From: Kefu Chai Date: Sun, 31 May 2020 00:54:41 +0000 (+0800) Subject: qa/tasks/tempest: use user/pass to authenticate X-Git-Tag: v16.1.0~2190^2~2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8f5c832915cd5f7e7e9c4f2a0517edc9573fa349;p=ceph.git qa/tasks/tempest: use user/pass to authenticate instead of using admin token use "admin" user to authenticate, as admin token is not suggested anymore. Signed-off-by: Kefu Chai --- diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml index c4a22a6cdb3c..94c43895f52a 100644 --- a/qa/suites/rgw/crypt/2-kms/barbican.yaml +++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml @@ -3,9 +3,21 @@ overrides: conf: client: rgw crypt s3 kms backend: barbican - rgw keystone barbican tenant: rgwcrypt + rgw keystone barbican project: rgwcrypt rgw keystone barbican user: rgwcrypt-user rgw keystone barbican password: rgwcrypt-pass + rgw keystone barbican domain: Default + rgw keystone api version: 3 + rgw keystone accepted roles: admin,Member,creator + rgw keystone implicit tenants: true + rgw keystone accepted admin roles: admin + rgw swift enforce content length: true + rgw swift account in url: true + rgw swift versioning enabled: true + rgw keystone admin project: admin + rgw keystone admin user: admin + rgw keystone admin password: ADMIN + rgw keystone admin domain: Default rgw: client.0: use-keystone-role: client.0 diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml index d1d3fe064725..99c776df7889 100644 --- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml +++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml @@ -28,6 +28,7 @@ tasks: admin_project_name: admin admin_password: ADMIN admin_domain_name: Default + tempest_roles: admin identity: uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/ uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/ @@ -56,10 +57,13 @@ overrides: osd_max_pg_log_entries: 10 client: rgw keystone api version: 3 - rgw keystone admin token: ADMIN rgw keystone accepted roles: admin,Member rgw keystone implicit tenants: true rgw keystone accepted admin roles: admin rgw swift enforce content length: true rgw swift account in url: true rgw swift versioning enabled: true + rgw keystone admin domain: Default + rgw keystone admin user: admin + rgw keystone admin password: ADMIN + rgw keystone admin project: admin diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py index 65e223e12634..46b036ef4ced 100644 --- a/qa/tasks/barbican.py +++ b/qa/tasks/barbican.py @@ -254,27 +254,35 @@ def create_secrets(ctx, config): token_req = http_client.HTTPConnection(keystone_host, keystone_port, timeout=30) token_req.request( 'POST', - '/v2.0/tokens', + '/v3/auth/tokens', headers={'Content-Type':'application/json'}, - body=json.dumps( - {"auth": - {"passwordCredentials": - {"username": rgw_user["username"], - "password": rgw_user["password"] - }, - "tenantName": rgw_user["tenantName"] - } + body=json.dumps({ + "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "domain": {"id": "default"}, + "name": rgw_user["username"], + "password": rgw_user["password"] + } + } + }, + "scope": { + "project": { + "domain": {"id": "default"}, + "name": rgw_user["tenantName"] + } + } } - ) - ) + })) rgw_access_user_resp = token_req.getresponse() if not (rgw_access_user_resp.status >= 200 and rgw_access_user_resp.status < 300): raise Exception("Cannot authenticate user "+rgw_user["username"]+" for secret creation") # baru_resp = json.loads(baru_req.data) rgw_access_user_data = json.loads(six.ensure_str(rgw_access_user_resp.read())) - rgw_user_id = rgw_access_user_data['access']['user']['id'] - + rgw_user_id = rgw_access_user_data['token']['user']['id'] if 'secrets' in cconfig: for secret in cconfig['secrets']: if 'name' not in secret: @@ -291,27 +299,34 @@ def create_secrets(ctx, config): token_req = http_client.HTTPConnection(keystone_host, keystone_port, timeout=30) token_req.request( 'POST', - '/v2.0/tokens', + '/v3/auth/tokens', headers={'Content-Type':'application/json'}, - body=json.dumps( - { - "auth": { - "passwordCredentials": { - "username": secret["username"], - "password": secret["password"] - }, - "tenantName":secret["tenantName"] + body=json.dumps({ + "auth": { + "identity": { + "methods": ["password"], + "password": { + "user": { + "domain": {"id": "default"}, + "name": secret["username"], + "password": secret["password"] + } + } + }, + "scope": { + "project": { + "domain": {"id": "default"}, + "name": secret["tenantName"] + } } } - ) - ) + })) token_resp = token_req.getresponse() if not (token_resp.status >= 200 and token_resp.status < 300): raise Exception("Cannot authenticate user "+secret["username"]+" for secret creation") - token_data = json.loads(six.ensure_str(token_resp.read())) - token_id = token_data['access']['token']['id'] + token_id = token_resp.getheader('x-subject-token') key1_json = json.dumps( { diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py index f3f46365210c..77173cc3b9f1 100644 --- a/qa/tasks/keystone.py +++ b/qa/tasks/keystone.py @@ -169,12 +169,6 @@ def configure_instance(ctx, config): 'etc/keystone.conf.sample', 'etc/keystone.conf' ]) - run_in_keystone_dir(ctx, client, - [ - 'sed', - '-e', 's/#admin_token =.*/admin_token = ADMIN/', - '-i', 'etc/keystone.conf' - ]) run_in_keystone_dir(ctx, client, [ 'sed', @@ -294,10 +288,14 @@ def run_section_cmds(ctx, cclient, section_cmd, specials, admin_host, admin_port = ctx.keystone.admin_endpoints[cclient] auth_section = [ - ( 'os-token', 'ADMIN' ), + ( 'os-username', 'admin' ), + ( 'os-password', 'ADMIN' ), + ( 'os-user-domain-id', 'default' ), + ( 'os-project-name', 'admin' ), + ( 'os-project-domain-id', 'default' ), ( 'os-identity-api-version', '3' ), - ( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host, - port=admin_port) ), + ( 'os-auth-url', 'http://{host}:{port}/v3'.format(host=admin_host, + port=admin_port) ), ] for section_item in section_config_list: diff --git a/qa/tasks/tempest.py b/qa/tasks/tempest.py index 13189fd54b5e..3032a3e42cec 100644 --- a/qa/tasks/tempest.py +++ b/qa/tasks/tempest.py @@ -181,13 +181,17 @@ def task(ctx, config): ceph: conf: client: - rgw keystone admin token: ADMIN + rgw keystone api version: 3 rgw keystone accepted roles: admin,Member rgw keystone implicit tenants: true rgw keystone accepted admin roles: admin rgw swift enforce content length: true rgw swift account in url: true rgw swift versioning enabled: true + rgw keystone admin domain: Default + rgw keystone admin user: admin + rgw keystone admin password: ADMIN + rgw keystone admin project: admin tasks: # typically, the task should be preceded with install, ceph, tox, # keystone and rgw. Tox and Keystone are specific requirements