Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 2b441901c347f912c3593d2482de902191c2e1f7^1..2b441901c347f912c3593d2482de902191c2e1f7 / .
commit2b441901c347f912c3593d2482de902191c2e1f7[log] [tgz]
authorJenkins <jenkins@review.openstack.org>Wed Aug 30 20:44:17 2017 +0000
committerGerrit Code Review <review@openstack.org>Wed Aug 30 20:44:17 2017 +0000
tree16eb4ddb8bbdeb07b6a9e524cb4ca5e8785a760b
parent7f8993fe3c5edb9157d696f1e0b5b97f37f31032 [diff]
parent146735df7ae0b8483b820c60f13b871d93ffe16c [diff]
Merge "Test coverage for compute flavor_manage policies"
diff --git a/patrole_tempest_plugin/tests/api/compute/rbac_base.py b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
index 3807ae9..bab193e 100644
--- a/patrole_tempest_plugin/tests/api/compute/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/compute/rbac_base.py

@@ -53,9 +53,12 @@
         for flavor in cls.flavors:
             test_utils.call_and_ignore_notfound_exc(
                 cls.flavors_client.delete_flavor, flavor['id'])
+        for flavor in cls.flavors:
+            test_utils.call_and_ignore_notfound_exc(
+                cls.flavors_client.wait_for_resource_deletion, flavor['id'])
 
     @classmethod
-    def _create_flavor(cls, **kwargs):
+    def create_flavor(cls, **kwargs):
         flavor_kwargs = {
             "name": data_utils.rand_name(cls.__name__ + '-flavor'),
             "ram": data_utils.rand_int_id(1, 10),

diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
index b196d93..26c9957 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py

@@ -38,7 +38,7 @@
     @classmethod
     def resource_setup(cls):
         super(FlavorAccessRbacTest, cls).resource_setup()
-        cls.flavor_id = cls._create_flavor(is_public=False)['id']
+        cls.flavor_id = cls.create_flavor(is_public=False)['id']
         cls.public_flavor_id = CONF.compute.flavor_ref
         cls.tenant_id = cls.os_primary.credentials.tenant_id
 

diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
index e59fd78..031d8ad 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py

@@ -34,7 +34,7 @@
     @classmethod
     def resource_setup(cls):
         super(FlavorExtraSpecsRbacTest, cls).resource_setup()
-        cls.flavor = cls._create_flavor()
+        cls.flavor = cls.create_flavor()
 
     @classmethod
     def resource_cleanup(cls):

diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py
new file mode 100644
index 0000000..519a55a
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_manage_rbac.py

@@ -0,0 +1,53 @@
+#    Copyright 2017 AT&T Corporation.
+#    All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.lib import decorators
+from tempest import test
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.compute import rbac_base
+
+
+class FlavorManageRbacTest(rbac_base.BaseV2ComputeRbacTest):
+
+    # Need admin to wait for resource deletion below to avoid test role
+    # having to pass extra policies.
+    credentials = ['primary', 'admin']
+
+    @classmethod
+    def skip_checks(cls):
+        super(FlavorManageRbacTest, cls).skip_checks()
+        if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
+            msg = "OS-FLV-EXT-DATA extension not enabled."
+            raise cls.skipException(msg)
+
+    @decorators.idempotent_id('a4e7faec-7a4b-4809-9856-90d5b747ca35')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-flavor-manage:create")
+    def test_create_flavor_manage(self):
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.create_flavor()
+
+    @decorators.idempotent_id('782e988e-061b-4c40-896f-a77c70c2b057')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-flavor-manage:delete")
+    def test_delete_flavor_manage(self):
+        flavor_id = self.create_flavor()['id']
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.flavors_client.delete_flavor(flavor_id)
+        self.os_admin.flavors_client.wait_for_resource_deletion(flavor_id)

diff --git a/releasenotes/notes/flavor-manage-rbac-tests-eb78439316d67ab2.yaml b/releasenotes/notes/flavor-manage-rbac-tests-eb78439316d67ab2.yaml
new file mode 100644
index 0000000..0fbf24f
--- /dev/null
+++ b/releasenotes/notes/flavor-manage-rbac-tests-eb78439316d67ab2.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Add test coverage for the os-flavor-manage compute API, which includes
+    tests for the following policy actions:
+
+      * "os_compute_api:os-flavor-manage:create"
+      * "os_compute_api:os-flavor-manage:delete"