def check_user_roles(self, roles):
"""Check if roles provided by user (or the default one) exist.
:param roles: value returned by roles_client.list_roles
:type roles: dict
:return: List of the existing roles given by user (or by defaults)
:rtype: list
"""
roles_names = [r['name'] for r in roles['roles']]
user_roles = self._conf.get('auth', 'tempest_roles').split(',')
available_roles = []
for r in user_roles:
if r in roles_names:
available_roles.append(r)
else:
LOG.debug("Provided %s role is not present in the system.", r)
if len(available_roles) == 0:
# try 'member' or 'Member', they might present in a system
if 'member' in roles_names:
self._conf.set('auth', 'tempest_roles', 'member')
elif 'Member' in roles_names:
self._conf.set('auth', 'tempest_roles', 'Member')
else:
LOG.debug("Setting auth.tempest_roles to an empty list "
"because none of the provided roles exists.")
self._conf.set('auth', 'tempest_roles', "")
return available_roles
def give_role_to_user(self, username, role_name, role_required=True):
"""Give the user a role in the project.
:type username: string
:type role_name: string
:type role_required: boolean
"""
project_name = self._conf.get('identity', 'project_name')
proj_id = self.projects_client.get_project_by_name(project_name)['id']
users = self.users_client.list_users()
user_ids = [u['id'] for u in users['users'] if u['name'] == username]
user_id = user_ids[0]
roles = self.roles_client.list_roles()
self.check_user_roles(roles)
role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
if not role_ids:
if role_required:
raise Exception("required role %s not found" % role_name)
LOG.debug("%s role not required", role_name)
return
role_id = role_ids[0]
try:
self.roles_client.create_user_role_on_project(
proj_id, user_id, role_id)
LOG.debug("User '%s' was given the '%s' role in project '%s'",
username, role_name, project_name)
except exceptions.Conflict:
LOG.debug(
"(no change) User '%s' already has the '%s' role in"
" project '%s'", username, role_name, project_name)
def load_basic_defaults(conf):
"""Load basic default options into conf file.
:type conf: TempestConf object
"""
LOG.debug("Setting basic default values")
default_values = {
"DEFAULT": [("debug", "true"), ("use_stderr", "false"),
("log_file", "tempest.log")],
"identity": [("username", "demo_tempestconf"), ("password", "secrete"),
("project_name", "demo"),
("alt_username", "alt_demo_tempestconf"),
("alt_password", "secrete"),
("alt_project_name", "alt_demo"),
("disable_ssl_certificate_validation", "true")],
"scenario": [("img_dir", "etc")],
"auth": [("tempest_roles", "_member_"), ("admin_username", "admin"),
("admin_project_name", "admin"),
("admin_domain_name", "Default")],
"object-storage": [("reseller_admin_role", "ResellerAdmin")],
"oslo-concurrency": [("lock_path", "/tmp")],
"compute-feature-enabled": [
# Default deployment does not use shared storage
("live_migration", "false"),
("live_migrate_paused_instances", "true"),
("preserve_ports", "true")
],
"network-feature-enabled": [("ipv6_subnet_attributes", "true")]
}
for section in default_values.keys():
if section != "DEFAULT" and not conf.has_section(section):
conf.add_section(section)
for key, value in default_values[section]:
if not conf.has_option(section, key):
conf.set(section, key, value)