Merge "Tests for compute security groups."

commit: 41ef3444b29f990cce48b1d489da99404bc53d99 [log] [tgz]
author: Jenkins <jenkins@review.openstack.org> Fri Feb 10 17:20:55 2017 +0000
committer: Gerrit Code Review <review@openstack.org> Fri Feb 10 17:20:55 2017 +0000
tree: 64ad9e711eb05241eb8080210f42b8fa314a68f7
parent: b4ff97ccb5eb1a28e833ad7d61fae9f817168579 [diff]
parent: bbf93690fd004c8f78b1564d4c282204681e1ece [diff]
diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_actions.py b/patrole_tempest_plugin/tests/api/compute/test_instance_actions.py
new file mode 100644
index 0000000..5bcb18e
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_actions.py

@@ -0,0 +1,63 @@
+#    Copyright 2017 AT&T Corporation.
+#    All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest import config
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.rbac_utils import rbac_utils
+from patrole_tempest_plugin.tests.api.compute import rbac_base
+
+CONF = config.CONF
+
+
+class InstanceActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+
+    @classmethod
+    def setup_clients(cls):
+        super(InstanceActionsRbacTest, cls).setup_clients()
+        cls.client = cls.servers_client
+
+    @classmethod
+    def skip_checks(cls):
+        super(InstanceActionsRbacTest, cls).skip_checks()
+        if not CONF.compute_feature_enabled.api_extensions:
+            raise cls.skipException(
+                '%s skipped as no compute extensions enabled' % cls.__name__)
+
+    @classmethod
+    def resource_setup(cls):
+        super(InstanceActionsRbacTest, cls).resource_setup()
+        cls.server = cls.create_test_server(wait_until='ACTIVE')
+        cls.request_id = cls.server.response['x-compute-request-id']
+
+    def tearDown(self):
+        rbac_utils.switch_role(self, switchToRbacRole=False)
+        super(InstanceActionsRbacTest, self).tearDown()
+
+    @decorators.idempotent_id('9d1b131d-407e-4fa3-8eef-eb2c4526f1da')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-instance-actions")
+    def test_list_instance_actions(self):
+        self.client.list_instance_actions(self.server['id'])
+
+    @decorators.idempotent_id('eb04c439-4215-4029-9ccb-5b3c041bfc25')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-instance-actions:events")
+    def test_get_instance_action(self):
+        self.client.show_instance_action(
+            self.server['id'], self.request_id)['instanceAction']

diff --git a/patrole_tempest_plugin/tests/api/compute/test_absolute_limits_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
similarity index 73%
rename from patrole_tempest_plugin/tests/api/compute/test_absolute_limits_rbac.py
rename to patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
index 8e1f6ee..ae52fe5 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_absolute_limits_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py

@@ -21,28 +21,27 @@
 CONF = config.CONF
 
 
-class AbsoluteLimitsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+class LimitsRbacTest(rbac_base.BaseV2ComputeRbacTest):
 
     def tearDown(self):
         rbac_utils.switch_role(self, switchToRbacRole=False)
-        super(AbsoluteLimitsRbacTest, self).tearDown()
+        super(LimitsRbacTest, self).tearDown()
 
     @classmethod
     def setup_clients(cls):
-        super(AbsoluteLimitsRbacTest, cls).setup_clients()
-        cls.identity_client = cls.os_adm.identity_client
-        cls.tenants_client = cls.os_adm.tenants_client
+        super(LimitsRbacTest, cls).setup_clients()
+        cls.client = cls.limits_client
 
     @classmethod
     def skip_checks(cls):
-        super(AbsoluteLimitsRbacTest, cls).skip_checks()
+        super(LimitsRbacTest, cls).skip_checks()
         if not CONF.compute_feature_enabled.api_extensions:
             raise cls.skipException(
                 '%s skipped as no compute extensions enabled' % cls.__name__)
 
     @rbac_rule_validation.action(service="nova",
-                                 rule="os_compute_api:os-used-limits")
+                                 rule="os_compute_api:limits")
     @decorators.idempotent_id('3fb60f83-9a5f-4fdd-89d9-26c3710844a1')
-    def test_used_limits_for_admin_rbac(self):
+    def test_show_limits(self):
         rbac_utils.switch_role(self, switchToRbacRole=True)
-        self.limits_client.show_limits()
+        self.client.show_limits()

diff --git a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
index 3d53df4..c2b883a 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py

@@ -15,6 +15,8 @@
 
 from tempest.api.identity import base
 from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
 
 CONF = config.CONF
 
@@ -34,8 +36,22 @@
                 "%s skipped because tempest roles is not admin" % cls.__name__)
 
     @classmethod
-    def resource_setup(cls):
-        super(BaseIdentityV3RbacAdminTest, cls).resource_setup()
+    def setup_clients(cls):
+        super(BaseIdentityV3RbacAdminTest, cls).setup_clients()
         cls.auth_provider = cls.os.auth_provider
         cls.admin_client = cls.os_adm.identity_v3_client
         cls.creds_client = cls.os.credentials_client
+        cls.services_client = cls.os.identity_services_v3_client
+
+    def _create_service(self):
+        """Creates a service for test."""
+        name = data_utils.rand_name('service')
+        serv_type = data_utils.rand_name('type')
+        desc = data_utils.rand_name('description')
+        service = self.services_client \
+                      .create_service(name=name,
+                                      type=serv_type,
+                                      description=desc)['service']
+        self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+                        self.services_client.delete_service, service['id'])
+        return service

diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
new file mode 100644
index 0000000..9af2ccf
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py

@@ -0,0 +1,99 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.common.utils import data_utils
+from tempest import config
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.rbac_utils import rbac_utils
+from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+
+CONF = config.CONF
+
+
+class IdentityProjectV3AdminRbacTest(
+        rbac_base.BaseIdentityV3RbacAdminTest):
+
+    def tearDown(self):
+        """Reverts user back to admin for cleanup."""
+        rbac_utils.switch_role(self, switchToRbacRole=False)
+        super(IdentityProjectV3AdminRbacTest, self).tearDown()
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:create_project")
+    @decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d904')
+    def test_create_project(self):
+        """Create a Project.
+
+        RBAC test for Keystone: identity:create_project
+        """
+        name = data_utils.rand_name('project')
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        project = self.non_admin_projects_client \
+                      .create_project(name)['project']
+        self.addCleanup(self.projects_client.delete_project, project['id'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:update_project")
+    @decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d905')
+    def test_update_project(self):
+        """Update a Project.
+
+        RBAC test for Keystone: identity:update_project
+        """
+        project = self.setup_test_project()
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.non_admin_projects_client \
+            .update_project(project['id'],
+                            description="Changed description")
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:delete_project")
+    @decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d906')
+    def test_delete_project(self):
+        """Delete a Project.
+
+        RBAC test for Keystone: identity:delete_project
+        """
+        project = self.setup_test_project()
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.non_admin_projects_client.delete_project(project['id'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:get_project")
+    @decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d907')
+    def test_show_project(self):
+        """Show a project.
+
+        RBAC test for Keystone: identity:get_project
+        """
+        project = self.setup_test_project()
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.non_admin_projects_client.show_project(project['id'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:list_projects")
+    @decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d908')
+    def test_list_projects(self):
+        """List all projects.
+
+        RBAC test for Keystone: identity:list_projects
+        """
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.non_admin_projects_client.list_projects()

diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
new file mode 100644
index 0000000..f5a0a3e
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py

@@ -0,0 +1,97 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.common.utils import data_utils
+from tempest import config
+from tempest import test
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.rbac_utils import rbac_utils
+from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+
+CONF = config.CONF
+
+
+class IdentitySericesV3AdminRbacTest(rbac_base.BaseIdentityV3RbacAdminTest):
+
+    def tearDown(self):
+        """Reverts user back to admin for cleanup."""
+        rbac_utils.switch_role(self, switchToRbacRole=False)
+        super(IdentitySericesV3AdminRbacTest, self).tearDown()
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:create_service")
+    @test.idempotent_id('9a4bb317-f0bb-4005-8df0-4b672885b7c8')
+    def test_create_service(self):
+        """Create a service.
+
+        RBAC test for Keystone: identity:create_service
+        """
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self._create_service()
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:update_service")
+    @test.idempotent_id('b39447d1-2cf6-40e5-a899-46f287f2ecf0')
+    def test_update_service(self):
+        """Update a service.
+
+        RBAC test for Keystone: identity:update_service
+        """
+        service = self._create_service()
+        new_name = data_utils.rand_name('new_test_name')
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.services_client.update_service(service['id'],
+                                            service=service,
+                                            name=new_name,
+                                            type=service['type'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:delete_service")
+    @test.idempotent_id('177b991a-438d-4bef-8e9f-9c6cc5a1c9e8')
+    def test_delete_service(self):
+        """Delete a service.
+
+        RBAC test for Keystone: identity:delete_service
+        """
+        service = self._create_service()
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.services_client.delete_service(service['id'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:get_service")
+    @test.idempotent_id('d89a9ac6-cd53-428d-84c0-5bc71f4a432d')
+    def test_show_service(self):
+        """Show/Get a service.
+
+        RBAC test for Keystone: identity:get_service
+        """
+        service = self._create_service()
+
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.services_client.show_service(service['id'])
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:list_services")
+    @test.idempotent_id('706e6bea-3385-4718-919c-0b5121395806')
+    def test_list_services(self):
+        """list all services.
+
+        RBAC test for Keystone: identity:list_services
+        """
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.services_client.list_services()

diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py
index f88d44f..485844f 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_transfers_rbac.py

@@ -54,22 +54,24 @@
         waiters.wait_for_volume_status(self.client, self.volume['id'],
                                        'available')
 
+    def _create_transfer(self):
+        transfer = self.client.create_volume_transfer(
+            volume_id=self.volume['id'])['transfer']
+        self.addCleanup(self._delete_transfer, transfer)
+        return transfer
+
     @rbac_rule_validation.action(service="cinder",
                                  rule="volume:create_transfer")
     @decorators.idempotent_id('25413af4-468d-48ff-94ca-4436f8526b3e')
     def test_create_volume_transfer(self):
         rbac_utils.switch_role(self, switchToRbacRole=True)
-        transfer = self.client.create_volume_transfer(
-            volume_id=self.volume['id'])['transfer']
-        self.addCleanup(self._delete_transfer, transfer)
+        self._create_transfer()
 
     @rbac_rule_validation.action(service="cinder",
-                                 rule="volume:get_all_transfers")
+                                 rule="volume:get_transfer")
     @decorators.idempotent_id('7a0925d3-ed97-4c25-8299-e5cdabe2eb55')
     def test_get_volume_transfer(self):
-        transfer = self.client.create_volume_transfer(
-            volume_id=self.volume['id'])['transfer']
-        self.addCleanup(self._delete_transfer, transfer)
+        transfer = self._create_transfer()
         rbac_utils.switch_role(self, switchToRbacRole=True)
         self.client.show_volume_transfer(transfer['id'])
 
@@ -84,13 +86,19 @@
                                  rule="volume:accept_transfer")
     @decorators.idempotent_id('987f2a11-d657-4984-a6c9-28f06c1cd014')
     def test_accept_volume_transfer(self):
-        transfer = self.client.create_volume_transfer(
-            volume_id=self.volume['id'])['transfer']
-        self.addCleanup(self._delete_transfer, transfer)
+        transfer = self._create_transfer()
         rbac_utils.switch_role(self, switchToRbacRole=True)
         self.client.accept_volume_transfer(transfer['id'],
                                            auth_key=transfer['auth_key'])
 
+    @rbac_rule_validation.action(service="cinder",
+                                 rule="volume:delete_transfer")
+    @decorators.idempotent_id('4672187e-7fff-454b-832a-5c8865dda868')
+    def test_delete_volume_transfer(self):
+        transfer = self._create_transfer()
+        rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.delete_volume_transfer(transfer['id'])
+
 
 class VolumesTransfersV3RbacTest(VolumesTransfersRbacTest):
     _api_version = 3
commit	41ef3444b29f990cce48b1d489da99404bc53d99	[log] [tgz]
author	Jenkins <jenkins@review.openstack.org>	Fri Feb 10 17:20:55 2017 +0000
committer	Gerrit Code Review <review@openstack.org>	Fri Feb 10 17:20:55 2017 +0000
tree	64ad9e711eb05241eb8080210f42b8fa314a68f7
parent	b4ff97ccb5eb1a28e833ad7d61fae9f817168579 [diff]
parent	bbf93690fd004c8f78b1564d4c282204681e1ece [diff]