Merge "Add cleanup for test_show_auto_allocated_topology test"
diff --git a/.zuul.yaml b/.zuul.yaml
index 9f47060..01f3f60 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -73,6 +73,8 @@
vars:
devstack_localrc:
RBAC_TEST_ROLES: admin
+ # https://storyboard.openstack.org/#!/story/2009048
+ tempest_exclude_regex: patrole_tempest_plugin.tests.api.volume.test_volume_actions_rbac.VolumesActionsV3RbacTest.test_force_detach_volume_from_instance
- job:
name: patrole-member
@@ -83,6 +85,8 @@
vars:
devstack_localrc:
RBAC_TEST_ROLES: member
+ # https://storyboard.openstack.org/#!/story/2009216
+ tempest_exclude_regex: patrole_tempest_plugin.tests.api.volume.test_volume_types_extra_specs_rbac.VolumeTypesExtraSpecsRbacTest.test_show_volume_type_extra_specs
- job:
name: patrole-reader
@@ -93,6 +97,13 @@
vars:
devstack_localrc:
RBAC_TEST_ROLES: reader
+ # https://storyboard.openstack.org/#!/story/2009216
+ tempest_exclude_regex: patrole_tempest_plugin.tests.api.volume.test_volume_types_extra_specs_rbac.VolumeTypesExtraSpecsRbacTest.test_show_volume_type_extra_specs
+
+- job:
+ name: patrole-member-wallaby
+ parent: patrole-member
+ override-checkout: stable/wallaby
- job:
name: patrole-member-victoria
@@ -104,15 +115,9 @@
parent: patrole-member
nodeset: openstack-single-node-bionic
override-checkout: stable/ussuri
-
-- job:
- name: patrole-member-train
- parent: patrole-member
- nodeset: openstack-single-node-bionic
- override-checkout: stable/train
vars:
- devstack_localrc:
- USE_PYTHON3: True
+ # https://storyboard.openstack.org/#!/story/2009048
+ tempest_exclude_regex: patrole_tempest_plugin.tests.api.volume.test_volume_actions_rbac.VolumesActionsV3RbacTest.test_force_detach_volume_from_instance
- job:
name: patrole-multinode-admin
@@ -211,7 +216,7 @@
- project:
templates:
- openstack-cover-jobs
- - openstack-python3-victoria-jobs
+ - openstack-python3-yoga-jobs
- check-requirements
- publish-openstack-docs-pti
- release-notes-jobs-python3
@@ -220,9 +225,9 @@
- patrole-admin
- patrole-member
- patrole-reader
+ - patrole-member-wallaby
- patrole-member-victoria
- patrole-member-ussuri
- - patrole-member-train
- patrole-multinode-admin
- patrole-multinode-member
- patrole-multinode-reader
@@ -236,6 +241,6 @@
- patrole-reader
periodic-stable:
jobs:
+ - patrole-member-wallaby
- patrole-member-victoria
- patrole-member-ussuri
- - patrole-member-train
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 10c44c0..9ccc4d7 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -84,6 +84,9 @@
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
if [[ ${DEVSTACK_SERIES} == 'rocky' ]]; then
@@ -106,6 +109,9 @@
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
if [[ ${DEVSTACK_SERIES} == 'stein' ]]; then
@@ -123,6 +129,8 @@
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
if [[ ${DEVSTACK_SERIES} == 'train' ]]; then
@@ -132,6 +140,8 @@
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
if [[ ${DEVSTACK_SERIES} == 'ussuri' ]]; then
@@ -140,14 +150,21 @@
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
if [[ ${DEVSTACK_SERIES} == 'victoria' ]]; then
# TODO(gmann): Remove these once stable/victoria becomes EOL.
# These policies were removed in Wallaby.
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
fi
-
+ if [[ ${DEVSTACK_SERIES} == 'wallaby' ]]; then
+ # TODO(gmann): Remove these once stable/xena becomes EOL.
+ iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
+ fi
iniset $TEMPEST_CONFIG patrole rbac_test_roles $RBAC_TEST_ROLES
}
diff --git a/doc/source/contributor/contributing.rst b/doc/source/contributor/contributing.rst
index d0e5a21..6d9bb86 100644
--- a/doc/source/contributor/contributing.rst
+++ b/doc/source/contributor/contributing.rst
@@ -13,7 +13,7 @@
Communication
~~~~~~~~~~~~~
-* IRC channel ``#openstack-qa`` at FreeNode
+* IRC channel ``#openstack-qa`` at OFTC
* Mailing list (prefix subjects with ``[qa]`` for faster responses)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
diff --git a/lower-constraints.txt b/lower-constraints.txt
index c0da9ce..a9fa87a 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -66,7 +66,7 @@
snowballstemmer==1.2.1
stestr==2.0.0
stevedore==1.20.0
-tempest==17.1.0
+tempest==30.0.0
testrepository==0.0.20
testtools==2.3.0
traceback2==1.4.0
diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index b01cf10..e6d2515 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py
@@ -204,7 +204,12 @@
default=True,
help="""Are the Nova deprecated API policies available in the
cloud (e.g. os_compute_api:os-networks)? These policies were
-changed in Victoria.""")
+changed in Victoria."""),
+ cfg.BoolOpt('changed_cinder_policies_xena',
+ default=True,
+ help="""Are the Cinder API policies changed in the
+cloud (e.g. 'group:group_types_specs')? These policies were
+changed in Xena.""")
]
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 95048bd..9abd00e 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -617,6 +617,11 @@
'%s skipped as Neutron is required' % cls.__name__)
@classmethod
+ def setup_clients(cls):
+ super(MiscPolicyActionsNetworkRbacTest, cls).setup_clients()
+ cls.servers_admin_client = cls.os_admin.servers_client
+
+ @classmethod
def setup_credentials(cls):
cls.prepare_instance_network()
super(MiscPolicyActionsNetworkRbacTest, cls).setup_credentials()
@@ -659,16 +664,29 @@
# be deleted
cls.addClassResourceCleanup(_cleanup_ports, cls.network['id'])
+ def _delete_and_wait_for_interface_detach(
+ self, server_id, port_id):
+ req_id = self.interfaces_client.delete_interface(
+ server_id, port_id
+ ).response['x-openstack-request-id']
+ waiters.wait_for_interface_detach(
+ self.servers_admin_client, server_id, port_id, req_id)
+
+ def _delete_and_wait_for_interface_detach_ignore_timeout(
+ self, server_id, port_id):
+ try:
+ self._delete_and_wait_for_interface_detach(
+ server_id, port_id)
+ except lib_exc.TimeoutException:
+ pass
+
def _attach_interface_to_server(self):
network_id = self.network['id']
interface = self.interfaces_client.create_interface(
self.server['id'], net_id=network_id)['interfaceAttachment']
self.addCleanup(
- waiters.wait_for_interface_detach, self.interfaces_client,
- self.server['id'], interface['port_id'])
- self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
- self.interfaces_client.delete_interface,
+ self._delete_and_wait_for_interface_detach_ignore_timeout,
self.server['id'], interface['port_id'])
waiters.wait_for_interface_status(
self.interfaces_client, self.server['id'],
@@ -715,11 +733,8 @@
interface = self.interfaces_client.create_interface(
self.server['id'], net_id=network_id)['interfaceAttachment']
self.addCleanup(
- waiters.wait_for_interface_detach, self.interfaces_client,
- self.server['id'], interface['port_id'])
- self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
- self.interfaces_client.delete_interface,
+ self._delete_and_wait_for_interface_detach_ignore_timeout,
self.server['id'], interface['port_id'])
waiters.wait_for_interface_status(
self.interfaces_client, self.server['id'],
@@ -737,10 +752,15 @@
interface = self._attach_interface_to_server()
with self.override_role():
- self.interfaces_client.delete_interface(self.server['id'],
- interface['port_id'])
- waiters.wait_for_interface_detach(
- self.interfaces_client, self.server['id'], interface['port_id'])
+ req_id = self.interfaces_client.delete_interface(
+ self.server['id'], interface['port_id'])
+ try:
+ # interface may be not found - we need to ignore that
+ waiters.wait_for_interface_detach(
+ self.servers_admin_client, self.server['id'],
+ interface['port_id'], req_id)
+ except lib_exc.NotFound:
+ pass
@decorators.idempotent_id('6886d360-0d86-4760-b1a3-882d81fbebcc')
@utils.requires_ext(extension='os-ips', service='compute')
@@ -784,10 +804,7 @@
self.server['id'])['interfaceAttachment']
network_id = interface['net_id']
self.addCleanup(
- waiters.wait_for_interface_detach, self.interfaces_client,
- self.server['id'], interface['port_id'])
- self.addCleanup(
- self.interfaces_client.delete_interface,
+ self._delete_and_wait_for_interface_detach,
self.server['id'], interface['port_id'])
with self.override_role():
diff --git a/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py b/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
index 9450676..18515e2 100644
--- a/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_images_member_rbac.py
@@ -34,6 +34,7 @@
super(ImagesMemberRbacTest, cls).setup_clients()
cls.image_client = cls.os_primary.image_client_v2
cls.image_member_client = cls.os_primary.image_member_client_v2
+ cls.alt_image_member_client = cls.os_alt.image_member_client_v2
@rbac_rule_validation.action(service="glance",
rules=["add_member"])
@@ -99,15 +100,12 @@
image_id = self.create_image(visibility='shared')['id']
self.image_member_client.create_image_member(
image_id,
- member=self.tenant_id)
- self.image_member_client.update_image_member(
- image_id, self.tenant_id,
- status='accepted')
+ member=self.alt_tenant_id)
# Toggle role and update member
with self.override_role():
- self.image_member_client.update_image_member(
- image_id, self.tenant_id,
- status='pending')
+ self.alt_image_member_client.update_image_member(
+ image_id, self.alt_tenant_id,
+ status='accepted')
@rbac_rule_validation.action(service="glance",
rules=["get_members"])
diff --git a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
index 56ce83b..a024b2c 100644
--- a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
@@ -189,7 +189,8 @@
RBAC test for the neutron create_network:provider:network_type policy
"""
with self.override_role():
- self._create_network(provider_network_type='vxlan')
+ self._create_network(provider_physical_network='public',
+ provider_network_type='vlan')
@utils.requires_ext(extension='provider', service='network')
@rbac_rule_validation.action(
@@ -204,7 +205,8 @@
RBAC test for the neutron create_network:provider:segmentation_id
"""
with self.override_role():
- self._create_network(provider_network_type='vxlan',
+ self._create_network(provider_physical_network='public',
+ provider_network_type='vlan',
provider_segmentation_id=200)
@rbac_rule_validation.action(service="neutron",
@@ -274,7 +276,7 @@
try:
with self.override_role():
self._update_network(self.network['id'],
- provider_network_type='vxlan')
+ provider_network_type='vlan')
except lib_exc.BadRequest as exc:
# Per the api documentation, most plugins don't support updating
# provider attributes
diff --git a/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
index f83f35b..0b265e8 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_group_snapshots_rbac.py
@@ -61,8 +61,8 @@
class GroupSnaphotsV314RbacTest(BaseGroupSnapshotsRbacTest):
_api_version = 3
- min_microversion = '3.14'
- max_microversion = 'latest'
+ volume_min_microversion = '3.14'
+ volume_max_microversion = 'latest'
@classmethod
def skip_checks(cls):
@@ -158,8 +158,8 @@
class GroupSnaphotsV319RbacTest(BaseGroupSnapshotsRbacTest):
_api_version = 3
- min_microversion = '3.19'
- max_microversion = 'latest'
+ volume_min_microversion = '3.19'
+ volume_max_microversion = 'latest'
@classmethod
def skip_checks(cls):
diff --git a/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py b/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
index 03e7bc0..3b93d09 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_group_type_specs.py
@@ -13,21 +13,38 @@
# License for the specific language governing permissions and limitations
# under the License.
-from patrole_tempest_plugin.tests.api.volume import rbac_base
+from tempest import config
from tempest.lib import decorators
+from patrole_tempest_plugin.tests.api.volume import rbac_base
+
from patrole_tempest_plugin import rbac_rule_validation
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _GROUP_SPEC_SHOW = "group:group_types_specs:get"
+ _GROUP_SPEC_LIST = "group:group_types_specs:get_all"
+ _GROUP_SPEC_CREATE = "group:group_types_specs:create"
+ _GROUP_SPEC_UPDATE = "group:group_types_specs:update"
+ _GROUP_SPEC_DELETE = "group:group_types_specs:delete"
+else:
+ _GROUP_SPEC_SHOW = "group:group_types_specs"
+ _GROUP_SPEC_LIST = "group:group_types_specs"
+ _GROUP_SPEC_CREATE = "group:group_types_specs"
+ _GROUP_SPEC_UPDATE = "group:group_types_specs"
+ _GROUP_SPEC_DELETE = "group:group_types_specs"
+
class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
- min_microversion = '3.11'
- max_microversion = 'latest'
+ volume_min_microversion = '3.11'
+ volume_max_microversion = 'latest'
@decorators.idempotent_id('b2859734-00ad-4a22-88ee-541698e90d12')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_specs"]
+ rules=[_GROUP_SPEC_CREATE]
)
def test_group_type_specs_create(self):
# Create new group type
@@ -47,7 +64,7 @@
@decorators.idempotent_id('469d0253-aa13-423f-8264-231ac17effbf')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_specs"]
+ rules=[_GROUP_SPEC_SHOW]
)
def test_group_type_specs_show(self):
group_type = self.create_group_type()
@@ -65,7 +82,7 @@
@decorators.idempotent_id('2e706a4e-dec9-46bf-9426-1c5b6f3ce102')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_specs"]
+ rules=[_GROUP_SPEC_UPDATE]
)
def test_group_type_specs_update(self):
group_type = self.create_group_type()
@@ -81,7 +98,7 @@
@decorators.idempotent_id('fd5e332b-fb2c-4957-ace9-11d60ddd5472')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_specs"]
+ rules=[_GROUP_SPEC_LIST]
)
def test_group_type_specs_list(self):
group_type = self.create_group_type()
@@ -92,7 +109,7 @@
@decorators.idempotent_id('d9639a07-e441-4576-baf6-7ec732b16572')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_specs"]
+ rules=[_GROUP_SPEC_DELETE]
)
def test_group_type_specs_delete(self):
group_type = self.create_group_type()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
index 8f29393..f012384 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_groups_rbac.py
@@ -14,6 +14,7 @@
# under the License.
from tempest.common import waiters
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
@@ -22,6 +23,17 @@
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _GROUP_CREATE = "group:group_types:create"
+ _GROUP_UPDATE = "group:group_types:update"
+ _GROUP_DELETE = "group:group_types:delete"
+else:
+ _GROUP_CREATE = "group:group_types_manage"
+ _GROUP_UPDATE = "group:group_types_manage"
+ _GROUP_DELETE = "group:group_types_manage"
+
class BaseGroupRbacTest(rbac_base.BaseVolumeRbacTest):
@@ -57,8 +69,8 @@
class GroupsV3RbacTest(BaseGroupRbacTest):
- min_microversion = '3.13'
- max_microversion = 'latest'
+ volume_min_microversion = '3.13'
+ volume_max_microversion = 'latest'
@decorators.idempotent_id('43235328-66ae-424f-bc7f-f709c0ca268c')
@rbac_rule_validation.action(
@@ -140,8 +152,8 @@
class GroupV320RbacTest(BaseGroupRbacTest):
_api_version = 3
- min_microversion = '3.20'
- max_microversion = 'latest'
+ volume_min_microversion = '3.20'
+ volume_max_microversion = 'latest'
@decorators.idempotent_id('b849c1d4-3215-4f9d-b1e6-0aeb4b2b65ac')
@rbac_rule_validation.action(
@@ -160,13 +172,13 @@
class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
- min_microversion = '3.11'
- max_microversion = 'latest'
+ volume_min_microversion = '3.11'
+ volume_max_microversion = 'latest'
@decorators.idempotent_id('2820f12c-4681-4c7f-b28d-e6925637dff6')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_manage"])
+ rules=[_GROUP_CREATE])
def test_create_group_type(self):
with self.override_role():
self.create_group_type(ignore_notfound=True)
@@ -174,7 +186,7 @@
@decorators.idempotent_id('f77f8156-4fc9-4f02-be15-8930f748e10c')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_manage"])
+ rules=[_GROUP_DELETE])
def test_delete_group_type(self):
group_type = self.create_group_type(ignore_notfound=True)
@@ -184,7 +196,7 @@
@decorators.idempotent_id('67929954-4551-4d22-b15a-27fb6e56b711')
@rbac_rule_validation.action(
service="cinder",
- rules=["group:group_types_manage"])
+ rules=[_GROUP_DELETE])
def test_update_group_type(self):
group_type = self.create_group_type()
update_params = {
diff --git a/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
index fb57cbc..f29fff1 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_quota_classes_rbac.py
@@ -14,12 +14,22 @@
# under the License.
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _QUOTA_SET_SHOW = "volume_extension:quota_classes:get"
+ _QUOTA_SET_UPDATE = "volume_extension:quota_classes:update"
+else:
+ _QUOTA_SET_SHOW = "volume_extension:quota_classes"
+ _QUOTA_SET_UPDATE = "volume_extension:quota_classes"
+
class QuotaClassesV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -39,7 +49,7 @@
@decorators.idempotent_id('1a060def-2b43-4534-97f5-5eadbbe8c726')
@rbac_rule_validation.action(service="cinder",
- rules=["volume_extension:quota_classes"])
+ rules=[_QUOTA_SET_SHOW])
def test_show_quota_class_set(self):
with self.override_role():
self.quota_classes_client.show_quota_class_set(
@@ -47,7 +57,7 @@
@decorators.idempotent_id('72159478-23a7-4c75-989f-6bac609eca62')
@rbac_rule_validation.action(service="cinder",
- rules=["volume_extension:quota_classes"])
+ rules=[_QUOTA_SET_UPDATE])
def test_update_quota_class_set(self):
quota_class_set = self.quota_classes_client.show_quota_class_set(
self.quota_name)['quota_class_set']
diff --git a/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
index f0dfe09..3feb2df 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
@@ -25,8 +25,8 @@
class MessagesV3RbacTest(rbac_base.BaseVolumeRbacTest):
- min_microversion = '3.3'
- max_microversion = 'latest'
+ volume_min_microversion = '3.3'
+ volume_max_microversion = 'latest'
@classmethod
def setup_clients(cls):
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
index 497c8ce..e3311ea 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
@@ -208,7 +208,8 @@
# Reset volume's status to error.
self.volumes_client.reset_volume_status(volume['id'], status='error')
-
+ waiters.wait_for_volume_resource_status(self.volumes_client,
+ volume['id'], 'error')
with self.override_role():
self.volumes_client.force_detach_volume(
volume['id'], connector=None,
@@ -219,8 +220,8 @@
class VolumesActionsV310RbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
- min_microversion = '3.10'
- max_microversion = 'latest'
+ volume_min_microversion = '3.10'
+ volume_max_microversion = 'latest'
@classmethod
def setup_clients(cls):
@@ -282,8 +283,8 @@
class VolumesActionsV312RbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
- min_microversion = '3.12'
- max_microversion = 'latest'
+ volume_min_microversion = '3.12'
+ volume_max_microversion = 'latest'
@decorators.idempotent_id('a654833d-4811-4acd-93ef-5ac4a34c75bc')
@rbac_rule_validation.action(service="cinder", rules=["volume:get_all"])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
index 98fed1e..d7ae6ee 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_metadata_rbac.py
@@ -23,6 +23,15 @@
CONF = config.CONF
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _METADATA_SHOW = "volume_extension:volume_image_metadata:show"
+ _METADATA_SET = "volume_extension:volume_image_metadata:set"
+ _METADATA_REMOVE = "volume_extension:volume_image_metadata:remove"
+else:
+ _METADATA_SHOW = "volume_extension:volume_image_metadata"
+ _METADATA_SET = "volume_extension:volume_image_metadata"
+ _METADATA_REMOVE = "volume_extension:volume_image_metadata"
+
class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -99,7 +108,7 @@
@decorators.idempotent_id('39e8f82c-f1fc-4905-bf47-177ce2f71bb9')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:volume_image_metadata"])
+ rules=[_METADATA_SET])
def test_list_volumes_details_image_metadata(self):
self.volumes_client.update_volume_image_metadata(
self.volume['id'], image_id=self.image_id)
@@ -117,7 +126,7 @@
@decorators.idempotent_id('53f94d52-0dd5-42cf-a3a4-59b35150b3d5')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:volume_image_metadata"])
+ rules=[_METADATA_SHOW])
def test_show_volume_details_image_metadata(self):
self.volumes_client.update_volume_image_metadata(
self.volume['id'], image_id=self.image_id)
@@ -135,7 +144,7 @@
@decorators.idempotent_id('a9d9e825-5ea3-42e6-96f3-7ac4e97b2ed0')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:volume_image_metadata"])
+ rules=[_METADATA_SET])
def test_update_volume_image_metadata(self):
with self.override_role():
self.volumes_client.update_volume_image_metadata(
@@ -146,7 +155,7 @@
@decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:volume_image_metadata"])
+ rules=[_METADATA_REMOVE])
def test_delete_volume_image_metadata(self):
self.volumes_client.update_volume_image_metadata(
self.volume['id'], image_id=self.image_id)
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
index 3fd0a15..d07a401 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py
@@ -14,12 +14,20 @@
# under the License.
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _TYPE_ACCESS_LIST = "volume_extension:volume_type_access:get_all_for_type"
+else:
+ _TYPE_ACCESS_LIST = "volume_extension:volume_type_access"
+
class VolumeTypesAccessRbacTest(rbac_base.BaseVolumeRbacTest):
@@ -52,7 +60,7 @@
@decorators.idempotent_id('af70e6ad-e931-419f-9200-8bcc284e4e47')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:volume_type_access"])
+ rules=[_TYPE_ACCESS_LIST])
def test_list_type_access(self):
self._add_type_access()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
index 0d6dc05..f4e625f 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
@@ -35,7 +35,10 @@
def resource_setup(cls):
super(VolumeTypesExtraSpecsRbacTest, cls).resource_setup()
cls.vol_type = cls.create_volume_type()
- cls.spec_key = data_utils.rand_name(cls.__name__ + '-Spec')
+
+ def setUp(self):
+ super(VolumeTypesExtraSpecsRbacTest, self).setUp()
+ self.spec_key = data_utils.rand_name('-VolumeTypesExtraSpec')
def _create_volume_type_extra_specs(self, ignore_not_found=False):
extra_specs = {self.spec_key: "val1"}
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
index 012fa91..46d2d55 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_types_rbac.py
@@ -13,18 +13,30 @@
# License for the specific language governing permissions and limitations
# under the License.
+from tempest import config
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_cinder_policies_xena:
+ _TYPE_MANAGE_CREATE = "volume_extension:type_create"
+ _TYPE_MANAGE_UPDATE = "volume_extension:type_update"
+ _TYPE_MANAGE_DELETE = "volume_extension:type_delete"
+else:
+ _TYPE_MANAGE_CREATE = "volume_extension:types_manage"
+ _TYPE_MANAGE_UPDATE = "volume_extension:types_manage"
+ _TYPE_MANAGE_DELETE = "volume_extension:types_manage"
+
class VolumeTypesRbacTest(rbac_base.BaseVolumeRbacTest):
@decorators.idempotent_id('e2bbf968-d947-4a15-a4da-a98c3069731e')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:types_manage"])
+ rules=[_TYPE_MANAGE_CREATE])
def test_create_volume_type(self):
with self.override_role():
self.create_volume_type()
@@ -32,7 +44,7 @@
@decorators.idempotent_id('2b74ac82-e03e-4801-86f3-d05c9acfd66b')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:types_manage"])
+ rules=[_TYPE_MANAGE_UPDATE])
def test_update_volume_type(self):
volume_type = self.create_volume_type()
with self.override_role():
@@ -42,7 +54,7 @@
@decorators.idempotent_id('90aec0ef-4f9b-4170-be6b-a392c12540be')
@rbac_rule_validation.action(
service="cinder",
- rules=["volume_extension:types_manage"])
+ rules=[_TYPE_MANAGE_DELETE])
def test_delete_volume_type(self):
volume_type = self.create_volume_type()
with self.override_role():
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
index 0e807e8..073b26c 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
@@ -183,8 +183,8 @@
_api_version = 3
# The minimum microversion for showing 'os-backup-project-attr:project_id'
# is 3.18.
- min_microversion = '3.18'
- max_microversion = 'latest'
+ volume_min_microversion = '3.18'
+ volume_max_microversion = 'latest'
@classmethod
def skip_checks(cls):
@@ -226,8 +226,8 @@
class VolumesBackupsV39RbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
- min_microversion = '3.9'
- max_microversion = 'latest'
+ volume_min_microversion = '3.9'
+ volume_max_microversion = 'latest'
@classmethod
def skip_checks(cls):
diff --git a/releasenotes/notes/changed-cinder-policies-xena-feature-flag-4b799db683e2840f.yaml b/releasenotes/notes/changed-cinder-policies-xena-feature-flag-4b799db683e2840f.yaml
new file mode 100644
index 0000000..286c77f
--- /dev/null
+++ b/releasenotes/notes/changed-cinder-policies-xena-feature-flag-4b799db683e2840f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Added new feature flag called ``changed_cinder_policies_xena`` under
+ the configuration group ``[policy-feature-enabled]`` for testing Cinder
+ tests withe old and new policies.
diff --git a/releasenotes/notes/patrole-xena-release-66df296a5d4f5e8e.yaml b/releasenotes/notes/patrole-xena-release-66df296a5d4f5e8e.yaml
new file mode 100644
index 0000000..83c598a
--- /dev/null
+++ b/releasenotes/notes/patrole-xena-release-66df296a5d4f5e8e.yaml
@@ -0,0 +1,17 @@
+---
+prelude: |
+ This release is to tag the Patrole for OpenStack Xena release.
+ This release marks the start of Xena release support in Patrole.
+ After this release, Patrole will support below OpenStack Releases:
+
+ * Xena
+ * Wallaby
+ * Victoria
+ * Ussuri
+
+ Current development of Patrole is for OpenStack Yoga development
+ cycle. Every Patrole commit is also tested against master during
+ the Yoga cycle. However, this does not necessarily mean that using
+ Patrole as of this tag will work against a Xena (or future release)
+ cloud.
+ To be on safe side, use this tag to test the OpenStack Xena release.
diff --git a/releasenotes/notes/patrole-yoga-release-1eacc82c6c1c668c.yaml b/releasenotes/notes/patrole-yoga-release-1eacc82c6c1c668c.yaml
new file mode 100644
index 0000000..7a7f04b
--- /dev/null
+++ b/releasenotes/notes/patrole-yoga-release-1eacc82c6c1c668c.yaml
@@ -0,0 +1,18 @@
+---
+prelude: |
+ This release is to tag the Patrole for OpenStack Yoga release.
+ This release marks the start of Yoga release support in Patrole.
+ After this release, Patrole will support below OpenStack Releases:
+
+ * Yoga
+ * Xena
+ * Wallaby
+ * Victoria
+ * Ussuri
+
+ Current development of Patrole is for OpenStack Zed development
+ cycle. Every Patrole commit is also tested against master during
+ the Zed cycle. However, this does not necessarily mean that using
+ Patrole as of this tag will work against a Yoga (or future release)
+ cloud.
+ To be on safe side, use this tag to test the OpenStack Yoga release.
diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index 9ef771a..a2893eb 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst
@@ -6,6 +6,7 @@
:maxdepth: 1
unreleased
+ v0.13.0
v0.12.0
v0.11.0
v0.10.0
diff --git a/releasenotes/source/v0.13.0.rst b/releasenotes/source/v0.13.0.rst
new file mode 100644
index 0000000..de69481
--- /dev/null
+++ b/releasenotes/source/v0.13.0.rst
@@ -0,0 +1,6 @@
+=====================
+v0.13.0 Release Notes
+=====================
+
+.. release-notes:: 0.13.0 Release Notes
+ :version: 0.13.0
diff --git a/requirements.txt b/requirements.txt
index cc13aa9..5a4858d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,5 +5,5 @@
oslo.log>=3.36.0 # Apache-2.0
oslo.config>=5.2.0 # Apache-2.0
oslo.policy>=1.30.0 # Apache-2.0
-tempest>=17.1.0 # Apache-2.0
+tempest>=30.0.0 # Apache-2.0
stevedore>=1.20.0 # Apache-2.0
diff --git a/setup.cfg b/setup.cfg
index e4b9f91..27c3cf8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,12 +1,12 @@
[metadata]
name = patrole
summary = Patrole is a tool for verifying that Role-Based Access Control is being enforced across OpenStack deployments.
-description-file =
+description_file =
README.rst
author = OpenStack
-author-email = openstack-discuss@lists.openstack.org
-home-page = https://docs.openstack.org/patrole/latest/
-python-requires = >=3.6
+author_email = openstack-discuss@lists.openstack.org
+home_page = https://docs.openstack.org/patrole/latest/
+python_requires = >=3.6
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
diff --git a/tox.ini b/tox.ini
index a4f25d3..950cdbc 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
[tox]
minversion = 3.18.0
-envlist = pep8,py36,py38
+envlist = pep8,py3
skipsdist = True
ignore_basepython_conflict = True