Merge "Add RBAC test for force-deleting a backup"
diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
index 30c1092..5a4e246 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-from oslo_log import log as logging
-
from tempest import config
from tempest.lib import decorators
@@ -22,7 +20,6 @@
from patrole_tempest_plugin.tests.api.volume import rbac_base
CONF = config.CONF
-LOG = logging.getLogger(__name__)
class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
@@ -41,9 +38,7 @@
@classmethod
def resource_setup(cls):
super(SnapshotsActionsRbacTest, cls).resource_setup()
- # Create a volume
cls.volume = cls.create_volume()
- # Create a snapshot
cls.snapshot = cls.create_snapshot(volume_id=cls.volume['id'])
cls.snapshot_id = cls.snapshot['id']
@@ -52,22 +47,17 @@
rule="volume_extension:snapshot_admin_actions:reset_status")
@decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb')
def test_reset_snapshot_status(self):
- # Reset snapshot status to error
status = 'error'
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.\
- reset_snapshot_status(self.snapshot['id'], status)
+ self.client.reset_snapshot_status(self.snapshot['id'], status)
@rbac_rule_validation.action(
service="cinder",
- rule="volume_extension:volume_admin_actions:force_delete")
+ rule="volume_extension:snapshot_admin_actions:force_delete")
@decorators.idempotent_id('a8b0f7d8-4c00-4645-b8d5-33ab4eecc6cb')
def test_snapshot_force_delete(self):
- # Test force delete of snapshot
- # Create snapshot,
- # and force delete temp snapshot
temp_snapshot = self.create_snapshot(self.volume['id'])
- # Force delete the snapshot
+
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.force_delete_snapshot(temp_snapshot['id'])
self.client.wait_for_resource_deletion(temp_snapshot['id'])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
index 6a3367a..50973b8 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
@@ -65,7 +65,7 @@
backup.update(changes)
return self._encode_backup(backup)
- @test.attr(type="slow")
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:create")
@decorators.idempotent_id('6887ec94-0bcf-4ab7-b30f-3808a4b5a2a5')
@@ -73,7 +73,7 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._create_backup(volume_id=self.volume['id'])
- @test.attr(type="slow")
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:get")
@decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a')
@@ -91,7 +91,7 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.backups_client.list_backups()
- @test.attr(type="slow")
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:restore")
@decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d')
@@ -104,7 +104,7 @@
waiters.wait_for_volume_resource_status(
self.backups_client, restore['backup_id'], 'available')
- @test.attr(type="slow")
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:delete")
@decorators.idempotent_id('d5d0c6a2-413d-437e-a73f-4bf2b41a20ed')
@@ -116,7 +116,19 @@
self.backups_client.delete_backup(backup['id'])
self.backups_client.wait_for_resource_deletion(backup['id'])
- @test.attr(type='slow')
+ @decorators.idempotent_id('48325aaa-13f5-4ba3-96a3-24b6c9d77b6d')
+ @test.attr(type=["slow"])
+ @rbac_rule_validation.action(
+ service="cinder",
+ rule="volume_extension:backup_admin_actions:force_delete")
+ def test_volume_backup_force_delete(self):
+ backup = self._create_backup(volume_id=self.volume['id'])
+
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.backups_client.force_delete_backup(backup['id'])
+ self.backups_client.wait_for_resource_deletion(backup['id'])
+
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:backup-export")
@decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
@@ -128,7 +140,7 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.backups_client.export_backup(backup['id'])['backup-record']
- @test.attr(type='slow')
+ @test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",
rule="backup:backup-import")
@decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
diff --git a/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml b/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml
new file mode 100644
index 0000000..3d81baa
--- /dev/null
+++ b/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ Added an RBAC test for force-deleting a backup which enforces the cinder
+ policy action: "volume_extension:backup_admin_actions:force_delete".
+fixes:
+ - |
+ Corrected the policy action in the ``rbac_rule_validation`` decorator
+ for the test ``test_snapshot_force_delete`` from
+ "volume_extension:volume_admin_actions:force_delete" to
+ "volume_extension:snapshot_admin_actions:force_delete".