commit b0475fa7118dd81705d7127a08a0b7e225ab67a6
author Chi Lo <cl566n@att.com> Sun Feb 19 13:45:41 2017 -0600
committer Chi Lo <cl566n@att.com> Sun Feb 19 16:16:46 2017 -0600
tree 9dc1d6037a026de865859c5dd83585a4e06cf8dc
parent a0051a7e4ec4fca68c6fb3c57e822d128869b663

Enhance test_server_actions_rbac with index/detail/show server actions.

Add RBAC test cases for the following server actions:
os_compute_api:servers:index
os_compute_api:servers:index:get_all_tenants
os_compute_api:servers:detail
os_compute_api:servers:detail:get_all_tenants
os_compute_api:servers:show
os_compute_api:servers:show:host_status

Change-Id: I4c5a3d7943f39e609d7b87048d7f02e01df09a4b
Partially-Implements: blueprint blueprint initial-tests-nova

patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
index f01bad8..0e1b00b 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_log import log
 import testtools
 
 from tempest.common import waiters
@@ -21,10 +22,12 @@
 from tempest.lib import exceptions as lib_exc
 from tempest import test
 
+from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
 
 CONF = config.CONF
+LOG = log.getLogger(__name__)
 
 
 class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -35,10 +38,6 @@
         cls.client = cls.servers_client
 
     @classmethod
-    def skip_checks(cls):
-        super(ServerActionsRbacTest, cls).skip_checks()
-
-    @classmethod
     def resource_setup(cls):
         cls.set_validation_resources()
         super(ServerActionsRbacTest, cls).resource_setup()
@@ -166,3 +165,97 @@
         self.client.reboot_server(self.server_id, type='HARD')
         waiters.wait_for_server_status(self.client, self.server_id,
                                        'ACTIVE')
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:index")
+    @decorators.idempotent_id('631f0d86-7607-4198-8312-9da2f05464a4')
+    def test_server_index(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.list_servers(minimal=True)
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:detail")
+    @decorators.idempotent_id('96093480-3ce5-4a8b-b569-aed870379c24')
+    def test_server_detail(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.list_servers(detail=True)
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:detail:get_all_tenants")
+    @decorators.idempotent_id('a9e5a1c0-acfe-49a2-b2b1-fd8b19d61f71')
+    def test_server_detail_all_tenants(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.list_servers(detail=True, all_tenants=1)
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:index:get_all_tenants")
+    @decorators.idempotent_id('4b93ba56-69e6-41f5-82c4-84a5c4c42091')
+    def test_server_index_all_tenants(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.list_servers(minimal=True, all_tenants=1)
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:show")
+    @decorators.idempotent_id('eaaf4f51-31b5-497f-8f0f-f527e5f70b83')
+    def test_show_server(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        self.client.show_server(self.server_id)
+
+
+class ServerActionsV216RbacTest(rbac_base.BaseV2ComputeRbacTest):
+
+    # This class has test case(s) that requires at least version 2.16.
+    #
+    # See the following link for details:
+    # http://developer.openstack.org/
+    # api-ref-compute-v2.1.html#show-server-details
+
+    min_microversion = '2.16'
+    max_microversion = 'latest'
+
+    @classmethod
+    def setup_clients(cls):
+        super(ServerActionsV216RbacTest, cls).setup_clients()
+        cls.client = cls.servers_client
+
+    @classmethod
+    def resource_setup(cls):
+        cls.set_validation_resources()
+        super(ServerActionsV216RbacTest, cls).resource_setup()
+        cls.server_id = cls.create_test_server(wait_until='ACTIVE',
+                                               validatable=True)['id']
+
+    def setUp(self):
+        super(ServerActionsV216RbacTest, self).setUp()
+        try:
+            waiters.wait_for_server_status(self.client,
+                                           self.server_id, 'ACTIVE')
+        except lib_exc.NotFound:
+            # if the server was found to be deleted by a previous test,
+            # a new one is built
+            server = self.create_test_server(
+                validatable=True,
+                wait_until='ACTIVE')
+            self.__class__.server_id = server['id']
+        except Exception:
+            # Rebuilding the server in case something happened during a test
+            self.__class__.server_id = self.rebuild_server(
+                self.server_id, validatable=True)
+
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:servers:show:host_status")
+    @decorators.idempotent_id('736da575-86f8-4b2a-9902-dd37dc9a409b')
+    def test_show_server_host_status(self):
+        self.rbac_utils.switch_role(self, switchToRbacRole=True)
+        server = self.client.show_server(self.server_id)['server']
+
+        if 'host_status' not in server:
+            LOG.info("host_status attribute not returned when role doesn't "
+                     "have permission to access it.")
+            raise rbac_exceptions.RbacActionFailed