Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / neutron-tempest-plugin / d4c68e7ba9c6a01309e4834febf311707fdf0782 / . / neutron / tests / tempest / api / test_qos.py
blob: 4040c0bd95f89b0d07705f405a64fd52e73fa251 [file] [log] [blame]
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]1# Copyright 2015 Red Hat, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from tempest.lib.common.utils import data_utils
16from tempest.lib import exceptions
17from tempest import test
18
19import testtools
20
21from neutron.services.qos import qos_consts
22from neutron.tests.tempest.api import base
23
24
25class QosTestJSON(base.BaseAdminNetworkTest):
26 @classmethod
27 @test.requires_ext(extension="qos", service="network")
28 def resource_setup(cls):
29 super(QosTestJSON, cls).resource_setup()
30
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]31 @test.idempotent_id('108fbdf7-3463-4e47-9871-d07f3dcf5bbb')
32 def test_create_policy(self):
33 policy = self.create_qos_policy(name='test-policy',
34 description='test policy desc1',
35 shared=False)
36
37 # Test 'show policy'
38 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
39 retrieved_policy = retrieved_policy['policy']
40 self.assertEqual('test-policy', retrieved_policy['name'])
41 self.assertEqual('test policy desc1', retrieved_policy['description'])
42 self.assertFalse(retrieved_policy['shared'])
43
44 # Test 'list policies'
45 policies = self.admin_client.list_qos_policies()['policies']
46 policies_ids = [p['id'] for p in policies]
47 self.assertIn(policy['id'], policies_ids)
48
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]49 @test.idempotent_id('f8d20e92-f06d-4805-b54f-230f77715815')
50 def test_list_policy_filter_by_name(self):
51 self.create_qos_policy(name='test', description='test policy',
52 shared=False)
53 self.create_qos_policy(name='test2', description='test policy',
54 shared=False)
55
56 policies = (self.admin_client.
57 list_qos_policies(name='test')['policies'])
58 self.assertEqual(1, len(policies))
59
60 retrieved_policy = policies[0]
61 self.assertEqual('test', retrieved_policy['name'])
62
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]63 @test.idempotent_id('8e88a54b-f0b2-4b7d-b061-a15d93c2c7d6')
64 def test_policy_update(self):
65 policy = self.create_qos_policy(name='test-policy',
66 description='',
67 shared=False)
68 self.admin_client.update_qos_policy(policy['id'],
69 description='test policy desc2',
70 shared=True)
71
72 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
73 retrieved_policy = retrieved_policy['policy']
74 self.assertEqual('test policy desc2', retrieved_policy['description'])
75 self.assertTrue(retrieved_policy['shared'])
76 self.assertEqual([], retrieved_policy['rules'])
77
Sławek Kapłoński6bfcc752016-06-05 09:49:27 +0000[diff] [blame]78 @test.idempotent_id('ee263db4-009a-4641-83e5-d0e83506ba4c')
79 def test_shared_policy_update(self):
80 policy = self.create_qos_policy(name='test-policy',
81 description='',
82 shared=True)
83
84 self.admin_client.update_qos_policy(policy['id'],
85 description='test policy desc2')
86 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
87 retrieved_policy = retrieved_policy['policy']
88 self.assertTrue(retrieved_policy['shared'])
89
90 self.admin_client.update_qos_policy(policy['id'],
91 shared=False)
92 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
93 retrieved_policy = retrieved_policy['policy']
94 self.assertFalse(retrieved_policy['shared'])
95
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]96 @test.idempotent_id('1cb42653-54bd-4a9a-b888-c55e18199201')
97 def test_delete_policy(self):
98 policy = self.admin_client.create_qos_policy(
99 'test-policy', 'desc', True)['policy']
100
101 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
102 retrieved_policy = retrieved_policy['policy']
103 self.assertEqual('test-policy', retrieved_policy['name'])
104
105 self.admin_client.delete_qos_policy(policy['id'])
106 self.assertRaises(exceptions.NotFound,
107 self.admin_client.show_qos_policy, policy['id'])
108
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]109 @test.idempotent_id('cf776f77-8d3d-49f2-8572-12d6a1557224')
110 def test_list_admin_rule_types(self):
111 self._test_list_rule_types(self.admin_client)
112
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]113 @test.idempotent_id('49c8ea35-83a9-453a-bd23-239cf3b13929')
114 def test_list_regular_rule_types(self):
115 self._test_list_rule_types(self.client)
116
117 def _test_list_rule_types(self, client):
118 # List supported rule types
119 # TODO(QoS): since in gate we run both ovs and linuxbridge ml2 drivers,
120 # and since Linux Bridge ml2 driver does not have QoS support yet, ml2
121 # plugin reports no rule types are supported. Once linuxbridge will
122 # receive support for QoS, the list of expected rule types will change.
123 #
124 # In theory, we could make the test conditional on which ml2 drivers
125 # are enabled in gate (or more specifically, on which supported qos
126 # rules are claimed by core plugin), but that option doesn't seem to be
karimbd4c68e72016-06-24 14:44:11 +0200[diff] [blame^]127 # available through tempest.lib framework
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]128 expected_rule_types = []
129 expected_rule_details = ['type']
130
131 rule_types = client.list_qos_rule_types()
132 actual_list_rule_types = rule_types['rule_types']
133 actual_rule_types = [rule['type'] for rule in actual_list_rule_types]
134
135 # Verify that only required fields present in rule details
136 for rule in actual_list_rule_types:
137 self.assertEqual(tuple(rule.keys()), tuple(expected_rule_details))
138
139 # Verify if expected rules are present in the actual rules list
140 for rule in expected_rule_types:
141 self.assertIn(rule, actual_rule_types)
142
143 def _disassociate_network(self, client, network_id):
144 client.update_network(network_id, qos_policy_id=None)
145 updated_network = self.admin_client.show_network(network_id)
146 self.assertIsNone(updated_network['network']['qos_policy_id'])
147
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]148 @test.idempotent_id('65b9ef75-1911-406a-bbdb-ca1d68d528b0')
149 def test_policy_association_with_admin_network(self):
150 policy = self.create_qos_policy(name='test-policy',
151 description='test policy',
152 shared=False)
153 network = self.create_shared_network('test network',
154 qos_policy_id=policy['id'])
155
156 retrieved_network = self.admin_client.show_network(network['id'])
157 self.assertEqual(
158 policy['id'], retrieved_network['network']['qos_policy_id'])
159
160 self._disassociate_network(self.admin_client, network['id'])
161
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]162 @test.idempotent_id('1738de5d-0476-4163-9022-5e1b548c208e')
163 def test_policy_association_with_tenant_network(self):
164 policy = self.create_qos_policy(name='test-policy',
165 description='test policy',
166 shared=True)
167 network = self.create_network('test network',
168 qos_policy_id=policy['id'])
169
170 retrieved_network = self.admin_client.show_network(network['id'])
171 self.assertEqual(
172 policy['id'], retrieved_network['network']['qos_policy_id'])
173
174 self._disassociate_network(self.client, network['id'])
175
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]176 @test.idempotent_id('9efe63d0-836f-4cc2-b00c-468e63aa614e')
177 def test_policy_association_with_network_nonexistent_policy(self):
178 self.assertRaises(
179 exceptions.NotFound,
180 self.create_network,
181 'test network',
182 qos_policy_id='9efe63d0-836f-4cc2-b00c-468e63aa614e')
183
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]184 @test.idempotent_id('1aa55a79-324f-47d9-a076-894a8fc2448b')
185 def test_policy_association_with_network_non_shared_policy(self):
186 policy = self.create_qos_policy(name='test-policy',
187 description='test policy',
188 shared=False)
189 self.assertRaises(
190 exceptions.NotFound,
191 self.create_network,
192 'test network', qos_policy_id=policy['id'])
193
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]194 @test.idempotent_id('09a9392c-1359-4cbb-989f-fb768e5834a8')
195 def test_policy_update_association_with_admin_network(self):
196 policy = self.create_qos_policy(name='test-policy',
197 description='test policy',
198 shared=False)
199 network = self.create_shared_network('test network')
200 retrieved_network = self.admin_client.show_network(network['id'])
201 self.assertIsNone(retrieved_network['network']['qos_policy_id'])
202
203 self.admin_client.update_network(network['id'],
204 qos_policy_id=policy['id'])
205 retrieved_network = self.admin_client.show_network(network['id'])
206 self.assertEqual(
207 policy['id'], retrieved_network['network']['qos_policy_id'])
208
209 self._disassociate_network(self.admin_client, network['id'])
210
211 def _disassociate_port(self, port_id):
212 self.client.update_port(port_id, qos_policy_id=None)
213 updated_port = self.admin_client.show_port(port_id)
214 self.assertIsNone(updated_port['port']['qos_policy_id'])
215
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]216 @test.idempotent_id('98fcd95e-84cf-4746-860e-44692e674f2e')
217 def test_policy_association_with_port_shared_policy(self):
218 policy = self.create_qos_policy(name='test-policy',
219 description='test policy',
220 shared=True)
221 network = self.create_shared_network('test network')
222 port = self.create_port(network, qos_policy_id=policy['id'])
223
224 retrieved_port = self.admin_client.show_port(port['id'])
225 self.assertEqual(
226 policy['id'], retrieved_port['port']['qos_policy_id'])
227
228 self._disassociate_port(port['id'])
229
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]230 @test.idempotent_id('49e02f5a-e1dd-41d5-9855-cfa37f2d195e')
231 def test_policy_association_with_port_nonexistent_policy(self):
232 network = self.create_shared_network('test network')
233 self.assertRaises(
234 exceptions.NotFound,
235 self.create_port,
236 network,
237 qos_policy_id='49e02f5a-e1dd-41d5-9855-cfa37f2d195e')
238
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]239 @test.idempotent_id('f53d961c-9fe5-4422-8b66-7add972c6031')
240 def test_policy_association_with_port_non_shared_policy(self):
241 policy = self.create_qos_policy(name='test-policy',
242 description='test policy',
243 shared=False)
244 network = self.create_shared_network('test network')
245 self.assertRaises(
246 exceptions.NotFound,
247 self.create_port,
248 network, qos_policy_id=policy['id'])
249
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]250 @test.idempotent_id('f8163237-fba9-4db5-9526-bad6d2343c76')
251 def test_policy_update_association_with_port_shared_policy(self):
252 policy = self.create_qos_policy(name='test-policy',
253 description='test policy',
254 shared=True)
255 network = self.create_shared_network('test network')
256 port = self.create_port(network)
257 retrieved_port = self.admin_client.show_port(port['id'])
258 self.assertIsNone(retrieved_port['port']['qos_policy_id'])
259
260 self.client.update_port(port['id'], qos_policy_id=policy['id'])
261 retrieved_port = self.admin_client.show_port(port['id'])
262 self.assertEqual(
263 policy['id'], retrieved_port['port']['qos_policy_id'])
264
265 self._disassociate_port(port['id'])
266
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]267 @test.idempotent_id('18163237-8ba9-4db5-9525-bad6d2343c75')
268 def test_delete_not_allowed_if_policy_in_use_by_network(self):
269 policy = self.create_qos_policy(name='test-policy',
270 description='test policy',
271 shared=True)
272 network = self.create_shared_network(
273 'test network', qos_policy_id=policy['id'])
274 self.assertRaises(
275 exceptions.Conflict,
276 self.admin_client.delete_qos_policy, policy['id'])
277
278 self._disassociate_network(self.admin_client, network['id'])
279 self.admin_client.delete_qos_policy(policy['id'])
280
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]281 @test.idempotent_id('24153230-84a9-4dd5-9525-bad6d2343c75')
282 def test_delete_not_allowed_if_policy_in_use_by_port(self):
283 policy = self.create_qos_policy(name='test-policy',
284 description='test policy',
285 shared=True)
286 network = self.create_shared_network('test network')
287 port = self.create_port(network, qos_policy_id=policy['id'])
288 self.assertRaises(
289 exceptions.Conflict,
290 self.admin_client.delete_qos_policy, policy['id'])
291
292 self._disassociate_port(port['id'])
293 self.admin_client.delete_qos_policy(policy['id'])
294
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]295 @test.idempotent_id('a2a5849b-dd06-4b18-9664-0b6828a1fc27')
296 def test_qos_policy_delete_with_rules(self):
297 policy = self.create_qos_policy(name='test-policy',
298 description='test policy',
299 shared=False)
300 self.admin_client.create_bandwidth_limit_rule(
301 policy['id'], 200, 1337)['bandwidth_limit_rule']
302
303 self.admin_client.delete_qos_policy(policy['id'])
304
305 with testtools.ExpectedException(exceptions.NotFound):
306 self.admin_client.show_qos_policy(policy['id'])
307
Jakub Libosvarab42ca82016-06-07 07:56:13 +0000[diff] [blame]308 @test.idempotent_id('fb384bde-a973-41c3-a542-6f77a092155f')
309 def test_get_policy_that_is_shared(self):
310 policy = self.create_qos_policy(
311 name='test-policy-shared',
312 description='shared policy',
313 shared=True,
314 tenant_id=self.admin_client.tenant_id)
315 obtained_policy = self.client.show_qos_policy(policy['id'])['policy']
316 self.assertEqual(obtained_policy, policy)
317
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]318
319class QosBandwidthLimitRuleTestJSON(base.BaseAdminNetworkTest):
320 @classmethod
321 @test.requires_ext(extension="qos", service="network")
322 def resource_setup(cls):
323 super(QosBandwidthLimitRuleTestJSON, cls).resource_setup()
324
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]325 @test.idempotent_id('8a59b00b-3e9c-4787-92f8-93a5cdf5e378')
326 def test_rule_create(self):
327 policy = self.create_qos_policy(name='test-policy',
328 description='test policy',
329 shared=False)
330 rule = self.create_qos_bandwidth_limit_rule(policy_id=policy['id'],
331 max_kbps=200,
332 max_burst_kbps=1337)
333
334 # Test 'show rule'
335 retrieved_rule = self.admin_client.show_bandwidth_limit_rule(
336 policy['id'], rule['id'])
337 retrieved_rule = retrieved_rule['bandwidth_limit_rule']
338 self.assertEqual(rule['id'], retrieved_rule['id'])
339 self.assertEqual(200, retrieved_rule['max_kbps'])
340 self.assertEqual(1337, retrieved_rule['max_burst_kbps'])
341
342 # Test 'list rules'
343 rules = self.admin_client.list_bandwidth_limit_rules(policy['id'])
344 rules = rules['bandwidth_limit_rules']
345 rules_ids = [r['id'] for r in rules]
346 self.assertIn(rule['id'], rules_ids)
347
348 # Test 'show policy'
349 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
350 policy_rules = retrieved_policy['policy']['rules']
351 self.assertEqual(1, len(policy_rules))
352 self.assertEqual(rule['id'], policy_rules[0]['id'])
353 self.assertEqual(qos_consts.RULE_TYPE_BANDWIDTH_LIMIT,
354 policy_rules[0]['type'])
355
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]356 @test.idempotent_id('8a59b00b-ab01-4787-92f8-93a5cdf5e378')
357 def test_rule_create_fail_for_the_same_type(self):
358 policy = self.create_qos_policy(name='test-policy',
359 description='test policy',
360 shared=False)
361 self.create_qos_bandwidth_limit_rule(policy_id=policy['id'],
362 max_kbps=200,
363 max_burst_kbps=1337)
364
365 self.assertRaises(exceptions.Conflict,
366 self.create_qos_bandwidth_limit_rule,
367 policy_id=policy['id'],
368 max_kbps=201, max_burst_kbps=1338)
369
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]370 @test.idempotent_id('149a6988-2568-47d2-931e-2dbc858943b3')
371 def test_rule_update(self):
372 policy = self.create_qos_policy(name='test-policy',
373 description='test policy',
374 shared=False)
375 rule = self.create_qos_bandwidth_limit_rule(policy_id=policy['id'],
376 max_kbps=1,
377 max_burst_kbps=1)
378
379 self.admin_client.update_bandwidth_limit_rule(policy['id'],
380 rule['id'],
381 max_kbps=200,
382 max_burst_kbps=1337)
383
384 retrieved_policy = self.admin_client.show_bandwidth_limit_rule(
385 policy['id'], rule['id'])
386 retrieved_policy = retrieved_policy['bandwidth_limit_rule']
387 self.assertEqual(200, retrieved_policy['max_kbps'])
388 self.assertEqual(1337, retrieved_policy['max_burst_kbps'])
389
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]390 @test.idempotent_id('67ee6efd-7b33-4a68-927d-275b4f8ba958')
391 def test_rule_delete(self):
392 policy = self.create_qos_policy(name='test-policy',
393 description='test policy',
394 shared=False)
395 rule = self.admin_client.create_bandwidth_limit_rule(
396 policy['id'], 200, 1337)['bandwidth_limit_rule']
397
398 retrieved_policy = self.admin_client.show_bandwidth_limit_rule(
399 policy['id'], rule['id'])
400 retrieved_policy = retrieved_policy['bandwidth_limit_rule']
401 self.assertEqual(rule['id'], retrieved_policy['id'])
402
403 self.admin_client.delete_bandwidth_limit_rule(policy['id'], rule['id'])
404 self.assertRaises(exceptions.NotFound,
405 self.admin_client.show_bandwidth_limit_rule,
406 policy['id'], rule['id'])
407
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]408 @test.idempotent_id('f211222c-5808-46cb-a961-983bbab6b852')
409 def test_rule_create_rule_nonexistent_policy(self):
410 self.assertRaises(
411 exceptions.NotFound,
412 self.create_qos_bandwidth_limit_rule,
413 'policy', 200, 1337)
414
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]415 @test.idempotent_id('eed8e2a6-22da-421b-89b9-935a2c1a1b50')
416 def test_policy_create_forbidden_for_regular_tenants(self):
417 self.assertRaises(
418 exceptions.Forbidden,
419 self.client.create_qos_policy,
420 'test-policy', 'test policy', False)
421
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]422 @test.idempotent_id('a4a2e7ad-786f-4927-a85a-e545a93bd274')
423 def test_rule_create_forbidden_for_regular_tenants(self):
424 self.assertRaises(
425 exceptions.Forbidden,
426 self.client.create_bandwidth_limit_rule,
427 'policy', 1, 2)
428
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]429 @test.idempotent_id('ce0bd0c2-54d9-4e29-85f1-cfb36ac3ebe2')
430 def test_get_rules_by_policy(self):
431 policy1 = self.create_qos_policy(name='test-policy1',
432 description='test policy1',
433 shared=False)
434 rule1 = self.create_qos_bandwidth_limit_rule(policy_id=policy1['id'],
435 max_kbps=200,
436 max_burst_kbps=1337)
437
438 policy2 = self.create_qos_policy(name='test-policy2',
439 description='test policy2',
440 shared=False)
441 rule2 = self.create_qos_bandwidth_limit_rule(policy_id=policy2['id'],
442 max_kbps=5000,
443 max_burst_kbps=2523)
444
445 # Test 'list rules'
446 rules = self.admin_client.list_bandwidth_limit_rules(policy1['id'])
447 rules = rules['bandwidth_limit_rules']
448 rules_ids = [r['id'] for r in rules]
449 self.assertIn(rule1['id'], rules_ids)
450 self.assertNotIn(rule2['id'], rules_ids)
451
452
453class RbacSharedQosPoliciesTest(base.BaseAdminNetworkTest):
454
455 force_tenant_isolation = True
456 credentials = ['primary', 'alt', 'admin']
457
458 @classmethod
459 @test.requires_ext(extension="qos", service="network")
460 def resource_setup(cls):
461 super(RbacSharedQosPoliciesTest, cls).resource_setup()
462 cls.client2 = cls.alt_manager.network_client
463
464 def _create_qos_policy(self, tenant_id=None):
465 args = {'name': data_utils.rand_name('test-policy'),
466 'description': 'test policy',
467 'shared': False,
468 'tenant_id': tenant_id}
469 qos_policy = self.admin_client.create_qos_policy(**args)['policy']
470 self.addCleanup(self.admin_client.delete_qos_policy, qos_policy['id'])
471
472 return qos_policy
473
474 def _make_admin_policy_shared_to_tenant_id(self, tenant_id):
475 policy = self._create_qos_policy()
476 rbac_policy = self.admin_client.create_rbac_policy(
477 object_type='qos_policy',
478 object_id=policy['id'],
479 action='access_as_shared',
480 target_tenant=tenant_id,
481 )['rbac_policy']
482
483 return {'policy': policy, 'rbac_policy': rbac_policy}
484
485 def _create_network(self, qos_policy_id, client, should_cleanup=True):
486 net = client.create_network(
487 name=data_utils.rand_name('test-network'),
488 qos_policy_id=qos_policy_id)['network']
489 if should_cleanup:
490 self.addCleanup(client.delete_network, net['id'])
491
492 return net
493
494 @test.idempotent_id('b9dcf582-d3b3-11e5-950a-54ee756c66df')
495 def test_policy_sharing_with_wildcard(self):
496 qos_pol = self.create_qos_policy(
497 name=data_utils.rand_name('test-policy'),
498 description='test-shared-policy', shared=False)
499 self.assertNotIn(qos_pol, self.client2.list_qos_policies()['policies'])
500
501 # test update shared False -> True
502 self.admin_client.update_qos_policy(qos_pol['id'], shared=True)
503 qos_pol['shared'] = True
504 self.client2.show_qos_policy(qos_pol['id'])
505 rbac_pol = {'target_tenant': '*',
506 'tenant_id': self.admin_client.tenant_id,
507 'object_type': 'qos_policy',
508 'object_id': qos_pol['id'],
509 'action': 'access_as_shared'}
510
511 rbac_policies = self.admin_client.list_rbac_policies()['rbac_policies']
512 rbac_policies = [r for r in rbac_policies if r.pop('id')]
513 self.assertIn(rbac_pol, rbac_policies)
514
515 # update shared True -> False should fail because the policy is bound
516 # to a network
517 net = self._create_network(qos_pol['id'], self.admin_client, False)
518 with testtools.ExpectedException(exceptions.Conflict):
519 self.admin_client.update_qos_policy(qos_pol['id'], shared=False)
520
521 # delete the network, and update shared True -> False should pass now
522 self.admin_client.delete_network(net['id'])
523 self.admin_client.update_qos_policy(qos_pol['id'], shared=False)
524 qos_pol['shared'] = False
525 self.assertNotIn(qos_pol, self.client2.list_qos_policies()['policies'])
526
527 def _create_net_bound_qos_rbacs(self):
528 res = self._make_admin_policy_shared_to_tenant_id(
529 self.client.tenant_id)
530 qos_policy, rbac_for_client_tenant = res['policy'], res['rbac_policy']
531
532 # add a wildcard rbac rule - now the policy globally shared
533 rbac_wildcard = self.admin_client.create_rbac_policy(
534 object_type='qos_policy',
535 object_id=qos_policy['id'],
536 action='access_as_shared',
537 target_tenant='*',
538 )['rbac_policy']
539
540 # tenant1 now uses qos policy for net
541 self._create_network(qos_policy['id'], self.client)
542
543 return rbac_for_client_tenant, rbac_wildcard
544
545 @test.idempotent_id('328b1f70-d424-11e5-a57f-54ee756c66df')
546 def test_net_bound_shared_policy_wildcard_and_tenant_id_wild_remove(self):
547 client_rbac, wildcard_rbac = self._create_net_bound_qos_rbacs()
548 # globally unshare the qos-policy, the specific share should remain
549 self.admin_client.delete_rbac_policy(wildcard_rbac['id'])
550 self.client.list_rbac_policies(id=client_rbac['id'])
551
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]552 @test.idempotent_id('1997b00c-0c75-4e43-8ce2-999f9fa555ee')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]553 def test_net_bound_shared_policy_wildcard_and_tenant_id_wild_remains(self):
554 client_rbac, wildcard_rbac = self._create_net_bound_qos_rbacs()
555 # remove client_rbac policy the wildcard share should remain
556 self.admin_client.delete_rbac_policy(client_rbac['id'])
557 self.client.list_rbac_policies(id=wildcard_rbac['id'])
558
559 @test.idempotent_id('2ace9adc-da6e-11e5-aafe-54ee756c66df')
560 def test_policy_sharing_with_wildcard_and_tenant_id(self):
561 res = self._make_admin_policy_shared_to_tenant_id(
562 self.client.tenant_id)
563 qos_policy, rbac = res['policy'], res['rbac_policy']
564 qos_pol = self.client.show_qos_policy(qos_policy['id'])['policy']
565 self.assertTrue(qos_pol['shared'])
566 with testtools.ExpectedException(exceptions.NotFound):
567 self.client2.show_qos_policy(qos_policy['id'])
568
569 # make the qos-policy globally shared
570 self.admin_client.update_qos_policy(qos_policy['id'], shared=True)
571 qos_pol = self.client2.show_qos_policy(qos_policy['id'])['policy']
572 self.assertTrue(qos_pol['shared'])
573
574 # globally unshare the qos-policy, the specific share should remain
575 self.admin_client.update_qos_policy(qos_policy['id'], shared=False)
576 self.client.show_qos_policy(qos_policy['id'])
577 with testtools.ExpectedException(exceptions.NotFound):
578 self.client2.show_qos_policy(qos_policy['id'])
579 self.assertIn(rbac,
580 self.admin_client.list_rbac_policies()['rbac_policies'])
581
582 @test.idempotent_id('9f85c76a-a350-11e5-8ae5-54ee756c66df')
583 def test_policy_target_update(self):
584 res = self._make_admin_policy_shared_to_tenant_id(
585 self.client.tenant_id)
586 # change to client2
587 update_res = self.admin_client.update_rbac_policy(
588 res['rbac_policy']['id'], target_tenant=self.client2.tenant_id)
589 self.assertEqual(self.client2.tenant_id,
590 update_res['rbac_policy']['target_tenant'])
591 # make sure everything else stayed the same
592 res['rbac_policy'].pop('target_tenant')
593 update_res['rbac_policy'].pop('target_tenant')
594 self.assertEqual(res['rbac_policy'], update_res['rbac_policy'])
595
596 @test.idempotent_id('a9b39f46-a350-11e5-97c7-54ee756c66df')
597 def test_network_presence_prevents_policy_rbac_policy_deletion(self):
598 res = self._make_admin_policy_shared_to_tenant_id(
599 self.client2.tenant_id)
600 qos_policy_id = res['policy']['id']
601 self._create_network(qos_policy_id, self.client2)
602 # a network with shared qos-policy should prevent the deletion of an
603 # rbac-policy required for it to be shared
604 with testtools.ExpectedException(exceptions.Conflict):
605 self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
606
607 # a wildcard policy should allow the specific policy to be deleted
608 # since it allows the remaining port
609 wild = self.admin_client.create_rbac_policy(
610 object_type='qos_policy', object_id=res['policy']['id'],
611 action='access_as_shared', target_tenant='*')['rbac_policy']
612 self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
613
614 # now that wildcard is the only remaining, it should be subjected to
615 # the same restriction
616 with testtools.ExpectedException(exceptions.Conflict):
617 self.admin_client.delete_rbac_policy(wild['id'])
618
619 # we can't update the policy to a different tenant
620 with testtools.ExpectedException(exceptions.Conflict):
621 self.admin_client.update_rbac_policy(
622 wild['id'], target_tenant=self.client2.tenant_id)
623
624 @test.idempotent_id('b0fe87e8-a350-11e5-9f08-54ee756c66df')
625 def test_regular_client_shares_to_another_regular_client(self):
626 # owned by self.admin_client
627 policy = self._create_qos_policy()
628 with testtools.ExpectedException(exceptions.NotFound):
629 self.client.show_qos_policy(policy['id'])
630 rbac_policy = self.admin_client.create_rbac_policy(
631 object_type='qos_policy', object_id=policy['id'],
632 action='access_as_shared',
633 target_tenant=self.client.tenant_id)['rbac_policy']
634 self.client.show_qos_policy(policy['id'])
635
636 self.assertIn(rbac_policy,
637 self.admin_client.list_rbac_policies()['rbac_policies'])
638 # ensure that 'client2' can't see the rbac-policy sharing the
639 # qos-policy to it because the rbac-policy belongs to 'client'
640 self.assertNotIn(rbac_policy['id'], [p['id'] for p in
641 self.client2.list_rbac_policies()['rbac_policies']])
642
643 @test.idempotent_id('ba88d0ca-a350-11e5-a06f-54ee756c66df')
644 def test_filter_fields(self):
645 policy = self._create_qos_policy()
646 self.admin_client.create_rbac_policy(
647 object_type='qos_policy', object_id=policy['id'],
648 action='access_as_shared', target_tenant=self.client2.tenant_id)
649 field_args = (('id',), ('id', 'action'), ('object_type', 'object_id'),
650 ('tenant_id', 'target_tenant'))
651 for fields in field_args:
652 res = self.admin_client.list_rbac_policies(fields=fields)
653 self.assertEqual(set(fields), set(res['rbac_policies'][0].keys()))
654
655 @test.idempotent_id('c10d993a-a350-11e5-9c7a-54ee756c66df')
656 def test_rbac_policy_show(self):
657 res = self._make_admin_policy_shared_to_tenant_id(
658 self.client.tenant_id)
659 p1 = res['rbac_policy']
660 p2 = self.admin_client.create_rbac_policy(
661 object_type='qos_policy', object_id=res['policy']['id'],
662 action='access_as_shared',
663 target_tenant='*')['rbac_policy']
664
665 self.assertEqual(
666 p1, self.admin_client.show_rbac_policy(p1['id'])['rbac_policy'])
667 self.assertEqual(
668 p2, self.admin_client.show_rbac_policy(p2['id'])['rbac_policy'])
669
670 @test.idempotent_id('c7496f86-a350-11e5-b380-54ee756c66df')
671 def test_filter_rbac_policies(self):
672 policy = self._create_qos_policy()
673 rbac_pol1 = self.admin_client.create_rbac_policy(
674 object_type='qos_policy', object_id=policy['id'],
675 action='access_as_shared',
676 target_tenant=self.client2.tenant_id)['rbac_policy']
677 rbac_pol2 = self.admin_client.create_rbac_policy(
678 object_type='qos_policy', object_id=policy['id'],
679 action='access_as_shared',
680 target_tenant=self.admin_client.tenant_id)['rbac_policy']
681 res1 = self.admin_client.list_rbac_policies(id=rbac_pol1['id'])[
682 'rbac_policies']
683 res2 = self.admin_client.list_rbac_policies(id=rbac_pol2['id'])[
684 'rbac_policies']
685 self.assertEqual(1, len(res1))
686 self.assertEqual(1, len(res2))
687 self.assertEqual(rbac_pol1['id'], res1[0]['id'])
688 self.assertEqual(rbac_pol2['id'], res2[0]['id'])
689
690 @test.idempotent_id('cd7d755a-a350-11e5-a344-54ee756c66df')
691 def test_regular_client_blocked_from_sharing_anothers_policy(self):
692 qos_policy = self._make_admin_policy_shared_to_tenant_id(
693 self.client.tenant_id)['policy']
694 with testtools.ExpectedException(exceptions.BadRequest):
695 self.client.create_rbac_policy(
696 object_type='qos_policy', object_id=qos_policy['id'],
697 action='access_as_shared',
698 target_tenant=self.client2.tenant_id)
699
700 # make sure the rbac-policy is invisible to the tenant for which it's
701 # being shared
702 self.assertFalse(self.client.list_rbac_policies()['rbac_policies'])
703
704
705class QosDscpMarkingRuleTestJSON(base.BaseAdminNetworkTest):
706 VALID_DSCP_MARK1 = 56
707 VALID_DSCP_MARK2 = 48
708
709 @classmethod
710 @test.requires_ext(extension="qos", service="network")
711 def resource_setup(cls):
712 super(QosDscpMarkingRuleTestJSON, cls).resource_setup()
713
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]714 @test.idempotent_id('f5cbaceb-5829-497c-9c60-ad70969e9a08')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]715 def test_rule_create(self):
716 policy = self.create_qos_policy(name='test-policy',
717 description='test policy',
718 shared=False)
719 rule = self.admin_client.create_dscp_marking_rule(
720 policy['id'], self.VALID_DSCP_MARK1)['dscp_marking_rule']
721
722 # Test 'show rule'
723 retrieved_rule = self.admin_client.show_dscp_marking_rule(
724 policy['id'], rule['id'])
725 retrieved_rule = retrieved_rule['dscp_marking_rule']
726 self.assertEqual(rule['id'], retrieved_rule['id'])
727 self.assertEqual(self.VALID_DSCP_MARK1, retrieved_rule['dscp_mark'])
728
729 # Test 'list rules'
730 rules = self.admin_client.list_dscp_marking_rules(policy['id'])
731 rules = rules['dscp_marking_rules']
732 rules_ids = [r['id'] for r in rules]
733 self.assertIn(rule['id'], rules_ids)
734
735 # Test 'show policy'
736 retrieved_policy = self.admin_client.show_qos_policy(policy['id'])
737 policy_rules = retrieved_policy['policy']['rules']
738 self.assertEqual(1, len(policy_rules))
739 self.assertEqual(rule['id'], policy_rules[0]['id'])
740 self.assertEqual(qos_consts.RULE_TYPE_DSCP_MARK,
741 policy_rules[0]['type'])
742
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]743 @test.idempotent_id('08553ffe-030f-4037-b486-7e0b8fb9385a')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]744 def test_rule_create_fail_for_the_same_type(self):
745 policy = self.create_qos_policy(name='test-policy',
746 description='test policy',
747 shared=False)
748 self.admin_client.create_dscp_marking_rule(
749 policy['id'], self.VALID_DSCP_MARK1)['dscp_marking_rule']
750
751 self.assertRaises(exceptions.Conflict,
752 self.admin_client.create_dscp_marking_rule,
753 policy_id=policy['id'],
754 dscp_mark=self.VALID_DSCP_MARK2)
755
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]756 @test.idempotent_id('76f632e5-3175-4408-9a32-3625e599c8a2')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]757 def test_rule_update(self):
758 policy = self.create_qos_policy(name='test-policy',
759 description='test policy',
760 shared=False)
761 rule = self.admin_client.create_dscp_marking_rule(
762 policy['id'], self.VALID_DSCP_MARK1)['dscp_marking_rule']
763
764 self.admin_client.update_dscp_marking_rule(
765 policy['id'], rule['id'], dscp_mark=self.VALID_DSCP_MARK2)
766
767 retrieved_policy = self.admin_client.show_dscp_marking_rule(
768 policy['id'], rule['id'])
769 retrieved_policy = retrieved_policy['dscp_marking_rule']
770 self.assertEqual(self.VALID_DSCP_MARK2, retrieved_policy['dscp_mark'])
771
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]772 @test.idempotent_id('74f81904-c35f-48a3-adae-1f5424cb3c18')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]773 def test_rule_delete(self):
774 policy = self.create_qos_policy(name='test-policy',
775 description='test policy',
776 shared=False)
777 rule = self.admin_client.create_dscp_marking_rule(
778 policy['id'], self.VALID_DSCP_MARK1)['dscp_marking_rule']
779
780 retrieved_policy = self.admin_client.show_dscp_marking_rule(
781 policy['id'], rule['id'])
782 retrieved_policy = retrieved_policy['dscp_marking_rule']
783 self.assertEqual(rule['id'], retrieved_policy['id'])
784
785 self.admin_client.delete_dscp_marking_rule(policy['id'], rule['id'])
786 self.assertRaises(exceptions.NotFound,
787 self.admin_client.show_dscp_marking_rule,
788 policy['id'], rule['id'])
789
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]790 @test.idempotent_id('9cb8ef5c-96fc-4978-9ee0-e3b02bab628a')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]791 def test_rule_create_rule_nonexistent_policy(self):
792 self.assertRaises(
793 exceptions.NotFound,
794 self.admin_client.create_dscp_marking_rule,
795 'policy', self.VALID_DSCP_MARK1)
796
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]797 @test.idempotent_id('bf6002ea-29de-486f-b65d-08aea6d4c4e2')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]798 def test_rule_create_forbidden_for_regular_tenants(self):
799 self.assertRaises(
800 exceptions.Forbidden,
801 self.client.create_dscp_marking_rule,
802 'policy', self.VALID_DSCP_MARK1)
803
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]804 @test.idempotent_id('33646b08-4f05-4493-a48a-bde768a18533')
805 def test_invalid_rule_create(self):
806 policy = self.create_qos_policy(name='test-policy',
807 description='test policy',
808 shared=False)
809 self.assertRaises(
810 exceptions.BadRequest,
811 self.admin_client.create_dscp_marking_rule,
812 policy['id'], 58)
813
Miguel Angel Ajocda3f072016-04-01 15:24:54 +0200[diff] [blame]814 @test.idempotent_id('c565131d-4c80-4231-b0f3-9ae2be4de129')
Daniel Mellado3c0aeab2016-01-29 11:30:25 +0000[diff] [blame]815 def test_get_rules_by_policy(self):
816 policy1 = self.create_qos_policy(name='test-policy1',
817 description='test policy1',
818 shared=False)
819 rule1 = self.admin_client.create_dscp_marking_rule(
820 policy1['id'], self.VALID_DSCP_MARK1)['dscp_marking_rule']
821
822 policy2 = self.create_qos_policy(name='test-policy2',
823 description='test policy2',
824 shared=False)
825 rule2 = self.admin_client.create_dscp_marking_rule(
826 policy2['id'], self.VALID_DSCP_MARK2)['dscp_marking_rule']
827
828 # Test 'list rules'
829 rules = self.admin_client.list_dscp_marking_rules(policy1['id'])
830 rules = rules['dscp_marking_rules']
831 rules_ids = [r['id'] for r in rules]
832 self.assertIn(rule1['id'], rules_ids)
833 self.assertNotIn(rule2['id'], rules_ids)