def get_admin_creds(self):
if self._creds.get('admin'):
return self._creds.get('admin')
creds = get_configured_credentials(
"identity_admin", fill_in=False)
self._creds['admin'] = cred_provider.TestResources(creds)
return self._creds['admin']
def get_alt_creds(self):
if self._creds.get('alt'):
return self._creds.get('alt')
alt_credential = cred_provider.get_configured_credentials(
credential_type='alt_user', identity_version=self.identity_version)
self._creds['alt'] = cred_provider.TestResources(alt_credential)
return self._creds['alt']
def get_primary_creds(self):
if self.isolated_creds.get('primary'):
return self.isolated_creds.get('primary')
primary_credential = cred_provider.get_configured_credentials(
credential_type='user', identity_version=self.identity_version)
self.isolated_creds['primary'] = cred_provider.TestResources(
primary_credential)
return self.isolated_creds['primary']
def _create_creds(self, admin=False, roles=None):
"""Create credentials with random name.
Creates project and user. When admin flag is True create user
with admin role. Assign user with additional roles (for example
_member_) and roles requested by caller.
:param admin: Flag if to assign to the user admin role
:type admin: bool
:param roles: Roles to assign for the user
:type roles: list
:return: Readonly Credentials with network resources
"""
root = self.name
project_name = data_utils.rand_name(root)
project_desc = project_name + "-desc"
project = self.creds_client.create_project(
name=project_name, description=project_desc)
# NOTE(andreaf) User and project can be distinguished from the context,
# having the same ID in both makes it easier to match them and debug.
username = project_name
user_password = data_utils.rand_password()
email = data_utils.rand_name(root) + "@example.com"
user = self.creds_client.create_user(
username, user_password, project, email)
if 'user' in user:
user = user['user']
role_assigned = False
if admin:
self.creds_client.assign_user_role(user, project, self.admin_role)
role_assigned = True
if (self.identity_version == 'v3' and
CONF.identity.admin_domain_scope):
self.creds_client.assign_user_role_on_domain(
user, CONF.identity.admin_role)
# Add roles specified in config file
for conf_role in CONF.auth.tempest_roles:
self.creds_client.assign_user_role(user, project, conf_role)
role_assigned = True
# Add roles requested by caller
if roles:
for role in roles:
self.creds_client.assign_user_role(user, project, role)
role_assigned = True
# NOTE(mtreinish) For a user to have access to a project with v3 auth
# it must beassigned a role on the project. So we need to ensure that
# our newly created user has a role on the newly created project.
if self.identity_version == 'v3' and not role_assigned:
try:
self.creds_client.create_user_role('Member')
except lib_exc.Conflict:
LOG.warning('Member role already exists, ignoring conflict.')
self.creds_client.assign_user_role(user, project, 'Member')
creds = self.creds_client.get_credentials(user, project, user_password)
return cred_provider.TestResources(creds)
def _create_creds(self, suffix="", admin=False, roles=None):
"""Create random credentials under the following schema.
If the name contains a '.' is the full class path of something, and
we don't really care. If it isn't, it's probably a meaningful name,
so use it.
For logging purposes, -user and -tenant are long and redundant,
don't use them. The user# will be sufficient to figure it out.
"""
if '.' in self.name:
root = ""
else:
root = self.name
project_name = data_utils.rand_name(root) + suffix
project_desc = project_name + "-desc"
project = self.creds_client.create_project(name=project_name,
description=project_desc)
# NOTE(andreaf) User and project can be distinguished from the context,
# having the same ID in both makes it easier to match them and debug.
username = project_name
user_password = data_utils.rand_password()
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self.creds_client.create_user(username, user_password, project,
email)
if 'user' in user:
user = user['user']
role_assigned = False
if admin:
self.creds_client.assign_user_role(user, project, self.admin_role)
role_assigned = True
if self.identity_version == 'v3':
self.creds_client.assign_user_role_on_domain(
user, CONF.identity.admin_role)
# Add roles specified in config file
for conf_role in CONF.auth.tempest_roles:
self.creds_client.assign_user_role(user, project, conf_role)
role_assigned = True
# Add roles requested by caller
if roles:
for role in roles:
self.creds_client.assign_user_role(user, project, role)
role_assigned = True
# NOTE(mtreinish) For a user to have access to a project with v3 auth
# it must beassigned a role on the project. So we need to ensure that
# our newly created user has a role on the newly created project.
if self.identity_version == 'v3' and not role_assigned:
self.creds_client.create_user_role('Member')
self.creds_client.assign_user_role(user, project, 'Member')
creds = self.creds_client.get_credentials(user, project, user_password)
return cred_provider.TestResources(creds)
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
credential = cred_provider.get_credentials(
identity_version=self.identity_version, **creds_dict)
net_creds = cred_provider.TestResources(credential)
net_clients = clients.Manager(credentials=credential)
compute_network_client = net_clients.networks_client
net_name = self.hash_dict['networks'].get(hash, None)
network = fixed_network.get_network_from_name(net_name,
compute_network_client)
net_creds.set_resources(network=network)
return net_creds
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
# Make sure a domain scope if defined for users in case of V3
creds_dict = self._extend_credentials(creds_dict)
# This just builds a Credentials object, it does not validate
# nor fill with missing fields.
credential = auth.get_credentials(
auth_url=None, fill_in=False,
identity_version=self.identity_version, **creds_dict)
net_creds = cred_provider.TestResources(credential)
net_clients = clients.Manager(credentials=credential)
compute_network_client = net_clients.compute_networks_client
net_name = self.hash_dict['networks'].get(hash, None)
try:
network = fixed_network.get_network_from_name(
net_name, compute_network_client)
except exceptions.InvalidTestResource:
network = {}
net_creds.set_resources(network=network)
return net_creds
def _create_creds(self, suffix="", admin=False, roles=None):
"""Create random credentials under the following schema.
If the name contains a '.' is the full class path of something, and
we don't really care. If it isn't, it's probably a meaningful name,
so use it.
For logging purposes, -user and -tenant are long and redundant,
don't use them. The user# will be sufficient to figure it out.
"""
if '.' in self.name:
root = ""
else:
root = self.name
project_name = data_utils.rand_name(root) + suffix
project_desc = project_name + "-desc"
project = self.creds_client.create_project(name=project_name,
description=project_desc)
username = data_utils.rand_name(root) + suffix
user_password = data_utils.rand_password()
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self.creds_client.create_user(username, user_password, project,
email)
if admin:
self.creds_client.assign_user_role(user, project,
CONF.identity.admin_role)
# Add roles specified in config file
for conf_role in CONF.auth.tempest_roles:
self.creds_client.assign_user_role(user, project, conf_role)
# Add roles requested by caller
if roles:
for role in roles:
self.creds_client.assign_user_role(user, project, role)
creds = self.creds_client.get_credentials(user, project, user_password)
return cred_provider.TestResources(creds)
def get_admin_creds(self):
creds = cred_provider.get_configured_credentials("identity_admin",
fill_in=False)
self.isolated_creds['admin'] = cred_provider.TestResources(creds)
return self.isolated_creds['admin']
