Respect configured credential provider everywhere

This commit changes all the uses of the old AdminManager and Manager() constructs to use cls.isolated_creds to provide user credentials from whatever the configured credential provider is being used instead of assuming it's the non-locking accounts provider without an accounts.yaml file. As part of this we need to add a heat option for the stack owner role so that we can request the creds by that role. The heat tests were previously making an implicit assumption about the configured user having that role assigned. Which while true in devstack today, it isn't necessarily the case everywhere. Depends-On: Id98a83f0a716de0fdb5f36d03407364830e8fa5f Closes-Bug: #1433723 Change-Id: Ie071cb2cb6add591a60c9d76a12c95b7fb5ee539
2015-03-18 14:21:28 -04:00 · 2015-03-18 14:21:28 -04:00 · db9721dfec
parent f731aa355e
commit db9721dfec
5 changed files with 28 additions and 5 deletions
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@ -873,6 +873,9 @@
 # Allowed values: public, admin, internal, publicURL, adminURL, internalURL
 #endpoint_type = publicURL

+# Role required for users to be able to manage stacks (string value)
+#stack_owner_role = heat_stack_owner
+
 # Time in seconds between build status checks. (integer value)
 #build_interval = 1

--- a/tempest/api/baremetal/admin/base.py
+++ b/tempest/api/baremetal/admin/base.py
@ -16,6 +16,7 @@ from tempest_lib.common.utils import data_utils
 from tempest_lib import exceptions as lib_exc

 from tempest import clients
+from tempest.common import credentials
 from tempest import config
 from tempest import test

@ -69,7 +70,11 @@ class BaseBaremetalTest(test.BaseTestCase):
    @classmethod
    def setup_credentials(cls):
        super(BaseBaremetalTest, cls).setup_credentials()
-        cls.mgr = clients.AdminManager()
+        if (not hasattr(cls, 'isolated_creds') or
+            not cls.isolated_creds.name == cls.__name__):
+            cls.isolated_creds = credentials.get_isolated_credentials(
+                name=cls.__name__, network_resources=cls.network_resources)
+        cls.mgr = clients.Manager(cls.isolated_creds.get_admin_creds())

    @classmethod
    def setup_clients(cls):
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@ -31,8 +31,8 @@ class BaseIdentityAdminTest(tempest.test.BaseTestCase):
    @classmethod
    def setup_credentials(cls):
        super(BaseIdentityAdminTest, cls).setup_credentials()
-        cls.os_adm = clients.AdminManager()
-        cls.os = clients.Manager()
+        cls.os = cls.get_client_manager()
+        cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())

    @classmethod
    def disable_user(cls, user_name):
--- a/tempest/api/orchestration/base.py
+++ b/tempest/api/orchestration/base.py
@ -18,6 +18,7 @@ from tempest_lib import exceptions as lib_exc
 import yaml

 from tempest import clients
+from tempest.common import credentials
 from tempest import config
 import tempest.test

@ -38,7 +39,19 @@ class BaseOrchestrationTest(tempest.test.BaseTestCase):
    @classmethod
    def setup_credentials(cls):
        super(BaseOrchestrationTest, cls).setup_credentials()
-        cls.os = clients.Manager()
+        if (not hasattr(cls, 'isolated_creds') or
+            not cls.isolated_creds.name == cls.__name__):
+            cls.isolated_creds = credentials.get_isolated_credentials(
+                name=cls.__name__, network_resources=cls.network_resources)
+        stack_owner_role = CONF.orchestration.stack_owner_role
+        if not cls.isolated_creds.is_role_available(stack_owner_role):
+            skip_msg = ("%s skipped because the configured credential provider"
+                        " is not able to provide credentials with the %s role "
+                        "assigned." % (cls.__name__, stack_owner_role))
+            raise cls.skipException(skip_msg)
+        else:
+            cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+                [stack_owner_role]))

    @classmethod
    def setup_clients(cls):
@ -70,7 +83,7 @@ class BaseOrchestrationTest(tempest.test.BaseTestCase):
    @classmethod
    def _get_identity_admin_client(cls):
        """Returns an instance of the Identity Admin API client."""
-        manager = clients.AdminManager()
+        manager = clients.Manager(cls.isolated_creds.get_admin_creds())
        admin_client = manager.identity_client
        return admin_client

--- a/tempest/config.py
+++ b/tempest/config.py
@ -690,6 +690,8 @@ OrchestrationGroup = [
               choices=['public', 'admin', 'internal',
                        'publicURL', 'adminURL', 'internalURL'],
               help="The endpoint type to use for the orchestration service."),
+    cfg.StrOpt('stack_owner_role', default='heat_stack_owner',
+               help='Role required for users to be able to manage stacks'),
    cfg.IntOpt('build_interval',
               default=1,
               help="Time in seconds between build status checks."),