Merge "Updated from global requirements"
diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index 17a6c74..a28ddb9 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
@@ -14,19 +14,106 @@
# under the License.
from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class SecurityGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+ """Tests non-deprecated security group policies. Requires network service.
+
+ This class tests non-deprecated policies for adding and removing a security
+ group to and from a server.
+ """
+
+ @classmethod
+ def skip_checks(cls):
+ super(SecurtiyGroupsRbacTest, cls).skip_checks()
+ # All the tests below require the network service.
+ # NOTE(gmann) Currently 'network' service is always True in
+ # test.get_service_list() So below check is not much of use.
+ # Commenting the below check as Tempest is moving the get_service_list
+ # from test.py to utils.
+ # If we want to check 'network' service availability, then
+ # get_service_list can be used from new location.
+ # if not test.get_service_list()['network']:
+ # raise cls.skipException(
+ # 'Skipped because the network service is not available')
+
+ @classmethod
+ def setup_credentials(cls):
+ # A network and a subnet will be created for these tests.
+ cls.set_network_resources(network=True, subnet=True)
+ super(SecurtiyGroupsRbacTest, cls).setup_credentials()
+
+ @classmethod
+ def resource_setup(cls):
+ super(SecurtiyGroupsRbacTest, cls).resource_setup()
+ cls.server = cls.create_test_server(wait_until='ACTIVE')
+
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
+ def test_list_security_groups_by_server(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.list_security_groups_by_server(self.server['id'])
+
+ @decorators.attr(type=["slow"])
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
+ def test_create_security_group_for_server(self):
+ sg_name = self.create_security_group()['name']
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.add_security_group(self.server['id'], name=sg_name)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.servers_client.remove_security_group,
+ self.server['id'], name=sg_name)
+
+ @decorators.attr(type=["slow"])
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
+ def test_remove_security_group_from_server(self):
+ sg_name = self.create_security_group()['name']
+
+ self.servers_client.add_security_group(self.server['id'], name=sg_name)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.servers_client.remove_security_group,
+ self.server['id'], name=sg_name)
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.remove_security_group(
+ self.server['id'], name=sg_name)
+
+
+class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
# Tests in this class will fail with a 404 from microversion 2.36,
# according to:
# https://developer.openstack.org/api-ref/compute/#security-groups-os-security-groups-deprecated
max_microversion = '2.35'
+ @classmethod
+ def skip_checks(cls):
+ super(SecurityGroupsRbacMaxV235Test, cls).skip_checks()
+ # All the tests below require the network service.
+ # NOTE(gmann) Currently 'network' service is always True in
+ # test.get_service_list() So below check is not much of use.
+ # Commenting the below check as Tempest is moving the get_service_list
+ # from test.py to utils.
+ # If we want to check 'network' service availability, then
+ # get_service_list can be used from new location.
+ # if not test.get_service_list()['network']:
+ # raise cls.skipException(
+ # 'Skipped because the network service is not available')
+
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-security-groups")
@@ -58,9 +145,10 @@
@decorators.idempotent_id('3de5c6bc-b822-469e-a627-82427d38b067')
def test_update_security_groups(self):
sec_group_id = self.create_security_group()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
new_name = data_utils.rand_name()
new_desc = data_utils.rand_name()
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.update_security_group(sec_group_id,
name=new_name,
description=new_desc)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
index 4a105d7..35ca437 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
@@ -18,7 +18,6 @@
from tempest.common import waiters
from tempest import config
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest.lib import exceptions
from tempest import test
@@ -167,69 +166,3 @@
LOG.info("ServerFault exception caught. Some other policy "
"blocked updating of server")
raise rbac_exceptions.RbacConflictingPolicies(e)
-
-
-class SecurtiyGroupsRbacTest(base.BaseV2ComputeRbacTest):
- """Tests non-deprecated security group policies. Requires network service.
-
- This class tests non-deprecated policies for adding and removing a security
- group to and from a server.
- """
-
- @classmethod
- def setup_credentials(cls):
- # A network and a subnet will be created for these tests.
- cls.set_network_resources(network=True, subnet=True)
- super(SecurtiyGroupsRbacTest, cls).setup_credentials()
-
- @classmethod
- def skip_checks(cls):
- super(SecurtiyGroupsRbacTest, cls).skip_checks()
- # All the tests below require the network service.
- if not test.get_service_list()['network']:
- raise cls.skipException(
- 'Skipped because the network service is not available')
-
- @classmethod
- def resource_setup(cls):
- super(SecurtiyGroupsRbacTest, cls).resource_setup()
- cls.server = cls.create_test_server(wait_until='ACTIVE')
-
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
- def test_list_security_groups_by_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_security_groups_by_server(self.server['id'])
-
- @decorators.attr(type=["slow"])
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
- def test_create_security_group_for_server(self):
- sg_name = self.create_security_group()['name']
-
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.add_security_group(self.server['id'], name=sg_name)
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.servers_client.remove_security_group,
- self.server['id'], name=sg_name)
-
- @decorators.attr(type=["slow"])
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
- def test_remove_security_group_from_server(self):
- sg_name = self.create_security_group()['name']
-
- self.servers_client.add_security_group(self.server['id'], name=sg_name)
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.servers_client.remove_security_group,
- self.server['id'], name=sg_name)
-
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.remove_security_group(
- self.server['id'], name=sg_name)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index 0c85240..5812f9e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -20,11 +20,11 @@
from patrole_tempest_plugin.tests.api.identity import rbac_base
-class IdentityUserV3AdminRbacTest(rbac_base.BaseIdentityV3RbacTest):
+class IdentityUserV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
@classmethod
def resource_setup(cls):
- super(IdentityUserV3AdminRbacTest, cls).resource_setup()
+ super(IdentityUserV3RbacTest, cls).resource_setup()
cls.default_user_id = cls.os_primary.credentials.user_id
@rbac_rule_validation.action(service="keystone",
@@ -71,19 +71,6 @@
self.users_client.show_user(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
- rule="identity:change_password")
- @decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d90a')
- def test_change_password(self):
- original_password = data_utils.rand_password()
- user = self.setup_test_user(password=original_password)
-
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.update_user_password(
- user['id'],
- original_password=original_password,
- password=data_utils.rand_password())
-
- @rbac_rule_validation.action(service="keystone",
rule="identity:list_groups_for_user")
@decorators.idempotent_id('bd5946d4-46d2-423d-a800-a3e7aabc18b3')
def test_list_own_user_group(self):