Fix gate for multiple issues
1. To have mock installed for unit tests
unit tests jobs use tempest version released in pypi
which has use of mock but in recent changed mock requirement
is removed from requirements file and it end up failing.
- https://zuul.opendev.org/t/openstack/build/c3a33c501c054db9b1eecedb7d4b2c48
Let's add mock into the requirement file to be installed for unit tests
job until we bump the min version of tempest to latest.
2. Nova policy granular work
https://review.opendev.org/#/q/topic:bp/policy-defaults-refresh-deprecated-apis+(status:open+OR+status:merged)
Adding new flag to handle the policy changed in Victoria.
Depends-On: https://review.opendev.org/#/c/745158/
Change-Id: I3683cca390b44146c217ce8600f63a9894057058
diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index b087148..41d824d 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py
@@ -194,7 +194,12 @@
default=True,
help="""Are the Nova API policies available in the
cloud (e.g. os_compute_api:os-services)? These policies were
-changed in Ussuri.""")
+changed in Ussuri."""),
+ cfg.BoolOpt('changed_nova_policies_victoria',
+ default=True,
+ help="""Are the Nova deprecated API policies available in the
+cloud (e.g. os_compute_api:os-networks)? These policies were
+changed in Victoria.""")
]
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
index 1dbf792..5a598e0 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
@@ -14,11 +14,21 @@
# under the License.
from tempest.common import utils
+from tempest import config
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.compute import rbac_base
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_nova_policies_victoria:
+ _HOSTS_LIST = "os_compute_api:os-hosts:list"
+ _HOSTS_SHOW = "os_compute_api:os-hosts:show"
+else:
+ _HOSTS_LIST = "os_compute_api:os-hosts"
+ _HOSTS_SHOW = "os_compute_api:os-hosts"
+
class HostsRbacTest(rbac_base.BaseV2ComputeRbacTest):
# These tests will fail with a 404 starting from microversion 2.43:
@@ -36,7 +46,7 @@
@decorators.idempotent_id('035b7935-2fae-4218-8d37-27fa83097494')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-hosts"])
+ rules=[_HOSTS_LIST])
def test_list_hosts(self):
with self.override_role():
self.hosts_client.list_hosts()
@@ -44,7 +54,7 @@
@decorators.idempotent_id('bc10d8b4-d2c3-4d4e-9d2b-31d1bd3e1b51')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-hosts"])
+ rules=[_HOSTS_SHOW])
def test_show_host_details(self):
hosts = self.hosts_client.list_hosts()['hosts']
hosts = [host for host in hosts if host['service'] == 'compute']
diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index f81262a..cf19bef 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
@@ -32,6 +32,19 @@
_SG_ADD = "os_compute_api:os-security-groups"
_SG_REMOVE = "os_compute_api:os-security-groups"
+if CONF.policy_feature_enabled.changed_nova_policies_victoria:
+ _SG_GET = "os_compute_api:os-security-groups:get"
+ _SG_SHOW = "os_compute_api:os-security-groups:show"
+ _SG_CREATE = "os_compute_api:os-security-groups:create"
+ _SG_UPDATE = "os_compute_api:os-security-groups:update"
+ _SG_DELETE = "os_compute_api:os-security-groups:delete"
+else:
+ _SG_GET = "os_compute_api:os-security-groups"
+ _SG_SHOW = "os_compute_api:os-security-groups"
+ _SG_CREATE = "os_compute_api:os-security-groups"
+ _SG_UPDATE = "os_compute_api:os-security-groups"
+ _SG_DELETE = "os_compute_api:os-security-groups"
+
class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
"""Tests non-deprecated security group policies. Requires network service.
@@ -128,7 +141,7 @@
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-security-groups"])
+ rules=[_SG_GET])
@decorators.idempotent_id('4ac58e49-48c1-4fca-a6c3-3f95fb99eb77')
def test_list_security_groups(self):
with self.override_role():
@@ -136,7 +149,7 @@
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-security-groups"])
+ rules=[_SG_CREATE])
@decorators.idempotent_id('e8fe7f5a-69ee-412d-81d3-a8c7a488b54d')
def test_create_security_groups(self):
with self.override_role():
@@ -144,7 +157,7 @@
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-security-groups"])
+ rules=[_SG_DELETE])
@decorators.idempotent_id('59127e8e-302d-11e7-93ae-92361f002671')
def test_delete_security_groups(self):
sec_group_id = self.create_security_group()['id']
@@ -153,7 +166,7 @@
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-security-groups"])
+ rules=[_SG_UPDATE])
@decorators.idempotent_id('3de5c6bc-b822-469e-a627-82427d38b067')
def test_update_security_groups(self):
sec_group_id = self.create_security_group()['id']
@@ -166,7 +179,7 @@
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-security-groups"])
+ rules=[_SG_SHOW])
@decorators.idempotent_id('6edc0320-302d-11e7-93ae-92361f002671')
def test_show_security_groups(self):
sec_group_id = self.create_security_group()['id']
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 95544b4..a39b367 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -46,6 +46,11 @@
_SERVER_PASSWORD_SHOW = "os_compute_api:os-server-password"
_SERVER_PASSWORD_CLEAR = "os_compute_api:os-server-password"
+if CONF.policy_feature_enabled.changed_nova_policies_victoria:
+ _MULTINIC_ADD = "os_compute_api:os-multinic:add"
+else:
+ _MULTINIC_ADD = "os_compute_api:os-multinic"
+
class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
"""Test multiple policy actions that require a server to be created.
@@ -763,7 +768,7 @@
"Interface attachment is not available.")
@utils.requires_ext(extension='os-multinic', service='compute')
@rbac_rule_validation.action(
- service="nova", rules=["os_compute_api:os-multinic"])
+ service="nova", rules=[_MULTINIC_ADD])
@decorators.idempotent_id('bd3e2c74-130a-40f0-8085-124d93fe67da')
def test_add_fixed_ip(self):
"""Test add fixed ip to server network, part of os-multinic."""
@@ -797,5 +802,7 @@
if fixed_ip is not None:
break
# Remove the fixed IP from server.
- self.servers_client.remove_fixed_ip(self.server['id'],
- address=fixed_ip)
+ # TODO(gmann): separate the remve fixded ip test as it has
+ # separate policy now.
+ # self.servers_client.remove_fixed_ip(self.server['id'],
+ # address=fixed_ip)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
index f41253d..a71901c 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
@@ -23,6 +23,11 @@
CONF = config.CONF
+if CONF.policy_feature_enabled.changed_nova_policies_victoria:
+ _TENANT_NET_LIST = "os_compute_api:os-tenant-networks:list"
+else:
+ _TENANT_NET_LIST = "os_compute_api:os-tenant-networks"
+
class TenantNetworksRbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -54,7 +59,7 @@
@decorators.idempotent_id('42b39ba1-14aa-4799-9518-34367d0da67a')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-tenant-networks"])
+ rules=[_TENANT_NET_LIST])
def test_list_show_tenant_networks(self):
with self.override_role():
self.tenant_networks_client.list_tenant_networks()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
index 97b2579..1d1b06a 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
@@ -25,6 +25,25 @@
CONF = config.CONF
+if CONF.policy_feature_enabled.changed_nova_policies_victoria:
+ _VOLUME_LIST = "os_compute_api:os-volumes:list"
+ _VOLUME_CREATE = "os_compute_api:os-volumes:create"
+ _VOLUME_SHOW = "os_compute_api:os-volumes:show"
+ _VOLUME_DELETE = "os_compute_api:os-volumes:delete"
+ _SNAPSHOT_LIST = "os_compute_api:os-volumes:snapshots:list"
+ _SNAPSHOT_CREATE = "os_compute_api:os-volumes:snapshots:create"
+ _SNAPSHOT_SHOW = "os_compute_api:os-volumes:snapshots:show"
+ _SNAPSHOT_DELETE = "os_compute_api:os-volumes:snapshots:delete"
+else:
+ _VOLUME_LIST = "os_compute_api:os-volumes"
+ _VOLUME_CREATE = "os_compute_api:os-volumes"
+ _VOLUME_SHOW = "os_compute_api:os-volumes"
+ _VOLUME_DELETE = "os_compute_api:os-volumes"
+ _SNAPSHOT_LIST = "os_compute_api:os-volumes"
+ _SNAPSHOT_CREATE = "os_compute_api:os-volumes"
+ _SNAPSHOT_SHOW = "os_compute_api:os-volumes"
+ _SNAPSHOT_DELETE = "os_compute_api:os-volumes"
+
class VolumeRbacTest(rbac_base.BaseV2ComputeRbacTest):
"""RBAC tests for the Nova Volume client."""
@@ -60,7 +79,7 @@
@decorators.idempotent_id('2402013e-a624-43e3-9518-44a5d1dbb32d')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_VOLUME_CREATE])
def test_create_volume(self):
with self.override_role():
volume = self.volumes_extensions_client.create_volume(
@@ -73,7 +92,7 @@
@decorators.idempotent_id('69b3888c-dff2-47b0-9fa4-0672619c9054')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_VOLUME_LIST])
def test_list_volumes(self):
with self.override_role():
self.volumes_extensions_client.list_volumes()
@@ -81,7 +100,7 @@
@decorators.idempotent_id('4ba0a820-040f-488b-86bb-be2e920ea12c')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_VOLUME_SHOW])
def test_show_volume(self):
with self.override_role():
self.volumes_extensions_client.show_volume(self.volume['id'])
@@ -89,7 +108,7 @@
@decorators.idempotent_id('6e7870f2-1bb2-4b58-96f8-6782071ef327')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_VOLUME_DELETE])
def test_delete_volume(self):
volume = self.create_volume()
with self.override_role():
@@ -98,7 +117,7 @@
@decorators.idempotent_id('0c3eaa4f-69d6-4a13-9dda-19585f36b1c1')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_SNAPSHOT_CREATE])
def test_create_snapshot(self):
s_name = data_utils.rand_name(self.__class__.__name__ + '-Snapshot')
with self.override_role():
@@ -110,7 +129,7 @@
@decorators.idempotent_id('e944e816-416c-11e7-a919-92ebcb67fe33')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_SNAPSHOT_LIST])
def test_list_snapshots(self):
with self.override_role():
self.snapshots_extensions_client.list_snapshots()
@@ -118,7 +137,7 @@
@decorators.idempotent_id('19c2e6bd-585b-472f-a8d7-71ea9299c655')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_SNAPSHOT_SHOW])
def test_show_snapshot(self):
s_name = data_utils.rand_name(self.__class__.__name__ + '-Snapshot')
snapshot = self.snapshots_extensions_client.create_snapshot(
@@ -131,7 +150,7 @@
@decorators.idempotent_id('f4f5635c-416c-11e7-a919-92ebcb67fe33')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-volumes"])
+ rules=[_SNAPSHOT_DELETE])
def test_delete_snapshot(self):
s_name = data_utils.rand_name(self.__class__.__name__ + '-Snapshot')
snapshot = self.snapshots_extensions_client.create_snapshot(
diff --git a/patrole_tempest_plugin/tests/api/image/test_images_rbac.py b/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
index 3e8abdb..00292b9 100644
--- a/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
+++ b/patrole_tempest_plugin/tests/api/image/test_images_rbac.py
@@ -15,12 +15,15 @@
import six
+from oslo_log import log as logging
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.image import rbac_base
+LOG = logging.getLogger(__name__)
+
class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
@@ -38,7 +41,10 @@
return image
def _upload_image(self, image_id):
- image_file = six.BytesIO(data_utils.random_bytes())
+ file_content = data_utils.random_bytes()
+ LOG.debug("Image file content type %s",
+ type(file_content))
+ image_file = six.BytesIO(file_content)
return self.image_client.store_image_file(image_id, image_file)
@rbac_rule_validation.action(service="glance",