Many tests that involve creating users with default passwords would fail in OpenStack environments that have implemented more strengthen password rules.
Examples of Tempest default passwords are: "password", pass_1234567.. (created with data_utils.rand_name('pass_') ... These passwords will fail in environments that require the first character of the password must be a capitalized letter.
Traceback (most recent call last):
======================================================================
FAIL: setUpClass (tempest.api.compute.admin.test_quotas.QuotasAdminTestJSON)
----------------------------------------------------------------------
Traceback (most recent call last):
testtools.testresult.real._StringException: Traceback (most recent call last):
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/test.py", line 256, in setUpClass
cls.setup_credentials()
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/api/compute/base.py", line 362, in setup_credentials
super(BaseComputeAdminTest, cls).setup_credentials()
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/api/compute/base.py", line 55, in setup_credentials
cls.os = cls.get_client_manager()
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/test.py", line 397, in get_client_manager
creds = cls.isolated_creds.get_primary_creds()
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/common/isolated_creds.py", line 324, in get_primary_creds
return self.get_credentials('primary')
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/common/isolated_creds.py", line 306, in get_credentials
credentials = self._create_creds(admin=is_admin)
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/common/isolated_creds.py", line 198, in _create_creds
username, self.password, project, email)
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/common/isolated_creds.py", line 47, in create_user
username, password, project['id'], email)
File "/home/ibm/refstack-client-20150420-master/refstack-client/.tempest/tempest/services/identity/v2/json/identity_client.py", line 158, in create_user
resp, body = self.post('users', post_body)
File "/home/ibm/refstack-client-20150420-sha/refstack-client/.tempest/.venv/local/lib/python2.7/site-packages/tempest_lib/common/rest_client.py", line 252, in post
return self.request('POST', url, extra_headers, headers, body)
File "/home/ibm/refstack-client-20150420-sha/refstack-client/.tempest/.venv/local/lib/python2.7/site-packages/tempest_lib/common/rest_client.py", line 629, in request
resp, resp_body)
File "/home/ibm/refstack-client-20150420-sha/refstack-client/.tempest/.venv/local/lib/python2.7/site-packages/tempest_lib/common/rest_client.py", line 680, in _error_checker
raise exceptions.BadRequest(resp_body)
tempest_lib.exceptions.BadRequest: Bad request
Details: {u'message': u'Password is not strong enough', u'code': 400, u'title': u'Bad Request'}
Hmm, interesting. How are these password enforcement rules set? Is it something that someone is adding ontop of keystone, or a backend specific thing.
I'm trying to figure out how this enforcement is enabled and what it entails. For example, if they're static rules like enforcing the first character is a capital letter, I'm not sure how we would handle that in a generic way. Because rules like that will definitely be deployment specific
But, if it's just a generic password strength checker we can probably handle that by just having a better algorithm used to improve the password strength. A first thought at a fix would be to add a random_password option to tempest-lib's data utils module and have it used for tenant isolation's passwords.
Also, sorry I can't help but put this on the bug. It was the first thing that came to my mind:
https:/ /xkcd.com/ 936/