Remove admin namespace throughout Patrole - Volume tests
In Tempest, it is meaningful to separate admin and non-admin
tests into different classes and files, because Tempest
must use clients with admin credentials to perform admin-only
API calls, like changing an admin password. More specifically,
Tempest must use the os_adm/os_admin-namespace clients
(instantiated with admin credentials) to perform these tests;
else 403s are thrown.
Patrole, on the other hand, doesn't need to use
os_adm/os_admin-namespace clients, because of the fact that
role-switching is performed to grant the os-namespace
clients sufficient credentials to perform API actions that
require admin credentials during setting up and cleaning up
test resources. Thus, the distinction between admin and
non-admin is not important in Patrole, as role-switching
means that at different points in time the clients have admin
and non-admin credentials.
Thus, all namespaces (files, folders and classes) that contain
"admin" should be renamed, if the non-admin version does not
already exist. If the admin version and non-admin version
tests both exist, then the admin version should be removed and
its tests merged with the non-admin version.
Depends-On: I8c3944e766210a31aa684e29c45e39470b738640
Change-Id: I417fa0d29fc06b04582cdac24608b0373db6aacb
Partial-Bug: #1672250
diff --git a/patrole_tempest_plugin/tests/api/volume/admin/__init__.py b/patrole_tempest_plugin/tests/api/volume/admin/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/patrole_tempest_plugin/tests/api/volume/admin/__init__.py
+++ /dev/null
diff --git a/patrole_tempest_plugin/tests/api/volume/admin/test_volumes_backup_admin_rbac.py b/patrole_tempest_plugin/tests/api/volume/admin/test_volumes_backup_admin_rbac.py
deleted file mode 100644
index e3d2438..0000000
--- a/patrole_tempest_plugin/tests/api/volume/admin/test_volumes_backup_admin_rbac.py
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_serialization import base64
-from oslo_serialization import jsonutils as json
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest import test
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.volume import rbac_base
-
-CONF = config.CONF
-
-
-class VolumesBackupsAdminRbacTest(rbac_base.BaseVolumeAdminRbacTest):
-
- @classmethod
- def skip_checks(cls):
- super(VolumesBackupsAdminRbacTest, cls).skip_checks()
- if not CONF.volume_feature_enabled.backup:
- raise cls.skipException("Cinder backup feature disabled")
-
- @classmethod
- def resource_setup(cls):
- super(VolumesBackupsAdminRbacTest, cls).resource_setup()
- cls.volume = cls.create_volume()
-
- def _decode_url(self, backup_url):
- return json.loads(base64.decode_as_text(backup_url))
-
- def _encode_backup(self, backup):
- retval = json.dumps(backup)
- return base64.encode_as_text(retval)
-
- def _modify_backup_url(self, backup_url, changes):
- backup = self._decode_url(backup_url)
- backup.update(changes)
- return self._encode_backup(backup)
-
- @test.attr(type='slow')
- @rbac_rule_validation.action(service="cinder",
- rule="backup:backup-export")
- @decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
- def test_volume_backup_export(self):
- # Create a temp backup
- backup = self.create_backup(volume_id=self.volume['id'])
- # Export Backup
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.backups_client.export_backup(
- backup['id'])['backup-record']
-
- @test.attr(type='slow')
- @rbac_rule_validation.action(service="cinder",
- rule="backup:backup-import")
- @decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
- def test_volume_backup_import(self):
- # Create a temp backup
- backup = self.create_backup(volume_id=self.volume['id'])
- # Export a temp backup
- export_backup = self.backups_client.export_backup(
- backup['id'])['backup-record']
- new_id = data_utils.rand_uuid()
- new_url = self._modify_backup_url(
- export_backup['backup_url'], {'id': new_id})
- # Import the temp backup
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- import_backup = self.backups_client.import_backup(
- backup_service=export_backup['backup_service'],
- backup_url=new_url)['backup']
- self.addCleanup(self.backups_client.delete_backup, import_backup['id'])
-
-
-class VolumesBackupsAdminV3RbacTest(VolumesBackupsAdminRbacTest):
- _api_version = 3
diff --git a/patrole_tempest_plugin/tests/api/volume/rbac_base.py b/patrole_tempest_plugin/tests/api/volume/rbac_base.py
index d47f8ff..a2d5345 100644
--- a/patrole_tempest_plugin/tests/api/volume/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/volume/rbac_base.py
@@ -28,33 +28,16 @@
super(BaseVolumeRbacTest, cls).skip_checks()
if not CONF.rbac.enable_rbac:
raise cls.skipException(
- "%s skipped as RBAC Flag not enabled" % cls.__name__)
+ "%s skipped as RBAC testing not enabled" % cls.__name__)
@classmethod
def setup_clients(cls):
super(BaseVolumeRbacTest, cls).setup_clients()
cls.auth_provider = cls.os.auth_provider
+
cls.rbac_utils = rbac_utils()
cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
-
-class BaseVolumeAdminRbacTest(vol_base.BaseVolumeAdminTest):
-
- credentials = ['admin', 'primary']
-
- @classmethod
- def skip_checks(cls):
- super(BaseVolumeAdminRbacTest, cls).skip_checks()
- if not CONF.rbac.enable_rbac:
- raise cls.skipException(
- "%s skipped as RBAC Flag not enabled" % cls.__name__)
-
- @classmethod
- def setup_clients(cls):
- super(BaseVolumeAdminRbacTest, cls).setup_clients()
- cls.auth_provider = cls.os.auth_provider
- cls.rbac_utils = rbac_utils()
- cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
version_checker = {
1: [cls.os.volume_hosts_client, cls.os.volume_types_client],
2: [cls.os.volume_hosts_v2_client, cls.os.volume_types_v2_client],
diff --git a/patrole_tempest_plugin/tests/api/volume/admin/test_qos_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
similarity index 86%
rename from patrole_tempest_plugin/tests/api/volume/admin/test_qos_rbac.py
rename to patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
index 74230a7..c3cca0d 100644
--- a/patrole_tempest_plugin/tests/api/volume/admin/test_qos_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
@@ -14,22 +14,30 @@
# under the License.
from tempest.common import waiters
-from tempest import config
+from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
-CONF = config.CONF
-
-class VolumeQOSRbacTest(rbac_base.BaseVolumeAdminRbacTest):
+class VolumeQOSRbacTest(rbac_base.BaseVolumeRbacTest):
@classmethod
def setup_clients(cls):
super(VolumeQOSRbacTest, cls).setup_clients()
cls.auth_provider = cls.os.auth_provider
- cls.client = cls.admin_volume_qos_client
+ cls.client = cls.os.volume_qos_v2_client
+
+ def _create_test_qos_specs(self, name=None, consumer=None, **kwargs):
+ """Create a test Qos-Specs."""
+ name = name or data_utils.rand_name(self.__class__.__name__ + '-QoS')
+ consumer = consumer or 'front-end'
+ qos_specs = self.client.create_qos(
+ name=name, consumer=consumer, **kwargs)['qos_specs']
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.client.delete_qos, qos_specs['id'])
+ return qos_specs
@rbac_rule_validation.action(
service="cinder", rule="volume_extension:qos_specs_manage:create")
@@ -37,14 +45,14 @@
def test_create_qos_with_consumer(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# Create a qos
- self.create_test_qos_specs()
+ self._create_test_qos_specs()
@rbac_rule_validation.action(
service="cinder", rule="volume_extension:qos_specs_manage:delete")
@decorators.idempotent_id('fbc8a77e-6b6d-45ae-bebe-c496eb8f06f7')
def test_delete_qos_with_consumer(self):
# Create a qos
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# Delete a qos
self.client.delete_qos(qos['id'])
@@ -54,7 +62,7 @@
@decorators.idempotent_id('22aff0dd-0343-408d-ae80-e77551956e14')
def test_get_qos(self):
# Create a qos
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# Get a qos
self.client.show_qos(qos['id'])['qos_specs']
@@ -72,7 +80,7 @@
@decorators.idempotent_id('89b630b7-c170-47c3-ac80-50ed425c2d98')
def test_set_qos_key(self):
# Create a qos
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# set key
self.client.set_qos_key(qos['id'], iops_bytes='500')['qos_specs']
@@ -82,7 +90,7 @@
@decorators.idempotent_id('6c50c837-de77-4dae-a2ec-30e05c62969c')
def test_unset_qos_key(self):
# Create a qos
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
# Set key
self.client.set_qos_key(qos['id'], iops_bytes='500')['qos_specs']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
@@ -98,7 +106,7 @@
@decorators.idempotent_id('2047b347-8bbe-405e-bf5a-c75a0d7e3930')
def test_associate_qos(self):
# Create a qos
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
# create a test volume-type
vol_type = self.create_volume_type()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
@@ -111,7 +119,7 @@
@decorators.idempotent_id('ff1e98f3-d456-40a9-96d4-c7e4a55dcffa')
def test_get_association_qos(self):
# create a test volume-type
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
vol_type = self.create_volume_type()['id']
# associate the qos-specs with volume-types
self.client.associate_qos(qos['id'], vol_type)
@@ -125,7 +133,7 @@
@decorators.idempotent_id('f12aeca1-0c02-4f33-b805-014171e5b2d4')
def test_disassociate_qos(self):
# create a test volume-type
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
vol_type = self.create_volume_type()['id']
# associate the qos-specs with volume-types
self.client.associate_qos(qos['id'], vol_type)
@@ -142,7 +150,7 @@
service="cinder", rule="volume_extension:qos_specs_manage:update")
@decorators.idempotent_id('9f6e664d-a5d9-4e71-b122-73a3086be1b9')
def test_disassociate_all_qos(self):
- qos = self.create_test_qos_specs()
+ qos = self._create_test_qos_specs()
# create a test volume-type
vol_type = self.create_volume_type()['id']
# associate the qos-specs with volume-types
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
index d4d010b..18a2768 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
@@ -19,7 +19,7 @@
from patrole_tempest_plugin.tests.api.volume import rbac_base
-class VolumeHostsAdminRbacTest(rbac_base.BaseVolumeAdminRbacTest):
+class VolumeHostsRbacTest(rbac_base.BaseVolumeRbacTest):
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:hosts")
diff --git a/patrole_tempest_plugin/tests/api/volume/admin/test_volume_quotas_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
similarity index 89%
rename from patrole_tempest_plugin/tests/api/volume/admin/test_volume_quotas_rbac.py
rename to patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
index 28adfa7..a104782 100644
--- a/patrole_tempest_plugin/tests/api/volume/admin/test_volume_quotas_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
@@ -27,16 +27,16 @@
LOG = logging.getLogger(__name__)
-class VolumeQuotasAdminRbacTest(rbac_base.BaseVolumeAdminRbacTest):
+class VolumeQuotasRbacTest(rbac_base.BaseVolumeRbacTest):
@classmethod
def setup_credentials(cls):
- super(VolumeQuotasAdminRbacTest, cls).setup_credentials()
+ super(VolumeQuotasRbacTest, cls).setup_credentials()
cls.demo_tenant_id = cls.os.credentials.tenant_id
@classmethod
def setup_clients(cls):
- super(VolumeQuotasAdminRbacTest, cls).setup_clients()
+ super(VolumeQuotasRbacTest, cls).setup_clients()
cls.client = cls.os.volume_quotas_client
@rbac_rule_validation.action(service="cinder",
@@ -61,5 +61,5 @@
**new_quota_set)['quota_set']
-class VolumeQuotasAdminV3RbacTest(VolumeQuotasAdminRbacTest):
+class VolumeQuotasV3RbacTest(VolumeQuotasRbacTest):
_api_version = 3
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
index 6978166..33bc5ae 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
@@ -13,22 +13,30 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
+from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
-CONF = config.CONF
+class VolumeTypesExtraSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
-class VolumeTypesExtraSpecsAdminRbacTest(rbac_base.BaseVolumeAdminRbacTest):
+ def _create_volume_type(self, name=None, **kwargs):
+ """Create a test volume-type"""
+ name = name or data_utils.rand_name(
+ self.__class__.__name__ + '-volume-type')
+ volume_type = self.volume_types_client.create_volume_type(
+ name=name, **kwargs)['volume_type']
+ self.addCleanup(self.volume_types_client.delete_volume_type,
+ volume_type['id'])
+ return volume_type
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
@decorators.idempotent_id('eea40251-990b-49b0-99ae-10e4585b479b')
- def test_volume_type_extra_specs_list(self):
- vol_type = self.create_volume_type()
+ def test_create_volume_type_extra_specs(self):
+ vol_type = self._create_volume_type()
# List Volume types extra specs.
extra_specs = {"spec1": "val1"}
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
index 6e1b9f1..6a3367a 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
@@ -13,6 +13,9 @@
# License for the specific language governing permissions and limitations
# under the License.
+from oslo_serialization import base64
+from oslo_serialization import jsonutils as json
+
from tempest.common import waiters
from tempest import config
from tempest.lib.common.utils import data_utils
@@ -50,6 +53,18 @@
self.backups_client, backup['id'], 'available')
return backup
+ def _decode_url(self, backup_url):
+ return json.loads(base64.decode_as_text(backup_url))
+
+ def _encode_backup(self, backup):
+ retval = json.dumps(backup)
+ return base64.encode_as_text(retval)
+
+ def _modify_backup_url(self, backup_url, changes):
+ backup = self._decode_url(backup_url)
+ backup.update(changes)
+ return self._encode_backup(backup)
+
@test.attr(type="slow")
@rbac_rule_validation.action(service="cinder",
rule="backup:create")
@@ -101,6 +116,39 @@
self.backups_client.delete_backup(backup['id'])
self.backups_client.wait_for_resource_deletion(backup['id'])
+ @test.attr(type='slow')
+ @rbac_rule_validation.action(service="cinder",
+ rule="backup:backup-export")
+ @decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
+ def test_volume_backup_export(self):
+ # Create a temp backup
+ backup = self._create_backup(volume_id=self.volume['id'])
+
+ # Export Backup
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.backups_client.export_backup(backup['id'])['backup-record']
+
+ @test.attr(type='slow')
+ @rbac_rule_validation.action(service="cinder",
+ rule="backup:backup-import")
+ @decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
+ def test_volume_backup_import(self):
+ # Create a temp backup
+ backup = self._create_backup(volume_id=self.volume['id'])
+ # Export a temp backup
+ export_backup = self.backups_client.export_backup(
+ backup['id'])['backup-record']
+ new_id = data_utils.rand_uuid()
+ new_url = self._modify_backup_url(
+ export_backup['backup_url'], {'id': new_id})
+
+ # Import the temp backup
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ import_backup = self.backups_client.import_backup(
+ backup_service=export_backup['backup_service'],
+ backup_url=new_url)['backup']
+ self.addCleanup(self.backups_client.delete_backup, import_backup['id'])
+
class VolumesBackupsV3RbacTest(VolumesBackupsRbacTest):
_api_version = 3