def _create_creds(self, admin=False, roles=None):
"""Create credentials with random name.
Creates project and user. When admin flag is True create user
with admin role. Assign user with additional roles (for example
_member_) and roles requested by caller.
:param admin: Flag if to assign to the user admin role
:type admin: bool
:param roles: Roles to assign for the user
:type roles: list
:return: Readonly Credentials with network resources
"""
root = self.name
project_name = data_utils.rand_name(root, prefix=self.resource_prefix)
project_desc = project_name + "-desc"
project = self.creds_client.create_project(name=project_name,
description=project_desc)
# NOTE(andreaf) User and project can be distinguished from the context,
# having the same ID in both makes it easier to match them and debug.
username = project_name
user_password = data_utils.rand_password()
email = data_utils.rand_name(
root, prefix=self.resource_prefix) + "@example.com"
user = self.creds_client.create_user(username, user_password, project,
email)
role_assigned = False
if admin:
self.creds_client.assign_user_role(user, project, self.admin_role)
role_assigned = True
if (self.identity_version == 'v3'
and self.identity_admin_domain_scope):
self.creds_client.assign_user_role_on_domain(
user, self.identity_admin_role)
# Add roles specified in config file
for conf_role in self.extra_roles:
self.creds_client.assign_user_role(user, project, conf_role)
role_assigned = True
# Add roles requested by caller
if roles:
for role in roles:
self.creds_client.assign_user_role(user, project, role)
role_assigned = True
# NOTE(mtreinish) For a user to have access to a project with v3 auth
# it must beassigned a role on the project. So we need to ensure that
# our newly created user has a role on the newly created project.
if self.identity_version == 'v3' and not role_assigned:
try:
self.creds_client.create_user_role('Member')
except lib_exc.Conflict:
LOG.warning('Member role already exists, ignoring conflict.')
self.creds_client.assign_user_role(user, project, 'Member')
creds = self.creds_client.get_credentials(user, project, user_password)
return cred_provider.TestResources(creds)
def _wrap_creds_with_network(self, hash):
creds_dict = self.hash_dict['creds'][hash]
# Make sure a domain scope if defined for users in case of V3
# Make sure a tenant is available in case of V2
creds_dict = self._extend_credentials(creds_dict)
# This just builds a Credentials object, it does not validate
# nor fill with missing fields.
credential = auth.get_credentials(
auth_url=None, fill_in=False,
identity_version=self.identity_version, **creds_dict)
net_creds = cred_provider.TestResources(credential)
net_clients = clients.ServiceClients(credentials=credential,
identity_uri=self.identity_uri)
networks_client = net_clients.network.NetworksClient()
net_name = self.hash_dict['networks'].get(hash, None)
try:
network = fixed_network.get_network_from_name(
net_name, networks_client)
except lib_exc.InvalidTestResource:
network = {}
net_creds.set_resources(network=network)
return net_creds
def _create_creds(self, admin=False, roles=None, scope='project'):
"""Create credentials with random name.
Creates user and role assignments on a project, domain, or system. When
the admin flag is True, creates user with the admin role on the
resource. If roles are provided, assigns those roles on the resource.
Otherwise, assigns the user the 'member' role on the resource.
:param admin: Flag if to assign to the user admin role
:type admin: bool
:param roles: Roles to assign for the user
:type roles: list
:param str scope: The scope for the role assignment, may be one of
'project', 'domain', or 'system'.
:return: Readonly Credentials with network resources
:raises: Exception if scope is invalid
"""
if not roles:
roles = []
root = self.name
cred_params = {
'project': None,
'domain': None,
'system': None
}
if scope == 'project':
project_name = data_utils.rand_name(
root, prefix=self.resource_prefix)
project_desc = project_name + '-desc'
project = self.creds_client.create_project(
name=project_name, description=project_desc)
# NOTE(andreaf) User and project can be distinguished from the
# context, having the same ID in both makes it easier to match them
# and debug.
username = project_name + '-project'
cred_params['project'] = project
elif scope == 'domain':
domain_name = data_utils.rand_name(
root, prefix=self.resource_prefix)
domain_desc = domain_name + '-desc'
domain = self.creds_client.create_domain(
name=domain_name, description=domain_desc)
username = domain_name + '-domain'
cred_params['domain'] = domain
elif scope == 'system':
prefix = data_utils.rand_name(root, prefix=self.resource_prefix)
username = prefix + '-system'
cred_params['system'] = 'all'
else:
raise lib_exc.InvalidScopeType(scope=scope)
if admin:
username += '-admin'
elif roles and len(roles) == 1:
username += '-' + roles[0]
user_password = data_utils.rand_password()
cred_params['password'] = user_password
user = self.creds_client.create_user(
username, user_password)
cred_params['user'] = user
roles_to_assign = [r for r in roles]
if admin:
roles_to_assign.append(self.admin_role)
if scope == 'project':
self.creds_client.assign_user_role(
user, project, self.identity_admin_role)
if (self.identity_version == 'v3' and
self.identity_admin_domain_scope):
self.creds_client.assign_user_role_on_domain(
user, self.identity_admin_role)
# Add roles specified in config file
roles_to_assign.extend(self.extra_roles)
# If there are still no roles, default to 'member'
# NOTE(mtreinish) For a user to have access to a project with v3 auth
# it must beassigned a role on the project. So we need to ensure that
# our newly created user has a role on the newly created project.
if not roles_to_assign and self.identity_version == 'v3':
roles_to_assign = ['member']
try:
self.creds_client.create_user_role('member')
except lib_exc.Conflict:
LOG.warning('member role already exists, ignoring conflict.')
for role in roles_to_assign:
if scope == 'project':
self.creds_client.assign_user_role(user, project, role)
elif scope == 'domain':
self.creds_client.assign_user_role_on_domain(
user, role, domain)
elif scope == 'system':
self.creds_client.assign_user_role_on_system(user, role)
LOG.info("Dynamic test user %s is created with scope %s and roles: %s",
user['id'], scope, roles_to_assign)
creds = self.creds_client.get_credentials(**cred_params)
return cred_provider.TestResources(creds)
