Merge "Add tests for allow to update share access rule"
diff --git a/manila_tempest_tests/config.py b/manila_tempest_tests/config.py
index decf2ac..4afa4e7 100644
--- a/manila_tempest_tests/config.py
+++ b/manila_tempest_tests/config.py
@@ -40,7 +40,7 @@
"This value is only used to validate the versions "
"response from Manila."),
cfg.StrOpt("max_api_microversion",
- default="2.85",
+ default="2.88",
help="The maximum api microversion is configured to be the "
"value of the latest microversion supported by Manila."),
cfg.StrOpt("region",
diff --git a/manila_tempest_tests/services/share/v2/json/shares_client.py b/manila_tempest_tests/services/share/v2/json/shares_client.py
index e3a022e..d744021 100644
--- a/manila_tempest_tests/services/share/v2/json/shares_client.py
+++ b/manila_tempest_tests/services/share/v2/json/shares_client.py
@@ -899,6 +899,15 @@
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
+ def update_access_rule(self, access_id, access_level,
+ version=LATEST_MICROVERSION):
+ url = 'share-access-rules/%s' % access_id
+ body = {'update_access': {"access_level": access_level}}
+ resp, body = self.put(url, json.dumps(body), version=version)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
def update_access_metadata(self, access_id, metadata,
version=LATEST_MICROVERSION):
url = 'share-access-rules/%s/metadata' % access_id
diff --git a/manila_tempest_tests/tests/api/test_rules.py b/manila_tempest_tests/tests/api/test_rules.py
index 5f39852..9064df3 100644
--- a/manila_tempest_tests/tests/api/test_rules.py
+++ b/manila_tempest_tests/tests/api/test_rules.py
@@ -22,6 +22,7 @@
import testtools
from testtools import testcase as tc
+from manila_tempest_tests.common import waiters
from manila_tempest_tests.tests.api import base
from manila_tempest_tests import utils
@@ -62,6 +63,7 @@
self.share['id'])['access_list']
rule = [r for r in rules if r['id'] == rule['id']][0]
self.assertEqual("active", rule['state'])
+ return rule
@ddt.ddt
@@ -162,8 +164,22 @@
"RO access rule tests are disabled for NFS protocol.")
@ddt.data(*utils.deduplicate(['1.0', '2.9', '2.27', '2.28',
LATEST_MICROVERSION]))
- def test_create_delete_ro_access_rule(self, client_name):
- _create_delete_ro_access_rule(self, client_name)
+ def test_create_delete_ro_access_rule(self, version):
+ _create_delete_ro_access_rule(self, version)
+
+ @decorators.idempotent_id('01940881-6f95-77f8-b47d-0941c4e6bafb')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+ @testtools.skipIf(
+ "nfs" not in CONF.share.enable_ro_access_level_for_protocols,
+ "RO access rule tests are disabled for NFS protocol.")
+ def test_update_access_rule(self):
+ rule = _create_delete_ro_access_rule(self, LATEST_MICROVERSION)
+ rule = self.shares_v2_client.update_access_rule(
+ access_id=rule['id'], access_level='rw')['access']
+ waiters.wait_for_resource_status(
+ self.shares_v2_client, self.share['id'], status='active',
+ resource_name='access_rule', rule_id=rule['id'])
+ self.assertEqual(rule['access_level'], 'rw')
@ddt.ddt
@@ -180,6 +196,17 @@
def test_create_delete_ro_access_rule(self, version):
_create_delete_ro_access_rule(self, version)
+ @decorators.idempotent_id('02940881-6f95-77f8-b47d-0941c4e6bafb')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+ @testtools.skipIf(
+ "cifs" not in CONF.share.enable_ro_access_level_for_protocols,
+ "RO access rule tests are disabled for CIFS protocol.")
+ def test_update_access_rule(self):
+ super(
+ ShareIpRulesForCIFSTest,
+ self
+ ).test_update_access_rule()
+
@ddt.ddt
class ShareUserRulesForNFSTest(base.BaseSharesMixedTest):
diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py
index 84b416d..91ee0b5 100644
--- a/manila_tempest_tests/tests/api/test_rules_negative.py
+++ b/manila_tempest_tests/tests/api/test_rules_negative.py
@@ -368,6 +368,26 @@
CONF.share.username_for_user_rules,
'su')
+ @decorators.idempotent_id('d5b1e7c9-7e6b-4918-a1c4-e03c8d82c46a')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+ def test_update_access_rule_with_worng_level(self):
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.protocol)
+ if access_type != 'ip':
+ msg = "Currently support update for only access_type 'ip'."
+ raise self.skipException(msg)
+
+ rule = self.allow_access(
+ self.share["id"], client=self.shares_v2_client,
+ access_type=access_type, access_to=access_to)
+
+ self.assertRaises(
+ lib_exc.BadRequest,
+ self.shares_v2_client.update_access_rule,
+ rule['id'],
+ access_level='fake_level'
+ )
+
@ddt.ddt
class ShareUserRulesForCIFSNegativeTest(ShareUserRulesForNFSNegativeTest):
diff --git a/manila_tempest_tests/tests/rbac/test_rules.py b/manila_tempest_tests/tests/rbac/test_rules.py
index 1039855..cce3d08 100644
--- a/manila_tempest_tests/tests/rbac/test_rules.py
+++ b/manila_tempest_tests/tests/rbac/test_rules.py
@@ -93,6 +93,10 @@
pass
@abc.abstractmethod
+ def test_update_access(self):
+ pass
+
+ @abc.abstractmethod
def test_delete_access(self):
pass
@@ -155,6 +159,32 @@
self.assertIn(access['id'], access_list)
self.assertNotIn(alt_access['id'], alt_access_list)
+ @decorators.idempotent_id('01939b69-ef9b-75cf-abf7-5171fec7c397')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+ def test_update_access(self):
+ access_type, access_to = (
+ utils.get_access_rule_data_from_config(self.protocol))
+ if access_type != 'ip':
+ message = "Currently support update for only access_type 'ip'."
+ raise self.skipException(message)
+
+ access = self.allow_access(self.share_member_client, self.share['id'])
+ rule = self.do_request(
+ 'update_access_rule', expected_status=200,
+ access_id=access['id'], access_level='ro')['access']
+ waiters.wait_for_resource_status(
+ self.share_member_client, self.share['id'], status='active',
+ resource_name='access_rule', rule_id=rule['id'])
+
+ alt_access = self.allow_access(
+ self.alt_project_share_v2_client, self.alt_share['id'])
+ rule = self.do_request(
+ 'update_access_rule', expected_status=200,
+ access_id=alt_access['id'], access_level='ro')['access']
+ waiters.wait_for_resource_status(
+ self.alt_project_share_v2_client, self.alt_share['id'],
+ status='active', resource_name='access_rule', rule_id=rule['id'])
+
@decorators.idempotent_id('b4d7a91c-a75e-4ad9-93cb-8e5234fea97a')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_grant_access_rule(self):
@@ -285,6 +315,30 @@
self.assertIn(access['id'], access_id_list)
self.assertNotIn(alt_access['id'], access_id_list)
+ @decorators.idempotent_id('02939b69-ef9b-75cf-abf7-5171fec7c397')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+ def test_update_access(self):
+ access_type, access_to = (
+ utils.get_access_rule_data_from_config(self.protocol))
+ if access_type != 'ip':
+ message = "Currently support update for only access_type 'ip'."
+ raise self.skipException(message)
+
+ share_client = getattr(self, 'share_member_client', self.client)
+ access = self.allow_access(share_client, self.share['id'])
+ rule = self.do_request(
+ 'update_access_rule', client=share_client, expected_status=200,
+ access_id=access['id'], access_level='ro')['access']
+ waiters.wait_for_resource_status(
+ share_client, self.share['id'], status='active',
+ resource_name='access_rule', rule_id=rule['id'])
+
+ alt_access = self.allow_access(
+ self.alt_project_share_v2_client, self.alt_share['id'])
+ self.do_request(
+ 'update_access_rule', expected_status=lib_exc.NotFound,
+ access_id=alt_access['id'], access_level='ro')
+
@decorators.idempotent_id('61cf6f6c-5d7c-48d7-9d5a-e6ea288afdbc')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_grant_access_rule(self):
@@ -391,6 +445,20 @@
def test_list_access(self):
super(TestProjectReaderTestsNFS, self).test_list_access()
+ @decorators.idempotent_id('03939b69-ef9b-75cf-abf7-5171fec7c397')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+ def test_update_access(self):
+ access = self.allow_access(self.share_member_client, self.share['id'])
+ self.do_request(
+ 'update_access_rule', expected_status=lib_exc.Forbidden,
+ access_id=access['id'], access_level='ro')
+
+ alt_access = self.allow_access(
+ self.alt_project_share_v2_client, self.alt_share['id'])
+ self.do_request(
+ 'update_access_rule', expected_status=lib_exc.Forbidden,
+ access_id=alt_access['id'], access_level='ro')
+
@decorators.idempotent_id('ace870f9-af91-4259-8760-dc7d7107b7ff')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_grant_access_rule(self):
diff --git a/releasenotes/notes/add-update-access-rules-e43b4d0fbabdb596.yaml b/releasenotes/notes/add-update-access-rules-e43b4d0fbabdb596.yaml
new file mode 100644
index 0000000..29b2936
--- /dev/null
+++ b/releasenotes/notes/add-update-access-rules-e43b4d0fbabdb596.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Added tests to verify share access rule update operation. Update is
+ allowed only for admin and project member. Also supported microversion is
+ increased to 2.88.