def test_networks_returned_with_creds(self):
test_accounts = [
{'username': '******', 'tenant_name': 'test_tenant13',
'password': '******', 'resources': {'network': 'network-1'}},
{'username': '******', 'tenant_name': 'test_tenant14',
'password': '******', 'roles': ['role-7', 'role-11'],
'resources': {'network': 'network-2'}}]
self.useFixture(mockpatch.Patch(
'tempest.common.preprov_creds.read_accounts_yaml',
return_value=test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch('tempest.lib.services.compute.networks_client.'
'NetworksClient.list_networks',
return_value={'networks': [{'name': 'network-2',
'id': 'fake-id',
'label': 'network-2'}]}):
creds = test_accounts_class.get_creds_by_roles(['role-7'])
self.assertIsInstance(creds, cred_provider.TestResources)
network = creds.network
self.assertIsNotNone(network)
self.assertIn('name', network)
self.assertIn('id', network)
self.assertEqual('fake-id', network['id'])
self.assertEqual('network-2', network['name'])
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
admin_creds = get_configured_admin_credentials(
fill_in=True, identity_version=identity_version)
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
admin_creds=admin_creds,
**_get_dynamic_provider_params())
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name,
identity_version=identity_version,
**_get_preprov_provider_params())
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
admin_creds = get_configured_credentials(
'identity_admin', fill_in=True, identity_version=identity_version)
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
admin_creds=admin_creds,
**_get_dynamic_provider_params())
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name,
identity_version=identity_version,
**_get_preprov_provider_params())
else:
# Dynamic credentials are disabled, and the account file is not
# defined - we fall back on credentials configured in tempest.conf
return LegacyCredentialProvider(identity_version=identity_version)
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
credentials_domain=CONF.auth.default_credentials_domain_name)
else:
if (CONF.auth.test_accounts_file
and os.path.isfile(CONF.auth.test_accounts_file)):
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name,
identity_version=identity_version,
credentials_domain=CONF.auth.default_credentials_domain_name)
else:
return preprov_creds.NonLockingCredentialProvider(
name=name, identity_version=identity_version)
def test_is_not_multi_user(self):
self.test_accounts = [self.test_accounts[0]]
self.useFixture(
mockpatch.Patch('tempest.common.preprov_creds.read_accounts_yaml',
return_value=self.test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
self.assertFalse(test_accounts_class.is_multi_user())
def test_get_hash_dict(self):
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
'v2', 'test_name')
hash_dict = test_account_class.get_hash_dict(self.test_accounts)
hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list:
self.assertIn(hash, hash_dict['creds'].keys())
self.assertIn(hash_dict['creds'][hash], self.test_accounts)
def test_get_hash_dict(self):
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hash_dict = test_account_class.get_hash_dict(
self.test_accounts, self.fixed_params['admin_role'])
hash_list = self._get_hash_list(self.test_accounts)
for hash in hash_list:
self.assertIn(hash, hash_dict['creds'].keys())
self.assertIn(hash_dict['creds'][hash], self.test_accounts)
def test_create_hash_file_no_previous_file(self):
# Emulate the lock not existing on the filesystem
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=False))
with mock.patch('six.moves.builtins.open', mock.mock_open(),
create=True):
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params))
res = test_account_class._create_hash_file('12345')
self.assertTrue(res, "_create_hash_file should return True if the "
"pseudo-lock doesn't already exist")
def test_get_admin_creds_none_available(self):
non_admin_accounts = [x for x in self.test_accounts if 'test_admin'
not in x['username']]
self.useFixture(mockpatch.Patch(
'tempest.common.preprov_creds.read_accounts_yaml',
return_value=non_admin_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with testtools.ExpectedException(lib_exc.InvalidCredentials):
# Get one more
test_accounts_class.get_admin_creds()
def test_get_hash(self):
self.stubs.Set(token_client.TokenClient, 'raw_request',
fake_identity._fake_v2_response)
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hash_list = self._get_hash_list(self.test_accounts)
test_cred_dict = self.test_accounts[3]
test_creds = auth.get_credentials(fake_identity.FAKE_AUTH_URL,
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[3], results)
def test_get_free_hash_no_free_accounts(self, lock_mock):
hash_list = self._get_hash_list(self.test_accounts)
# Emulate pre-existing lock dir
self.useFixture(mockpatch.Patch('os.path.isdir', return_value=True))
# Emulate all lcoks in list are in use
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=True))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch('six.moves.builtins.open', mock.mock_open(),
create=True):
self.assertRaises(lib_exc.InvalidCredentials,
test_account_class._get_free_hash, hash_list)
def test_get_admin_creds_by_role(self):
test_accounts = [
{'username': '******', 'project_name': 'test_tenant10',
'password': '******', 'roles': ['role1', 'role2', 'role3', 'role4']},
{'username': '******', 'tenant_name': 'test_tenant11',
'password': '******', 'roles': [cfg.CONF.identity.admin_role]}]
self.useFixture(mockpatch.Patch(
'tempest.common.preprov_creds.read_accounts_yaml',
return_value=test_accounts))
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
admin_creds = test_accounts_class.get_admin_creds()
self.assertIn('test_admin', admin_creds.username)
def test_create_hash_file_previous_file(self):
# Emulate the lock existing on the filesystem
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=True))
with mock.patch('six.moves.builtins.open',
mock.mock_open(),
create=True):
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
'v2', 'test_name'))
res = test_account_class._create_hash_file('12345')
self.assertFalse(
res, "_create_hash_file should return False if the "
"pseudo-lock file already exists")
def test__get_creds_by_roles_one_role(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = test_accounts_class.hash_dict['roles']['role4']
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
test_accounts_class, '_get_free_hash', return_value=temp_hash))
# Test a single role returns all matching roles
test_accounts_class._get_creds(roles=['role4'])
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
for i in hashes:
self.assertIn(i, args)
def test_get_free_hash_no_previous_accounts(self, lock_mock):
# Emulate no pre-existing lock
self.useFixture(mockpatch.Patch('os.path.isdir', return_value=False))
hash_list = self._get_hash_list(self.test_accounts)
mkdir_mock = self.useFixture(mockpatch.Patch('os.mkdir'))
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=False))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
with mock.patch('six.moves.builtins.open', mock.mock_open(),
create=True) as open_mock:
test_account_class._get_free_hash(hash_list)
lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[0])
open_mock.assert_called_once_with(lock_path, 'w')
mkdir_path = os.path.join(self.fixed_params['accounts_lock_dir'])
mkdir_mock.mock.assert_called_once_with(mkdir_path)
def test__get_creds_by_roles_list_role(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = test_accounts_class.hash_dict['roles']['role4']
hashes2 = test_accounts_class.hash_dict['roles']['role2']
hashes = list(set(hashes) & set(hashes2))
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
test_accounts_class, '_get_free_hash', return_value=temp_hash))
# Test an intersection of multiple roles
test_accounts_class._get_creds(roles=['role2', 'role4'])
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
for i in hashes:
self.assertIn(i, args)
def test_get_hash(self):
# Test with all accounts to make sure we try all combinations
# and hide no race conditions
hash_index = 0
for test_cred_dict in self.test_accounts:
test_account_class = (
preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params))
hash_list = self._get_hash_list(self.test_accounts)
test_creds = auth.get_credentials(
fake_identity.FAKE_AUTH_URL,
identity_version=self.fixed_params['identity_version'],
**test_cred_dict)
results = test_account_class.get_hash(test_creds)
self.assertEqual(hash_list[hash_index], results)
hash_index += 1
def test_remove_hash_last_account(self, lock_mock):
hash_list = self._get_hash_list(self.test_accounts)
# Pretend the pseudo-lock is there
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=True))
# Pretend the lock dir is empty
self.useFixture(mockpatch.Patch('os.listdir', return_value=[]))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
remove_mock = self.useFixture(mockpatch.Patch('os.remove'))
rmdir_mock = self.useFixture(mockpatch.Patch('os.rmdir'))
test_account_class.remove_hash(hash_list[2])
hash_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[2])
lock_path = self.fixed_params['accounts_lock_dir']
remove_mock.mock.assert_called_once_with(hash_path)
rmdir_mock.mock.assert_called_once_with(lock_path)
def test_remove_hash_not_last_account(self, lock_mock):
hash_list = self._get_hash_list(self.test_accounts)
# Pretend the pseudo-lock is there
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=True))
# Pretend the lock dir is empty
self.useFixture(
mockpatch.Patch('os.listdir',
return_value=[hash_list[1], hash_list[4]]))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
'v2', 'test_name')
remove_mock = self.useFixture(mockpatch.Patch('os.remove'))
rmdir_mock = self.useFixture(mockpatch.Patch('os.rmdir'))
test_account_class.remove_hash(hash_list[2])
hash_path = os.path.join(lockutils.get_lock_path(preprov_creds.CONF),
'test_accounts', hash_list[2])
remove_mock.mock.assert_called_once_with(hash_path)
rmdir_mock.mock.assert_not_called()
def test__get_creds_by_roles_no_admin(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
hashes = list(test_accounts_class.hash_dict['creds'].keys())
admin_hashes = test_accounts_class.hash_dict['roles'][
cfg.CONF.identity.admin_role]
temp_hash = hashes[0]
get_free_hash_mock = self.useFixture(mockpatch.PatchObject(
test_accounts_class, '_get_free_hash', return_value=temp_hash))
# Test an intersection of multiple roles
test_accounts_class._get_creds()
calls = get_free_hash_mock.mock.mock_calls
self.assertEqual(len(calls), 1)
args = calls[0][1][0]
self.assertEqual(len(args), 10)
for i in admin_hashes:
self.assertNotIn(i, args)
def is_alt_available(identity_version):
# If dynamic credentials is enabled alt will be available
if CONF.auth.use_dynamic_credentials:
return True
# Check whether test accounts file has the admin specified or not
if CONF.auth.test_accounts_file:
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
identity_version=identity_version, name='check_alt',
**_get_preprov_provider_params())
else:
check_accounts = LegacyCredentialProvider(identity_version)
try:
if not check_accounts.is_multi_user():
return False
else:
return True
except exceptions.InvalidConfiguration:
return False
def test_get_free_hash_no_previous_accounts(self, lock_mock):
# Emulate no pre-existing lock
self.useFixture(mockpatch.Patch('os.path.isdir', return_value=False))
hash_list = self._get_hash_list(self.test_accounts)
mkdir_mock = self.useFixture(mockpatch.Patch('os.mkdir'))
self.useFixture(mockpatch.Patch('os.path.isfile', return_value=False))
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
'v2', 'test_name')
with mock.patch('six.moves.builtins.open',
mock.mock_open(),
create=True) as open_mock:
test_account_class._get_free_hash(hash_list)
lock_path = os.path.join(
lockutils.get_lock_path(preprov_creds.CONF), 'test_accounts',
hash_list[0])
open_mock.assert_called_once_with(lock_path, 'w')
mkdir_path = os.path.join(
preprov_creds.CONF.oslo_concurrency.lock_path, 'test_accounts')
mkdir_mock.mock.assert_called_once_with(mkdir_path)
def is_admin_available(identity_version):
is_admin = True
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return is_admin
# Check whether test accounts file has the admin specified or not
elif CONF.auth.test_accounts_file:
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
identity_version=identity_version, name='check_admin',
**get_preprov_provider_params())
if not check_accounts.admin_available():
is_admin = False
else:
try:
get_configured_admin_credentials(fill_in=False,
identity_version=identity_version)
except exceptions.InvalidConfiguration:
is_admin = False
return is_admin
def is_admin_available():
is_admin = True
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return is_admin
# Check whether test accounts file has the admin specified or not
elif (CONF.auth.test_accounts_file
and os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
name='check_admin')
if not check_accounts.admin_available():
is_admin = False
else:
try:
cred_provider.get_configured_credentials('identity_admin',
fill_in=False)
except exceptions.InvalidConfiguration:
is_admin = False
return is_admin
def is_alt_available():
# If dynamic credentials is enabled admin will be available
if CONF.auth.use_dynamic_credentials:
return True
# Check whether test accounts file has the admin specified or not
if (CONF.auth.test_accounts_file
and os.path.isfile(CONF.auth.test_accounts_file)):
check_accounts = preprov_creds.PreProvisionedCredentialProvider(
name='check_alt')
else:
check_accounts = preprov_creds.NonLockingCredentialProvider(
name='check_alt')
try:
if not check_accounts.is_multi_user():
return False
else:
return True
except exceptions.InvalidConfiguration:
return False
def test_get_free_hash_some_in_use_accounts(self, lock_mock):
# Emulate no pre-existing lock
self.useFixture(mockpatch.Patch('os.path.isdir', return_value=True))
hash_list = self._get_hash_list(self.test_accounts)
test_account_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
def _fake_is_file(path):
# Fake isfile() to return that the path exists unless a specific
# hash is in the path
if hash_list[3] in path:
return False
return True
self.patchobject(os.path, 'isfile', _fake_is_file)
with mock.patch('six.moves.builtins.open', mock.mock_open(),
create=True) as open_mock:
test_account_class._get_free_hash(hash_list)
lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
hash_list[3])
open_mock.assert_has_calls([mock.call(lock_path, 'w')])
def get_credentials_provider(name,
network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
admin_creds = get_configured_admin_credentials(
fill_in=True, identity_version=identity_version)
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
admin_creds=admin_creds,
identity_admin_domain_scope=CONF.identity.admin_domain_scope,
identity_admin_role=CONF.identity.admin_role,
extra_roles=CONF.auth.tempest_roles,
neutron_available=CONF.service_available.neutron,
project_network_cidr=CONF.network.project_network_cidr,
project_network_mask_bits=CONF.network.project_network_mask_bits,
public_network_id=CONF.network.public_network_id,
create_networks=(CONF.auth.create_isolated_networks
and not CONF.network.shared_physical_network),
resource_prefix=CONF.resources_prefix,
**get_dynamic_provider_params())
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name,
identity_version=identity_version,
**get_preprov_provider_params())
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
def test_get_admin_creds(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
admin_creds = test_accounts_class.get_admin_creds()
self.assertIn('test_admin', admin_creds.username)
def test_is_multi_user(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
**self.fixed_params)
self.assertTrue(test_accounts_class.is_multi_user())
def test_is_multi_user(self):
test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
'v2', 'test_name')
self.assertTrue(test_accounts_class.is_multi_user())