_rbac_role) try: if not self.admin_role_id or not self.rbac_role_id: self._get_roles() self._validate_switch_role(test_obj, toggle_rbac_role) if toggle_rbac_role: self._add_role_to_user(self.rbac_role_id) else: self._add_role_to_user(self.admin_role_id) except Exception as exp: LOG.error(exp) raise finally: # NOTE(felipemonteiro): These two comments below are copied from # tempest.api.identity.v2/v3.test_users. # # Reset auth again to verify the password restore does work. # Clear auth restores the original credentials and deletes # cached auth data. test_obj.auth_provider.clear_auth() # Fernet tokens are not subsecond aware and Keystone should only be # precise to the second. Sleep to ensure we are passing the second # boundary before attempting to authenticate. If token is of type # uuid, then do not sleep. if not uuid_utils.is_uuid_like(self.token): time.sleep(1) test_obj.auth_provider.set_auth()
def get_tenant_network(cls): """Get the network to be used in testing :return: network dict including 'id' and 'name' """ # Make sure cred_provider exists and get a network client networks_client = cls.get_client_manager().compute_networks_client cred_provider = cls._get_credentials_provider() # In case of nova network, isolated tenants are not able to list the # network configured in fixed_network_name, even if the can use it # for their servers, so using an admin network client to validate # the network name if not CONF.service_available.neutron and credentials.is_admin_available( identity_version=cls.get_identity_version() ): admin_creds = cred_provider.get_admin_creds() admin_manager = clients.Manager(admin_creds) networks_client = admin_manager.compute_networks_client return fixed_network.get_tenant_network(cred_provider, networks_client, CONF.compute.fixed_network_name)
def get_tenant_network(cls): """Get the network to be used in testing :return: network dict including 'id' and 'name' """ # Make sure cred_provider exists and get a network client networks_client = cls.get_client_manager().compute_networks_client cred_provider = cls._get_credentials_provider() # In case of nova network, isolated tenants are not able to list the # network configured in fixed_network_name, even if they can use it # for their servers, so using an admin network client to validate # the network name if (not CONF.service_available.neutron and credentials.is_admin_available( identity_version=cls.get_identity_version())): admin_creds = cred_provider.get_admin_creds() admin_manager = clients.Manager(admin_creds) networks_client = admin_manager.compute_networks_client return fixed_network.get_tenant_network( cred_provider, networks_client, CONF.compute.fixed_network_name)
def execute(self, description): """Execute a http call Execute a http call on an api that are expected to result in client errors. First it uses invalid resources that are part of the url, and then invalid data for queries and http request bodies. :param description: A json file or dictionary with the following entries: name (required) name for the api http-method (required) one of HEAD,GET,PUT,POST,PATCH,DELETE url (required) the url to be appended to the catalog url with '%s' for each resource mentioned resources: (optional) A list of resource names such as "server", "flavor", etc. with an element for each '%s' in the url. This method will call self.get_resource for each element when constructing the positive test case template so negative subclasses are expected to return valid resource ids when appropriate. json-schema (optional) A valid json schema that will be used to create invalid data for the api calls. For "GET" and "HEAD", the data is used to generate query strings appended to the url, otherwise for the body of the http call. """ LOG.info("Executing %s" % description["name"]) LOG.debug(description) generator = importutils.import_class( CONF.negative.test_generator)() schema = description.get("json-schema", None) method = description["http-method"] url = description["url"] expected_result = None if "default_result_code" in description: expected_result = description["default_result_code"] resources = [self.get_resource(r) for r in description.get("resources", [])] if hasattr(self, "resource"): # Note(mkoderer): The resources list already contains an invalid # entry (see get_resource). # We just send a valid json-schema with it valid_schema = None if schema: valid_schema = \ valid.ValidTestGenerator().generate_valid(schema) new_url, body = self._http_arguments(valid_schema, url, method) elif hasattr(self, "_negtest_name"): schema_under_test = \ valid.ValidTestGenerator().generate_valid(schema) local_expected_result = \ generator.generate_payload(self, schema_under_test) if local_expected_result is not None: expected_result = local_expected_result new_url, body = \ self._http_arguments(schema_under_test, url, method) else: raise Exception("testscenarios are not active. Please make sure " "that your test runner supports the load_tests " "mechanism") if "admin_client" in description and description["admin_client"]: if not credentials.is_admin_available( identity_version=self.get_identity_version()): msg = ("Missing Identity Admin API credentials in" "configuration.") raise self.skipException(msg) creds = self.credentials_provider.get_admin_creds() os_adm = clients.Manager(credentials=creds) client = os_adm.negative_client else: client = self.client resp, resp_body = client.send_request(method, new_url, resources, body=body) self._check_negative_response(expected_result, resp.status, resp_body)
def execute(self, description): """Execute a http call Execute a http call on an api that are expected to result in client errors. First it uses invalid resources that are part of the url, and then invalid data for queries and http request bodies. :param description: A json file or dictionary with the following entries: name (required) name for the api http-method (required) one of HEAD,GET,PUT,POST,PATCH,DELETE url (required) the url to be appended to the catalog url with '%s' for each resource mentioned resources: (optional) A list of resource names such as "server", "flavor", etc. with an element for each '%s' in the url. This method will call self.get_resource for each element when constructing the positive test case template so negative subclasses are expected to return valid resource ids when appropriate. json-schema (optional) A valid json schema that will be used to create invalid data for the api calls. For "GET" and "HEAD", the data is used to generate query strings appended to the url, otherwise for the body of the http call. """ LOG.info("Executing %s" % description["name"]) LOG.debug(description) generator = importutils.import_class( CONF.negative.test_generator)() schema = description.get("json-schema", None) method = description["http-method"] url = description["url"] expected_result = None if "default_result_code" in description: expected_result = description["default_result_code"] resources = [self.get_resource(r) for r in description.get("resources", [])] if hasattr(self, "resource"): # Note(mkoderer): The resources list already contains an invalid # entry (see get_resource). # We just send a valid json-schema with it valid_schema = None if schema: valid_schema = \ valid.ValidTestGenerator().generate_valid(schema) new_url, body = self._http_arguments(valid_schema, url, method) elif hasattr(self, "_negtest_name"): schema_under_test = \ valid.ValidTestGenerator().generate_valid(schema) local_expected_result = \ generator.generate_payload(self, schema_under_test) if local_expected_result is not None: expected_result = local_expected_result new_url, body = \ self._http_arguments(schema_under_test, url, method) else: raise Exception("testscenarios are not active. Please make sure " "that your test runner supports the load_tests " "mechanism") if "admin_client" in description and description["admin_client"]: if not credentials.is_admin_available( identity_version=self.get_identity_version()): msg = ("Missing Identity Admin API credentials in" "configuration.") raise self.skipException(msg) creds = self.credentials_provider.get_admin_creds() os_adm = clients.Manager(credentials=creds) client = os_adm.negative_client else: client = self.client resp, resp_body = client.send_request(method, new_url, resources, body=body) self._check_negative_response(expected_result, resp.status, resp_body)