Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 4d6264c2cc341dce889f97b59bad6ee9ff707bcf^! / .
commit4d6264c2cc341dce889f97b59bad6ee9ff707bcf[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Mon Apr 10 16:52:06 2017 +0100
committerFelipe Monteiro <felipe.monteiro@att.com>Mon Apr 10 18:52:27 2017 +0000
tree72a0c1d2365be99d4cb93ffaf6815ab4839cf408
parent1a2784bdffbe292da9e929ecedd166f9d7a6f0e7 [diff]
Fix non-existent cinder policy action tests.

The current policy actions are invalid as they are not included
in Cinder's policy.json [0] and are not enforced by Cinder's
policy enforcement system:

  - volume:list_extensions
  - volume_extension:get_volumes_image_metadata
  - volume:availability_zone_list
  - volume:get_volume_image_metadata

Some of these are incorrectly spelled:
  - volume:get_volume_image_metadata => volume:get_snapshot_metadata
  - volume_extension:get_volumes_image_metadata =>
    volume_extension:volume_image_metadata

Some of these are not enforced at all so have been removed:
  - volume:list_extensions
  - volume:availability_zone_list

Some of these are not as granular (but are not being changed due
to their being fixed in Related-Change):
  - volume_extension:qos_specs_manage:<create/update/delete/read> =>
    volume_extension:qos_specs_manage

[0] https://github.com/openstack/cinder/blob/master/etc/cinder/policy.json

Change-Id: I2d3fcdb38126df4df4e2ffe78acec7cefeba8ea3
Related-Change: I1ca996e968a273b989bea0bf3c54b47349ca47fe
Closes-Bug: #1677026

diff --git a/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py
deleted file mode 100644
index 95b5949..0000000
--- a/patrole_tempest_plugin/tests/api/volume/test_availability_zone_rbac.py
+++ /dev/null

@@ -1,37 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest import config
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.volume import rbac_base
-
-CONF = config.CONF
-
-
-class AvailabilityZoneRbacTest(rbac_base.BaseVolumeRbacTest):
-
-    @classmethod
-    def setup_clients(cls):
-        super(AvailabilityZoneRbacTest, cls).setup_clients()
-        cls.client = cls.availability_zone_client
-
-    @rbac_rule_validation.action(service="cinder",
-                                 rule="volume:availability_zone_list")
-    @decorators.idempotent_id('8cfd920c-4b6c-402d-b6e2-ede86bedc702')
-    def test_get_availability_zone_list(self):
-        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-        self.client.list_availability_zones()

diff --git a/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py
deleted file mode 100644
index 3304452..0000000
--- a/patrole_tempest_plugin/tests/api/volume/test_extensions_rbac.py
+++ /dev/null

@@ -1,36 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest import config
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.volume import rbac_base
-
-CONF = config.CONF
-
-
-class ExtensionsRbacTest(rbac_base.BaseVolumeRbacTest):
-
-    @rbac_rule_validation.action(service="cinder",
-                                 rule="volume:list_extensions")
-    @decorators.idempotent_id('7f2dcc41-e850-493f-a400-82db4e2b50c0')
-    def test_list_extensions(self):
-        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-        self.volumes_extension_client.list_extensions()
-
-
-class ExtensionsV3RbacTest(ExtensionsRbacTest):
-    _api_version = 3

diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
index bf48716..81cd854 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_metadata_rbac.py

@@ -57,7 +57,7 @@
         self._create_test_snapshot_metadata()
 
     @rbac_rule_validation.action(service="cinder",
-                                 rule="volume:get_volume_image_metadata")
+                                 rule="volume:get_snapshot_metadata")
     @decorators.idempotent_id('f6912bb1-62e6-483d-bcd0-e98c1641f4c3')
     def test_get_snapshot_metadata(self):
         # Create volume and snapshot metadata

diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
index e1f9430..70c73fc 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py

@@ -73,7 +73,7 @@
     @test.attr(type="slow")
     @rbac_rule_validation.action(service="cinder", rule="volume:detach")
     @decorators.idempotent_id('5a042f6a-688b-42e6-a02e-fe5c47b89b07')
-    def test_detach_volume_to_instance(self):
+    def test_detach_volume_from_instance(self):
         # Attach the volume
         server = self._create_server()
         self._attach_volume(server)

diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
similarity index 97%
rename from patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py
rename to patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
index 6bc9e4e..b98c39a 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py

@@ -57,7 +57,7 @@
 
     @rbac_rule_validation.action(
         service="cinder",
-        rule="volume_extension:get_volumes_image_metadata")
+        rule="volume_extension:volume_image_metadata")
     @decorators.idempotent_id('3d48ca91-f02b-4616-a69d-4a8b296c8529')
     def test_volume_list_image_metadata(self):
         # Get a list of Volumes