Merge "Remove singleton from RbacUtils constructor"
diff --git a/patrole_tempest_plugin/rbac_policy_parser.py b/patrole_tempest_plugin/rbac_policy_parser.py
index d4e989b..1047d37 100644
--- a/patrole_tempest_plugin/rbac_policy_parser.py
+++ b/patrole_tempest_plugin/rbac_policy_parser.py
@@ -81,7 +81,7 @@
path = getattr(CONF.rbac, '%s_policy_file' % str(service), None)
if not path:
LOG.info("No config option found for %s,"
- " using default path" % str(service))
+ " using default path", str(service))
path = os.path.join('/etc', service, 'policy.json')
self.path = path
self.rules = policy.Rules.load(self._get_policy_data(service),
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index d77b2d6..60a0f10 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -104,7 +104,7 @@
(role, rule))
LOG.error(msg)
raise exceptions.Forbidden(
- "%s exception was: %s" % (msg, e))
+ "%s Exception was: %s" % (msg, e))
except Exception as e:
exc_info = sys.exc_info()
error_details = exc_info[1].__str__()
@@ -115,7 +115,7 @@
six.reraise(exc_info[0], exc_info[0](msg), exc_info[2])
else:
if not allowed:
- LOG.error("Role %s was allowed to perform %s" %
+ LOG.error("Role %s was allowed to perform %s",
(role, rule))
raise rbac_exceptions.RbacOverPermission(
"OverPermission: Role %s was allowed to perform %s" %
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
index ecd0fd3..ba85b5b 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
@@ -23,11 +23,6 @@
class HypervisorRbacTest(rbac_base.BaseV2ComputeRbacTest):
@classmethod
- def setup_clients(cls):
- super(HypervisorRbacTest, cls).setup_clients()
- cls.client = cls.hypervisor_client
-
- @classmethod
def skip_checks(cls):
super(HypervisorRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-hypervisors', 'compute'):
@@ -35,6 +30,16 @@
% cls.__name__
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(HypervisorRbacTest, cls).setup_clients()
+ cls.client = cls.hypervisor_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(HypervisorRbacTest, cls).resource_setup()
+ cls.hypervisor = cls.client.list_hypervisors()['hypervisors'][0]
+
@decorators.idempotent_id('17bbeb9a-e73e-445f-a771-c794448ef562')
@rbac_rule_validation.action(
service="nova",
@@ -42,3 +47,45 @@
def test_list_hypervisors(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.list_hypervisors()['hypervisors']
+
+ @decorators.idempotent_id('8a7f6f9e-34a6-4480-8875-bba566c3a581')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-hypervisors")
+ def test_show_hypervisor(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.show_hypervisor(self.hypervisor['id'])['hypervisor']
+
+ @decorators.idempotent_id('b86f03cf-2e79-4d88-9eea-62f761591413')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-hypervisors")
+ def test_list_servers_on_hypervisor(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.list_servers_on_hypervisor(
+ self.hypervisor['hypervisor_hostname'])['hypervisors']
+
+ @decorators.idempotent_id('ca0e465c-6365-4a7f-ae58-6f8ddbca06c2')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-hypervisors")
+ def test_show_hypervisor_statistics(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.show_hypervisor_statistics()['hypervisor_statistics']
+
+ @decorators.idempotent_id('109b37c5-91ba-4da5-b2a2-d7618d84406d')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-hypervisors")
+ def test_show_hypervisor_uptime(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.show_hypervisor_uptime(self.hypervisor['id'])['hypervisor']
+
+ @decorators.idempotent_id('3dbc71c1-8f04-4674-a67c-dcb2fd99b1b4')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-hypervisors")
+ def test_search_hypervisor(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.search_hypervisor(self.hypervisor['hypervisor_hostname'])[
+ 'hypervisors']
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
index 4fcf5bb..9d34a15 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
@@ -254,7 +254,8 @@
"sentinel.action"), e.__str__())
mock_log.error.assert_called_once_with(
- "Role Member was allowed to perform sentinel.action")
+ 'Role %s was allowed to perform %s', ('Member',
+ mock.sentinel.action))
@mock.patch.object(rbac_rv, 'rbac_policy_parser', autospec=True)
def test_invalid_policy_rule_throws_parsing_exception(
diff --git a/releasenotes/notes/add-extra-hypervisor-tests-9374e5fcdb0266e2.yaml b/releasenotes/notes/add-extra-hypervisor-tests-9374e5fcdb0266e2.yaml
new file mode 100644
index 0000000..0c46435
--- /dev/null
+++ b/releasenotes/notes/add-extra-hypervisor-tests-9374e5fcdb0266e2.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ Add additional compute hypervisor RBAC tests, so that the previously
+ missing hypervisor endpoints are covered. Tests for the following
+ endpoints were written:
+ * show_hypervisor
+ * list_servers_on_hypervisor
+ * show_hypervisor_statistics
+ * show_hypervisor_uptime
+ * search_hypervisor
diff --git a/tox.ini b/tox.ini
index be35509..d2e83e9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -53,9 +53,9 @@
commands = oslo_debug_helper -t patrole_tempest_plugin/tests {posargs}
[flake8]
-# E123, E125 skipped as they are invalid PEP-8.
-
+enable-extensions = H106,H203,H904
show-source = True
+# E123, E125 skipped as they are invalid PEP-8.
ignore = E123,E125
builtins = _
exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build