commit 25ddd6753ee6847b0714f225590e7397df381aee
author Jenkins <jenkins@review.openstack.org> Mon Mar 20 18:09:32 2017 +0000
committer Gerrit Code Review <review@openstack.org> Mon Mar 20 18:09:32 2017 +0000
tree 2bdfe91bb707cd1303c061ed96ef21f373bdbba4
parent 6981e9a44d722743ff959b3a069f7e2b0384bad9
parent 23923f0eba8f79b2a7015dd97b97323c1ab1db02

Merge "Partially revert removal of time.sleep if v3 auth enabled in conf."

patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
index 356a74a..1704644 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
@@ -13,18 +13,17 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_config import cfg
 from oslo_log import log
 
-from tempest import config
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
-from tempest.lib import exceptions
+from tempest import test
 
-from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
 
-CONF = config.CONF
+CONF = cfg.CONF
 LOG = log.getLogger(__name__)
 
 
@@ -38,29 +37,27 @@
     @classmethod
     def skip_checks(cls):
         super(FlavorAccessAdminRbacTest, cls).skip_checks()
-        if not CONF.compute_feature_enabled.api_extensions:
-            raise cls.skipException(
-                '%s skipped as no compute extensions enabled' % cls.__name__)
+        if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
+            msg = "%s skipped as OS-FLV-EXT-DATA extension not enabled."\
+                  % cls.__name__
+            raise cls.skipException(msg)
 
     @classmethod
     def resource_setup(cls):
         super(FlavorAccessAdminRbacTest, cls).resource_setup()
         cls.flavor_id = cls._create_flavor(is_public=False)['id']
+        cls.public_flavor_id = CONF.compute.flavor_ref
         cls.tenant_id = cls.auth_provider.credentials.tenant_id
 
     @decorators.idempotent_id('a2bd3740-765d-4c95-ac98-9e027378c75e')
     @rbac_rule_validation.action(
         service="nova",
         rule="os_compute_api:os-flavor-access")
-    def test_list_flavor_access(self):
+    def test_show_flavor(self):
+        # NOTE(felipemonteiro): show_flavor enforces the specified policy
+        # action, but only works if a public flavor is passed.
         self.rbac_utils.switch_role(self, switchToRbacRole=True)
-        try:
-            self.client.list_flavor_access(self.flavor_id)
-        except exceptions.NotFound as e:
-            LOG.info("NotFound exception caught. Exception is thrown when "
-                     "role doesn't have access to the endpoint."
-                     "This is irregular and should be fixed.")
-            raise rbac_exceptions.RbacActionFailed(e)
+        self.client.show_flavor(self.public_flavor_id)['flavor']
 
     @decorators.idempotent_id('39cb5c8f-9990-436f-9282-fc76a41d9bac')
     @rbac_rule_validation.action(
@@ -69,7 +66,8 @@
     def test_add_flavor_access(self):
         self.rbac_utils.switch_role(self, switchToRbacRole=True)
         self.client.add_flavor_access(
-            flavor_id=self.flavor_id, tenant_id=self.tenant_id)
+            flavor_id=self.flavor_id, tenant_id=self.tenant_id)[
+            'flavor_access']
         self.addCleanup(self.client.remove_flavor_access,
                         flavor_id=self.flavor_id, tenant_id=self.tenant_id)
 

patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py
index 2903342..dcf3c90 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_actions_rbac.py
@@ -16,6 +16,7 @@
 from tempest.lib import decorators
 from tempest import test
 
+from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
 
@@ -54,5 +55,7 @@
         rule="os_compute_api:os-instance-actions:events")
     def test_get_instance_action(self):
         self.rbac_utils.switch_role(self, switchToRbacRole=True)
-        self.client.show_instance_action(
+        instance_action = self.client.show_instance_action(
             self.server['id'], self.request_id)['instanceAction']
+        if 'events' not in instance_action:
+            raise rbac_exceptions.RbacActionFailed

patrole_tempest_plugin/tests/api/network/test_routers_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py b/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
index a227e5c..e66da21 100644
--- a/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_routers_rbac.py
@@ -96,6 +96,7 @@
         create_router:external_gateway_info:external_fixed_ips policy
         """
         name = data_utils.rand_name('snat-router')
+
         # Pick an ip address within the allocation_pools range
         ip_address = random.choice(list(self.admin_ip_range))
         external_fixed_ips = {'subnet_id': self.admin_subnet['id'],
@@ -167,6 +168,10 @@
         self.routers_client.update_router(
             self.admin_router['id'],
             external_gateway_info={'network_id': self.admin_network['id']})
+        self.addCleanup(
+            self.routers_client.update_router,
+            self.admin_router['id'],
+            external_gateway_info=None)
 
     @rbac_rule_validation.action(
         service="neutron",
@@ -183,6 +188,10 @@
             self.admin_router['id'],
             external_gateway_info={'network_id': self.admin_network['id'],
                                    'enable_snat': True})
+        self.addCleanup(
+            self.routers_client.update_router,
+            self.admin_router['id'],
+            external_gateway_info=None)
 
     @rbac_rule_validation.action(
         service="neutron",