def is_admin_available(identity_version):
"""Helper to check for admin credentials
Helper function to check if a set of admin credentials is available so we
can do a single call from skip_checks.
This helper depends on identity_version as there may be admin credentials
available for v2 but not for v3.
:param identity_version: 'v2' or 'v3'
"""
is_admin = True
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return is_admin
# Check whether test accounts file has the admin specified or not
elif CONF.auth.test_accounts_file:
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
name='check_admin',
**get_preprov_provider_params(identity_version))
if not check_accounts.admin_available():
is_admin = False
else:
try:
get_configured_admin_credentials(fill_in=False,
identity_version=identity_version)
except exceptions.InvalidConfiguration:
is_admin = False
return is_admin
def is_alt_available(identity_version):
"""Helper to check for alt credentials
Helper function to check if a second set of credentials is available (aka
alt credentials) so we can do a single call from skip_checks.
This helper depends on identity_version as there may be alt credentials
available for v2 but not for v3.
:param identity_version: 'v2' or 'v3'
"""
# If dynamic credentials is enabled alt will be available
if CONF.auth.use_dynamic_credentials:
return True
# Check whether test accounts file has the admin specified or not
if CONF.auth.test_accounts_file:
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
name='check_alt', **get_preprov_provider_params(identity_version))
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
try:
if not check_accounts.is_multi_user():
return False
else:
return True
except exceptions.InvalidConfiguration:
return False
def test_is_not_multi_user(self):
self.test_accounts = [self.test_accounts[0]]
self.useFixture(
fixtures.MockPatch(
'tempest.lib.common.preprov_creds.read_accounts_yaml',
return_value=self.test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
self.assertFalse(test_accounts_class.is_multi_user())
def test_get_hash_dict(self):
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hash_dict = test_account_class.get_hash_dict(
self.test_accounts, self.fixed_params['admin_role'])
hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list:
self.assertIn(hash, hash_dict['creds'].keys())
self.assertIn(hash_dict['creds'][hash], self.test_accounts)
def test_get_free_hash_no_free_accounts(self, lock_mock):
hash_list = self._get_hash_list(self.test_accounts)
# Emulate pre-existing lock dir
self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
# Emulate all locks in list are in use
self.useFixture(fixtures.MockPatch('os.path.isfile',
return_value=True))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch('builtins.open', mock.mock_open(), create=True):
self.assertRaises(lib_exc.InvalidCredentials,
test_account_class._get_free_hash, hash_list)
def test_create_hash_file_no_previous_file(self):
# Emulate the lock not existing on the filesystem
self.useFixture(
fixtures.MockPatch('os.path.isfile', return_value=False))
with mock.patch('builtins.open', mock.mock_open(), create=True):
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params))
res = test_account_class._create_hash_file('12345')
self.assertTrue(
res, "_create_hash_file should return True if the "
"pseudo-lock doesn't already exist")
def test_get_admin_creds_none_available(self):
non_admin_accounts = [
x for x in self.test_accounts if 'test_admin' not in x['username']
]
self.useFixture(
fixtures.MockPatch(
'tempest.lib.common.preprov_creds.read_accounts_yaml',
return_value=non_admin_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with testtools.ExpectedException(lib_exc.InvalidCredentials):
# Get one more
test_accounts_class.get_admin_creds()
def test__get_creds_by_roles_one_role(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = test_accounts_class.hash_dict['roles']['role4']
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(
fixtures.MockPatchObject(test_accounts_class,
'_get_free_hash',
return_value=temp_hash))
# Test a single role returns all matching roles
test_accounts_class._get_creds(roles=['role4'])
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
for i in hashes:
self.assertIn(i, args)
def test_get_hash(self):
# Test with all accounts to make sure we try all combinations
# and hide no race conditions
hash_index = 0
for test_cred_dict in self.test_accounts:
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params))
hash_list = self._get_hash_list(self.test_accounts)
test_creds = auth.get_credentials(
fake_identity.FAKE_AUTH_URL,
identity_version=self.fixed_params['identity_version'],
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[hash_index], results)
hash_index += 1
def test_remove_hash_last_account(self, lock_mock):
hash_list = self._get_hash_list(self.test_accounts)
# Pretend the pseudo-lock is there
self.useFixture(fixtures.MockPatch('os.path.isfile',
return_value=True))
# Pretend the lock dir is empty
self.useFixture(fixtures.MockPatch('os.listdir', return_value=[]))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
remove_mock = self.useFixture(fixtures.MockPatch('os.remove'))
rmdir_mock = self.useFixture(fixtures.MockPatch('os.rmdir'))
test_account_class.remove_hash(hash_list[2])
hash_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[2])
lock_path = self.fixed_params['accounts_lock_dir']
remove_mock.mock.assert_called_once_with(hash_path)
rmdir_mock.mock.assert_called_once_with(lock_path)
def test__get_creds_by_roles_list_role(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = test_accounts_class.hash_dict['roles']['role4']
hashes2 = test_accounts_class.hash_dict['roles']['role2']
hashes = list(set(hashes) & set(hashes2))
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(
fixtures.MockPatchObject(test_accounts_class,
'_get_free_hash',
return_value=temp_hash))
# Test an intersection of multiple roles
test_accounts_class._get_creds(roles=['role2', 'role4'])
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
for i in hashes:
self.assertIn(i, args)
def test_get_free_hash_no_previous_accounts(self, lock_mock):
# Emulate no pre-existing lock
self.useFixture(fixtures.MockPatch('os.path.isdir',
return_value=False))
hash_list = self._get_hash_list(self.test_accounts)
mkdir_mock = self.useFixture(fixtures.MockPatch('os.mkdir'))
self.useFixture(
fixtures.MockPatch('os.path.isfile', return_value=False))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch('builtins.open', mock.mock_open(),
create=True) as open_mock:
test_account_class._get_free_hash(hash_list)
lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[0])
open_mock.assert_called_once_with(lock_path, 'w')
mkdir_path = os.path.join(self.fixed_params['accounts_lock_dir'])
mkdir_mock.mock.assert_called_once_with(mkdir_path)
def test__get_creds_by_roles_no_admin(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = list(test_accounts_class.hash_dict['creds'].keys())
admin_hashes = test_accounts_class.hash_dict['roles'][
cfg.CONF.identity.admin_role]
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(
fixtures.MockPatchObject(test_accounts_class,
'_get_free_hash',
return_value=temp_hash))
# Test an intersection of multiple roles
test_accounts_class._get_creds()
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
self.assertEqual(len(args), 10)
for i in admin_hashes:
self.assertNotIn(i, args)
def test_get_admin_creds_by_role(self):
test_accounts = [{
'username': '******',
'project_name': 'test_tenant10',
'password': '******',
'roles': ['role1', 'role2', 'role3', 'role4']
}, {
'username': '******',
'tenant_name': 'test_tenant11',
'password': '******',
'roles': [cfg.CONF.identity.admin_role]
}]
self.useFixture(
fixtures.MockPatch(
'tempest.lib.common.preprov_creds.read_accounts_yaml',
return_value=test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
admin_creds = test_accounts_class.get_admin_creds()
self.assertIn('test_admin', admin_creds.username)
def test_networks_returned_with_creds(self):
test_accounts = [{
'username': '******',
'tenant_name': 'test_tenant13',
'password': '******',
'resources': {
'network': 'network-1'
}
}, {
'username': '******',
'tenant_name': 'test_tenant14',
'password': '******',
'roles': ['role-7', 'role-11'],
'resources': {
'network': 'network-2'
}
}]
self.useFixture(
fixtures.MockPatch(
'tempest.lib.common.preprov_creds.read_accounts_yaml',
return_value=test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch(
'tempest.lib.services.network.networks_client.'
'NetworksClient.list_networks',
return_value={
'networks': [{
'name': 'network-2',
'id': 'fake-id',
'label': 'network-2'
}]
}):
creds = test_accounts_class.get_creds_by_roles(['role-7'])
self.assertIsInstance(creds, cred_provider.TestResources)
network = creds.network
self.assertIsNotNone(network)
self.assertIn('name', network)
self.assertIn('id', network)
self.assertEqual('fake-id', network['id'])
self.assertEqual('network-2', network['name'])
def test_get_free_hash_some_in_use_accounts(self, lock_mock):
# Emulate no pre-existing lock
self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
hash_list = self._get_hash_list(self.test_accounts)
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
def _fake_is_file(path):
# Fake isfile() to return that the path exists unless a specific
# hash is in the path
if hash_list[3] in path:
return False
return True
self.patchobject(os.path, 'isfile', _fake_is_file)
with mock.patch('builtins.open', mock.mock_open(),
create=True) as open_mock:
test_account_class._get_free_hash(hash_list)
lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[3])
open_mock.assert_has_calls([mock.call(lock_path, 'w')])
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
"""Return the right implementation of CredentialProvider based on config
This helper returns the right implementation of CredentialProvider based on
config and on the value of force_tenant_isolation.
:param name: When provided, it makes it possible to associate credential
artifacts back to the owner (test class).
:param network_resources: Dictionary of network resources to be allocated
for each test account. Only valid for the dynamic
credentials provider.
:param force_tenant_isolation: Always return a `DynamicCredentialProvider`,
regardless of the configuration.
:param identity_version: Use the specified identity API version, regardless
of the configuration. Valid values are 'v2', 'v3'.
"""
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
**get_dynamic_provider_params(identity_version))
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name, **get_preprov_provider_params(identity_version))
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
def test_get_admin_creds(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
admin_creds = test_accounts_class.get_admin_creds()
self.assertIn('test_admin', admin_creds.username)
def test_is_multi_user(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
self.assertTrue(test_accounts_class.is_multi_user())
