Merge "add python 3.7 unit test job"
diff --git a/HACKING.rst b/HACKING.rst
index cd85d84..2dfb28c 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -64,7 +64,7 @@
---------------
Correct role overriding is vital to correct RBAC testing within Patrole. If a
-test does not call ``rbac_utils.override_role`` within the RBAC test, followed
+test does not call ``self.override_role()`` within the RBAC test, followed
by the API endpoint that enforces the expected policy action, then the test is
**not** a valid Patrole test: The API endpoint under test will be performed
with admin role, which is always wrong unless ``CONF.patrole.rbac_test_role``
diff --git a/REVIEWING.rst b/REVIEWING.rst
index 4ee847f..9993f2c 100644
--- a/REVIEWING.rst
+++ b/REVIEWING.rst
@@ -80,7 +80,7 @@
* testing the same policy in more than one test
For the first bullet, try to avoid calling the same API inside the
-``self.rbac_utils.override_role`` call.
+``self.override_role()`` call.
.. note::
diff --git a/doc/source/multi-policy-validation.rst b/doc/source/multi-policy-validation.rst
index 576fd68..441bd35 100644
--- a/doc/source/multi-policy-validation.rst
+++ b/doc/source/multi-policy-validation.rst
@@ -66,7 +66,7 @@
self.os_admin.servers_client.lock_server(self.server['id'])
self.addCleanup(self.servers_client.unlock_server, self.server['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unlock_server(self.server['id'])
While the ``expected_error_codes`` parameter is omitted in the example above,
@@ -96,7 +96,7 @@
# Verify specific fields of a port
fields = ['binding:vif_type']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
self.port['id'], fields=fields)['port']
@@ -131,7 +131,7 @@
RBAC test for the neutron create_network:router:external policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(router_external=True)
Note that above the following expected error codes/rules relationship is
@@ -158,7 +158,7 @@
RBAC test for the neutron update_network:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(shared_network=True)
self.addCleanup(self._update_network, shared_network=False)
diff --git a/doc/source/test_writing_guide.rst b/doc/source/test_writing_guide.rst
index 4e0f0be..ac50210 100644
--- a/doc/source/test_writing_guide.rst
+++ b/doc/source/test_writing_guide.rst
@@ -34,7 +34,7 @@
#. Setup: Admin role is used automatically. The primary credentials are
overridden with the admin role.
#. Test execution: ``[patrole] rbac_test_roles`` is used manually via the
- call to ``with rbac_utils.override_role(self)``. Everything that
+ call to ``with self.override_role()``. Everything that
is executed within this contextmanager uses the primary
credentials overridden with the ``[patrole] rbac_test_roles``.
#. Teardown: Admin role is used automatically. The primary credentials have
@@ -68,7 +68,7 @@
"Test execution" here means calling the API endpoint that enforces the policy
action expected by the ``rbac_rule_validation`` decorator. Test execution
should be performed *only after* calling
-``with rbac_utils.override_role(self)``.
+``with self.override_role()``.
Immediately after that call, the API endpoint that enforces the policy should
be called.
@@ -89,7 +89,7 @@
aggregate_id = self._create_aggregate()
# Call the ``override_role`` method so that the primary credentials
# have the test role needed for test execution.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.show_aggregate(aggregate_id)
When using a waiter, do the wait outside the contextmanager. "Waiting" always
@@ -113,7 +113,7 @@
self.addCleanup(self.servers_client.change_password, self.server['id'],
adminPass=original_password)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.change_password(
self.server['id'], adminPass=data_utils.rand_password())
# Call the waiter outside the ``override_role`` contextmanager, so that
@@ -145,7 +145,7 @@
# Never call a helper function inside the contextmanager that calls a
# bunch of APIs. Only call the API that enforces the policy action
# contained in the decorator above.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._complex_setup_method()
To fix this test, see the "Example using waiter" section above. It is
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 5dd4731..288ec29 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -132,7 +132,7 @@
rules=["os_compute_api:os-agents"])
def test_list_agents_rbac(self):
# The call to `override_role` is mandatory.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.list_agents()
"""
@@ -345,7 +345,7 @@
roles.append(CONF.patrole.rbac_test_role)
# Adding implied roles
- roles = test_obj.rbac_utils.get_all_needed_roles(roles)
+ roles = test_obj.get_all_needed_roles(roles)
# Test RBAC against custom requirements. Otherwise use oslo.policy.
if CONF.patrole.test_custom_requirements:
@@ -461,7 +461,7 @@
def _validate_override_role_called(test_obj, actual_exception):
- """Validates that :func:`rbac_utils.RbacUtils.override_role` is called
+ """Validates that :func:`rbac_utils.RbacUtilsMixin.override_role` is called
during each Patrole test.
Useful for validating that the expected exception isn't raised too early
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index a587b72..922851b 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -40,7 +40,7 @@
Example::
- with self.rbac_utils.override_role_and_validate_list(...) as ctx:
+ with self.override_role_and_validate_list(...) as ctx:
ctx.resources = list_function()
"""
@@ -102,8 +102,23 @@
self._validate_func()
-class RbacUtils(object):
- """Utility class responsible for switching ``os_primary`` role.
+class RbacUtilsMixin(object):
+ """Utility mixin responsible for switching ``os_primary`` role.
+
+ Should be used as a mixin class alongside an instance of
+ :py:class:`tempest.test.BaseTestCase` to perform Patrole class setup for a
+ base RBAC class. Child classes should not use this mixin.
+
+ Example::
+
+ class BaseRbacTest(rbac_utils.RbacUtilsMixin, base.BaseV2ComputeTest):
+
+ @classmethod
+ def setup_clients(cls):
+ super(BaseRbacTest, cls).setup_clients()
+
+ cls.hosts_client = cls.os_primary.hosts_client
+ ...
This class is responsible for overriding the value of the primary Tempest
credential's role (i.e. ``os_primary`` role). By doing so, it is possible
@@ -114,15 +129,25 @@
``CONF.patrole.rbac_test_roles``.
"""
- def __init__(self, test_obj):
- """Constructor for ``RbacUtils``.
+ def __init__(self, *args, **kwargs):
+ super(RbacUtilsMixin, self).__init__(*args, **kwargs)
- :param test_obj: An instance of `tempest.test.BaseTestCase`.
- """
- self.admin_role_id = None
- self.rbac_role_ids = None
- self._role_map = None
+ # Shows if override_role was called.
+ self.__override_role_called = False
+ # Shows if exception raised during override_role.
+ self.__override_role_caught_exc = False
+ _admin_role_id = None
+ _rbac_role_ids = None
+ _project_id = None
+ _user_id = None
+ _role_map = None
+ _role_inferences_mapping = None
+
+ admin_roles_client = None
+
+ @classmethod
+ def setup_clients(cls):
# Intialize the admin roles_client to perform role switching.
admin_mgr = clients.Manager(
credentials.get_configured_admin_credentials())
@@ -132,16 +157,20 @@
raise lib_exc.InvalidConfiguration(
"Patrole role overriding only supports v3 identity API.")
- self.admin_roles_client = admin_roles_client
+ cls.admin_roles_client = admin_roles_client
- self.user_id = test_obj.os_primary.credentials.user_id
- self.project_id = test_obj.os_primary.credentials.tenant_id
- self._role_inferences_mapping = self._prepare_role_inferences_mapping()
+ cls._project_id = cls.os_primary.credentials.tenant_id
+ cls._user_id = cls.os_primary.credentials.user_id
+ cls._role_inferences_mapping = cls._prepare_role_inferences_mapping()
+
+ cls._init_roles()
# Change default role to admin
- self._override_role(test_obj, False)
+ cls._override_role(False)
+ super(RbacUtilsMixin, cls).setup_clients()
- def _prepare_role_inferences_mapping(self):
+ @classmethod
+ def _prepare_role_inferences_mapping(cls):
"""Preparing roles mapping to support role inferences
Making query to `list-all-role-inference-rules`_ keystone API
@@ -186,7 +215,7 @@
res[prior_role] = implies
return res
- raw_data = self.admin_roles_client.list_all_role_inference_rules()
+ raw_data = cls.admin_roles_client.list_all_role_inference_rules()
data = convert_data(raw_data['role_inferences'])
res = {}
for role_id in data:
@@ -207,15 +236,17 @@
"""
res = set(r for r in roles)
for role in res.copy():
- role_id = self._role_map.get(role)
- implied_roles = self._role_inferences_mapping.get(role_id, set())
- role_names = {self._role_map[rid] for rid in implied_roles}
+ role_id = self.__class__._role_map.get(role)
+ implied_roles = self.__class__._role_inferences_mapping.get(
+ role_id, set())
+ role_names = {self.__class__._role_map[rid]
+ for rid in implied_roles}
res.update(role_names)
LOG.debug('All needed roles: %s; Base roles: %s', res, roles)
return list(res)
@contextlib.contextmanager
- def override_role(self, test_obj):
+ def override_role(self):
"""Override the role used by ``os_primary`` Tempest credentials.
Temporarily change the role used by ``os_primary`` credentials to:
@@ -225,7 +256,6 @@
Automatically switches to admin role after test execution.
- :param test_obj: Instance of ``tempest.test.BaseTestCase``.
:returns: None
.. warning::
@@ -239,7 +269,7 @@
rules=['a:test:rule'])
def test_foo(self):
# Allocate test-level resources here.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# The role for `os_primary` has now been overridden. Within
# this block, call the API endpoint that enforces the
# expected policy specified by "rule" in the decorator.
@@ -248,8 +278,8 @@
# if the API call above threw an exception, any code below this
# point in the test is not executed.
"""
- test_obj._set_override_role_called()
- self._override_role(test_obj, True)
+ self._set_override_role_called()
+ self._override_role(True)
try:
# Execute the test.
yield
@@ -258,16 +288,16 @@
# for future validation.
exc = sys.exc_info()[0]
if exc is not None:
- test_obj._set_override_role_caught_exc()
+ self._set_override_role_caught_exc()
# This code block is always executed, no matter the result of the
# test. Automatically switch back to the admin role for test clean
# up.
- self._override_role(test_obj, False)
+ self._override_role(False)
- def _override_role(self, test_obj, toggle_rbac_role=False):
+ @classmethod
+ def _override_role(cls, toggle_rbac_role=False):
"""Private helper for overriding ``os_primary`` Tempest credentials.
- :param test_obj: instance of :py:class:`tempest.test.BaseTestCase`
:param toggle_rbac_role: Boolean value that controls the role that
overrides default role of ``os_primary`` credentials.
* If True: role is set to ``[patrole] rbac_test_role``
@@ -277,22 +307,19 @@
roles_already_present = False
try:
- if not all([self.admin_role_id, self.rbac_role_ids]):
- self._get_roles_by_name()
-
- target_roles = (self.rbac_role_ids
- if toggle_rbac_role else [self.admin_role_id])
- roles_already_present = self._list_and_clear_user_roles_on_project(
+ target_roles = (cls._rbac_role_ids
+ if toggle_rbac_role else [cls._admin_role_id])
+ roles_already_present = cls._list_and_clear_user_roles_on_project(
target_roles)
# Do not override roles if `target_role` already exists.
if not roles_already_present:
- self._create_user_role_on_project(target_roles)
+ cls._create_user_role_on_project(target_roles)
except Exception as exp:
with excutils.save_and_reraise_exception():
LOG.exception(exp)
finally:
- auth_providers = test_obj.get_auth_providers()
+ auth_providers = cls.get_auth_providers()
for provider in auth_providers:
provider.clear_auth()
# Fernet tokens are not subsecond aware so sleep to ensure we are
@@ -306,10 +333,11 @@
for provider in auth_providers:
provider.set_auth()
- def _get_roles_by_name(self):
- available_roles = self.admin_roles_client.list_roles()['roles']
- self._role_map = {r['name']: r['id'] for r in available_roles}
- LOG.debug('Available roles: %s', list(self._role_map.keys()))
+ @classmethod
+ def _init_roles(cls):
+ available_roles = cls.admin_roles_client.list_roles()['roles']
+ cls._role_map = {r['name']: r['id'] for r in available_roles}
+ LOG.debug('Available roles: %s', cls._role_map.keys())
rbac_role_ids = []
roles = CONF.patrole.rbac_test_roles
@@ -319,9 +347,9 @@
roles.append(CONF.patrole.rbac_test_role)
for role_name in roles:
- rbac_role_ids.append(self._role_map.get(role_name))
+ rbac_role_ids.append(cls._role_map.get(role_name))
- admin_role_id = self._role_map.get(CONF.identity.admin_role)
+ admin_role_id = cls._role_map.get(CONF.identity.admin_role)
if not all([admin_role_id, all(rbac_role_ids)]):
missing_roles = []
@@ -332,27 +360,28 @@
missing_roles.append(CONF.identity.admin_role)
if not all(rbac_role_ids):
missing_roles += [role_name for role_name in roles
- if not self._role_map.get(role_name)]
+ if role_name not in cls._role_map]
msg += " Following roles were not found: %s." % (
", ".join(missing_roles))
- msg += " Available roles: %s." % ", ".join(list(
- self._role_map.keys()))
+ msg += " Available roles: %s." % ", ".join(cls._role_map)
raise rbac_exceptions.RbacResourceSetupFailed(msg)
- self.admin_role_id = admin_role_id
- self.rbac_role_ids = rbac_role_ids
+ cls._admin_role_id = admin_role_id
+ cls._rbac_role_ids = rbac_role_ids
# Adding backward mapping
- self._role_map.update({v: k for k, v in self._role_map.items()})
+ cls._role_map.update({v: k for k, v in cls._role_map.items()})
- def _create_user_role_on_project(self, role_ids):
+ @classmethod
+ def _create_user_role_on_project(cls, role_ids):
for role_id in role_ids:
- self.admin_roles_client.create_user_role_on_project(
- self.project_id, self.user_id, role_id)
+ cls.admin_roles_client.create_user_role_on_project(
+ cls._project_id, cls._user_id, role_id)
- def _list_and_clear_user_roles_on_project(self, role_ids):
- roles = self.admin_roles_client.list_user_roles_on_project(
- self.project_id, self.user_id)['roles']
+ @classmethod
+ def _list_and_clear_user_roles_on_project(cls, role_ids):
+ roles = cls.admin_roles_client.list_user_roles_on_project(
+ cls._project_id, cls._user_id)['roles']
all_role_ids = [role['id'] for role in roles]
# NOTE(felipemonteiro): We do not use ``role_id in all_role_ids`` here
@@ -364,13 +393,14 @@
return True
for role in roles:
- self.admin_roles_client.delete_role_from_user_on_project(
- self.project_id, self.user_id, role['id'])
+ cls.admin_roles_client.delete_role_from_user_on_project(
+ cls._project_id, cls._user_id, role['id'])
return False
@contextlib.contextmanager
- def override_role_and_validate_list(self, test_obj, admin_resources=None,
+ def override_role_and_validate_list(self,
+ admin_resources=None,
admin_resource_id=None):
"""Call ``override_role`` and validate RBAC for a list API action.
@@ -393,45 +423,17 @@
admin_resource_id = (
self.ntp_client.create_dscp_marking_rule()
["dscp_marking_rule"]["id'])
- with self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id) as ctx:
+ with self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id) as ctx:
# the list of resources available for member role
ctx.resources = self.ntp_client.list_dscp_marking_rules(
policy_id=self.policy_id)["dscp_marking_rules"]
"""
ctx = _ValidateListContext(admin_resources, admin_resource_id)
- with self.override_role(test_obj):
+ with self.override_role():
yield ctx
ctx._validate()
-
-class RbacUtilsMixin(object):
- """Mixin class to be used alongside an instance of
- :py:class:`tempest.test.BaseTestCase`.
-
- Should be used to perform Patrole class setup for a base RBAC class. Child
- classes should not use this mixin.
-
- Example::
-
- class BaseRbacTest(rbac_utils.RbacUtilsMixin, base.BaseV2ComputeTest):
-
- @classmethod
- def skip_checks(cls):
- super(BaseRbacTest, cls).skip_checks()
- cls.skip_rbac_checks()
-
- @classmethod
- def setup_clients(cls):
- super(BaseRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
- """
-
- # Shows if override_role was called.
- __override_role_called = False
- # Shows if exception raised during override_role.
- __override_role_caught_exc = False
-
@classmethod
def get_auth_providers(cls):
"""Returns list of auth_providers used within test.
@@ -441,10 +443,6 @@
"""
return [cls.os_primary.auth_provider]
- @classmethod
- def setup_rbac_utils(cls):
- cls.rbac_utils = RbacUtils(cls)
-
def _set_override_role_called(self):
"""Helper for tracking whether ``override_role`` was called."""
self.__override_role_called = True
diff --git a/patrole_tempest_plugin/tests/api/compute/rbac_base.py b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
index ab4551e..b798b16 100644
--- a/patrole_tempest_plugin/tests/api/compute/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
@@ -24,7 +24,6 @@
@classmethod
def setup_clients(cls):
super(BaseV2ComputeRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
cls.hosts_client = cls.os_primary.hosts_client
cls.tenant_usages_client = cls.os_primary.tenant_usages_client
cls.networks_client = cls.os_primary.networks_client
diff --git a/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py
index 617aa5b..3ca5e9d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py
@@ -45,7 +45,7 @@
service="nova", rules=["os_compute_api:os-agents"])
@decorators.idempotent_id('d1bc6d97-07f5-4f45-ac29-1c619a6a7e27')
def test_list_agents_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.list_agents()
@rbac_rule_validation.action(
@@ -56,7 +56,7 @@
params = {'hypervisor': 'kvm', 'os': 'win', 'architecture': 'x86',
'version': '7.0', 'url': 'xxx://xxxx/xxx/xxx',
'md5hash': 'add6bb58e139be103324d04d82d8f545'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.agents_client.create_agent(**params)['agent']
self.addCleanup(self.agents_client.delete_agent,
body['agent_id'])
@@ -79,7 +79,7 @@
url='xxx://xxxx/xxx/xxx2',
md5hash='add6bb58e139be103324d04d82d8f547')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.update_agent(body['agent_id'], **update_params)
@rbac_rule_validation.action(
@@ -96,5 +96,5 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.agents_client.delete_agent,
body['agent_id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.delete_agent(body['agent_id'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_aggregates_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_aggregates_rbac.py
index dea8bb9..687512b 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_aggregates_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_aggregates_rbac.py
@@ -84,7 +84,7 @@
service="nova", rules=["os_compute_api:os-aggregates:create"])
@decorators.idempotent_id('ba754393-896e-434a-9704-452ff4a84f3f')
def test_create_aggregate_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_aggregate()
@rbac_rule_validation.action(
@@ -92,14 +92,14 @@
@decorators.idempotent_id('8fb0b749-b120-4727-b3fb-bcfa3fa6f55b')
def test_show_aggregate_rbac(self):
aggregate_id = self._create_aggregate()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.show_aggregate(aggregate_id)
@rbac_rule_validation.action(
service="nova", rules=["os_compute_api:os-aggregates:index"])
@decorators.idempotent_id('146284da-5dd6-4c97-b598-42b480f014c6')
def test_list_aggregate_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.list_aggregates()
@rbac_rule_validation.action(
@@ -108,7 +108,7 @@
def test_update_aggregate_rbac(self):
aggregate_id = self._create_aggregate()
new_name = data_utils.rand_name(self.__class__.__name__ + '-aggregate')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.update_aggregate(aggregate_id,
name=new_name)
@@ -117,7 +117,7 @@
@decorators.idempotent_id('5a50c5a6-0f12-4405-a1ce-2288ae895ea6')
def test_delete_aggregate_rbac(self):
aggregate_id = self._create_aggregate()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.delete_aggregate(aggregate_id)
@rbac_rule_validation.action(
@@ -125,7 +125,7 @@
@decorators.idempotent_id('97e6e9df-5291-4faa-8147-755b2d1f1ce2')
def test_add_host_to_aggregate_rbac(self):
aggregate_id = self._create_aggregate()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._add_host_to_aggregate(aggregate_id)
@rbac_rule_validation.action(
@@ -134,7 +134,7 @@
def test_remove_host_from_aggregate_rbac(self):
aggregate_id = self._create_aggregate()
self._add_host_to_aggregate(aggregate_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.remove_host(aggregate_id, host=self.host)
@rbac_rule_validation.action(
@@ -144,7 +144,7 @@
aggregate_id = self._create_aggregate()
rand_key = data_utils.rand_name(self.__class__.__name__ + '-key')
rand_val = data_utils.rand_name(self.__class__.__name__ + '-val')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.set_metadata(
aggregate_id,
metadata={rand_key: rand_val})
diff --git a/patrole_tempest_plugin/tests/api/compute/test_availability_zone_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_availability_zone_rbac.py
index d8b165c..c7fe642 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_availability_zone_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_availability_zone_rbac.py
@@ -33,7 +33,7 @@
rules=["os_compute_api:os-availability-zone:list"])
@decorators.idempotent_id('cd34e7ea-d26e-4fa3-a8d0-f8883726ce3d')
def test_get_availability_zone_list_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.availability_zone_client.list_availability_zones()
@rbac_rule_validation.action(
@@ -41,5 +41,5 @@
rules=["os_compute_api:os-availability-zone:detail"])
@decorators.idempotent_id('2f61c191-6ece-4f21-b487-39d749e3d38e')
def test_get_availability_zone_list_detail_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.availability_zone_client.list_availability_zones(detail=True)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py
index 25f7d5f..2aae19d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py
@@ -58,7 +58,7 @@
service="nova",
rules=["os_compute_api:os-fixed-ips"])
def test_show_fixed_ip_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fixed_ips_client.show_fixed_ip(self.ip)
@decorators.idempotent_id('f0314501-735d-4315-9856-959e01e82f0d')
@@ -66,7 +66,7 @@
service="nova",
rules=["os_compute_api:os-fixed-ips"])
def test_set_reserve(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fixed_ips_client.reserve_fixed_ip(self.ip, reserve="None")
@decorators.idempotent_id('866a6fdc-a237-4502-9bf2-52fe82aba356')
@@ -74,5 +74,5 @@
service="nova",
rules=["os_compute_api:os-fixed-ips"])
def test_set_unreserve(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fixed_ips_client.reserve_fixed_ip(self.ip, unreserve="None")
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
index 8d4d70f..9f976bd 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
@@ -44,7 +44,7 @@
def test_show_flavor_contains_is_public_key(self):
public_flavor_id = CONF.compute.flavor_ref
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.flavors_client.show_flavor(public_flavor_id)[
'flavor']
@@ -62,7 +62,7 @@
def test_list_flavors_details_contains_is_public_key(self):
expected_attr = 'os-flavor-access:is_public'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
flavors = self.flavors_client.list_flavors(detail=True)['flavors']
# There should already be a public flavor available, namely
# `CONF.compute.flavor_ref`.
@@ -79,7 +79,7 @@
service="nova",
rules=["os_compute_api:os-flavor-access:add_tenant_access"])
def test_add_flavor_access(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.add_flavor_access(
flavor_id=self.flavor_id, tenant_id=self.tenant_id)
self.addCleanup(self.flavors_client.remove_flavor_access,
@@ -96,7 +96,7 @@
self.flavors_client.remove_flavor_access,
flavor_id=self.flavor_id, tenant_id=self.tenant_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.remove_flavor_access(
flavor_id=self.flavor_id, tenant_id=self.tenant_id)
@@ -112,5 +112,5 @@
self.addCleanup(self.flavors_client.remove_flavor_access,
flavor_id=self.flavor_id, tenant_id=self.tenant_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.list_flavor_access(self.flavor_id)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
index b781540..c2f9f40 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
@@ -53,7 +53,7 @@
rules=["os_compute_api:os-flavor-extra-specs:show"])
def test_show_flavor_extra_spec(self):
key = self._set_flavor_extra_spec()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.show_flavor_extra_spec(self.flavor['id'], key)
@decorators.idempotent_id('fcffeca2-ed04-4e85-bf93-02fb5643f22b')
@@ -61,7 +61,7 @@
service="nova",
rules=["os_compute_api:os-flavor-extra-specs:create"])
def test_set_flavor_extra_spec(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._set_flavor_extra_spec()
@decorators.idempotent_id('42b85279-6bfa-4f58-b7a2-258c284f03c5')
@@ -71,7 +71,7 @@
def test_update_flavor_extra_spec(self):
key = self._set_flavor_extra_spec()
update_val = data_utils.rand_name(self.__class__.__name__ + '-val')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.update_flavor_extra_spec(
self.flavor['id'], key, **{key: update_val})
@@ -81,7 +81,7 @@
rules=["os_compute_api:os-flavor-extra-specs:delete"])
def test_unset_flavor_extra_spec(self):
key = self._set_flavor_extra_spec()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.unset_flavor_extra_spec(self.flavor['id'], key)
@decorators.idempotent_id('02c3831a-3ce9-476e-a722-d805ac2da621')
@@ -90,5 +90,5 @@
rules=["os_compute_api:os-flavor-extra-specs:index"])
def test_list_flavor_extra_specs(self):
self._set_flavor_extra_spec()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.list_flavor_extra_specs(self.flavor['id'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py
index f968d4e..2aa6932 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py
@@ -34,7 +34,7 @@
service="nova",
rules=["os_compute_api:os-flavor-manage:create"])
def test_create_flavor_manage(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_flavor()
@decorators.idempotent_id('782e988e-061b-4c40-896f-a77c70c2b057')
@@ -44,6 +44,6 @@
def test_delete_flavor_manage(self):
flavor_id = self.create_flavor()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.flavors_client.delete_flavor(flavor_id)
self.flavors_client.wait_for_resource_deletion(flavor_id)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
index cbb2e19..50ab048 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
@@ -42,7 +42,7 @@
service="nova",
rules=["os_compute_api:os-flavor-rxtx"])
def test_list_flavors_details_rxtx(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
result = self.flavors_client.list_flavors(detail=True)['flavors']
if 'rxtx_factor' not in result[0]:
raise rbac_exceptions.RbacMissingAttributeResponseBody(
@@ -55,7 +55,7 @@
service="nova",
rules=["os_compute_api:os-flavor-rxtx"])
def test_get_flavor_rxtx(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
result = self.flavors_client.show_flavor(
CONF.compute.flavor_ref)['flavor']
if 'rxtx_factor' not in result:
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
index eef7943..327ed08 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
@@ -50,5 +50,5 @@
service="nova",
rules=["os_compute_api:os-floating-ip-pools"])
def test_list_floating_ip_pools(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fip_pools_client.list_floating_ip_pools()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
index 4a8426c..337ca6d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
@@ -91,7 +91,7 @@
service="nova",
rules=["os_compute_api:os-floating-ips-bulk"])
def test_create_floating_ips_bulk(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_floating_ips_bulk()
@decorators.idempotent_id('3b5c8a02-005d-4256-8a95-6fa2f389c6cf')
@@ -99,7 +99,7 @@
service="nova",
rules=["os_compute_api:os-floating-ips-bulk"])
def test_list_floating_ips_bulk(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fip_bulk_client.list_floating_ips_bulk()
@decorators.idempotent_id('37c2b759-c494-4e20-9dba-6a67b2df9573')
@@ -108,5 +108,5 @@
rules=["os_compute_api:os-floating-ips-bulk"])
def test_delete_floating_ips_bulk(self):
self._create_floating_ips_bulk()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.fip_bulk_client.delete_floating_ips_bulk(self.ip_range)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
index 0f37a80..bfd8811 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
@@ -46,7 +46,7 @@
service="nova",
rules=["os_compute_api:os-floating-ips"])
def test_list_floating_ips(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.floating_ips_client.list_floating_ips()
@decorators.idempotent_id('bebe52b3-5269-4e72-80c8-5a4a39c3bfa6')
@@ -58,7 +58,7 @@
pool=CONF.network.floating_network_name)['floating_ip']
self.addCleanup(
self.floating_ips_client.delete_floating_ip, body['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.floating_ips_client.show_floating_ip(body['id'])
@decorators.idempotent_id('2bfb8745-c329-4ee9-95f6-c165a1989dbf')
@@ -66,7 +66,7 @@
service="nova",
rules=["os_compute_api:os-floating-ips"])
def test_create_floating_ips(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.floating_ips_client.create_floating_ip(
pool=CONF.network.floating_network_name)['floating_ip']
self.addCleanup(
@@ -82,5 +82,5 @@
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
self.floating_ips_client.delete_floating_ip, body['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.floating_ips_client.delete_floating_ip(body['id'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
index f2d8113..45be09d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
@@ -38,7 +38,7 @@
service="nova",
rules=["os_compute_api:os-hosts"])
def test_list_hosts(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hosts_client.list_hosts()
@decorators.idempotent_id('bc10d8b4-d2c3-4d4e-9d2b-31d1bd3e1b51')
@@ -50,5 +50,5 @@
hosts = [host for host in hosts if host['service'] == 'compute']
self.assertNotEmpty(hosts)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hosts_client.show_host(hosts[0]['host_name'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
index 5488556..bef9332 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
@@ -41,7 +41,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_list_hypervisors(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.list_hypervisors()
@decorators.idempotent_id('36b95c7d-1085-487a-a674-b7c1ca35f520')
@@ -49,7 +49,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_list_hypervisors_with_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.list_hypervisors(detail=True)
@decorators.idempotent_id('8a7f6f9e-34a6-4480-8875-bba566c3a581')
@@ -57,7 +57,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_show_hypervisor(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.show_hypervisor(self.hypervisor['id'])
@decorators.idempotent_id('ca0e465c-6365-4a7f-ae58-6f8ddbca06c2')
@@ -65,7 +65,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_show_hypervisor_statistics(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.show_hypervisor_statistics()
@decorators.idempotent_id('109b37c5-91ba-4da5-b2a2-d7618d84406d')
@@ -73,7 +73,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_show_hypervisor_uptime(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.show_hypervisor_uptime(
self.hypervisor['id'])
@@ -104,7 +104,7 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_list_servers_on_hypervisor(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.list_servers_on_hypervisor(
self.hypervisor['hypervisor_hostname'])
@@ -113,6 +113,6 @@
service="nova",
rules=["os_compute_api:os-hypervisors"])
def test_search_hypervisor(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.hypervisor_client.search_hypervisor(
self.hypervisor['hypervisor_hostname'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
index e16222c..1f94400 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
@@ -81,7 +81,7 @@
service="glance",
rules=["get_images"])
def test_list_images(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.list_images()
@decorators.idempotent_id('4365ae0f-15ee-4b54-a527-1679faaed140')
@@ -89,7 +89,7 @@
service="glance",
rules=["get_images"])
def test_list_images_with_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.list_images(detail=True)
@decorators.idempotent_id('886dfcae-51bf-4610-9e52-82d7189524c2')
@@ -97,7 +97,7 @@
service="glance",
rules=["get_image"])
def test_show_image_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.show_image(self.image['id'])
@decorators.idempotent_id('5888c7aa-0803-46d4-a3fb-5d4729465cd5')
@@ -110,7 +110,7 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.glance_image_client.delete_image, image['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.delete_image(image['id'])
@@ -171,7 +171,7 @@
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.show_image_metadata_item(
self.image['id'], key='foo')
@@ -180,7 +180,7 @@
service="glance",
rules=["get_image"])
def test_list_image_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.list_image_metadata(self.image['id'])
@decorators.idempotent_id('575604aa-909f-4b1b-a5a5-cfae1f63044b')
@@ -188,7 +188,7 @@
service="glance",
rules=["modify_image"])
def test_create_image_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# NOTE(felipemonteiro): Although the name of the client function
# appears wrong, it's actually correct: update_image_metadata does
# an http post.
@@ -202,7 +202,7 @@
service="glance",
rules=["modify_image"])
def test_update_image_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.set_image_metadata(self.image['id'],
meta={'foo': 'bar'})
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
@@ -213,7 +213,7 @@
service="glance",
rules=["modify_image"])
def test_update_image_metadata_item(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.set_image_metadata_item(
self.image['id'], meta={'foo': 'bar'}, key='foo')
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
@@ -230,7 +230,7 @@
self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.compute_images_client.delete_image_metadata_item(
self.image['id'], key='foo')
@@ -288,7 +288,7 @@
service="nova",
rules=["os_compute_api:image-size"])
def test_show_image_includes_image_size(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.compute_images_client.show_image(self.image['id'])[
'image']
@@ -304,7 +304,7 @@
service="nova",
rules=["os_compute_api:image-size"])
def test_list_images_with_details_includes_image_size(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.compute_images_client.list_images(detail=True)[
'images']
diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
index 163d29a..603b1e2 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
@@ -38,7 +38,7 @@
@rbac_rule_validation.action(
service="nova", rules=["os_compute_api:os-instance-usage-audit-log"])
def test_list_instance_usage_audit_logs(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
(self.instance_usages_audit_log_client
.list_instance_usage_audit_logs())
@@ -48,7 +48,7 @@
def test_show_instance_usage_audit_log(self):
now = datetime.datetime.now()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
(self.instance_usages_audit_log_client.
show_instance_usage_audit_log(
urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S"))))
diff --git a/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
index c024a38..15d7143 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
@@ -36,7 +36,7 @@
service="nova",
rules=["os_compute_api:os-keypairs:create"])
def test_create_keypair(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_keypair()
@decorators.idempotent_id('85a5eb99-40ec-4e77-9358-bee2cdf9d7df')
@@ -45,7 +45,7 @@
rules=["os_compute_api:os-keypairs:show"])
def test_show_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.keypairs_client.show_keypair(kp_name)
@decorators.idempotent_id('6bff9f1c-b809-43c1-8d63-61fbd19d49d3')
@@ -54,7 +54,7 @@
rules=["os_compute_api:os-keypairs:delete"])
def test_delete_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.keypairs_client.delete_keypair(kp_name)
@decorators.idempotent_id('6bb31346-ff7f-4b10-978e-170ac5fcfa3e')
@@ -62,5 +62,5 @@
service="nova",
rules=["os_compute_api:os-keypairs:index"])
def test_index_keypair(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.keypairs_client.list_keypairs()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
index f1e0393..564a36d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
@@ -31,5 +31,5 @@
rules=["os_compute_api:limits"])
@decorators.idempotent_id('3fb60f83-9a5f-4fdd-89d9-26c3710844a1')
def test_show_limits(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.limits_client.show_limits()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
index 6596ac9..cd3047d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
@@ -34,5 +34,5 @@
service="nova",
rules=["os_compute_api:os-migrations:index"])
def test_list_services(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.migrations_client.list_migrations()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
index 201922c..d9022d4 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
@@ -65,7 +65,7 @@
service="nova",
rules=["os_compute_api:os-quota-class-sets:show"])
def test_show_quota_class_set(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quota_classes_client.show_quota_class_set('default')
@decorators.idempotent_id('81889e69-efd2-4e96-bb4c-ee3b646b9755')
@@ -80,6 +80,6 @@
for quota, default in quota_class_set.items():
quota_class_set[quota] = default + 100
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quota_classes_client.update_quota_class_set(
self.project_id, **quota_class_set)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
index 2b05408..5835905 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
@@ -61,7 +61,7 @@
default_quota_set.pop('id')
new_quota_set = {'injected_file_content_bytes': 20480}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.update_quota_set(self.tenant_id,
force=True,
**new_quota_set)
@@ -73,7 +73,7 @@
service="nova",
rules=["os_compute_api:os-quota-sets:defaults"])
def test_show_default_quota_set(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_default_quota_set(self.tenant_id)
@decorators.idempotent_id('e8169ac4-c402-4864-894e-aba74e3a459c')
@@ -81,7 +81,7 @@
service="nova",
rules=["os_compute_api:os-quota-sets:show"])
def test_show_quota_set(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_quota_set(self.tenant_id)
@decorators.idempotent_id('4e240644-bf61-4872-9c32-8289ee2fdbbd')
@@ -99,7 +99,7 @@
identity.identity_utils(self.os_admin).delete_project,
project_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.delete_quota_set(project_id)
@decorators.idempotent_id('ac9184b6-f3b3-4e17-a632-4b92c6500f86')
@@ -107,6 +107,6 @@
service="nova",
rules=["os_compute_api:os-quota-sets:detail"])
def test_show_quota_set_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_quota_set(self.tenant_id,
detail=True)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index 33d2ed1..4333918 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
@@ -58,7 +58,7 @@
rules=["os_compute_api:os-security-groups"])
@decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
def test_list_security_groups_by_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_security_groups_by_server(
self.server['id'])
@@ -69,7 +69,7 @@
def test_create_security_group_for_server(self):
sg_name = self.create_security_group()['name']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.add_security_group(self.server['id'],
name=sg_name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
@@ -88,7 +88,7 @@
self.servers_client.remove_security_group,
self.server['id'], name=sg_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.remove_security_group(
self.server['id'], name=sg_name)
@@ -119,7 +119,7 @@
rules=["os_compute_api:os-security-groups"])
@decorators.idempotent_id('4ac58e49-48c1-4fca-a6c3-3f95fb99eb77')
def test_list_security_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.list_security_groups()
@rbac_rule_validation.action(
@@ -127,7 +127,7 @@
rules=["os_compute_api:os-security-groups"])
@decorators.idempotent_id('e8fe7f5a-69ee-412d-81d3-a8c7a488b54d')
def test_create_security_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_security_group()['id']
@rbac_rule_validation.action(
@@ -136,7 +136,7 @@
@decorators.idempotent_id('59127e8e-302d-11e7-93ae-92361f002671')
def test_delete_security_groups(self):
sec_group_id = self.create_security_group()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.delete_security_group(sec_group_id)
@rbac_rule_validation.action(
@@ -148,7 +148,7 @@
new_name = data_utils.rand_name()
new_desc = data_utils.rand_name()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.update_security_group(
sec_group_id, name=new_name, description=new_desc)
@@ -158,5 +158,5 @@
@decorators.idempotent_id('6edc0320-302d-11e7-93ae-92361f002671')
def test_show_security_groups(self):
sec_group_id = self.create_security_group()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.show_security_group(sec_group_id)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
index 0ff6ebe..5f27c9f 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
@@ -121,7 +121,7 @@
service="nova",
rules=["os_compute_api:os-pause-server:pause"])
def test_pause_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._pause_server()
@decorators.idempotent_id('087008cf-82fa-4eeb-ae8b-32c4126456ad')
@@ -132,7 +132,7 @@
rules=["os_compute_api:os-pause-server:unpause"])
def test_unpause_server(self):
self._pause_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unpause_server(self.server_id)
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -142,7 +142,7 @@
rules=["os_compute_api:servers:stop"])
@decorators.idempotent_id('ab4a17d2-166f-4a6d-9944-f17baa576cf2')
def test_stop_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._stop_server()
@decorators.attr(type='slow')
@@ -153,7 +153,7 @@
def test_start_server(self):
self._stop_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.start_server(self.server_id)
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -166,7 +166,7 @@
@testtools.skipUnless(CONF.compute_feature_enabled.resize,
'Resize is not available.')
def test_resize_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._resize_server(self.flavor_ref_alt)
@decorators.attr(type='slow')
@@ -179,7 +179,7 @@
def test_revert_resize_server(self):
self._resize_server(self.flavor_ref_alt)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.revert_resize_server(self.server_id)
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -197,7 +197,7 @@
self.addCleanup(self._resize_server, self.flavor_ref)
self.addCleanup(self._confirm_resize_server)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._confirm_resize_server()
@rbac_rule_validation.action(
@@ -205,7 +205,7 @@
rules=["os_compute_api:servers:rebuild"])
@decorators.idempotent_id('54b1a30b-c96c-472c-9c83-ccaf6ec7e20b')
def test_rebuild_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.rebuild_server(self.server_id, self.image_ref)
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -215,7 +215,7 @@
rules=["os_compute_api:servers:reboot"])
@decorators.idempotent_id('19f27856-56e1-44f8-8615-7257f6b85cbb')
def test_reboot_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.reboot_server(self.server_id, type='HARD')
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -225,7 +225,7 @@
rules=["os_compute_api:servers:index"])
@decorators.idempotent_id('631f0d86-7607-4198-8312-9da2f05464a4')
def test_server_index(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_servers(minimal=True)
@rbac_rule_validation.action(
@@ -233,7 +233,7 @@
rules=["os_compute_api:servers:detail"])
@decorators.idempotent_id('96093480-3ce5-4a8b-b569-aed870379c24')
def test_server_detail(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_servers(detail=True)
@rbac_rule_validation.action(
@@ -241,7 +241,7 @@
rules=["os_compute_api:servers:detail:get_all_tenants"])
@decorators.idempotent_id('a9e5a1c0-acfe-49a2-b2b1-fd8b19d61f71')
def test_server_detail_all_tenants(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_servers(detail=True, all_tenants=1)
@rbac_rule_validation.action(
@@ -249,7 +249,7 @@
rules=["os_compute_api:servers:index:get_all_tenants"])
@decorators.idempotent_id('4b93ba56-69e6-41f5-82c4-84a5c4c42091')
def test_server_index_all_tenants(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_servers(minimal=True, all_tenants=1)
@rbac_rule_validation.action(
@@ -257,7 +257,7 @@
rules=["os_compute_api:servers:show"])
@decorators.idempotent_id('eaaf4f51-31b5-497f-8f0f-f527e5f70b83')
def test_show_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.show_server(self.server_id)
@utils.services('image')
@@ -266,7 +266,7 @@
rules=["os_compute_api:servers:create_image"])
@decorators.idempotent_id('ba0ac859-99f4-4055-b5e0-e0905a44d331')
def test_create_image(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# This function will also call show image
self.create_image_from_server(self.server_id, wait_until='ACTIVE')
@@ -281,7 +281,7 @@
# this test.
server = self.create_test_server(volume_backed=True,
wait_until='ACTIVE')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# This function will also call show image.
image = self.create_image_from_server(server['id'],
wait_until='ACTIVE',
@@ -313,7 +313,7 @@
backup_name = data_utils.rand_name(self.__class__.__name__ + '-Backup')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp = self.servers_client.create_backup(
self.server_id, backup_type='daily', rotation=1,
name=backup_name).response
@@ -336,7 +336,7 @@
service="nova",
rules=["os_compute_api:os-shelve:shelve"])
def test_shelve_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._shelve_server()
@decorators.attr(type='slow')
@@ -346,7 +346,7 @@
rules=["os_compute_api:os-shelve:unshelve"])
def test_unshelve_server(self):
self._shelve_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unshelve_server(self.server_id)
waiters.wait_for_server_status(
self.servers_client, self.server_id, 'ACTIVE')
@@ -373,7 +373,7 @@
# NOTE(felipemonteiro): Because evacuating a server is a risky action
# to test in the gates, a 404 is coerced using a fake host. However,
# the policy check is done before the 404 is thrown.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.assertRaisesRegex(
lib_exc.NotFound,
"Compute host %s not found." % fake_host_name,
@@ -399,7 +399,7 @@
rules=["os_compute_api:servers:show:host_status"])
@decorators.idempotent_id('736da575-86f8-4b2a-9902-dd37dc9a409b')
def test_show_server_host_status(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
server = self.servers_client.show_server(self.server_id)['server']
if 'host_status' not in server:
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_consoles_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_consoles_rbac.py
index 4570ea1..7e2693d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_consoles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_consoles_rbac.py
@@ -40,7 +40,7 @@
rules=["os_compute_api:os-console-output"])
@decorators.idempotent_id('90fd80f6-456c-11e7-a919-92ebcb67fe33')
def test_get_console_output(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.get_console_output(self.server_id)
@@ -64,7 +64,7 @@
rules=["os_compute_api:os-remote-consoles"])
@decorators.idempotent_id('b0a72c02-9b15-4dcb-b186-efe8753370ab')
def test_get_vnc_console_output(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.get_vnc_console(self.server_id, type="novnc")
@@ -89,6 +89,6 @@
rules=["os_compute_api:os-remote-consoles"])
@decorators.idempotent_id('879597de-87e0-4da9-a60a-28c8088dc508')
def test_get_remote_console_output(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.get_remote_console(self.server_id,
"novnc", "vnc")
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_groups_rbac.py
index 26ef0fe..7c5002b 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_groups_rbac.py
@@ -34,7 +34,7 @@
rules=["os_compute_api:os-server-groups:create"])
@decorators.idempotent_id('7f3eae94-6130-47e9-81ac-34009f55be2f')
def test_create_server_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_test_server_group()
@rbac_rule_validation.action(
@@ -43,7 +43,7 @@
@decorators.idempotent_id('832d9be3-632e-47b2-93d2-5897db43e3e2')
def test_delete_server_group(self):
server_group = self.create_test_server_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.server_groups_client.delete_server_group(server_group['id'])
@rbac_rule_validation.action(
@@ -51,7 +51,7 @@
rules=["os_compute_api:os-server-groups:index"])
@decorators.idempotent_id('5eccd67f-5945-483b-b1c8-de851ebfc1c1')
def test_list_server_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.server_groups_client.list_server_groups()
@rbac_rule_validation.action(
@@ -60,5 +60,5 @@
@decorators.idempotent_id('62534e3f-7e99-4a3d-a08e-33e056460cf2')
def test_show_server_group(self):
server_group = self.create_test_server_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.server_groups_client.show_server_group(server_group['id'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_metadata_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_metadata_rbac.py
index 6193938..07201fc 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_metadata_rbac.py
@@ -37,7 +37,7 @@
service="nova",
rules=["os_compute_api:server-metadata:index"])
def test_list_server_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_server_metadata(self.server['id'])
@decorators.idempotent_id('6e76748b-2417-4fa2-b41a-c0cc4bff356b')
@@ -45,7 +45,7 @@
service="nova",
rules=["os_compute_api:server-metadata:update_all"])
def test_set_server_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.set_server_metadata(self.server['id'], {})
@decorators.idempotent_id('1060bac4-fe16-4a77-be64-d8e482a06eab')
@@ -53,7 +53,7 @@
service="nova",
rules=["os_compute_api:server-metadata:create"])
def test_update_server_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.update_server_metadata(self.server['id'], {})
@decorators.idempotent_id('93dd8323-d3fa-48d1-8bd6-91c1b62fc341')
@@ -61,7 +61,7 @@
service="nova",
rules=["os_compute_api:server-metadata:show"])
def test_show_server_metadata_item(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.show_server_metadata_item(
self.server['id'], 'default_key')
@@ -70,7 +70,7 @@
service="nova",
rules=["os_compute_api:server-metadata:update"])
def test_set_server_metadata_item(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.set_server_metadata_item(
self.server['id'], 'default_key', {'default_key': 'value2'})
@@ -79,6 +79,6 @@
service="nova",
rules=["os_compute_api:server-metadata:delete"])
def test_delete_server_metadata_item(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.delete_server_metadata_item(
self.server['id'], 'delete_key')
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_migrations_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_migrations_rbac.py
index 8ae8bc0..6ad8f40 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_migrations_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_migrations_rbac.py
@@ -66,7 +66,7 @@
@decorators.idempotent_id('c6f1607c-9fed-4c00-807e-9ba675b98b1b')
def test_cold_migration(self):
server = self.create_test_server(wait_until="ACTIVE")
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.migrate_server(server['id'])
waiters.wait_for_server_status(self.servers_client,
server['id'], 'VERIFY_RESIZE')
@@ -84,7 +84,7 @@
actual_host = self._get_host_for_server(server_id)
target_host = self._get_host_other_than(actual_host)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.live_migrate_server(
server_id, host=target_host,
block_migration=self.block_migration)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 5e38970..1e07758 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -85,7 +85,7 @@
@decorators.idempotent_id('ae84dd0b-f364-462e-b565-3457f9c019ef')
def test_reset_server_state(self):
"""Test reset server state, part of os-admin-actions."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.reset_state(self.server['id'], state='error')
self.addCleanup(self.servers_client.reset_state, self.server['id'],
state='active')
@@ -97,7 +97,7 @@
@decorators.idempotent_id('ce48c340-51c1-4cff-9b6e-0cc5ef008630')
def test_inject_network_info(self):
"""Test inject network info, part of os-admin-actions."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.inject_network_info(self.server['id'])
@utils.requires_ext(extension='os-admin-actions', service='compute')
@@ -107,7 +107,7 @@
@decorators.idempotent_id('2911a242-15c4-4fcb-80d5-80a8930661b0')
def test_reset_network(self):
"""Test reset network, part of os-admin-actions."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.reset_network(self.server['id'])
@testtools.skipUnless(CONF.compute_feature_enabled.change_password,
@@ -121,7 +121,7 @@
original_password = self.servers_client.show_password(
self.server['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.change_password(
self.server['id'], adminPass=data_utils.rand_password())
self.addCleanup(self.servers_client.change_password, self.server['id'],
@@ -138,7 +138,7 @@
rules=["os_compute_api:os-config-drive"])
def test_list_servers_with_details_config_drive(self):
"""Test list servers with config_drive property in response body."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.list_servers(detail=True)['servers']
expected_attr = 'config_drive'
# If the first server contains "config_drive", then all the others do.
@@ -155,7 +155,7 @@
rules=["os_compute_api:os-config-drive"])
def test_show_server_config_drive(self):
"""Test show server with config_drive property in response body."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
expected_attr = 'config_drive'
if expected_attr not in body:
@@ -169,7 +169,7 @@
rules=["os_compute_api:os-deferred-delete"])
def test_force_delete_server(self):
"""Test force delete server, part of os-deferred-delete."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Force-deleting a server enforces os-deferred-delete.
self.servers_client.force_delete_server(self.server['id'])
@@ -184,7 +184,7 @@
"""Test list servers OS-EXT-AZ:availability_zone attr in resp body."""
expected_attr = 'OS-EXT-AZ:availability_zone'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.list_servers(detail=True)['servers']
# If the first server contains `expected_attr`, then all the others do.
if expected_attr not in body[0]:
@@ -202,7 +202,7 @@
"""Test show server OS-EXT-AZ:availability_zone attr in resp body."""
expected_attr = 'OS-EXT-AZ:availability_zone'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
if expected_attr not in body:
raise rbac_exceptions.RbacMissingAttributeResponseBody(
@@ -219,7 +219,7 @@
"""Test list servers with details, with extended server attributes in
response body.
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.list_servers(detail=True)['servers']
# NOTE(felipemonteiro): The attributes included below should be
@@ -243,7 +243,7 @@
"""Test show server with extended server attributes in response
body.
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
# NOTE(felipemonteiro): The attributes included below should be
@@ -265,7 +265,7 @@
rules=["os_compute_api:os-extended-status"])
def test_list_servers_extended_status(self):
"""Test list servers with extended properties in response body."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.list_servers(detail=True)['servers']
expected_attrs = ('OS-EXT-STS:task_state', 'OS-EXT-STS:vm_state',
@@ -284,7 +284,7 @@
rules=["os_compute_api:os-extended-status"])
def test_show_server_extended_status(self):
"""Test show server with extended properties in response body."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
expected_attrs = ('OS-EXT-STS:task_state', 'OS-EXT-STS:vm_state',
@@ -307,7 +307,7 @@
"""
expected_attr = 'os-extended-volumes:volumes_attached'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.list_servers(detail=True)['servers']
if expected_attr not in body[0]:
raise rbac_exceptions.RbacMissingAttributeResponseBody(
@@ -326,7 +326,7 @@
"""
expected_attr = 'os-extended-volumes:volumes_attached'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
if expected_attr not in body:
raise rbac_exceptions.RbacMissingAttributeResponseBody(
@@ -339,7 +339,7 @@
rules=["os_compute_api:os-instance-actions"])
def test_list_instance_actions(self):
"""Test list instance actions, part of os-instance-actions."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_instance_actions(self.server['id'])
@utils.requires_ext(extension='os-instance-actions', service='compute')
@@ -355,7 +355,7 @@
# NOTE: "os_compute_api:os-instance-actions" is also enforced.
request_id = self.server.response['x-compute-request-id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
instance_action = self.servers_client.show_instance_action(
self.server['id'], request_id)['instanceAction']
@@ -375,7 +375,7 @@
rules=["os_compute_api:os-keypairs"])
@decorators.idempotent_id('81e6fa34-c06b-42ca-b195-82bf8699b940')
def test_show_server_keypair(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
result = self.servers_client.show_server(self.server['id'])[
'server']
if 'key_name' not in result:
@@ -389,7 +389,7 @@
rules=["os_compute_api:os-keypairs"])
@decorators.idempotent_id('41ca4280-ec59-4b80-a9b1-6bc6366faf39')
def test_list_servers_keypairs(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
result = self.servers_client.list_servers(detail=True)['servers']
if 'key_name' not in result[0]:
raise rbac_exceptions.RbacMissingAttributeResponseBody(
@@ -401,7 +401,7 @@
@decorators.idempotent_id('b81e10fb-1864-498f-8c1d-5175c6fec5fb')
def test_lock_server(self):
"""Test lock server, part of os-lock-server."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.lock_server(self.server['id'])
self.addCleanup(self.servers_client.unlock_server, self.server['id'])
@@ -414,7 +414,7 @@
self.servers_client.lock_server(self.server['id'])
self.addCleanup(self.servers_client.unlock_server, self.server['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unlock_server(self.server['id'])
@rbac_rule_validation.action(
@@ -432,7 +432,7 @@
self.os_admin.servers_client.lock_server(self.server['id'])
self.addCleanup(self.servers_client.unlock_server, self.server['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unlock_server(self.server['id'])
@utils.requires_ext(extension='os-rescue', service='compute')
@@ -442,7 +442,7 @@
@decorators.idempotent_id('fbbb2afc-ed0e-4552-887d-ac00fb5d436e')
def test_rescue_server(self):
"""Test rescue server, part of os-rescue."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.rescue_server(self.server['id'])
waiters.wait_for_server_status(
self.servers_client, self.server['id'], 'RESCUE')
@@ -458,7 +458,7 @@
waiters.wait_for_server_status(
self.servers_client, self.server['id'], 'RESCUE')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unrescue_server(self.server['id'])
waiters.wait_for_server_status(
self.servers_client, self.server['id'], 'ACTIVE')
@@ -470,7 +470,7 @@
@decorators.idempotent_id('5dabfcc4-bedb-417b-8247-b3ee7c5c0f3e')
def test_show_server_diagnostics(self):
"""Test show server diagnostics, part of os-server-diagnostics."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.show_server_diagnostics(self.server['id'])
@utils.requires_ext(extension='os-server-password', service='compute')
@@ -480,7 +480,7 @@
rules=["os_compute_api:os-server-password"])
def test_delete_server_password(self):
"""Test delete server password, part of os-server-password."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.delete_password(self.server['id'])
@utils.requires_ext(extension='os-server-password', service='compute')
@@ -490,7 +490,7 @@
@decorators.idempotent_id('f677971a-7d20-493c-977f-6ff0a74b5b2c')
def test_get_server_password(self):
"""Test show server password, part of os-server-password."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.show_password(self.server['id'])
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
@@ -510,7 +510,7 @@
expected_attrs = ('OS-SRV-USG:launched_at',
'OS-SRV-USG:terminated_at')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.servers_client.show_server(self.server['id'])['server']
for expected_attr in expected_attrs:
if expected_attr not in body:
@@ -524,7 +524,7 @@
@decorators.idempotent_id('2aef094f-0452-4df6-a66a-0ec22a92b16e')
def test_list_simple_tenant_usages(self):
"""Test list tenant usages, part of os-simple-tenant-usage."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.tenant_usages_client.list_tenant_usages()
@utils.requires_ext(extension='os-simple-tenant-usage', service='compute')
@@ -536,7 +536,7 @@
"""Test show tenant usage, part of os-simple-tenant-usage."""
tenant_id = self.os_primary.credentials.tenant_id
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.tenant_usages_client.show_tenant_usage(tenant_id=tenant_id)
@testtools.skipUnless(CONF.compute_feature_enabled.suspend,
@@ -547,7 +547,7 @@
rules=["os_compute_api:os-suspend-server:suspend"])
def test_suspend_server(self):
"""Test suspend server, part of os-suspend-server."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.suspend_server(self.server['id'])
self.addCleanup(self.servers_client.resume_server, self.server['id'])
waiters.wait_for_server_status(
@@ -565,7 +565,7 @@
waiters.wait_for_server_status(
self.servers_client, self.server['id'], 'SUSPENDED')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.resume_server(self.server['id'])
waiters.wait_for_server_status(
self.servers_client, self.server['id'], 'ACTIVE')
@@ -657,7 +657,7 @@
rules=["os_compute_api:os-attach-interfaces"])
def test_list_interfaces(self):
"""Test list interfaces, part of os-attach-interfaces."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.interfaces_client.list_interfaces(self.server['id'])
@decorators.idempotent_id('1b9cf7db-dc50-48a2-8eb9-8c25af5e934a')
@@ -670,7 +670,7 @@
def test_show_interface(self):
"""Test show interfaces, part of os-attach-interfaces."""
interface = self._attach_interface_to_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.interfaces_client.show_interface(
self.server['id'], interface['port_id'])
@@ -684,7 +684,7 @@
def test_create_interface(self):
"""Test create interface, part of os-attach-interfaces."""
network_id = self.network['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
interface = self.interfaces_client.create_interface(
self.server['id'], net_id=network_id)['interfaceAttachment']
self.addCleanup(
@@ -709,7 +709,7 @@
"""Test delete interface, part of os-attach-interfaces."""
interface = self._attach_interface_to_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.interfaces_client.delete_interface(self.server['id'],
interface['port_id'])
waiters.wait_for_interface_detach(
@@ -722,7 +722,7 @@
rules=["os_compute_api:ips:index"])
def test_list_addresses(self):
"""Test list server addresses, part of ips policy family."""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_addresses(self.server['id'])
@decorators.idempotent_id('fa43e7e5-0db9-48eb-9c6b-c11eb766b8e4')
@@ -736,7 +736,7 @@
'addresses']
address = next(iter(addresses))
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_addresses_by_network(
self.server['id'], address)
@@ -763,7 +763,7 @@
self.interfaces_client.delete_interface,
self.server['id'], interface['port_id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.add_fixed_ip(self.server['id'],
networkId=network_id)
# Get the Fixed IP from server.
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
index 826e469..34312e2 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
@@ -48,7 +48,7 @@
rules=["os_compute_api:servers:create"])
@decorators.idempotent_id('4f34c73a-6ddc-4677-976f-71320fa855bd')
def test_create_server(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
server = self.servers_client.create_server(
name=data_utils.rand_name(self.__class__.__name__ + '-Server'),
flavorRef=CONF.compute.flavor_ref,
@@ -73,7 +73,7 @@
host = list(hosts[0].keys())[0]
availability_zone = 'nova:' + host
- with self.rbac_utils.override_role(self):
+ with self.override_role():
server = self.servers_client.create_server(
name=data_utils.rand_name(self.__class__.__name__ + '-Server'),
flavorRef=CONF.compute.flavor_ref,
@@ -103,7 +103,7 @@
'delete_on_termination': False}]
device_mapping = {'block_device_mapping_v2': bd_map_v2}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Use image_id='' to avoid using the default image in tempest.conf.
server = self.servers_client.create_server(
name=data_utils.rand_name(self.__class__.__name__ + '-Server'),
@@ -151,7 +151,7 @@
network = _create_network_resources()
network_id = {'uuid': network['id']}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
server = self.servers_client.create_server(
name=data_utils.rand_name(self.__class__.__name__ + '-Server'),
flavorRef=CONF.compute.flavor_ref,
@@ -168,7 +168,7 @@
def test_delete_server(self):
server = self.create_test_server(wait_until='ACTIVE')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.delete_server(server['id'])
waiters.wait_for_server_termination(
self.servers_client, server['id'])
@@ -179,7 +179,7 @@
@decorators.idempotent_id('077b17cb-5621-43b9-8adf-5725f0d7a863')
def test_update_server(self):
new_name = data_utils.rand_name(self.__class__.__name__ + '-server')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.update_server(self.server['id'],
name=new_name)
waiters.wait_for_server_status(self.servers_client,
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_tags_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_tags_rbac.py
index ac571b9..f1c08c5 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_tags_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_tags_rbac.py
@@ -49,7 +49,7 @@
service="nova",
rules=["os_compute_api:os-server-tags:index"])
def test_list_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_tags(self.server['id'])
@decorators.idempotent_id('9297c99e-94eb-429f-93cf-9b1838e33622')
@@ -58,7 +58,7 @@
rules=["os_compute_api:os-server-tags:show"])
def test_check_tag_existence(self):
tag_name = self._add_tag_to_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.check_tag_existence(self.server['id'],
tag_name)
@@ -67,7 +67,7 @@
service="nova",
rules=["os_compute_api:os-server-tags:update"])
def test_update_tag(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._add_tag_to_server()
@decorators.idempotent_id('115c2694-00aa-41ee-99f6-9eab4040c182')
@@ -76,7 +76,7 @@
rules=["os_compute_api:os-server-tags:delete"])
def test_delete_tag(self):
tag_name = self._add_tag_to_server()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.delete_tag(self.server['id'], tag_name)
@decorators.idempotent_id('a8e19b87-6580-4bc8-9933-e62561ff667d')
@@ -85,7 +85,7 @@
rules=["os_compute_api:os-server-tags:update_all"])
def test_update_all_tags(self):
new_tag_name = data_utils.rand_name(self.__class__.__name__ + '-tag')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.update_all_tags(self.server['id'],
[new_tag_name])
@@ -94,5 +94,5 @@
service="nova",
rules=["os_compute_api:os-server-tags:delete_all"])
def test_delete_all_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.delete_all_tags(self.server['id'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_volume_attachments_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_volume_attachments_rbac.py
index 78181f5..c34a437 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_volume_attachments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_volume_attachments_rbac.py
@@ -133,7 +133,7 @@
rules=["os_compute_api:os-volumes-attachments:index"])
@decorators.idempotent_id('529b668b-6edb-41d5-8886-d7dbd0614678')
def test_list_volume_attachments(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.list_volume_attachments(self.server['id'])
@decorators.attr(type='slow')
@@ -142,7 +142,7 @@
rules=["os_compute_api:os-volumes-attachments:create"])
@decorators.idempotent_id('21c2c3fd-fbe8-41b1-8ef8-115ec47d54c1')
def test_create_volume_attachment(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.attach_volume(self.server['id'],
volumeId=self.volume['id'])
# On teardown detach the volume and wait for it to be available. This
@@ -164,7 +164,7 @@
def test_show_volume_attachment(self):
attachment = self.attach_volume(self.server, self.volume)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.show_volume_attachment(
self.server['id'], attachment['id'])
@@ -181,7 +181,7 @@
# Attach "volume1" to server
self.attach_volume(self.server, volume1)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Swap volume from "volume1" to "volume2"
self.servers_client.update_attached_volume(
self.server['id'], volume1['id'], volumeId=volume2['id'])
@@ -201,7 +201,7 @@
def test_delete_volume_attachment(self):
self.attach_volume(self.server, self.volume)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.detach_volume(self.server['id'],
self.volume['id'])
waiters.wait_for_volume_resource_status(self.volumes_client,
diff --git a/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
index f32e117..dd7a4c3 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
@@ -34,5 +34,5 @@
rules=["os_compute_api:os-services"])
@decorators.idempotent_id('7472261b-9c6d-453a-bcb3-aecaa29ad281')
def test_list_services(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.list_services()['services']
diff --git a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
index a4ccc10..13c4b66 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
@@ -56,5 +56,5 @@
service="nova",
rules=["os_compute_api:os-tenant-networks"])
def test_list_show_tenant_networks(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.tenant_networks_client.list_tenant_networks()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_virtual_interfaces_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_virtual_interfaces_rbac.py
index 8376be0..5146b1d 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_virtual_interfaces_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_virtual_interfaces_rbac.py
@@ -53,7 +53,7 @@
If Neutron is available, then call the API and expect it to fail
with a 400 BadRequest (policy enforcement is done before that happens).
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
if CONF.service_available.neutron:
msg = ("Listing virtual interfaces is not supported by this "
"cloud.")
diff --git a/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
index 3c693ab..77a1ee2 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
@@ -62,7 +62,7 @@
service="nova",
rules=["os_compute_api:os-volumes"])
def test_create_volume(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
volume = self.volumes_extensions_client.create_volume(
size=CONF.volume.volume_size)['volume']
waiters.wait_for_volume_resource_status(self.volumes_client,
@@ -75,7 +75,7 @@
service="nova",
rules=["os_compute_api:os-volumes"])
def test_list_volumes(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_extensions_client.list_volumes()
@decorators.idempotent_id('4ba0a820-040f-488b-86bb-be2e920ea12c')
@@ -83,7 +83,7 @@
service="nova",
rules=["os_compute_api:os-volumes"])
def test_show_volume(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_extensions_client.show_volume(self.volume['id'])
@decorators.idempotent_id('6e7870f2-1bb2-4b58-96f8-6782071ef327')
@@ -92,7 +92,7 @@
rules=["os_compute_api:os-volumes"])
def test_delete_volume(self):
volume = self.create_volume()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_extensions_client.delete_volume(volume['id'])
@decorators.idempotent_id('0c3eaa4f-69d6-4a13-9dda-19585f36b1c1')
@@ -101,7 +101,7 @@
rules=["os_compute_api:os-volumes"])
def test_create_snapshot(self):
s_name = data_utils.rand_name(self.__class__.__name__ + '-Snapshot')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
snapshot = self.snapshots_extensions_client.create_snapshot(
volume_id=self.volume['id'], display_name=s_name)['snapshot']
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
@@ -112,7 +112,7 @@
service="nova",
rules=["os_compute_api:os-volumes"])
def test_list_snapshots(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_extensions_client.list_snapshots()
@decorators.idempotent_id('19c2e6bd-585b-472f-a8d7-71ea9299c655')
@@ -125,7 +125,7 @@
volume_id=self.volume['id'], display_name=s_name)['snapshot']
self.addCleanup(self._delete_snapshot, snapshot['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_extensions_client.show_snapshot(snapshot['id'])
@decorators.idempotent_id('f4f5635c-416c-11e7-a919-92ebcb67fe33')
@@ -142,7 +142,7 @@
self.snapshots_extensions_client, snapshot['id'],
'available')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_extensions_client.delete_snapshot(snapshot['id'])
self.snapshots_extensions_client.wait_for_resource_deletion(
snapshot['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
index 44f5962..e3fac27 100644
--- a/patrole_tempest_plugin/tests/api/identity/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
@@ -28,11 +28,6 @@
base.BaseIdentityTest):
@classmethod
- def setup_clients(cls):
- super(BaseIdentityRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
-
- @classmethod
def setup_test_endpoint(cls, service=None):
"""Creates a service and an endpoint for test."""
interface = 'public'
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_application_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_application_credentials_rbac.py
index 1d466f3..2d9e311 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_application_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_application_credentials_rbac.py
@@ -56,7 +56,7 @@
service="keystone",
rules=["identity:create_application_credential"])
def test_create_application_credential(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_application_credential()
@decorators.idempotent_id('58b3c3a0-5ad0-44f7-8da7-0736f71f7168')
@@ -64,7 +64,7 @@
service="keystone",
rules=["identity:list_application_credentials"])
def test_list_application_credentials(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.application_credentials_client.list_application_credentials(
user_id=self.user_id)
@@ -74,7 +74,7 @@
rules=["identity:get_application_credential"])
def test_show_application_credential(self):
app_cred = self._create_application_credential()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.application_credentials_client.show_application_credential(
user_id=self.user_id, application_credential_id=app_cred['id'])
@@ -84,6 +84,6 @@
rules=["identity:delete_application_credential"])
def test_delete_application_credential(self):
app_cred = self._create_application_credential()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.application_credentials_client.delete_application_credential(
user_id=self.user_id, application_credential_id=app_cred['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
index a8cc767..3cfc670 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
@@ -34,12 +34,12 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_auth_projects"])
def test_list_auth_projects(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.identity_client.list_auth_projects()
@decorators.idempotent_id('6a40af0d-7265-4657-b6b2-87a2828e263e')
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_auth_domains"])
def test_list_auth_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.identity_client.list_auth_domains()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
index 26e34da..185dc8c 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
@@ -42,7 +42,7 @@
def test_create_credential(self):
project = self.setup_test_project()
user = self.setup_test_user(project_id=project['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_credential(user=user)
@rbac_rule_validation.action(service="keystone",
@@ -53,7 +53,7 @@
new_keys = [data_utils.rand_uuid_hex(),
data_utils.rand_uuid_hex()]
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.creds_client.update_credential(
credential['id'],
credential=credential,
@@ -67,7 +67,7 @@
def test_delete_credential(self):
credential = self._create_user_project_and_credential()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.creds_client.delete_credential(credential['id'])
@rbac_rule_validation.action(service="keystone",
@@ -76,12 +76,12 @@
def test_show_credential(self):
credential = self._create_user_project_and_credential()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.creds_client.show_credential(credential['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_credentials"])
@decorators.idempotent_id('3de303e2-12a7-4811-805a-f18906472038')
def test_list_credentials(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.creds_client.list_credentials()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
index 35154eb..821b942 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
@@ -56,21 +56,21 @@
rules=["identity:create_domain_config"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd115')
def test_create_domain_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_domain_config(self.domain_id)
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd118')
def test_show_domain_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_domain_config(self.domain_id)
@decorators.idempotent_id('1b539f95-4991-4e09-960f-fa771e1007d7')
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config"])
def test_show_domain_group_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_domain_group_config(
self.domain_id, 'identity')
@@ -78,7 +78,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config"])
def test_show_domain_group_option_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_domain_group_option_config(
self.domain_id, 'identity', 'driver')
@@ -89,7 +89,7 @@
def test_show_security_compliance_domain_config(self):
# The "security_compliance" group can only be shown for the default
# domain.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_domain_group_config(
CONF.identity.default_domain_id, 'security_compliance')
@@ -97,21 +97,21 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config_default"])
def test_show_default_config_settings(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_default_config_settings()
@decorators.idempotent_id('63183377-251f-4622-81f0-6b58a8a285c9')
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config_default"])
def test_show_default_group_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_default_group_config('identity')
@decorators.idempotent_id('6440e9c1-e8da-474d-9118-89996fffe5f8')
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_domain_config_default"])
def test_show_default_group_option(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.show_default_group_option('identity',
'driver')
@@ -120,7 +120,7 @@
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd116')
def test_update_domain_config(self):
updated_config = {'ldap': {'url': data_utils.rand_url()}}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.update_domain_config(
self.domain_id, **updated_config)
@@ -128,7 +128,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:update_domain_config"])
def test_update_domain_group_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.update_domain_group_config(
self.domain_id, 'identity', identity=self.identity)
@@ -136,7 +136,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:update_domain_config"])
def test_update_domain_group_option_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.update_domain_group_option_config(
self.domain_id, 'identity', 'driver', driver='ldap')
@@ -144,14 +144,14 @@
rules=["identity:delete_domain_config"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd117')
def test_delete_domain_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.delete_domain_config(self.domain_id)
@decorators.idempotent_id('f479694b-df02-4d5a-88b6-c8b52f9341eb')
@rbac_rule_validation.action(service="keystone",
rules=["identity:delete_domain_config"])
def test_delete_domain_group_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.delete_domain_group_config(
self.domain_id, 'identity')
@@ -159,6 +159,6 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:delete_domain_config"])
def test_delete_domain_group_option_config(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domain_config_client.delete_domain_group_option_config(
self.domain_id, 'identity', 'driver')
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
index ab38876..f97570f 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
@@ -26,7 +26,7 @@
rules=["identity:create_domain"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd110')
def test_create_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_domain()
@rbac_rule_validation.action(service="keystone",
@@ -36,7 +36,7 @@
domain = self.setup_test_domain()
new_domain_name = data_utils.rand_name(
self.__class__.__name__ + '-test_update_domain')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domains_client.update_domain(domain['id'],
domain=domain,
name=new_domain_name)
@@ -50,7 +50,7 @@
self.domains_client.update_domain(domain['id'],
domain=domain,
enabled=False)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domains_client.delete_domain(domain['id'])
@rbac_rule_validation.action(service="keystone",
@@ -58,12 +58,12 @@
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd113')
def test_show_domain(self):
domain = self.setup_test_domain()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domains_client.show_domain(domain['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_domains"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd114')
def test_list_domains(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.domains_client.list_domains()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
index ec5ffa3..5554b73 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
@@ -27,7 +27,7 @@
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd127')
def test_create_endpoint(self):
service = self.setup_test_service()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_endpoint(service=service)
@rbac_rule_validation.action(service="keystone",
@@ -37,7 +37,7 @@
endpoint = self.setup_test_endpoint()
new_url = data_utils.rand_url()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoints_client.update_endpoint(
endpoint["id"],
url=new_url)
@@ -48,7 +48,7 @@
def test_delete_endpoint(self):
endpoint = self.setup_test_endpoint()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoints_client.delete_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
@@ -57,12 +57,12 @@
def test_show_endpoint(self):
endpoint = self.setup_test_endpoint()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoints_client.show_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_endpoints"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd131')
def test_list_endpoints(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoints_client.list_endpoints()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
index be49d84..48a4e58 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
@@ -61,21 +61,21 @@
rules=["identity:create_endpoint_group"])
@decorators.idempotent_id('b4765906-52ec-477b-b441-a8508ced68e3')
def test_create_endpoint_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_endpoint_group(ignore_not_found=True)
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_endpoint_groups"])
@decorators.idempotent_id('089aa3a7-ba1f-4f70-a1cf-f298a845058a')
def test_list_endpoint_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_groups_client.list_endpoint_groups()
@decorators.idempotent_id('5c16368d-1485-4c28-9803-db3fa3510623')
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_endpoint_group"])
def test_check_endpoint_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_groups_client.check_endpoint_group(
self.endpoint_group_id)
@@ -83,7 +83,7 @@
rules=["identity:get_endpoint_group"])
@decorators.idempotent_id('bd2b6fb8-661f-4255-84b2-50fea4a1dc61')
def test_show_endpoint_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_groups_client.show_endpoint_group(
self.endpoint_group_id)
@@ -94,7 +94,7 @@
updated_name = data_utils.rand_name(
self.__class__.__name__ + '-EPFilterGroup')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_groups_client.update_endpoint_group(
self.endpoint_group_id, name=updated_name)
@@ -104,6 +104,6 @@
def test_delete_endpoint_group(self):
endpoint_group_id = self._create_endpoint_group(ignore_not_found=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_groups_client.delete_endpoint_group(
endpoint_group_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
index 17e918d..8385d6d 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
@@ -48,7 +48,7 @@
@decorators.idempotent_id('9199ec13-816d-4efe-b8b1-e1cd026b9747')
def test_add_endpoint_to_project(self):
# Adding endpoints to projects
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._add_endpoint_to_project(ignore_not_found=True)
@rbac_rule_validation.action(
@@ -56,7 +56,7 @@
rules=["identity:list_projects_for_endpoint"])
@decorators.idempotent_id('f53dca42-ec8a-48e9-924b-0bbe6c99727f')
def test_list_projects_for_endpoint(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_filter_client.list_projects_for_endpoint(
self.endpoint['id'])
@@ -66,7 +66,7 @@
@decorators.idempotent_id('0c1425eb-833c-4aa1-a21d-52ffa41fdc6a')
def test_check_endpoint_in_project(self):
self._add_endpoint_to_project()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_filter_client.check_endpoint_in_project(
self.project['id'], self.endpoint['id'])
@@ -75,7 +75,7 @@
rules=["identity:list_endpoints_for_project"])
@decorators.idempotent_id('5d86c659-c6ad-41e0-854e-3823e95c7cc2')
def test_list_endpoints_in_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_filter_client.list_endpoints_in_project(
self.project['id'])
@@ -85,6 +85,6 @@
@decorators.idempotent_id('b4e21c10-4f47-427b-9b8a-f5b5601adfda')
def test_remove_endpoint_from_project(self):
self._add_endpoint_to_project(ignore_not_found=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.endpoint_filter_client.delete_endpoint_from_project(
self.project['id'], self.endpoint['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
index 9814e3b..7fc4a43 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
@@ -33,7 +33,7 @@
rules=["identity:create_group"])
@decorators.idempotent_id('88377f51-9074-4d64-a22f-f8931d048c9a')
def test_create_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_group()
@rbac_rule_validation.action(service="keystone",
@@ -44,7 +44,7 @@
new_group_name = data_utils.rand_name(
self.__class__.__name__ + '-group')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.update_group(group['id'], name=new_group_name)
@rbac_rule_validation.action(service="keystone",
@@ -53,7 +53,7 @@
def test_delete_group(self):
group = self.setup_test_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.delete_group(group['id'])
@rbac_rule_validation.action(service="keystone",
@@ -62,14 +62,14 @@
def test_show_group(self):
group = self.setup_test_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.show_group(group['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_groups"])
@decorators.idempotent_id('c4d0f76b-735f-4fd0-868b-0006bc420ff4')
def test_list_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.list_groups()
@rbac_rule_validation.action(service="keystone",
@@ -79,7 +79,7 @@
group = self.setup_test_group()
user = self.setup_test_user()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.add_group_user(group['id'], user['id'])
@rbac_rule_validation.action(service="keystone",
@@ -88,7 +88,7 @@
def test_remove_user_group(self):
group_id, user_id = self._create_user_and_add_to_new_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.delete_group_user(group_id, user_id)
@rbac_rule_validation.action(service="keystone",
@@ -97,7 +97,7 @@
def test_list_user_group(self):
group = self.setup_test_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.list_group_users(group['id'])
@rbac_rule_validation.action(service="keystone",
@@ -106,5 +106,5 @@
def test_check_user_group(self):
group_id, user_id = self._create_user_and_add_to_new_group()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.check_group_user_existence(group_id, user_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
index ecd534d..aaaddf7 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
@@ -37,7 +37,7 @@
rules=["identity:create_consumer"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d970')
def test_create_consumer(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_consumer()
@rbac_rule_validation.action(service="keystone",
@@ -46,7 +46,7 @@
def test_delete_consumer(self):
consumer = self._create_consumer()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.consumers_client.delete_consumer(consumer['id'])
@rbac_rule_validation.action(service="keystone",
@@ -57,7 +57,7 @@
updated_description = data_utils.rand_name(
self.__class__.__name__ + '-IdentityConsumer')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.consumers_client.update_consumer(consumer['id'],
updated_description)
@@ -67,12 +67,12 @@
def test_show_consumer(self):
consumer = self._create_consumer()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.consumers_client.show_consumer(consumer['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_consumers"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d975')
def test_list_consumers(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.consumers_client.list_consumers()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
index 30b386f..86cb4a8 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
@@ -85,7 +85,7 @@
def test_authorize_request_token(self):
_, request_token = self._create_consumer_and_request_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.authorize_request_token(
request_token['oauth_token'],
self.role_ids)
@@ -96,7 +96,7 @@
def test_get_access_token(self):
access_token = self._create_access_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.get_access_token(self.user_id,
access_token)
@@ -106,7 +106,7 @@
def test_get_access_token_role(self):
access_token = self._create_access_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.get_access_token_role(
self.user_id, access_token, self.role_ids[0])
@@ -114,7 +114,7 @@
rules=["identity:list_access_tokens"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d979')
def test_list_access_tokens(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.list_access_tokens(self.user_id)
@rbac_rule_validation.action(service="keystone",
@@ -123,7 +123,7 @@
def test_list_access_token_roles(self):
access_token = self._create_access_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.list_access_token_roles(
self.user_id, access_token)
@@ -133,6 +133,6 @@
def test_revoke_access_token(self):
access_token = self._create_access_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.oauth_token_client.revoke_access_token(
self.user_id, access_token)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
index b0a3087..8bb405b 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
@@ -26,7 +26,7 @@
rules=["identity:create_policy"])
@decorators.idempotent_id('de2f7ecb-fbf0-41f3-abf4-b97b5e082fd5')
def test_create_policy(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_policy()
@rbac_rule_validation.action(service="keystone",
@@ -37,7 +37,7 @@
updated_policy_type = data_utils.rand_name(
self.__class__.__name__ + '-policy_type')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.update_policy(policy['id'],
type=updated_policy_type)
@@ -47,7 +47,7 @@
def test_delete_policy(self):
policy = self.setup_test_policy()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.delete_policy(policy['id'])
@rbac_rule_validation.action(service="keystone",
@@ -56,12 +56,12 @@
def test_show_policy(self):
policy = self.setup_test_policy()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.show_policy(policy['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_policies"])
@decorators.idempotent_id('35a56161-4054-4237-8a78-7ce805dce202')
def test_list_policies(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.list_policies()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policy_association_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policy_association_rbac.py
index f56b6e4..c35ae81 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policy_association_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policy_association_rbac.py
@@ -61,7 +61,7 @@
rules=["identity:create_policy_association_for_endpoint"])
@decorators.idempotent_id('1b3f4f62-4f4a-4d27-be27-9a113058597f')
def test_update_policy_association_for_endpoint(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_policy_association_for_endpoint(
self.policy_id, self.endpoint_id)
@@ -72,7 +72,7 @@
def test_show_policy_association_for_endpoint(self):
self._update_policy_association_for_endpoint(
self.policy_id, self.endpoint_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.show_policy_association_for_endpoint(
self.policy_id, self.endpoint_id)
@@ -83,7 +83,7 @@
def test_delete_policy_association_for_endpoint(self):
self._update_policy_association_for_endpoint(
self.policy_id, self.endpoint_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.delete_policy_association_for_endpoint(
self.policy_id, self.endpoint_id)
@@ -92,7 +92,7 @@
rules=["identity:create_policy_association_for_service"])
@decorators.idempotent_id('57fb80fe-6ce2-4995-b710-4692b3fc3cdc')
def test_update_policy_association_for_service(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_policy_association_for_service(
self.policy_id, self.service_id)
@@ -103,7 +103,7 @@
def test_show_policy_association_for_service(self):
self._update_policy_association_for_service(
self.policy_id, self.service_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.show_policy_association_for_service(
self.policy_id, self.service_id)
@@ -114,7 +114,7 @@
def test_delete_policy_association_for_service(self):
self._update_policy_association_for_service(
self.policy_id, self.service_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.delete_policy_association_for_service(
self.policy_id, self.service_id)
@@ -123,7 +123,7 @@
rules=["identity:create_policy_association_for_region_and_service"])
@decorators.idempotent_id('54d2a93e-c84d-4079-8ea9-2fb227c262a1')
def test_update_policy_association_for_region_and_service(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_policy_association_for_region_and_service(
self.policy_id, self.service_id, self.region_id)
@@ -134,7 +134,7 @@
def test_show_policy_association_for_region_and_service(self):
self._update_policy_association_for_region_and_service(
self.policy_id, self.service_id, self.region_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client\
.show_policy_association_for_region_and_service(
self.policy_id, self.service_id, self.region_id)
@@ -146,7 +146,7 @@
def test_delete_policy_association_for_region_and_service(self):
self._update_policy_association_for_region_and_service(
self.policy_id, self.service_id, self.region_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.policies_client.\
delete_policy_association_for_region_and_service(
self.policy_id, self.service_id, self.region_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_project_tags_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_project_tags_rbac.py
index debc2e9..ae43b38 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_project_tags_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_project_tags_rbac.py
@@ -45,14 +45,14 @@
rules=["identity:create_project_tag"])
def test_update_project_tag(self):
tag = data_utils.rand_name(self.__class__.__name__ + '-Tag')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.update_project_tag(self.project_id, tag)
@decorators.idempotent_id('e122d7d1-bb6d-43af-b489-afa8c609b9ae')
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_project_tags"])
def test_list_project_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.list_project_tags(self.project_id)
@decorators.idempotent_id('716f9081-4626-4594-a82c-e7dc037464ac')
@@ -63,7 +63,7 @@
data_utils.rand_name(self.__class__.__name__ + '-Tag')
for _ in range(2)
]
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.update_all_project_tags(
self.project_id, tags)
@@ -74,7 +74,7 @@
tag = data_utils.rand_name(self.__class__.__name__ + '-Tag')
self.project_tags_client.update_project_tag(self.project_id, tag)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.check_project_tag_existence(
self.project_id, tag)
@@ -85,12 +85,12 @@
tag = data_utils.rand_name(self.__class__.__name__ + '-Tag')
self.project_tags_client.update_project_tag(self.project_id, tag)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.delete_project_tag(self.project_id, tag)
@decorators.idempotent_id('94d0ef63-e9e3-4287-9c5e-bd5464467d77')
@rbac_rule_validation.action(service="keystone",
rules=["identity:delete_project_tags"])
def test_delete_all_project_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.project_tags_client.delete_all_project_tags(self.project_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
index e1e6f08..af58799 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
@@ -26,7 +26,7 @@
rules=["identity:create_project"])
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d904')
def test_create_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_project()
@rbac_rule_validation.action(service="keystone",
@@ -37,7 +37,7 @@
new_desc = data_utils.rand_name(
self.__class__.__name__ + '-description')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.projects_client.update_project(project['id'],
description=new_desc)
@@ -47,7 +47,7 @@
def test_delete_project(self):
project = self.setup_test_project()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.projects_client.delete_project(project['id'])
@rbac_rule_validation.action(service="keystone",
@@ -56,12 +56,12 @@
def test_show_project(self):
project = self.setup_test_project()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.projects_client.show_project(project['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_projects"])
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d908')
def test_list_projects(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.projects_client.list_projects()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
index 1d81319..5a4de23 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
@@ -26,7 +26,7 @@
rules=["identity:create_region"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd119')
def test_create_region(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_region()
@rbac_rule_validation.action(service="keystone",
@@ -37,7 +37,7 @@
new_description = data_utils.rand_name(
self.__class__.__name__ + '-test_update_region')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.regions_client.update_region(region['id'],
description=new_description)
@@ -47,7 +47,7 @@
def test_delete_region(self):
region = self.setup_test_region()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.regions_client.delete_region(region['id'])
@rbac_rule_validation.action(service="keystone",
@@ -56,12 +56,12 @@
def test_show_region(self):
region = self.setup_test_region()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.regions_client.show_region(region['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_regions"])
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd123')
def test_list_regions(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.regions_client.list_regions()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
index 3eabac8..b0d3dfe 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
@@ -25,7 +25,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_role_assignments"])
def test_list_role_assignments(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.role_assignments_client.list_role_assignments()
@decorators.idempotent_id('36c7a990-857e-415c-8717-38d7200a9894')
@@ -35,7 +35,7 @@
def test_list_role_assignments_for_tree(self):
project = self.setup_test_project()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.role_assignments_client.list_role_assignments(
include_subtree=True,
**{'scope.project.id': project['id']})
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
index 8242194..4f447c0 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
@@ -37,7 +37,7 @@
rules=["identity:create_role"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d904')
def test_create_role(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_role()
@rbac_rule_validation.action(service="keystone",
@@ -47,7 +47,7 @@
new_role_name = data_utils.rand_name(
self.__class__.__name__ + '-test_update_role')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.update_role(self.role['id'],
name=new_role_name)
@@ -57,28 +57,28 @@
def test_delete_role(self):
role = self.setup_test_role()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role(role['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_role"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d907')
def test_show_role(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.show_role(self.role['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_roles"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d908')
def test_list_roles(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_roles()
@rbac_rule_validation.action(service="keystone",
rules=["identity:create_grant"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d909')
def test_create_user_role_on_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.create_user_role_on_project(
self.project['id'],
self.user['id'],
@@ -93,7 +93,7 @@
rules=["identity:create_grant"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90c')
def test_create_group_role_on_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.create_group_role_on_project(
self.project['id'],
self.group['id'],
@@ -108,7 +108,7 @@
rules=["identity:create_grant"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90f')
def test_create_user_role_on_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.create_user_role_on_domain(
self.domain['id'],
self.user['id'],
@@ -123,7 +123,7 @@
rules=["identity:create_grant"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d912')
def test_create_group_role_on_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.create_group_role_on_domain(
self.domain['id'],
self.group['id'],
@@ -148,7 +148,7 @@
self.user['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.check_user_role_existence_on_project(
self.project['id'],
self.user['id'],
@@ -168,7 +168,7 @@
self.user['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.check_user_role_existence_on_domain(
self.domain['id'],
self.user['id'],
@@ -188,7 +188,7 @@
self.group['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.check_role_from_group_on_project_existence(
self.project['id'],
self.group['id'],
@@ -208,7 +208,7 @@
self.group['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.check_role_from_group_on_domain_existence(
self.domain['id'],
self.group['id'],
@@ -228,7 +228,7 @@
self.user['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role_from_user_on_project(
self.project['id'],
self.user['id'],
@@ -248,7 +248,7 @@
self.group['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role_from_group_on_project(
self.project['id'],
self.group['id'],
@@ -268,7 +268,7 @@
self.user['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role_from_user_on_domain(
self.domain['id'],
self.user['id'],
@@ -288,7 +288,7 @@
self.group['id'],
self.role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role_from_group_on_domain(
self.domain['id'],
self.group['id'],
@@ -298,7 +298,7 @@
rules=["identity:list_grants"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90b')
def test_list_user_roles_on_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_user_roles_on_project(
self.project['id'],
self.user['id'])
@@ -307,7 +307,7 @@
rules=["identity:list_grants"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90e')
def test_list_group_roles_on_project(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_group_roles_on_project(
self.project['id'],
self.group['id'])
@@ -316,7 +316,7 @@
rules=["identity:list_grants"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d911')
def test_list_user_roles_on_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_user_roles_on_domain(
self.domain['id'],
self.user['id'])
@@ -325,7 +325,7 @@
rules=["identity:list_grants"])
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d914')
def test_list_group_roles_on_domain(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_group_roles_on_domain(
self.domain['id'],
self.group['id'])
@@ -334,7 +334,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:create_implied_role"])
def test_create_role_inference_rule(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.create_role_inference_rule(
self.role['id'], self.implies_role['id'])
self.addCleanup(self.roles_client.delete_role_inference_rule,
@@ -349,7 +349,7 @@
self.addCleanup(self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.show_role_inference_rule(
self.role['id'], self.implies_role['id'])
@@ -357,7 +357,7 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_implied_roles"])
def test_list_role_inferences_rules(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_role_inferences_rules(self.role['id'])
@decorators.idempotent_id('eca2d502-09bb-45cd-9773-bce2e7bcddd1')
@@ -369,7 +369,7 @@
self.addCleanup(self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.check_role_inference_rule(
self.role['id'], self.implies_role['id'])
@@ -383,7 +383,7 @@
self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.delete_role_inference_rule(
self.role['id'], self.implies_role['id'])
@@ -391,5 +391,5 @@
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_role_inference_rules"])
def test_list_all_role_inference_rules(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.roles_client.list_all_role_inference_rules()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
index 41ba5ba..5427f5f 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
@@ -26,7 +26,7 @@
rules=["identity:create_service"])
@decorators.idempotent_id('9a4bb317-f0bb-4005-8df0-4b672885b7c8')
def test_create_service(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
@@ -36,7 +36,7 @@
service = self.setup_test_service()
new_name = data_utils.rand_name(self.__class__.__name__ + '-service')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.update_service(service['id'],
service=service,
name=new_name,
@@ -48,7 +48,7 @@
def test_delete_service(self):
service = self.setup_test_service()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.delete_service(service['id'])
@rbac_rule_validation.action(service="keystone",
@@ -57,12 +57,12 @@
def test_show_service(self):
service = self.setup_test_service()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.show_service(service['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_services"])
@decorators.idempotent_id('706e6bea-3385-4718-919c-0b5121395806')
def test_list_services(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.list_services()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
index c1c2934..16a7893 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
@@ -52,7 +52,7 @@
# Explicit negative test for identity:validate_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
e = self.assertRaises(lib_exc.Forbidden,
self.identity_client.show_token,
alt_token_id)
@@ -71,7 +71,7 @@
# Explicit negative test for identity:revoke_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
e = self.assertRaises(lib_exc.Forbidden,
self.identity_client.delete_token,
alt_token_id)
@@ -90,7 +90,7 @@
# Explicit negative test for identity:check_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
e = self.assertRaises(lib_exc.Forbidden,
self.identity_client.check_token_existence,
alt_token_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
index a648774..0028a97 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
@@ -37,7 +37,7 @@
})
def test_show_token(self):
token_id = self.setup_test_token(self.user_id, self.password)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.identity_client.show_token(token_id)
@decorators.idempotent_id('42a299db-fe0a-4ea0-9824-0bfd13155886')
@@ -50,7 +50,7 @@
})
def test_delete_token(self):
token_id = self.setup_test_token(self.user_id, self.password)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.identity_client.delete_token(token_id)
@decorators.idempotent_id('3554d218-8cd6-4730-a1b2-0e22f9b78f45')
@@ -63,5 +63,5 @@
})
def test_check_token_exsitence(self):
token_id = self.setup_test_token(self.user_id, self.password)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.identity_client.check_token_existence(token_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
index 985b992..c8db04e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
@@ -70,7 +70,7 @@
"trust.trustor_user_id": "os_primary.credentials.user_id"
})
def test_create_trust(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_trust(trustor_user_id=self.trustor_user_id,
trustee_user_id=self.trustee_user_id)
@@ -85,7 +85,7 @@
def test_create_trust_negative(self):
# Explicit negative test for identity:create_trust policy action.
# Assert expected exception is Forbidden and then reraise it.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
e = self.assertRaises(lib_exc.Forbidden, self.setup_test_trust,
trustor_user_id=self.unauthorized_user_id,
trustee_user_id=self.trustee_user_id)
@@ -99,7 +99,7 @@
trust = self.setup_test_trust(trustor_user_id=self.trustor_user_id,
trustee_user_id=self.trustee_user_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.trusts_client.delete_trust(trust['id'])
@decorators.idempotent_id('f2e32896-bf66-4f4e-89cf-e7fba0ef1f38')
@@ -107,7 +107,7 @@
service="keystone",
rules=["identity:list_trusts"])
def test_list_trusts(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.trusts_client.list_trusts(
trustor_user_id=self.trustor_user_id)
@@ -116,7 +116,7 @@
service="keystone",
rules=["identity:list_roles_for_trust"])
def test_list_roles_for_trust(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.trusts_client.list_trust_roles(self.trust['id'])
@decorators.idempotent_id('3bb4f97b-cecd-4c7d-ad10-b88ee6c5d573')
@@ -124,7 +124,7 @@
service="keystone",
rules=["identity:get_role_for_trust"])
def test_show_trust_role(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.trusts_client.show_trust_role(
self.trust['id'], self.delegated_role_id)
@@ -133,5 +133,5 @@
service="keystone",
rules=["identity:get_trust"])
def test_show_trust(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.trusts_client.show_trust(self.trust['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index c633bb8..9f6f028 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -31,7 +31,7 @@
rules=["identity:create_user"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d904')
def test_create_user(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
@@ -42,7 +42,7 @@
new_email = data_utils.rand_name(
self.__class__.__name__ + '-user_email')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.update_user(user['id'],
name=user['name'],
email=new_email)
@@ -53,33 +53,33 @@
def test_delete_user(self):
user = self.setup_test_user()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.delete_user(user['id'])
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_users"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d907')
def test_list_users(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.list_users()
@rbac_rule_validation.action(service="keystone",
rules=["identity:get_user"])
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d908')
def test_show_own_user(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.show_user(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_groups_for_user"])
@decorators.idempotent_id('bd5946d4-46d2-423d-a800-a3e7aabc18b3')
def test_list_own_user_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.list_user_groups(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rules=["identity:list_user_projects"])
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d909')
def test_list_own_user_projects(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.users_client.list_user_projects(self.default_user_id)
diff --git a/patrole_tempest_plugin/tests/api/image/rbac_base.py b/patrole_tempest_plugin/tests/api/image/rbac_base.py
index becd564..2f7d065 100644
--- a/patrole_tempest_plugin/tests/api/image/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/image/rbac_base.py
@@ -18,8 +18,4 @@
class BaseV2ImageRbacTest(rbac_utils.RbacUtilsMixin,
image_base.BaseV2ImageTest):
-
- @classmethod
- def setup_clients(cls):
- super(BaseV2ImageRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
+ pass
diff --git a/patrole_tempest_plugin/tests/api/image/test_image_namespace_objects_rbac.py b/patrole_tempest_plugin/tests/api/image/test_image_namespace_objects_rbac.py
index 24e5806..ebb848f 100644
--- a/patrole_tempest_plugin/tests/api/image/test_image_namespace_objects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_image_namespace_objects_rbac.py
@@ -36,7 +36,7 @@
# cleanup of namespace
object_name = data_utils.rand_name(
self.__class__.__name__ + '-test-object')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_objects_client.create_namespace_object(
namespace['namespace'],
name=object_name)
@@ -53,7 +53,7 @@
RBAC test for the glance get_metadef_objects policy
"""
namespace = self.create_namespace()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# list md objects
self.namespace_objects_client.list_namespace_objects(
namespace['namespace'])
@@ -78,7 +78,7 @@
# Toggle role and modify object
new_name = "Object New Name"
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_objects_client.update_namespace_object(
namespace['namespace'], object_name, name=new_name)
@@ -100,7 +100,7 @@
self.namespace_objects_client.delete_namespace_object,
namespace['namespace'], object_name)
# Toggle role and get object
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_objects_client.show_namespace_object(
namespace['namespace'],
object_name)
diff --git a/patrole_tempest_plugin/tests/api/image/test_image_namespace_property_rbac.py b/patrole_tempest_plugin/tests/api/image/test_image_namespace_property_rbac.py
index 1059450..cc3ba3b 100644
--- a/patrole_tempest_plugin/tests/api/image/test_image_namespace_property_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_image_namespace_property_rbac.py
@@ -39,7 +39,7 @@
namespace = self.create_namespace()
property_name = data_utils.rand_name(
self.__class__.__name__ + '-test-ns-property')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_properties_client.create_namespace_property(
namespace=namespace['namespace'], type="string",
title=property_name, name=self.resource_name)
@@ -53,7 +53,7 @@
RBAC test for the glance get_metadef_properties policy
"""
namespace = self.create_namespace()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_properties_client.list_namespace_properties(
namespace=namespace['namespace'])
@@ -72,7 +72,7 @@
namespace=namespace['namespace'], type="string",
title=property_name, name=self.resource_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_properties_client.show_namespace_properties(
namespace['namespace'], self.resource_name)
@@ -91,7 +91,7 @@
namespace=namespace['namespace'], type="string",
title=property_name, name=self.resource_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_properties_client.update_namespace_properties(
namespace['namespace'], self.resource_name, type="string",
title=property_name, name=self.resource_name)
diff --git a/patrole_tempest_plugin/tests/api/image/test_image_namespace_rbac.py b/patrole_tempest_plugin/tests/api/image/test_image_namespace_rbac.py
index aade60f..1883d7c 100644
--- a/patrole_tempest_plugin/tests/api/image/test_image_namespace_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_image_namespace_rbac.py
@@ -33,7 +33,7 @@
"""
namespace_name = data_utils.rand_name(
self.__class__.__name__ + '-test-ns')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespaces_client.create_namespace(
namespace=namespace_name,
protected=False)
@@ -50,7 +50,7 @@
RBAC test for the glance get_metadef_namespaces policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespaces_client.list_namespaces()
@rbac_rule_validation.action(service="glance",
@@ -66,7 +66,7 @@
body = self.namespaces_client.create_namespace(
namespace=namespace_name,
protected=False)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespaces_client.update_namespace(
body['namespace'], description="My new description")
self.addCleanup(
diff --git a/patrole_tempest_plugin/tests/api/image/test_image_namespace_tags_rbac.py b/patrole_tempest_plugin/tests/api/image/test_image_namespace_tags_rbac.py
index bc387ee..cc367ee 100644
--- a/patrole_tempest_plugin/tests/api/image/test_image_namespace_tags_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_image_namespace_tags_rbac.py
@@ -69,7 +69,7 @@
@rbac_rule_validation.action(service="glance",
rules=["add_metadef_tag"])
def test_create_namespace_tag(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_namespace_tag()
@decorators.idempotent_id('4acf70cc-05da-4b1e-87b2-d5e4475164e7')
@@ -77,7 +77,7 @@
rules=["get_metadef_tag"])
def test_show_namespace_tag(self):
tag_name = self._create_namespace_tag()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_tags_client.show_namespace_tag(self.namespace,
tag_name)
@@ -89,7 +89,7 @@
updated_tag_name = data_utils.rand_name(
self.__class__.__name__ + '-tag')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_tags_client.update_namespace_tag(
self.namespace, tag_name, name=updated_tag_name)
@@ -97,12 +97,12 @@
@rbac_rule_validation.action(service="glance",
rules=["add_metadef_tags"])
def test_create_namespace_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_namespace_tag(multiple=True)
@decorators.idempotent_id('d37c1501-e787-449d-89b3-754a942a459a')
@rbac_rule_validation.action(service="glance",
rules=["get_metadef_tags"])
def test_list_namespace_tags(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.namespace_tags_client.list_namespace_tags(self.namespace)
diff --git a/patrole_tempest_plugin/tests/api/image/test_image_resource_types_rbac.py b/patrole_tempest_plugin/tests/api/image/test_image_resource_types_rbac.py
index 94f9cd4..b2780c9 100644
--- a/patrole_tempest_plugin/tests/api/image/test_image_resource_types_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_image_resource_types_rbac.py
@@ -43,7 +43,7 @@
RBAC test for the glance list_metadef_resource_type policy.
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.resource_types_client.list_resource_types()
@rbac_rule_validation.action(service="glance",
@@ -54,7 +54,7 @@
RBAC test for the glance get_metadef_resource_type policy.
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.resource_types_client.list_resource_type_association(
self.namespace_name)
@@ -64,6 +64,6 @@
@decorators.idempotent_id('ef9fbc60-3e28-4164-a25c-d30d892f7939')
def test_add_metadef_resource_type(self):
type_name = data_utils.rand_name()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.resource_types_client.create_resource_type_association(
self.namespace_name, name=type_name)
diff --git a/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py b/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
index 656703a..43a5e57 100644
--- a/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
@@ -46,7 +46,7 @@
"""
image_id = self.create_image()['id']
# Toggle role and add image member
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_member_client.create_image_member(
image_id, member=self.alt_tenant_id)
@@ -63,7 +63,7 @@
self.image_member_client.create_image_member(image_id,
member=self.alt_tenant_id)
# Toggle role and delete image member
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_member_client.delete_image_member(image_id,
self.alt_tenant_id)
@@ -83,7 +83,7 @@
member=self.alt_tenant_id)
# Toggle role and get image member
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_member_client.show_image_member(image_id,
self.alt_tenant_id)
@@ -104,7 +104,7 @@
image_id, self.tenant_id,
status='accepted')
# Toggle role and update member
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_member_client.update_image_member(
image_id, self.tenant_id,
status='pending')
@@ -122,5 +122,5 @@
self.image_member_client.create_image_member(image_id,
member=self.alt_tenant_id)
# Toggle role and list image members
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_member_client.list_image_members(image_id)
diff --git a/patrole_tempest_plugin/tests/api/image/test_images_rbac.py b/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
index aa96112..3e8abdb 100644
--- a/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
@@ -50,7 +50,7 @@
RBAC test for the glance create_image endpoint
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_image()
@rbac_rule_validation.action(service="glance",
@@ -64,7 +64,7 @@
"""
image = self._create_image()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._upload_image(image['id'])
@decorators.idempotent_id('f0c268f3-cb51-49aa-9bd5-d30cf647322f')
@@ -79,7 +79,7 @@
image = self._create_image()
self._upload_image(image['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.show_image_file(image['id'])
@rbac_rule_validation.action(service="glance",
@@ -93,7 +93,7 @@
"""
image = self._create_image()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.delete_image(image['id'])
self.image_client.wait_for_resource_deletion(image['id'])
@@ -108,7 +108,7 @@
"""
image = self._create_image()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.show_image(image['id'])
@rbac_rule_validation.action(service="glance",
@@ -120,7 +120,7 @@
RBAC test for the glance list_images endpoint
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.list_images()['images']
@rbac_rule_validation.action(service="glance",
@@ -136,7 +136,7 @@
updated_image_name = data_utils.rand_name(
self.__class__.__name__ + '-image')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.update_image(image['id'], [
dict(replace='/name', value=updated_image_name)])
@@ -151,7 +151,7 @@
"""
image = self._create_image()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.add_image_tag(
image['id'],
data_utils.rand_name(self.__class__.__name__ + '-tag'))
@@ -169,7 +169,7 @@
tag_name = data_utils.rand_name(self.__class__.__name__ + '-tag')
self.image_client.add_image_tag(image['id'], tag_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.delete_image_tag(image['id'], tag_name)
@rbac_rule_validation.action(service="glance",
@@ -181,7 +181,7 @@
RBAC test for the glance publicize_image endpoint
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_image(visibility='public')
@decorators.idempotent_id('0f2d8427-134a-4d3c-a102-5fcdf5443d09')
@@ -193,7 +193,7 @@
RBAC test for the glance communitize_image policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_image(visibility='community')
@rbac_rule_validation.action(service="glance",
@@ -208,7 +208,7 @@
image = self._create_image()
self._upload_image(image['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.deactivate_image(image['id'])
@rbac_rule_validation.action(service="glance",
@@ -223,5 +223,5 @@
image = self._create_image()
self._upload_image(image['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.image_client.reactivate_image(image['id'])
diff --git a/patrole_tempest_plugin/tests/api/network/rbac_base.py b/patrole_tempest_plugin/tests/api/network/rbac_base.py
index 62e95c3..7093b5c 100644
--- a/patrole_tempest_plugin/tests/api/network/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/network/rbac_base.py
@@ -23,11 +23,7 @@
class BaseNetworkRbacTest(rbac_utils.RbacUtilsMixin,
network_base.BaseNetworkTest):
-
- @classmethod
- def setup_clients(cls):
- super(BaseNetworkRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
+ pass
class BaseNetworkExtRbacTest(BaseNetworkRbacTest):
diff --git a/patrole_tempest_plugin/tests/api/network/test_address_scope_rbac.py b/patrole_tempest_plugin/tests/api/network/test_address_scope_rbac.py
index ad0a1d4..9ca52b4 100644
--- a/patrole_tempest_plugin/tests/api/network/test_address_scope_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_address_scope_rbac.py
@@ -58,7 +58,7 @@
RBAC test for the neutron create_address_scope policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_address_scope()
@rbac_rule_validation.action(service="neutron",
@@ -72,7 +72,7 @@
RBAC test for the neutron create_address_scope:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_address_scope(shared=True)
@rbac_rule_validation.action(service="neutron",
@@ -86,7 +86,7 @@
RBAC test for the neutron get_address_scope policy
"""
address_scope = self._create_address_scope()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_address_scope(address_scope['id'])
@rbac_rule_validation.action(service="neutron",
@@ -102,7 +102,7 @@
"""
address_scope = self._create_address_scope()
name = data_utils.rand_name(self.__class__.__name__)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_address_scope(address_scope['id'],
name=name)
@@ -119,7 +119,7 @@
RBAC test for neutron update_address_scope:shared policy
"""
address_scope = self._create_address_scope(shared=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_address_scope(address_scope['id'],
shared=True)
@@ -135,7 +135,7 @@
RBAC test for neutron delete_address_scope policy
"""
address_scope = self._create_address_scope()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_address_scope(address_scope['id'])
@rbac_rule_validation.action(service="neutron",
@@ -148,7 +148,7 @@
the ``get_address_scope`` policy
"""
admin_resource_id = self._create_address_scope()['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_address_scopes(
id=admin_resource_id)["address_scopes"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
index fe5f5a1..99210a4 100644
--- a/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
@@ -46,7 +46,7 @@
RBAC test for the neutron get_agent policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.show_agent(self.agent['id'])
@decorators.idempotent_id('8ca68fdb-eaf6-4880-af82-ba0982949dec')
@@ -61,7 +61,7 @@
original_status = self.agent['admin_state_up']
agent_status = {'admin_state_up': original_status}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.update_agent(agent_id=self.agent['id'],
agent=agent_status)
@@ -74,8 +74,8 @@
the ``get_agent`` policy
"""
admin_resource_id = self.agent['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.agents_client.list_agents(
id=admin_resource_id)["agents"]
@@ -120,7 +120,7 @@
RBAC test for the neutron get_l3-routers policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.list_routers_on_l3_agent(self.agent['id'])
@decorators.idempotent_id('466b2a10-8747-4c09-855a-bd90a1c86ce7')
@@ -131,7 +131,7 @@
RBAC test for the neutron create_l3-router policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.create_router_on_l3_agent(
self.agent['id'], router_id=self.router['id'])
self.addCleanup(
@@ -154,7 +154,7 @@
self.agents_client.delete_router_from_l3_agent,
self.agent['id'], router_id=self.router['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.delete_router_from_l3_agent(
self.agent['id'], router_id=self.router['id'])
@@ -213,7 +213,7 @@
RBAC test for the neutron get_dhcp-networks policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.list_networks_hosted_by_one_dhcp_agent(
self.agent['id'])
@@ -228,7 +228,7 @@
network_id = self._create_and_prepare_network_for_agent(
self.agent['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.add_dhcp_agent_to_network(
self.agent['id'], network_id=network_id)
# Clean up is not necessary and might result in 409 being raised.
@@ -247,7 +247,7 @@
self.agent['id'], network_id=network_id)
# Clean up is not necessary and might result in 409 being raised.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.agents_client.delete_network_from_dhcp_agent(
self.agent['id'], network_id=network_id)
@@ -275,7 +275,7 @@
RBAC test for the neutron get_l3-agents policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# NOTE: It is not empty list since it's a special case where
# policy.enforce is called from the controller.
self.ntp_client.list_l3_agents_hosting_router(self.router['id'])
diff --git a/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py b/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py
index 4001255..ed6a3f5 100644
--- a/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py
@@ -39,7 +39,7 @@
RBAC test for the neutron "get_auto_allocated_topology" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.get_auto_allocated_topology(
tenant_id=self.os_primary.credentials.tenant_id)
@@ -73,6 +73,6 @@
self._ensure_network_not_in_use(net_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_auto_allocated_topology(
tenant_id=self.os_primary.credentials.tenant_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_availability_zones_rbac.py b/patrole_tempest_plugin/tests/api/network/test_availability_zones_rbac.py
index b1c806b..b5331e3 100644
--- a/patrole_tempest_plugin/tests/api/network/test_availability_zones_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_availability_zones_rbac.py
@@ -42,7 +42,7 @@
"""
admin_resources = (self.ntp_client.list_availability_zones()
["availability_zones"])
- with self.rbac_utils.override_role_and_validate_list(
- self, admin_resources=admin_resources) as ctx:
+ with self.override_role_and_validate_list(
+ admin_resources=admin_resources) as ctx:
ctx.resources = (self.ntp_client.list_availability_zones()
['availability_zones'])
diff --git a/patrole_tempest_plugin/tests/api/network/test_dscp_marking_rule_rbac.py b/patrole_tempest_plugin/tests/api/network/test_dscp_marking_rule_rbac.py
index bdc2a7c..e67981f 100644
--- a/patrole_tempest_plugin/tests/api/network/test_dscp_marking_rule_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_dscp_marking_rule_rbac.py
@@ -57,7 +57,7 @@
RBAC test for the neutron "create_policy_dscp_marking_rule" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_policy_dscp_marking_rule()
@decorators.idempotent_id('3D68F50E-B948-4B25-8A72-F6F4890BBC6F')
@@ -71,7 +71,7 @@
"""
rule_id = self.create_policy_dscp_marking_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_dscp_marking_rule(self.policy_id, rule_id)
@decorators.idempotent_id('33830794-8731-45C3-BC97-17718555DD7C')
@@ -86,7 +86,7 @@
"""
rule_id = self.create_policy_dscp_marking_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_dscp_marking_rule(
self.policy_id, rule_id, dscp_mark=16)
@@ -102,7 +102,7 @@
"""
rule_id = self.create_policy_dscp_marking_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_dscp_marking_rule(self.policy_id, rule_id)
@decorators.idempotent_id('c012fd4f-3a3e-4af4-9075-dd3e170daecd')
@@ -115,7 +115,7 @@
the ``get_policy_dscp_marking_rule`` policy
"""
admin_resource_id = self.create_policy_dscp_marking_rule()
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_dscp_marking_rules(
policy_id=self.policy_id)["dscp_marking_rules"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py b/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py
index db0b8f1..0ada6ac 100644
--- a/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py
@@ -57,7 +57,7 @@
RBAC test for the neutron "create_flavor_service_profile" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_flavor_service_profile(self.flavor_id,
self.service_profile_id)
@@ -72,6 +72,6 @@
self.create_flavor_service_profile(self.flavor_id,
self.service_profile_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_flavor_service_profile(
self.flavor_id, self.service_profile_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py
index 3b9a11f..67e0d1e 100644
--- a/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py
@@ -39,7 +39,7 @@
RBAC test for the neutron "create_flavor" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
flavor = self.ntp_client.create_flavor(
service_type=self.service_type)
@@ -63,7 +63,7 @@
self.ntp_client.delete_flavor, flavor["flavor"]["id"])
name = data_utils.rand_name(self.__class__.__name__ + '-Flavor')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_flavor(flavor["flavor"]["id"], name=name)
@decorators.idempotent_id('1de15f9e-5080-4259-ab41-e230bb312de8')
@@ -81,7 +81,7 @@
test_utils.call_and_ignore_notfound_exc,
self.ntp_client.delete_flavor, flavor["flavor"]["id"])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_flavor(flavor["flavor"]["id"])
@decorators.idempotent_id('c2baf35f-e6c1-4833-9114-aadd9b1f6aaa')
@@ -98,7 +98,7 @@
test_utils.call_and_ignore_notfound_exc,
self.ntp_client.delete_flavor, flavor["flavor"]["id"])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_flavor(flavor["flavor"]["id"])
@decorators.idempotent_id('ab10bd5d-987e-4255-966f-947670ffd0fa')
@@ -114,7 +114,7 @@
test_utils.call_and_ignore_notfound_exc,
self.ntp_client.delete_flavor, flavor["flavor"]["id"])
- with self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=flavor["flavor"]["id"]
+ with self.override_role_and_validate_list(
+ admin_resource_id=flavor["flavor"]["id"]
) as ctx:
ctx.resources = self.ntp_client.list_flavors()['flavors']
diff --git a/patrole_tempest_plugin/tests/api/network/test_floating_ips_rbac.py b/patrole_tempest_plugin/tests/api/network/test_floating_ips_rbac.py
index 89772d9..b580cb0 100644
--- a/patrole_tempest_plugin/tests/api/network/test_floating_ips_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_floating_ips_rbac.py
@@ -70,7 +70,7 @@
RBAC test for the neutron create_floatingip policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_floatingip()
@rbac_rule_validation.action(
@@ -85,7 +85,7 @@
"""
fip = str(netaddr.IPAddress(self.cidr) + 10)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_floatingip(floating_ip_address=fip)
@rbac_rule_validation.action(service="neutron",
@@ -98,7 +98,7 @@
RBAC test for the neutron update_floatingip policy
"""
floating_ip = self._create_floatingip()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Associate floating IP to the other port
self.floating_ips_client.update_floatingip(
floating_ip['id'], port_id=None)
@@ -113,7 +113,7 @@
RBAC test for the neutron get_floatingip policy
"""
floating_ip = self._create_floatingip()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Show floating IP
self.floating_ips_client.show_floatingip(floating_ip['id'])
@@ -127,7 +127,7 @@
RBAC test for the neutron delete_floatingip policy
"""
floating_ip = self._create_floatingip()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Delete the floating IP
self.floating_ips_client.delete_floatingip(floating_ip['id'])
@@ -140,7 +140,7 @@
the ``get_floatingip`` policy
"""
admin_resource_id = self._create_floatingip()['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.floating_ips_client.list_floatingips(
id=admin_resource_id)["floatingips"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
index 6673201..c0d226d 100644
--- a/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_label_rules_rbac.py
@@ -70,7 +70,7 @@
RBAC test for the neutron create_metering_label_rule policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_metering_label_rule(self.label)
@rbac_rule_validation.action(service="neutron",
@@ -83,7 +83,7 @@
RBAC test for the neutron get_metering_label_rule policy
"""
label_rule = self._create_metering_label_rule(self.label)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.metering_label_rules_client.show_metering_label_rule(
label_rule['id'])
@@ -98,7 +98,7 @@
RBAC test for the neutron delete_metering_label_rule policy
"""
label_rule = self._create_metering_label_rule(self.label)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.metering_label_rules_client.delete_metering_label_rule(
label_rule['id'])
@@ -112,8 +112,8 @@
the ``get_metering_label_rule`` policy
"""
admin_resource_id = self._create_metering_label_rule(self.label)['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = (
self.metering_label_rules_client.
list_metering_label_rules(id=admin_resource_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
index bac55d1..63c4744 100644
--- a/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_metering_labels_rbac.py
@@ -54,7 +54,7 @@
RBAC test for the neutron "create_metering_label" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_metering_label()
@rbac_rule_validation.action(service="neutron",
@@ -67,7 +67,7 @@
RBAC test for the neutron "get_metering_label" policy
"""
label = self._create_metering_label()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.metering_labels_client.show_metering_label(label['id'])
@rbac_rule_validation.action(service="neutron",
@@ -81,7 +81,7 @@
RBAC test for the neutron "delete_metering_label" policy
"""
label = self._create_metering_label()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.metering_labels_client.delete_metering_label(label['id'])
@rbac_rule_validation.action(service="neutron",
@@ -94,8 +94,8 @@
the ``get_metering_label`` policy
"""
admin_resource_id = self._create_metering_label()['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = (
self.metering_labels_client.
list_metering_labels(id=admin_resource_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_network_ip_availability_rbac.py b/patrole_tempest_plugin/tests/api/network/test_network_ip_availability_rbac.py
index 30e5de1..3e33df6 100644
--- a/patrole_tempest_plugin/tests/api/network/test_network_ip_availability_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_network_ip_availability_rbac.py
@@ -44,7 +44,7 @@
self.__class__.__name__ + '-Network')
network = self.create_network(network_name=network_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_network_ip_availability(network['id'])
@rbac_rule_validation.action(service="neutron",
@@ -58,7 +58,7 @@
"""
admin_resources = (self.ntp_client.list_network_ip_availabilities()
["network_ip_availabilities"])
- with self.rbac_utils.override_role_and_validate_list(
- self, admin_resources=admin_resources) as ctx:
+ with self.override_role_and_validate_list(
+ admin_resources=admin_resources) as ctx:
ctx.resources = (self.ntp_client.list_network_ip_availabilities()
["network_ip_availabilities"])
diff --git a/patrole_tempest_plugin/tests/api/network/test_network_segments_rbac.py b/patrole_tempest_plugin/tests/api/network/test_network_segments_rbac.py
index b449970..aa752ea 100644
--- a/patrole_tempest_plugin/tests/api/network/test_network_segments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_network_segments_rbac.py
@@ -74,7 +74,7 @@
RBAC test for the neutron create_network:segments policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network_segments()
@rbac_rule_validation.action(service="neutron",
@@ -90,7 +90,7 @@
network = self._create_network_segments()
new_segments = [{'provider:network_type': self.network_type}]
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.networks_client.update_network(network['id'],
segments=new_segments)
@@ -106,7 +106,7 @@
"""
network = self._create_network_segments()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.networks_client.show_network(network['id'],
fields='segments')
response_network = body['network']
diff --git a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
index d98febd..9c715b5 100644
--- a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
@@ -105,7 +105,7 @@
RBAC test for the neutron create_network policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network()
@rbac_rule_validation.action(service="neutron",
@@ -119,7 +119,7 @@
RBAC test for the neutron create_network:is_default policy
"""
try:
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(is_default=True)
except lib_exc.Conflict as exc:
# A default network might already exist
@@ -136,7 +136,7 @@
RBAC test for the neutron create_network:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(shared=True)
@utils.requires_ext(extension='external-net', service='network')
@@ -150,7 +150,7 @@
RBAC test for the neutron create_network:router:external policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(router_external=True)
@utils.requires_ext(extension='provider', service='network')
@@ -166,7 +166,7 @@
RBAC test for neutron create_network:provider:physical_network policy
"""
try:
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(provider_physical_network='provider',
provider_network_type='flat')
except lib_exc.BadRequest as exc:
@@ -188,7 +188,7 @@
RBAC test for the neutron create_network:provider:network_type policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(provider_network_type='vxlan')
@utils.requires_ext(extension='provider', service='network')
@@ -203,7 +203,7 @@
RBAC test for the neutron create_network:provider:segmentation_id
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(provider_network_type='vxlan',
provider_segmentation_id=200)
@@ -220,7 +220,7 @@
updated_name = data_utils.rand_name(
self.__class__.__name__ + '-Network')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(name=updated_name)
@rbac_rule_validation.action(service="neutron",
@@ -235,7 +235,7 @@
RBAC test for the neutron update_network:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(shared_network=True)
self.addCleanup(self._update_network, shared_network=False)
@@ -253,7 +253,7 @@
RBAC test for the neutron update_network:router:external policy
"""
network = self._create_network()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(net_id=network['id'], router_external=True)
@utils.requires_ext(extension='provider', service='network')
@@ -271,7 +271,7 @@
RBAC test for neutron update_network:provider:network_type policy
"""
try:
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(self.network['id'],
provider_network_type='vxlan')
except lib_exc.BadRequest as exc:
@@ -296,7 +296,7 @@
RBAC test for neutron update_network:provider:physical_network policy
"""
try:
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(self.network['id'],
provider_physical_network='provider')
except lib_exc.BadRequest as exc:
@@ -321,7 +321,7 @@
RBAC test for neutron update_network:provider:segmentation_id policy
"""
try:
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(self.network['id'],
provider_segmentation_id=400)
except lib_exc.BadRequest as exc:
@@ -341,7 +341,7 @@
RBAC test for the neutron get_network policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.networks_client.show_network(self.network['id'])
@utils.requires_ext(extension='external-net', service='network')
@@ -358,7 +358,7 @@
"""
kwargs = {'fields': 'router:external'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_network = self.networks_client.show_network(
self.network['id'], **kwargs)['network']
@@ -379,7 +379,7 @@
"""
kwargs = {'fields': 'provider:network_type'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_network = self.networks_client.show_network(
self.network['id'], **kwargs)['network']
@@ -401,7 +401,7 @@
"""
kwargs = {'fields': 'provider:physical_network'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_network = self.networks_client.show_network(
self.network['id'], **kwargs)['network']
@@ -423,7 +423,7 @@
"""
kwargs = {'fields': 'provider:segmentation_id'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_network = self.networks_client.show_network(
self.network['id'], **kwargs)['network']
@@ -441,7 +441,7 @@
RBAC test for the neutron delete_network policy
"""
network = self._create_network()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.networks_client.delete_network(network['id'])
@utils.requires_ext(extension='dhcp_agent_scheduler', service='network')
@@ -454,7 +454,7 @@
RBAC test for the neutron "get_dhcp-agents" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.networks_client.list_dhcp_agents_on_hosting_network(
self.network['id'])
@@ -468,7 +468,7 @@
"""
admin_resource_id = self.network['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.networks_client.list_networks(
id=admin_resource_id)["networks"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_policy_bandwidth_limit_rule_rbac.py b/patrole_tempest_plugin/tests/api/network/test_policy_bandwidth_limit_rule_rbac.py
index ab881a7..209b011 100644
--- a/patrole_tempest_plugin/tests/api/network/test_policy_bandwidth_limit_rule_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_policy_bandwidth_limit_rule_rbac.py
@@ -59,7 +59,7 @@
RBAC test for the neutron "create_policy_bandwidth_limit_rule" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_bandwidth_limit_rule()
@decorators.idempotent_id('A092BD50-364F-4F55-B81A-37DAD6E77B95')
@@ -73,7 +73,7 @@
"""
rule_id = self._create_bandwidth_limit_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_bandwidth_limit_rule(self.policy_id, rule_id)
@decorators.idempotent_id('CAA27599-082B-44B9-AF09-8C9B8E777ED7')
@@ -88,7 +88,7 @@
"""
rule_id = self._create_bandwidth_limit_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_bandwidth_limit_rule(
self.policy_id, rule_id, max_kbps=2000)
@@ -104,6 +104,6 @@
"""
rule_id = self._create_bandwidth_limit_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_bandwidth_limit_rule(self.policy_id,
rule_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_policy_minimum_bandwidth_rule_rbac.py b/patrole_tempest_plugin/tests/api/network/test_policy_minimum_bandwidth_rule_rbac.py
index 6d108af..954be71 100644
--- a/patrole_tempest_plugin/tests/api/network/test_policy_minimum_bandwidth_rule_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_policy_minimum_bandwidth_rule_rbac.py
@@ -59,7 +59,7 @@
RBAC test for the neutron "create_policy_minimum_bandwidth_rule" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_minimum_bandwidth_rule()
@decorators.idempotent_id('01DD902C-47C5-45D2-9A0E-7AF05981DF21')
@@ -73,7 +73,7 @@
"""
rule_id = self.create_minimum_bandwidth_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_minimum_bandwidth_rule(
self.policy_id, rule_id)
@@ -90,7 +90,7 @@
"""
rule_id = self.create_minimum_bandwidth_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_minimum_bandwidth_rule(
self.policy_id, rule_id, min_kbps=2000)
@@ -107,6 +107,6 @@
"""
rule_id = self.create_minimum_bandwidth_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_minimum_bandwidth_rule(
self.policy_id, rule_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_ports_rbac.py b/patrole_tempest_plugin/tests/api/network/test_ports_rbac.py
index a5e4be6..d699e12 100644
--- a/patrole_tempest_plugin/tests/api/network/test_ports_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_ports_rbac.py
@@ -63,7 +63,7 @@
@decorators.idempotent_id('0ec8c551-625c-4864-8a52-85baa7c40f22')
def test_create_port(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(self.network)
@decorators.idempotent_id('045ee797-4962-4913-b96a-5d7ea04099e7')
@@ -71,7 +71,7 @@
rules=["create_port",
"create_port:device_owner"])
def test_create_port_device_owner(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(self.network,
device_owner='network:router_interface')
@@ -80,7 +80,7 @@
rules=["create_port",
"create_port:port_security_enabled"])
def test_create_port_security_enabled(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(self.network, port_security_enabled=True)
@utils.requires_ext(extension='binding', service='network')
@@ -93,7 +93,7 @@
post_body = {'network': self.network,
'binding:host_id': "rbac_test_host"}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(**post_body)
@utils.requires_ext(extension='binding', service='network')
@@ -108,7 +108,7 @@
post_body = {'network': self.network,
'binding:profile': binding_profile}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(**post_body)
@testtools.skipUnless(
@@ -127,7 +127,7 @@
post_body = {'network': self.network,
'fixed_ips': fixed_ips}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(**post_body)
@rbac_rule_validation.action(service="neutron",
@@ -139,7 +139,7 @@
post_body = {'network': self.network,
'mac_address': data_utils.rand_mac_address()}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(**post_body)
@rbac_rule_validation.action(service="neutron",
@@ -155,7 +155,7 @@
post_body = {'network': self.network,
'allowed_address_pairs': allowed_address_pairs}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_port(**post_body)
@rbac_rule_validation.action(service="neutron",
@@ -163,7 +163,7 @@
expected_error_codes=[404])
@decorators.idempotent_id('a9d41cb8-78a2-4b97-985c-44e4064416f4')
def test_show_port(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.show_port(self.port['id'])
@utils.requires_ext(extension='binding', service='network')
@@ -177,7 +177,7 @@
# Verify specific fields of a port
fields = ['binding:vif_type']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
self.port['id'], fields=fields)['port']
@@ -197,7 +197,7 @@
# Verify specific fields of a port
fields = ['binding:vif_details']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
self.port['id'], fields=fields)['port']
@@ -220,7 +220,7 @@
'binding:host_id': data_utils.rand_name('host-id')}
port = self.create_port(**post_body)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
port['id'], fields=fields)['port']
@@ -244,7 +244,7 @@
'binding:profile': binding_profile}
port = self.create_port(**post_body)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
port['id'], fields=fields)['port']
@@ -258,7 +258,7 @@
expected_error_codes=[404, 403])
@decorators.idempotent_id('afa80981-3c59-42fd-9531-3bcb2cd03711')
def test_update_port(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(self.port['id'],
admin_state_up=False)
self.addCleanup(self.ports_client.update_port, self.port['id'],
@@ -272,7 +272,7 @@
def test_update_port_device_owner(self):
original_device_owner = self.port['device_owner']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(
self.port['id'], device_owner='network:router_interface')
self.addCleanup(self.ports_client.update_port, self.port['id'],
@@ -286,7 +286,7 @@
def test_update_port_mac_address(self):
original_mac_address = self.port['mac_address']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(
self.port['id'], mac_address=data_utils.rand_mac_address())
self.addCleanup(self.ports_client.update_port, self.port['id'],
@@ -309,7 +309,7 @@
ip_list = self._get_unused_ip_address()
fixed_ips = [{'ip_address': ip_list[0]}]
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(port['id'], fixed_ips=fixed_ips)
@rbac_rule_validation.action(service="neutron",
@@ -318,7 +318,7 @@
expected_error_codes=[404, 403, 403])
@decorators.idempotent_id('795541af-6652-4e35-9581-fd58224f7545')
def test_update_port_security_enabled(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(self.port['id'],
port_security_enabled=True)
@@ -337,7 +337,7 @@
updated_body = {'port_id': port['id'],
'binding:host_id': 'rbac_test_host_updated'}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(**updated_body)
@utils.requires_ext(extension='binding', service='network')
@@ -358,7 +358,7 @@
updated_body = {'port_id': port['id'],
'binding:profile': new_binding_profile}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(**updated_body)
@rbac_rule_validation.action(service="neutron",
@@ -375,7 +375,7 @@
post_body = {'network': self.network}
port = self.create_port(**post_body)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.update_port(port['id'],
allowed_address_pairs=address_pairs)
@@ -386,7 +386,7 @@
def test_delete_port(self):
port = self.create_port(self.network)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ports_client.delete_port(port['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_port"])
@@ -398,7 +398,7 @@
the ``get_port`` policy
"""
admin_resource_id = self.port['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ports_client.list_ports(
id=admin_resource_id)["ports"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_qos_rbac.py b/patrole_tempest_plugin/tests/api/network/test_qos_rbac.py
index 95a1456..2951e53 100644
--- a/patrole_tempest_plugin/tests/api/network/test_qos_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_qos_rbac.py
@@ -53,7 +53,7 @@
RBAC test for the neutron create_policy policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_policy()
@rbac_rule_validation.action(service="neutron",
@@ -67,7 +67,7 @@
RBAC test for the neutron get_policy policy
"""
policy = self.create_policy()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_qos_policy(policy['id'])
@rbac_rule_validation.action(service="neutron",
@@ -81,7 +81,7 @@
RBAC test for the neutron update_policy policy
"""
policy = self.create_policy()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_qos_policy(policy['id'],
description='updated')
@@ -96,7 +96,7 @@
RBAC test for the neutron delete_policy policy
"""
policy = self.create_policy()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_qos_policy(policy['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_policy"])
@@ -108,7 +108,7 @@
the ``get_policy``
"""
admin_resource_id = self.create_policy()['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_qos_policies(
id=admin_resource_id)["policies"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_rbac_policies_rbac.py b/patrole_tempest_plugin/tests/api/network/test_rbac_policies_rbac.py
index 599cab7..c2bc970 100644
--- a/patrole_tempest_plugin/tests/api/network/test_rbac_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_rbac_policies_rbac.py
@@ -56,7 +56,7 @@
Neutron's custom FieldCheck oslo.policy rule.
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_rbac_policy(self.tenant_id, self.network_id)
@decorators.idempotent_id('f5d836d8-3b64-412d-a283-ee29761017f3')
@@ -77,7 +77,7 @@
"""
policy_id = self.create_rbac_policy(self.tenant_id, self.network_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_rbac_policy(
policy_id, target_tenant=self.tenant_id)
@@ -92,7 +92,7 @@
"""
policy_id = self.create_rbac_policy(self.tenant_id, self.network_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_rbac_policy(policy_id)
@decorators.idempotent_id('54aa9bce-efea-47fb-b0e4-12012f82f285')
@@ -107,7 +107,7 @@
"""
policy_id = self.create_rbac_policy(self.tenant_id, self.network_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_rbac_policy(policy_id)
@decorators.idempotent_id('5337d95a-2e75-47bb-a0ea-0a082be930bf')
@@ -120,7 +120,7 @@
"""
admin_resource_id = self.create_rbac_policy(self.tenant_id,
self.network_id)
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_rbac_policies(
id=admin_resource_id)["rbac_policies"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py b/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
index e253b1e..42318e9 100644
--- a/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
@@ -63,7 +63,7 @@
RBAC test for the neutron create_router policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
router = self.routers_client.create_router()
self.addCleanup(self.routers_client.delete_router,
router['router']['id'])
@@ -78,7 +78,7 @@
RBAC test for the neutron create_router:ha policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
router = self.routers_client.create_router(ha=True)
self.addCleanup(self.routers_client.delete_router,
router['router']['id'])
@@ -93,7 +93,7 @@
RBAC test for the neutron create_router:distributed policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
router = self.routers_client.create_router(distributed=True)
self.addCleanup(self.routers_client.delete_router,
router['router']['id'])
@@ -114,7 +114,7 @@
external_gateway_info = {'network_id': self.network['id'],
'enable_snat': True}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
router = self.routers_client.create_router(
name=name, external_gateway_info=external_gateway_info)
self.addCleanup(self.routers_client.delete_router,
@@ -140,7 +140,7 @@
'enable_snat': False, # Default is True.
'external_fixed_ips': [external_fixed_ips]}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
router = self.routers_client.create_router(
name=name, external_gateway_info=external_gateway_info)
self.addCleanup(self.routers_client.delete_router,
@@ -156,7 +156,7 @@
RBAC test for the neutron get_router policy
"""
# Prevent other policies from being enforced by using barebones fields.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.show_router(self.router['id'], fields=['id'])
@decorators.idempotent_id('3ed26ea2-b419-410c-b4b5-576c1edafa06')
@@ -173,7 +173,7 @@
router = self.routers_client.create_router(distributed=True)['router']
self.addCleanup(self.routers_client.delete_router, router['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_fields = self.routers_client.show_router(
router['id'], fields=['distributed'])['router']
@@ -195,7 +195,7 @@
router = self.routers_client.create_router(ha=True)['router']
self.addCleanup(self.routers_client.delete_router, router['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_fields = self.routers_client.show_router(
router['id'], fields=['ha'])['router']
@@ -215,7 +215,7 @@
"""
new_name = data_utils.rand_name(
self.__class__.__name__ + '-new-router-name')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(self.router['id'], name=new_name)
@rbac_rule_validation.action(service="neutron",
@@ -229,7 +229,7 @@
RBAC test for the neutron
update_router:external_gateway_info policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(self.router['id'],
external_gateway_info={})
@@ -246,7 +246,7 @@
RBAC test for the neutron
update_router:external_gateway_info:network_id policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(
self.router['id'],
external_gateway_info={'network_id': self.network['id']})
@@ -269,7 +269,7 @@
RBAC test for the neutron
update_router:external_gateway_info:enable_snat policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(
self.router['id'],
external_gateway_info={'network_id': self.network['id'],
@@ -298,7 +298,7 @@
external_gateway_info = {'network_id': self.network['id'],
'external_fixed_ips': [external_fixed_ips]}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(
self.router['id'],
external_gateway_info=external_gateway_info)
@@ -318,7 +318,7 @@
RBAC test for the neutron update_router:ha policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(self.router['id'], ha=True)
self.addCleanup(self.routers_client.update_router, self.router['id'],
ha=False)
@@ -334,7 +334,7 @@
RBAC test for the neutron update_router:distributed policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.update_router(self.router['id'],
distributed=True)
self.addCleanup(self.routers_client.update_router, self.router['id'],
@@ -350,7 +350,7 @@
RBAC test for the neutron delete_router policy
"""
router = self.create_router()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.delete_router(router['id'])
@rbac_rule_validation.action(service="neutron",
@@ -366,7 +366,7 @@
subnet = self.create_subnet(network)
router = self.create_router()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.add_router_interface(
router['id'], subnet_id=subnet['id'])
self.addCleanup(
@@ -397,7 +397,7 @@
router['id'],
subnet_id=subnet['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.routers_client.remove_router_interface(
router['id'],
subnet_id=subnet['id'])
@@ -412,7 +412,7 @@
"""
admin_resource_id = self.router['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.routers_client.list_routers(
id=admin_resource_id)["routers"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
index 750ba3d..3460880 100644
--- a/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
@@ -74,7 +74,7 @@
@decorators.idempotent_id('db7003ce-5717-4e5b-afc7-befa35e8c67f')
def test_create_security_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_security_group()
@rbac_rule_validation.action(service="neutron",
@@ -83,7 +83,7 @@
@decorators.idempotent_id('56335e77-aef2-4b54-86c7-7f772034b585')
def test_show_security_group(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.show_security_group(
self.secgroup['id'])
@@ -97,7 +97,7 @@
# Create a security group
secgroup_id = self._create_security_group()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.delete_security_group(secgroup_id)
@rbac_rule_validation.action(service="neutron",
@@ -110,7 +110,7 @@
# Create a security group
secgroup_id = self._create_security_group()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_groups_client.update_security_group(
secgroup_id,
description="test description")
@@ -125,8 +125,8 @@
the ``get_security_group`` policy
"""
admin_resource_id = self.secgroup['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.security_groups_client.list_security_groups(
id=admin_resource_id)["security_groups"]
@@ -135,7 +135,7 @@
@decorators.idempotent_id('953d78df-00cd-416f-9cbd-b7cb4ea65772')
def test_create_security_group_rule(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_security_group_rule()
@rbac_rule_validation.action(service="neutron",
@@ -146,7 +146,7 @@
def test_delete_security_group_rule(self):
sec_group_rule = self._create_security_group_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_group_rules_client.delete_security_group_rule(
sec_group_rule['id'])
@@ -157,7 +157,7 @@
def test_show_security_group_rule(self):
sec_group_rule = self._create_security_group_rule()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.security_group_rules_client.show_security_group_rule(
sec_group_rule['id'])
@@ -166,7 +166,7 @@
@decorators.idempotent_id('05739ab6-fa35-11e6-bc64-92361f002671')
def test_list_security_group_rules(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
security_rules = self.security_group_rules_client.\
list_security_group_rules()
diff --git a/patrole_tempest_plugin/tests/api/network/test_segments_rbac.py b/patrole_tempest_plugin/tests/api/network/test_segments_rbac.py
index a85b4d5..8b0061d 100644
--- a/patrole_tempest_plugin/tests/api/network/test_segments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_segments_rbac.py
@@ -73,7 +73,7 @@
RBAC test for the neutron "create_segment" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_segment(self.network)
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08127')
@@ -87,7 +87,7 @@
"""
segment = self.create_segment(self.network)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_segment(segment['segment']['id'])
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08128')
@@ -102,7 +102,7 @@
"""
segment = self.create_segment(self.network)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_segment(segment['segment']['id'],
name="NewName")
@@ -118,7 +118,7 @@
"""
segment = self.create_segment(self.network)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_segment(segment['segment']['id'])
@decorators.idempotent_id('d68a0578-36ae-435e-8aaa-508ee96bdfae')
@@ -130,7 +130,7 @@
the``get_segment`` policy
"""
admin_resource_id = self.create_segment(self.network)['segment']['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_segments(
id=admin_resource_id)["segments"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py b/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py
index 9e82835..fbb4230 100644
--- a/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py
@@ -28,7 +28,7 @@
RBAC test for the neutron "create_service_profile" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_service_profile()
@decorators.idempotent_id('e4c473b7-3ae9-4a2e-8cac-848f7b01187d')
@@ -41,7 +41,7 @@
RBAC test for the neutron "get_service_profile" policy
"""
profile_id = self.create_service_profile()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_service_profile(profile_id)
@decorators.idempotent_id('a3dd719d-4cd3-40cc-b4f1-5642e2717adf')
@@ -55,7 +55,7 @@
RBAC test for the neutron "update_service_profile" policy
"""
profile_id = self.create_service_profile()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.update_service_profile(profile_id, enabled=False)
@decorators.idempotent_id('926b60c2-04fe-4339-aa44-bf27121392e8')
@@ -69,5 +69,5 @@
RBAC test for the neutron "delete_service_profile" policy
"""
profile_id = self.create_service_profile()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_service_profile(profile_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_service_providers_rbac.py b/patrole_tempest_plugin/tests/api/network/test_service_providers_rbac.py
index 561a72c..41725d5 100644
--- a/patrole_tempest_plugin/tests/api/network/test_service_providers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_service_providers_rbac.py
@@ -25,5 +25,5 @@
rules=["get_service_provider"])
@decorators.idempotent_id('15f573b7-474a-4b37-8629-7fac86553ce5')
def test_list_service_providers(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.service_providers_client.list_service_providers()
diff --git a/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py b/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py
index 3daeff1..af65f2f 100644
--- a/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py
@@ -60,7 +60,7 @@
RBAC test for the neutron create_subnetpool policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_subnetpool()
@rbac_rule_validation.action(service="neutron",
@@ -83,7 +83,7 @@
self.addCleanup(self.subnetpools_client.update_subnetpool,
default_pool["id"], is_default=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# It apparently only enforces the policy for is_default=True.
# It does nothing for is_default=False
self._create_subnetpool(is_default=True)
@@ -98,7 +98,7 @@
RBAC test for the neutron create_subnetpool:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_subnetpool(shared=True)
@rbac_rule_validation.action(service="neutron",
@@ -111,7 +111,7 @@
RBAC test for the neutron get_subnetpool policy
"""
subnetpool = self._create_subnetpool()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnetpools_client.show_subnetpool(subnetpool['id'])
@rbac_rule_validation.action(service="neutron",
@@ -125,7 +125,7 @@
RBAC test for the neutron update_subnetpool policy
"""
subnetpool = self._create_subnetpool()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnetpools_client.update_subnetpool(subnetpool['id'],
min_prefixlen=24)
@@ -147,7 +147,7 @@
default_pool = self._create_subnetpool(is_default=True)
original_desc = default_pool['description']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnetpools_client.update_subnetpool(
default_pool['id'], description=original_desc, is_default=True)
@@ -162,7 +162,7 @@
RBAC test for the neutron delete_subnetpool policy
"""
subnetpool = self._create_subnetpool()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnetpools_client.delete_subnetpool(subnetpool['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_subnetpool"])
@@ -174,7 +174,7 @@
the ``get_subnetpool`` policy
"""
admin_resource_id = self._create_subnetpool()['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.subnetpools_client.list_subnetpools(
id=admin_resource_id)["subnetpools"]
diff --git a/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py b/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
index babb6ad..2b03ece 100644
--- a/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
@@ -44,7 +44,7 @@
RBAC test for the neutron "create_subnet" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_subnet(self.network)
@decorators.idempotent_id('c02618e7-bb20-4abd-83c8-6eec2af08752')
@@ -56,7 +56,7 @@
RBAC test for the neutron "get_subnet" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnets_client.show_subnet(self.subnet['id'])
@decorators.idempotent_id('e2ddc415-5cab-43f4-9b61-166aed65d637')
@@ -68,8 +68,8 @@
the ``get_subnet`` policy
"""
admin_resource_id = self.subnet['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.subnets_client.list_subnets(
id=admin_resource_id)["subnets"]
@@ -84,7 +84,7 @@
"""
update_name = data_utils.rand_name(self.__class__.__name__ + '-Subnet')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnets_client.update_subnet(self.subnet['id'],
name=update_name)
@@ -99,5 +99,5 @@
"""
subnet = self.create_subnet(self.network)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.subnets_client.delete_subnet(subnet['id'])
diff --git a/patrole_tempest_plugin/tests/api/network/test_trunks_rbac.py b/patrole_tempest_plugin/tests/api/network/test_trunks_rbac.py
index 761820b..0e8719e 100644
--- a/patrole_tempest_plugin/tests/api/network/test_trunks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_trunks_rbac.py
@@ -52,7 +52,7 @@
RBAC test for the neutron "create_trunk" policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_trunk(self.port_id)
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08131')
@@ -66,7 +66,7 @@
"""
trunk = self.create_trunk(self.port_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.show_trunk(trunk['trunk']['id'])
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08132')
@@ -81,7 +81,7 @@
"""
trunk = self.create_trunk(self.port_id)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.delete_trunk(trunk['trunk']['id'])
@decorators.idempotent_id('047badd1-e4ff-40c5-9929-99ffcb8750a7')
@@ -93,8 +93,8 @@
the ``get_trunk`` policy
"""
admin_resource_id = self.create_trunk(self.port_id)["trunk"]['id']
- with (self.rbac_utils.override_role_and_validate_list(
- self, admin_resource_id=admin_resource_id)) as ctx:
+ with (self.override_role_and_validate_list(
+ admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_trunks(
id=admin_resource_id)["trunks"]
@@ -149,7 +149,7 @@
self.create_subports(self.trunk_id, port["id"])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.get_subports(self.trunk_id)
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08134')
@@ -176,7 +176,7 @@
self.ntp_client.remove_subports,
self.trunk_id, subports)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.add_subports(self.trunk_id, subports)
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08135')
@@ -197,5 +197,5 @@
subports = self.create_subports(self.trunk_id, port["id"])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.ntp_client.remove_subports(self.trunk_id, subports)
diff --git a/patrole_tempest_plugin/tests/api/volume/rbac_base.py b/patrole_tempest_plugin/tests/api/volume/rbac_base.py
index 1d0a44d..daf5b6d 100644
--- a/patrole_tempest_plugin/tests/api/volume/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/volume/rbac_base.py
@@ -31,7 +31,6 @@
@classmethod
def setup_clients(cls):
super(BaseVolumeRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
cls.volume_hosts_client = cls.os_primary.volume_hosts_client_latest
cls.volume_types_client = cls.os_primary.volume_types_client_latest
cls.groups_client = cls.os_primary.groups_client_latest
diff --git a/patrole_tempest_plugin/tests/api/volume/test_capabilities_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_capabilities_rbac.py
index 3770f84..2860c2f 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_capabilities_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_capabilities_rbac.py
@@ -41,5 +41,5 @@
@decorators.idempotent_id('40928b74-2141-11e7-93ae-92361f002671')
def test_show_back_end_capabilities(self):
host = self.hosts_client.list_hosts()['hosts'][0]['host_name']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.capabilities_client.show_backend_capabilities(host)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_encryption_types_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_encryption_types_rbac.py
index 8443943..07bbd6b 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_encryption_types_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_encryption_types_rbac.py
@@ -73,7 +73,7 @@
rules=[_CREATE_VOLUME_TYPE_ENCRYPTION])
def test_create_volume_type_encryption(self):
vol_type_id = self.create_volume_type()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.encryption_types_client.create_encryption_type(
vol_type_id,
provider="nova.volume.encryptors.luks.LuksEncryptor",
@@ -85,7 +85,7 @@
rules=[_DELETE_VOLUME_TYPE_ENCRYPTION])
def test_delete_volume_type_encryption(self):
vol_type_id = self._create_volume_type_encryption()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.encryption_types_client.delete_encryption_type(vol_type_id)
@decorators.idempotent_id('42da9fec-32fd-4dca-9242-8a53b2fed25a')
@@ -94,7 +94,7 @@
rules=[_UPDATE_VOLUME_TYPE_ENCRYPTION])
def test_update_volume_type_encryption(self):
vol_type_id = self._create_volume_type_encryption()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.encryption_types_client.update_encryption_type(
vol_type_id,
control_location="front-end")
@@ -105,7 +105,7 @@
rules=[_SHOW_VOLUME_TYPE_ENCRYPTION])
def test_show_volume_type_encryption(self):
vol_type_id = self._create_volume_type_encryption()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.encryption_types_client.show_encryption_type(vol_type_id)
@decorators.idempotent_id('d4ed3cf8-52b2-4fa2-910d-e405361f0881')
@@ -114,6 +114,6 @@
rules=[_SHOW_VOLUME_TYPE_ENCRYPTION])
def test_show_encryption_specs_item(self):
vol_type_id = self._create_volume_type_encryption()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.encryption_types_client.show_encryption_specs_item(
vol_type_id, 'provider')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
index 56a0233..f83f35b 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
@@ -92,7 +92,7 @@
rules=["group:create_group_snapshot"]
)
def test_create_group_snapshot(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
name = data_utils.rand_name(
self.__class__.__name__ + '-Group_Snapshot')
group_snapshot = self.group_snapshots_client.create_group_snapshot(
@@ -118,7 +118,7 @@
group_snapshot_name = data_utils.rand_name('group_snapshot')
group_snapshot = self._create_group_snapshot(group_id=self.grp['id'],
name=group_snapshot_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_snapshots_client.show_group_snapshot(
group_snapshot['id'])
@@ -128,7 +128,7 @@
rules=["group:get_all_group_snapshots"]
)
def test_list_group_snapshot_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_snapshots_client.list_group_snapshots()
@decorators.idempotent_id('cf2e25ee-ca58-4ad6-b98d-33235c77db7b')
@@ -140,7 +140,7 @@
group_snapshot_name = data_utils.rand_name('group_snapshot')
group_snapshot = self._create_group_snapshot(group_id=self.grp['id'],
name=group_snapshot_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_snapshots_client.delete_group_snapshot(
group_snapshot['id'])
vols = self.volumes_client.list_volumes(detail=True)['volumes']
@@ -192,7 +192,7 @@
group_snapshot_name = data_utils.rand_name('group_snapshot')
group_snapshot = self._create_group_snapshot(group_id=self.grp['id'],
name=group_snapshot_name)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_snapshots_client.reset_group_snapshot_status(
group_snapshot['id'], 'error')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py b/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
index 9c41dfc..03e7bc0 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
@@ -39,7 +39,7 @@
"key2": "value2"
}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client. \
create_or_update_group_type_specs(
group_type['id'], create_specs)['group_specs']
@@ -58,7 +58,7 @@
self.group_types_client.create_or_update_group_type_specs(
group_type['id'], specs)['group_specs']
# Show specified item of group type specs
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.show_group_type_specs_item(
group_type['id'], 'key2')
@@ -74,7 +74,7 @@
update_spec = {update_key: "value3-updated"}
self.group_types_client.create_or_update_group_type_specs(
group_type['id'], update_spec)['group_specs']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.update_group_type_specs_item(
group_type['id'], update_key, update_spec)
@@ -85,7 +85,7 @@
)
def test_group_type_specs_list(self):
group_type = self.create_group_type()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.list_group_type_specs(
group_type['id'])['group_specs']
@@ -101,6 +101,6 @@
specs = {'key1': 'value1'}
self.group_types_client.create_or_update_group_type_specs(
group_type['id'], specs)['group_specs']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.delete_group_type_specs_item(
group_type['id'], delete_key)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
index 730e349..8f29393 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
@@ -68,7 +68,7 @@
group_name = name or data_utils.rand_name(
self.__class__.__name__ + '-Group')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
group = self.groups_client.create_group(
name=group_name, group_type=self.group_type_id,
volume_types=[self.volume_type_id])['group']
@@ -85,7 +85,7 @@
group = self._create_group(group_type=self.group_type_id,
volume_types=[self.volume_type_id])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.show_group(group['id'])
@decorators.idempotent_id('db43841b-a173-4317-acfc-f83e4e48e4ee')
@@ -93,7 +93,7 @@
service="cinder",
rules=["group:get_all"])
def test_list_groups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.list_groups()['groups']
@decorators.idempotent_id('5378da93-9c26-4ad4-b039-0555e2b8f668')
@@ -101,7 +101,7 @@
service="cinder",
rules=["group:get_all"])
def test_list_groups_with_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.list_groups(detail=True)['groups']
@decorators.idempotent_id('f499fc48-df83-4917-bf8d-783ebf6f080b')
@@ -113,7 +113,7 @@
volume_types=[self.volume_type_id])
updated_name = data_utils.rand_name(self.__class__.__name__ + '-Group')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.update_group(group['id'], name=updated_name)
@decorators.idempotent_id('66fda391-5774-42a9-a018-80b34e57ab76')
@@ -126,7 +126,7 @@
group_type=self.group_type_id,
volume_types=[self.volume_type_id])
group_id = group['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.delete_group(group_id, delete_volumes=True)
self.groups_client.wait_for_resource_deletion(group_id)
@@ -152,7 +152,7 @@
group_type=self.group_type_id,
volume_types=[self.volume_type_id])
status = 'available'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.groups_client.reset_group_status(group['id'],
status)
waiters.wait_for_volume_resource_status(
@@ -168,7 +168,7 @@
service="cinder",
rules=["group:group_types_manage"])
def test_create_group_type(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_group_type(ignore_notfound=True)
@decorators.idempotent_id('f77f8156-4fc9-4f02-be15-8930f748e10c')
@@ -178,7 +178,7 @@
def test_delete_group_type(self):
group_type = self.create_group_type(ignore_notfound=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.delete_group_type(group_type['id'])
@decorators.idempotent_id('67929954-4551-4d22-b15a-27fb6e56b711')
@@ -192,7 +192,7 @@
self.__class__.__name__ + '-updated-group-type'),
'description': 'updated-group-type-desc'
}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.group_types_client.update_group_type(
group_type['id'], **update_params)
@@ -204,7 +204,7 @@
# TODO(felipemonteiro): Combine with ``test_create_group_type``
# once multiple policy testing is supported. This policy is
# only enforced after "group:group_types_manage".
- with self.rbac_utils.override_role(self):
+ with self.override_role():
group_type = self.create_group_type(ignore_notfound=True)
if 'group_specs' not in group_type:
@@ -217,7 +217,7 @@
rules=["group:access_group_types_specs"])
def test_show_group_type(self):
group_type = self.create_group_type()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp_body = self.group_types_client.show_group_type(
group_type['id'])['group_type']
if 'group_specs' not in resp_body:
diff --git a/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
index 2bd0992..32baf56 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
@@ -46,7 +46,7 @@
'totalBackupGigabytesUsed'
}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
absolute_limits = self.volume_limits_client.show_limits()[
'limits']['absolute']
for key in expected_keys:
diff --git a/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
index 2f144b0..be8424e 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
@@ -42,7 +42,7 @@
service="cinder", rules=["volume_extension:qos_specs_manage:create"])
@decorators.idempotent_id('4f9f45f0-b379-4577-a279-cec3e917cbec')
def test_create_qos_with_consumer(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_test_qos_specs()
@rbac_rule_validation.action(
@@ -50,7 +50,7 @@
@decorators.idempotent_id('fbc8a77e-6b6d-45ae-bebe-c496eb8f06f7')
def test_delete_qos_with_consumer(self):
qos = self._create_test_qos_specs()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.delete_qos(qos['id'])
@rbac_rule_validation.action(
@@ -59,7 +59,7 @@
@decorators.idempotent_id('22aff0dd-0343-408d-ae80-e77551956e14')
def test_show_qos(self):
qos = self._create_test_qos_specs()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.show_qos(qos['id'])['qos_specs']
@rbac_rule_validation.action(
@@ -72,7 +72,7 @@
self.qos_client.associate_qos(qos['id'], vol_type)
self.addCleanup(self.qos_client.disassociate_qos, qos['id'], vol_type)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.show_association_qos(qos['id'])
@rbac_rule_validation.action(
@@ -80,7 +80,7 @@
rules=["volume_extension:qos_specs_manage:get_all"])
@decorators.idempotent_id('546b8bb1-04a4-4387-9506-a538a7f3cd6a')
def test_list_qos(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.list_qos()['qos_specs']
@rbac_rule_validation.action(
@@ -88,7 +88,7 @@
@decorators.idempotent_id('89b630b7-c170-47c3-ac80-50ed425c2d98')
def test_set_qos_key(self):
qos = self._create_test_qos_specs()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.set_qos_key(
qos['id'], iops_bytes='500')['qos_specs']
@@ -99,7 +99,7 @@
qos = self._create_test_qos_specs()
self.qos_client.set_qos_key(qos['id'], iops_bytes='500')['qos_specs']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.unset_qos_key(qos['id'], ['iops_bytes'])
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
'qos-key-unset', args=['iops_bytes'])
@@ -111,7 +111,7 @@
qos = self._create_test_qos_specs()
vol_type = self.create_volume_type()['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.associate_qos(qos['id'], vol_type)
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
@@ -127,7 +127,7 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.qos_client.disassociate_qos, qos['id'], vol_type)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.disassociate_qos(qos['id'], vol_type)
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
'disassociate', args=vol_type)
@@ -142,7 +142,7 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.qos_client.disassociate_qos, qos['id'], vol_type)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.qos_client.disassociate_all_qos(qos['id'])
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
'disassociate-all')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
index dcc67f6..fb57cbc 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
@@ -41,7 +41,7 @@
@rbac_rule_validation.action(service="cinder",
rules=["volume_extension:quota_classes"])
def test_show_quota_class_set(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quota_classes_client.show_quota_class_set(
self.quota_name)['quota_class_set']
@@ -53,6 +53,6 @@
self.quota_name)['quota_class_set']
quota_class_set.pop('id')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quota_classes_client.update_quota_class_set(self.quota_name,
**quota_class_set)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_scheduler_stats_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_scheduler_stats_rbac.py
index ff12cba..5bb57e7 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_scheduler_stats_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_scheduler_stats_rbac.py
@@ -40,5 +40,5 @@
rules=["scheduler_extension:scheduler_stats:get_pools"])
@decorators.idempotent_id('5f800441-4d30-48ec-9e5b-0d55bc86acbb')
def test_list_back_end_storage_pools(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.scheduler_stats_client.list_pools()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshot_manage_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshot_manage_rbac.py
index 1fc4c24..f083924 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshot_manage_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshot_manage_rbac.py
@@ -62,7 +62,7 @@
CONF.volume.manage_snapshot_ref[1] % self.snapshot['id']},
'name': name
}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
snapshot = self.snapshot_manage_client.manage_snapshot(
**snapshot_ref)['snapshot']
self.addCleanup(self.delete_snapshot, snapshot['id'],
@@ -76,7 +76,7 @@
service="cinder",
rules=["snapshot_extension:snapshot_unmanage"])
def test_unmanage_snapshot_rbac(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.unmanage_snapshot(self.snapshot['id'])
self.snapshots_client.wait_for_resource_deletion(
self.snapshot['id'])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
index ed42b2d..b3714ba 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
@@ -53,7 +53,7 @@
@decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb')
def test_reset_snapshot_status(self):
status = 'error'
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.reset_snapshot_status(
self.snapshot['id'], status)
waiters.wait_for_volume_resource_status(
@@ -66,7 +66,7 @@
def test_snapshot_force_delete(self):
temp_snapshot = self.create_snapshot(self.volume['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.force_delete_snapshot(temp_snapshot['id'])
self.snapshots_client.wait_for_resource_deletion(temp_snapshot['id'])
@@ -80,7 +80,7 @@
self.snapshot['id'], status)
waiters.wait_for_volume_resource_status(self.snapshots_client,
self.snapshot['id'], status)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.update_snapshot_status(self.snapshot['id'],
status="creating")
waiters.wait_for_volume_resource_status(
diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
index 1141b7e..11b08fb 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
@@ -54,7 +54,7 @@
# Create volume and snapshot metadata
self._create_test_snapshot_metadata()
# Get metadata for the snapshot
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.show_snapshot_metadata(
self.snapshot_id)
@@ -66,7 +66,7 @@
# Create volume and snapshot metadata
self._create_test_snapshot_metadata()
# Get the metadata of the snapshot
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.show_snapshot_metadata(
self.snapshot_id)['metadata']
@@ -75,7 +75,7 @@
rules=["volume:update_snapshot_metadata"])
def test_update_snapshot_metadata(self):
self._create_test_snapshot_metadata()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
update = {"key3": "value3_update",
"key4": "value4"}
self.snapshots_client.update_snapshot_metadata(
@@ -86,7 +86,7 @@
rules=["volume:get_snapshot_metadata"])
def test_show_snapshot_metadata_item(self):
self._create_test_snapshot_metadata()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.show_snapshot_metadata_item(
self.snapshot['id'], "key3")['meta']
@@ -96,7 +96,7 @@
def test_update_snapshot_metadata_item(self):
update_item = {"key3": "value3_update"}
self._create_test_snapshot_metadata()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.update_snapshot_metadata_item(
self.snapshot['id'], "key3", meta=update_item)['meta']
@@ -105,6 +105,6 @@
rules=["volume:delete_snapshot_metadata"])
def test_delete_snapshot_metadata_item(self):
self._create_test_snapshot_metadata()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.delete_snapshot_metadata_item(
self.snapshot['id'], "key1")
diff --git a/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
index 11c42b1..f0dfe09 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
@@ -67,7 +67,7 @@
service="cinder",
rules=["message:get_all"])
def test_list_messages(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.messages_client.list_messages()['messages']
@decorators.idempotent_id('9cc1ad1e-68a2-4407-8b60-ea77909bce08')
@@ -77,7 +77,7 @@
def test_show_message(self):
message_id = self._create_user_message()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.messages_client.show_message(message_id)['message']
@decorators.idempotent_id('65ca7fb7-7f2c-443e-b144-ac86973a97be')
@@ -87,6 +87,6 @@
def test_delete_message(self):
message_id = self._create_user_message()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.messages_client.delete_message(message_id)
self.messages_client.wait_for_resource_deletion(message_id)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
index 2a5b9fe..079d5b4 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
@@ -82,7 +82,7 @@
server = self._create_server()
volume_id = self.volume['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.attach_volume(
server['id'], volumeId=volume_id,
device='/dev/%s' % CONF.compute.volume_device_name)
@@ -101,7 +101,7 @@
self._attach_volume(server)
volume_id = self.volume['id']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.detach_volume(volume_id)
waiters.wait_for_volume_resource_status(
self.volumes_client, volume_id, 'available')
@@ -110,7 +110,7 @@
rules=["volume:update_readonly_flag"])
@decorators.idempotent_id('2750717a-f250-4e41-9e09-02624aad6ff8')
def test_volume_readonly_update(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.update_volume_readonly(self.volume['id'],
readonly=True)
self.addCleanup(self.volumes_client.update_volume_readonly,
@@ -120,7 +120,7 @@
@rbac_rule_validation.action(service="cinder",
rules=["volume:update"])
def test_volume_set_bootable(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.set_bootable_volume(self.volume['id'],
bootable=True)
@@ -134,7 +134,7 @@
service="cinder",
rules=["volume_extension:volume_actions:reserve"])
def test_volume_reserve(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.reserve_volume(self.volume['id'])
@testtools.skipUnless(
@@ -147,7 +147,7 @@
service="cinder",
rules=["volume_extension:volume_actions:unreserve"])
def test_volume_unreserve(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.unreserve_volume(self.volume['id'])
@decorators.idempotent_id('c015c82f-7010-48cc-bd71-4ef542046f20')
@@ -157,7 +157,7 @@
vol_type = self.create_volume_type()['name']
volume = self.create_volume()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.retype_volume(volume['id'], new_type=vol_type)
waiters.wait_for_volume_retype(
self.volumes_client, volume['id'], vol_type)
@@ -169,7 +169,7 @@
def test_volume_reset_status(self):
volume = self.create_volume()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.reset_volume_status(
volume['id'], status='error')
@@ -181,7 +181,7 @@
volume = self.create_volume()
self.volumes_client.reset_volume_status(volume['id'], status='error')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.force_delete_volume(volume['id'])
self.volumes_client.wait_for_resource_deletion(volume['id'])
@@ -200,7 +200,7 @@
# Reset volume's status to error.
self.volumes_client.reset_volume_status(volume['id'], status='error')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.force_detach_volume(
volume['id'], connector=None,
attachment_id=attachment['attachment_id'])
@@ -234,7 +234,7 @@
# "volume:copy_volume_to_image".
image_name = data_utils.rand_name(self.__class__.__name__ + '-Image')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.volumes_client.upload_volume(
self.volume['id'], image_name=image_name, visibility="private",
disk_format=CONF.volume.disk_format)['os-volume_upload_image']
@@ -257,7 +257,7 @@
# This also enforces "volume_extension:volume_actions:upload_image".
image_name = data_utils.rand_name(self.__class__.__name__ + '-Image')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.volumes_client.upload_volume(
self.volume['id'], image_name=image_name, visibility="public",
disk_format=CONF.volume.disk_format)['os-volume_upload_image']
@@ -279,5 +279,5 @@
@decorators.idempotent_id('a654833d-4811-4acd-93ef-5ac4a34c75bc')
@rbac_rule_validation.action(service="cinder", rules=["volume:get_all"])
def test_show_volume_summary(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.show_volume_summary()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
index ac2255a..e4958f5 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
@@ -38,7 +38,7 @@
name = data_utils.rand_name(self.__class__.__name__ + '-Volume')
size = CONF.volume.volume_size
- with self.rbac_utils.override_role(self):
+ with self.override_role():
volume = self.volumes_client.create_volume(name=name, size=size)[
'volume']
# Use helper in base Tempest volume class which waits for deletion.
@@ -54,7 +54,7 @@
size = CONF.volume.volume_size
img_uuid = CONF.compute.image_ref
- with self.rbac_utils.override_role(self):
+ with self.override_role():
volume = self.volumes_client.create_volume(
name=name, size=size, imageRef=img_uuid)['volume']
# Use helper in base Tempest volume class which waits for deletion.
@@ -67,34 +67,34 @@
@decorators.idempotent_id('6de9f9c2-509f-4558-867b-af21c7163be4')
def test_delete_volume(self):
volume = self.create_volume()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.delete_volume(volume['id'])
self.volumes_client.wait_for_resource_deletion(volume['id'])
@rbac_rule_validation.action(service="cinder", rules=["volume:get"])
@decorators.idempotent_id('c4c3fdd5-b1b1-49c3-b977-a9f40ee9257a')
def test_show_volume(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.show_volume(self.volume['id'])
@rbac_rule_validation.action(service="cinder",
rules=["volume:get_all"])
@decorators.idempotent_id('e3ab7906-b04b-4c45-aa11-1104d302f940')
def test_list_volumes(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.list_volumes()
@decorators.idempotent_id('9b6d5beb-254f-4f1b-9906-0bdce4042f53')
@rbac_rule_validation.action(service="cinder",
rules=["volume:get_all"])
def test_list_volumes_with_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.list_volumes(detail=True)
@rbac_rule_validation.action(service="cinder", rules=["volume:update"])
@decorators.idempotent_id('b751b889-9a9b-40d8-ae7d-4b0f65e71ac7')
def test_update_volume(self):
update_name = data_utils.rand_name(self.__class__.__name__ + 'volume')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.update_volume(self.volume['id'],
name=update_name)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
index 8e2e264..b3fb0b6 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
@@ -25,7 +25,7 @@
rules=["volume_extension:hosts"])
@decorators.idempotent_id('64e837f5-5452-4e26-b934-c721ea7a8644')
def test_list_hosts(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_hosts_client.list_hosts()
@decorators.idempotent_id('9ddf321e-788f-4787-b8cc-dfa59e264143')
@@ -37,5 +37,5 @@
self.assertNotEmpty(host_names, "No available volume host was found, "
"all hosts found were: %s" % hosts)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_hosts_client.show_host(host_names[0])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
index 7e0044d..98fed1e 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
@@ -45,14 +45,14 @@
rules=["volume:create_volume_metadata"])
@decorators.idempotent_id('232bbb8b-4c29-44dc-9077-b1398c20b738')
def test_create_volume_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._add_metadata(self.volume)
@rbac_rule_validation.action(service="cinder",
rules=["volume:get_volume_metadata"])
@decorators.idempotent_id('87ea37d9-23ab-47b2-a59c-16fc4d2c6dfa')
def test_show_volume_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.show_volume_metadata(
self.volume['id'])['metadata']
@@ -62,7 +62,7 @@
def test_show_volume_metadata_item(self):
self._add_metadata(self.volume)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.show_volume_metadata_item(
self.volume['id'], "key1")
@@ -72,7 +72,7 @@
def test_delete_volume_metadata_item(self):
self._add_metadata(self.volume)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.delete_volume_metadata_item(self.volume['id'],
"key1")
@@ -82,7 +82,7 @@
def test_update_volume_metadata_item(self):
self._add_metadata(self.volume)
updated_metadata_item = {"key1": "value1_update"}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.update_volume_metadata_item(
self.volume['id'], "key1", updated_metadata_item)['meta']
@@ -92,7 +92,7 @@
def test_update_volume_metadata(self):
self._add_metadata(self.volume)
updated_metadata = {"key1": "value1"}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.update_volume_metadata(self.volume['id'],
updated_metadata)
@@ -106,7 +106,7 @@
self.addCleanup(self.volumes_client.delete_volume_image_metadata,
self.volume['id'], 'image_id')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp_body = self.volumes_client.list_volumes(detail=True)[
'volumes']
expected_attr = 'volume_image_metadata'
@@ -124,7 +124,7 @@
self.addCleanup(self.volumes_client.delete_volume_image_metadata,
self.volume['id'], 'image_id')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp_body = self.volumes_client.show_volume(self.volume['id'])[
'volume']
expected_attr = 'volume_image_metadata'
@@ -137,7 +137,7 @@
service="cinder",
rules=["volume_extension:volume_image_metadata"])
def test_update_volume_image_metadata(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.update_volume_image_metadata(
self.volume['id'], image_id=self.image_id)
self.addCleanup(self.volumes_client.delete_volume_image_metadata,
@@ -154,6 +154,6 @@
self.volumes_client.delete_volume_image_metadata,
self.volume['id'], 'image_id')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.delete_volume_image_metadata(self.volume['id'],
'image_id')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
index f49c2fd..6d27d2c 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
@@ -47,14 +47,14 @@
@rbac_rule_validation.action(service="cinder",
rules=["volume_extension:quotas:show"])
def test_list_quotas(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_quota_set(self.demo_tenant_id)
@decorators.idempotent_id('e47cf444-2753-4983-be6d-fc0d6523720f')
@rbac_rule_validation.action(service="cinder",
rules=["volume_extension:quotas:show"])
def test_list_quotas_usage_true(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_quota_set(self.demo_tenant_id,
params={'usage': True})
@@ -62,7 +62,7 @@
rules=["volume_extension:quotas:show"])
@decorators.idempotent_id('b3c7177e-b6b1-4d0f-810a-fc95606964dd')
def test_list_default_quotas(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.show_default_quota_set(
self.demo_tenant_id)
@@ -75,7 +75,7 @@
'volumes': 11,
'snapshots': 11}
# Update limits for all quota resources.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.update_quota_set(
self.demo_tenant_id, **new_quota_set)
@@ -85,5 +85,5 @@
def test_delete_quota_set(self):
self._restore_default_quota_set()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.quotas_client.delete_quota_set(self.demo_tenant_id)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py
index 0f4e458..945d016 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py
@@ -43,5 +43,5 @@
service="cinder",
rules=["volume_extension:services:index"])
def test_list_services(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.services_client.list_services()['services']
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py
index 5e0fd21..e52e074 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py
@@ -52,7 +52,7 @@
rules=["volume:create_transfer"])
@decorators.idempotent_id('25413af4-468d-48ff-94ca-4436f8526b3e')
def test_create_volume_transfer(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_transfer()
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'awaiting-transfer')
@@ -65,21 +65,21 @@
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'awaiting-transfer')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.transfers_client.show_volume_transfer(transfer['id'])
@rbac_rule_validation.action(service="cinder",
rules=["volume:get_all_transfers"])
@decorators.idempotent_id('02a06f2b-5040-49e2-b2b7-619a7db59603')
def test_list_volume_transfers(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.transfers_client.list_volume_transfers()
@decorators.idempotent_id('e84e45b0-9872-40bf-bf44-971266161a86')
@rbac_rule_validation.action(service="cinder",
rules=["volume:get_all_transfers"])
def test_list_volume_transfers_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.transfers_client.list_volume_transfers(detail=True)
@rbac_rule_validation.action(service="cinder",
@@ -90,7 +90,7 @@
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'awaiting-transfer')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.transfers_client.accept_volume_transfer(
transfer['id'], auth_key=transfer['auth_key'])
waiters.wait_for_volume_resource_status(self.volumes_client,
@@ -104,7 +104,7 @@
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'awaiting-transfer')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.transfers_client.delete_volume_transfer(transfer['id'])
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'available')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
index 3aed54d..3fd0a15 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
@@ -56,7 +56,7 @@
def test_list_type_access(self):
self._add_type_access()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.list_type_access(self.vol_type['id'])[
'volume_type_access']
@@ -65,7 +65,7 @@
service="cinder",
rules=["volume_extension:volume_type_access:addProjectAccess"])
def test_add_type_access(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._add_type_access(ignore_not_found=True)
@decorators.idempotent_id('8f848aeb-636a-46f1-aeeb-e2a60e9d2bfe')
@@ -75,6 +75,6 @@
def test_remove_type_access(self):
self._add_type_access(ignore_not_found=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.remove_type_access(
self.vol_type['id'], project=self.project_id)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
index b610dde..0d6dc05 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
@@ -57,7 +57,7 @@
service="cinder",
rules=["volume_extension:types_extra_specs:index"])
def test_list_volume_types_extra_specs(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.list_volume_types_extra_specs(
self.vol_type['id'])['extra_specs']
@@ -66,7 +66,7 @@
rules=["volume_extension:types_extra_specs:create"])
@decorators.idempotent_id('eea40251-990b-49b0-99ae-10e4585b479b')
def test_create_volume_type_extra_specs(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_volume_type_extra_specs(ignore_not_found=True)
@decorators.idempotent_id('e2dcc9c6-2fef-431d-afaf-92b45bc76d1a')
@@ -76,7 +76,7 @@
def test_show_volume_type_extra_specs(self):
self._create_volume_type_extra_specs()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.show_volume_type_extra_specs(
self.vol_type['id'], self.spec_key)
@@ -87,7 +87,7 @@
def test_delete_volume_type_extra_specs(self):
self._create_volume_type_extra_specs(ignore_not_found=True)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.delete_volume_type_extra_specs(
self.vol_type['id'], self.spec_key)
@@ -99,6 +99,6 @@
self._create_volume_type_extra_specs()
update_extra_specs = {self.spec_key: "val2"}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.update_volume_type_extra_specs(
self.vol_type['id'], self.spec_key, update_extra_specs)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
index a5bec1f..012fa91 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
@@ -26,7 +26,7 @@
service="cinder",
rules=["volume_extension:types_manage"])
def test_create_volume_type(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_volume_type()
@decorators.idempotent_id('2b74ac82-e03e-4801-86f3-d05c9acfd66b')
@@ -35,7 +35,7 @@
rules=["volume_extension:types_manage"])
def test_update_volume_type(self):
volume_type = self.create_volume_type()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.update_volume_type(
volume_type['id'], description='updated-description')
@@ -45,6 +45,6 @@
rules=["volume_extension:types_manage"])
def test_delete_volume_type(self):
volume_type = self.create_volume_type()
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volume_types_client.delete_volume_type(volume_type['id'])
self.volume_types_client.wait_for_resource_deletion(volume_type['id'])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
index 0efeb33..1245371 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
@@ -62,7 +62,7 @@
def test_create_backup(self):
backup_name = data_utils.rand_name(self.__class__.__name__ + '-Backup')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
backup = self.backups_client.create_backup(
volume_id=self.volume['id'], name=backup_name)['backup']
self.addCleanup(self.backups_client.delete_backup, backup['id'])
@@ -76,21 +76,21 @@
rules=["backup:get"])
@decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a')
def test_show_backup(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.show_backup(self.backup['id'])
@rbac_rule_validation.action(service="cinder",
rules=["backup:get_all"])
@decorators.idempotent_id('4d18f0f0-7e01-4007-b622-dedc859b22f6')
def test_list_backups(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.list_backups()
@decorators.idempotent_id('dbd69865-876f-4835-b70e-7341153fb162')
@rbac_rule_validation.action(service="cinder",
rules=["backup:get_all"])
def test_list_backups_with_details(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.list_backups(detail=True)
@decorators.attr(type='slow')
@@ -104,7 +104,7 @@
waiters.wait_for_volume_resource_status(self.volumes_client,
self.volume['id'], 'available')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.reset_backup_status(backup_id=backup['id'],
status='error')
waiters.wait_for_volume_resource_status(self.backups_client,
@@ -115,7 +115,7 @@
rules=["backup:restore"])
@decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d')
def test_restore_backup(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
restore = self.backups_client.restore_backup(
self.backup['id'])['restore']
self.addCleanup(self.volumes_client.delete_volume,
@@ -140,7 +140,7 @@
waiters.wait_for_volume_resource_status(self.volumes_client,
self.volume['id'], 'available')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.delete_backup(backup['id'])
# Wait for deletion so error isn't thrown during clean up.
self.backups_client.wait_for_resource_deletion(backup['id'])
@@ -150,7 +150,7 @@
rules=["backup:export-import"])
@decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
def test_export_backup(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.export_backup(self.backup['id'])[
'backup-record']
@@ -165,7 +165,7 @@
new_url = self._modify_backup_url(
export_backup['backup_url'], {'id': new_id})
- with self.rbac_utils.override_role(self):
+ with self.override_role():
import_backup = self.backups_client.import_backup(
backup_service=export_backup['backup_service'],
backup_url=new_url)['backup']
@@ -204,7 +204,7 @@
@rbac_rule_validation.action(service="cinder",
rules=["backup:backup_project_attribute"])
def test_show_backup_project_attribute(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.backups_client.show_backup(self.backup['id'])['backup']
# Show backup API attempts to inject the attribute below into the
@@ -217,7 +217,7 @@
@rbac_rule_validation.action(service="cinder",
rules=["backup:backup_project_attribute"])
def test_list_backup_details_project_attribute(self):
- with self.rbac_utils.override_role(self):
+ with self.override_role():
body = self.backups_client.list_backups(detail=True)['backups']
if self.expected_attr not in body[0]:
@@ -252,6 +252,6 @@
'name': data_utils.rand_name(self.__class__.__name__ + '-Backup'),
'description': data_utils.rand_name("volume-backup-description")
}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.backups_client.update_backup(self.backup['id'],
**update_kwargs)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_extend_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_extend_rbac.py
index ec6cf66..c7c52d2 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_extend_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_extend_rbac.py
@@ -33,7 +33,7 @@
def test_volume_extend(self):
# Extend volume test
extend_size = int(self.volume['size']) + 1
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.extend_volume(self.volume['id'],
new_size=extend_size)
waiters.wait_for_volume_resource_status(
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_manage_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_manage_rbac.py
index 9f21c4a..480ebeb 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_manage_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_manage_rbac.py
@@ -88,7 +88,7 @@
'volume_type': volume['volume_type'],
'availability_zone': volume['availability_zone']}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
try:
new_volume_id = self.volume_manage_client.manage_volume(
**new_volume_ref)['volume']['id']
@@ -114,7 +114,7 @@
volume_id = self.create_volume()['id']
volume = self.volumes_client.show_volume(volume_id)['volume']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.volumes_client.unmanage_volume(volume['id'])
self.volumes_client.wait_for_resource_deletion(volume['id'])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_snapshots_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_snapshots_rbac.py
index 55adf1a..f56a4e1 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_snapshots_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_snapshots_rbac.py
@@ -50,7 +50,7 @@
@decorators.idempotent_id('ac7b2ee5-fbc0-4360-afc2-de8fa4881ede')
def test_create_snapshot(self):
# Create a temp snapshot
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.create_snapshot(self.volume['id'])
@rbac_rule_validation.action(service="cinder",
@@ -58,7 +58,7 @@
@decorators.idempotent_id('93a11b40-1ba8-44d6-a196-f8d97220f796')
def test_show_snapshot(self):
# Get the snapshot
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.show_snapshot(
self.snapshot['id'])['snapshot']
@@ -71,7 +71,7 @@
expected_attrs = ('os-extended-snapshot-attributes:project_id',
'os-extended-snapshot-attributes:progress')
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp = self.snapshots_client.show_snapshot(
self.snapshot['id'])['snapshot']
for expected_attr in expected_attrs:
@@ -86,7 +86,7 @@
new_desc = 'This is the new description of snapshot.'
params = {'description': new_desc}
# Updates snapshot with new values
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.snapshots_client.update_snapshot(
self.snapshot['id'], **params)['snapshot']
waiters.wait_for_volume_resource_status(
@@ -98,7 +98,7 @@
def test_delete_snapshot(self):
# Create a temp snapshot
temp_snapshot = self.create_snapshot(self.volume['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
# Delete the snapshot
self.snapshots_client.delete_snapshot(temp_snapshot['id'])
self.snapshots_client.wait_for_resource_deletion(
@@ -110,7 +110,7 @@
def test_list_snapshots(self):
"""List snapshots with params."""
params = {'name': self.snapshot['name']}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._list_by_param_values(**params)
@decorators.idempotent_id('f3155d8e-45ee-45c9-910d-18c0242229e1')
@@ -119,7 +119,7 @@
def test_list_snapshots_details(self):
"""List snapshots details with params."""
params = {'name': self.snapshot['name']}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._list_by_param_values(with_detail=True, **params)
@decorators.idempotent_id('dd37f388-2731-446d-a78f-676997ebb04a')
@@ -132,7 +132,7 @@
'os-extended-snapshot-attributes:progress')
params = {'name': self.snapshot['name']}
- with self.rbac_utils.override_role(self):
+ with self.override_role():
resp = self._list_by_param_values(with_detail=True, **params)
for expected_attr in expected_attrs:
if expected_attr not in resp[0]:
diff --git a/patrole_tempest_plugin/tests/unit/base.py b/patrole_tempest_plugin/tests/unit/base.py
index 9a801bd..c08da43 100644
--- a/patrole_tempest_plugin/tests/unit/base.py
+++ b/patrole_tempest_plugin/tests/unit/base.py
@@ -16,17 +16,15 @@
from tempest.tests import base
+from patrole_tempest_plugin.tests.unit import fixtures as patrole_fixtures
+
class TestCase(base.TestCase):
-
"""Test case base class for all unit tests."""
- def get_all_needed_roles(self, roles):
- role_inferences_mapping = {
- "admin": {"member", "reader"},
- "member": {"reader"}
- }
- res = set(r.lower() for r in roles)
- for role in res.copy():
- res.update(role_inferences_mapping.get(role, set()))
- return list(res)
+ def setUp(self):
+ super(TestCase, self).setUp()
+ # Disable patrole log for unit tests.
+ self.useFixture(
+ patrole_fixtures.ConfPatcher(enable_reporting=False,
+ group='patrole_log'))
diff --git a/patrole_tempest_plugin/tests/unit/fixtures.py b/patrole_tempest_plugin/tests/unit/fixtures.py
index f7a9059..41afe9b 100644
--- a/patrole_tempest_plugin/tests/unit/fixtures.py
+++ b/patrole_tempest_plugin/tests/unit/fixtures.py
@@ -16,12 +16,10 @@
"""Fixtures for Patrole tests."""
from __future__ import absolute_import
-from contextlib import contextmanager
import fixtures
import mock
import time
-from tempest import clients
from tempest.common import credentials_factory as credentials
from tempest import config
from tempest import test
@@ -57,81 +55,84 @@
CONF.set_override(k, v, self.group)
-class RbacUtilsFixture(fixtures.Fixture):
+class FakeBaseRbacTest(rbac_utils.RbacUtilsMixin, test.BaseTestCase):
+ os_primary = None
+
+ def runTest(self):
+ pass
+
+
+class RbacUtilsMixinFixture(fixtures.Fixture):
"""Fixture for `RbacUtils` class."""
USER_ID = mock.sentinel.user_id
PROJECT_ID = mock.sentinel.project_id
- def setUp(self):
- super(RbacUtilsFixture, self).setUp()
+ def __init__(self, do_reset_mocks=True, rbac_test_roles=None):
+ self._do_reset_mocks = do_reset_mocks
+ self._rbac_test_roles = rbac_test_roles or ['member']
- self.useFixture(ConfPatcher(rbac_test_roles=['member'],
+ def patchobject(self, target, attribute, *args, **kwargs):
+ p = mock.patch.object(target, attribute, *args, **kwargs)
+ m = p.start()
+ self.addCleanup(p.stop)
+ return m
+
+ def setUp(self):
+ super(RbacUtilsMixinFixture, self).setUp()
+
+ self.useFixture(ConfPatcher(rbac_test_roles=self._rbac_test_roles,
group='patrole'))
self.useFixture(ConfPatcher(
admin_role='admin', auth_version='v3', group='identity'))
self.useFixture(ConfPatcher(
api_v3=True, group='identity-feature-enabled'))
- test_obj_kwargs = {
- 'os_primary.credentials.user_id': self.USER_ID,
- 'os_primary.credentials.tenant_id': self.PROJECT_ID,
- 'os_primary.credentials.project_id': self.PROJECT_ID,
- }
- self.mock_test_obj = mock.Mock(
- __name__='patrole_unit_test', spec=test.BaseTestCase,
- os_primary=mock.Mock(),
- get_auth_providers=mock.Mock(return_value=[mock.Mock()]),
- **test_obj_kwargs)
-
# Mock out functionality that can't be used by unit tests. Mocking out
# time.sleep is a test optimization.
- self.mock_time = mock.patch.object(
- rbac_utils, 'time', __name__='mock_time', spec=time).start()
- mock.patch.object(credentials, 'get_configured_admin_credentials',
- spec=object).start()
- mock_admin_mgr = mock.patch.object(
- clients, 'Manager', spec=clients.Manager,
- roles_v3_client=mock.Mock(), roles_client=mock.Mock()).start()
+ self.mock_time = self.patchobject(rbac_utils, 'time',
+ __name__='mock_time', spec=time)
+ self.patchobject(credentials, 'get_configured_admin_credentials',
+ spec=object)
+ mock_admin_mgr = self.patchobject(rbac_utils.clients, 'Manager',
+ spec=rbac_utils.clients.Manager,
+ roles_v3_client=mock.Mock(),
+ roles_client=mock.Mock())
self.admin_roles_client = mock_admin_mgr.return_value.roles_v3_client
self.admin_roles_client.list_all_role_inference_rules.return_value = {
- "role_inferences": []}
+ "role_inferences": [
+ {
+ "implies": [{"id": "reader_id", "name": "reader"}],
+ "prior_role": {"id": "member_id", "name": "member"}
+ },
+ {
+ "implies": [{"id": "member_id", "name": "member"}],
+ "prior_role": {"id": "admin_id", "name": "admin"}
+ }
+ ]
+ }
- self.set_roles(['admin', 'member'], [])
+ default_roles = {'admin', 'member', 'reader'}.union(
+ set(self._rbac_test_roles))
+ self.set_roles(list(default_roles), [])
- def override_role(self, *role_toggles):
- """Instantiate `rbac_utils.RbacUtils` and call `override_role`.
+ test_obj_kwargs = {
+ 'credentials.user_id': self.USER_ID,
+ 'credentials.tenant_id': self.PROJECT_ID,
+ 'credentials.project_id': self.PROJECT_ID,
+ }
- Create an instance of `rbac_utils.RbacUtils` and call `override_role`
- for each boolean value in `role_toggles`. The number of calls to
- `override_role` is always 1 + len(`role_toggles`) because the
- `rbac_utils.RbacUtils` constructor automatically calls `override_role`.
+ class FakeRbacTest(FakeBaseRbacTest):
+ os_primary = mock.Mock()
- :param role_toggles: the list of boolean values iterated over and
- passed to `override_role`.
- """
- _rbac_utils = rbac_utils.RbacUtils(self.mock_test_obj)
+ FakeRbacTest.os_primary.configure_mock(**test_obj_kwargs)
- for role_toggle in role_toggles:
- _rbac_utils._override_role(self.mock_test_obj, role_toggle)
- # NOTE(felipemonteiro): Simulate that a role switch has occurred
- # by updating the user's current role to the new role. This means
- # that all API actions involved during a role switch -- listing,
- # deleting and adding roles -- are executed, making it easier to
- # assert that mock calls were called as expected.
- new_role = 'member' if role_toggle else 'admin'
- self.set_roles(['admin', 'member'], [new_role])
-
- @contextmanager
- def real_override_role(self, test_obj):
- """Actual call to ``override_role``.
-
- Useful for ensuring all the necessary mocks are performed before
- the method in question is called.
- """
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
- with _rbac_utils.override_role(test_obj):
- yield
+ FakeRbacTest.setUpClass()
+ self.test_obj = FakeRbacTest()
+ if self._do_reset_mocks:
+ self.admin_roles_client.reset_mock()
+ self.test_obj.os_primary.reset_mock()
+ self.mock_time.reset_mock()
def set_roles(self, roles, roles_on_project=None):
"""Set the list of available roles in the system.
@@ -159,28 +160,3 @@
self.admin_roles_client.list_roles.return_value = available_roles
self.admin_roles_client.list_user_roles_on_project.return_value = (
available_project_roles)
-
- def get_all_needed_roles(self, roles):
- self.admin_roles_client.list_all_role_inference_rules.return_value = {
- "role_inferences": [
- {
- "implies": [{"id": "3", "name": "reader"}],
- "prior_role": {"id": "2", "name": "member"}
- },
- {
- "implies": [{"id": "2", "name": "member"}],
- "prior_role": {"id": "1", "name": "admin"}
- }
- ]
- }
-
- # Call real get_all_needed_roles function
- with mock.patch.object(rbac_utils.RbacUtils, '_override_role',
- autospec=True):
- obj = rbac_utils.RbacUtils(mock.Mock())
- obj._role_map = {
- "1": "admin", "admin": "1",
- "2": "member", "member": "2",
- "3": "reader", "reader": "3"
- }
- return obj.get_all_needed_roles(roles)
diff --git a/patrole_tempest_plugin/tests/unit/test_policy_authority.py b/patrole_tempest_plugin/tests/unit/test_policy_authority.py
index 12457cb..185e449 100644
--- a/patrole_tempest_plugin/tests/unit/test_policy_authority.py
+++ b/patrole_tempest_plugin/tests/unit/test_policy_authority.py
@@ -76,6 +76,9 @@
if attr in dir(policy_authority.PolicyAuthority):
delattr(policy_authority.PolicyAuthority, attr)
+ self.test_obj = self.useFixture(fixtures.RbacUtilsMixinFixture()).\
+ test_obj
+
@staticmethod
def _get_fake_policies(rules):
fake_rules = []
@@ -96,7 +99,7 @@
authority = policy_authority.PolicyAuthority(
test_tenant_id, test_user_id, service)
- roles = self.get_all_needed_roles(roles)
+ roles = self.test_obj.get_all_needed_roles(roles)
for rule in allowed_rules:
allowed = authority.allowed(rule, roles)
@@ -289,7 +292,7 @@
for rule in allowed_rules:
allowed = authority.allowed(
- rule, self.get_all_needed_roles(['member']))
+ rule, self.test_obj.get_all_needed_roles(['member']))
self.assertTrue(allowed)
# for sure that roles are in same order
mock_try_rule.call_args[0][2]["roles"] = sorted(
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
index 79e8b1d..05ad7b7 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
@@ -20,12 +20,9 @@
import fixtures
from tempest.lib import exceptions
-from tempest import manager
-from tempest import test
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation as rbac_rv
-from patrole_tempest_plugin import rbac_utils
from patrole_tempest_plugin.tests.unit import base
from patrole_tempest_plugin.tests.unit import fixtures as patrole_fixtures
@@ -38,25 +35,10 @@
def setUp(self):
super(BaseRBACRuleValidationTest, self).setUp()
- self.mock_test_args = mock.Mock(spec=test.BaseTestCase)
- self.mock_test_args.os_primary = mock.Mock(spec=manager.Manager)
- self.mock_test_args.rbac_utils = mock.Mock(
- spec_set=rbac_utils.RbacUtils)
- self.mock_test_args.rbac_utils.get_all_needed_roles.side_effect = \
- self.get_all_needed_roles
-
- # Setup credentials for mock client manager.
- mock_creds = mock.Mock(user_id=mock.sentinel.user_id,
- project_id=mock.sentinel.project_id)
- setattr(self.mock_test_args.os_primary, 'credentials', mock_creds)
-
- self.useFixture(
- patrole_fixtures.ConfPatcher(rbac_test_roles=self.test_roles,
- group='patrole'))
- # Disable patrole log for unit tests.
- self.useFixture(
- patrole_fixtures.ConfPatcher(enable_reporting=False,
- group='patrole_log'))
+ self.rbac_utils_fixture = self.useFixture(
+ patrole_fixtures.RbacUtilsMixinFixture(
+ rbac_test_roles=self.test_roles))
+ self.test_obj = self.rbac_utils_fixture.test_obj
class BaseRBACMultiRoleRuleValidationTest(BaseRBACRuleValidationTest):
@@ -89,7 +71,7 @@
def test_policy(*args):
pass
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.error.assert_not_called()
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -107,7 +89,7 @@
def test_policy(*args):
raise exceptions.Forbidden()
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.error.assert_not_called()
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -131,7 +113,7 @@
"the following actions: \[%s\].*" % (mock.sentinel.action))
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, test_re, test_policy,
- self.mock_test_args)
+ self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], test_re)
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -188,7 +170,7 @@
mock.sentinel.action))
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, test_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], test_re)
_do_test(rbac_exceptions.RbacMissingAttributeResponseBody,
@@ -221,7 +203,7 @@
return_value = allowed
self.assertRaisesRegex(
rbac_exceptions.RbacExpectedWrongException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertTrue(mock_log.error.called)
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -259,10 +241,10 @@
if error_re:
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], error_re)
else:
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.error.assert_not_called()
mock_log.warning.assert_called_with(
@@ -302,7 +284,7 @@
error_re = ".*OverPermission: .* \[%s\]$" % mock.sentinel.action
self.assertRaisesRegex(rbac_exceptions.RbacOverPermissionException,
- error_re, test_policy, self.mock_test_args)
+ error_re, test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], error_re)
mock_log.error.reset_mock()
@@ -320,7 +302,7 @@
error_re = 'Attempted to test an invalid policy file or action'
self.assertRaisesRegex(rbac_exceptions.RbacParsingException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
mock_authority.PolicyAuthority.assert_called_once_with(
mock.sentinel.project_id, mock.sentinel.user_id,
@@ -403,7 +385,7 @@
(mock.sentinel.action))
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, test_re, test_policy,
- self.mock_test_args)
+ self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], test_re)
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -441,10 +423,10 @@
if error_re:
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], error_re)
else:
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.error.assert_not_called()
mock_log.warning.assert_called_with(
@@ -486,7 +468,7 @@
def test_policy(*args):
pass
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
self.assertFalse(mock_rbaclog.info.called)
@mock.patch.object(rbac_rv, 'RBACLOG', autospec=True)
@@ -506,7 +488,7 @@
def test_policy(*args):
pass
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_rbaclog.info.assert_called_once_with(
"[Service]: %s, [Test]: %s, [Rules]: %s, "
"[Expected]: %s, [Actual]: %s",
@@ -528,12 +510,12 @@
def test_policy(*args):
pass
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
policy_authority = mock_authority.PolicyAuthority.return_value
policy_authority.allowed.assert_called_with(
mock.sentinel.action,
- self.get_all_needed_roles(CONF.patrole.rbac_test_roles))
+ self.test_obj.get_all_needed_roles(CONF.patrole.rbac_test_roles))
mock_log.error.assert_not_called()
@@ -545,7 +527,7 @@
evaluated correctly.
"""
mock_authority.PolicyAuthority.return_value.allowed.return_value = True
- expected_roles = self.get_all_needed_roles(
+ expected_roles = self.test_obj.get_all_needed_roles(
CONF.patrole.rbac_test_roles)
def partial_func(x):
@@ -563,14 +545,14 @@
def test_bar_policy(*args):
pass
- test_foo_policy(self.mock_test_args)
+ test_foo_policy(self.test_obj)
policy_authority = mock_authority.PolicyAuthority.return_value
policy_authority.allowed.assert_called_with(
"foo",
expected_roles)
policy_authority.allowed.reset_mock()
- test_bar_policy(self.mock_test_args)
+ test_bar_policy(self.test_obj)
policy_authority = mock_authority.PolicyAuthority.return_value
policy_authority.allowed.assert_called_with(
"qux",
@@ -603,7 +585,7 @@
pass
self.assertRaises(rbac_exceptions.RbacInvalidServiceException,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
class RBACMultiRoleRuleValidationNegativeTest(
@@ -627,7 +609,8 @@
m_authority.allowed.assert_has_calls([
mock.call(
rule,
- self.get_all_needed_roles(CONF.patrole.rbac_test_roles)
+ self.test_obj.get_all_needed_roles(
+ CONF.patrole.rbac_test_roles)
) for rule in rules
])
m_authority.allowed.reset_mock()
@@ -648,7 +631,7 @@
def test_policy(*args):
pass
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
self._assert_policy_authority_called_with(rules, mock_authority)
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@@ -677,7 +660,7 @@
error_re = ".*OverPermission: .* \[%s\]$" % fail_on_action
self.assertRaisesRegex(
rbac_exceptions.RbacOverPermissionException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
mock_log.debug.assert_any_call(
"%s: Expecting %d to be raised for policy name: %s",
'test_policy', 403, fail_on_action)
@@ -710,7 +693,7 @@
def _do_test(allowed_list, fail_on_action):
mock_authority.PolicyAuthority.return_value.allowed.\
side_effect = allowed_list
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.debug.assert_called_with(
"%s: Expecting %d to be raised for policy name: %s",
'test_policy', 403, fail_on_action)
@@ -747,7 +730,7 @@
(rules, rules)).replace('[', '\[').replace(']', '\]')
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], error_re)
self._assert_policy_authority_called_with(rules, mock_authority)
@@ -773,7 +756,7 @@
def _do_test(allowed_list, fail_on_action):
mock_authority.PolicyAuthority.return_value.allowed.\
side_effect = allowed_list
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.debug.assert_called_with(
"%s: Expecting %d to be raised for policy name: %s",
'test_policy', 403, fail_on_action)
@@ -806,7 +789,7 @@
def _do_test(allowed_list, fail_on_action):
mock_authority.PolicyAuthority.return_value.allowed.\
side_effect = allowed_list
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
mock_log.debug.assert_called_with(
"%s: Expecting %d to be raised for policy name: %s",
'test_policy', 404, fail_on_action)
@@ -833,7 +816,7 @@
def test_policy(*args):
raise exceptions.Forbidden()
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
self._assert_policy_authority_called_with(rules, mock_authority)
# Assert that 403 is expected.
mock_calls = [x[1] for x in mock_log.debug.mock_calls]
@@ -847,7 +830,7 @@
def test_policy(*args):
raise exceptions.Forbidden()
- test_policy(self.mock_test_args)
+ test_policy(self.test_obj)
self._assert_policy_authority_called_with(rules, mock_authority)
# Assert that 403 is expected.
mock_calls = [x[1] for x in mock_log.debug.mock_calls]
@@ -932,7 +915,7 @@
(rules, rules)).replace('[', '\[').replace(']', '\]')
self.assertRaisesRegex(
rbac_exceptions.RbacUnderPermissionException, error_re,
- test_policy, self.mock_test_args)
+ test_policy, self.test_obj)
self.assertRegex(mock_log.error.mock_calls[0][1][0], error_re)
self._assert_policy_authority_called_with(rules, mock_authority)
@@ -951,21 +934,7 @@
def setUp(self):
super(RBACOverrideRoleValidationTest, self).setUp()
- # Mixin automatically initializes __override_role_called to False.
- class FakeRbacTest(rbac_utils.RbacUtilsMixin, test.BaseTestCase):
- def runTest(self):
- pass
-
- # Stub out problematic function calls.
- FakeRbacTest.os_primary = mock.Mock(spec=manager.Manager)
- FakeRbacTest.rbac_utils = self.useFixture(
- patrole_fixtures.RbacUtilsFixture())
- mock_creds = mock.Mock(user_id=mock.sentinel.user_id,
- project_id=mock.sentinel.project_id)
- setattr(FakeRbacTest.os_primary, 'credentials', mock_creds)
- setattr(FakeRbacTest.os_primary, 'auth_provider', mock.Mock())
-
- self.parent_class = FakeRbacTest
+ self.parent_class = self.test_obj.__class__
@mock.patch.object(rbac_rv, 'policy_authority', autospec=True)
def test_rule_validation_override_role_called_inside_ctx(self,
@@ -981,7 +950,7 @@
@rbac_rv.action(mock.sentinel.service, rules=["fake:rule"],
expected_error_codes=[404])
def test_called(self_):
- with self_.rbac_utils.real_override_role(self_):
+ with self_.override_role():
raise exceptions.NotFound()
child_test = ChildRbacTest()
@@ -991,8 +960,8 @@
def test_rule_validation_override_role_patrole_exception_ignored(
self, mock_authority):
"""Test success case where Patrole exception is raised (which is
- valid in case of e.g. RbacPartialResponseBody) after override_role
- passes.
+ valid in case of e.g. BasePatroleResponseBodyException) after
+ override_role passes.
"""
mock_authority.PolicyAuthority.return_value.allowed.return_value =\
True
@@ -1002,14 +971,14 @@
@rbac_rv.action(mock.sentinel.service, rules=["fake:rule"],
expected_error_codes=[404])
def test_called(self_):
- with self_.rbac_utils.real_override_role(self_):
+ with self_.override_role():
pass
- # Instances of BasePatroleException don't count as they are
- # part of the validation work flow.
- raise rbac_exceptions.BasePatroleException()
+ # Instances of BasePatroleResponseBodyException don't count as
+ # they are part of the validation work flow.
+ raise rbac_exceptions.BasePatroleResponseBodyException()
child_test = ChildRbacTest()
- self.assertRaises(rbac_exceptions.BasePatroleException,
+ self.assertRaises(rbac_exceptions.RbacUnderPermissionException,
child_test.test_called)
@mock.patch.object(rbac_rv, 'policy_authority', autospec=True)
@@ -1057,7 +1026,7 @@
@rbac_rv.action(mock.sentinel.service, rules=["fake:rule"],
expected_error_codes=[404])
def test_called_after(self_):
- with self_.rbac_utils.real_override_role(self_):
+ with self_.override_role():
pass
# Simulates a test tearDown failure or some such.
raise exception_type()
@@ -1098,7 +1067,7 @@
@rbac_rv.action(mock.sentinel.service, rules=["fake:rule1"],
expected_error_codes=[404])
def test_called(self_):
- with self_.rbac_utils.real_override_role(self_):
+ with self_.override_role():
raise exceptions.NotFound()
@rbac_rv.action(mock.sentinel.service, rules=["fake:rule2"],
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index 8acc678..e84a56d 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -17,7 +17,6 @@
import testtools
from tempest.lib import exceptions as lib_exc
-from tempest import test
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_utils
@@ -25,118 +24,132 @@
from patrole_tempest_plugin.tests.unit import fixtures as patrole_fixtures
-class RBACUtilsTest(base.TestCase):
+class RBACUtilsMixinTest(base.TestCase):
def setUp(self):
- super(RBACUtilsTest, self).setUp()
- # Reset the role history after each test run to avoid validation
- # errors between tests.
- rbac_utils.RbacUtils.override_role_history = {}
- self.rbac_utils = self.useFixture(patrole_fixtures.RbacUtilsFixture())
+ super(RBACUtilsMixinTest, self).setUp()
+ self.rbac_utils_fixture = self.useFixture(
+ patrole_fixtures.RbacUtilsMixinFixture())
+ self.test_obj = self.rbac_utils_fixture.test_obj
- def test_override_role_with_missing_admin_role(self):
- self.rbac_utils.set_roles('member')
+ def test_init_roles_with_missing_admin_role(self):
+ self.rbac_utils_fixture.set_roles('member')
error_re = (".*Following roles were not found: admin. Available "
"roles: member.")
self.assertRaisesRegex(rbac_exceptions.RbacResourceSetupFailed,
- error_re, self.rbac_utils.override_role)
+ error_re, self.test_obj._init_roles)
- def test_override_role_with_missing_rbac_role(self):
- self.rbac_utils.set_roles('admin')
+ def test_init_roles_with_missing_rbac_role(self):
+ self.rbac_utils_fixture.set_roles('admin')
error_re = (".*Following roles were not found: member. Available "
"roles: admin.")
self.assertRaisesRegex(rbac_exceptions.RbacResourceSetupFailed,
- error_re, self.rbac_utils.override_role)
+ error_re, self.test_obj._init_roles)
- def test_override_role_to_admin_role(self):
- self.rbac_utils.override_role()
-
- mock_test_obj = self.rbac_utils.mock_test_obj
- roles_client = self.rbac_utils.admin_roles_client
- mock_time = self.rbac_utils.mock_time
+ def test_override_role_to_admin_role_at_creating(self):
+ rbac_utils_fixture = self.useFixture(
+ patrole_fixtures.RbacUtilsMixinFixture(do_reset_mocks=False))
+ test_obj = rbac_utils_fixture.test_obj
+ roles_client = rbac_utils_fixture.admin_roles_client
+ mock_time = rbac_utils_fixture.mock_time
roles_client.create_user_role_on_project.assert_called_once_with(
- self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID, 'admin_id')
- mock_test_obj.get_auth_providers()[0].clear_auth\
+ rbac_utils_fixture.PROJECT_ID,
+ rbac_utils_fixture.USER_ID,
+ 'admin_id')
+ test_obj.get_auth_providers()[0].clear_auth.assert_called_once_with()
+ test_obj.get_auth_providers()[0].set_auth.assert_called_once_with()
+ mock_time.sleep.assert_called_once_with(1)
+
+ def test_override_role_to_admin_role(self):
+ self.test_obj._override_role()
+
+ roles_client = self.rbac_utils_fixture.admin_roles_client
+ mock_time = self.rbac_utils_fixture.mock_time
+
+ roles_client.create_user_role_on_project.assert_called_once_with(
+ self.rbac_utils_fixture.PROJECT_ID,
+ self.rbac_utils_fixture.USER_ID,
+ 'admin_id')
+ self.test_obj.get_auth_providers()[0].clear_auth\
.assert_called_once_with()
- mock_test_obj.get_auth_providers()[0].set_auth\
+ self.test_obj.get_auth_providers()[0].set_auth\
.assert_called_once_with()
mock_time.sleep.assert_called_once_with(1)
def test_override_role_to_admin_role_avoids_role_switch(self):
- self.rbac_utils.set_roles(['admin', 'member'], 'admin')
- self.rbac_utils.override_role()
+ self.rbac_utils_fixture.set_roles(['admin', 'member'], 'admin')
+ self.test_obj._override_role()
- roles_client = self.rbac_utils.admin_roles_client
- mock_time = self.rbac_utils.mock_time
+ roles_client = self.rbac_utils_fixture.admin_roles_client
+ mock_time = self.rbac_utils_fixture.mock_time
roles_client.create_user_role_on_project.assert_not_called()
mock_time.sleep.assert_not_called()
def test_override_role_to_member_role(self):
- self.rbac_utils.override_role(True)
+ self.test_obj._override_role(True)
- mock_test_obj = self.rbac_utils.mock_test_obj
- roles_client = self.rbac_utils.admin_roles_client
- mock_time = self.rbac_utils.mock_time
+ roles_client = self.rbac_utils_fixture.admin_roles_client
+ mock_time = self.rbac_utils_fixture.mock_time
roles_client.create_user_role_on_project.assert_has_calls([
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
- 'admin_id'),
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
+ mock.call(self.rbac_utils_fixture.PROJECT_ID,
+ self.rbac_utils_fixture.USER_ID,
'member_id')
])
- mock_test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
- [mock.call()] * 2)
- mock_test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
- [mock.call()] * 2)
- mock_time.sleep.assert_has_calls([mock.call(1)] * 2)
+ self.test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
+ [mock.call()])
+ self.test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
+ [mock.call()])
+ mock_time.sleep.assert_has_calls([mock.call(1)])
def test_override_role_to_member_role_avoids_role_switch(self):
- self.rbac_utils.set_roles(['admin', 'member'], 'member')
- self.rbac_utils.override_role(True)
+ self.rbac_utils_fixture.set_roles(['admin', 'member'], 'member')
+ self.test_obj._override_role(True)
- roles_client = self.rbac_utils.admin_roles_client
- mock_time = self.rbac_utils.mock_time
+ roles_client = self.rbac_utils_fixture.admin_roles_client
+ mock_time = self.rbac_utils_fixture.mock_time
- roles_client.create_user_role_on_project.assert_has_calls([
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
- 'admin_id')
- ])
- mock_time.sleep.assert_called_once_with(1)
+ self.assertEqual(0,
+ roles_client.create_user_role_on_project.call_count)
+ self.assertEqual(0,
+ mock_time.sleep.call_count)
def test_override_role_to_member_role_then_admin_role(self):
- self.rbac_utils.override_role(True, False)
+ self.test_obj._override_role(True)
+ self.test_obj._override_role(False)
- mock_test_obj = self.rbac_utils.mock_test_obj
- roles_client = self.rbac_utils.admin_roles_client
- mock_time = self.rbac_utils.mock_time
+ roles_client = self.rbac_utils_fixture.admin_roles_client
+ mock_time = self.rbac_utils_fixture.mock_time
roles_client.create_user_role_on_project.assert_has_calls([
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
- 'admin_id'),
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
+ mock.call(self.rbac_utils_fixture.PROJECT_ID,
+ self.rbac_utils_fixture.USER_ID,
'member_id'),
- mock.call(self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID,
+ mock.call(self.rbac_utils_fixture.PROJECT_ID,
+ self.rbac_utils_fixture.USER_ID,
'admin_id')
])
- mock_test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
- [mock.call()] * 3)
- mock_test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
- [mock.call()] * 3)
- mock_time.sleep.assert_has_calls([mock.call(1)] * 3)
+ self.test_obj.get_auth_providers()[0].clear_auth.assert_has_calls(
+ [mock.call()] * 2)
+ self.test_obj.get_auth_providers()[0].set_auth.assert_has_calls(
+ [mock.call()] * 2)
+ mock_time.sleep.assert_has_calls([mock.call(1)] * 2)
def test_clear_user_roles(self):
# NOTE(felipemonteiro): Set the user's roles on the project to
# include 'random' to coerce a role switch, or else it will be
# skipped.
- self.rbac_utils.set_roles(['admin', 'member'], ['member', 'random'])
- self.rbac_utils.override_role()
+ self.rbac_utils_fixture.set_roles(['admin', 'member'],
+ ['member', 'random'])
+ self.test_obj._override_role()
- roles_client = self.rbac_utils.admin_roles_client
+ roles_client = self.rbac_utils_fixture.admin_roles_client
roles_client.list_user_roles_on_project.assert_called_once_with(
- self.rbac_utils.PROJECT_ID, self.rbac_utils.USER_ID)
+ self.rbac_utils_fixture.PROJECT_ID,
+ self.rbac_utils_fixture.USER_ID)
roles_client.delete_role_from_user_on_project.\
assert_has_calls([
mock.call(mock.sentinel.project_id, mock.sentinel.user_id,
@@ -144,52 +157,32 @@
mock.call(mock.sentinel.project_id, mock.sentinel.user_id,
'random_id')])
- @mock.patch.object(rbac_utils.RbacUtils, '_override_role', autospec=True)
- def test_override_role_context_manager_simulate_pass(self,
- mock_override_role):
+ def test_override_role_context_manager_simulate_pass(self):
"""Validate that expected override_role calls are made when switching
to admin role for success path.
"""
- test_obj = mock.MagicMock()
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
- # Validate constructor called _override_role with False.
- mock_override_role.assert_called_once_with(_rbac_utils, test_obj,
- False)
- mock_override_role.reset_mock()
-
- with _rbac_utils.override_role(test_obj):
+ mock_override_role = self.patchobject(self.test_obj, '_override_role')
+ with self.test_obj.override_role():
# Validate `override_role` public method called private method
# `_override_role` with True.
- mock_override_role.assert_called_once_with(_rbac_utils, test_obj,
- True)
+ mock_override_role.assert_called_once_with(True)
mock_override_role.reset_mock()
# Validate that `override_role` switched back to admin role after
# contextmanager.
- mock_override_role.assert_called_once_with(_rbac_utils, test_obj,
- False)
+ mock_override_role.assert_called_once_with(False)
- @mock.patch.object(rbac_utils.RbacUtils, '_override_role',
- autospec=True)
- def test_override_role_context_manager_simulate_fail(self,
- mock_override_role):
+ def test_override_role_context_manager_simulate_fail(self):
"""Validate that expected override_role calls are made when switching
to admin role for failure path (i.e. when test raises exception).
"""
- test_obj = mock.MagicMock()
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
-
- # Validate constructor called _override_role with False.
- mock_override_role.assert_called_once_with(_rbac_utils, test_obj,
- False)
- mock_override_role.reset_mock()
+ mock_override_role = self.patchobject(self.test_obj, '_override_role')
def _do_test():
- with _rbac_utils.override_role(test_obj):
+ with self.test_obj.override_role():
# Validate `override_role` public method called private method
# `_override_role` with True.
- mock_override_role.assert_called_once_with(
- _rbac_utils, test_obj, True)
+ mock_override_role.assert_called_once_with(True)
mock_override_role.reset_mock()
# Raise exc to verify role switch works for negative case.
raise lib_exc.Forbidden()
@@ -197,61 +190,51 @@
# Validate that role is switched back to admin, despite test failure.
with testtools.ExpectedException(lib_exc.Forbidden):
_do_test()
- mock_override_role.assert_called_once_with(_rbac_utils, test_obj,
- False)
+ mock_override_role.assert_called_once_with(False)
def test_override_role_and_validate_list(self):
- self.patchobject(rbac_utils.RbacUtils, '_override_role')
- test_obj = mock.MagicMock()
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
- m_override_role = self.patchobject(_rbac_utils, 'override_role')
+ m_override_role = self.patchobject(self.test_obj, 'override_role')
- with (_rbac_utils.override_role_and_validate_list(
- test_obj, 'foo')) as ctx:
+ with (self.test_obj.override_role_and_validate_list(
+ admin_resource_id='foo')) as ctx:
self.assertIsInstance(ctx, rbac_utils._ValidateListContext)
m_validate = self.patchobject(ctx, '_validate')
- m_override_role.assert_called_once_with(test_obj)
+ m_override_role.assert_called_once_with()
m_validate.assert_called_once()
def test_prepare_role_inferences_mapping(self):
- self.patchobject(rbac_utils.RbacUtils, '_override_role')
- test_obj = mock.MagicMock()
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
- _rbac_utils.admin_roles_client.list_all_role_inference_rules.\
+ self.test_obj.admin_roles_client.list_all_role_inference_rules.\
return_value = {
"role_inferences": [
{
- "implies": [{"id": "3", "name": "reader"}],
- "prior_role": {"id": "2", "name": "member"}
+ "implies": [{"id": "reader_id", "name": "reader"}],
+ "prior_role": {"id": "member_id", "name": "member"}
},
{
- "implies": [{"id": "2", "name": "member"}],
- "prior_role": {"id": "1", "name": "admin"}
+ "implies": [{"id": "member_id", "name": "member"}],
+ "prior_role": {"id": "admin_id", "name": "admin"}
}
]
}
expected_role_inferences_mapping = {
- "2": {"3"}, # "member": ["reader"],
- "1": {"2", "3"} # "admin": ["member", "reader"]
+ "member_id": {"reader_id"},
+ "admin_id": {"member_id", "reader_id"}
}
- actual_role_inferences_mapping = _rbac_utils.\
+ actual_role_inferences_mapping = self.test_obj.\
_prepare_role_inferences_mapping()
self.assertEqual(expected_role_inferences_mapping,
actual_role_inferences_mapping)
def test_get_all_needed_roles(self):
- self.patchobject(rbac_utils.RbacUtils, '_override_role')
- test_obj = mock.MagicMock()
- _rbac_utils = rbac_utils.RbacUtils(test_obj)
- _rbac_utils._role_inferences_mapping = {
- "2": {"3"}, # "member": ["reader"],
- "1": {"2", "3"} # "admin": ["member", "reader"]
+ self.test_obj.__class__._role_inferences_mapping = {
+ "member_id": {"reader_id"},
+ "admin_id": {"member_id", "reader_id"}
}
- _rbac_utils._role_map = {
- "1": "admin", "admin": "1",
- "2": "member", "member": "2",
- "3": "reader", "reader": "3"
+ self.test_obj.__class__._role_map = {
+ "admin_id": "admin", "admin": "admin_id",
+ "member_id": "member", "member": "member_id",
+ "reader_id": "reader", "reader": "reader_id"
}
for roles, expected_roles in (
(['admin'], ['admin', 'member', 'reader']),
@@ -262,44 +245,10 @@
(['admin', 'member'], ['admin', 'member', 'reader']),
):
expected_roles = sorted(expected_roles)
- actual_roles = sorted(_rbac_utils.get_all_needed_roles(roles))
+ actual_roles = sorted(self.test_obj.get_all_needed_roles(roles))
self.assertEqual(expected_roles, actual_roles)
-class RBACUtilsMixinTest(base.TestCase):
-
- def setUp(self):
- super(RBACUtilsMixinTest, self).setUp()
-
- class FakeRbacTest(rbac_utils.RbacUtilsMixin, test.BaseTestCase):
-
- @classmethod
- def setup_clients(cls):
- super(FakeRbacTest, cls).setup_clients()
- cls.setup_rbac_utils()
-
- def runTest(self):
- pass
-
- self.parent_class = FakeRbacTest
-
- def test_setup_rbac_utils(self):
- """Validate that the child class has the `rbac_utils` attribute after
- running parent class's `cls.setup_rbac_utils`.
- """
- class ChildRbacTest(self.parent_class):
- pass
-
- child_test = ChildRbacTest()
-
- with mock.patch.object(rbac_utils.RbacUtils, '__init__',
- lambda *args: None):
- child_test.setUpClass()
-
- self.assertTrue(hasattr(child_test, 'rbac_utils'))
- self.assertIsInstance(child_test.rbac_utils, rbac_utils.RbacUtils)
-
-
class ValidateListContextTest(base.TestCase):
@staticmethod
def _get_context(admin_resources=None, admin_resource_id=None):
diff --git a/releasenotes/notes/rbac-utils-refactoring-2f4f1e3b52fcae14.yaml b/releasenotes/notes/rbac-utils-refactoring-2f4f1e3b52fcae14.yaml
new file mode 100644
index 0000000..f6944cf
--- /dev/null
+++ b/releasenotes/notes/rbac-utils-refactoring-2f4f1e3b52fcae14.yaml
@@ -0,0 +1,49 @@
+---
+features:
+ - |
+ Merged ``RbacUtils`` and ``RbacUtilsMixin`` classes. Now there is only
+ ``RbacUtilsMixin`` class. The new class still provides all functionality of
+ the original ``RbacUtils`` class. New implementation simplifies the usage
+ of the rbac utils:
+
+ * there is no need in calling ``cls.setup_rbac_utils()`` function, because
+ it happens automatically at the ``setup_clients`` step.
+
+ * there is no ``rbac_utils`` variable, so if you need to call a
+ ``override_role`` function, just do it using ``self``:
+
+ .. code-block:: python
+
+ with self.override_role():
+ ...
+
+ * there is no need in ``test_obj`` variable for ``override_role`` function,
+ because it can use ``self``.
+
+upgrade:
+ - Remove usage of ``cls.setup_rbac_utils()`` function.
+ - |
+ Remove usage of ``self.rbac_utils`` variable:
+
+ .. code-block:: python
+
+ with self.rbac_utils.override_role(self):
+
+ convert to
+
+ .. code-block:: python
+
+ with self.override_role():
+
+ - |
+ Remove ``test_obj`` in usage of ``override_role`` context manager:
+
+ .. code-block:: python
+
+ with self.override_role(self):
+
+ convert to
+
+ .. code-block:: python
+
+ with self.override_role():