List and create swift roles

When swift service is enabled, python-tempestconf will now be able to list roles and create swift related roles if they are not found. Change-Id: Ia5310a56f24e167a835416c2e5a6fc504bb61c26
2018-06-03 16:06:00 +00:00 · 2018-06-03 16:06:00 +00:00 · 03fe466bdd
commit 03fe466bdd
parent 154fe8878d
5 changed files with 61 additions and 8 deletions
--- a/config_tempest/services/object_storage.py
+++ b/config_tempest/services/object_storage.py
@ -1,4 +1,4 @@
-# Copyright 2016 Red Hat, Inc.
+# Copyright 2016, 2018 Red Hat, Inc.
 # All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -16,6 +16,8 @@
 import json

 from base import Service
+from config_tempest.constants import LOG
+from tempest.lib import exceptions


 class ObjectStorageService(Service):
@ -29,3 +31,18 @@ class ObjectStorageService(Service):
            # Remove Swift general information from extensions list
            body.pop('swift')
            self.extensions = body.keys()
+
+    def list_create_roles(self, conf, client):
+        try:
+            roles = client.list_roles()['roles']
+        except exceptions.Forbidden:
+            LOG.info("Roles can't be listed - the user needs permissions.")
+            return
+
+        for section_key in ["operator_role", "reseller_admin"]:
+            key_value = conf.get_defaulted("object-storage", section_key)
+            if key_value not in [r['name'] for r in roles]:
+                LOG.info("Creating %s role", key_value)
+                client.create_role(name=key_value)
+
+            conf.set("object-storage", section_key, key_value)
--- a/config_tempest/services/services.py
+++ b/config_tempest/services/services.py
@ -202,6 +202,15 @@ class Services(object):
                                           self._clients.volume_client,
                                           self.is_service("volumev3"))

+        # query the config for swift availability and get the current value
+        # in case, it was overridden in CLI
+        swift_default = self._conf.get_bool_value(
+            self._conf.get_defaulted('service_available', 'swift')
+        )
+        if self.is_service('object-store') and swift_default:
+            object_storage = self.get_service('object-store')
+            object_storage.list_create_roles(self._conf, self._clients.roles)
+
        ceilometer.check_ceilometer_service(self._conf,
                                            self._clients.service_client)

--- a/config_tempest/tests/base.py
+++ b/config_tempest/tests/base.py
@ -200,6 +200,17 @@ class BaseServiceTest(base.BaseTestCase):
            }
        }
    )
+    FAKE_ROLES = (
+        {
+            "roles": [
+                {
+                    "name": "ResellerAdmin",
+                    "id": "2b4df7a671a443d741c62b4df7a671a443d741c6",
+                    "domain_id": None
+                }
+            ]
+        }
+    )

    class FakeRequestResponse(object):
        URL = 'https://docs.openstack.org/api/openstack-identity/3/ext/'
--- a/config_tempest/tests/services/test_object_storage.py
+++ b/config_tempest/tests/services/test_object_storage.py
@ -13,7 +13,11 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+import mock
+
+from config_tempest import constants as C
 from config_tempest.services.object_storage import ObjectStorageService
+from config_tempest import tempest_conf
 from config_tempest.tests.base import BaseServiceTest


@ -35,3 +39,19 @@ class TestObjectStorageService(BaseServiceTest):
        self.Service.set_extensions()
        self.assertItemsEqual(self.Service.extensions, [])
        self.assertItemsEqual(self.Service.get_extensions(), [])
+
+    def test_list_create_roles(self):
+        conf = tempest_conf.TempestConf()
+        # TODO(mkopec) remove reading of default file when it's removed
+        conf.read(C.DEFAULTS_FILE)
+        client = mock.Mock()
+        return_mock = mock.Mock(return_value=self.FAKE_ROLES)
+        client.list_roles = return_mock
+        client.create_role = mock.Mock()
+        self.Service.list_create_roles(conf, client)
+        self.assertEqual(conf.get('object-storage', 'reseller_admin'),
+                         'ResellerAdmin')
+        # Member role is inherited from tempest.config
+        self.assertEqual(conf.get('object-storage', 'operator_role'),
+                         'Member')
+        self.assertTrue(client.create_role.called)
--- a/etc/default-overrides.conf
+++ b/etc/default-overrides.conf
@ -72,13 +72,9 @@ admin_domain_name=Default
 disable_ssl_certificate_validation=true

 [object-storage]
-
-# Role to add to users created for swift tests to enable
-# creating containers (string value)
-operator_role=SwiftOperator
-
-# User role that has reseller admin (string value)
-#reseller_admin_role=ResellerAdmin $$$ DEPLOY
+# default-overrides.conf file will be removed soon, this value will be
+# moved to load_basic_defaults method in config_tempest/main.py
+reseller_admin = ResellerAdmin

 [data-processing]