Merge "Remove admin namespace throughout Patrole - Volume tests"
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 4bfa7fe..d952014 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -14,7 +14,6 @@
# under the License.
import sys
-import testtools
import time
from oslo_log import log as logging
@@ -137,10 +136,11 @@
self.switch_role_history.setdefault(key, None)
if self.switch_role_history[key] == toggle_rbac_role:
- # If the test was skipped, then this is a legitimate use case,
- # so do not throw an exception.
- exc_value = sys.exc_info()[1]
- if not isinstance(exc_value, testtools.TestCase.skipException):
+ # If an exception was thrown, like a skipException or otherwise,
+ # then this is a legitimate reason why `switch_role` was not
+ # called, so only raise an exception if no current exception is
+ # being handled.
+ if sys.exc_info()[0] is None:
self.switch_role_history[key] = False
error_message = '`toggle_rbac_role` must not be called with '\
'the same bool value twice. Make sure that you included '\
diff --git a/patrole_tempest_plugin/tests/api/compute/admin/__init__.py b/patrole_tempest_plugin/tests/api/compute/admin/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/patrole_tempest_plugin/tests/api/compute/admin/__init__.py
+++ /dev/null
diff --git a/patrole_tempest_plugin/tests/api/compute/rbac_base.py b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
index 9da50c6..b2f830e 100644
--- a/patrole_tempest_plugin/tests/api/compute/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/compute/rbac_base.py
@@ -11,11 +11,10 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-
from tempest.api.compute import base as compute_base
from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
from patrole_tempest_plugin.rbac_utils import rbac_utils
@@ -40,34 +39,15 @@
cls.rbac_utils = rbac_utils()
cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
-
-class BaseV2ComputeAdminRbacTest(compute_base.BaseV2ComputeAdminTest):
-
- credentials = ['admin', 'primary']
-
- @classmethod
- def skip_checks(cls):
- super(BaseV2ComputeAdminRbacTest, cls).skip_checks()
- if not CONF.rbac.enable_rbac:
- raise cls.skipException(
- '%s skipped as RBAC flag not enabled' % cls.__name__)
-
- @classmethod
- def setup_clients(cls):
- super(BaseV2ComputeAdminRbacTest, cls).setup_clients()
- cls.auth_provider = cls.os.auth_provider
- cls.rbac_utils = rbac_utils()
- cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
-
@classmethod
def resource_setup(cls):
- super(BaseV2ComputeAdminRbacTest, cls).resource_setup()
+ super(BaseV2ComputeRbacTest, cls).resource_setup()
cls.flavors = []
@classmethod
def resource_cleanup(cls):
cls.clear_flavors()
- super(BaseV2ComputeAdminRbacTest, cls).resource_cleanup()
+ super(BaseV2ComputeRbacTest, cls).resource_cleanup()
@classmethod
def clear_flavors(cls):
diff --git a/patrole_tempest_plugin/tests/api/compute/admin/test_admin_password_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_admin_password_rbac.py
similarity index 73%
rename from patrole_tempest_plugin/tests/api/compute/admin/test_admin_password_rbac.py
rename to patrole_tempest_plugin/tests/api/compute/test_admin_password_rbac.py
index 2c9809e..08a06e6 100644
--- a/patrole_tempest_plugin/tests/api/compute/admin/test_admin_password_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_admin_password_rbac.py
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-import testtools
-
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
@@ -26,27 +24,24 @@
CONF = config.CONF
-class PasswordAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
-
- @classmethod
- def setup_clients(cls):
- super(PasswordAdminRbacTest, cls).setup_clients()
- cls.client = cls.servers_client
+class AdminPasswordRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def skip_checks(cls):
- super(PasswordAdminRbacTest, cls).skip_checks()
- if not CONF.compute_feature_enabled.api_extensions:
- raise cls.skipException(
- '%s skipped as no compute extensions enabled' % cls.__name__)
+ super(AdminPasswordRbacTest, cls).skip_checks()
+ if not CONF.compute_feature_enabled.change_password:
+ raise cls.skipException('Change password not available.')
+
+ @classmethod
+ def setup_clients(cls):
+ super(AdminPasswordRbacTest, cls).setup_clients()
+ cls.client = cls.servers_client
@classmethod
def resource_setup(cls):
- super(PasswordAdminRbacTest, cls).resource_setup()
+ super(AdminPasswordRbacTest, cls).resource_setup()
cls.server_id = cls.create_test_server(wait_until='ACTIVE')['id']
- @testtools.skipUnless(CONF.compute_feature_enabled.change_password,
- 'Change password not available.')
@rbac_rule_validation.action(
service="nova", rule="os_compute_api:os-admin-password")
@decorators.idempotent_id('908a7d59-3a66-441c-94cf-38e57ed14956')
diff --git a/patrole_tempest_plugin/tests/api/compute/admin/test_admin_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_admin_server_actions_rbac.py
similarity index 82%
rename from patrole_tempest_plugin/tests/api/compute/admin/test_admin_server_actions_rbac.py
rename to patrole_tempest_plugin/tests/api/compute/test_admin_server_actions_rbac.py
index 2f0d03e..a2d23af 100644
--- a/patrole_tempest_plugin/tests/api/compute/admin/test_admin_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_admin_server_actions_rbac.py
@@ -15,31 +15,31 @@
from tempest import config
from tempest.lib import decorators
+from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
-
CONF = config.CONF
-class ServersAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class AdminServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(ServersAdminRbacTest, cls).setup_clients()
+ super(AdminServerActionsRbacTest, cls).setup_clients()
cls.client = cls.servers_client
@classmethod
def skip_checks(cls):
- super(ServersAdminRbacTest, cls).skip_checks()
- if not CONF.compute_feature_enabled.api_extensions:
- raise cls.skipException(
- '%s skipped as no compute extensions enabled' % cls.__name__)
+ super(AdminServerActionsRbacTest, cls).skip_checks()
+ if not test.is_extension_enabled('os-admin-actions', 'compute'):
+ msg = "%s skipped as os-admin-actions not enabled." % cls.__name__
+ raise cls.skipException(msg)
@classmethod
def resource_setup(cls):
- super(ServersAdminRbacTest, cls).resource_setup()
+ super(AdminServerActionsRbacTest, cls).resource_setup()
cls.server_id = cls.create_test_server(wait_until='ACTIVE')['id']
@rbac_rule_validation.action(
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
index 5c3f55a..2019331 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_access_rbac.py
@@ -14,7 +14,6 @@
# under the License.
from oslo_config import cfg
-from oslo_log import log
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
@@ -24,19 +23,18 @@
from patrole_tempest_plugin.tests.api.compute import rbac_base
CONF = cfg.CONF
-LOG = log.getLogger(__name__)
-class FlavorAccessAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class FlavorAccessRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(FlavorAccessAdminRbacTest, cls).setup_clients()
+ super(FlavorAccessRbacTest, cls).setup_clients()
cls.client = cls.flavors_client
@classmethod
def skip_checks(cls):
- super(FlavorAccessAdminRbacTest, cls).skip_checks()
+ super(FlavorAccessRbacTest, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "%s skipped as OS-FLV-EXT-DATA extension not enabled."\
% cls.__name__
@@ -44,7 +42,7 @@
@classmethod
def resource_setup(cls):
- super(FlavorAccessAdminRbacTest, cls).resource_setup()
+ super(FlavorAccessRbacTest, cls).resource_setup()
cls.flavor_id = cls._create_flavor(is_public=False)['id']
cls.public_flavor_id = CONF.compute.flavor_ref
cls.tenant_id = cls.auth_provider.credentials.tenant_id
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
index 0cf789b..0ee8d9a 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_extra_specs_rbac.py
@@ -22,30 +22,30 @@
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class FlavorExtraSpecsAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class FlavorExtraSpecsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(FlavorExtraSpecsAdminRbacTest, cls).setup_clients()
+ super(FlavorExtraSpecsRbacTest, cls).setup_clients()
cls.client = cls.flavors_client
@classmethod
def skip_checks(cls):
- super(FlavorExtraSpecsAdminRbacTest, cls).skip_checks()
+ super(FlavorExtraSpecsRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-flavor-extra-specs', 'compute'):
msg = "os-flavor-extra-specs extension not enabled."
raise cls.skipException(msg)
@classmethod
def resource_setup(cls):
- super(FlavorExtraSpecsAdminRbacTest, cls).resource_setup()
+ super(FlavorExtraSpecsRbacTest, cls).resource_setup()
cls.flavor = cls._create_flavor()
@classmethod
def resource_cleanup(cls):
cls.client.delete_flavor(cls.flavor['id'])
cls.client.wait_for_resource_deletion(cls.flavor['id'])
- super(FlavorExtraSpecsAdminRbacTest, cls).resource_cleanup()
+ super(FlavorExtraSpecsRbacTest, cls).resource_cleanup()
def _set_flavor_extra_spec(self):
rand_key = data_utils.rand_name('key')
diff --git a/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
index bc33d3b..7f070eb 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_flavor_rxtx_rbac.py
@@ -20,16 +20,16 @@
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class FlavorRxtxAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class FlavorRxtxRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(FlavorRxtxAdminRbacTest, cls).setup_clients()
+ super(FlavorRxtxRbacTest, cls).setup_clients()
cls.client = cls.flavors_client
@classmethod
def skip_checks(cls):
- super(FlavorRxtxAdminRbacTest, cls).skip_checks()
+ super(FlavorRxtxRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-flavor-rxtx', 'compute'):
msg = "os-flavor-rxtx extension not enabled."
raise cls.skipException(msg)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
index b03de11..53e3a70 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
@@ -22,16 +22,16 @@
CONF = config.CONF
-class HostsAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class HostsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(HostsAdminRbacTest, cls).setup_clients()
+ super(HostsRbacTest, cls).setup_clients()
cls.client = cls.os.hosts_client
@classmethod
def skip_checks(cls):
- super(HostsAdminRbacTest, cls).skip_checks()
+ super(HostsRbacTest, cls).skip_checks()
if not CONF.compute_feature_enabled.api_extensions:
raise cls.skipException(
'%s skipped as no compute extensions enabled' % cls.__name__)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
index 36ac916..ecd0fd3 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
@@ -20,16 +20,16 @@
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class HypervisorAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class HypervisorRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(HypervisorAdminRbacTest, cls).setup_clients()
+ super(HypervisorRbacTest, cls).setup_clients()
cls.client = cls.hypervisor_client
@classmethod
def skip_checks(cls):
- super(HypervisorAdminRbacTest, cls).skip_checks()
+ super(HypervisorRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-hypervisors', 'compute'):
msg = "%s skipped as os-hypervisors extension not enabled." \
% cls.__name__
diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
index 7b116e4..cff3167 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
@@ -20,12 +20,12 @@
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class InstanceUsagesAuditLogAdminRbacTest(
- rbac_base.BaseV2ComputeAdminRbacTest):
+class InstanceUsagesAuditLogRbacTest(
+ rbac_base.BaseV2ComputeRbacTest):
@classmethod
def skip_checks(cls):
- super(InstanceUsagesAuditLogAdminRbacTest, cls).skip_checks()
+ super(InstanceUsagesAuditLogRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-instance-usage-audit-log',
'compute'):
msg = "os-instance-usage-audit-log extension not enabled."
@@ -33,7 +33,7 @@
@classmethod
def setup_clients(cls):
- super(InstanceUsagesAuditLogAdminRbacTest, cls).setup_clients()
+ super(InstanceUsagesAuditLogRbacTest, cls).setup_clients()
cls.client = cls.instance_usages_audit_log_client
@decorators.idempotent_id('c80246c0-5c13-4ab0-97ba-91551cd53dc1')
diff --git a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
index 0a21bcb..fda9071 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
@@ -22,16 +22,16 @@
CONF = config.CONF
-class MigrationsAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class MigrationsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(MigrationsAdminRbacTest, cls).setup_clients()
+ super(MigrationsRbacTest, cls).setup_clients()
cls.client = cls.migrations_client
@classmethod
def skip_checks(cls):
- super(MigrationsAdminRbacTest, cls).skip_checks()
+ super(MigrationsRbacTest, cls).skip_checks()
if not CONF.compute_feature_enabled.api_extensions:
raise cls.skipException(
'%s skipped as no compute extensions enabled' % cls.__name__)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
index c25303f..82de5a3 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_services_rbac.py
@@ -13,28 +13,26 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib import decorators
+from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
-CONF = config.CONF
-
-class ServicesAdminRbacTest(rbac_base.BaseV2ComputeAdminRbacTest):
+class ServicesRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
def setup_clients(cls):
- super(ServicesAdminRbacTest, cls).setup_clients()
+ super(ServicesRbacTest, cls).setup_clients()
cls.client = cls.services_client
@classmethod
def skip_checks(cls):
- super(ServicesAdminRbacTest, cls).skip_checks()
- if not CONF.compute_feature_enabled.api_extensions:
+ super(ServicesRbacTest, cls).skip_checks()
+ if not test.is_extension_enabled('os-services', 'compute'):
raise cls.skipException(
- '%s skipped as no compute extensions enabled' % cls.__name__)
+ '%s skipped as os-services not enabled' % cls.__name__)
@rbac_rule_validation.action(
service="nova",
diff --git a/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py
deleted file mode 100644
index 95b5949..0000000
--- a/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest import config
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.volume import rbac_base
-
-CONF = config.CONF
-
-
-class AvailabilityZoneRbacTest(rbac_base.BaseVolumeRbacTest):
-
- @classmethod
- def setup_clients(cls):
- super(AvailabilityZoneRbacTest, cls).setup_clients()
- cls.client = cls.availability_zone_client
-
- @rbac_rule_validation.action(service="cinder",
- rule="volume:availability_zone_list")
- @decorators.idempotent_id('8cfd920c-4b6c-402d-b6e2-ede86bedc702')
- def test_get_availability_zone_list(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.list_availability_zones()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py
deleted file mode 100644
index 3304452..0000000
--- a/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest import config
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.volume import rbac_base
-
-CONF = config.CONF
-
-
-class ExtensionsRbacTest(rbac_base.BaseVolumeRbacTest):
-
- @rbac_rule_validation.action(service="cinder",
- rule="volume:list_extensions")
- @decorators.idempotent_id('7f2dcc41-e850-493f-a400-82db4e2b50c0')
- def test_list_extensions(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.volumes_extension_client.list_extensions()
-
-
-class ExtensionsV3RbacTest(ExtensionsRbacTest):
- _api_version = 3
diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
index bf48716..81cd854 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
@@ -57,7 +57,7 @@
self._create_test_snapshot_metadata()
@rbac_rule_validation.action(service="cinder",
- rule="volume:get_volume_image_metadata")
+ rule="volume:get_snapshot_metadata")
@decorators.idempotent_id('f6912bb1-62e6-483d-bcd0-e98c1641f4c3')
def test_get_snapshot_metadata(self):
# Create volume and snapshot metadata
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
index e1f9430..70c73fc 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
@@ -73,7 +73,7 @@
@test.attr(type="slow")
@rbac_rule_validation.action(service="cinder", rule="volume:detach")
@decorators.idempotent_id('5a042f6a-688b-42e6-a02e-fe5c47b89b07')
- def test_detach_volume_to_instance(self):
+ def test_detach_volume_from_instance(self):
# Attach the volume
server = self._create_server()
self._attach_volume(server)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
similarity index 97%
rename from patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py
rename to patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
index 6bc9e4e..b98c39a 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
@@ -57,7 +57,7 @@
@rbac_rule_validation.action(
service="cinder",
- rule="volume_extension:get_volumes_image_metadata")
+ rule="volume_extension:volume_image_metadata")
@decorators.idempotent_id('3d48ca91-f02b-4616-a69d-4a8b296c8529')
def test_volume_list_image_metadata(self):
# Get a list of Volumes
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
index 38b5fea..78d8e66 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
@@ -274,6 +274,11 @@
def test_invalid_policy_rule_throws_parsing_exception(
self, mock_rbac_policy_parser):
"""Test that invalid policy action causes test to be skipped."""
+ CONF.set_override('strict_policy_check', True, group='rbac',
+ enforce_type=True)
+ self.addCleanup(CONF.clear_override, 'strict_policy_check',
+ group='rbac')
+
mock_rbac_policy_parser.RbacPolicyParser.return_value.allowed.\
side_effect = rbac_exceptions.RbacParsingException
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index feccfe5..057ce20 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -195,23 +195,38 @@
autospec=True, return_value=False)
@mock.patch.object(rbac_utils, 'LOG', autospec=True)
@mock.patch.object(rbac_utils, 'sys', autospec=True)
- def test_rbac_utils_switch_roles_with_skip_exception(self, mock_sys,
- mock_log, _):
+ def test_rbac_utils_switch_roles_with_unhandled_exception(self, mock_sys,
+ mock_log, _):
+ """Test whether throwing an unhandled exception doesn't throw error.
+
+ If a skip exception, say, is thrown then this means that switch_role is
+ never called within the test function. But if an unhandled exception
+ or skip exception is thrown, then this should not result in an error
+ being raised.
+ """
self._mock_list_user_roles_on_project('member_id')
- mock_skip_exception = mock.Mock(spec=testtools.TestCase.skipException)
- mock_sys.exc_info.return_value = [None, mock_skip_exception]
+ # Skip exception is an example of a legitimate case where `switch_role`
+ # is thrown. AttributeError, on the other hand, is an example of an
+ # unexpected exception being thrown that should be allowed to bubble
+ # up, rather than being obfuscated by `switch_role` error being thrown
+ # instead.
+ unhandled_exceptions = [testtools.TestCase.skipException,
+ AttributeError]
- # Ordinarily switching to the same role would result in an error,
- # but because the skipException is thrown before the test finishes,
- # this is not treated as a failure.
- self.rbac_utils.switch_role(self.mock_test_obj, False)
- self.rbac_utils.switch_role(self.mock_test_obj, False)
- mock_log.error.assert_not_called()
+ for unhandled_exception in unhandled_exceptions:
+ mock_sys.exc_info.return_value = [unhandled_exception]
- self.rbac_utils.switch_role(self.mock_test_obj, True)
- self.rbac_utils.switch_role(self.mock_test_obj, True)
- mock_log.error.assert_not_called()
+ # Ordinarily switching to the same role would result in an error,
+ # but because the skipException is thrown before the test finishes,
+ # this is not treated as a failure.
+ self.rbac_utils.switch_role(self.mock_test_obj, False)
+ self.rbac_utils.switch_role(self.mock_test_obj, False)
+ mock_log.error.assert_not_called()
+
+ self.rbac_utils.switch_role(self.mock_test_obj, True)
+ self.rbac_utils.switch_role(self.mock_test_obj, True)
+ mock_log.error.assert_not_called()
@mock.patch.object(rbac_utils.rbac_utils, '_clear_user_roles',
autospec=True, return_value=False)