Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / manila-tempest-plugin / 145286eb48236f88e2669015fda2cbcf5b43a3c3^2..145286eb48236f88e2669015fda2cbcf5b43a3c3 / .
commit145286eb48236f88e2669015fda2cbcf5b43a3c3[log] [tgz]
authorZuul <zuul@review.opendev.org>Mon Jul 13 20:17:33 2020 +0000
committerGerrit Code Review <review@openstack.org>Mon Jul 13 20:17:33 2020 +0000
treec0eaeac9c678e0da25f398c0b2c5ed71bbdf0a33
parentbf762089a1f865fe15cad44a5c20dfe144968937 [diff]
parent1753a59b43448a77165103558d8d7a318b83f173 [diff]
Merge "Add security service to share networks"
diff --git a/manila_tempest_tests/tests/api/test_rules.py b/manila_tempest_tests/tests/api/test_rules.py
index 7867bb4..42d654e 100644
--- a/manila_tempest_tests/tests/api/test_rules.py
+++ b/manila_tempest_tests/tests/api/test_rules.py

@@ -495,6 +495,31 @@
         self.shares_v2_client.wait_for_resource_deletion(
             rule_id=rule["id"], share_id=self.share['id'])
 
+    @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+    def test_different_users_in_same_tenant_can_use_same_cephx_id(self):
+        # Grant access to the share
+        access1 = self.shares_v2_client.create_access_rule(
+            self.share['id'], self.access_type, self.access_to, 'rw')
+        self.shares_v2_client.wait_for_access_rule_status(
+            self.share['id'], access1['id'], 'active')
+
+        # Create a new user in the current project
+        project = self.os_admin.projects_client.show_project(
+            self.tenant_id)['project']
+        user_client = self.create_user_and_get_client(project)
+
+        # Create second share by the new user
+        share2 = self.create_share(client=user_client.shares_v2_client,
+                                   share_protocol=self.protocol,
+                                   share_type_id=self.share_type_id)
+
+        # Grant access to the second share using the same cephx ID that was
+        # used in access1
+        access2 = user_client.shares_v2_client.create_access_rule(
+            share2['id'], self.access_type, self.access_to, 'rw')
+        user_client.shares_v2_client.wait_for_access_rule_status(
+            share2['id'], access2['id'], 'active')
+
 
 @ddt.ddt
 class ShareRulesTest(base.BaseSharesMixedTest):

diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py
index e532f7e..0fb629e 100644
--- a/manila_tempest_tests/tests/api/test_rules_negative.py
+++ b/manila_tempest_tests/tests/api/test_rules_negative.py

@@ -20,6 +20,7 @@
 from testtools import testcase as tc
 
 from manila_tempest_tests.common import constants
+from manila_tempest_tests import share_exceptions
 from manila_tempest_tests.tests.api import base
 from manila_tempest_tests import utils
 
@@ -385,6 +386,28 @@
                           self.share["id"], self.access_type, self.access_to,
                           access_level="su")
 
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_different_tenants_cannot_use_same_cephx_id(self):
+        # Grant access to the share
+        access1 = self.shares_v2_client.create_access_rule(
+            self.share['id'], self.access_type, self.access_to, 'rw')
+        self.shares_v2_client.wait_for_access_rule_status(
+            self.share['id'], access1['id'], 'active')
+
+        # Create second share by the new user
+        share2 = self.create_share(client=self.alt_shares_v2_client,
+                                   share_protocol=self.protocol,
+                                   share_type_id=self.share_type_id)
+
+        # Try grant access to the second share using the same cephx id as used
+        # on the first share
+        access2 = self.alt_shares_v2_client.create_access_rule(
+            share2['id'], self.access_type, self.access_to, 'rw')
+        self.assertRaises(
+            share_exceptions.AccessRuleBuildErrorException,
+            self.alt_shares_v2_client.wait_for_access_rule_status,
+            share2['id'], access2['id'], 'active')
+
 
 @ddt.ddt
 class ShareRulesNegativeTest(base.BaseSharesMixedTest):

diff --git a/zuul.d/manila-tempest-jobs.yaml b/zuul.d/manila-tempest-jobs.yaml
index b2b0e1e..b46d6c9 100644
--- a/zuul.d/manila-tempest-jobs.yaml
+++ b/zuul.d/manila-tempest-jobs.yaml

@@ -112,7 +112,7 @@
     required-projects:
       - openstack/neutron-dynamic-routing
     vars:
-      tempest_test_regex: '(^manila_tempest_tests.tests)(?=.*\[.*\bbackend\b.*\])'
+      tempest_test_regex: '(^manila_tempest_tests.tests.api)(?=.*\[.*\bbackend\b.*\])'
       devstack_localrc:
         SHARE_DRIVER: manila.share.drivers.lvm.LVMShareDriver
         MANILA_ENABLED_BACKENDS: london,paris
@@ -245,7 +245,7 @@
         SHARE_DRIVER: manila.share.drivers.cephfs.driver.CephFSDriver
         MANILA_ENABLED_BACKENDS: cephfsnative
         ENABLED_SHARE_PROTOCOLS: CEPHFS
-        MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS: 'snapshot_support=False'
+        MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS: 'snapshot_support=True'
         MANILA_OPTGROUP_cephfsnative_share_driver: manila.share.drivers.cephfs.driver.CephFSDriver
         MANILA_OPTGROUP_cephfsnative_driver_handles_share_servers: false
         MANILA_OPTGROUP_cephfsnative_cephfs_conf_path: /etc/ceph/ceph.conf
@@ -259,11 +259,54 @@
               default_share_type_name: default
               enable_cephx_rules_for_protocols: cephfs
               run_share_group_tests: false
-              run_snapshot_tests: false
               multitenancy_enabled: false
+              capability_create_share_from_snapshot_support: false
               suppress_errors_in_cleanup: true
               backend_names: CEPHFSNATIVE
-              capability_snapshot_support: false
               capability_storage_protocol: CEPHFS
               enable_protocols: cephfs
               image_password: manila
+
+
+- job:
+    name: manila-tempest-plugin-cephfs-nfs
+    description: Test CephFS NFS (DHSS=False)
+    parent: manila-tempest-plugin-base
+    required-projects:
+      - openstack/devstack-plugin-ceph
+      - openstack/neutron-dynamic-routing
+    vars:
+      devstack_plugins:
+        devstack-plugin-ceph: https://opendev.org/openstack/devstack-plugin-ceph
+        neutron-dynamic-routing: https://opendev.org/openstack/neutron-dynamic-routing
+      devstack_localrc:
+        SHARE_DRIVER: manila.share.drivers.cephfs.driver.CephFSDriver
+        MANILA_ENABLED_BACKENDS: cephfsnfs
+        ENABLED_SHARE_PROTOCOLS: NFS
+        MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS: 'snapshot_support=True'
+        MANILA_SERVICE_IMAGE_ENABLED: true
+        MANILA_OPTGROUP_cephfsnfs_share_driver: manila.share.drivers.cephfs.driver.CephFSDriver
+        MANILA_OPTGROUP_cephfsnfs_driver_handles_share_servers: false
+        MANILA_OPTGROUP_cephfsnfs_cephfs_protocol_helper_type: NFS
+        MANILA_OPTGROUP_cephfsnfs_cephfs_conf_path: /etc/ceph/ceph.conf
+        MANILA_OPTGROUP_cephfsnfs_cephfs_auth_id: manila
+        MANILA_CEPH_DRIVER: cephfsnfs
+        MANILA_SETUP_IPV6: true
+        NEUTRON_CREATE_INITIAL_NETWORKS: false
+        MANILA_RESTORE_IPV6_DEFAULT_ROUTE: false
+      devstack_local_conf:
+        test-config:
+          $TEMPEST_CONFIG:
+            share:
+              default_share_type_name: default
+              run_ipv6_tests: true
+              run_share_group_tests: false
+              multitenancy_enabled: false
+              suppress_errors_in_cleanup: true
+              backend_names: CEPHFSNFS
+              enable_protocols: nfs
+              capability_storage_protocol: NFS
+              capability_create_share_from_snapshot_support: false
+              image_password: manila
+
+

diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index e06e26d..b7df12c 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml

@@ -10,12 +10,12 @@
             voting: false
         - manila-tempest-plugin-cephfs-native:
             voting: false
+        - manila-tempest-plugin-cephfs-nfs:
+            voting: false
         - manila-tempest-plugin-container:
             voting: false
         - manila-tempest-plugin-generic:
             voting: false
-        - manila-tempest-minimal-dsvm-cephfs-nfs:
-            voting: false
     gate:
       queue: manila
       jobs: