Merge "Remove deprecrated [rbac] config group"
diff --git a/.gitignore b/.gitignore
index 963e589..6d47339 100644
--- a/.gitignore
+++ b/.gitignore
@@ -53,6 +53,10 @@
*~
.*.swp
.*sw?
+*.idea
# Files created by releasenotes build
-releasenotes/build
\ No newline at end of file
+releasenotes/build
+
+# Misc
+.stestr/
diff --git a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
index 7cc089a..e1c0910 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
@@ -27,6 +27,14 @@
min_microversion = '3.14'
max_microversion = 'latest'
+ credentials = ['primary', 'admin']
+
+ @classmethod
+ def setup_clients(cls):
+ super(GroupsV3RbacTest, cls).setup_clients()
+ cls.admin_groups_client = cls.os_admin.groups_v3_client
+ cls.admin_volumes_client = cls.os_admin.volumes_v3_client
+
def setUp(self):
super(GroupsV3RbacTest, self).setUp()
self.volume_type_id = self.create_volume_type()['id']
@@ -37,20 +45,25 @@
self.__class__.__name__ + '-Group')
group = self.groups_client.create_group(name=group_name, **kwargs)[
'group']
- waiters.wait_for_volume_resource_status(
- self.groups_client, group['id'], 'available')
-
if ignore_notfound:
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self._delete_group, group['id'])
else:
self.addCleanup(self._delete_group, group['id'])
-
+ waiters.wait_for_volume_resource_status(
+ self.admin_groups_client, group['id'], 'available')
return group
- def _delete_group(self, group_id, delete_volumes=True):
- self.groups_client.delete_group(group_id, delete_volumes)
- self.groups_client.wait_for_resource_deletion(group_id)
+ def _delete_group(self, group_id):
+ self.groups_client.delete_group(group_id, delete_volumes=True)
+ self.admin_groups_client.wait_for_resource_deletion(group_id)
+
+ vols = self.admin_volumes_client.list_volumes(
+ detail=True, params={'all_tenants': True})['volumes']
+ for vol in vols:
+ if vol['group_id'] == group_id:
+ self.admin_volumes_client.wait_for_resource_deletion(
+ vol['id'])
@decorators.idempotent_id('43235328-66ae-424f-bc7f-f709c0ca268c')
@rbac_rule_validation.action(
@@ -111,7 +124,7 @@
volume_types=[self.volume_type_id])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.delete_group(group['id'])
+ self._delete_group(group['id'])
class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -146,7 +159,21 @@
service="cinder",
rule="group:group_types_manage")
def test_delete_group_type(self):
- goup_type = self.create_group_type(ignore_notfound=True)
+ group_type = self.create_group_type(ignore_notfound=True)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.group_types_client.delete_group_type(goup_type['id'])
+ self.group_types_client.delete_group_type(group_type['id'])
+
+ @decorators.idempotent_id('8d9e2831-24c3-47b7-a76a-2e563287f12f')
+ @rbac_rule_validation.action(
+ service="cinder",
+ rule="group:access_group_types_specs")
+ def test_show_group_type(self):
+ group_type = self.create_group_type()
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ resp_body = \
+ self.group_types_client.show_group_type(
+ group_type['id'])['group_type']
+ if 'group_specs' not in resp_body:
+ raise rbac_exceptions.RbacMalformedResponse(
+ attribute='group_specs')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
index 9519cea..726f84e 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
@@ -28,6 +28,7 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_hosts_client.list_hosts()
+ @decorators.skip_because(bug="1732808")
@decorators.idempotent_id('9ddf321e-788f-4787-b8cc-dfa59e264143')
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:hosts")
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
index 671ac19..5866934 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
@@ -14,6 +14,7 @@
# under the License.
from tempest import config
+from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
@@ -66,17 +67,6 @@
self.volumes_client.delete_volume_metadata_item(self.volume['id'],
"key1")
- @decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
- @rbac_rule_validation.action(
- service="cinder",
- rule="volume:delete_volume_metadata")
- def test_delete_volume_image_metadata(self):
- self.volumes_client.update_volume_image_metadata(
- self.volume['id'], image_id=self.image_id)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.volumes_client.delete_volume_image_metadata(self.volume['id'],
- 'image_id')
-
@rbac_rule_validation.action(service="cinder",
rule="volume:update_volume_metadata")
@decorators.idempotent_id('8ce2ff80-99ba-49ae-9bb1-7e96729ee5af')
@@ -98,8 +88,25 @@
@decorators.idempotent_id('a9d9e825-5ea3-42e6-96f3-7ac4e97b2ed0')
@rbac_rule_validation.action(
service="cinder",
- rule="volume:update_volume_metadata")
+ rule="volume_extension:volume_image_metadata")
def test_update_volume_image_metadata(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volumes_client.update_volume_image_metadata(
self.volume['id'], image_id=self.image_id)
+ self.addCleanup(self.volumes_client.delete_volume_image_metadata,
+ self.volume['id'], 'image_id')
+
+ @decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
+ @rbac_rule_validation.action(
+ service="cinder",
+ rule="volume_extension:volume_image_metadata")
+ def test_delete_volume_image_metadata(self):
+ self.volumes_client.update_volume_image_metadata(
+ self.volume['id'], image_id=self.image_id)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.volumes_client.delete_volume_image_metadata,
+ self.volume['id'], 'image_id')
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.volumes_client.delete_volume_image_metadata(self.volume['id'],
+ 'image_id')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
index 01f8203..6a79345 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
@@ -18,6 +18,9 @@
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+QUOTA_KEYS = ['gigabytes', 'snapshots', 'volumes', 'backups',
+ 'backup_gigabytes', 'per_volume_gigabytes']
+
class VolumeQuotasV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -31,23 +34,56 @@
super(VolumeQuotasV3RbacTest, cls).setup_clients()
cls.quotas_client = cls.os_primary.volume_quotas_v2_client
+ def _restore_default_quota_set(self):
+ default_quota_set = self.quotas_client.show_default_quota_set(
+ self.demo_tenant_id)['quota_set']
+ cleanup_quota_set = dict(
+ (k, v) for k, v in default_quota_set.items()
+ if k in QUOTA_KEYS)
+ self.addCleanup(self.quotas_client.update_quota_set,
+ self.demo_tenant_id, **cleanup_quota_set)
+
+ @decorators.idempotent_id('427c9f0c-982e-403d-ae45-c05f4d6322ff')
+ @rbac_rule_validation.action(service="cinder",
+ rule="volume_extension:quotas:show")
+ def test_list_quotas(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.quotas_client.show_quota_set(self.demo_tenant_id)
+
+ @decorators.idempotent_id('e47cf444-2753-4983-be6d-fc0d6523720f')
+ @rbac_rule_validation.action(service="cinder",
+ rule="volume_extension:quotas:show")
+ def test_list_quotas_usage_true(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.quotas_client.show_quota_set(self.demo_tenant_id,
+ params={'usage': True})
+
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:quotas:show")
@decorators.idempotent_id('b3c7177e-b6b1-4d0f-810a-fc95606964dd')
def test_list_default_quotas(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.show_default_quota_set(
- self.demo_tenant_id)['quota_set']
+ self.demo_tenant_id)
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:quotas:update")
@decorators.idempotent_id('60f8f421-1630-4953-b449-b22af32265c7')
- def test_update_all_quota_resources_for_tenant(self):
+ def test_update_quota_set(self):
+ self._restore_default_quota_set()
new_quota_set = {'gigabytes': 1009,
'volumes': 11,
'snapshots': 11}
- # Update limits for all quota resources
+ # Update limits for all quota resources.
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.update_quota_set(
- self.demo_tenant_id,
- **new_quota_set)['quota_set']
+ self.demo_tenant_id, **new_quota_set)
+
+ @decorators.idempotent_id('329bdb88-5132-4810-b1fc-350d181577e3')
+ @rbac_rule_validation.action(service="cinder",
+ rule="volume_extension:quotas:delete")
+ def test_delete_quota_set(self):
+ self._restore_default_quota_set()
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.quotas_client.delete_quota_set(self.demo_tenant_id)
diff --git a/requirements.txt b/requirements.txt
index ba2f2d5..94f3073 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
hacking>=1.0.0 # Apache-2.0
pbr!=2.1.0,>=2.0.0 # Apache-2.0
oslo.log>=3.30.0 # Apache-2.0
-oslo.config>=4.6.0 # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
oslo.policy>=1.23.0 # Apache-2.0
tempest>=17.1.0 # Apache-2.0
stevedore>=1.20.0 # Apache-2.0