def _create_creds(self, admin=False, roles=None): """Create credentials with random name. Creates project and user. When admin flag is True create user with admin role. Assign user with additional roles (for example _member_) and roles requested by caller. :param admin: Flag if to assign to the user admin role :type admin: bool :param roles: Roles to assign for the user :type roles: list :return: Readonly Credentials with network resources """ root = self.name project_name = data_utils.rand_name(root, prefix=self.resource_prefix) project_desc = project_name + "-desc" project = self.creds_client.create_project(name=project_name, description=project_desc) # NOTE(andreaf) User and project can be distinguished from the context, # having the same ID in both makes it easier to match them and debug. username = project_name user_password = data_utils.rand_password() email = data_utils.rand_name( root, prefix=self.resource_prefix) + "@example.com" user = self.creds_client.create_user(username, user_password, project, email) role_assigned = False if admin: self.creds_client.assign_user_role(user, project, self.admin_role) role_assigned = True if (self.identity_version == 'v3' and self.identity_admin_domain_scope): self.creds_client.assign_user_role_on_domain( user, self.identity_admin_role) # Add roles specified in config file for conf_role in self.extra_roles: self.creds_client.assign_user_role(user, project, conf_role) role_assigned = True # Add roles requested by caller if roles: for role in roles: self.creds_client.assign_user_role(user, project, role) role_assigned = True # NOTE(mtreinish) For a user to have access to a project with v3 auth # it must beassigned a role on the project. So we need to ensure that # our newly created user has a role on the newly created project. if self.identity_version == 'v3' and not role_assigned: try: self.creds_client.create_user_role('Member') except lib_exc.Conflict: LOG.warning('Member role already exists, ignoring conflict.') self.creds_client.assign_user_role(user, project, 'Member') creds = self.creds_client.get_credentials(user, project, user_password) return cred_provider.TestResources(creds)
def _wrap_creds_with_network(self, hash): creds_dict = self.hash_dict['creds'][hash] # Make sure a domain scope if defined for users in case of V3 # Make sure a tenant is available in case of V2 creds_dict = self._extend_credentials(creds_dict) # This just builds a Credentials object, it does not validate # nor fill with missing fields. credential = auth.get_credentials( auth_url=None, fill_in=False, identity_version=self.identity_version, **creds_dict) net_creds = cred_provider.TestResources(credential) net_clients = clients.ServiceClients(credentials=credential, identity_uri=self.identity_uri) networks_client = net_clients.network.NetworksClient() net_name = self.hash_dict['networks'].get(hash, None) try: network = fixed_network.get_network_from_name( net_name, networks_client) except lib_exc.InvalidTestResource: network = {} net_creds.set_resources(network=network) return net_creds
def _create_creds(self, admin=False, roles=None, scope='project'): """Create credentials with random name. Creates user and role assignments on a project, domain, or system. When the admin flag is True, creates user with the admin role on the resource. If roles are provided, assigns those roles on the resource. Otherwise, assigns the user the 'member' role on the resource. :param admin: Flag if to assign to the user admin role :type admin: bool :param roles: Roles to assign for the user :type roles: list :param str scope: The scope for the role assignment, may be one of 'project', 'domain', or 'system'. :return: Readonly Credentials with network resources :raises: Exception if scope is invalid """ if not roles: roles = [] root = self.name cred_params = { 'project': None, 'domain': None, 'system': None } if scope == 'project': project_name = data_utils.rand_name( root, prefix=self.resource_prefix) project_desc = project_name + '-desc' project = self.creds_client.create_project( name=project_name, description=project_desc) # NOTE(andreaf) User and project can be distinguished from the # context, having the same ID in both makes it easier to match them # and debug. username = project_name + '-project' cred_params['project'] = project elif scope == 'domain': domain_name = data_utils.rand_name( root, prefix=self.resource_prefix) domain_desc = domain_name + '-desc' domain = self.creds_client.create_domain( name=domain_name, description=domain_desc) username = domain_name + '-domain' cred_params['domain'] = domain elif scope == 'system': prefix = data_utils.rand_name(root, prefix=self.resource_prefix) username = prefix + '-system' cred_params['system'] = 'all' else: raise lib_exc.InvalidScopeType(scope=scope) if admin: username += '-admin' elif roles and len(roles) == 1: username += '-' + roles[0] user_password = data_utils.rand_password() cred_params['password'] = user_password user = self.creds_client.create_user( username, user_password) cred_params['user'] = user roles_to_assign = [r for r in roles] if admin: roles_to_assign.append(self.admin_role) if scope == 'project': self.creds_client.assign_user_role( user, project, self.identity_admin_role) if (self.identity_version == 'v3' and self.identity_admin_domain_scope): self.creds_client.assign_user_role_on_domain( user, self.identity_admin_role) # Add roles specified in config file roles_to_assign.extend(self.extra_roles) # If there are still no roles, default to 'member' # NOTE(mtreinish) For a user to have access to a project with v3 auth # it must beassigned a role on the project. So we need to ensure that # our newly created user has a role on the newly created project. if not roles_to_assign and self.identity_version == 'v3': roles_to_assign = ['member'] try: self.creds_client.create_user_role('member') except lib_exc.Conflict: LOG.warning('member role already exists, ignoring conflict.') for role in roles_to_assign: if scope == 'project': self.creds_client.assign_user_role(user, project, role) elif scope == 'domain': self.creds_client.assign_user_role_on_domain( user, role, domain) elif scope == 'system': self.creds_client.assign_user_role_on_system(user, role) LOG.info("Dynamic test user %s is created with scope %s and roles: %s", user['id'], scope, roles_to_assign) creds = self.creds_client.get_credentials(**cred_params) return cred_provider.TestResources(creds)