Merge "Move config drive tests into misc policy actions file"
diff --git a/patrole_tempest_plugin/rbac_exceptions.py b/patrole_tempest_plugin/rbac_exceptions.py
index aa3135e..5ccb216 100644
--- a/patrole_tempest_plugin/rbac_exceptions.py
+++ b/patrole_tempest_plugin/rbac_exceptions.py
@@ -16,25 +16,25 @@
from tempest.lib import exceptions
-class RbacActionFailed (exceptions.ClientRestClientException):
+class RbacActionFailed(exceptions.ClientRestClientException):
message = "Rbac action failed"
-class RbacResourceSetupFailed (exceptions.TempestException):
+class RbacResourceSetupFailed(exceptions.TempestException):
message = "Rbac resource setup failed"
-class RbacOverPermission (exceptions.TempestException):
+class RbacOverPermission(exceptions.TempestException):
message = "Action performed that should not be permitted"
-class RbacInvalidService (exceptions.TempestException):
+class RbacInvalidService(exceptions.TempestException):
message = "Attempted to test an invalid service"
-class RbacParsingException (exceptions.TempestException):
+class RbacParsingException(exceptions.TempestException):
message = "Attempted to test an invalid policy file or action"
-class RbacInvalidErrorCode (exceptions.TempestException):
+class RbacInvalidErrorCode(exceptions.TempestException):
message = "Unsupported error code passed in test"
diff --git a/patrole_tempest_plugin/tests/api/compute/test_config_drive_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_config_drive_rbac.py
deleted file mode 100644
index 794e0d2..0000000
--- a/patrole_tempest_plugin/tests/api/compute/test_config_drive_rbac.py
+++ /dev/null
@@ -1,48 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.lib import decorators
-from tempest import test
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.compute import rbac_base
-
-
-class ConfigDriveRbacTest(rbac_base.BaseV2ComputeRbacTest):
-
- @classmethod
- def setup_clients(cls):
- super(ConfigDriveRbacTest, cls).setup_clients()
- cls.client = cls.servers_client
-
- @classmethod
- def skip_checks(cls):
- super(ConfigDriveRbacTest, cls).skip_checks()
- if not test.is_extension_enabled('os-config-drive', 'compute'):
- msg = "%s skipped as os-config-drive extension not enabled." \
- % cls.__name__
- raise cls.skipException(msg)
-
- @decorators.idempotent_id('55c62ef7-b72b-4970-acc6-05b0a4316e5d')
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-config-drive")
- def test_create_test_server_with_config_drive(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- # NOTE(felipemonteiro): This policy action is always enforced,
- # regardless whether the config_drive flag is set to true or false.
- # However, it has been explicitly set to true below, in case that this
- # behavior ever changes in the future.
- self.create_test_server(config_drive=True)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index afa8c02..56c7b39 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -23,6 +23,7 @@
from tempest.lib import exceptions as lib_exc
from tempest import test
+from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
@@ -113,6 +114,33 @@
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ @test.requires_ext(extension='os-config-drive', service='compute')
+ @decorators.idempotent_id('2c82e819-382d-4d6f-87f0-a45954cbbc64')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-config-drive")
+ def test_list_servers_with_details_config_drive(self):
+ """Test list servers with config_drive property in response body."""
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ body = self.servers_client.list_servers(detail=True)['servers']
+ # If the first server contains "config_drive", then all the others do.
+ if 'config_drive' not in body[0]:
+ raise rbac_exceptions.RbacActionFailed(
+ '"config_drive" attribute not found in response body.')
+
+ @test.requires_ext(extension='os-config-drive', service='compute')
+ @decorators.idempotent_id('55c62ef7-b72b-4970-acc6-05b0a4316e5d')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-config-drive")
+ def test_show_server_config_drive(self):
+ """Test show server with config_drive property in response body."""
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ body = self.servers_client.show_server(self.server_id)['server']
+ if 'config_drive' not in body:
+ raise rbac_exceptions.RbacActionFailed(
+ '"config_drive" attribute not found in response body.')
+
@test.requires_ext(extension='os-deferred-delete', service='compute')
@decorators.idempotent_id('189bfed4-1e6d-475c-bb8c-d57e60895391')
@rbac_rule_validation.action(