Merge "Increase cinder volume quota for cbak job"
diff --git a/.zuul.yaml b/.zuul.yaml
index a9c7d7e..51004ce 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -13,6 +13,8 @@
# do about this, which should be at the March 2023 virtual PTG.
- cinder-tempest-plugin-lvm-tgt-barbican:
voting: false
+ - cinder-tempest-plugin-lvm-lio-barbican-fips:
+ voting: false
- nova-ceph-multistore:
voting: false
- cinder-tempest-plugin-cbak-ceph
@@ -25,9 +27,7 @@
- cinder-tempest-plugin-basic-zed
- cinder-tempest-plugin-basic-yoga
- cinder-tempest-plugin-basic-xena
- # Set this job to voting once we have some actual tests to run
- - cinder-tempest-plugin-protection-functional:
- voting: false
+ - cinder-tempest-plugin-protection-functional
gate:
jobs:
- cinder-tempest-plugin-lvm-lio-barbican
@@ -283,6 +283,19 @@
runs tempest tests and cinderlib tests on CentOS Stream 9.
- job:
+ name: cinder-tempest-plugin-lvm-lio-barbican-fips
+ parent: cinder-tempest-plugin-lvm-lio-barbican-centos-9-stream
+ description: |
+ This job configures Cinder with LVM, LIO, barbican and
+ runs tempest tests and cinderlib tests on CentOS Stream 9
+ under FIPS mode
+ pre-run: playbooks/enable-fips.yaml
+ vars:
+ configure_swap_size: 4096
+ nslookup_target: 'opendev.org'
+ tempest_exclude_regex: 'test_encrypted_cinder_volumes_cryptsetup'
+
+- job:
name: cinder-tempest-plugin-lvm-tgt-barbican
description: |
This jobs configures Cinder with LVM, tgt, barbican and
diff --git a/cinder_tempest_plugin/api/volume/base.py b/cinder_tempest_plugin/api/volume/base.py
index f948a93..ea6bd2e 100644
--- a/cinder_tempest_plugin/api/volume/base.py
+++ b/cinder_tempest_plugin/api/volume/base.py
@@ -138,6 +138,11 @@
'name',
data_utils.rand_name(self.__class__.__name__ + '-instance'))
+ if wait_until == 'SSHABLE' and not kwargs.get('validation_resources'):
+ kwargs['validation_resources'] = (
+ self.get_test_validation_resources(self.os_primary))
+ kwargs['validatable'] = True
+
tenant_network = self.get_tenant_network()
body, _ = compute.create_test_server(
self.os_primary,
diff --git a/cinder_tempest_plugin/api/volume/test_volume_backup.py b/cinder_tempest_plugin/api/volume/test_volume_backup.py
index 7ac33c2..190a483 100644
--- a/cinder_tempest_plugin/api/volume/test_volume_backup.py
+++ b/cinder_tempest_plugin/api/volume/test_volume_backup.py
@@ -31,6 +31,16 @@
if not CONF.volume_feature_enabled.backup:
raise cls.skipException("Cinder backup feature disabled")
+ @classmethod
+ def setup_credentials(cls):
+ # Setting network=True, subnet=True creates a default network
+ cls.set_network_resources(
+ network=True,
+ subnet=True,
+ router=True,
+ dhcp=True)
+ super(VolumesBackupsTest, cls).setup_credentials()
+
@decorators.idempotent_id('885410c6-cd1d-452c-a409-7c32b7e0be15')
def test_volume_snapshot_backup(self):
"""Create backup from snapshot."""
@@ -107,7 +117,7 @@
server = self.create_server(
name=server_name,
block_device_mapping=bd_map,
- wait_until='ACTIVE')
+ wait_until='SSHABLE')
# Delete VM
self.os_primary.servers_client.delete_server(server['id'])
diff --git a/cinder_tempest_plugin/rbac/v3/base.py b/cinder_tempest_plugin/rbac/v3/base.py
index d1a11e5..fe68e97 100644
--- a/cinder_tempest_plugin/rbac/v3/base.py
+++ b/cinder_tempest_plugin/rbac/v3/base.py
@@ -11,11 +11,16 @@
# under the License.
from tempest import config
+from tempest.lib.common import api_microversion_fixture
+from tempest.lib.common import api_version_utils
+from tempest import test
CONF = config.CONF
-class VolumeV3RbacBaseTests(object):
+class VolumeV3RbacBaseTests(
+ api_version_utils.BaseMicroversionTest, test.BaseTestCase
+):
identity_version = 'v3'
@@ -28,6 +33,31 @@
"skipping RBAC tests. To enable these tests set "
"`tempest.conf [enforce_scope] cinder=True`."
)
+ if not CONF.service_available.cinder:
+ skip_msg = ("%s skipped as Cinder is not available" % cls.__name__)
+ raise cls.skipException(skip_msg)
+
+ api_version_utils.check_skip_with_microversion(
+ cls.min_microversion, cls.max_microversion,
+ CONF.volume.min_microversion, CONF.volume.max_microversion)
+
+ @classmethod
+ def setup_credentials(cls):
+ cls.set_network_resources()
+ super(VolumeV3RbacBaseTests, cls).setup_credentials()
+
+ def setUp(self):
+ super(VolumeV3RbacBaseTests, self).setUp()
+ self.useFixture(api_microversion_fixture.APIMicroversionFixture(
+ volume_microversion=self.request_microversion))
+
+ @classmethod
+ def resource_setup(cls):
+ super(VolumeV3RbacBaseTests, cls).resource_setup()
+ cls.request_microversion = (
+ api_version_utils.select_request_microversion(
+ cls.min_microversion,
+ CONF.volume.min_microversion))
def do_request(self, method, expected_status=200, client=None, **payload):
if not client:
diff --git a/cinder_tempest_plugin/rbac/v3/test_capabilities.py b/cinder_tempest_plugin/rbac/v3/test_capabilities.py
index 62f9b58..861cca9 100644
--- a/cinder_tempest_plugin/rbac/v3/test_capabilities.py
+++ b/cinder_tempest_plugin/rbac/v3/test_capabilities.py
@@ -10,17 +10,12 @@
# License for the specific language governing permissions and limitations
# under the License.
-import abc
-
+from cinder_tempest_plugin.rbac.v3 import base as rbac_base
from tempest.lib import decorators
from tempest.lib import exceptions
-from cinder_tempest_plugin.api.volume import base
-from cinder_tempest_plugin.rbac.v3 import base as rbac_base
-
-class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests,
- metaclass=abc.ABCMeta):
+class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests):
@classmethod
def setup_clients(cls):
@@ -37,51 +32,35 @@
cls.admin_stats_client = (
admin_client.volume_scheduler_stats_client_latest)
- @classmethod
- def setup_credentials(cls):
- super().setup_credentials()
- cls.os_primary = getattr(cls, 'os_%s' % cls.credentials[0])
-
- @abc.abstractmethod
- def test_get_capabilities(self):
- """Test volume_extension:capabilities policy.
-
- This test must check:
- * whether the persona can fetch capabilities for a host.
-
- """
- pass
-
-
-class ProjectAdminTests(VolumeV3RbacCapabilityTests, base.BaseVolumeTest):
-
- credentials = ['project_admin', 'system_admin']
-
- @decorators.idempotent_id('1fdbe493-e58f-48bf-bb38-52003eeef8cb')
- def test_get_capabilities(self):
+ def _get_capabilities(self, expected_status):
pools = self.admin_stats_client.list_pools()['pools']
host_name = pools[0]['name']
- self.do_request('show_backend_capabilities', expected_status=200,
- host=host_name)
+ self.do_request(
+ 'show_backend_capabilities',
+ expected_status=expected_status,
+ host=host_name
+ )
-class ProjectMemberTests(ProjectAdminTests, base.BaseVolumeTest):
-
- credentials = ['project_member', 'project_admin', 'system_admin']
-
- @decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab')
- def test_get_capabilities(self):
- pools = self.admin_stats_client.list_pools()['pools']
- host_name = pools[0]['name']
- self.do_request('show_backend_capabilities',
- expected_status=exceptions.Forbidden,
- host=host_name)
-
-
-class ProjectReaderTests(ProjectMemberTests, base.BaseVolumeTest):
-
+class ProjectReaderTests(VolumeV3RbacCapabilityTests):
credentials = ['project_reader', 'project_admin', 'system_admin']
@decorators.idempotent_id('d16034fc-4204-4ea8-94b3-714de59fdfbf')
def test_get_capabilities(self):
- super().test_get_capabilities()
+ self._get_capabilities(expected_status=exceptions.Forbidden)
+
+
+class ProjectMemberTests(VolumeV3RbacCapabilityTests):
+ credentials = ['project_member', 'project_admin', 'system_admin']
+
+ @decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab')
+ def test_get_capabilities(self):
+ self._get_capabilities(expected_status=exceptions.Forbidden)
+
+
+class ProjectAdminTests(VolumeV3RbacCapabilityTests):
+ credentials = ['project_admin', 'system_admin']
+
+ @decorators.idempotent_id('1fdbe493-e58f-48bf-bb38-52003eeef8cb')
+ def test_get_capabilities(self):
+ self._get_capabilities(expected_status=200)
diff --git a/cinder_tempest_plugin/scenario/test_snapshots.py b/cinder_tempest_plugin/scenario/test_snapshots.py
index 99e1057..f376954 100644
--- a/cinder_tempest_plugin/scenario/test_snapshots.py
+++ b/cinder_tempest_plugin/scenario/test_snapshots.py
@@ -23,7 +23,14 @@
def setUp(self):
super(SnapshotDataIntegrityTests, self).setUp()
- self.keypair = self.create_keypair()
+ self.validation_resources = self.get_test_validation_resources(
+ self.os_primary)
+ # NOTE(danms): If validation is enabled, we will have a keypair to use,
+ # otherwise we need to create our own.
+ if 'keypair' in self.validation_resources:
+ self.keypair = self.validation_resources['keypair']
+ else:
+ self.keypair = self.create_keypair()
self.security_group = self.create_security_group()
@decorators.idempotent_id('ff10644e-5a70-4a9f-9801-8204bb81fb61')
@@ -48,6 +55,9 @@
# Create an instance
server = self.create_server(
key_name=self.keypair['name'],
+ validatable=True,
+ validation_resources=self.validation_resources,
+ wait_until='SSHABLE',
security_groups=[{'name': self.security_group['name']}])
# Create an empty volume
diff --git a/cinder_tempest_plugin/scenario/test_volume_encrypted.py b/cinder_tempest_plugin/scenario/test_volume_encrypted.py
index 69edfa6..69b0ab2 100644
--- a/cinder_tempest_plugin/scenario/test_volume_encrypted.py
+++ b/cinder_tempest_plugin/scenario/test_volume_encrypted.py
@@ -38,11 +38,6 @@
def resource_cleanup(cls):
super(TestEncryptedCinderVolumes, cls).resource_cleanup()
- def launch_instance(self):
- keypair = self.create_keypair()
-
- return self.create_server(key_name=keypair['name'])
-
def attach_detach_volume(self, server, volume):
attached_volume = self.nova_volume_attach(server, volume)
self.nova_volume_detach(server, attached_volume)
@@ -108,7 +103,11 @@
self.volumes_client, volume_s['id'], 'available')
volume_source = self.volumes_client.show_volume(
volume_s['id'])['volume']
- server = self.launch_instance()
+ validation_resources = self.get_test_validation_resources(
+ self.os_primary)
+ server = self.create_server(wait_until='SSHABLE',
+ validatable=True,
+ validation_resources=validation_resources)
self.attach_detach_volume(server, volume_source)
@decorators.idempotent_id('5bb622ab-5060-48a8-8840-d589a548b7e4')
@@ -122,9 +121,8 @@
* Create an encrypted volume from image
* Boot an instance from the volume
* Write data to the volume
- * Detach volume
- * Create a clone from the first volume
- * Create another encrypted volume from source_volumeid
+ * Destroy the instance
+ * Create a clone of the encrypted volume
* Boot an instance from cloned volume
* Verify the data
"""
diff --git a/cinder_tempest_plugin/scenario/test_volume_multiattach.py b/cinder_tempest_plugin/scenario/test_volume_multiattach.py
index 235cb25..e04610f 100644
--- a/cinder_tempest_plugin/scenario/test_volume_multiattach.py
+++ b/cinder_tempest_plugin/scenario/test_volume_multiattach.py
@@ -31,7 +31,14 @@
def setUp(self):
super(VolumeMultiattachTests, self).setUp()
- self.keypair = self.create_keypair()
+ self.validation_resources = self.get_test_validation_resources(
+ self.os_primary)
+ # NOTE(danms): If validation is enabled, we will have a keypair to use,
+ # otherwise we need to create our own.
+ if 'keypair' in self.validation_resources:
+ self.keypair = self.validation_resources['keypair']
+ else:
+ self.keypair = self.create_keypair()
self.security_group = self.create_security_group()
@classmethod
@@ -52,6 +59,9 @@
# Create an instance
server_1 = self.create_server(
key_name=self.keypair['name'],
+ wait_until='SSHABLE',
+ validatable=True,
+ validation_resources=self.validation_resources,
security_groups=[{'name': self.security_group['name']}])
# Create multiattach type
@@ -92,6 +102,9 @@
# Create another instance
server_2 = self.create_server(
key_name=self.keypair['name'],
+ validatable=True,
+ validation_resources=self.validation_resources,
+ wait_until='SSHABLE',
security_groups=[{'name': self.security_group['name']}])
instance_2_ip = self.get_server_ip(server_2)
@@ -117,6 +130,9 @@
# Create an instance
server = self.create_server(
key_name=self.keypair['name'],
+ validatable=True,
+ validation_resources=self.validation_resources,
+ wait_until='SSHABLE',
security_groups=[{'name': self.security_group['name']}])
# Create multiattach type
diff --git a/playbooks/enable-fips.yaml b/playbooks/enable-fips.yaml
new file mode 100644
index 0000000..bc1dc04
--- /dev/null
+++ b/playbooks/enable-fips.yaml
@@ -0,0 +1,3 @@
+- hosts: all
+ roles:
+ - enable-fips
diff --git a/requirements.txt b/requirements.txt
index 4d75108..c25d1c5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,4 +5,4 @@
pbr!=2.1.0,>=2.0.0 # Apache-2.0
oslo.config>=5.1.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
-tempest>=27.0.0 # Apache-2.0
+tempest>=34.2.0 # Apache-2.0