Merge "[RBAC] Making sure export locations are viewable"
diff --git a/manila_tempest_tests/tests/api/admin/test_share_networks.py b/manila_tempest_tests/tests/api/admin/test_share_networks.py
index 82d8a8a..3eedb4e 100644
--- a/manila_tempest_tests/tests/api/admin/test_share_networks.py
+++ b/manila_tempest_tests/tests/api/admin/test_share_networks.py
@@ -18,6 +18,7 @@
from manila_tempest_tests.tests.api import base
from manila_tempest_tests.tests.api import test_share_networks
+from manila_tempest_tests import utils
class ShareNetworkAdminTest(base.BaseSharesMixedTest,
@@ -26,7 +27,7 @@
@classmethod
def resource_setup(cls):
super(ShareNetworkAdminTest, cls).resource_setup()
- ss_data = cls.generate_security_service_data()
+ ss_data = utils.generate_security_service_data()
cls.ss_ldap = cls.create_security_service(**ss_data)
cls.data_sn_with_ldap_ss = {
diff --git a/manila_tempest_tests/tests/api/base.py b/manila_tempest_tests/tests/api/base.py
index 42c2fab..6372034 100755
--- a/manila_tempest_tests/tests/api/base.py
+++ b/manila_tempest_tests/tests/api/base.py
@@ -723,35 +723,6 @@
return replica
@classmethod
- def _get_access_rule_data_from_config(cls):
- """Get the first available access type/to combination from config.
-
- This method opportunistically picks the first configured protocol
- to create the share. Do not use this method in tests where you need
- to test depth and breadth in the access types and access recipients.
- """
- protocol = cls.shares_v2_client.share_protocol
-
- if protocol in CONF.share.enable_ip_rules_for_protocols:
- access_type = "ip"
- access_to = utils.rand_ip()
- elif protocol in CONF.share.enable_user_rules_for_protocols:
- access_type = "user"
- access_to = CONF.share.username_for_user_rules
- elif protocol in CONF.share.enable_cert_rules_for_protocols:
- access_type = "cert"
- access_to = "client3.com"
- elif protocol in CONF.share.enable_cephx_rules_for_protocols:
- access_type = "cephx"
- access_to = data_utils.rand_name(
- cls.__class__.__name__ + '-cephx-id')
- else:
- message = "Unrecognized protocol and access rules configuration."
- raise cls.skipException(message)
-
- return access_type, access_to
-
- @classmethod
def create_share_network(cls, client=None,
cleanup_in_class=False,
add_security_services=True, **kwargs):
@@ -935,40 +906,6 @@
"cleanup '%s'. Skipping.", res["type"])
res["deleted"] = True
- @classmethod
- def generate_share_network_data(self):
- data = {
- "name": data_utils.rand_name("sn-name"),
- "description": data_utils.rand_name("sn-desc"),
- "neutron_net_id": data_utils.rand_name("net-id"),
- "neutron_subnet_id": data_utils.rand_name("subnet-id"),
- }
- return data
-
- @classmethod
- def generate_subnet_data(self):
- data = {
- "neutron_net_id": data_utils.rand_name("net-id"),
- "neutron_subnet_id": data_utils.rand_name("subnet-id"),
- }
- return data
-
- @classmethod
- def generate_security_service_data(self, set_ou=False):
- data = {
- "name": data_utils.rand_name("ss-name"),
- "description": data_utils.rand_name("ss-desc"),
- "dns_ip": utils.rand_ip(),
- "server": utils.rand_ip(),
- "domain": data_utils.rand_name("ss-domain"),
- "user": data_utils.rand_name("ss-user"),
- "password": data_utils.rand_name("ss-password"),
- }
- if set_ou:
- data["ou"] = data_utils.rand_name("ss-ou")
-
- return data
-
# Useful assertions
def assertDictMatch(self, d1, d2, approx_equal=False, tolerance=0.001):
"""Assert two dicts are equivalent.
@@ -1054,7 +991,8 @@
raise_rule_in_error_state=True, cleanup=True):
client = client or self.shares_v2_client
- a_type, a_to = self._get_access_rule_data_from_config()
+ a_type, a_to = utils.get_access_rule_data_from_config(
+ client.share_protocol)
access_type = access_type or a_type
access_to = access_to or a_to
diff --git a/manila_tempest_tests/tests/api/test_access_rules_metadata.py b/manila_tempest_tests/tests/api/test_access_rules_metadata.py
index ee541ac..6b0aa2d 100644
--- a/manila_tempest_tests/tests/api/test_access_rules_metadata.py
+++ b/manila_tempest_tests/tests/api/test_access_rules_metadata.py
@@ -55,8 +55,8 @@
@classmethod
def resource_setup(cls):
super(AccessRulesMetadataTest, cls).resource_setup()
- cls.protocol = cls.shares_v2_client.share_protocol
- cls.access_type, __ = cls._get_access_rule_data_from_config()
+ cls.access_type, __ = utils.get_access_rule_data_from_config(
+ cls.shares_v2_client.share_protocol)
int_range = range(20, 50)
cls.access_to = {
# list of unique values is required for ability to create lots
diff --git a/manila_tempest_tests/tests/api/test_access_rules_metadata_negative.py b/manila_tempest_tests/tests/api/test_access_rules_metadata_negative.py
index c848ed3..98a1361 100644
--- a/manila_tempest_tests/tests/api/test_access_rules_metadata_negative.py
+++ b/manila_tempest_tests/tests/api/test_access_rules_metadata_negative.py
@@ -55,9 +55,9 @@
@classmethod
def resource_setup(cls):
super(AccessesMetadataNegativeTest, cls).resource_setup()
- cls.protocol = cls.shares_v2_client.share_protocol
cls.access_type, cls.access_to = (
- cls._get_access_rule_data_from_config()
+ utils.get_access_rule_data_from_config(
+ cls.shares_v2_client.share_protocol)
)
# create share type
cls.share_type = cls.create_share_type()
diff --git a/manila_tempest_tests/tests/api/test_replication.py b/manila_tempest_tests/tests/api/test_replication.py
index 7873926..9a9a478 100644
--- a/manila_tempest_tests/tests/api/test_replication.py
+++ b/manila_tempest_tests/tests/api/test_replication.py
@@ -330,7 +330,8 @@
@tc.attr(base.TAG_POSITIVE, base.TAG_BACKEND)
def test_add_access_rule_create_replica_delete_rule(self):
# Add access rule to the share
- access_type, access_to = self._get_access_rule_data_from_config()
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.shares_v2_client.share_protocol)
self.allow_access(
self.shares[0]["id"], access_type=access_type, access_to=access_to,
access_level='ro')
@@ -346,7 +347,8 @@
@decorators.idempotent_id('3af3f19a-1195-464e-870b-1a3918914f1b')
@tc.attr(base.TAG_POSITIVE, base.TAG_BACKEND)
def test_create_replica_add_access_rule_delete_replica(self):
- access_type, access_to = self._get_access_rule_data_from_config()
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.shares_v2_client.share_protocol)
# Create the replica
share_replica = self._verify_create_replica()
@@ -408,7 +410,8 @@
share = self.create_shares([self.creation_data])[0]
# Add access rule
- access_type, access_to = self._get_access_rule_data_from_config()
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.shares_v2_client.share_protocol)
self.allow_access(
share["id"], access_type=access_type, access_to=access_to,
access_level='ro')
diff --git a/manila_tempest_tests/tests/api/test_replication_negative.py b/manila_tempest_tests/tests/api/test_replication_negative.py
index e7d0e7d..dde5d80 100644
--- a/manila_tempest_tests/tests/api/test_replication_negative.py
+++ b/manila_tempest_tests/tests/api/test_replication_negative.py
@@ -190,7 +190,8 @@
@decorators.idempotent_id('600a13d2-5cf0-482e-97af-9f598b55a407')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_add_access_rule_share_replica_error_status(self):
- access_type, access_to = self._get_access_rule_data_from_config()
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.shares_v2_client.share_protocol)
# Create the replica
share_replica = self.create_share_replica(self.share1["id"],
self.replica_zone,
@@ -248,7 +249,7 @@
@utils.skip_if_microversion_not_supported("2.51")
def test_try_add_replica_nonexistent_subnet(self):
# Create a new share network only for a specific az
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
subnet = utils.share_network_get_default_subnet(self.share_network)
data['neutron_net_id'] = subnet['neutron_net_id']
data['neutron_subnet_id'] = subnet['neutron_subnet_id']
diff --git a/manila_tempest_tests/tests/api/test_rules.py b/manila_tempest_tests/tests/api/test_rules.py
index 979bf06..925b725 100644
--- a/manila_tempest_tests/tests/api/test_rules.py
+++ b/manila_tempest_tests/tests/api/test_rules.py
@@ -437,9 +437,9 @@
@classmethod
def resource_setup(cls):
super(ShareRulesTest, cls).resource_setup()
- cls.protocol = cls.shares_v2_client.share_protocol
cls.access_type, cls.access_to = (
- cls._get_access_rule_data_from_config()
+ utils.get_access_rule_data_from_config(
+ cls.shares_v2_client.share_protocol)
)
cls.share_type = cls.create_share_type()
cls.share_type_id = cls.share_type['id']
diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py
index 1eb858d..a4b53f5 100644
--- a/manila_tempest_tests/tests/api/test_rules_negative.py
+++ b/manila_tempest_tests/tests/api/test_rules_negative.py
@@ -153,7 +153,8 @@
@decorators.idempotent_id('d2856c7d-9417-416d-8d08-e68376ee5b2e')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_add_access_rule_on_share_with_no_host(self):
- access_type, access_to = self._get_access_rule_data_from_config()
+ access_type, access_to = utils.get_access_rule_data_from_config(
+ self.protocol)
extra_specs = self.add_extra_specs_to_dict(
{"share_backend_name": 'invalid_backend'})
share_type = self.create_share_type('invalid_backend',
diff --git a/manila_tempest_tests/tests/api/test_security_services.py b/manila_tempest_tests/tests/api/test_security_services.py
index f938a91..85ed5fb 100644
--- a/manila_tempest_tests/tests/api/test_security_services.py
+++ b/manila_tempest_tests/tests/api/test_security_services.py
@@ -162,7 +162,7 @@
@decorators.idempotent_id('70927e29-4a6a-431a-bbc1-76bc419e0579')
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_create_delete_security_service(self):
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
self.service_names = ["ldap", "kerberos", "active_directory"]
for ss_name in self.service_names:
ss = self.create_security_service(ss_name, **data)
@@ -176,7 +176,7 @@
def test_get_security_service(self, version):
utils.check_skip_if_microversion_not_supported(version)
with_ou = True if utils.is_microversion_ge(version, '2.44') else False
- data = self.generate_security_service_data(set_ou=with_ou)
+ data = utils.generate_security_service_data(set_ou=with_ou)
if utils.is_microversion_ge(version, '2.0'):
ss = self.create_security_service(
@@ -196,11 +196,11 @@
@decorators.idempotent_id('84d47747-13c8-4ab9-9fc4-a43fbb29ad18')
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_update_security_service(self):
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
ss = self.create_security_service(**data)
self.assertDictContainsSubset(data, ss)
- upd_data = self.generate_security_service_data()
+ upd_data = utils.generate_security_service_data()
updated = self.shares_client.update_security_service(
ss["id"], **upd_data)['security_service']
@@ -211,7 +211,7 @@
if utils.is_microversion_ge(CONF.share.max_api_microversion, '2.44'):
# update again with ou
- upd_data_ou = self.generate_security_service_data(set_ou=True)
+ upd_data_ou = utils.generate_security_service_data(set_ou=True)
updated_ou = self.shares_v2_client.update_security_service(
ss["id"], **upd_data_ou)['security_service']
@@ -225,7 +225,7 @@
@testtools.skipIf(
not CONF.share.multitenancy_enabled, "Only for multitenancy.")
def test_try_update_valid_keys_sh_server_exists(self):
- ss_data = self.generate_security_service_data()
+ ss_data = utils.generate_security_service_data()
ss = self.create_security_service(**ss_data)
sn = self.shares_client.get_share_network(
@@ -274,7 +274,7 @@
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_try_list_security_services_all_tenants_ignored(self):
alt_security_service = self.create_security_service(
- **self.generate_security_service_data(),
+ **utils.generate_security_service_data(),
client=self.alt_shares_v2_client)
alt_security_service_id = alt_security_service['id']
sec_service_list = self.shares_client.list_security_services(
diff --git a/manila_tempest_tests/tests/api/test_security_services_mapping.py b/manila_tempest_tests/tests/api/test_security_services_mapping.py
index 2e7531d..6ce9a0a 100644
--- a/manila_tempest_tests/tests/api/test_security_services_mapping.py
+++ b/manila_tempest_tests/tests/api/test_security_services_mapping.py
@@ -17,6 +17,7 @@
from testtools import testcase as tc
from manila_tempest_tests.tests.api import base
+from manila_tempest_tests import utils
class SecurityServicesMappingTest(base.BaseSharesTest):
@@ -30,7 +31,7 @@
super(SecurityServicesMappingTest, self).setUp()
# create share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
self.sn = self.create_share_network(client=self.cl,
add_security_services=False,
@@ -38,7 +39,7 @@
self.assertDictContainsSubset(data, self.sn)
# create security service
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
self.ss = self.create_security_service(client=self.cl, **data)
self.assertDictContainsSubset(data, self.ss)
diff --git a/manila_tempest_tests/tests/api/test_security_services_mapping_negative.py b/manila_tempest_tests/tests/api/test_security_services_mapping_negative.py
index d0bb321..96506ce 100644
--- a/manila_tempest_tests/tests/api/test_security_services_mapping_negative.py
+++ b/manila_tempest_tests/tests/api/test_security_services_mapping_negative.py
@@ -146,7 +146,7 @@
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_try_map_two_ss_with_same_type_to_sn(self):
# create share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
sn = self.create_share_network(client=self.cl,
add_security_services=False, **data)
@@ -155,7 +155,7 @@
# create security services with same type
security_services = []
for i in range(2):
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
ss = self.create_security_service(client=self.cl, **data)
self.assertDictContainsSubset(data, ss)
security_services.insert(i, ss)
@@ -173,14 +173,14 @@
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_try_delete_ss_that_assigned_to_sn(self):
# create share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
sn = self.create_share_network(client=self.cl,
add_security_services=False, **data)
self.assertDictContainsSubset(data, sn)
# create security service
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
ss = self.create_security_service(client=self.cl, **data)
self.assertDictContainsSubset(data, ss)
diff --git a/manila_tempest_tests/tests/api/test_security_services_negative.py b/manila_tempest_tests/tests/api/test_security_services_negative.py
index 08e3c7b..23c7cc1 100644
--- a/manila_tempest_tests/tests/api/test_security_services_negative.py
+++ b/manila_tempest_tests/tests/api/test_security_services_negative.py
@@ -21,6 +21,7 @@
from testtools import testcase as tc
from manila_tempest_tests.tests.api import base
+from manila_tempest_tests import utils
CONF = config.CONF
LOG = log.getLogger(__name__)
@@ -93,7 +94,7 @@
@testtools.skipIf(
not CONF.share.multitenancy_enabled, "Only for multitenancy.")
def test_try_update_invalid_keys_sh_server_exists(self):
- ss_data = self.generate_security_service_data()
+ ss_data = utils.generate_security_service_data()
ss = self.create_security_service(**ss_data)
sn = self.shares_client.get_share_network(
@@ -129,7 +130,7 @@
@decorators.idempotent_id('288dbf42-ee22-4445-8363-7ebb1c3d89c9')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_get_deleted_security_service(self):
- data = self.generate_security_service_data()
+ data = utils.generate_security_service_data()
ss = self.create_security_service(**data)
self.assertDictContainsSubset(data, ss)
diff --git a/manila_tempest_tests/tests/api/test_share_network_subnets.py b/manila_tempest_tests/tests/api/test_share_network_subnets.py
index cdf2162..da3d5ee 100644
--- a/manila_tempest_tests/tests/api/test_share_network_subnets.py
+++ b/manila_tempest_tests/tests/api/test_share_network_subnets.py
@@ -61,7 +61,7 @@
az_name = az['name']
# Generate subnet data
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
data['share_network_id'] = share_network['id']
data['availability_zone'] = az_name
@@ -95,7 +95,7 @@
az_name = az['name']
# Generate subnet data
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
data['share_network_id'] = share_network['id']
data['availability_zone'] = az_name
diff --git a/manila_tempest_tests/tests/api/test_share_network_subnets_negative.py b/manila_tempest_tests/tests/api/test_share_network_subnets_negative.py
index 7b0ca55..52b297e 100644
--- a/manila_tempest_tests/tests/api/test_share_network_subnets_negative.py
+++ b/manila_tempest_tests/tests/api/test_share_network_subnets_negative.py
@@ -55,7 +55,7 @@
@decorators.idempotent_id('d20b6105-22d1-4fc0-8468-45dd019240c0')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_add_share_network_subnet_share_network_not_found(self):
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
self.assertRaises(lib_exc.NotFound,
self.shares_v2_client.create_subnet,
'fake_inexistent_id',
@@ -94,7 +94,7 @@
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_add_share_network_subnet_missing_parameters(self):
# Generate subnet data
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
data['availability_zone'] = self.az_name
data.pop('neutron_net_id')
@@ -122,7 +122,7 @@
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_get_deleted_subnet(self):
# Generate subnet data
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
data['share_network_id'] = self.share_network_id
az = self.shares_v2_client.list_availability_zones(
)['availability_zones'][0]
diff --git a/manila_tempest_tests/tests/api/test_share_networks.py b/manila_tempest_tests/tests/api/test_share_networks.py
index e3d5a78..f990566 100644
--- a/manila_tempest_tests/tests/api/test_share_networks.py
+++ b/manila_tempest_tests/tests/api/test_share_networks.py
@@ -165,7 +165,7 @@
cls.share_type = cls.create_share_type()
cls.share_type_id = cls.share_type['id']
- ss_data = cls.generate_security_service_data()
+ ss_data = utils.generate_security_service_data()
cls.ss_ldap = cls.create_security_service(**ss_data)
cls.data_sn_with_ldap_ss = {
@@ -219,7 +219,7 @@
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_create_delete_share_network(self):
# generate data for share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
# create share network
created = self.shares_client.create_share_network(
@@ -242,7 +242,7 @@
@decorators.idempotent_id('1837fdd3-8068-4e88-bc50-9224498f84c0')
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_update_share_network(self):
- update_data = self.generate_share_network_data()
+ update_data = utils.generate_share_network_data()
updated = self.shares_client.update_share_network(
self.sn_with_ldap_ss["id"],
**update_data)['share_network']
@@ -268,7 +268,7 @@
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_recreate_share_network(self):
# generate data for share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
# create share network
sn1 = self.shares_client.create_share_network(**data)['share_network']
@@ -288,7 +288,7 @@
@tc.attr(base.TAG_POSITIVE, base.TAG_API)
def test_create_two_share_networks_with_same_net_and_subnet(self):
# generate data for share network
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
# create first share network
sn1 = self.create_share_network(**data)
diff --git a/manila_tempest_tests/tests/api/test_share_networks_negative.py b/manila_tempest_tests/tests/api/test_share_networks_negative.py
index 3306068..94fa7b8 100644
--- a/manila_tempest_tests/tests/api/test_share_networks_negative.py
+++ b/manila_tempest_tests/tests/api/test_share_networks_negative.py
@@ -88,7 +88,7 @@
@decorators.idempotent_id('9166b81c-d6ab-4592-bcf7-9410250e30dd')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
def test_try_get_deleted_share_network(self):
- data = self.generate_share_network_data()
+ data = utils.generate_share_network_data()
sn = self.create_share_network(**data)
self.assertDictContainsSubset(data, sn)
@@ -166,7 +166,7 @@
az_name = az['name']
# Generate subnet data
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
data['share_network_id'] = share_network['id']
data['availability_zone'] = az_name
@@ -200,7 +200,7 @@
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
@decorators.idempotent_id('f6f47c64-6821-4d4a-aa7d-3b0244158197')
def test_check_add_share_network_subnet_share_network_not_found(self):
- data = self.generate_subnet_data()
+ data = utils.generate_subnet_data()
self.assertRaises(lib_exc.NotFound,
self.shares_v2_client.subnet_create_check,
'fake_inexistent_id',
diff --git a/manila_tempest_tests/tests/rbac/base.py b/manila_tempest_tests/tests/rbac/base.py
index db53795..5aaf35e 100644
--- a/manila_tempest_tests/tests/rbac/base.py
+++ b/manila_tempest_tests/tests/rbac/base.py
@@ -102,6 +102,19 @@
return share_network
@classmethod
+ def create_share_type(cls):
+ name = data_utils.rand_name('share-type')
+ extra_specs = {
+ 'driver_handles_share_servers': CONF.share.multitenancy_enabled,
+ }
+ share_type = cls.admin_shares_v2_client.create_share_type(
+ name=name, extra_specs=extra_specs)['share_type']
+ cls.addClassResourceCleanup(
+ cls.delete_resource, cls.admin_shares_v2_client,
+ st_id=share_type['id'])
+ return share_type
+
+ @classmethod
def get_share_type(cls):
return cls.shares_v2_client.get_default_share_type()['share_type']
diff --git a/manila_tempest_tests/tests/rbac/test_availability_zones.py b/manila_tempest_tests/tests/rbac/test_availability_zones.py
new file mode 100644
index 0000000..1754726
--- /dev/null
+++ b/manila_tempest_tests/tests/rbac/test_availability_zones.py
@@ -0,0 +1,69 @@
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+
+from tempest.lib import decorators
+from testtools import testcase as tc
+
+from manila_tempest_tests.tests.api import base
+from manila_tempest_tests.tests.rbac import base as rbac_base
+
+
+class ShareRbacAvailabilityZonesTests(rbac_base.ShareRbacBaseTests,
+ metaclass=abc.ABCMeta):
+
+ @classmethod
+ def setup_clients(cls):
+ super(ShareRbacAvailabilityZonesTests, cls).setup_clients()
+ cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])
+ cls.client = cls.persona.share_v2.SharesV2Client()
+
+ @abc.abstractmethod
+ def test_list_availability_zones(self):
+ pass
+
+
+class TestProjectAdminTestsNFS(ShareRbacAvailabilityZonesTests,
+ base.BaseSharesTest):
+
+ credentials = ['project_admin']
+
+ @decorators.idempotent_id('87d9bb1c-f4de-40e5-8f25-05a6e1055c0b')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_list_availability_zones(self):
+ self.do_request('list_availability_zones', expected_status=200)
+
+
+class TestProjectMemberTestsNFS(ShareRbacAvailabilityZonesTests,
+ base.BaseSharesTest):
+
+ credentials = ['project_member']
+
+ @decorators.idempotent_id('ee2db349-176a-47bc-a20d-5ba9b5f8a813')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_list_availability_zones(self):
+ self.do_request('list_availability_zones', expected_status=200)
+
+
+class TestProjectReaderTestsNFS(ShareRbacAvailabilityZonesTests,
+ base.BaseSharesTest):
+
+ credentials = ['project_reader']
+
+ @decorators.idempotent_id('a095fac8-ae62-4be7-8a3e-b0fc1bc71348')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_list_availability_zones(self):
+ self.do_request('list_availability_zones', expected_status=200)
diff --git a/manila_tempest_tests/tests/rbac/test_share_type_extra_specs.py b/manila_tempest_tests/tests/rbac/test_share_type_extra_specs.py
new file mode 100644
index 0000000..0fae6f0
--- /dev/null
+++ b/manila_tempest_tests/tests/rbac/test_share_type_extra_specs.py
@@ -0,0 +1,170 @@
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+
+from tempest import config
+from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
+from testtools import testcase as tc
+
+from manila_tempest_tests.tests.api import base
+from manila_tempest_tests.tests.rbac import base as rbac_base
+
+CONF = config.CONF
+
+
+class ShareRbacExtraSpecsTests(rbac_base.ShareRbacBaseTests,
+ metaclass=abc.ABCMeta):
+
+ @classmethod
+ def setup_clients(cls):
+ super(ShareRbacExtraSpecsTests, cls).setup_clients()
+ cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])
+ cls.client = cls.persona.share_v2.SharesV2Client()
+ cls.admin_shares_v2_client = (
+ cls.os_project_admin.share_v2.SharesV2Client())
+
+ @classmethod
+ def resource_setup(cls):
+ super(ShareRbacExtraSpecsTests, cls).resource_setup()
+ cls.extra_specs = {u'key': u'value'}
+ cls.share_type = cls.create_share_type()
+
+ @abc.abstractmethod
+ def test_create_share_type_extra_specs(self):
+ pass
+
+ @abc.abstractmethod
+ def test_get_share_type_extra_specs(self):
+ pass
+
+ @abc.abstractmethod
+ def test_update_share_type_extra_spec(self):
+ pass
+
+ @abc.abstractmethod
+ def test_delete_share_type_extra_spec(self):
+ pass
+
+
+class ProjectAdminTests(ShareRbacExtraSpecsTests, base.BaseSharesTest):
+
+ credentials = ['project_admin']
+
+ @classmethod
+ def setup_clients(cls):
+ super(ProjectAdminTests, cls).setup_clients()
+ project_member = cls.setup_user_client(
+ cls.persona, project_id=cls.persona.credentials.project_id)
+ cls.share_member_client = project_member.share_v2.SharesV2Client()
+
+ @decorators.idempotent_id('d51817f4-b186-4eca-8779-f3c36dcd98e7')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_create_share_type_extra_specs(self):
+ self.do_request(
+ 'create_share_type_extra_specs', expected_status=200,
+ share_type_id=self.share_type['id'], extra_specs=self.extra_specs)
+ self.addCleanup(
+ self.admin_shares_v2_client.delete_share_type_extra_spec,
+ self.share_type['id'], extra_spec_name='key')
+
+ @decorators.idempotent_id('d4deeb0b-8765-4487-9f1f-9f10088934dd')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_get_share_type_extra_specs(self):
+ self.do_request(
+ 'get_share_type_extra_specs', expected_status=200,
+ share_type_id=self.share_type['id'])
+
+ @decorators.idempotent_id('bb27641b-5249-4343-bb08-5a123f31b9f1')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_update_share_type_extra_spec(self):
+ self.do_request(
+ 'update_share_type_extra_spec', expected_status=200,
+ share_type_id=self.share_type['id'], spec_name='key',
+ spec_value='value_updated')
+
+ @decorators.idempotent_id('81d59322-8ec1-4f32-a50d-2fedd1cca655')
+ @tc.attr(base.TAG_POSITIVE, base.TAG_API)
+ def test_delete_share_type_extra_spec(self):
+ self.admin_shares_v2_client.create_share_type_extra_specs(
+ self.share_type['id'], self.extra_specs)
+ self.do_request(
+ 'delete_share_type_extra_spec', expected_status=202,
+ share_type_id=self.share_type['id'], extra_spec_name='key')
+
+
+class ProjectMemberTests(ShareRbacExtraSpecsTests, base.BaseSharesTest):
+
+ credentials = ['project_member', 'project_admin']
+
+ @decorators.idempotent_id('446c1e7c-5ca2-46f5-b2f3-6417152e5bf8')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_create_share_type_extra_specs(self):
+ self.do_request(
+ 'create_share_type_extra_specs', expected_status=lib_exc.Forbidden,
+ share_type_id=self.share_type['id'], extra_specs=self.extra_specs)
+
+ @decorators.idempotent_id('aabdf0c1-8b68-4c40-a542-cc1dbd039279')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_get_share_type_extra_specs(self):
+ self.do_request(
+ 'get_share_type_extra_specs', expected_status=lib_exc.Forbidden,
+ share_type_id=self.share_type['id'])
+
+ @decorators.idempotent_id('3629f91c-ad21-4321-acd9-7fca92a4721a')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_update_share_type_extra_spec(self):
+ self.do_request(
+ 'update_share_type_extra_spec', expected_status=lib_exc.Forbidden,
+ share_type_id=self.share_type['id'], spec_name='key',
+ spec_value='value_updated')
+
+ @decorators.idempotent_id('0bee97ab-b406-481c-9b8b-4813fb9f49dc')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_delete_share_type_extra_spec(self):
+ self.admin_shares_v2_client.create_share_type_extra_specs(
+ self.share_type['id'], self.extra_specs)
+ self.do_request(
+ 'delete_share_type_extra_spec', expected_status=lib_exc.Forbidden,
+ share_type_id=self.share_type['id'], extra_spec_name='key')
+ self.addCleanup(
+ self.admin_shares_v2_client.delete_share_type_extra_spec,
+ self.share_type['id'], extra_spec_name='key')
+
+
+class ProjectReaderTests(ProjectMemberTests):
+
+ credentials = ['project_reader', 'project_admin']
+
+ @decorators.idempotent_id('da80b823-9a96-45c3-8f86-e9f7fc5ad2c6')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_create_share_type_extra_specs(self):
+ super(ProjectReaderTests, self).test_create_share_type_extra_specs()
+
+ @decorators.idempotent_id('78989220-22dc-46d2-b83b-63f070988eed')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_get_share_type_extra_specs(self):
+ super(ProjectReaderTests, self).test_get_share_type_extra_specs()
+
+ @decorators.idempotent_id('c77173d4-b90c-4edf-a9b6-a26c81aaec42')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_update_share_type_extra_spec(self):
+ super(ProjectReaderTests, self).test_update_share_type_extra_spec()
+
+ @decorators.idempotent_id('46fc8e62-b987-444f-ab9f-cd86a8960156')
+ @tc.attr(base.TAG_NEGATIVE, base.TAG_API)
+ def test_delete_share_type_extra_spec(self):
+ super(ProjectReaderTests, self).test_delete_share_type_extra_spec()
diff --git a/manila_tempest_tests/tests/rbac/test_share_types.py b/manila_tempest_tests/tests/rbac/test_share_types.py
index 2263747..e4e6016 100644
--- a/manila_tempest_tests/tests/rbac/test_share_types.py
+++ b/manila_tempest_tests/tests/rbac/test_share_types.py
@@ -155,7 +155,7 @@
class ProjectReaderTests(ShareRbacShareTypesTests, base.BaseSharesTest):
- credentials = ['project_reader', 'project_member']
+ credentials = ['project_reader']
@decorators.idempotent_id('f4c352c4-c12b-4722-9fe7-9a2ec639ee63')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API)
diff --git a/manila_tempest_tests/utils.py b/manila_tempest_tests/utils.py
index 5ecfb36..d7d86f1 100644
--- a/manila_tempest_tests/utils.py
+++ b/manila_tempest_tests/utils.py
@@ -19,8 +19,11 @@
from netaddr import ip
from tempest import config
+from tempest.lib.common.utils import data_utils
import testtools
+from manila_tempest_tests import utils
+
CONF = config.CONF
SHARE_NETWORK_SUBNETS_MICROVERSION = '2.51'
SHARE_REPLICA_QUOTAS_MICROVERSION = "2.53"
@@ -140,6 +143,40 @@
return address
+def generate_share_network_data():
+ data = {
+ "name": data_utils.rand_name("sn-name"),
+ "description": data_utils.rand_name("sn-desc"),
+ "neutron_net_id": data_utils.rand_name("net-id"),
+ "neutron_subnet_id": data_utils.rand_name("subnet-id"),
+ }
+ return data
+
+
+def generate_subnet_data():
+ data = {
+ "neutron_net_id": data_utils.rand_name("net-id"),
+ "neutron_subnet_id": data_utils.rand_name("subnet-id"),
+ }
+ return data
+
+
+def generate_security_service_data(set_ou=False):
+ data = {
+ "name": data_utils.rand_name("ss-name"),
+ "description": data_utils.rand_name("ss-desc"),
+ "dns_ip": utils.rand_ip(),
+ "server": utils.rand_ip(),
+ "domain": data_utils.rand_name("ss-domain"),
+ "user": data_utils.rand_name("ss-user"),
+ "password": data_utils.rand_name("ss-password"),
+ }
+ if set_ou:
+ data["ou"] = data_utils.rand_name("ss-ou")
+
+ return data
+
+
def choose_matching_backend(share, pools, share_type):
extra_specs = {}
# fix extra specs with string values instead of boolean
@@ -190,6 +227,33 @@
return extra_specs
+def get_access_rule_data_from_config(protocol):
+ """Get the first available access type/to combination from config.
+
+ This method opportunistically picks the first configured protocol
+ to create the share. Do not use this method in tests where you need
+ to test depth and breadth in the access types and access recipients.
+ """
+
+ if protocol in CONF.share.enable_ip_rules_for_protocols:
+ access_type = "ip"
+ access_to = rand_ip()
+ elif protocol in CONF.share.enable_user_rules_for_protocols:
+ access_type = "user"
+ access_to = CONF.share.username_for_user_rules
+ elif protocol in CONF.share.enable_cert_rules_for_protocols:
+ access_type = "cert"
+ access_to = "client3.com"
+ elif protocol in CONF.share.enable_cephx_rules_for_protocols:
+ access_type = "cephx"
+ access_to = data_utils.rand_name("cephx-id")
+ else:
+ message = "Unrecognized protocol and access rules configuration."
+ raise testtools.TestCase.skipException(message)
+
+ return access_type, access_to
+
+
def replication_with_multitenancy_support():
return (share_network_subnets_are_supported() and
CONF.share.multitenancy_enabled)
diff --git a/tox.ini b/tox.ini
index 153ebbf..907516f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,7 +1,6 @@
[tox]
minversion = 3.1.1
-envlist = py3,pypy,pep8
-skipsdist = True
+envlist = py3,pep8
[testenv]
basepython = python3