[openstack-qa] Is tempest must be able to operate without identity admin privileges?

Attila Fazekas afazekas at redhat.com
Fri Jun 14 06:00:31 UTC 2013





----- Original Message -----
> From: "Andrea Frittoli (Cloud Services)" <frittoli at hp.com>
> To: "All Things QA." <openstack-qa at lists.openstack.org>
> Sent: Thursday, June 13, 2013 11:56:29 AM
> Subject: Re: [openstack-qa] Is tempest must be able to operate without identity admin privileges?
> 
> I would still maintain both static and dynamic accounts.
> Running the tests using the same account over and over again provides is a
> valid scenario, which may discover issues not visible in a fresh account.

Yes, it is my main reason to decrease the isolation level, where it is possible.

The other reasons are the skip manage and efficiency.
If for whatever reason we need to skip a real scenario sequence,
 we may lose coverage in point where we do not want.

> With identity V3 if I'm not mistaken a domain admin will be able to create
> users and tenants without being an overall identity admin.
> This should help in the refstack case.

Good idea. Can we exclude the v2 in the refstack case ?
 
> andrea
> 
> -----Original Message-----
> From: Attila Fazekas [mailto:afazekas at redhat.com]
> Sent: 13 June 2013 10:35
> To: All Things QA.
> Subject: Re: [openstack-qa] Is tempest must be able to operate without
> identity admin privileges?
> 
> Ohh, I forget the password.
> 
> myuser-alt-0,tenant,domain,passwda0,myuser-0,tenant,domain,passwd0
> myuser-alt-1,tenant,domain,passwda1,myuser-1,tenant,domain,passwd1
> myuser-alt-2,tenant,domain,passwda2,myuser-2,tenant,domain,passwd2
> myuser-alt-3,tenant,domain,passwda3,myuser-3,tenant,domain,passwd3
> 
> ----- Original Message -----
> From: "Attila Fazekas" <afazekas at redhat.com>
> To: mordred at inaugust.com, "Jay Pipes" <jaypipes at gmail.com>
> Cc: "All Things QA." <openstack-qa at lists.openstack.org>
> Sent: Thursday, June 13, 2013 10:28:44 AM
> Subject: Re: [openstack-qa] Is tempest must be able to operate without
> identity admin privileges?
> 
> If we need really stricter test case isolation for parallel refstack usage,
> providing more than 2 user can be an another option.
> 
> Is it an option ?
> 
> user pair / worker process.
> 
> One of the simplest user "pool" would be pair of users in a csv.
> 
> myuser-alt-0,tenant,domain,myuser-1,tenant,domain
> myuser-alt-1,tenant,domain,myuser-1,tenant,domain
> myuser-alt-2,tenant,domain,myuser-2,tenant,domain
> myuser-alt-3,tenant,domain,myuser-3,tenant,domain
> 
> Many more effective solution possible.
> 
> ----- Original Message -----
> > From: "Monty Taylor" <mordred at inaugust.com>
> > To: openstack-qa at lists.openstack.org
> > Sent: Saturday, June 8, 2013 3:10:57 PM
> > Subject: Re: [openstack-qa] Is tempest must be able to operate without
> identity admin privileges?
> > 
> > 
> > 
> > On 06/08/2013 09:03 AM, Attila Fazekas wrote:
> > > Do we want parallel execution in this cases ?
> > > - obviously yes
> > > - nice to have
> > > - who cares
> > 
> > obviously yes/must have
> > 
> > > Can we expect larger quota than the default 10 in this case ?
> > > - never
> > > - usually
> > > - always
> > 
> > always. I believe that if we have specific quota needs from a cloud
> > against which refstack runs, it's not unreasonable. It would be good
> > to have an understanding at some point of needed quota
> > 
> > > ----- Original Message -----
> > >> From: "Sean Dague" <sean at dague.net>
> > >> To: "All Things QA." <openstack-qa at lists.openstack.org>
> > >> Cc: "Attila Fazekas" <afazekas at redhat.com>
> > >> Sent: Saturday, June 8, 2013 1:49:40 PM
> > >> Subject: Re: [openstack-qa] Is tempest must be able to operate
> > >> without identity admin privileges?
> > >>
> > >> On 06/08/2013 03:06 AM, Attila Fazekas wrote:
> > >>> Hi All,
> > >>>
> > >>> In modeling viewpoint keeping the ability to run tempest without
> > >>> identity admin credentials is not easy.
> > >>>
> > >>> The demo and alt_demo user is still in the config to maintain the
> > >>> ability, to run tempest against a cloud where you do not know the
> > >>> identity admin credentials.
> > >>>
> > >>> I would like to know, is it real use case for anyone ?
> > >>>
> > >>> Without these users you lose the ability to run tempest against
> > >>> any cloud where you do not know the admin credentials.
> > >>>
> > >>> The benefits of removing these can give you:
> > >>>   - simpler model
> > >>>   - better role based test suite
> > >>
> > >> Yes, it is a real use case, we can't remove that.
> > >>
> > >> 	-Sean
> > >>
> > >> --
> > >> Sean Dague
> > >> http://dague.net
> > >>
> > > 
> > > _______________________________________________
> > > openstack-qa mailing list
> > > openstack-qa at lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> > > 
> > 
> > _______________________________________________
> > openstack-qa mailing list
> > openstack-qa at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> > 
> 
> _______________________________________________
> openstack-qa mailing list
> openstack-qa at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> 
> _______________________________________________
> openstack-qa mailing list
> openstack-qa at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> 
> _______________________________________________
> openstack-qa mailing list
> openstack-qa at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> 



More information about the openstack-qa mailing list