Change cred provider to enforce dynamic config

Current tests always dynamically create accounts when running.

These tests do not run when, for example, LDAP is configured.

This change allows murano_tempest_tests to correctly interpret
use_dynamic_credentials config in the [auth] section of tempest.conf

When use_dynamic_credentials is set to True, dynamic accounts will be created.
When set to false, pre-provisioned accounts specified in
accounts.yaml Tempest config will be used.

And Remove download murano images from app.openstack.org

Closes-Bug: #1677893
Change-Id: I51434685555c1da92401891a60285bf52571b8b5
(cherry picked from commit 8a3ed3f833)

devstack/settings

@@ -20,11 +20,6 @@ MURANO_POLICY_FILE=${MURANO_CONF_DIR}/policy.json
 MURANO_DEBUG=$(trueorfalse True MURANO_DEBUG)
 MURANO_ENABLE_MODEL_POLICY_ENFORCEMENT=$(trueorfalse False MURANO_ENABLE_MODEL_POLICY_ENFORCEMENT)
 
-# Since Murano support raw cloud images, we can allow download any image with cloud init
-UBUNTU_CLOUD_IMAGE_URL=${UBUNTU_CLOUD_IMAGE_URL:-'http://storage.apps.openstack.org/images/ubuntu-14.04-m-agent.qcow2'}
-IMAGE_URLS+=",${UBUNTU_CLOUD_IMAGE_URL}"
-CLOUD_IMAGE_NAME=$(basename "$UBUNTU_CLOUD_IMAGE_URL" ".qcow2")
-
 # Set up murano service endpoint
 MURANO_SERVICE_HOST=${MURANO_SERVICE_HOST:-$SERVICE_HOST}
 MURANO_SERVICE_PORT=${MURANO_SERVICE_PORT:-8082}

murano_tempest_tests/tests/api/application_catalog/artifacts/base.py

@@ -14,7 +14,6 @@
 #    under the License.
 
 from tempest.common import credentials_factory as common_creds
-from tempest.common import dynamic_creds
 from tempest import config
 from tempest.lib import base
 
@@ -54,20 +53,19 @@ class BaseArtifactsTest(base.BaseTestCase):
             cls.admin_role = CONF.identity.admin_role
         else:
             cls.admin_role = 'admin'
-        cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-            identity_version=CONF.identity.auth_version,
-            name=cls.__name__, admin_role=cls.admin_role,
-            admin_creds=common_creds.get_configured_admin_credentials(
-                'identity_admin'))
+        cls.credentials = common_creds.get_credentials_provider(
+            name=cls.__name__,
+            force_tenant_isolation=CONF.auth.use_dynamic_credentials,
+            identity_version=CONF.identity.auth_version)
         if type_of_creds == 'primary':
-            creds = cls.dynamic_cred.get_primary_creds()
+            creds = cls.credentials.get_primary_creds()
         elif type_of_creds == 'admin':
-            creds = cls.dynamic_cred.get_admin_creds()
+            creds = cls.credentials.get_admin_creds()
         elif type_of_creds == 'alt':
-            creds = cls.dynamic_cred.get_alt_creds()
+            creds = cls.credentials.get_alt_creds()
         else:
-            creds = cls.dynamic_cred.get_credentials(type_of_creds)
-        cls.dynamic_cred.type_of_creds = type_of_creds
+            creds = cls.credentials.get_credentials(type_of_creds)
+        cls.credentials.type_of_creds = type_of_creds
 
         return creds.credentials
 
@@ -95,7 +93,7 @@ class BaseArtifactsTest(base.BaseTestCase):
     @classmethod
     def clear_isolated_creds(cls):
         if hasattr(cls, "dynamic_cred"):
-            cls.dynamic_cred.clear_creds()
+            cls.credentials.clear_creds()
 
     @classmethod
     def upload_package(cls, application_name, version=None, require=None):

murano_tempest_tests/tests/api/application_catalog/base.py

@@ -14,7 +14,6 @@
 #    under the License.
 
 from tempest.common import credentials_factory as common_creds
-from tempest.common import dynamic_creds
 from tempest import config
 from tempest.lib import base
 
@@ -55,20 +54,19 @@ class BaseApplicationCatalogTest(base.BaseTestCase):
         else:
             cls.admin_role = 'admin'
         if not hasattr(cls, 'dynamic_cred'):
-            cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-                identity_version=CONF.identity.auth_version,
-                name=cls.__name__, admin_role=cls.admin_role,
-                admin_creds=common_creds.get_configured_admin_credentials(
-                    'identity_admin'))
+            cls.credentials = common_creds.get_credentials_provider(
+                name=cls.__name__,
+                force_tenant_isolation=CONF.auth.use_dynamic_credentials,
+                identity_version=CONF.identity.auth_version)
         if type_of_creds == 'primary':
-            creds = cls.dynamic_cred.get_primary_creds()
+            creds = cls.credentials.get_primary_creds()
         elif type_of_creds == 'admin':
-            creds = cls.dynamic_cred.get_admin_creds()
+            creds = cls.credentials.get_admin_creds()
         elif type_of_creds == 'alt':
-            creds = cls.dynamic_cred.get_alt_creds()
+            creds = cls.credentials.get_alt_creds()
         else:
-            creds = cls.dynamic_cred.get_credentials(type_of_creds)
-        cls.dynamic_cred.type_of_creds = type_of_creds
+            creds = cls.credentials.get_credentials(type_of_creds)
+        cls.credentials.type_of_creds = type_of_creds
 
         return creds.credentials
 
@@ -96,7 +94,7 @@ class BaseApplicationCatalogTest(base.BaseTestCase):
     @classmethod
     def clear_isolated_creds(cls):
         if hasattr(cls, "dynamic_cred"):
-            cls.dynamic_cred.clear_creds()
+            cls.credentials.clear_creds()
 
     @staticmethod
     def _get_demo_app():

murano_tempest_tests/tests/api/service_broker/base.py

@@ -16,7 +16,7 @@
 import json
 import time
 
-from tempest.common import dynamic_creds
+from tempest.common import credentials_factory as common_creds
 from tempest import config
 from tempest.lib import base
 from tempest.lib import exceptions
@@ -42,17 +42,17 @@ class BaseServiceBrokerTest(base.BaseTestCase):
     @classmethod
     def get_client_with_isolated_creds(cls, name=None,
                                        type_of_creds="admin"):
-
-        cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-            identity_version=CONF.identity.auth_version,
-            name=cls.__name__)
+        cls.credentials = common_creds.get_credentials_provider(
+            name=cls.__name__,
+            force_tenant_isolation=CONF.auth.use_dynamic_credentials,
+            identity_version=CONF.identity.auth_version)
         if "admin" in type_of_creds:
-            creds = cls.dynamic_cred.get_admin_creds()
+            creds = cls.credentials.get_admin_creds()
         elif "alt" in type_of_creds:
-            creds = cls.dynamic_cred.get_alt_creds()
+            creds = cls.credentials.get_alt_creds()
         else:
-            creds = cls.dynamic_cred.get_credentials(type_of_creds)
-        cls.dynamic_cred.type_of_creds = type_of_creds
+            creds = cls.credentials.get_credentials(type_of_creds)
+        cls.credentials.type_of_creds = type_of_creds
 
         os = clients.Manager(credentials=creds)
         client = os.service_broker_client
@@ -96,7 +96,7 @@ class BaseServiceBrokerTest(base.BaseTestCase):
     @classmethod
     def clear_isolated_creds(cls):
         if hasattr(cls, "dynamic_cred"):
-            cls.dynamic_cred.clear_creds()
+            cls.credentials.clear_creds()
 
     def wait_for_result(self, instance_id, timeout):
         start_time = time.time()

murano_tempest_tests/tests/scenario/application_catalog/base.py

@@ -19,11 +19,11 @@ import time
 
 from tempest.clients import Manager as services_manager
 from tempest.common import credentials_factory as common_creds
-from tempest.common import dynamic_creds
 from tempest.common import waiters
 from tempest import config
 from tempest.lib import base
 from tempest.lib import exceptions
+from tempest.services import orchestration
 
 from murano_tempest_tests import clients
 from murano_tempest_tests import utils
@@ -62,20 +62,19 @@ class BaseApplicationCatalogScenarioTest(base.BaseTestCase):
         else:
             cls.admin_role = 'admin'
         if not hasattr(cls, 'dynamic_cred'):
-            cls.dynamic_cred = dynamic_creds.DynamicCredentialProvider(
-                identity_version=CONF.identity.auth_version,
-                name=cls.__name__, admin_role=cls.admin_role,
-                admin_creds=common_creds.get_configured_admin_credentials(
-                    'identity_admin'))
+            cls.credentials = common_creds.get_credentials_provider(
+                name=cls.__name__,
+                force_tenant_isolation=CONF.auth.use_dynamic_credentials,
+                identity_version=CONF.identity.auth_version)
         if type_of_creds == 'primary':
-            creds = cls.dynamic_cred.get_primary_creds()
+            creds = cls.credentials.get_primary_creds()
         elif type_of_creds == 'admin':
-            creds = cls.dynamic_cred.get_admin_creds()
+            creds = cls.credentials.get_admin_creds()
         elif type_of_creds == 'alt':
-            creds = cls.dynamic_cred.get_alt_creds()
+            creds = cls.credentials.get_alt_creds()
         else:
-            creds = cls.dynamic_cred.get_credentials(type_of_creds)
-        cls.dynamic_cred.type_of_creds = type_of_creds
+            creds = cls.credentials.get_credentials(type_of_creds)
+        cls.credentials.type_of_creds = type_of_creds
 
         return creds.credentials
 
@@ -99,7 +98,9 @@ class BaseApplicationCatalogScenarioTest(base.BaseTestCase):
         cls.application_catalog_client = cls.os.application_catalog_client
         cls.artifacts_client = cls.os.artifacts_client
         cls.servers_client = cls.services_manager.servers_client
-        cls.orchestration_client = cls.services_manager.orchestration_client
+        params = config.service_client_config('orchestration')
+        cls.orchestration_client = orchestration.OrchestrationClient(
+            cls.services_manager.auth_provider, **params)
         cls.snapshots_client = cls.services_manager.snapshots_v2_client
         cls.volumes_client = cls.services_manager.volumes_v2_client
         cls.backups_client = cls.services_manager.backups_v2_client
@@ -118,7 +119,7 @@ class BaseApplicationCatalogScenarioTest(base.BaseTestCase):
     @classmethod
     def clear_isolated_creds(cls):
         if hasattr(cls, "dynamic_cred"):
-            cls.dynamic_cred.clear_creds()
+            cls.credentials.clear_creds()
 
     def environment_delete(self, environment_id, timeout=180):
         self.application_catalog_client.delete_environment(environment_id)