Merge "Remove identity v3 change_password test"
diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index 17a6c74..a28ddb9 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
@@ -14,19 +14,106 @@
# under the License.
from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
-class SecurityGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+ """Tests non-deprecated security group policies. Requires network service.
+
+ This class tests non-deprecated policies for adding and removing a security
+ group to and from a server.
+ """
+
+ @classmethod
+ def skip_checks(cls):
+ super(SecurtiyGroupsRbacTest, cls).skip_checks()
+ # All the tests below require the network service.
+ # NOTE(gmann) Currently 'network' service is always True in
+ # test.get_service_list() So below check is not much of use.
+ # Commenting the below check as Tempest is moving the get_service_list
+ # from test.py to utils.
+ # If we want to check 'network' service availability, then
+ # get_service_list can be used from new location.
+ # if not test.get_service_list()['network']:
+ # raise cls.skipException(
+ # 'Skipped because the network service is not available')
+
+ @classmethod
+ def setup_credentials(cls):
+ # A network and a subnet will be created for these tests.
+ cls.set_network_resources(network=True, subnet=True)
+ super(SecurtiyGroupsRbacTest, cls).setup_credentials()
+
+ @classmethod
+ def resource_setup(cls):
+ super(SecurtiyGroupsRbacTest, cls).resource_setup()
+ cls.server = cls.create_test_server(wait_until='ACTIVE')
+
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
+ def test_list_security_groups_by_server(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.list_security_groups_by_server(self.server['id'])
+
+ @decorators.attr(type=["slow"])
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
+ def test_create_security_group_for_server(self):
+ sg_name = self.create_security_group()['name']
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.add_security_group(self.server['id'], name=sg_name)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.servers_client.remove_security_group,
+ self.server['id'], name=sg_name)
+
+ @decorators.attr(type=["slow"])
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-security-groups")
+ @decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
+ def test_remove_security_group_from_server(self):
+ sg_name = self.create_security_group()['name']
+
+ self.servers_client.add_security_group(self.server['id'], name=sg_name)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.servers_client.remove_security_group,
+ self.server['id'], name=sg_name)
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.remove_security_group(
+ self.server['id'], name=sg_name)
+
+
+class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
# Tests in this class will fail with a 404 from microversion 2.36,
# according to:
# https://developer.openstack.org/api-ref/compute/#security-groups-os-security-groups-deprecated
max_microversion = '2.35'
+ @classmethod
+ def skip_checks(cls):
+ super(SecurityGroupsRbacMaxV235Test, cls).skip_checks()
+ # All the tests below require the network service.
+ # NOTE(gmann) Currently 'network' service is always True in
+ # test.get_service_list() So below check is not much of use.
+ # Commenting the below check as Tempest is moving the get_service_list
+ # from test.py to utils.
+ # If we want to check 'network' service availability, then
+ # get_service_list can be used from new location.
+ # if not test.get_service_list()['network']:
+ # raise cls.skipException(
+ # 'Skipped because the network service is not available')
+
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-security-groups")
@@ -58,9 +145,10 @@
@decorators.idempotent_id('3de5c6bc-b822-469e-a627-82427d38b067')
def test_update_security_groups(self):
sec_group_id = self.create_security_group()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
new_name = data_utils.rand_name()
new_desc = data_utils.rand_name()
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.update_security_group(sec_group_id,
name=new_name,
description=new_desc)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
index 10ea801..35ca437 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
@@ -18,7 +18,6 @@
from tempest.common import waiters
from tempest import config
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest.lib import exceptions
from tempest import test
@@ -41,69 +40,12 @@
cls.networks_client = cls.os_primary.networks_client
cls.ports_client = cls.os_primary.ports_client
cls.subnets_client = cls.os_primary.subnets_client
+ cls.admin_servers_client = cls.os_admin.servers_client
@classmethod
def resource_setup(cls):
super(ComputeServersRbacTest, cls).resource_setup()
cls.server = cls.create_test_server(wait_until='ACTIVE')
- # Create a volume
- volume_name = data_utils.rand_name(cls.__name__ + '-volume')
- name_field = 'name'
- if not CONF.volume_feature_enabled.api_v2:
- name_field = 'display_name'
-
- params = {name_field: volume_name,
- 'imageRef': CONF.compute.image_ref,
- 'size': CONF.volume.volume_size}
-
- volume = cls.volumes_client.create_volume(**params)['volume']
- waiters.wait_for_volume_resource_status(cls.volumes_client,
- volume['id'], 'available')
- cls.volumes.append(volume)
- cls.volume_id = volume['id']
-
- def _create_network_resources(self):
- # Create network
- network_name = data_utils.rand_name(
- self.__class__.__name__ + '-network')
-
- network = self.networks_client.create_network(
- name=network_name, port_security_enabled=True)['network']
- self.addCleanup(self.networks_client.delete_network, network['id'])
-
- # Create subnet for the network
- subnet_name = data_utils.rand_name(self.__class__.__name__ + '-subnet')
- subnet = self.subnets_client.create_subnet(
- name=subnet_name,
- network_id=network['id'],
- cidr=CONF.network.project_network_cidr,
- ip_version=4)['subnet']
- self.addCleanup(self.subnets_client.delete_subnet, subnet['id'])
-
- return network
-
- def _create_test_server_with_volume(self, volume_id):
- # Create a server with the volume created earlier
- server_name = data_utils.rand_name(self.__class__.__name__ + "-server")
- bd_map_v2 = [{'uuid': volume_id,
- 'source_type': 'volume',
- 'destination_type': 'volume',
- 'boot_index': 0,
- 'delete_on_termination': True}]
- device_mapping = {'block_device_mapping_v2': bd_map_v2}
-
- # Since the server is booted from volume, the imageRef does not need
- # to be specified.
- server = self.servers_client.create_server(
- name=server_name, imageRef='',
- flavorRef=CONF.compute.flavor_ref,
- **device_mapping)['server']
-
- waiters.wait_for_server_status(
- self.os_admin.servers_client, server['id'], 'ACTIVE')
-
- self.servers.append(server)
- return server
@rbac_rule_validation.action(
service="nova",
@@ -139,8 +81,25 @@
rule="os_compute_api:servers:create:attach_volume")
@decorators.idempotent_id('eeddac5e-15aa-454f-838d-db608aae4dd8')
def test_create_server_attach_volume(self):
+ # To create a bootable volume, the UUID of the image from which
+ # to create the volume must be included as the imageRef attribute in
+ # the request body.
+ volume_id = self.create_volume(
+ imageRef=CONF.compute.image_ref,
+ size=CONF.volume.volume_size)['id']
+
+ server_name = data_utils.rand_name(self.__class__.__name__ + "-server")
+ bd_map_v2 = [{'uuid': volume_id,
+ 'source_type': 'volume',
+ 'destination_type': 'volume',
+ 'boot_index': 0,
+ 'delete_on_termination': True}]
+ device_mapping = {'block_device_mapping_v2': bd_map_v2}
+
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_test_server_with_volume(self.volume_id)
+ # Use image_id='' to avoid using the default image in tempest.conf.
+ self.create_test_server(name=server_name, image_id='',
+ **device_mapping)
@test.services('network')
@rbac_rule_validation.action(
@@ -148,12 +107,33 @@
rule="os_compute_api:servers:create:attach_network")
@decorators.idempotent_id('b44cd4ff-50a4-42ce-ada3-724e213cd540')
def test_create_server_attach_network(self):
- network = self._create_network_resources()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ def _create_network_resources():
+ # Create network
+ network_name = data_utils.rand_name(
+ self.__class__.__name__ + '-network')
+
+ network = self.networks_client.create_network(
+ name=network_name, port_security_enabled=True)['network']
+ self.addCleanup(self.networks_client.delete_network, network['id'])
+
+ # Create subnet for the network
+ subnet_name = data_utils.rand_name(
+ self.__class__.__name__ + '-subnet')
+ subnet = self.subnets_client.create_subnet(
+ name=subnet_name,
+ network_id=network['id'],
+ cidr=CONF.network.project_network_cidr,
+ ip_version=4)['subnet']
+ self.addCleanup(self.subnets_client.delete_subnet, subnet['id'])
+
+ return network
+
+ network = _create_network_resources()
network_id = {'uuid': network['id']}
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
server = self.create_test_server(wait_until='ACTIVE',
networks=[network_id])
-
self.addCleanup(waiters.wait_for_server_termination,
self.servers_client, server['id'])
self.addCleanup(self.servers_client.delete_server, server['id'])
@@ -164,10 +144,11 @@
@decorators.idempotent_id('062e3440-e873-4b41-9317-bf6d8be50c12')
def test_delete_server(self):
server = self.create_test_server(wait_until='ACTIVE')
+
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.delete_server(server['id'])
waiters.wait_for_server_termination(
- self.os_admin.servers_client, server['id'])
+ self.admin_servers_client, server['id'])
@rbac_rule_validation.action(
service="nova",
@@ -178,76 +159,10 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
try:
self.servers_client.update_server(self.server['id'], name=new_name)
- waiters.wait_for_server_status(self.os_admin.servers_client,
+ waiters.wait_for_server_status(self.admin_servers_client,
self.server['id'], 'ACTIVE')
except exceptions.ServerFault as e:
# Some other policy may have blocked it.
LOG.info("ServerFault exception caught. Some other policy "
"blocked updating of server")
raise rbac_exceptions.RbacConflictingPolicies(e)
-
-
-class SecurtiyGroupsRbacTest(base.BaseV2ComputeRbacTest):
- """Tests non-deprecated security group policies. Requires network service.
-
- This class tests non-deprecated policies for adding and removing a security
- group to and from a server.
- """
-
- @classmethod
- def setup_credentials(cls):
- # A network and a subnet will be created for these tests.
- cls.set_network_resources(network=True, subnet=True)
- super(SecurtiyGroupsRbacTest, cls).setup_credentials()
-
- @classmethod
- def skip_checks(cls):
- super(SecurtiyGroupsRbacTest, cls).skip_checks()
- # All the tests below require the network service.
- if not test.get_service_list()['network']:
- raise cls.skipException(
- 'Skipped because the network service is not available')
-
- @classmethod
- def resource_setup(cls):
- super(SecurtiyGroupsRbacTest, cls).resource_setup()
- cls.server = cls.create_test_server(wait_until='ACTIVE')
-
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
- def test_list_security_groups_by_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_security_groups_by_server(self.server['id'])
-
- @decorators.attr(type=["slow"])
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
- def test_create_security_group_for_server(self):
- sg_name = self.create_security_group()['name']
-
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.add_security_group(self.server['id'], name=sg_name)
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.servers_client.remove_security_group,
- self.server['id'], name=sg_name)
-
- @decorators.attr(type=["slow"])
- @rbac_rule_validation.action(
- service="nova",
- rule="os_compute_api:os-security-groups")
- @decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
- def test_remove_security_group_from_server(self):
- sg_name = self.create_security_group()['name']
-
- self.servers_client.add_security_group(self.server['id'], name=sg_name)
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.servers_client.remove_security_group,
- self.server['id'], name=sg_name)
-
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.remove_security_group(
- self.server['id'], name=sg_name)