Merge "Design principles README section"
diff --git a/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py
new file mode 100644
index 0000000..dd32187
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/compute/test_fixed_ips_rbac.py
@@ -0,0 +1,78 @@
+# Copyright 2017 NEC Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest import config
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.compute import rbac_base
+
+CONF = config.CONF
+
+
+class FixedIpsRbacTest(rbac_base.BaseV2ComputeRbacTest):
+
+ # Tests will fail with a 404 starting from microversion 2.36:
+ # See the following link for details:
+ # https://developer.openstack.org/api-ref/compute/#fixed-ips-os-fixed-ips-deprecated
+ max_microversion = '2.35'
+
+ @classmethod
+ def skip_checks(cls):
+ super(FixedIpsRbacTest, cls).skip_checks()
+ if CONF.service_available.neutron:
+ msg = ("%s skipped as neutron is available" % cls.__name__)
+ raise cls.skipException(msg)
+
+ @classmethod
+ def resource_setup(cls):
+ super(FixedIpsRbacTest, cls).resource_setup()
+ server = cls.create_test_server(wait_until='ACTIVE')
+ server = cls.servers_client.show_server(server['id'])['server']
+ cls.ip = None
+ for ip_set in server['addresses']:
+ for ip in server['addresses'][ip_set]:
+ if ip['OS-EXT-IPS:type'] == 'fixed':
+ cls.ip = ip['addr']
+ break
+ if cls.ip:
+ break
+ if cls.ip is None:
+ raise cls.skipException("No fixed ip found for server: %s"
+ % server['id'])
+
+ @decorators.idempotent_id('c89391f7-4844-4a70-a116-37c1336efb99')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-fixed-ips")
+ def test_show_fixed_ip_details(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.fixed_ips_client.show_fixed_ip(self.ip)
+
+ @decorators.idempotent_id('f0314501-735d-4315-9856-959e01e82f0d')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-fixed-ips")
+ def test_set_reserve(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.fixed_ips_client.reserve_fixed_ip(self.ip, reserve="None")
+
+ @decorators.idempotent_id('866a6fdc-a237-4502-9bf2-52fe82aba356')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-fixed-ips")
+ def test_set_unreserve(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.fixed_ips_client.reserve_fixed_ip(self.ip, unreserve="None")
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
index be5cedb..2bc267b 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
@@ -87,11 +87,42 @@
waiters.wait_for_server_status(self.os_admin.servers_client,
self.server_id, 'SHELVED')
+ def _pause_server(self):
+ self.servers_client.pause_server(self.server_id)
+ self.addCleanup(self._cleanup_server_actions,
+ self.servers_client.unpause_server,
+ self.server_id)
+ waiters.wait_for_server_status(
+ self.os_admin.servers_client, self.server_id, 'PAUSED')
+
def _cleanup_server_actions(self, function, server_id, **kwargs):
server = self.servers_client.show_server(server_id)['server']
if server['status'] != 'ACTIVE':
function(server_id, **kwargs)
+ @decorators.idempotent_id('117f4ff2-8544-437b-824f-5e41cb6640ee')
+ @testtools.skipUnless(CONF.compute_feature_enabled.pause,
+ 'Pause is not available.')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-pause-server:pause")
+ def test_pause_server(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self._pause_server()
+
+ @decorators.idempotent_id('087008cf-82fa-4eeb-ae8b-32c4126456ad')
+ @testtools.skipUnless(CONF.compute_feature_enabled.pause,
+ 'Pause is not available.')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-pause-server:unpause")
+ def test_unpause_server(self):
+ self._pause_server()
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.servers_client.unpause_server(self.server_id)
+ waiters.wait_for_server_status(
+ self.os_admin.servers_client, self.server_id, 'ACTIVE')
+
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:stop")
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
index bc096ce..6a26f2b 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
@@ -26,8 +26,8 @@
https://github.com/openstack/keystone/blob/master/keystone/common/policies/auth.py
"""
- # TODO(felipemonteiro): Add tests for identity:get_auth_catalog and
- # identity:get_auth_domains once the endpoints are implemented in Tempest's
+ # TODO(felipemonteiro): Add tests for identity:get_auth_catalog
+ # once the endpoints are implemented in Tempest's
# identity v3 client.
@decorators.idempotent_id('2a9fbf7f-6feb-4161-ae4b-faf7d6421b1a')
@@ -36,3 +36,10 @@
def test_list_auth_projects(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.identity_client.list_auth_projects()['projects']
+
+ @decorators.idempotent_id('6a40af0d-7265-4657-b6b2-87a2828e263e')
+ @rbac_rule_validation.action(service="keystone",
+ rule="identity:get_auth_domains")
+ def test_list_auth_domain(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.identity_client.list_auth_domains()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
index 82feff9..3639520 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
@@ -127,3 +127,11 @@
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.trusts_client.show_trust_role(
self.trust['id'], self.delegated_role_id)['role']
+
+ @decorators.idempotent_id('0184e0fb-641e-4b52-ab73-81c1ce6ca5c1')
+ @rbac_rule_validation.action(
+ service="keystone",
+ rule="identity:get_trust")
+ def test_show_trust(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.trusts_client.show_trust(self.trust['id'])
diff --git a/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
new file mode 100644
index 0000000..fa92cad
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
@@ -0,0 +1,30 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.volume import rbac_base
+
+
+class LimitsV3RbacTest(rbac_base.BaseVolumeRbacTest):
+ _api_version = 3
+
+ @decorators.idempotent_id('dab04510-5b86-4479-a633-6e496ff405af')
+ @rbac_rule_validation.action(service="cinder",
+ rule="limits_extension:used_limits")
+ def test_show_limits(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.volume_limits_client.show_limits()
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index 7444c35..1aeff4b 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -58,15 +58,13 @@
project = u'Patrole Release Notes'
copyright = u'2017, Patrole Developers'
-# The version info for the project you're documenting, acts as replacement for
-# |version| and |release|, also used in various other places throughout the
-# built documents.
-#
-from patrole_tempest_plugin.version import version_info as patrole_version
+# Release do not need a version number in the title, they
+# cover multiple versions.
+
# The full version, including alpha/beta/rc tags.
-release = patrole_version.version_string_with_vcs()
+release = ''
# The short X.Y version.
-version = patrole_version.canonical_version_string()
+version = ''
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/requirements.txt b/requirements.txt
index 0e46596..ba2f2d5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,5 +6,5 @@
oslo.log>=3.30.0 # Apache-2.0
oslo.config>=4.6.0 # Apache-2.0
oslo.policy>=1.23.0 # Apache-2.0
-tempest>=16.1.0 # Apache-2.0
+tempest>=17.1.0 # Apache-2.0
stevedore>=1.20.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 1953685..a8a3044 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -14,4 +14,4 @@
oslotest>=1.10.0 # Apache-2.0
oslo.policy>=1.23.0 # Apache-2.0
oslo.log>=3.30.0 # Apache-2.0
-tempest>=16.1.0 # Apache-2.0
+tempest>=17.1.0 # Apache-2.0