Merge "Add tests to cover trunks"
diff --git a/README.rst b/README.rst
index 2028536..fdcbc6b 100644
--- a/README.rst
+++ b/README.rst
@@ -36,7 +36,7 @@
Design Principles
-----------------
-As a `Tempest plugin`_, Patrole borrows some `design principles`_ from Tempest,
+As a `Tempest plugin`_, Patrole borrows some design principles from `Tempest design principles`_,
but not all, as its testing scope is confined to policies.
* *Stability*. Patrole uses OpenStack public interfaces. Tests in Patrole
@@ -76,7 +76,7 @@
* *Self-testing*. Patrole should be self-testing.
.. _Tempest plugin: https://docs.openstack.org/tempest/latest/plugin.html
-.. _design principles: https://docs.openstack.org/tempest/latest/overview.html#design-principles
+.. _Tempest design principles: https://docs.openstack.org/tempest/latest/overview.html#design-principles
.. _policy in code: https://specs.openstack.org/openstack/oslo-specs/specs/newton/policy-in-code.html
.. _Nova repository: https://github.com/openstack/nova/tree/master/nova/policies
.. _Keystone repository: https://github.com/openstack/keystone/tree/master/keystone/common/policies
@@ -120,7 +120,7 @@
Quickstart
----------
To run Patrole, you must first have `Tempest`_ installed and configured
-properly. Please reference Tempest's `Quickstart`_ guide to do so. Follow all
+properly. Please reference `Tempest_quickstart`_ guide to do so. Follow all
the steps outlined therein. Afterward, proceed with the steps below.
#. You first need to install Patrole. This is done with pip after you check out
@@ -139,7 +139,7 @@
#. Next you must properly configure Patrole, which is relatively
straightforward. For details on configuring Patrole refer to the
- :ref:`patrole-configuration`.
+ `Patrole Configuration <https://docs.openstack.org/patrole/latest/configuration.html#patrole-configuration>`_.
#. Once the configuration is done you're now ready to run Patrole. This can
be done using the `tempest_run`_ command. This can be done by running::
@@ -170,14 +170,14 @@
#. Log information from tests is captured in ``tempest.log`` under the Tempest
repository. Some Patrole debugging information is captured in that log
- related to expected test results and :ref:`role-overriding`.
+ related to expected test results and `Role Overriding <https://docs.openstack.org/patrole/latest/framework/rbac_utils.html#role-overriding>`_.
More detailed RBAC testing log output is emitted to ``patrole.log`` under
the Patrole repository. To configure Patrole's logging, see the
- :ref:`patrole-configuration` guide.
+ `Patrole Configuration Guide <https://docs.openstack.org/patrole/latest/configuration.html#patrole-configuration>`_.
.. _Tempest: https://github.com/openstack/tempest
-.. _Quickstart: https://docs.openstack.org/tempest/latest/overview.html#quickstart
+.. _Tempest_quickstart: https://docs.openstack.org/tempest/latest/overview.html#quickstart
.. _tempest_run: https://docs.openstack.org/tempest/latest/run.html
.. _testr: https://testrepository.readthedocs.org/en/latest/MANUAL.html
.. _ostestr: https://docs.openstack.org/os-testr/latest/
diff --git a/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py b/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py
new file mode 100644
index 0000000..bcf62d7
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_auto_allocated_topology_rbac.py
@@ -0,0 +1,44 @@
+# Copyright 2018 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.common import utils
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+
+class AutoAllocationTopologyPluginRbacTest(base.BaseNetworkPluginRbacTest):
+
+ @classmethod
+ def skip_checks(cls):
+ super(AutoAllocationTopologyPluginRbacTest, cls).skip_checks()
+ if not utils.is_extension_enabled('auto-allocated-topology',
+ 'network'):
+ msg = "auto-allocated-topology extension not enabled."
+ raise cls.skipException(msg)
+
+ @decorators.idempotent_id('299CB831-F6B2-49CA-882B-E9A8E36945A2')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["get_auto_allocated_topology"],
+ expected_error_codes=[404])
+ def test_show_auto_allocated_topology(self):
+ """Show auto_allocated_topology.
+
+ RBAC test for the neutron "get_auto_allocated_topology" policy
+ """
+ with self.rbac_utils.override_role(self):
+ self.ntp_client.get_auto_allocated_topology(
+ tenant_id=self.os_primary.credentials.tenant_id)
diff --git a/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py
new file mode 100644
index 0000000..cdc9852
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py
@@ -0,0 +1,118 @@
+# Copyright 2018 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.network import rbac_base as base
+
+
+class FlavorsPluginRbacTest(base.BaseNetworkPluginRbacTest):
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsPluginRbacTest, cls).resource_setup()
+ providers = cls.ntp_client.list_service_providers()
+ if not providers["service_providers"]:
+ raise cls.skipException("No service_providers available.")
+ cls.service_type = providers["service_providers"][0]["service_type"]
+
+ @decorators.idempotent_id('2632a61b-831e-4da5-82c8-a5f7d448589b')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["create_flavor"])
+ def test_create_flavor(self):
+ """Create flavor.
+
+ RBAC test for the neutron "create_flavor" policy
+ """
+ with self.rbac_utils.override_role(self):
+ flavor = self.ntp_client.create_flavor(
+ service_type=self.service_type)
+
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.ntp_client.delete_flavor, flavor["flavor"]["id"])
+
+ @decorators.idempotent_id('9c53164c-117d-4b44-a5cb-96f08386513f')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["get_flavor",
+ "update_flavor"],
+ expected_error_codes=[404, 403])
+ def test_update_flavor(self):
+ """Update flavor.
+
+ RBAC test for the neutron "update_flavor" policy
+ """
+ flavor = self.ntp_client.create_flavor(service_type=self.service_type)
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.ntp_client.delete_flavor, flavor["flavor"]["id"])
+
+ name = data_utils.rand_name(self.__class__.__name__ + '-Flavor')
+ with self.rbac_utils.override_role(self):
+ self.ntp_client.update_flavor(flavor["flavor"]["id"], name=name)
+
+ @decorators.idempotent_id('1de15f9e-5080-4259-ab41-e230bb312de8')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["get_flavor",
+ "delete_flavor"],
+ expected_error_codes=[404, 403])
+ def test_delete_flavor(self):
+ """Delete flavor.
+
+ RBAC test for the neutron "delete_flavor" policy
+ """
+ flavor = self.ntp_client.create_flavor(service_type=self.service_type)
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.ntp_client.delete_flavor, flavor["flavor"]["id"])
+
+ with self.rbac_utils.override_role(self):
+ self.ntp_client.delete_flavor(flavor["flavor"]["id"])
+
+ @decorators.idempotent_id('c2baf35f-e6c1-4833-9114-aadd9b1f6aaa')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["get_flavor"],
+ expected_error_codes=[404])
+ def test_show_flavor(self):
+ """Show flavor.
+
+ RBAC test for the neutron "get_flavor" policy
+ """
+ flavor = self.ntp_client.create_flavor(service_type=self.service_type)
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.ntp_client.delete_flavor, flavor["flavor"]["id"])
+
+ with self.rbac_utils.override_role(self):
+ self.ntp_client.show_flavor(flavor["flavor"]["id"])
+
+ @decorators.idempotent_id('ab10bd5d-987e-4255-966f-947670ffd0fa')
+ @rbac_rule_validation.action(service="neutron",
+ rules=["get_flavors"])
+ def test_list_flavors(self):
+ """List flavors.
+
+ RBAC test for the neutron "get_flavors" policy
+ """
+ flavor = self.ntp_client.create_flavor(service_type=self.service_type)
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ self.ntp_client.delete_flavor, flavor["flavor"]["id"])
+
+ with self.rbac_utils.override_role(self):
+ self.ntp_client.list_flavors()
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
index 61532c6..a6ded52 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_basic_crud_rbac.py
@@ -13,12 +13,16 @@
# License for the specific language governing permissions and limitations
# under the License.
+from tempest.common import waiters
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
+CONF = config.CONF
+
class VolumesBasicCrudV3RbacTest(rbac_base.BaseVolumeRbacTest):
@@ -31,8 +35,15 @@
rule="volume:create")
@decorators.idempotent_id('426b08ef-6394-4d06-9128-965d5a6c38ef')
def test_create_volume(self):
+ name = data_utils.rand_name(self.__class__.__name__ + '-Volume')
+ size = CONF.volume.volume_size
+
with self.rbac_utils.override_role(self):
- self.create_volume()
+ volume = self.volumes_client.create_volume(name=name, size=size)[
+ 'volume']
+ self.addCleanup(self.delete_volume, self.volumes_client, volume['id'])
+ waiters.wait_for_volume_resource_status(self.volumes_client,
+ volume['id'], 'available')
@rbac_rule_validation.action(service="cinder",
rule="volume:delete")
@@ -41,20 +52,28 @@
volume = self.create_volume()
with self.rbac_utils.override_role(self):
self.volumes_client.delete_volume(volume['id'])
+ self.volumes_client.wait_for_resource_deletion(volume['id'])
@rbac_rule_validation.action(service="cinder", rule="volume:get")
@decorators.idempotent_id('c4c3fdd5-b1b1-49c3-b977-a9f40ee9257a')
- def test_get_volume(self):
+ def test_show_volume(self):
with self.rbac_utils.override_role(self):
self.volumes_client.show_volume(self.volume['id'])
@rbac_rule_validation.action(service="cinder",
rule="volume:get_all")
@decorators.idempotent_id('e3ab7906-b04b-4c45-aa11-1104d302f940')
- def test_volume_list(self):
+ def test_list_volumes(self):
with self.rbac_utils.override_role(self):
self.volumes_client.list_volumes()
+ @decorators.idempotent_id('9b6d5beb-254f-4f1b-9906-0bdce4042f53')
+ @rbac_rule_validation.action(service="cinder",
+ rule="volume:get_all")
+ def test_list_volumes_with_details(self):
+ with self.rbac_utils.override_role(self):
+ self.volumes_client.list_volumes(detail=True)
+
@rbac_rule_validation.action(service="cinder", rule="volume:update")
@decorators.idempotent_id('b751b889-9a9b-40d8-ae7d-4b0f65e71ac7')
def test_update_volume(self):
diff --git a/releasenotes/notes/patrole-rocky-release-e6f36691306bec7e.yaml b/releasenotes/notes/patrole-rocky-release-e6f36691306bec7e.yaml
new file mode 100644
index 0000000..22c4958
--- /dev/null
+++ b/releasenotes/notes/patrole-rocky-release-e6f36691306bec7e.yaml
@@ -0,0 +1,14 @@
+---
+prelude: >
+ This release is to tag the Patrole for OpenStack Rocky release.
+ After this release, Patrole will support below OpenStack Releases:
+
+ * Rocky
+ * Queens
+ * Pike
+
+ Current development of Patrole is for OpenStack Stein development
+ cycle. Every Patrole commit is also tested against master during
+ the Stein cycle. However, this does not necessarily mean that using
+ Patrole as of this tag will work against a Stein (or future release)
+ cloud.