Support Admin admin user and role

We didn't take into account that the admin role and user might be called on with uppercase first letter - Admin - on some systems. The patch edits the logic so that we accept this admin name or role. Story: #2010880 Task: #48601 Change-Id: Ie027de58f77a58f44b31274e6d75dc830d3b717d
2023-08-30 14:34:37 +00:00 · 2023-08-30 14:34:37 +00:00 · b5ae1f69ac
commit b5ae1f69ac
parent 58e32bbe5a
2 changed files with 61 additions and 2 deletions
--- a/config_tempest/tests/test_users.py
+++ b/config_tempest/tests/test_users.py
@ -286,6 +286,38 @@ class TestUsers(BaseConfigTempestTest):
            username=self.username,
            role_name=self.role_name)

+    @mock.patch('config_tempest.clients.ProjectsClient'
+                '.get_project_by_name')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'users_client.UsersClient.list_users')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'users_client.UsersClient.create_user')
+    @mock.patch('tempest.lib.services.identity.v2.'
+                'roles_client.RolesClient.list_roles')
+    @mock.patch('tempest.lib.services.identity.v2.roles_client.'
+                'RolesClient.create_user_role_on_project')
+    def test_give_role_to_user_Admin(
+            self,
+            mock_create_user_role_on_project,
+            mock_list_roles,
+            mock_create_user,
+            mock_list_users,
+            mock_get_project_by_name):
+        mock_get_project_by_name.return_value = {'id': "fake_project_id"}
+        users = self.users
+        users['users'].append(
+            {'name': "Admin", 'id': "Admin_user_id"})
+        roles = self.roles
+        roles['roles'].append(
+            {'name': "Admin", 'id': "Admin_role_id"})
+        mock_list_users.return_value = users
+        mock_list_roles.return_value = roles
+        # using admin as user and role as those are the default values
+        # when discover-tempest-config is executed
+        self.Service.give_role_to_user(
+            username="admin",
+            role_name="admin")
+
    def _check_user_roles(self, user_roles, system_roles):
        self.Service._conf.set('auth', 'tempest_roles', user_roles)
        return self.Service.check_user_roles(system_roles)
--- a/config_tempest/users.py
+++ b/config_tempest/users.py
@ -48,10 +48,35 @@ class Users(object):

        self.give_role_to_user(username, role_name='admin')

+    def _filter_ids_by_name(self, mode, name, role_name, roles_list):
+        """Filter the id that belongs to the name in the given list.
+
+        :param mode: 'roles' or 'users', depending what we're looking for
+        :param name: Name we want to filter by
+        :param role_name: Name of the role we wanna assign the user
+        :param roles_list: List of roles or users to search in.
+        :return: List containing an id matching the name in the roles_list.
+        :rtype: list
+        """
+        match = [n['id'] for n in roles_list[mode] if n['name'] == name]
+        if not match and role_name == 'admin':
+            # in a few cases there might be the admin role with upper-case
+            # first letter, therefore, let's try Admin
+            name = 'Admin'
+            match = [n['id'] for n in roles_list[mode] if n['name'] == name]
+            if match and mode == 'users':
+                # if we found a match with Admin and we're in the users mode,
+                # change also the admin_username in the tempest.conf
+                self._conf.set('auth', 'admin_username', name)
+        return match
+
    def give_role_to_user(self, username, role_name,
                          role_required=True):
        """Give the user a role in the project.

+        If the role is 'admin' and it isn't found, the method will try 'Admin'
+        as sometimes the admin role can be named with upper-case 1st letter.
+
        :type username: string
        :type role_name: string
        :type role_required: boolean
@ -59,14 +84,16 @@ class Users(object):
        project_name = self._conf.get('identity', 'project_name')
        proj_id = self.projects_client.get_project_by_name(project_name)['id']
        users = self.users_client.list_users()
-        user_ids = [u['id'] for u in users['users'] if u['name'] == username]
+        user_ids = self._filter_ids_by_name('users', username,
+                                            role_name, users)
        if not user_ids:
            raise Exception("user %s not found" % username)
        user_id = user_ids[0]

        roles = self.roles_client.list_roles()
        self.check_user_roles(roles)
-        role_ids = [r['id'] for r in roles['roles'] if r['name'] == role_name]
+        role_ids = self._filter_ids_by_name('roles', role_name,
+                                            role_name, roles)
        if not role_ids:
            if role_required:
                raise Exception("required role %s not found" % role_name)