def test_all_cred_cleanup(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_tenant_create('1234', 'fake_prim_tenant') self._mock_user_create('1234', 'fake_prim_user') creds.get_primary_creds() self._mock_tenant_create('12345', 'fake_alt_tenant') self._mock_user_create('12345', 'fake_alt_user') creds.get_alt_creds() self._mock_tenant_create('123456', 'fake_admin_tenant') self._mock_user_create('123456', 'fake_admin_user') self._mock_list_roles('123456', 'admin') creds.get_admin_creds() user_mock = self.patchobject(self.users_client.UsersClient, 'delete_user') tenant_mock = self.patchobject(self.tenants_client_class, self.delete_tenant) creds.clear_creds() # Verify user delete calls calls = user_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify tenant delete calls calls = tenant_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args)
def get_credential_provider(opts): identity_version = "".join(['v', str(opts.identity_version)]) # NOTE(andreaf) For now tempest.conf controls whether resources will # actually be created. Once we remove the dependency from tempest.conf # we will need extra CLI option(s) to control this. network_resources = { 'router': True, 'network': True, 'subnet': True, 'dhcp': True } admin_creds_dict = { 'username': opts.os_username, 'password': opts.os_password } _project_name = opts.os_project_name or opts.os_tenant_name if opts.identity_version == 3: admin_creds_dict['project_name'] = _project_name admin_creds_dict['domain_name'] = opts.os_domain_name or 'Default' elif opts.identity_version == 2: admin_creds_dict['tenant_name'] = _project_name admin_creds = credentials_factory.get_credentials( fill_in=False, identity_version=identity_version, **admin_creds_dict) return dynamic_creds.DynamicCredentialProvider( name=opts.tag, network_resources=network_resources, **credentials_factory.get_dynamic_provider_params( identity_version, admin_creds=admin_creds))
def test_network_admin_creation(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider( neutron_available=True, project_network_cidr='10.100.0.0/16', project_network_mask_bits=28, **self.fixed_params) self._mock_assign_user_role() self._mock_user_create('1234', 'fake_admin_user') self._mock_tenant_create('1234', 'fake_admin_tenant') self._mock_network_create(creds, '1234', 'fake_admin_net') self._mock_subnet_create(creds, '1234', 'fake_admin_subnet') self._mock_router_create('1234', 'fake_admin_router') router_interface_mock = self.patch( 'tempest.lib.services.network.routers_client.RoutersClient.' 'add_router_interface') self._mock_list_roles('123456', 'admin') admin_creds = creds.get_admin_creds() router_interface_mock.assert_called_once_with('1234', subnet_id='1234') network = admin_creds.network subnet = admin_creds.subnet router = admin_creds.router self.assertEqual(network['id'], '1234') self.assertEqual(network['name'], 'fake_admin_net') self.assertEqual(subnet['id'], '1234') self.assertEqual(subnet['name'], 'fake_admin_subnet') self.assertEqual(router['id'], '1234') self.assertEqual(router['name'], 'fake_admin_router')
def test_no_network_creation_with_config_set(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider( neutron_available=True, create_networks=False, project_network_cidr='10.100.0.0/16', project_network_mask_bits=28, **self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_prim_user') self._mock_tenant_create('1234', 'fake_prim_tenant') net = mock.patch.object(creds.networks_admin_client, 'delete_network') net_mock = net.start() subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet') subnet_mock = subnet.start() router = mock.patch.object(creds.routers_admin_client, 'delete_router') router_mock = router.start() primary_creds = creds.get_primary_creds() self.assertEqual(net_mock.mock_calls, []) self.assertEqual(subnet_mock.mock_calls, []) self.assertEqual(router_mock.mock_calls, []) network = primary_creds.network subnet = primary_creds.subnet router = primary_creds.router self.assertIsNone(network) self.assertIsNone(subnet) self.assertIsNone(router)
def test_role_creds(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_list_2_roles() self._mock_user_create('1234', 'fake_role_user') self._mock_tenant_create('1234', 'fake_role_tenant') user_mock = mock.patch.object(self.roles_client.RolesClient, 'create_user_role_on_project') user_mock.start() self.addCleanup(user_mock.stop) with mock.patch.object(self.roles_client.RolesClient, 'create_user_role_on_project') as user_mock: role_creds = creds.get_creds_by_roles( roles=['role1', 'role2']) calls = user_mock.mock_calls # Assert that the role creation is called with the 2 specified roles self.assertEqual(len(calls), 2) args = map(lambda x: x[1], calls) args = list(args) self.assertIn(('1234', '1234', '1234'), args) self.assertIn(('1234', '1234', '12345'), args) self.assertEqual(role_creds.username, 'fake_role_user') self.assertEqual(role_creds.tenant_name, 'fake_role_tenant') # Verify IDs self.assertEqual(role_creds.tenant_id, '1234') self.assertEqual(role_creds.user_id, '1234')
def _get_dynamic_creds(cls, name, network_resources=None): identity_version = CONF.identity.auth_version if identity_version == 'v3': identity_uri = CONF.identity.uri_v3 identity_admin_endpoint_type = CONF.identity.v3_endpoint_type elif identity_version == 'v2': identity_uri = CONF.identity.uri identity_admin_endpoint_type = CONF.identity.v2_admin_endpoint_type return dynamic_creds.DynamicCredentialProvider( identity_version=identity_version, name=name, network_resources=network_resources, credentials_domain=CONF.auth.default_credentials_domain_name, admin_role=CONF.identity.admin_role, admin_creds=common_creds.get_configured_admin_credentials(), identity_admin_domain_scope=CONF.identity.admin_domain_scope, identity_admin_role=CONF.identity.admin_role, extra_roles=None, neutron_available=CONF.service_available.neutron, create_networks=( CONF.share.create_networks_when_multitenancy_enabled), project_network_cidr=CONF.network.project_network_cidr, project_network_mask_bits=CONF.network.project_network_mask_bits, public_network_id=CONF.network.public_network_id, resource_prefix='tempest', identity_admin_endpoint_type=identity_admin_endpoint_type, identity_uri=identity_uri)
def get_configured_isolated_creds(cls, type_of_creds='admin'): identity_version = CONF.identity.auth_version if identity_version == 'v3': cls.admin_role = CONF.identity.admin_role cls.identity_uri = CONF.identity.uri_v3 else: cls.admin_role = 'admin' cls.identity_uri = CONF.identity.uri cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider( identity_version=CONF.identity.auth_version, identity_uri=cls.identity_uri, name=cls.__name__, admin_role=cls.admin_role, admin_creds=common_creds.get_configured_admin_credentials( 'identity_admin')) if type_of_creds == 'primary': creds = cls.dynamic_cred.get_primary_creds() elif type_of_creds == 'admin': creds = cls.dynamic_cred.get_admin_creds() elif type_of_creds == 'alt': creds = cls.dynamic_cred.get_alt_creds() else: creds = cls.dynamic_cred.get_credentials(type_of_creds) cls.dynamic_cred.type_of_creds = type_of_creds return creds.credentials
def test_member_role_creation_with_duplicate(self, rest_client_mock): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) creds.creds_client = mock.MagicMock() creds.creds_client.create_user_role.side_effect = lib_exc.Conflict with mock.patch('tempest.lib.common.dynamic_creds.LOG') as log_mock: creds._create_creds() log_mock.warning.assert_called_once_with( "Member role already exists, ignoring conflict.") creds.creds_client.assign_user_role.assert_called_once_with( mock.ANY, mock.ANY, 'Member')
def test_alt_creds(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_alt_user') self._mock_tenant_create('1234', 'fake_alt_tenant') alt_creds = creds.get_alt_creds() self.assertEqual(alt_creds.username, 'fake_alt_user') self.assertEqual(alt_creds.tenant_name, 'fake_alt_tenant') # Verify IDs self.assertEqual(alt_creds.tenant_id, '1234') self.assertEqual(alt_creds.user_id, '1234')
def test_dhcp_without_subnet(self, MockRestClient): net_dict = { 'network': False, 'router': False, 'subnet': False, 'dhcp': True, } creds = dynamic_creds.DynamicCredentialProvider( neutron_available=True, project_network_cidr='10.100.0.0/16', project_network_mask_bits=28, network_resources=net_dict, **self.fixed_params) self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_prim_user') self._mock_tenant_create('1234', 'fake_prim_tenant') self.assertRaises(lib_exc.InvalidConfiguration, creds.get_primary_creds)
def test_admin_creds(self, MockRestClient): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self._mock_list_roles('1234', 'admin') self._mock_user_create('1234', 'fake_admin_user') self._mock_tenant_create('1234', 'fake_admin_tenant') user_mock = mock.patch.object(self.roles_client.RolesClient, 'create_user_role_on_project') user_mock.start() self.addCleanup(user_mock.stop) with mock.patch.object(self.roles_client.RolesClient, 'create_user_role_on_project') as user_mock: admin_creds = creds.get_admin_creds() user_mock.assert_has_calls([mock.call('1234', '1234', '1234')]) self.assertEqual(admin_creds.username, 'fake_admin_user') self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant') # Verify IDs self.assertEqual(admin_creds.tenant_id, '1234') self.assertEqual(admin_creds.user_id, '1234')
def get_credentials_provider(name, network_resources=None, force_tenant_isolation=False, identity_version=None): """Return the right implementation of CredentialProvider based on config This helper returns the right implementation of CredentialProvider based on config and on the value of force_tenant_isolation. :param name: When provided, it makes it possible to associate credential artifacts back to the owner (test class). :param network_resources: Dictionary of network resources to be allocated for each test account. Only valid for the dynamic credentials provider. :param force_tenant_isolation: Always return a `DynamicCredentialProvider`, regardless of the configuration. :param identity_version: Use the specified identity API version, regardless of the configuration. Valid values are 'v2', 'v3'. """ # If a test requires a new account to work, it can have it via forcing # dynamic credentials. A new account will be produced only for that test. # In case admin credentials are not available for the account creation, # the test should be skipped else it would fail. identity_version = identity_version or CONF.identity.auth_version if CONF.auth.use_dynamic_credentials or force_tenant_isolation: return dynamic_creds.DynamicCredentialProvider( name=name, network_resources=network_resources, **get_dynamic_provider_params(identity_version)) else: if CONF.auth.test_accounts_file: # Most params are not relevant for pre-created accounts return preprov_creds.PreProvisionedCredentialProvider( name=name, **get_preprov_provider_params(identity_version)) else: raise exceptions.InvalidConfiguration( 'A valid credential provider is needed')
def test_tempest_client(self): creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params) self.assertIsInstance(creds.identity_admin_client, self.iden_client.IdentityClient)
def test_network_cleanup(self, MockRestClient): def side_effect(**args): return {"security_groups": [{"tenant_id": args['tenant_id'], "name": args['name'], "description": args['name'], "security_group_rules": [], "id": "sg-%s" % args['tenant_id']}]} creds = dynamic_creds.DynamicCredentialProvider( neutron_available=True, project_network_cidr='10.100.0.0/16', project_network_mask_bits=28, **self.fixed_params) # Create primary tenant and network self._mock_assign_user_role() self._mock_list_role() self._mock_user_create('1234', 'fake_prim_user') self._mock_tenant_create('1234', 'fake_prim_tenant') self._mock_network_create(creds, '1234', 'fake_net') self._mock_subnet_create(creds, '1234', 'fake_subnet') self._mock_router_create('1234', 'fake_router') router_interface_mock = self.patch( 'tempest.lib.services.network.routers_client.RoutersClient.' 'add_router_interface') creds.get_primary_creds() router_interface_mock.assert_called_once_with('1234', subnet_id='1234') router_interface_mock.reset_mock() # Create alternate tenant and network self._mock_user_create('12345', 'fake_alt_user') self._mock_tenant_create('12345', 'fake_alt_tenant') self._mock_network_create(creds, '12345', 'fake_alt_net') self._mock_subnet_create(creds, '12345', 'fake_alt_subnet') self._mock_router_create('12345', 'fake_alt_router') creds.get_alt_creds() router_interface_mock.assert_called_once_with('12345', subnet_id='12345') router_interface_mock.reset_mock() # Create admin tenant and networks self._mock_user_create('123456', 'fake_admin_user') self._mock_tenant_create('123456', 'fake_admin_tenant') self._mock_network_create(creds, '123456', 'fake_admin_net') self._mock_subnet_create(creds, '123456', 'fake_admin_subnet') self._mock_router_create('123456', 'fake_admin_router') self._mock_list_roles('123456', 'admin') creds.get_admin_creds() self.patchobject(self.users_client.UsersClient, 'delete_user') self.patchobject(self.tenants_client_class, self.delete_tenant) net = mock.patch.object(creds.networks_admin_client, 'delete_network') net_mock = net.start() subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet') subnet_mock = subnet.start() router = mock.patch.object(creds.routers_admin_client, 'delete_router') router_mock = router.start() remove_router_interface_mock = self.patch( 'tempest.lib.services.network.routers_client.RoutersClient.' 'remove_router_interface') return_values = ({'status': 200}, {'ports': []}) port_list_mock = mock.patch.object(creds.ports_admin_client, 'list_ports', return_value=return_values) port_list_mock.start() secgroup_list_mock = mock.patch.object( creds.security_groups_admin_client, 'list_security_groups', side_effect=side_effect) secgroup_list_mock.start() return_values = fake_http.fake_http_response({}, status=204), '' remove_secgroup_mock = self.patch( 'tempest.lib.services.network.security_groups_client.' 'SecurityGroupsClient.delete', return_value=return_values) creds.clear_creds() # Verify default security group delete calls = remove_secgroup_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('v2.0/security-groups/sg-1234', args) self.assertIn('v2.0/security-groups/sg-12345', args) self.assertIn('v2.0/security-groups/sg-123456', args) # Verify remove router interface calls calls = remove_router_interface_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: (x[1][0], x[2]), calls) args = list(args) self.assertIn(('1234', {'subnet_id': '1234'}), args) self.assertIn(('12345', {'subnet_id': '12345'}), args) self.assertIn(('123456', {'subnet_id': '123456'}), args) # Verify network delete calls calls = net_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify subnet delete calls calls = subnet_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args) # Verify router delete calls calls = router_mock.mock_calls self.assertEqual(len(calls), 3) args = map(lambda x: x[1][0], calls) args = list(args) self.assertIn('1234', args) self.assertIn('12345', args) self.assertIn('123456', args)