Merge "Use consistent naming for enforce_scope option"
diff --git a/barbican_tempest_plugin/tests/api/test_quotas.py b/barbican_tempest_plugin/tests/api/test_quotas.py
index 4c63ba1..8aadbd5 100644
--- a/barbican_tempest_plugin/tests/api/test_quotas.py
+++ b/barbican_tempest_plugin/tests/api/test_quotas.py
@@ -56,6 +56,7 @@
raise cls.skipException("enforce_scope is enabled for barbican, "
"skipping project quota tests.")
+ @decorators.idempotent_id('07dec492-7f19-4d94-a9d7-28c0643db1bc')
def test_manage_project_quotas(self):
# Confirm that there are no quotas
body = self.quota_client.list_quotas()
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_containers.py b/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
index 16d743f..dd2123c 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_containers.py
@@ -13,6 +13,7 @@
from tempest import config
from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -195,34 +196,40 @@
**self.test_consumer
)
+ @decorators.idempotent_id('1f0879ae-7e02-4d37-a37c-ee9bc11b40ef')
def test_list_containers(self):
self.assertRaises(
exceptions.Forbidden,
self.client.list_containers)
+ @decorators.idempotent_id('91406373-339d-4322-bf69-e2842564b9d1')
def test_create_container(self):
self.assertRaises(
exceptions.Forbidden,
self.client.create_container)
+ @decorators.idempotent_id('c2f5e209-82db-48c7-b11b-2719d3305753')
def test_get_container(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_container,
container_id=self.container_id)
+ @decorators.idempotent_id('af342d75-67de-4341-9e96-6a58c75a3226')
def test_delete_container(self):
self.assertRaises(
exceptions.Forbidden,
self.client.delete_container,
container_id=self.container_id)
+ @decorators.idempotent_id('baa049d5-72a3-4848-8997-a4abd43e00b3')
def test_get_container_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_container_acl,
self.container_id)
+ @decorators.idempotent_id('6b330e3b-4696-496c-9d65-1cdff39439b9')
def test_update_container_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -230,6 +237,7 @@
self.container_id,
self.valid_acl)
+ @decorators.idempotent_id('f78cd73f-e01f-47d3-be5a-83f56837efa1')
def test_create_container_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -237,18 +245,21 @@
self.container_id,
self.valid_acl)
+ @decorators.idempotent_id('79ef4f66-4a77-44fd-b014-94c075c26bd6')
def test_delete_container_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.client.delete_container,
self.container_id)
+ @decorators.idempotent_id('71b335fc-8cb6-4229-bd02-866df4ede926')
def test_list_container_consumers(self):
self.assertRaises(
exceptions.Forbidden,
self.consumer_client.list_consumers_in_container,
self.container_id)
+ @decorators.idempotent_id('7c64295e-5584-4673-99f8-a87275072f95')
def test_create_container_consumer(self):
self.assertRaises(
exceptions.Forbidden,
@@ -256,6 +267,7 @@
self.container_id,
**self.test_consumer)
+ @decorators.idempotent_id('f3dac21e-cfc2-4a97-bd0e-2a207241e9cf')
def test_delete_container_consumer(self):
self.assertRaises(
exceptions.Forbidden,
@@ -263,6 +275,7 @@
self.container_id,
**self.test_consumer)
+ @decorators.idempotent_id('96cfab13-67f6-488b-868d-f0609c26553a')
def test_add_secret_to_container(self):
self.assertRaises(
exceptions.Forbidden,
@@ -270,6 +283,7 @@
container_id=self.container_id,
secret_id=self.secret_id)
+ @decorators.idempotent_id('d9590a9d-a8be-481e-b50f-22f26973cba4')
def test_delete_secret_from_container(self):
self.assertRaises(
exceptions.Forbidden,
@@ -286,12 +300,14 @@
cls.client = cls.container_client
cls.consumer_client = cls.member_consumer_client
+ @decorators.idempotent_id('028f8858-d463-4f51-befc-63a350e87da2')
def test_list_containers(self):
resp = self.client.list_containers()
containers = resp['containers']
self.assertGreaterEqual(len(containers), 1)
+ @decorators.idempotent_id('db79462a-e6fd-44f5-9d4d-da3c7fda6896')
def test_create_container(self):
container_id = self.create_test_container(
self.client,
@@ -299,6 +315,7 @@
_ = self.container_client.get_container(container_id)
+ @decorators.idempotent_id('8d47fec6-487e-43a5-984d-0c3ef08d23e3')
def test_get_container(self):
resp = self.client.get_container(self.container_id)
@@ -306,6 +323,7 @@
self.container_id,
self.client.ref_to_uuid(resp['container_ref']))
+ @decorators.idempotent_id('3c96cec6-02c9-4cae-bea9-be11b22d21aa')
def test_delete_container(self):
self.client.delete_container(self.container_id)
@@ -314,6 +332,7 @@
for c in resp['containers']]
self.assertNotIn(self.container_id, container_ids)
+ @decorators.idempotent_id('64f5bc21-51b5-451a-932b-e6091bf113c3')
def test_add_secret_to_container(self):
self.client.add_secret_to_container(
container_id=self.container_id,
@@ -324,6 +343,7 @@
for sr in resp['secret_refs']]
self.assertIn(self.secret_id, secret_ids)
+ @decorators.idempotent_id('8efb0a35-9b6d-4bde-84f7-43a72ef86bf3')
def test_delete_secret_from_container(self):
self.client.add_secret_to_container(
self.container_id,
@@ -342,16 +362,19 @@
for sr in resp['secret_refs']]
self.assertNotIn(self.secret_id, secret_ids)
+ @decorators.idempotent_id('167a7fd7-3a08-4d9b-8e5f-2e0d438deea4')
def test_get_container_acl(self):
resp = self.client.get_container_acl(self.container_id)
self.assertIn('read', resp.keys())
+ @decorators.idempotent_id('072fd676-36da-44e5-ab53-29a0f1dfe3f1')
def test_create_container_acl(self):
_ = self.client.put_container_acl(self.container_id, self.valid_acl)
acl = self.client.get_container_acl(self.container_id)
self.assertIn(self.other_secret_client.user_id, acl['read']['users'])
+ @decorators.idempotent_id('f5fb9d69-5942-45a3-8c71-2d723e816d52')
def test_update_container_acl(self):
_ = self.client.put_container_acl(self.container_id, self.valid_acl)
acl = self.client.get_container_acl(self.container_id)
@@ -368,6 +391,7 @@
self.assertNotIn(self.other_secret_client.user_id,
acl['read']['users'])
+ @decorators.idempotent_id('03a94e74-13da-40d5-ac63-19e9e7552379')
def test_delete_container_acl(self):
_ = self.client.put_container_acl(self.container_id, self.valid_acl)
acl = self.client.get_container_acl(self.container_id)
@@ -378,12 +402,14 @@
acl = self.client.get_container_acl(self.container_id)
self.assertNotIn('users', acl['read'].keys())
+ @decorators.idempotent_id('7d171230-0ec5-443c-84df-ba79bea52064')
def test_list_container_consumers(self):
resp = self.consumer_client.list_consumers_in_container(
self.container_id
)
self.assertEqual(1, resp['total'])
+ @decorators.idempotent_id('a7f3b9cb-7be1-49bb-9505-e8b16e30b24f')
def test_create_container_consumer(self):
second_consumer = {
'name': 'another-test-consumer',
@@ -396,6 +422,7 @@
self.assertEqual(2, len(resp['consumers']))
+ @decorators.idempotent_id('b28e5ed5-797a-46fc-81c4-96a8bfa80757')
def test_delete_container_consumer(self):
resp = self.consumer_client.delete_consumer_from_container(
self.container_id,
@@ -442,10 +469,12 @@
self.other_container_client,
data_utils.rand_name('test-containers'))
+ @decorators.idempotent_id('23857de9-c335-4778-b10b-75191990e20c')
def test_list_containers(self):
"""This is not possible across projects"""
pass
+ @decorators.idempotent_id('cff55c34-fdca-44ab-a136-3b70c75fd8ff')
def test_create_container(self):
"""This is not possible across projects"""
pass
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_orders.py b/barbican_tempest_plugin/tests/rbac/v1/test_orders.py
index 964d95d..d054bc9 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_orders.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_orders.py
@@ -11,6 +11,7 @@
# limitations under the License.
import abc
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -89,9 +90,11 @@
super().setup_clients()
cls.client = cls.os_project_reader.secret_v1.OrderClient()
+ @decorators.idempotent_id('78c66385-c8ae-44a7-942e-5e1f87072198')
def test_list_orders(self):
self.assertRaises(exceptions.Forbidden, self.client.list_orders)
+ @decorators.idempotent_id('fa5f861d-a376-437d-ab88-b3eea9a20403')
def test_create_order(self):
self.assertRaises(
exceptions.Forbidden,
@@ -100,6 +103,7 @@
'create_orders_s'
)
+ @decorators.idempotent_id('39227b64-4d99-42ce-9acb-0fc4df2949ab')
def test_get_order(self):
order_id = self.create_test_order(self.order_client, 'test_get_order')
self.assertRaises(
@@ -107,6 +111,7 @@
self.client.get_order,
order_id=order_id)
+ @decorators.idempotent_id('ca5ef19c-19f3-45fd-a20d-920c1bb6414c')
def test_delete_order(self):
order_id = self.create_test_order(self.order_client,
'test_delete_order')
@@ -115,6 +120,7 @@
self.client.delete_order,
order_id=order_id)
+ @decorators.idempotent_id('9689c961-2b91-4d4d-b3f3-4f185e7ae1cc')
def test_get_other_project_order(self):
order_id = self.create_test_order(
self.other_order_client,
@@ -124,6 +130,7 @@
self.client.get_order,
order_id)
+ @decorators.idempotent_id('ee9d022c-90d5-427b-b430-b10323270a49')
def test_delete_other_project_order(self):
order_id = self.create_test_order(
self.other_order_client,
@@ -141,19 +148,23 @@
super().setup_clients()
cls.client = cls.os_project_member.secret_v1.OrderClient()
+ @decorators.idempotent_id('789262f2-34fd-46c3-824a-f780d5b5c603')
def test_list_orders(self):
_ = self.create_test_order(self.order_client, 'test_list_orders')
resp = self.client.list_orders()
self.assertGreaterEqual(len(resp['orders']), 1)
+ @decorators.idempotent_id('898154b7-b4e0-44d8-bf84-e87de5d0b48b')
def test_create_order(self):
self.create_test_order(self.client, 'create_orders_s')
+ @decorators.idempotent_id('798c715d-37fb-4c8b-89c5-e679b016fde7')
def test_get_order(self):
order_id = self.create_test_order(self.order_client, 'test_get_order')
resp = self.client.get_order(order_id)
self.assertEqual(order_id, self.client.ref_to_uuid(resp['order_ref']))
+ @decorators.idempotent_id('fe26f0a1-bcfe-449d-8fd1-ccc4c28f13c2')
def test_delete_order(self):
order_id = self.create_test_order(self.order_client,
'test_delete_order')
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_quotas.py b/barbican_tempest_plugin/tests/rbac/v1/test_quotas.py
index ffabc1e..0c72f38 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_quotas.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_quotas.py
@@ -11,6 +11,7 @@
# limitations under the License.
import abc
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -117,13 +118,16 @@
super().setup_clients()
cls.client = cls.os_project_reader.secret_v1.QuotaClient()
+ @decorators.idempotent_id('936e480a-f603-4d9e-bc77-9a69ef05ac28')
def test_get_effective_project_quota(self):
resp = self.client.get_default_project_quota()
self.assertIn('quotas', resp)
+ @decorators.idempotent_id('528907ad-efd8-481e-b57e-7faed7198405')
def test_list_project_quotas(self):
self.assertRaises(exceptions.Forbidden, self.client.list_quotas)
+ @decorators.idempotent_id('948afb0d-35e8-4a23-880f-b2dc3eebf1bd')
def test_get_custom_quota_for_project(self):
project_id = self.client.tenant_id
self.assertRaises(
@@ -131,6 +135,7 @@
self.client.get_project_quota,
project_id)
+ @decorators.idempotent_id('c29af3ed-561e-48da-8a1b-81ba19c943bb')
def test_set_new_quota_for_project(self):
project_id = self.client.tenant_id
self.assertRaises(
@@ -144,6 +149,7 @@
}
)
+ @decorators.idempotent_id('7382fb20-01f6-4322-9ebc-5bf6038e3e1b')
def test_remove_custom_quota_for_project(self):
project_id = self.client.tenant_id
self.assertRaises(
@@ -151,6 +157,7 @@
self.client.delete_project_quota,
project_id)
+ @decorators.idempotent_id('5d062790-6754-4d21-bd0c-08d4a74fa6f3')
def test_get_custom_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.assertRaises(
@@ -158,6 +165,7 @@
self.client.get_project_quota,
project_id)
+ @decorators.idempotent_id('26bd25ab-92c2-4437-a742-f301703ce523')
def test_set_new_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.assertRaises(
@@ -171,6 +179,7 @@
}
)
+ @decorators.idempotent_id('7a763152-c64b-42d5-9669-213681327c58')
def test_remove_custom_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.assertRaises(
@@ -194,10 +203,12 @@
super().setup_clients()
cls.client = cls.os_project_admin.secret_v1.QuotaClient()
+ @decorators.idempotent_id('9099766d-96b3-448d-b400-3b08563d15fc')
def test_list_project_quotas(self):
quotas = self.client.list_quotas()
self.assertIn("project_quotas", quotas)
+ @decorators.idempotent_id('dc5125a6-bc94-4426-ba9d-03e2b03c81a8')
def test_get_custom_quota_for_project(self):
project_id = self.client.tenant_id
self.client.create_project_quota(
@@ -210,6 +221,7 @@
quota = self.client.get_project_quota(project_id)
self.assertIn("project_quotas", quota)
+ @decorators.idempotent_id('6b169f51-9b17-4d05-aee8-849b94101246')
def test_set_new_quota_for_project(self):
project_id = self.client.tenant_id
self.client.create_project_quota(
@@ -222,6 +234,7 @@
quota = self.client.get_project_quota(project_id)
self.assertIn("project_quotas", quota)
+ @decorators.idempotent_id('7a16b9d6-cfdc-4eb7-9e89-b824c612609e')
def test_remove_custom_quota_for_project(self):
project_id = self.client.tenant_id
self.client.create_project_quota(
@@ -239,6 +252,7 @@
self.client.get_project_quota,
project_id)
+ @decorators.idempotent_id('17936c5b-5e89-4717-9826-a22243b947cb')
def test_get_custom_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.client.create_project_quota(
@@ -251,6 +265,7 @@
quota = self.client.get_project_quota(project_id)
self.assertIn("project_quotas", quota)
+ @decorators.idempotent_id('d41c97e6-e77d-4bc4-a72d-b068294a0ef6')
def test_set_new_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.client.create_project_quota(
@@ -263,6 +278,7 @@
quota = self.client.get_project_quota(project_id)
self.assertIn("project_quotas", quota)
+ @decorators.idempotent_id('89fb47fd-bf05-4df0-bd47-282417c110b9')
def test_remove_custom_quota_for_other_project(self):
project_id = self.other_secret_client.tenant_id
self.client.create_project_quota(
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secret_metadata.py b/barbican_tempest_plugin/tests/rbac/v1/test_secret_metadata.py
index a8e61a7..72aa668 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_secret_metadata.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_secret_metadata.py
@@ -13,6 +13,7 @@
import abc
from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -178,6 +179,7 @@
'foo',
'bar')
+ @decorators.idempotent_id('2dd1cb04-67e9-4c3c-a40e-12184eff5bc6')
def test_create_key_value_pair(self):
self.assertRaises(
exceptions.Forbidden,
@@ -187,6 +189,7 @@
'foo'
)
+ @decorators.idempotent_id('33c1d271-5367-4f0e-a2e7-c28ea1130fa6')
def test_put_secret_metadata(self):
meta = {
'foo': 'bar',
@@ -198,12 +201,14 @@
self.secret_id,
**meta)
+ @decorators.idempotent_id('8f22488b-52d5-4a28-ae32-faf1514ef390')
def test_get_secret_metadata(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_secret_metadata,
self.secret_id)
+ @decorators.idempotent_id('df6bbafc-f836-44b4-a0a7-3d0f94f5b9ac')
def test_update_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -212,6 +217,7 @@
'foo',
'baz')
+ @decorators.idempotent_id('b2f3bafb-4a21-47da-966f-3e3010571596')
def test_get_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -219,6 +225,7 @@
self.secret_id,
'foo')
+ @decorators.idempotent_id('0d80db72-fc6f-445f-b402-f86c91233b4f')
def test_delete_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -226,6 +233,7 @@
self.secret_id,
'foo')
+ @decorators.idempotent_id('7c6223b6-5a2f-4989-ae54-db253702af98')
def test_create_key_value_pair_on_other_secret(self):
self.assertRaises(
exceptions.Forbidden,
@@ -235,6 +243,7 @@
'foo'
)
+ @decorators.idempotent_id('c1738dd5-e67a-4b48-8064-c198ca0a7970')
def test_put_secret_metadata_on_other_secret(self):
meta = {
'foo': 'bar',
@@ -246,12 +255,14 @@
self.other_secret_id,
**meta)
+ @decorators.idempotent_id('efb8d207-5418-4c3a-bb30-d1d5e1695c41')
def test_get_secret_metadata_from_other_secret(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_secret_metadata,
self.other_secret_id)
+ @decorators.idempotent_id('489d52ae-3324-420b-b69c-938f2eb41f6f')
def test_update_other_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -260,6 +271,7 @@
'foo',
'baz')
+ @decorators.idempotent_id('f2cbaec3-94ff-4a9c-bc2d-4c728f46313b')
def test_get_other_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -267,6 +279,7 @@
self.other_secret_id,
'foo')
+ @decorators.idempotent_id('fb581f6c-1d59-420c-b05b-227514c75789')
def test_delete_other_secret_metadata_by_key(self):
self.assertRaises(
exceptions.Forbidden,
@@ -282,6 +295,7 @@
super().setup_clients()
cls.client = cls.secret_metadata_client
+ @decorators.idempotent_id('73d4c9cc-b7ad-4706-bec4-e7dc70698711')
def test_create_key_value_pair(self):
resp = self.client.create_key_value_pair(
self.secret_id,
@@ -291,6 +305,7 @@
self.assertEqual('mykey', resp['key'])
self.assertEqual('foo', resp['value'])
+ @decorators.idempotent_id('f7178757-5ae4-4041-a57c-322f7665f055')
def test_put_secret_metadata(self):
test_meta = {
'foo': 'baz',
@@ -302,23 +317,27 @@
self.assertIn('bar', resp.keys())
self.assertEqual('baz', resp['foo'])
+ @decorators.idempotent_id('054348d4-c4b4-446a-ad98-c79f6de42eec')
def test_get_secret_metadata(self):
resp = self.client.get_secret_metadata(self.secret_id)
self.assertIn('foo', resp.keys())
self.assertEqual('bar', resp['foo'])
+ @decorators.idempotent_id('7ed07736-39e7-4c4f-b5c9-f59017f3e80b')
def test_update_secret_metadata_by_key(self):
self.client.update_secret_metadata(self.secret_id, 'foo', 'baz')
resp = self.secret_metadata_client.get_secret_metadata(self.secret_id)
self.assertEqual('baz', resp['foo'])
+ @decorators.idempotent_id('26160af4-ff17-4023-9238-a2a9dca9946c')
def test_get_secret_metadata_by_key(self):
resp = self.client.get_secret_metadata_by_key(self.secret_id, 'foo')
self.assertEqual('foo', resp['key'])
self.assertEqual('bar', resp['value'])
+ @decorators.idempotent_id('3740d6ec-304f-43ce-aa54-af62006715d8')
def test_delete_secret_metadata_by_key(self):
self.client.delete_secret_metadata_by_key(self.secret_id, 'foo')
self.assertRaises(
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secret_stores.py b/barbican_tempest_plugin/tests/rbac/v1/test_secret_stores.py
index 6c12624..769c91d 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_secret_stores.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_secret_stores.py
@@ -12,6 +12,7 @@
import abc
from tempest import config
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -102,10 +103,12 @@
super().setup_clients()
cls.client = cls.os_project_member.secret_v1.SecretStoresClient()
+ @decorators.idempotent_id('bf31560c-42e5-4afc-b1d6-a3a8aa7773d3')
def test_list_secret_stores(self):
resp = self.do_request('list_secret_stores')
self.assertIn('secret_stores', resp)
+ @decorators.idempotent_id('28d8e43b-af38-4985-8f70-3c1098116561')
def test_get_secret_store(self):
resp = self.do_request('list_secret_stores')
secret_store_id = self.ref_to_uuid(
@@ -116,10 +119,12 @@
self.assertEqual(secret_store_id,
self.ref_to_uuid(resp['secret_store_ref']))
+ @decorators.idempotent_id('e97d0cbe-112c-490e-b3d7-02981161d471')
def test_get_global_secret_store(self):
resp = self.do_request('get_global_secret_store')
self.assertTrue(resp['global_default'])
+ @decorators.idempotent_id('c3554210-8960-4d09-a1ba-369b8df6ca1f')
def test_get_preferred_secret_store(self):
# First use project admin to set preferred secret store
resp = self.do_request('list_secret_stores')
@@ -136,6 +141,7 @@
resp = self.do_request('get_preferred_secret_store')
self.assertEqual('ACTIVE', resp['status'])
+ @decorators.idempotent_id('ada28e3a-ec67-4994-9dde-410463d6d06e')
def test_set_preferred_secret_store(self):
resp = self.do_request('list_secret_stores')
secret_store_id = self.ref_to_uuid(
@@ -145,6 +151,7 @@
expected_status=exceptions.Forbidden,
secret_store_id=secret_store_id)
+ @decorators.idempotent_id('c3f52fd1-5d18-498f-81b2-45df5cb09a87')
def test_unset_preferred_secret_store(self):
resp = self.do_request('list_secret_stores')
secret_store_id = self.ref_to_uuid(
@@ -162,6 +169,7 @@
super().setup_clients()
cls.client = cls.os_project_admin.secret_v1.SecretStoresClient()
+ @decorators.idempotent_id('c459deb6-6447-43c4-820b-384903e700cb')
def test_set_preferred_secret_store(self):
resp = self.do_request('list_secret_stores')
secret_store_id = self.ref_to_uuid(
@@ -173,6 +181,7 @@
self.assertEqual(secret_store_id,
self.ref_to_uuid(resp['secret_store_ref']))
+ @decorators.idempotent_id('d21ca9b6-b62e-43d1-9c9f-a6e16c939c01')
def test_unset_preferred_secret_store(self):
resp = self.do_request('list_secret_stores')
secret_store_id = self.ref_to_uuid(
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
index baccb97..aab76e1 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
@@ -17,6 +17,7 @@
from tempest import config
from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base as rbac_base
@@ -270,6 +271,7 @@
class ProjectReaderTests(ProjectReaderBase, BarbicanV1RbacSecrets):
+ @decorators.idempotent_id('e4dfbae6-faca-42a7-a06b-2655e29df193')
def test_create_secret(self):
"""Test add_secret policy."""
self.assertRaises(exceptions.Forbidden, self.client.create_secret)
@@ -285,6 +287,7 @@
payload_content_encoding="base64"
)
+ @decorators.idempotent_id('f2649794-10d2-4742-a81c-af78eb3d9c0e')
def test_list_secrets(self):
"""Test get_secrets policy."""
# create two secrets
@@ -308,6 +311,7 @@
# list all secrets
self.assertRaises(exceptions.Forbidden, self.client.list_secrets)
+ @decorators.idempotent_id('6a4cfca5-1841-49f4-ae1d-bbde0fa94bd7')
def test_delete_secret(self):
"""Test delete_secrets policy."""
sec = self.create_empty_secret_admin('secret_1')
@@ -319,6 +323,7 @@
secret_id=uuid
)
+ @decorators.idempotent_id('9c5b46b4-8f0b-4f75-b751-61ddf943fbf3')
def test_get_secret(self):
"""Test get_secret policy."""
sec = self.create_empty_secret_admin('secret_1')
@@ -329,6 +334,7 @@
secret_id=uuid
)
+ @decorators.idempotent_id('b2760216-e492-4081-b981-a5d40bcc6a0e')
def test_get_secret_payload(self):
"""Test get_secret payload policy."""
key, sec = self.create_aes_secret_admin('secret_1')
@@ -341,6 +347,7 @@
secret_id=uuid
)
+ @decorators.idempotent_id('64b4e2e7-0121-46e7-949f-34332efdec6f')
def test_put_secret_payload(self):
"""Test put_secret policy."""
sec = self.create_empty_secret_admin('secret_1')
@@ -355,6 +362,7 @@
secret_id=uuid, payload=key
)
+ @decorators.idempotent_id('5219c830-fe82-4f3b-9eda-e3b5e918ba60')
def test_get_other_project_secret(self):
other_secret_id = self.create_other_project_secret(
'get_other_secret',
@@ -364,6 +372,7 @@
self.client.get_secret_metadata,
other_secret_id)
+ @decorators.idempotent_id('dff3d49e-9e31-46bb-b069-d4c72f591718')
def test_get_other_project_secret_payload(self):
other_secret_id = self.create_other_project_secret(
'get_other_payload',
@@ -373,6 +382,7 @@
self.client.get_secret_payload,
other_secret_id)
+ @decorators.idempotent_id('fb2fe2a4-2ca9-4b64-b18f-cc0877eb27bc')
def test_put_other_project_secret_payload(self):
other_secret_id = self.create_other_project_secret('put_other_payload')
self.assertRaises(
@@ -381,6 +391,7 @@
other_secret_id,
'Shhhh... secret!')
+ @decorators.idempotent_id('fc2f42ec-6bf4-4121-9698-4f0a7d01d8f3')
def test_delete_other_project_secret(self):
other_secret_id = self.create_other_project_secret(
'get_other_payload',
@@ -390,12 +401,14 @@
self.client.delete_secret,
other_secret_id)
+ @decorators.idempotent_id('effafb29-fd10-41fb-9404-585af3de3602')
def test_get_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_secret_acl,
self.secret_id)
+ @decorators.idempotent_id('d5058429-4e98-43ac-bda4-8160b2b95ef7')
def test_put_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -403,6 +416,7 @@
self.secret_id,
self.valid_acl)
+ @decorators.idempotent_id('3350274a-b3f4-4178-927f-2591ef2dbea8')
def test_patch_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -410,18 +424,21 @@
self.secret_id,
self.valid_acl)
+ @decorators.idempotent_id('07104bf1-104b-4fa5-b855-82cba69bf24c')
def test_delete_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.client.delete_secret_acl,
self.secret_id)
+ @decorators.idempotent_id('434187eb-1dd2-4544-bb1e-6be0dca8cd25')
def test_get_other_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.client.get_secret_acl,
self.other_secret_id)
+ @decorators.idempotent_id('32312a70-8f02-4663-b7e0-4432950c2c11')
def test_put_other_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -429,6 +446,7 @@
self.other_secret_id,
self.valid_acl)
+ @decorators.idempotent_id('ad95395f-45b0-4b34-b92a-e6c25f90e798')
def test_patch_other_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -436,6 +454,7 @@
self.other_secret_id,
self.valid_acl)
+ @decorators.idempotent_id('1470e2fc-46ce-4d06-a11a-201e9b5950c6')
def test_delete_other_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -465,12 +484,14 @@
**self.test_consumer
)
+ @decorators.idempotent_id('be85626b-ca83-4c90-9bf0-b918b9de21b6')
def test_list_secret_consumers(self):
self.assertRaises(
exceptions.Forbidden,
self.secret_consumer_client.list_consumers_in_secret,
self.secret_id)
+ @decorators.idempotent_id('d7389369-62e9-4a25-b759-2a64f72fcba2')
def test_create_secret_consumer(self):
self.assertRaises(
exceptions.Forbidden,
@@ -478,6 +499,7 @@
self.secret_id,
**self.test_consumer)
+ @decorators.idempotent_id('dbfba5e4-cd52-4ce9-bf50-a7e933ce5dcc')
def test_delete_secret_consumer(self):
self.assertRaises(
exceptions.Forbidden,
@@ -493,6 +515,7 @@
super().setup_clients()
cls.client = cls.secret_client
+ @decorators.idempotent_id('69f24625-0d8a-4412-b9c2-5a96fc689c87')
def test_create_secret(self):
"""Test add_secret policy."""
self.client.create_secret(name='test_create_secret')
@@ -507,6 +530,7 @@
payload_content_encoding="base64"
)
+ @decorators.idempotent_id('ff89eaa4-0014-4935-80cf-f8b7970387e1')
def test_list_secrets(self):
"""Test get_secrets policy."""
# create two secrets
@@ -528,12 +552,14 @@
secrets = resp['secrets']
self.assertGreaterEqual(len(secrets), 2)
+ @decorators.idempotent_id('bffcf1e6-b9a2-43d8-b95c-b3683d6c4549')
def test_delete_secret(self):
"""Test delete_secrets policy."""
sec = self.create_empty_secret_admin('test_delete_secret_1')
uuid = self.client.ref_to_uuid(sec['secret_ref'])
self.client.delete_secret(uuid)
+ @decorators.idempotent_id('72a59d44-1967-44fc-84a1-157a7bf124fa')
def test_get_secret(self):
"""Test get_secret policy."""
sec = self.create_empty_secret_admin('test_get_secret')
@@ -541,6 +567,7 @@
resp = self.client.get_secret_metadata(uuid)
self.assertEqual(uuid, self.client.ref_to_uuid(resp['secret_ref']))
+ @decorators.idempotent_id('cb848266-0172-4f93-add3-9d6f41a3bc46')
def test_get_secret_payload(self):
"""Test get_secret payload policy."""
key, sec = self.create_aes_secret_admin('test_get_secret_payload')
@@ -550,6 +577,7 @@
payload = self.client.get_secret_payload(uuid)
self.assertEqual(key, base64.b64encode(payload))
+ @decorators.idempotent_id('f6c58ca1-50f2-4454-b3b2-b338a7dcf3cb')
def test_put_secret_payload(self):
"""Test put_secret policy."""
sec = self.create_empty_secret_admin('test_put_secret_payload')
@@ -564,10 +592,12 @@
payload = self.client.get_secret_payload(uuid)
self.assertEqual(key, base64.b64encode(payload))
+ @decorators.idempotent_id('63482006-18b5-40d3-82da-fdc078d6e5fe')
def test_get_secret_acl(self):
acl = self.client.get_secret_acl(self.secret_id)
self.assertIn("read", acl.keys())
+ @decorators.idempotent_id('915bdc2a-94d2-4835-a46e-a27f16ae57a2')
def test_put_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
@@ -580,6 +610,7 @@
resp = self.other_secret_client.get_secret_metadata(self.secret_id)
self.assertIn(self.secret_id, resp['secret_ref'])
+ @decorators.idempotent_id('d6128f75-e7af-43dc-bf43-cf5fdc5f83be')
def test_patch_secret_acl(self):
_ = self.client.put_secret_acl(self.secret_id, self.valid_acl)
acl = self.client.get_secret_acl(self.secret_id)
@@ -594,6 +625,7 @@
self.assertNotIn(self.other_secret_client.user_id,
acl['read']['users'])
+ @decorators.idempotent_id('d566f1ab-c318-42cc-80d9-1ff9178d2c63')
def test_delete_secret_acl(self):
_ = self.client.put_secret_acl(self.secret_id, self.valid_acl)
acl = self.client.get_secret_acl(self.secret_id)
@@ -612,12 +644,14 @@
super().setup_clients()
cls.secret_consumer_client = cls.member_secret_consumer_client
+ @decorators.idempotent_id('ca2bbfa3-90b2-4f4e-8e57-3a3562d202a6')
def test_list_secret_consumers(self):
resp = self.secret_consumer_client.list_consumers_in_secret(
self.secret_id
)
self.assertEqual(1, resp['total'])
+ @decorators.idempotent_id('86cadb1e-f748-4d99-9477-4d171d4e9240')
def test_create_secret_consumer(self):
second_consumer = {
'service': 'service2',
@@ -631,6 +665,7 @@
self.assertEqual(2, len(resp['consumers']))
+ @decorators.idempotent_id('f56c4c14-e8c7-4335-8d84-00f34355b53c')
def test_delete_secret_consumer(self):
resp = self.secret_consumer_client.delete_consumer_from_secret(
self.secret_id,
@@ -665,12 +700,15 @@
super().setup_clients()
cls.secret_consumer_client = cls.admin_secret_consumer_client
+ @decorators.idempotent_id('2da9bfb4-f53b-45c0-b8c9-f657ced99bd4')
def test_create_secret_consumer(self):
pass
+ @decorators.idempotent_id('2a4eaac5-76a1-48e2-b648-b1b02344130b')
def test_delete_secret_consumer(self):
pass
+ @decorators.idempotent_id('34e2ded6-30ea-4f8a-b4e1-3aecac8fdd49')
def test_list_secret_consumers(self):
pass
@@ -682,57 +720,75 @@
super().setup_clients()
cls.client = cls.secret_client
+ @decorators.idempotent_id('104f71f0-8099-43ae-b4d9-cce5781a79b9')
def test_create_secret(self):
pass
+ @decorators.idempotent_id('5a29b825-4f28-4733-90fa-579b63ae2b96')
def test_list_secrets(self):
pass
+ @decorators.idempotent_id('b637c7db-64a9-46c8-b322-c4d282e05164')
def test_delete_secret(self):
pass
+ @decorators.idempotent_id('8d0a7f54-61f3-432e-8f4b-c04945b40373')
def test_get_secret(self):
pass
+ @decorators.idempotent_id('1bc76c3a-a69e-4285-8f8e-f7bacd01fef8')
def test_get_secret_payload(self):
pass
+ @decorators.idempotent_id('c2f38e3d-cc52-43c0-9fb3-8065797c40da')
def test_put_secret_payload(self):
pass
+ @decorators.idempotent_id('be392729-af43-4aab-bbc7-43fcd5df9140')
def test_get_other_project_secret(self):
pass
+ @decorators.idempotent_id('cc021881-7fba-48a2-aa6e-68c426b382f9')
def test_get_other_project_secret_payload(self):
pass
+ @decorators.idempotent_id('e87f5e40-7bb3-4fc8-aa5a-23cc1a8850f5')
def test_put_other_project_secret_payload(self):
pass
+ @decorators.idempotent_id('ce878824-d424-4abb-8217-068c9a99333b')
def test_delete_other_project_secret(self):
pass
+ @decorators.idempotent_id('be04944b-b4e2-4f66-b58a-3d047c99d939')
def test_get_secret_acl(self):
pass
+ @decorators.idempotent_id('65ce0063-d6f1-463c-b752-d4871a9df684')
def test_put_secret_acl(self):
pass
+ @decorators.idempotent_id('81423acc-240c-46f0-8de9-4cf6ab5d4bc4')
def test_patch_secret_acl(self):
pass
+ @decorators.idempotent_id('d55d5798-c23f-4108-8005-963d350d9d41')
def test_delete_secret_acl(self):
pass
+ @decorators.idempotent_id('5490d517-ba6c-4e28-8712-07dbc9bb9ada')
def test_get_other_secret_acl(self):
pass
+ @decorators.idempotent_id('1ae61619-104a-4497-999c-00671335bc4f')
def test_put_other_secret_acl(self):
pass
+ @decorators.idempotent_id('5ec28567-111b-405f-93c9-ed5d4259e918')
def test_patch_other_secret_acl(self):
pass
+ @decorators.idempotent_id('65cfefb4-69a6-4f31-b8e1-defad1b57645')
def test_delete_other_secret_acl(self):
pass
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_transport_keys.py b/barbican_tempest_plugin/tests/rbac/v1/test_transport_keys.py
index fa142f1..65a5c9b 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_transport_keys.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_transport_keys.py
@@ -11,6 +11,7 @@
# limitations under the License.
import abc
+from tempest.lib import decorators
from tempest.lib import exceptions
from barbican_tempest_plugin.tests.rbac.v1 import base
@@ -66,16 +67,19 @@
super().setup_clients()
cls.client = cls.os_project_member.secret_v1.TransportKeyClient()
+ @decorators.idempotent_id('dc647930-d89d-449c-8bf6-b0aff0cd95da')
def test_list_transport_keys(self):
resp = self.do_request('list_transport_keys')
self.assertIn('transport_keys', resp)
+ @decorators.idempotent_id('981d9ec3-7974-40ab-abf0-d19cd17311e0')
def test_create_transport_key(self):
self.do_request('create_transport_key',
expected_status=exceptions.Forbidden,
plugin_name='simple-crypto',
transport_key='???')
+ @decorators.idempotent_id('4d4d46df-ec90-4755-a6e3-aa0ff9204113')
def test_get_transport_key(self):
# TODO(redorobot):
# We need to sort out how system admins create keys before we
@@ -90,6 +94,7 @@
# self.assertEqual(transport_key_id, resp['transport_key_id'])
pass
+ @decorators.idempotent_id('aeae2541-af87-40d6-a4b6-767fcb7416d4')
def test_delete_transport_key(self):
# TODO(redorobot):
# We need to sort out how system admins create keys before we
@@ -112,6 +117,7 @@
super().setup_clients()
cls.client = cls.os_project_admin.secret_v1.TransportKeyClient()
+ @decorators.idempotent_id('bed9bace-9b44-448b-b68e-bff46c4c181e')
def test_create_transport_key(self):
transport_key = self.client.create_transport_key(
plugin_name="simple-crypto",
diff --git a/barbican_tempest_plugin/tests/scenario/test_image_signing.py b/barbican_tempest_plugin/tests/scenario/test_image_signing.py
index 3e8cf05..d91726a 100644
--- a/barbican_tempest_plugin/tests/scenario/test_image_signing.py
+++ b/barbican_tempest_plugin/tests/scenario/test_image_signing.py
@@ -14,12 +14,18 @@
import testtools
from oslo_log import log as logging
+
from tempest.api.compute import base as compute_base
+from tempest.api.image import base
+
from tempest.common import utils
+from tempest.common import waiters
+
from tempest import config
from tempest import exceptions
from tempest.lib.common import api_version_utils
from tempest.lib import decorators
+from tempest.scenario import manager as tempest_manager
from barbican_tempest_plugin.tests.scenario import barbican_manager
@@ -142,3 +148,190 @@
self.assertFalse(any(x in img_meta for x in signature_props))
self.servers_client.delete_server(instance['id'])
+
+
+class ImageSigningVolumeTest(barbican_manager.BarbicanScenarioTest,
+ tempest_manager.EncryptionScenarioTest,
+ compute_base.BaseV2ComputeTest,
+ base.BaseV2ImageTest):
+ """Tests with signed volumes
+
+ The cinder image signature feature is on by default.
+ The set of operation is:
+ * Create signed volume or create encrypted signed volume
+ * Create and upload signed image
+ * Create instance
+ * Attach signed volume to instance
+ """
+
+ min_microversion = '2.1'
+
+ @classmethod
+ def skip_checks(cls):
+ super(ImageSigningVolumeTest, cls).skip_checks()
+ if not CONF.compute_feature_enabled.attach_encrypted_volume:
+ raise cls.skipException("Attach encrypted volumes not supported")
+ if not CONF.volume_feature_enabled.extend_attached_volume:
+ raise cls.skipException("Extend attached volume not supported")
+ if not CONF.volume_feature_enabled.extend_attached_encrypted_volume:
+ raise cls.skipException("Extend attached"
+ "encrypted volume not supported")
+ if not CONF.service_available.nova:
+ raise cls.skipException("Nova service not available")
+
+ def _create_encrypted_signed_volume(self,
+ encryption_provider,
+ volume_type,
+ key_size=256,
+ cipher='aes-xts-plain64',
+ control_location='front-end',
+ imageRef=None):
+
+ """Create an encrypted signed volume"""
+ volume_type = self.create_volume_type(name=volume_type)
+ self.create_encryption_type(type_id=volume_type['id'],
+ provider=encryption_provider,
+ key_size=key_size,
+ cipher=cipher,
+ control_location=control_location)
+ return self.create_volume(imageRef=imageRef,
+ volume_type=volume_type['name'])
+
+ def _volume_create(self, volume_type=None, img_uuid=str):
+ """Create extended signed volume or signed volume"""
+
+ # Create encrypted extended signed volume
+ if volume_type == 'encrypted':
+ volume = self._create_encrypted_signed_volume('luks',
+ volume_type='luks',
+ imageRef=img_uuid)
+ LOG.info("Create encrypted volume%s", volume)
+ waiters.wait_for_volume_resource_status(
+ self.volumes_client, volume['id'], 'available')
+ self.assertEqual(volume['encrypted'], True)
+ extend_size = volume['size'] * 2
+ self.volumes_client.extend_volume(volume_id=volume['id'],
+ new_size=extend_size)
+ LOG.info("Extend volume %s", volume)
+ waiters.wait_for_volume_resource_status(
+ self.volumes_client,
+ volume['id'], 'available')
+ resized_volume = self.volumes_client.show_volume(
+ volume['id'])['volume']
+ self.assertEqual(extend_size, resized_volume['size'])
+ return resized_volume
+
+ # Create signed volume
+ if img_uuid:
+ volume = self.create_volume(imageRef=img_uuid)
+ waiters.wait_for_volume_resource_status(
+ self.volumes_client, volume['id'], 'available')
+ LOG.info("Create volume from signed image %s", volume)
+ return volume
+
+ def _create_instance_attach_volume(self, img_uuid, resized_volume):
+ """Create instance and attach extended signed volume
+
+ The method follows these steps:
+ * Create instance from signed image
+ * Confirm the instance changes state to Active
+ * Attach encrypted or signed volume to instance
+ * Detach volume from instance
+ * Delete instance
+ """
+ # Create instance from signed image
+ instance = self.create_server(name='signed_img_server',
+ image_id=img_uuid,
+ wait_until='ACTIVE')
+ LOG.info("Create instance with signed image %s", instance)
+ instance_id = instance['id']
+
+ # Attach volume to instance
+ attachment = self.attach_volume(instance, resized_volume)
+ waiters.wait_for_volume_resource_status(self.volumes_client,
+ attachment['volumeId'],
+ 'in-use')
+ LOG.info("Attach volume %s to instance %s", resized_volume, instance)
+ self.assertEqual(img_uuid, instance['image']['id'])
+
+ instance_observed = \
+ self.servers_client.show_server(instance_id)['server']
+ self.assertEqual(
+ resized_volume['id'],
+ instance_observed['os-extended-volumes:volumes_attached'][0]['id'])
+
+ self.delete_server(instance_observed['id'])
+
+ @decorators.idempotent_id('72ca044d-39a4-4966-b302-f53a446d3e29')
+ @decorators.attr(type='slow')
+ @utils.services('compute', 'image', 'volume')
+ def test_extend_encrypted_signed_volume_attach_to_instance(self):
+ """Create volume from signed image, extend volume
+
+ and attach volume to instance.
+ Verify that volume can be created from signed image and had
+ image signature properties.
+ The test follows these steps:
+ * Create an asymmetric keypair
+ * Sign an image file with the private key
+ * Create a certificate with the public key
+ * Store the certificate in Barbican
+ * Store the signed image in Glance
+ * Create encrypted signed volume from image and resize volume
+ * Create instance from signed image
+ * Confirm the instance changes state to Active
+ * Attach encrypted signed volume to instance
+ * Detach volume from instance
+ * Delete instance
+ """
+ # Create an encrypted volume and extend volume
+ img_uuid = self.sign_and_upload_image()
+ resized_volume = self._volume_create(volume_type='encrypted',
+ img_uuid=img_uuid)
+ observed_image = self.images_client.show_image(img_uuid)
+ self.assertEqual(
+ resized_volume['volume_image_metadata']['signature_verified'],
+ 'True')
+ self.assertEqual(
+ resized_volume['volume_image_metadata']
+ ['img_signature_certificate_uuid'],
+ observed_image['img_signature_certificate_uuid'])
+ self._create_instance_attach_volume(img_uuid, resized_volume)
+
+ @decorators.idempotent_id('9f28ce2e-362e-46ec-bf56-aebce9cc49fb')
+ @decorators.attr(type='slow')
+ @utils.services('compute', 'image', 'volume')
+ def test_signed_volume_attach_to_instance(self):
+ """Create volume from signed image and attach volume to instance
+
+ Verify that volume can be created from signed image and had
+ image signature properties.
+ The test follows these steps:
+ * Create an asymmetric keypair
+ * Sign an image file with the private key
+ * Create a certificate with the public key
+ * Store the certificate in Barbican
+ * Store the signed image in Glance
+ * Create signed volume from image
+ * Create instance from signed image
+ * Confirm the instance changes state to Active
+ * Attach signed volume to instance
+ * Detach volume from instance
+ * Delete instance
+ """
+
+ # Create image
+ img_uuid = self.sign_and_upload_image()
+
+ # Create volume from signed image
+ volume = self._volume_create(img_uuid=img_uuid)
+ waiters.wait_for_volume_resource_status(self.volumes_client,
+ volume['id'], 'available')
+ observed_image = self.images_client.show_image(img_uuid)
+ self.assertEqual(
+ volume['volume_image_metadata']['signature_verified'],
+ 'True')
+ self.assertEqual(
+ volume['volume_image_metadata']['img_signature_certificate_uuid'],
+ observed_image['img_signature_certificate_uuid'])
+ self._create_instance_attach_volume(img_uuid, volume)