Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 0ad6bde73d77d34bfabaf1a0e1cc1f118f97e6a3^! / .
commit0ad6bde73d77d34bfabaf1a0e1cc1f118f97e6a3[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Thu Apr 05 07:01:46 2018 +0100
committerFelipe Monteiro <felipe.monteiro@att.com>Thu Apr 05 16:09:49 2018 +0000
treefb3a8f7f2af6aff26d04158c73537f6bfc547cb0
parent8d8e1af35b6baa2bdd592c13168e7e6b1561619a [diff]
Increase RBAC test coverage for floating ips bulk API

This PS adds better RBAC test coverage for Nova
os-floating-ip-pools API, the documentation for which is here: [0].
The same policy is enforced for each endpoint: [1]. The
max_microversion is 2.35 since the API is deprecated in 2.36
onward [2]. Only [3] is not tested because there is no
corresponding Tempest endpoint in its client.

[0] https://developer.openstack.org/api-ref/compute/#floating-ips-bulk-os-floating-ips-bulk-deprecated
[1] https://github.com/openstack/nova/blob/master/nova/policies/floating_ips_bulk.py
[2] https://developer.openstack.org/api-ref/compute/#list-floating-ips
[3] https://developer.openstack.org/api-ref/compute/#list-floating-ips-by-host

Change-Id: Ie28ee0b4e76e59b9813bf352f03c0cf14fa91616

diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
index 18a2196..b83cc46 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py

@@ -13,9 +13,13 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import netaddr
+
 from tempest.common import utils
 from tempest import config
+from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
 
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
@@ -31,11 +35,6 @@
     max_microversion = '2.35'
 
     @classmethod
-    def setup_clients(cls):
-        super(FloatingIpsBulkRbacTest, cls).setup_clients()
-        cls.fip_bulk_client = cls.os_primary.floating_ips_bulk_client
-
-    @classmethod
     def skip_checks(cls):
         super(FloatingIpsBulkRbacTest, cls).skip_checks()
         if not utils.is_extension_enabled('os-floating-ips-bulk', 'compute'):
@@ -45,6 +44,53 @@
         if not CONF.network_feature_enabled.floating_ips:
             raise cls.skipException("Floating ips are not available")
 
+    @classmethod
+    def setup_clients(cls):
+        super(FloatingIpsBulkRbacTest, cls).setup_clients()
+        cls.fip_bulk_client = cls.os_primary.floating_ips_bulk_client
+
+    @classmethod
+    def resource_setup(cls):
+        super(FloatingIpsBulkRbacTest, cls).resource_setup()
+        cls.ip_range = CONF.validation.floating_ip_range
+        cls.verify_unallocated_floating_ip_range(cls.ip_range)
+
+    @classmethod
+    def verify_unallocated_floating_ip_range(cls, ip_range):
+        # Verify whether configure floating IP range is not already allocated.
+        body = cls.fip_bulk_client.list_floating_ips_bulk()[
+            'floating_ip_info']
+        allocated_ips_list = map(lambda x: x['address'], body)
+        for ip_addr in netaddr.IPNetwork(ip_range).iter_hosts():
+            if str(ip_addr) in allocated_ips_list:
+                msg = ("Configured unallocated floating IP range is already "
+                       "allocated. Configure the correct unallocated range "
+                       "as 'floating_ip_range'")
+                raise lib_exc.InvalidConfiguration(msg)
+        return
+
+    def _create_floating_ips_bulk(self):
+        pool = 'test_pool'
+        # NOTE(felipemonteiro): Comment copied from Tempest. Reserving the IP
+        # range but those are not attached anywhere. Using the below mentioned
+        # interface which is not ever expected to be used. Clean up already
+        # done for created IP range.
+        interface = 'eth0'
+        body = self.fip_bulk_client.create_floating_ips_bulk(
+            self.ip_range, pool, interface)['floating_ips_bulk_create']
+        self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+                        self.fip_bulk_client.delete_floating_ips_bulk,
+                        self.ip_range)
+        return body
+
+    @decorators.idempotent_id('9a49e73f-96a0-4e93-830a-22c4e443b486')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-floating-ips-bulk")
+    def test_create_floating_ips_bulk(self):
+        with self.rbac_utils.override_role(self):
+            self._create_floating_ips_bulk()
+
     @decorators.idempotent_id('3b5c8a02-005d-4256-8a95-6fa2f389c6cf')
     @rbac_rule_validation.action(
         service="nova",
@@ -52,3 +98,12 @@
     def test_list_floating_ips_bulk(self):
         with self.rbac_utils.override_role(self):
             self.fip_bulk_client.list_floating_ips_bulk()
+
+    @decorators.idempotent_id('37c2b759-c494-4e20-9dba-6a67b2df9573')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-floating-ips-bulk")
+    def test_delete_floating_ips_bulk(self):
+        self._create_floating_ips_bulk()
+        with self.rbac_utils.override_role(self):
+            self.fip_bulk_client.delete_floating_ips_bulk(self.ip_range)