Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / barbican-tempest-plugin / 0ee4c298ce8482bb9c435378f9575a3133dbae1f^2..0ee4c298ce8482bb9c435378f9575a3133dbae1f / .
commit0ee4c298ce8482bb9c435378f9575a3133dbae1f[log] [tgz]
authorZuul <zuul@review.opendev.org>Fri Mar 08 16:18:57 2024 +0000
committerGerrit Code Review <review@openstack.org>Fri Mar 08 16:18:57 2024 +0000
treea6a69e5a558ac7b7ebecfd8e1d7450e4805b2dfe
parentf95155dc767e9a88bf7ce861a9a63319d928d65e [diff]
parentf499f6cc74479fb2f2d806f33f61c4d7d2d0b60d [diff]
Merge "Fix typo in branch name for 2023.2"
diff --git a/.zuul.yaml b/.zuul.yaml
index 6c885b6..023452c 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml

@@ -42,7 +42,7 @@
         test-config:
           $TEMPEST_CONFIG:
             auth:
-              tempest_roles: creator
+              create_isolated_networks: False
             image-feature-enabled:
               # this may be removed soon, as api_v1 is false since tempest>=20
               api_v1: False
@@ -159,21 +159,20 @@
     name: barbican-tempest-plugin-simple-crypto-secure-rbac
     parent: barbican-tempest-plugin-simple-crypto
     vars:
+      devstack_localrc:
+        ENFORCE_SCOPE: True
       devstack_local_conf:
-        post-config:
-          $BARBICAN_CONF:
-            oslo_policy:
-              enforce_new_defaults: True
-              enforce_scope: True
-            # (lpiwowar): Uncomment once this bug is resolved:
-            # https://bugs.launchpad.net/barbican/+bug/2043457
-            # secretstore:
-            #  enable_multiple_secret_stores: True
-            #  stores_lookup_suffix: simple_crypto
-            # secretstore:simple_crypto:
-            #  secret_store_plugin: store_crypto
-            #  crypto_plugin: simple_crypto
-            #  global_default: true
+        # (lpiwowar): Uncomment once this bug is resolved:
+        # https://bugs.launchpad.net/barbican/+bug/2043457
+        # post-config:
+        #   $BARBICAN_CONF:
+        #     secretstore:
+        #      enable_multiple_secret_stores: True
+        #      stores_lookup_suffix: simple_crypto
+        #     secretstore:simple_crypto:
+        #      secret_store_plugin: store_crypto
+        #      crypto_plugin: simple_crypto
+        #      global_default: true
         test-config:
           $TEMPEST_CONFIG:
             enforce_scope:

diff --git a/barbican_tempest_plugin/tests/api/base.py b/barbican_tempest_plugin/tests/api/base.py
index aa500f7..50ae662 100644
--- a/barbican_tempest_plugin/tests/api/base.py
+++ b/barbican_tempest_plugin/tests/api/base.py

@@ -61,8 +61,7 @@
                          api_version_utils.BaseMicroversionTest):
     """Base class for all api tests."""
 
-    # Why do I have to be an admin to create secrets? No idea...
-    credentials = ('admin', ['service_admin', 'key-manager:service-admin'])
+    credentials = ['project_admin']
     client_manager = clients.Clients
     created_objects = {}
 
@@ -88,8 +87,6 @@
         cls.secret_consumer_client = os.secret_v1_1.SecretConsumerClient()
         cls.secret_metadata_client = os.secret_v1.SecretMetadataClient()
         cls.version_client = os.secret_v1_1.VersionClient()
-
-        os = getattr(cls, 'os_roles_%s' % cls.credentials[1][0])
         cls.quota_client = os.secret_v1.QuotaClient()
 
     @classmethod

diff --git a/barbican_tempest_plugin/tests/api/test_quotas.py b/barbican_tempest_plugin/tests/api/test_quotas.py
index f2e00c1..e9cc39a 100644
--- a/barbican_tempest_plugin/tests/api/test_quotas.py
+++ b/barbican_tempest_plugin/tests/api/test_quotas.py

@@ -16,7 +16,7 @@
 
 from tempest import config
 from tempest.lib import decorators
-from tempest.lib import exceptions
+
 
 CONF = config.CONF
 
@@ -26,26 +26,19 @@
 
     @decorators.idempotent_id('47ebc42b-0e53-4060-b1a1-55bee2c7c43f')
     def test_get_effective_quota(self):
-        if CONF.enforce_scope.barbican:
-            # This test is using key-manager:service-admin legacy
-            # role. User with only this role should get a Forbidden
-            # error when trying to get effective quotas in SRBAC
-            # environment.
-            self.assertRaises(
-                exceptions.Forbidden,
-                self.quota_client.get_default_project_quota)
-        else:
-            body = self.quota_client.get_default_project_quota()
-            quotas = body.get('quotas')
-            self.assertEqual(-1, quotas.get('secrets'))
-            self.assertEqual(-1, quotas.get('cas'))
-            self.assertEqual(-1, quotas.get('orders'))
-            self.assertEqual(-1, quotas.get('containers'))
-            self.assertEqual(-1, quotas.get('consumers'))
+        body = self.quota_client.get_default_project_quota()
+        quotas = body.get('quotas')
+        self.assertEqual(-1, quotas.get('secrets'))
+        self.assertEqual(-1, quotas.get('cas'))
+        self.assertEqual(-1, quotas.get('orders'))
+        self.assertEqual(-1, quotas.get('containers'))
+        self.assertEqual(-1, quotas.get('consumers'))
 
 
 class ProjectQuotasTest(base.BaseKeyManagerTest):
 
+    credentials = ['admin', ['service_admin', 'key-manager:service-admin']]
+
     @classmethod
     def skip_checks(cls):
         super().skip_checks()
@@ -56,6 +49,11 @@
             raise cls.skipException("enforce_scope is enabled for barbican, "
                                     "skipping project quota tests.")
 
+    @classmethod
+    def setup_clients(cls):
+        super().setup_clients()
+        cls.quota_client = cls.os_roles_service_admin.secret_v1.QuotaClient()
+
     @decorators.idempotent_id('07dec492-7f19-4d94-a9d7-28c0643db1bc')
     def test_manage_project_quotas(self):
         # Confirm that there are no quotas

diff --git a/setup.cfg b/setup.cfg
index 110ab8e..77913d7 100644
--- a/setup.cfg
+++ b/setup.cfg

@@ -16,6 +16,8 @@
     Programming Language :: Python :: 3
     Programming Language :: Python :: 3.8
     Programming Language :: Python :: 3.9
+    Programming Language :: Python :: 3.10
+    Programming Language :: Python :: 3.11
 
 [files]
 packages =