예제 #1
0
def is_admin_available(identity_version):
    """Helper to check for admin credentials

    Helper function to check if a set of admin credentials is available so we
    can do a single call from skip_checks.
    This helper depends on identity_version as there may be admin credentials
    available for v2 but not for v3.

    :param identity_version: 'v2' or 'v3'
    """
    is_admin = True
    # If dynamic credentials is enabled admin will be available
    if CONF.auth.use_dynamic_credentials:
        return is_admin
    # Check whether test accounts file has the admin specified or not
    elif CONF.auth.test_accounts_file:
        check_accounts = preprov_creds.PreProvisionedCredentialProvider(
            name='check_admin',
            **get_preprov_provider_params(identity_version))
        if not check_accounts.admin_available():
            is_admin = False
    else:
        try:
            get_configured_admin_credentials(fill_in=False,
                                             identity_version=identity_version)
        except exceptions.InvalidConfiguration:
            is_admin = False
    return is_admin
예제 #2
0
def is_alt_available(identity_version):
    """Helper to check for alt credentials

    Helper function to check if a second set of credentials is available (aka
    alt credentials) so we can do a single call from skip_checks.
    This helper depends on identity_version as there may be alt credentials
    available for v2 but not for v3.

    :param identity_version: 'v2' or 'v3'
    """
    # If dynamic credentials is enabled alt will be available
    if CONF.auth.use_dynamic_credentials:
        return True
    # Check whether test accounts file has the admin specified or not
    if CONF.auth.test_accounts_file:
        check_accounts = preprov_creds.PreProvisionedCredentialProvider(
            name='check_alt', **get_preprov_provider_params(identity_version))
    else:
        raise exceptions.InvalidConfiguration(
            'A valid credential provider is needed')

    try:
        if not check_accounts.is_multi_user():
            return False
        else:
            return True
    except exceptions.InvalidConfiguration:
        return False
예제 #3
0
 def test_is_not_multi_user(self):
     self.test_accounts = [self.test_accounts[0]]
     self.useFixture(
         fixtures.MockPatch(
             'tempest.lib.common.preprov_creds.read_accounts_yaml',
             return_value=self.test_accounts))
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     self.assertFalse(test_accounts_class.is_multi_user())
예제 #4
0
 def test_get_hash_dict(self):
     test_account_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     hash_dict = test_account_class.get_hash_dict(
         self.test_accounts, self.fixed_params['admin_role'])
     hash_list = self._get_hash_list(self.test_accounts)
     for hash in hash_list:
         self.assertIn(hash, hash_dict['creds'].keys())
         self.assertIn(hash_dict['creds'][hash], self.test_accounts)
예제 #5
0
 def test_get_free_hash_no_free_accounts(self, lock_mock):
     hash_list = self._get_hash_list(self.test_accounts)
     # Emulate pre-existing lock dir
     self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
     # Emulate all locks in list are in use
     self.useFixture(fixtures.MockPatch('os.path.isfile',
                                        return_value=True))
     test_account_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     with mock.patch('builtins.open', mock.mock_open(), create=True):
         self.assertRaises(lib_exc.InvalidCredentials,
                           test_account_class._get_free_hash, hash_list)
예제 #6
0
 def test_create_hash_file_no_previous_file(self):
     # Emulate the lock not existing on the filesystem
     self.useFixture(
         fixtures.MockPatch('os.path.isfile', return_value=False))
     with mock.patch('builtins.open', mock.mock_open(), create=True):
         test_account_class = (
             preprov_creds.PreProvisionedCredentialProvider(
                 **self.fixed_params))
         res = test_account_class._create_hash_file('12345')
     self.assertTrue(
         res, "_create_hash_file should return True if the "
         "pseudo-lock doesn't already exist")
예제 #7
0
 def test_get_admin_creds_none_available(self):
     non_admin_accounts = [
         x for x in self.test_accounts if 'test_admin' not in x['username']
     ]
     self.useFixture(
         fixtures.MockPatch(
             'tempest.lib.common.preprov_creds.read_accounts_yaml',
             return_value=non_admin_accounts))
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     with testtools.ExpectedException(lib_exc.InvalidCredentials):
         # Get one more
         test_accounts_class.get_admin_creds()
예제 #8
0
 def test__get_creds_by_roles_one_role(self):
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     hashes = test_accounts_class.hash_dict['roles']['role4']
     temp_hash = hashes[0]
     get_free_hash_mock = self.useFixture(
         fixtures.MockPatchObject(test_accounts_class,
                                  '_get_free_hash',
                                  return_value=temp_hash))
     # Test a single role returns all matching roles
     test_accounts_class._get_creds(roles=['role4'])
     calls = get_free_hash_mock.mock.mock_calls
     self.assertEqual(len(calls), 1)
     args = calls[0][1][0]
     for i in hashes:
         self.assertIn(i, args)
예제 #9
0
 def test_get_hash(self):
     # Test with all accounts to make sure we try all combinations
     # and hide no race conditions
     hash_index = 0
     for test_cred_dict in self.test_accounts:
         test_account_class = (
             preprov_creds.PreProvisionedCredentialProvider(
                 **self.fixed_params))
         hash_list = self._get_hash_list(self.test_accounts)
         test_creds = auth.get_credentials(
             fake_identity.FAKE_AUTH_URL,
             identity_version=self.fixed_params['identity_version'],
             **test_cred_dict)
         results = test_account_class.get_hash(test_creds)
         self.assertEqual(hash_list[hash_index], results)
         hash_index += 1
예제 #10
0
 def test_remove_hash_last_account(self, lock_mock):
     hash_list = self._get_hash_list(self.test_accounts)
     # Pretend the pseudo-lock is there
     self.useFixture(fixtures.MockPatch('os.path.isfile',
                                        return_value=True))
     # Pretend the lock dir is empty
     self.useFixture(fixtures.MockPatch('os.listdir', return_value=[]))
     test_account_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     remove_mock = self.useFixture(fixtures.MockPatch('os.remove'))
     rmdir_mock = self.useFixture(fixtures.MockPatch('os.rmdir'))
     test_account_class.remove_hash(hash_list[2])
     hash_path = os.path.join(self.fixed_params['accounts_lock_dir'],
                              hash_list[2])
     lock_path = self.fixed_params['accounts_lock_dir']
     remove_mock.mock.assert_called_once_with(hash_path)
     rmdir_mock.mock.assert_called_once_with(lock_path)
예제 #11
0
 def test__get_creds_by_roles_list_role(self):
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     hashes = test_accounts_class.hash_dict['roles']['role4']
     hashes2 = test_accounts_class.hash_dict['roles']['role2']
     hashes = list(set(hashes) & set(hashes2))
     temp_hash = hashes[0]
     get_free_hash_mock = self.useFixture(
         fixtures.MockPatchObject(test_accounts_class,
                                  '_get_free_hash',
                                  return_value=temp_hash))
     # Test an intersection of multiple roles
     test_accounts_class._get_creds(roles=['role2', 'role4'])
     calls = get_free_hash_mock.mock.mock_calls
     self.assertEqual(len(calls), 1)
     args = calls[0][1][0]
     for i in hashes:
         self.assertIn(i, args)
예제 #12
0
 def test_get_free_hash_no_previous_accounts(self, lock_mock):
     # Emulate no pre-existing lock
     self.useFixture(fixtures.MockPatch('os.path.isdir',
                                        return_value=False))
     hash_list = self._get_hash_list(self.test_accounts)
     mkdir_mock = self.useFixture(fixtures.MockPatch('os.mkdir'))
     self.useFixture(
         fixtures.MockPatch('os.path.isfile', return_value=False))
     test_account_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     with mock.patch('builtins.open', mock.mock_open(),
                     create=True) as open_mock:
         test_account_class._get_free_hash(hash_list)
         lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
                                  hash_list[0])
         open_mock.assert_called_once_with(lock_path, 'w')
     mkdir_path = os.path.join(self.fixed_params['accounts_lock_dir'])
     mkdir_mock.mock.assert_called_once_with(mkdir_path)
예제 #13
0
 def test__get_creds_by_roles_no_admin(self):
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     hashes = list(test_accounts_class.hash_dict['creds'].keys())
     admin_hashes = test_accounts_class.hash_dict['roles'][
         cfg.CONF.identity.admin_role]
     temp_hash = hashes[0]
     get_free_hash_mock = self.useFixture(
         fixtures.MockPatchObject(test_accounts_class,
                                  '_get_free_hash',
                                  return_value=temp_hash))
     # Test an intersection of multiple roles
     test_accounts_class._get_creds()
     calls = get_free_hash_mock.mock.mock_calls
     self.assertEqual(len(calls), 1)
     args = calls[0][1][0]
     self.assertEqual(len(args), 10)
     for i in admin_hashes:
         self.assertNotIn(i, args)
예제 #14
0
 def test_get_admin_creds_by_role(self):
     test_accounts = [{
         'username': '******',
         'project_name': 'test_tenant10',
         'password': '******',
         'roles': ['role1', 'role2', 'role3', 'role4']
     }, {
         'username': '******',
         'tenant_name': 'test_tenant11',
         'password': '******',
         'roles': [cfg.CONF.identity.admin_role]
     }]
     self.useFixture(
         fixtures.MockPatch(
             'tempest.lib.common.preprov_creds.read_accounts_yaml',
             return_value=test_accounts))
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     admin_creds = test_accounts_class.get_admin_creds()
     self.assertIn('test_admin', admin_creds.username)
예제 #15
0
 def test_networks_returned_with_creds(self):
     test_accounts = [{
         'username': '******',
         'tenant_name': 'test_tenant13',
         'password': '******',
         'resources': {
             'network': 'network-1'
         }
     }, {
         'username': '******',
         'tenant_name': 'test_tenant14',
         'password': '******',
         'roles': ['role-7', 'role-11'],
         'resources': {
             'network': 'network-2'
         }
     }]
     self.useFixture(
         fixtures.MockPatch(
             'tempest.lib.common.preprov_creds.read_accounts_yaml',
             return_value=test_accounts))
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     with mock.patch(
             'tempest.lib.services.network.networks_client.'
             'NetworksClient.list_networks',
             return_value={
                 'networks': [{
                     'name': 'network-2',
                     'id': 'fake-id',
                     'label': 'network-2'
                 }]
             }):
         creds = test_accounts_class.get_creds_by_roles(['role-7'])
     self.assertIsInstance(creds, cred_provider.TestResources)
     network = creds.network
     self.assertIsNotNone(network)
     self.assertIn('name', network)
     self.assertIn('id', network)
     self.assertEqual('fake-id', network['id'])
     self.assertEqual('network-2', network['name'])
예제 #16
0
    def test_get_free_hash_some_in_use_accounts(self, lock_mock):
        # Emulate no pre-existing lock
        self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
        hash_list = self._get_hash_list(self.test_accounts)
        test_account_class = preprov_creds.PreProvisionedCredentialProvider(
            **self.fixed_params)

        def _fake_is_file(path):
            # Fake isfile() to return that the path exists unless a specific
            # hash is in the path
            if hash_list[3] in path:
                return False
            return True

        self.patchobject(os.path, 'isfile', _fake_is_file)
        with mock.patch('builtins.open', mock.mock_open(),
                        create=True) as open_mock:
            test_account_class._get_free_hash(hash_list)
            lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
                                     hash_list[3])
            open_mock.assert_has_calls([mock.call(lock_path, 'w')])
예제 #17
0
def get_credentials_provider(name,
                             network_resources=None,
                             force_tenant_isolation=False,
                             identity_version=None):
    """Return the right implementation of CredentialProvider based on config

    This helper returns the right implementation of CredentialProvider based on
    config and on the value of force_tenant_isolation.

    :param name: When provided, it makes it possible to associate credential
                 artifacts back to the owner (test class).
    :param network_resources: Dictionary of network resources to be allocated
                              for each test account. Only valid for the dynamic
                              credentials provider.
    :param force_tenant_isolation: Always return a `DynamicCredentialProvider`,
                                   regardless of the configuration.
    :param identity_version: Use the specified identity API version, regardless
                             of the configuration. Valid values are 'v2', 'v3'.
    """
    # If a test requires a new account to work, it can have it via forcing
    # dynamic credentials. A new account will be produced only for that test.
    # In case admin credentials are not available for the account creation,
    # the test should be skipped else it would fail.
    identity_version = identity_version or CONF.identity.auth_version
    if CONF.auth.use_dynamic_credentials or force_tenant_isolation:
        return dynamic_creds.DynamicCredentialProvider(
            name=name,
            network_resources=network_resources,
            **get_dynamic_provider_params(identity_version))
    else:
        if CONF.auth.test_accounts_file:
            # Most params are not relevant for pre-created accounts
            return preprov_creds.PreProvisionedCredentialProvider(
                name=name, **get_preprov_provider_params(identity_version))
        else:
            raise exceptions.InvalidConfiguration(
                'A valid credential provider is needed')
예제 #18
0
 def test_get_admin_creds(self):
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     admin_creds = test_accounts_class.get_admin_creds()
     self.assertIn('test_admin', admin_creds.username)
예제 #19
0
 def test_is_multi_user(self):
     test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
         **self.fixed_params)
     self.assertTrue(test_accounts_class.is_multi_user())