def get_credential_provider(opts):
identity_version = "".join(['v', str(opts.identity_version)])
# NOTE(andreaf) For now tempest.conf controls whether resources will
# actually be created. Once we remove the dependency from tempest.conf
# we will need extra CLI option(s) to control this.
network_resources = {
'router': True,
'network': True,
'subnet': True,
'dhcp': True
}
admin_creds_dict = {
'username': opts.os_username,
'password': opts.os_password
}
_project_name = opts.os_project_name or opts.os_tenant_name
if opts.identity_version == 3:
admin_creds_dict['project_name'] = _project_name
admin_creds_dict['domain_name'] = opts.os_domain_name or 'Default'
elif opts.identity_version == 2:
admin_creds_dict['tenant_name'] = _project_name
admin_creds = credentials_factory.get_credentials(
fill_in=False, identity_version=identity_version, **admin_creds_dict)
return dynamic_creds.DynamicCredentialProvider(
identity_version=identity_version,
name=opts.tag,
network_resources=network_resources,
neutron_available=CONF.service_available.neutron,
create_networks=CONF.auth.create_isolated_networks,
identity_admin_role=CONF.identity.admin_role,
identity_admin_domain_scope=CONF.identity.admin_domain_scope,
project_network_cidr=CONF.network.project_network_cidr,
project_network_mask_bits=CONF.network.project_network_mask_bits,
public_network_id=CONF.network.public_network_id,
admin_creds=admin_creds,
**credentials_factory.get_dynamic_provider_params())
def get_credentials_provider(name, network_resources=None,
force_tenant_isolation=False,
identity_version=None):
# If a test requires a new account to work, it can have it via forcing
# dynamic credentials. A new account will be produced only for that test.
# In case admin credentials are not available for the account creation,
# the test should be skipped else it would fail.
identity_version = identity_version or CONF.identity.auth_version
if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
admin_creds = get_configured_admin_credentials(
fill_in=True, identity_version=identity_version)
return dynamic_creds.DynamicCredentialProvider(
name=name,
network_resources=network_resources,
identity_version=identity_version,
admin_creds=admin_creds,
identity_admin_domain_scope=CONF.identity.admin_domain_scope,
identity_admin_role=CONF.identity.admin_role,
extra_roles=CONF.auth.tempest_roles,
neutron_available=CONF.service_available.neutron,
project_network_cidr=CONF.network.project_network_cidr,
project_network_mask_bits=CONF.network.project_network_mask_bits,
public_network_id=CONF.network.public_network_id,
create_networks=(CONF.auth.create_isolated_networks and not
CONF.baremetal.driver_enabled),
resource_prefix=CONF.resources_prefix,
**get_dynamic_provider_params())
else:
if CONF.auth.test_accounts_file:
# Most params are not relevant for pre-created accounts
return preprov_creds.PreProvisionedCredentialProvider(
name=name, identity_version=identity_version,
**get_preprov_provider_params())
else:
raise exceptions.InvalidConfiguration(
'A valid credential provider is needed')
def test_no_network_creation_with_config_set(self, MockRestClient):
cfg.CONF.set_default('create_isolated_networks', False, group='auth')
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
net = mock.patch.object(creds.networks_admin_client, 'delete_network')
net_mock = net.start()
subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet')
subnet_mock = subnet.start()
router = mock.patch.object(creds.routers_admin_client, 'delete_router')
router_mock = router.start()
primary_creds = creds.get_primary_creds()
self.assertEqual(net_mock.mock_calls, [])
self.assertEqual(subnet_mock.mock_calls, [])
self.assertEqual(router_mock.mock_calls, [])
network = primary_creds.network
subnet = primary_creds.subnet
router = primary_creds.router
self.assertIsNone(network)
self.assertIsNone(subnet)
self.assertIsNone(router)
def test_all_cred_cleanup(self, MockRestClient):
cfg.CONF.set_default('neutron', False, 'service_available')
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self._mock_assign_user_role()
self._mock_list_role()
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_user_create('1234', 'fake_prim_user')
creds.get_primary_creds()
self._mock_tenant_create('12345', 'fake_alt_tenant')
self._mock_user_create('12345', 'fake_alt_user')
creds.get_alt_creds()
self._mock_tenant_create('123456', 'fake_admin_tenant')
self._mock_user_create('123456', 'fake_admin_user')
self._mock_list_roles('123456', 'admin')
creds.get_admin_creds()
user_mock = self.patchobject(self.users_client.UsersClient,
'delete_user')
tenant_mock = self.patchobject(self.tenants_client_class,
self.delete_tenant)
creds.clear_creds()
# Verify user delete calls
calls = user_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('1234', args)
self.assertIn('12345', args)
self.assertIn('123456', args)
# Verify tenant delete calls
calls = tenant_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('1234', args)
self.assertIn('12345', args)
self.assertIn('123456', args)
def provide_share_network(cls,
shares_client,
networks_client,
isolated_creds_client=None):
"""Used for finding/creating share network for multitenant driver.
This method creates/gets entity share-network for one tenant. This
share-network will be used for creation of service vm.
:param shares_client: shares client, which requires share-network
:param networks_client: network client from same tenant as shares
:param isolated_creds_client: DynamicCredentialProvider instance
If provided, then its networking will be used if needed.
If not provided, then common network will be used if needed.
:returns: str -- share network id for shares_client tenant
:returns: None -- if single-tenant driver used
"""
sc = shares_client
search_word = "reusable"
sn_name = "autogenerated_by_tempest_%s" % search_word
if not CONF.share.multitenancy_enabled:
# Assumed usage of a single-tenant driver
share_network_id = None
elif sc.share_network_id:
# Share-network already exists, use it
share_network_id = sc.share_network_id
elif not CONF.share.create_networks_when_multitenancy_enabled:
share_network_id = None
# Try get suitable share-network
share_networks = sc.list_share_networks_with_detail()
for sn in share_networks:
if (sn["neutron_net_id"] is None
and sn["neutron_subnet_id"] is None and sn["name"]
and search_word in sn["name"]):
share_network_id = sn["id"]
break
# Create new share-network if one was not found
if share_network_id is None:
sn_desc = "This share-network was created by tempest"
sn = sc.create_share_network(name=sn_name, description=sn_desc)
share_network_id = sn["id"]
else:
net_id = subnet_id = share_network_id = None
if not isolated_creds_client:
# Search for networks, created in previous runs
service_net_name = "share-service"
networks = networks_client.list_networks()
if "networks" in networks.keys():
networks = networks["networks"]
for network in networks:
if (service_net_name in network["name"]
and sc.tenant_id == network['tenant_id']):
net_id = network["id"]
if len(network["subnets"]) > 0:
subnet_id = network["subnets"][0]
break
# Create suitable network
if (net_id is None or subnet_id is None):
ic = dynamic_creds.DynamicCredentialProvider(
identity_version=CONF.identity.auth_version,
name=service_net_name,
admin_role=CONF.identity.admin_role,
admin_creds=(
common_creds.get_configured_admin_credentials()))
net_data = ic._create_network_resources(sc.tenant_id)
network, subnet, router = net_data
net_id = network["id"]
subnet_id = subnet["id"]
# Try get suitable share-network
share_networks = sc.list_share_networks_with_detail()
for sn in share_networks:
if (net_id == sn["neutron_net_id"]
and subnet_id == sn["neutron_subnet_id"]
and sn["name"] and search_word in sn["name"]):
share_network_id = sn["id"]
break
else:
sn_name = "autogenerated_by_tempest_for_isolated_creds"
# Use precreated network and subnet from isolated creds
net_id = isolated_creds_client.get_credentials(
isolated_creds_client.type_of_creds).network['id']
subnet_id = isolated_creds_client.get_credentials(
isolated_creds_client.type_of_creds).subnet['id']
# Create suitable share-network
if share_network_id is None:
sn_desc = "This share-network was created by tempest"
sn = sc.create_share_network(name=sn_name,
description=sn_desc,
neutron_net_id=net_id,
neutron_subnet_id=subnet_id)
share_network_id = sn["id"]
return share_network_id
def get_client_with_isolated_creds(cls,
name=None,
type_of_creds="admin",
cleanup_in_class=False,
client_version='1'):
"""Creates isolated creds.
:param name: name, will be used for naming ic and related stuff
:param type_of_creds: admin, alt or primary
:param cleanup_in_class: defines place where to delete
:returns: SharesClient -- shares client with isolated creds.
:returns: To client added dict attr 'creds' with
:returns: key elements 'tenant' and 'user'.
"""
if name is None:
# Get name of test method
name = inspect.stack()[1][3]
if len(name) > 32:
name = name[0:32]
# Choose type of isolated creds
ic = dynamic_creds.DynamicCredentialProvider(
identity_version=CONF.identity.auth_version,
name=name,
admin_role=CONF.identity.admin_role,
admin_creds=common_creds.get_configured_admin_credentials())
if "admin" in type_of_creds:
creds = ic.get_admin_creds().credentials
elif "alt" in type_of_creds:
creds = ic.get_alt_creds().credentials
else:
creds = ic.get_credentials(type_of_creds).credentials
ic.type_of_creds = type_of_creds
# create client with isolated creds
os = clients.Manager(credentials=creds)
if client_version == '1':
client = shares_client.SharesClient(os.auth_provider)
elif client_version == '2':
client = shares_v2_client.SharesV2Client(os.auth_provider)
# Set place where will be deleted isolated creds
ic_res = {
"method": ic.clear_creds,
"deleted": False,
}
if cleanup_in_class:
cls.class_isolated_creds.insert(0, ic_res)
else:
cls.method_isolated_creds.insert(0, ic_res)
# Provide share network
if CONF.share.multitenancy_enabled:
if (not CONF.service_available.neutron
and CONF.share.create_networks_when_multitenancy_enabled):
raise cls.skipException("Neutron support is required")
nc = os.networks_client
share_network_id = cls.provide_share_network(client, nc, ic)
client.share_network_id = share_network_id
resource = {
"type": "share_network",
"id": client.share_network_id,
"client": client,
}
if cleanup_in_class:
cls.class_resources.insert(0, resource)
else:
cls.method_resources.insert(0, resource)
return client
def test_tempest_client(self):
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
self.assertIsInstance(creds.identity_admin_client,
json_iden_client.IdentityClient)
def test_network_cleanup(self, MockRestClient):
def side_effect(**args):
return {
"security_groups": [{
"tenant_id": args['tenant_id'],
"name": args['name'],
"description": args['name'],
"security_group_rules": [],
"id": "sg-%s" % args['tenant_id']
}]
}
creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
# Create primary tenant and network
self._mock_assign_user_role()
self._mock_list_role()
self._mock_user_create('1234', 'fake_prim_user')
self._mock_tenant_create('1234', 'fake_prim_tenant')
self._mock_network_create(creds, '1234', 'fake_net')
self._mock_subnet_create(creds, '1234', 'fake_subnet')
self._mock_router_create('1234', 'fake_router')
router_interface_mock = self.patch(
'tempest.services.network.json.routers_client.RoutersClient.'
'add_router_interface')
creds.get_primary_creds()
router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
router_interface_mock.reset_mock()
# Create alternate tenant and network
self._mock_user_create('12345', 'fake_alt_user')
self._mock_tenant_create('12345', 'fake_alt_tenant')
self._mock_network_create(creds, '12345', 'fake_alt_net')
self._mock_subnet_create(creds, '12345', 'fake_alt_subnet')
self._mock_router_create('12345', 'fake_alt_router')
creds.get_alt_creds()
router_interface_mock.assert_called_once_with('12345',
subnet_id='12345')
router_interface_mock.reset_mock()
# Create admin tenant and networks
self._mock_user_create('123456', 'fake_admin_user')
self._mock_tenant_create('123456', 'fake_admin_tenant')
self._mock_network_create(creds, '123456', 'fake_admin_net')
self._mock_subnet_create(creds, '123456', 'fake_admin_subnet')
self._mock_router_create('123456', 'fake_admin_router')
self._mock_list_roles('123456', 'admin')
creds.get_admin_creds()
self.patch('tempest.services.identity.v2.json.users_client.'
'UsersClient.delete_user')
self.patch('tempest.services.identity.v2.json.tenants_client.'
'TenantsClient.delete_tenant')
net = mock.patch.object(creds.networks_admin_client, 'delete_network')
net_mock = net.start()
subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet')
subnet_mock = subnet.start()
router = mock.patch.object(creds.routers_admin_client, 'delete_router')
router_mock = router.start()
remove_router_interface_mock = self.patch(
'tempest.services.network.json.routers_client.RoutersClient.'
'remove_router_interface')
return_values = ({'status': 200}, {'ports': []})
port_list_mock = mock.patch.object(creds.ports_admin_client,
'list_ports',
return_value=return_values)
port_list_mock.start()
secgroup_list_mock = mock.patch.object(
creds.security_groups_admin_client,
'list_security_groups',
side_effect=side_effect)
secgroup_list_mock.start()
return_values = fake_http.fake_http_response({}, status=204), ''
remove_secgroup_mock = self.patch(
'tempest.lib.services.network.security_groups_client.'
'SecurityGroupsClient.delete',
return_value=return_values)
creds.clear_creds()
# Verify default security group delete
calls = remove_secgroup_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('v2.0/security-groups/sg-1234', args)
self.assertIn('v2.0/security-groups/sg-12345', args)
self.assertIn('v2.0/security-groups/sg-123456', args)
# Verify remove router interface calls
calls = remove_router_interface_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: (x[1][0], x[2]), calls)
args = list(args)
self.assertIn(('1234', {'subnet_id': '1234'}), args)
self.assertIn(('12345', {'subnet_id': '12345'}), args)
self.assertIn(('123456', {'subnet_id': '123456'}), args)
# Verify network delete calls
calls = net_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('1234', args)
self.assertIn('12345', args)
self.assertIn('123456', args)
# Verify subnet delete calls
calls = subnet_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('1234', args)
self.assertIn('12345', args)
self.assertIn('123456', args)
# Verify router delete calls
calls = router_mock.mock_calls
self.assertEqual(len(calls), 3)
args = map(lambda x: x[1][0], calls)
args = list(args)
self.assertIn('1234', args)
self.assertIn('12345', args)
self.assertIn('123456', args)
