Merge "Remove deprecrated [rbac] config group"
diff --git a/.gitignore b/.gitignore
index 963e589..6d47339 100644
--- a/.gitignore
+++ b/.gitignore
@@ -53,6 +53,10 @@
 *~
 .*.swp
 .*sw?
+*.idea
 
 # Files created by releasenotes build
-releasenotes/build
\ No newline at end of file
+releasenotes/build
+
+# Misc
+.stestr/
diff --git a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
index 7cc089a..e1c0910 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
@@ -27,6 +27,14 @@
     min_microversion = '3.14'
     max_microversion = 'latest'
 
+    credentials = ['primary', 'admin']
+
+    @classmethod
+    def setup_clients(cls):
+        super(GroupsV3RbacTest, cls).setup_clients()
+        cls.admin_groups_client = cls.os_admin.groups_v3_client
+        cls.admin_volumes_client = cls.os_admin.volumes_v3_client
+
     def setUp(self):
         super(GroupsV3RbacTest, self).setUp()
         self.volume_type_id = self.create_volume_type()['id']
@@ -37,20 +45,25 @@
             self.__class__.__name__ + '-Group')
         group = self.groups_client.create_group(name=group_name, **kwargs)[
             'group']
-        waiters.wait_for_volume_resource_status(
-            self.groups_client, group['id'], 'available')
-
         if ignore_notfound:
             self.addCleanup(test_utils.call_and_ignore_notfound_exc,
                             self._delete_group, group['id'])
         else:
             self.addCleanup(self._delete_group, group['id'])
-
+        waiters.wait_for_volume_resource_status(
+            self.admin_groups_client, group['id'], 'available')
         return group
 
-    def _delete_group(self, group_id, delete_volumes=True):
-        self.groups_client.delete_group(group_id, delete_volumes)
-        self.groups_client.wait_for_resource_deletion(group_id)
+    def _delete_group(self, group_id):
+        self.groups_client.delete_group(group_id, delete_volumes=True)
+        self.admin_groups_client.wait_for_resource_deletion(group_id)
+
+        vols = self.admin_volumes_client.list_volumes(
+            detail=True, params={'all_tenants': True})['volumes']
+        for vol in vols:
+            if vol['group_id'] == group_id:
+                self.admin_volumes_client.wait_for_resource_deletion(
+                    vol['id'])
 
     @decorators.idempotent_id('43235328-66ae-424f-bc7f-f709c0ca268c')
     @rbac_rule_validation.action(
@@ -111,7 +124,7 @@
                                    volume_types=[self.volume_type_id])
 
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-        self.groups_client.delete_group(group['id'])
+        self._delete_group(group['id'])
 
 
 class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -146,7 +159,21 @@
         service="cinder",
         rule="group:group_types_manage")
     def test_delete_group_type(self):
-        goup_type = self.create_group_type(ignore_notfound=True)
+        group_type = self.create_group_type(ignore_notfound=True)
 
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-        self.group_types_client.delete_group_type(goup_type['id'])
+        self.group_types_client.delete_group_type(group_type['id'])
+
+    @decorators.idempotent_id('8d9e2831-24c3-47b7-a76a-2e563287f12f')
+    @rbac_rule_validation.action(
+        service="cinder",
+        rule="group:access_group_types_specs")
+    def test_show_group_type(self):
+        group_type = self.create_group_type()
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        resp_body = \
+            self.group_types_client.show_group_type(
+                group_type['id'])['group_type']
+        if 'group_specs' not in resp_body:
+            raise rbac_exceptions.RbacMalformedResponse(
+                attribute='group_specs')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
index 9519cea..726f84e 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_hosts_rbac.py
@@ -28,6 +28,7 @@
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
         self.volume_hosts_client.list_hosts()
 
+    @decorators.skip_because(bug="1732808")
     @decorators.idempotent_id('9ddf321e-788f-4787-b8cc-dfa59e264143')
     @rbac_rule_validation.action(service="cinder",
                                  rule="volume_extension:hosts")
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
index 671ac19..5866934 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
@@ -14,6 +14,7 @@
 #    under the License.
 
 from tempest import config
+from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
 
 from patrole_tempest_plugin import rbac_rule_validation
@@ -66,17 +67,6 @@
         self.volumes_client.delete_volume_metadata_item(self.volume['id'],
                                                         "key1")
 
-    @decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
-    @rbac_rule_validation.action(
-        service="cinder",
-        rule="volume:delete_volume_metadata")
-    def test_delete_volume_image_metadata(self):
-        self.volumes_client.update_volume_image_metadata(
-            self.volume['id'], image_id=self.image_id)
-        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-        self.volumes_client.delete_volume_image_metadata(self.volume['id'],
-                                                         'image_id')
-
     @rbac_rule_validation.action(service="cinder",
                                  rule="volume:update_volume_metadata")
     @decorators.idempotent_id('8ce2ff80-99ba-49ae-9bb1-7e96729ee5af')
@@ -98,8 +88,25 @@
     @decorators.idempotent_id('a9d9e825-5ea3-42e6-96f3-7ac4e97b2ed0')
     @rbac_rule_validation.action(
         service="cinder",
-        rule="volume:update_volume_metadata")
+        rule="volume_extension:volume_image_metadata")
     def test_update_volume_image_metadata(self):
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
         self.volumes_client.update_volume_image_metadata(
             self.volume['id'], image_id=self.image_id)
+        self.addCleanup(self.volumes_client.delete_volume_image_metadata,
+                        self.volume['id'], 'image_id')
+
+    @decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
+    @rbac_rule_validation.action(
+        service="cinder",
+        rule="volume_extension:volume_image_metadata")
+    def test_delete_volume_image_metadata(self):
+        self.volumes_client.update_volume_image_metadata(
+            self.volume['id'], image_id=self.image_id)
+        self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+                        self.volumes_client.delete_volume_image_metadata,
+                        self.volume['id'], 'image_id')
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.volumes_client.delete_volume_image_metadata(self.volume['id'],
+                                                         'image_id')
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
index 01f8203..6a79345 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_quotas_rbac.py
@@ -18,6 +18,9 @@
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.volume import rbac_base
 
+QUOTA_KEYS = ['gigabytes', 'snapshots', 'volumes', 'backups',
+              'backup_gigabytes', 'per_volume_gigabytes']
+
 
 class VolumeQuotasV3RbacTest(rbac_base.BaseVolumeRbacTest):
 
@@ -31,23 +34,56 @@
         super(VolumeQuotasV3RbacTest, cls).setup_clients()
         cls.quotas_client = cls.os_primary.volume_quotas_v2_client
 
+    def _restore_default_quota_set(self):
+        default_quota_set = self.quotas_client.show_default_quota_set(
+            self.demo_tenant_id)['quota_set']
+        cleanup_quota_set = dict(
+            (k, v) for k, v in default_quota_set.items()
+            if k in QUOTA_KEYS)
+        self.addCleanup(self.quotas_client.update_quota_set,
+                        self.demo_tenant_id, **cleanup_quota_set)
+
+    @decorators.idempotent_id('427c9f0c-982e-403d-ae45-c05f4d6322ff')
+    @rbac_rule_validation.action(service="cinder",
+                                 rule="volume_extension:quotas:show")
+    def test_list_quotas(self):
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.quotas_client.show_quota_set(self.demo_tenant_id)
+
+    @decorators.idempotent_id('e47cf444-2753-4983-be6d-fc0d6523720f')
+    @rbac_rule_validation.action(service="cinder",
+                                 rule="volume_extension:quotas:show")
+    def test_list_quotas_usage_true(self):
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.quotas_client.show_quota_set(self.demo_tenant_id,
+                                          params={'usage': True})
+
     @rbac_rule_validation.action(service="cinder",
                                  rule="volume_extension:quotas:show")
     @decorators.idempotent_id('b3c7177e-b6b1-4d0f-810a-fc95606964dd')
     def test_list_default_quotas(self):
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
         self.quotas_client.show_default_quota_set(
-            self.demo_tenant_id)['quota_set']
+            self.demo_tenant_id)
 
     @rbac_rule_validation.action(service="cinder",
                                  rule="volume_extension:quotas:update")
     @decorators.idempotent_id('60f8f421-1630-4953-b449-b22af32265c7')
-    def test_update_all_quota_resources_for_tenant(self):
+    def test_update_quota_set(self):
+        self._restore_default_quota_set()
         new_quota_set = {'gigabytes': 1009,
                          'volumes': 11,
                          'snapshots': 11}
-        # Update limits for all quota resources
+        # Update limits for all quota resources.
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
         self.quotas_client.update_quota_set(
-            self.demo_tenant_id,
-            **new_quota_set)['quota_set']
+            self.demo_tenant_id, **new_quota_set)
+
+    @decorators.idempotent_id('329bdb88-5132-4810-b1fc-350d181577e3')
+    @rbac_rule_validation.action(service="cinder",
+                                 rule="volume_extension:quotas:delete")
+    def test_delete_quota_set(self):
+        self._restore_default_quota_set()
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.quotas_client.delete_quota_set(self.demo_tenant_id)
diff --git a/requirements.txt b/requirements.txt
index ba2f2d5..94f3073 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
 hacking>=1.0.0 # Apache-2.0
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
 oslo.log>=3.30.0 # Apache-2.0
-oslo.config>=4.6.0 # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
 oslo.policy>=1.23.0 # Apache-2.0
 tempest>=17.1.0 # Apache-2.0
 stevedore>=1.20.0 # Apache-2.0