Migrate to override_role for compute module (part 2)
Now that override_role has supplanted switch_role (which has
been deprecated) in [0], the RBAC tests need to switch to use
override_role.
This PS switches to override_role for the compute module. This
PS handles 11 modules; 1 follow-up patch sets will handle the
remaining 11 modules.
This PS also removes unnecessary indexing into response bodies.
[0] I670fba358bf321eae0d22d18cea6d2f530f00716
Partially Implements: blueprint rbac-utils-contextmanager
Change-Id: I2a1bd0b9c929252541eec0e9e8a3ddd73cf1ab30
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
index f10744c..67d0468 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
@@ -34,5 +34,5 @@
service="nova",
rule="os_compute_api:os-hosts")
def test_list_hosts(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hosts_client.list_hosts()['hosts']
+ with self.rbac_utils.override_role(self):
+ self.hosts_client.list_hosts()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
index c07ab24..cb1515f 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
@@ -41,58 +41,56 @@
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_hypervisors(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.list_hypervisors()['hypervisors']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.list_hypervisors()
@decorators.idempotent_id('36b95c7d-1085-487a-a674-b7c1ca35f520')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_hypervisors_with_details(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.list_hypervisors(detail=True)['hypervisors']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.list_hypervisors(detail=True)
@decorators.idempotent_id('8a7f6f9e-34a6-4480-8875-bba566c3a581')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.show_hypervisor(
- self.hypervisor['id'])['hypervisor']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.show_hypervisor(self.hypervisor['id'])
@decorators.idempotent_id('b86f03cf-2e79-4d88-9eea-62f761591413')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_servers_on_hypervisor(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.list_servers_on_hypervisor(
- self.hypervisor['hypervisor_hostname'])['hypervisors']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.list_servers_on_hypervisor(
+ self.hypervisor['hypervisor_hostname'])
@decorators.idempotent_id('ca0e465c-6365-4a7f-ae58-6f8ddbca06c2')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor_statistics(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.\
- show_hypervisor_statistics()['hypervisor_statistics']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.show_hypervisor_statistics()
@decorators.idempotent_id('109b37c5-91ba-4da5-b2a2-d7618d84406d')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor_uptime(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.show_hypervisor_uptime(
- self.hypervisor['id'])['hypervisor']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.show_hypervisor_uptime(
+ self.hypervisor['id'])
@decorators.idempotent_id('3dbc71c1-8f04-4674-a67c-dcb2fd99b1b4')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_search_hypervisor(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.hypervisor_client.search_hypervisor(
- self.hypervisor['hypervisor_hostname'])['hypervisors']
+ with self.rbac_utils.override_role(self):
+ self.hypervisor_client.search_hypervisor(
+ self.hypervisor['hypervisor_hostname'])
diff --git a/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
index 0ba1282..9fb326e 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
@@ -78,24 +78,24 @@
service="glance",
rule="get_images")
def test_list_images(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.list_images()
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.list_images()
@decorators.idempotent_id('4365ae0f-15ee-4b54-a527-1679faaed140')
@rbac_rule_validation.action(
service="glance",
rule="get_images")
def test_list_images_with_details(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.list_images(detail=True)
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.list_images(detail=True)
@decorators.idempotent_id('886dfcae-51bf-4610-9e52-82d7189524c2')
@rbac_rule_validation.action(
service="glance",
rule="get_image")
def test_show_image_details(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.show_image(self.image['id'])
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.show_image(self.image['id'])
@decorators.idempotent_id('dbe09d4c-e615-48cb-b908-a06a0f410a8e')
@rbac_rule_validation.action(
@@ -107,17 +107,17 @@
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.show_image_metadata_item(self.image['id'],
- key='foo')
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.show_image_metadata_item(
+ self.image['id'], key='foo')
@decorators.idempotent_id('59f66079-d564-47e8-81b0-03c2e84d339e')
@rbac_rule_validation.action(
service="glance",
rule="get_image")
def test_list_image_metadata(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.list_image_metadata(self.image['id'])
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.list_image_metadata(self.image['id'])
@decorators.idempotent_id('5888c7aa-0803-46d4-a3fb-5d4729465cd5')
@rbac_rule_validation.action(
@@ -129,20 +129,20 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.glance_image_client.delete_image, image['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.delete_image(image['id'])
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.delete_image(image['id'])
@decorators.idempotent_id('575604aa-909f-4b1b-a5a5-cfae1f63044b')
@rbac_rule_validation.action(
service="glance",
rule="modify_image")
def test_create_image_metadata(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- # NOTE(felipemonteiro): Although the name of the client function
- # appears wrong, it's actually correct: update_image_metadata does an
- # http post.
- self.compute_images_client.update_image_metadata(self.image['id'],
- meta={'foo': 'bar'})
+ with self.rbac_utils.override_role(self):
+ # NOTE(felipemonteiro): Although the name of the client function
+ # appears wrong, it's actually correct: update_image_metadata does
+ # an http post.
+ self.compute_images_client.update_image_metadata(
+ self.image['id'], meta={'foo': 'bar'})
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -151,9 +151,9 @@
service="glance",
rule="modify_image")
def test_update_image_metadata(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.set_image_metadata(self.image['id'],
- meta={'foo': 'bar'})
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.set_image_metadata(self.image['id'],
+ meta={'foo': 'bar'})
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -162,9 +162,9 @@
service="glance",
rule="modify_image")
def test_update_image_metadata_item(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.set_image_metadata_item(
- self.image['id'], meta={'foo': 'bar'}, key='foo')
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.set_image_metadata_item(
+ self.image['id'], meta={'foo': 'bar'}, key='foo')
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -179,9 +179,9 @@
self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.delete_image_metadata_item(self.image['id'],
- key='foo')
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.delete_image_metadata_item(
+ self.image['id'], key='foo')
class ImageSizeRbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -202,13 +202,13 @@
service="nova",
rule="os_compute_api:image-size")
def test_list_images(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.list_images()
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.list_images()
@decorators.idempotent_id('08342c7d-297d-42ee-b398-90fce2443792')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:image-size")
def test_list_images_with_details(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.compute_images_client.list_images(detail=True)
+ with self.rbac_utils.override_role(self):
+ self.compute_images_client.list_images(detail=True)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
index 5fc4c3b..347b7df 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
@@ -38,9 +38,9 @@
@rbac_rule_validation.action(
service="nova", rule="os_compute_api:os-instance-usage-audit-log")
def test_list_instance_usage_audit_logs(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.instance_usages_audit_log_client.list_instance_usage_audit_logs()
- ["instance_usage_audit_logs"]
+ with self.rbac_utils.override_role(self):
+ (self.instance_usages_audit_log_client
+ .list_instance_usage_audit_logs())
@decorators.idempotent_id('ded8bfbd-5d90-4a58-aee0-d31231bf3c9b')
@rbac_rule_validation.action(
@@ -48,7 +48,7 @@
def test_show_instance_usage_audit_log(self):
now = datetime.datetime.now()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.instance_usages_audit_log_client.show_instance_usage_audit_log(
- urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S")))[
- "instance_usage_audit_log"]
+ with self.rbac_utils.override_role(self):
+ (self.instance_usages_audit_log_client.
+ show_instance_usage_audit_log(
+ urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S"))))
diff --git a/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
index 8e434fc..b359ad2 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
@@ -36,8 +36,8 @@
service="nova",
rule="os_compute_api:os-keypairs:create")
def test_create_keypair(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_keypair()
+ with self.rbac_utils.override_role(self):
+ self._create_keypair()
@decorators.idempotent_id('85a5eb99-40ec-4e77-9358-bee2cdf9d7df')
@rbac_rule_validation.action(
@@ -45,8 +45,8 @@
rule="os_compute_api:os-keypairs:show")
def test_show_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.keypairs_client.show_keypair(kp_name)
+ with self.rbac_utils.override_role(self):
+ self.keypairs_client.show_keypair(kp_name)
@decorators.idempotent_id('6bff9f1c-b809-43c1-8d63-61fbd19d49d3')
@rbac_rule_validation.action(
@@ -54,13 +54,13 @@
rule="os_compute_api:os-keypairs:delete")
def test_delete_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.keypairs_client.delete_keypair(kp_name)
+ with self.rbac_utils.override_role(self):
+ self.keypairs_client.delete_keypair(kp_name)
@decorators.idempotent_id('6bb31346-ff7f-4b10-978e-170ac5fcfa3e')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-keypairs:index")
def test_index_keypair(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.keypairs_client.list_keypairs()
+ with self.rbac_utils.override_role(self):
+ self.keypairs_client.list_keypairs()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
index ad2c5ba..9442a5a 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
@@ -31,5 +31,5 @@
rule="os_compute_api:limits")
@decorators.idempotent_id('3fb60f83-9a5f-4fdd-89d9-26c3710844a1')
def test_show_limits(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.limits_client.show_limits()
+ with self.rbac_utils.override_role(self):
+ self.limits_client.show_limits()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
index 1bf46a1..1597a04 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
@@ -34,5 +34,5 @@
service="nova",
rule="os_compute_api:os-migrations:index")
def test_list_services(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.migrations_client.list_migrations()['migrations']
+ with self.rbac_utils.override_role(self):
+ self.migrations_client.list_migrations()
diff --git a/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
index 162c003..2f86763 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
@@ -59,9 +59,8 @@
service="nova",
rule="os_compute_api:os-quota-class-sets:show")
def test_show_quota_class_set(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quota_classes_client.show_quota_class_set('default')[
- 'quota_class_set']
+ with self.rbac_utils.override_role(self):
+ self.quota_classes_client.show_quota_class_set('default')
@decorators.idempotent_id('81889e69-efd2-4e96-bb4c-ee3b646b9755')
@rbac_rule_validation.action(
@@ -75,6 +74,6 @@
for quota, default in quota_class_set.items():
quota_class_set[quota] = default + 100
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quota_classes_client.update_quota_class_set(
- self.project_id, **quota_class_set)['quota_class_set']
+ with self.rbac_utils.override_role(self):
+ self.quota_classes_client.update_quota_class_set(
+ self.project_id, **quota_class_set)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
index 6052150..ec4511a 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
@@ -59,10 +59,10 @@
default_quota_set.pop('id')
new_quota_set = {'injected_file_content_bytes': 20480}
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quotas_client.update_quota_set(self.tenant_id,
- force=True,
- **new_quota_set)['quota_set']
+ with self.rbac_utils.override_role(self):
+ self.quotas_client.update_quota_set(self.tenant_id,
+ force=True,
+ **new_quota_set)
self.addCleanup(self.quotas_client.update_quota_set, self.tenant_id,
**default_quota_set)
@@ -71,16 +71,16 @@
service="nova",
rule="os_compute_api:os-quota-sets:defaults")
def test_show_default_quota_set(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quotas_client.show_default_quota_set(self.tenant_id)['quota_set']
+ with self.rbac_utils.override_role(self):
+ self.quotas_client.show_default_quota_set(self.tenant_id)
@decorators.idempotent_id('e8169ac4-c402-4864-894e-aba74e3a459c')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-quota-sets:show")
def test_show_quota_set(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quotas_client.show_quota_set(self.tenant_id)['quota_set']
+ with self.rbac_utils.override_role(self):
+ self.quotas_client.show_quota_set(self.tenant_id)
@decorators.idempotent_id('4e240644-bf61-4872-9c32-8289ee2fdbbd')
@rbac_rule_validation.action(
@@ -94,14 +94,14 @@
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.projects_client.delete_project, project_id)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quotas_client.delete_quota_set(project_id)
+ with self.rbac_utils.override_role(self):
+ self.quotas_client.delete_quota_set(project_id)
@decorators.idempotent_id('ac9184b6-f3b3-4e17-a632-4b92c6500f86')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-quota-sets:detail")
def test_show_quota_set_details(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.quotas_client.show_quota_set(self.tenant_id,
- detail=True)['quota_set']
+ with self.rbac_utils.override_role(self):
+ self.quotas_client.show_quota_set(self.tenant_id,
+ detail=True)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index 43d48c9..fa89a79 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
@@ -58,8 +58,9 @@
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
def test_list_security_groups_by_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_security_groups_by_server(self.server['id'])
+ with self.rbac_utils.override_role(self):
+ self.servers_client.list_security_groups_by_server(
+ self.server['id'])
@rbac_rule_validation.action(
service="nova",
@@ -68,8 +69,9 @@
def test_create_security_group_for_server(self):
sg_name = self.create_security_group()['name']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.add_security_group(self.server['id'], name=sg_name)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.add_security_group(self.server['id'],
+ name=sg_name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.servers_client.remove_security_group,
self.server['id'], name=sg_name)
@@ -86,9 +88,9 @@
self.servers_client.remove_security_group,
self.server['id'], name=sg_name)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.remove_security_group(
- self.server['id'], name=sg_name)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.remove_security_group(
+ self.server['id'], name=sg_name)
class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
@@ -117,16 +119,16 @@
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('4ac58e49-48c1-4fca-a6c3-3f95fb99eb77')
def test_list_security_groups(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.security_groups_client.list_security_groups()
+ with self.rbac_utils.override_role(self):
+ self.security_groups_client.list_security_groups()
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('e8fe7f5a-69ee-412d-81d3-a8c7a488b54d')
def test_create_security_groups(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.create_security_group()['id']
+ with self.rbac_utils.override_role(self):
+ self.create_security_group()['id']
@rbac_rule_validation.action(
service="nova",
@@ -134,8 +136,8 @@
@decorators.idempotent_id('59127e8e-302d-11e7-93ae-92361f002671')
def test_delete_security_groups(self):
sec_group_id = self.create_security_group()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.security_groups_client.delete_security_group(sec_group_id)
+ with self.rbac_utils.override_role(self):
+ self.security_groups_client.delete_security_group(sec_group_id)
@rbac_rule_validation.action(
service="nova",
@@ -146,10 +148,9 @@
new_name = data_utils.rand_name()
new_desc = data_utils.rand_name()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.security_groups_client.update_security_group(sec_group_id,
- name=new_name,
- description=new_desc)
+ with self.rbac_utils.override_role(self):
+ self.security_groups_client.update_security_group(
+ sec_group_id, name=new_name, description=new_desc)
@rbac_rule_validation.action(
service="nova",
@@ -157,5 +158,5 @@
@decorators.idempotent_id('6edc0320-302d-11e7-93ae-92361f002671')
def test_show_security_groups(self):
sec_group_id = self.create_security_group()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.security_groups_client.show_security_group(sec_group_id)
+ with self.rbac_utils.override_role(self):
+ self.security_groups_client.show_security_group(sec_group_id)
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
index 2bc267b..adb5a6c 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
@@ -33,8 +33,6 @@
class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
- credentials = ['primary', 'admin']
-
@classmethod
def resource_setup(cls):
super(ServerActionsRbacTest, cls).resource_setup()
@@ -60,17 +58,17 @@
def _stop_server(self):
self.servers_client.stop_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'SHUTOFF')
+ self.servers_client, self.server_id, 'SHUTOFF')
def _resize_server(self, flavor):
self.servers_client.resize_server(self.server_id, flavor)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'VERIFY_RESIZE')
+ self.servers_client, self.server_id, 'VERIFY_RESIZE')
def _confirm_resize_server(self):
self.servers_client.confirm_resize_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
def _shelve_server(self):
self.servers_client.shelve_server(self.server_id)
@@ -79,13 +77,13 @@
self.server_id)
offload_time = CONF.compute.shelved_offload_time
if offload_time >= 0:
- waiters.wait_for_server_status(self.os_admin.servers_client,
+ waiters.wait_for_server_status(self.servers_client,
self.server_id,
'SHELVED_OFFLOADED',
extra_timeout=offload_time)
else:
- waiters.wait_for_server_status(self.os_admin.servers_client,
- self.server_id, 'SHELVED')
+ waiters.wait_for_server_status(self.servers_client, self.server_id,
+ 'SHELVED')
def _pause_server(self):
self.servers_client.pause_server(self.server_id)
@@ -93,7 +91,7 @@
self.servers_client.unpause_server,
self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'PAUSED')
+ self.servers_client, self.server_id, 'PAUSED')
def _cleanup_server_actions(self, function, server_id, **kwargs):
server = self.servers_client.show_server(server_id)['server']
@@ -107,8 +105,8 @@
service="nova",
rule="os_compute_api:os-pause-server:pause")
def test_pause_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._pause_server()
+ with self.rbac_utils.override_role(self):
+ self._pause_server()
@decorators.idempotent_id('087008cf-82fa-4eeb-ae8b-32c4126456ad')
@testtools.skipUnless(CONF.compute_feature_enabled.pause,
@@ -118,18 +116,18 @@
rule="os_compute_api:os-pause-server:unpause")
def test_unpause_server(self):
self._pause_server()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.unpause_server(self.server_id)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.unpause_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:stop")
@decorators.idempotent_id('ab4a17d2-166f-4a6d-9944-f17baa576cf2')
def test_stop_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._stop_server()
+ with self.rbac_utils.override_role(self):
+ self._stop_server()
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -139,10 +137,10 @@
def test_start_server(self):
self._stop_server()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.start_server(self.server_id)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.start_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -152,8 +150,8 @@
@testtools.skipUnless(CONF.compute_feature_enabled.resize,
'Resize is not available.')
def test_resize_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._resize_server(self.flavor_ref_alt)
+ with self.rbac_utils.override_role(self):
+ self._resize_server(self.flavor_ref_alt)
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -165,10 +163,10 @@
def test_revert_resize_server(self):
self._resize_server(self.flavor_ref_alt)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.revert_resize_server(self.server_id)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.revert_resize_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -182,68 +180,68 @@
self.addCleanup(self._confirm_resize_server)
self.addCleanup(self._resize_server, self.flavor_ref)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._confirm_resize_server()
+ with self.rbac_utils.override_role(self):
+ self._confirm_resize_server()
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:rebuild")
@decorators.idempotent_id('54b1a30b-c96c-472c-9c83-ccaf6ec7e20b')
def test_rebuild_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.rebuild_server(self.server_id, self.image_ref)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.rebuild_server(self.server_id, self.image_ref)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:reboot")
@decorators.idempotent_id('19f27856-56e1-44f8-8615-7257f6b85cbb')
def test_reboot_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.reboot_server(self.server_id, type='HARD')
+ with self.rbac_utils.override_role(self):
+ self.servers_client.reboot_server(self.server_id, type='HARD')
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:index")
@decorators.idempotent_id('631f0d86-7607-4198-8312-9da2f05464a4')
def test_server_index(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_servers(minimal=True)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.list_servers(minimal=True)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:detail")
@decorators.idempotent_id('96093480-3ce5-4a8b-b569-aed870379c24')
def test_server_detail(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_servers(detail=True)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.list_servers(detail=True)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:detail:get_all_tenants")
@decorators.idempotent_id('a9e5a1c0-acfe-49a2-b2b1-fd8b19d61f71')
def test_server_detail_all_tenants(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_servers(detail=True, all_tenants=1)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.list_servers(detail=True, all_tenants=1)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:index:get_all_tenants")
@decorators.idempotent_id('4b93ba56-69e6-41f5-82c4-84a5c4c42091')
def test_server_index_all_tenants(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.list_servers(minimal=True, all_tenants=1)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.list_servers(minimal=True, all_tenants=1)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:show")
@decorators.idempotent_id('eaaf4f51-31b5-497f-8f0f-f527e5f70b83')
def test_show_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.show_server(self.server_id)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.show_server(self.server_id)
@utils.services('image')
@rbac_rule_validation.action(
@@ -251,10 +249,9 @@
rule="os_compute_api:servers:create_image")
@decorators.idempotent_id('ba0ac859-99f4-4055-b5e0-e0905a44d331')
def test_create_image(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-
- # This function will also call show image
- self.create_image_from_server(self.server_id, wait_until='ACTIVE')
+ with self.rbac_utils.override_role(self):
+ # This function will also call show image
+ self.create_image_from_server(self.server_id, wait_until='ACTIVE')
@utils.services('image', 'volume')
@rbac_rule_validation.action(
@@ -267,12 +264,11 @@
# this test.
server = self.create_test_server(volume_backed=True,
wait_until='ACTIVE')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
-
- # This function will also call show image.
- image = self.create_image_from_server(server['id'],
- wait_until='ACTIVE',
- wait_for_server=False)
+ with self.rbac_utils.override_role(self):
+ # This function will also call show image.
+ image = self.create_image_from_server(server['id'],
+ wait_until='ACTIVE',
+ wait_for_server=False)
self.addCleanup(self.compute_images_client.wait_for_resource_deletion,
image['id'])
self.addCleanup(
@@ -289,9 +285,9 @@
def test_create_backup(self):
# Prioritize glance v2 over v1 for deleting/waiting for image status.
if CONF.image_feature_enabled.api_v2:
- glance_admin_client = self.os_admin.image_client_v2
+ glance_client = self.os_primary.image_client_v2
elif CONF.image_feature_enabled.api_v1:
- glance_admin_client = self.os_admin.image_client
+ glance_client = self.os_primary.image_client
else:
raise lib_exc.InvalidConfiguration(
'Either api_v1 or api_v2 must be True in '
@@ -299,10 +295,10 @@
backup_name = data_utils.rand_name(self.__class__.__name__ + '-Backup')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- resp = self.servers_client.create_backup(
- self.server_id, backup_type='daily', rotation=1,
- name=backup_name).response
+ with self.rbac_utils.override_role(self):
+ resp = self.servers_client.create_backup(
+ self.server_id, backup_type='daily', rotation=1,
+ name=backup_name).response
# Prior to microversion 2.45, image ID must be parsed from location
# header. With microversion 2.45+, image_id is returned.
@@ -312,11 +308,9 @@
else:
image_id = data_utils.parse_image_id(resp['location'])
- # Use admin credentials to wait since waiting involves show, which is
- # a different policy.
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- glance_admin_client.delete_image, image_id)
- waiters.wait_for_image_status(glance_admin_client, image_id, 'active')
+ glance_client.delete_image, image_id)
+ waiters.wait_for_image_status(glance_client, image_id, 'active')
@decorators.attr(type='slow')
@decorators.idempotent_id('0b70c527-af75-4bed-9ccf-4f1310a8b60f')
@@ -324,8 +318,8 @@
service="nova",
rule="os_compute_api:os-shelve:shelve")
def test_shelve_server(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._shelve_server()
+ with self.rbac_utils.override_role(self):
+ self._shelve_server()
@decorators.attr(type='slow')
@decorators.idempotent_id('4b6e849a-9182-49ff-9257-e97e751b475e')
@@ -334,10 +328,10 @@
rule="os_compute_api:os-shelve:unshelve")
def test_unshelve_server(self):
self._shelve_server()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.servers_client.unshelve_server(self.server_id)
+ with self.rbac_utils.override_role(self):
+ self.servers_client.unshelve_server(self.server_id)
waiters.wait_for_server_status(
- self.os_admin.servers_client, self.server_id, 'ACTIVE')
+ self.servers_client, self.server_id, 'ACTIVE')
class ServerActionsV214RbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -361,12 +355,12 @@
# NOTE(felipemonteiro): Because evacuating a server is a risky action
# to test in the gates, a 404 is coerced using a fake host. However,
# the policy check is done before the 404 is thrown.
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.assertRaisesRegex(lib_exc.NotFound,
- "Compute host %s not found." % fake_host_name,
- self.servers_client.evacuate_server,
- self.server_id,
- host=fake_host_name)
+ with self.rbac_utils.override_role(self):
+ self.assertRaisesRegex(
+ lib_exc.NotFound,
+ "Compute host %s not found." % fake_host_name,
+ self.servers_client.evacuate_server, self.server_id,
+ host=fake_host_name)
class ServerActionsV216RbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -387,8 +381,8 @@
rule="os_compute_api:servers:show:host_status")
@decorators.idempotent_id('736da575-86f8-4b2a-9902-dd37dc9a409b')
def test_show_server_host_status(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- server = self.servers_client.show_server(self.server_id)['server']
+ with self.rbac_utils.override_role(self):
+ server = self.servers_client.show_server(self.server_id)['server']
if 'host_status' not in server:
raise rbac_exceptions.RbacMalformedResponse(