Merge "Added stable interface and release information to documentation"
diff --git a/contrib/post_test_hook.sh b/contrib/post_test_hook.sh
index af7c856..e934cc4 100644
--- a/contrib/post_test_hook.sh
+++ b/contrib/post_test_hook.sh
@@ -28,7 +28,6 @@
TEMPEST_COMMAND="sudo -H -u tempest tox"
DEVSTACK_GATE_TEMPEST_REGEX="(?!.*\[.*\bslow\b.*\])(^patrole_tempest_plugin\.tests\.api)"
-DEVSTACK_GATE_TEMPEST_HEAT_REGEX="(?!.*\[.*\bslow\b.*\])(^patrole_tempest_plugin\.tests\.api\.orchestration)"
DEVSTACK_MULTINODE_GATE_TEMPEST_REGEX="(?=.*\[.*\bslow\b.*\])(^patrole_tempest_plugin\.tests\.api)"
# Import devstack function 'iniset'.
@@ -76,8 +75,6 @@
if [[ "$TYPE" == "multinode" ]]; then
$TEMPEST_COMMAND -eall-plugin -- $DEVSTACK_MULTINODE_GATE_TEMPEST_REGEX --concurrency=$TEMPEST_CONCURRENCY
- elif [[ "$TYPE" == "heat" ]]; then
- $TEMPEST_COMMAND -eall-plugin -- $DEVSTACK_GATE_TEMPEST_HEAT_REGEX --concurrency=$TEMPEST_CONCURRENCY
else
$TEMPEST_COMMAND -eall-plugin -- $DEVSTACK_GATE_TEMPEST_REGEX --concurrency=$TEMPEST_CONCURRENCY
fi
diff --git a/patrole_tempest_plugin/rbac_policy_parser.py b/patrole_tempest_plugin/rbac_policy_parser.py
index e68921f..8256889 100644
--- a/patrole_tempest_plugin/rbac_policy_parser.py
+++ b/patrole_tempest_plugin/rbac_policy_parser.py
@@ -168,7 +168,7 @@
return self._allowed(
access=self._get_access_token(role),
apply_rule='context_is_admin')
- return role == 'admin'
+ return role == CONF.identity.admin_role
def _get_access_token(self, role):
access_token = {
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 4382259..8de3d97 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -77,7 +77,7 @@
LOG.info("As admin_only is True, only admin role should be "
"allowed to perform the API. Skipping oslo.policy "
"check for policy action {0}.".format(rule))
- allowed = CONF.rbac.rbac_test_role == 'admin'
+ allowed = CONF.rbac.rbac_test_role == CONF.identity.admin_role
else:
allowed = _is_authorized(test_obj, service, rule,
extra_target_data)
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 55a5599..4cddb8d 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -160,7 +160,7 @@
for role in available_roles['roles']:
if role['name'] == CONF.rbac.rbac_test_role:
rbac_role_id = role['id']
- if role['name'] == 'admin':
+ if role['name'] == CONF.identity.admin_role:
admin_role_id = role['id']
if not admin_role_id or not rbac_role_id:
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
index 755bacd..75cc8f4 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ip_pools_rbac.py
@@ -25,9 +25,10 @@
class FloatingIpPoolsRbacTest(rbac_base.BaseV2ComputeRbacTest):
- # Tests will fail with a 404 starting from microversion 2.36, according to:
- # https://developer.openstack.org/api-ref/
- # compute/?expanded=list-floating-ip-pools-detail
+ # Tests will fail with a 404 starting from microversion 2.36:
+ # See the following link for details:
+ # https://developer.openstack.org/api-ref/compute/#floating-ip-pools-os-floating-ip-pools-deprecated
+ min_microversion = '2.10'
max_microversion = '2.35'
@classmethod
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
index 7fe4847..bff0612 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_bulk_rbac.py
@@ -25,9 +25,10 @@
class FloatingIpsBulkRbacTest(rbac_base.BaseV2ComputeRbacTest):
- # Tests will fail with a 404 starting from microversion 2.36, according to:
- # https://developer.openstack.org/api-ref/
- # compute/?expanded=list-floating-ips-detail
+ # Tests will fail with a 404 starting from microversion 2.36:
+ # See the following link for details:
+ # https://developer.openstack.org/api-ref/compute/#floating-ips-bulk-os-floating-ips-bulk-deprecated
+ min_microversion = '2.10'
max_microversion = '2.35'
@classmethod
diff --git a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
index 784a82d..0bd00a4 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_floating_ips_rbac.py
@@ -25,9 +25,10 @@
class FloatingIpsRbacTest(rbac_base.BaseV2ComputeRbacTest):
- # Tests will fail with a 404 starting from microversion 2.36, according to:
- # https://developer.openstack.org/api-ref/
- # compute/?expanded=list-floating-ip-addresses-detail
+ # Tests will fail with a 404 starting from microversion 2.36:
+ # See the following link for details:
+ # https://developer.openstack.org/api-ref/compute/#floating-ips-os-floating-ips-deprecated
+ min_microversion = '2.10'
max_microversion = '2.35'
@classmethod
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
index 81266af..86b650e 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
@@ -301,12 +301,9 @@
class ServerActionsV216RbacTest(rbac_base.BaseV2ComputeRbacTest):
- # This class has test case(s) that requires at least version 2.16.
- #
+ # This class has test case(s) that requires at least microversion 2.16.
# See the following link for details:
- # http://developer.openstack.org/
- # api-ref-compute-v2.1.html#show-server-details
-
+ # http://developer.openstack.org/api-ref-compute-v2.1.html#show-server-details
min_microversion = '2.16'
max_microversion = 'latest'
diff --git a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
index fb834bd..ee2b9a2 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_tenant_networks_rbac.py
@@ -26,9 +26,10 @@
class TenantNetworksRbacTest(rbac_base.BaseV2ComputeRbacTest):
- # Tests will fail with a 404 starting from microversion 2.36, according to:
- # https://developer.openstack.org/api-ref/
- # compute/?expanded=list-project-networks-detail
+ # Tests will fail with a 404 starting from microversion 2.36.
+ # See the following link for details:
+ # https://developer.openstack.org/api-ref/compute/#project-networks-os-tenant-networks-deprecated
+ min_microversion = '2.10'
max_microversion = '2.35'
@classmethod
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
similarity index 70%
rename from patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
rename to patrole_tempest_plugin/tests/api/identity/rbac_base.py
index 927ec39..b37477e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
@@ -12,6 +12,7 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+from oslo_log import log as logging
from tempest.api.identity import base
from tempest import config
@@ -21,27 +22,194 @@
from patrole_tempest_plugin.rbac_utils import rbac_utils
CONF = config.CONF
+LOG = logging.getLogger(__name__)
-class BaseIdentityV3RbacTest(base.BaseIdentityV3Test):
+class BaseIdentityRbacTest(base.BaseIdentityTest):
credentials = ['admin', 'primary']
@classmethod
def skip_checks(cls):
- super(BaseIdentityV3RbacTest, cls).skip_checks()
+ super(BaseIdentityRbacTest, cls).skip_checks()
if not CONF.rbac.enable_rbac:
raise cls.skipException(
"%s skipped as RBAC testing not enabled" % cls.__name__)
@classmethod
def setup_clients(cls):
- super(BaseIdentityV3RbacTest, cls).setup_clients()
+ super(BaseIdentityRbacTest, cls).setup_clients()
cls.auth_provider = cls.os_primary.auth_provider
cls.rbac_utils = rbac_utils()
cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
+ @classmethod
+ def resource_setup(cls):
+ super(BaseIdentityRbacTest, cls).resource_setup()
+ cls.endpoints = []
+ cls.roles = []
+ cls.services = []
+ cls.users = []
+
+ @classmethod
+ def resource_cleanup(cls):
+ for endpoint in cls.endpoints:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.endpoints_client.delete_endpoint, endpoint['id'])
+
+ for role in cls.roles:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.roles_client.delete_role, role['id'])
+
+ for service in cls.services:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.services_client.delete_service, service['id'])
+
+ for user in cls.users:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.users_client.delete_user, user['id'])
+
+ super(BaseIdentityRbacTest, cls).resource_cleanup()
+
+ @classmethod
+ def setup_test_endpoint(cls, service=None):
+ """Creates a service and an endpoint for test."""
+ interface = 'public'
+ url = data_utils.rand_url()
+ region_name = data_utils.rand_name('region')
+ # Endpoint creation requires a service
+ if service is None:
+ service = cls.setup_test_service()
+ params = {
+ 'service_id': service['id'],
+ 'region': region_name,
+ 'interface': interface
+ }
+ if cls.identity_version == 'v2':
+ params['publicurl'] = url
+ elif cls.identity_version == 'v3':
+ params['url'] = url
+ else:
+ LOG.debug("Keystone version is invalid."
+ " Please enter a valid version number.")
+ raise KeyError
+
+ endpoint = cls.endpoints_client.create_endpoint(**params)['endpoint']
+ cls.endpoints.append(endpoint)
+
+ return endpoint
+
+ @classmethod
+ def setup_test_role(cls):
+ """Set up a test role."""
+ name = data_utils.rand_name('test_role')
+ role = cls.roles_client.create_role(name=name)['role']
+ cls.roles.append(role)
+
+ return role
+
+ @classmethod
+ def setup_test_service(cls):
+ """Setup a test service."""
+ name = data_utils.rand_name('service')
+ serv_type = data_utils.rand_name('type')
+ desc = data_utils.rand_name('description')
+
+ service = cls.services_client.create_service(
+ name=name,
+ type=serv_type,
+ description=desc)
+
+ if cls.identity_version == 'v2':
+ service = service['OS-KSADM:service']
+ elif cls.identity_version == 'v3':
+ service = service['service']
+ else:
+ LOG.debug("Keystone version is invalid."
+ " Please enter a valid version number.")
+ raise KeyError
+
+ cls.services.append(service)
+
+ return service
+
+ @classmethod
+ def setup_test_user(cls, password=None, **kwargs):
+ """Set up a test user."""
+ username = data_utils.rand_name('test_user')
+ email = username + '@testmail.tm'
+
+ user = cls.users_client.create_user(
+ name=username,
+ email=email,
+ password=password,
+ **kwargs)['user']
+ cls.users.append(user)
+
+ return user
+
+
+class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
+ """Base test class for the Identity v2 admin API.
+
+ Keystone's v2 API is split into two APIs: an admin and non-admin API. RBAC
+ testing is only provided for the admin API. Instead of policy enforcement,
+ these APIs execute ``self.assert_admin(request)``, which checks that the
+ request object has ``context_is_admin``. For more details, see the
+ implementation of ``assert_admin`` in ``keystone.common.wsgi``.
+ """
+
+ identity_version = 'v2'
+
+ @classmethod
+ def skip_checks(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).skip_checks()
+ if not CONF.identity_feature_enabled.api_v2_admin:
+ raise cls.skipException('Identity v2 admin not available')
+
+ @classmethod
+ def setup_clients(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).setup_clients()
+ cls.client = cls.os_primary.identity_client
+ cls.endpoints_client = cls.os_primary.endpoints_client
+ cls.roles_client = cls.os_primary.roles_client
+ cls.services_client = cls.os_primary.identity_services_client
+ cls.tenants_client = cls.os_primary.tenants_client
+ cls.token_client = cls.os_primary.token_client
+ cls.users_client = cls.os_primary.users_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).resource_setup()
+ cls.tenants = []
+
+ @classmethod
+ def resource_cleanup(cls):
+ for tenant in cls.tenants:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.tenants_client.delete_tenant, tenant['id'])
+
+ super(BaseIdentityV2AdminRbacTest, cls).resource_cleanup()
+
+ @classmethod
+ def setup_test_tenant(cls):
+ """Set up a test tenant."""
+ name = data_utils.rand_name('test_tenant')
+ tenant = cls.tenants_client.create_tenant(
+ name=name,
+ description=data_utils.rand_name('desc'))['tenant']
+ cls.tenants.append(tenant)
+ return tenant
+
+
+class BaseIdentityV3RbacTest(BaseIdentityRbacTest):
+
+ identity_version = 'v3'
+
+ @classmethod
+ def setup_clients(cls):
+ super(BaseIdentityV3RbacTest, cls).setup_clients()
cls.creds_client = cls.os_primary.credentials_client
cls.consumers_client = cls.os_primary.oauth_consumers_client
cls.domains_client = cls.os_primary.domains_client
@@ -61,15 +229,11 @@
super(BaseIdentityV3RbacTest, cls).resource_setup()
cls.credentials = []
cls.domains = []
- cls.endpoints = []
cls.groups = []
cls.policies = []
cls.projects = []
cls.regions = []
- cls.roles = []
- cls.services = []
cls.trusts = []
- cls.users = []
@classmethod
def resource_cleanup(cls):
@@ -85,10 +249,6 @@
test_utils.call_and_ignore_notfound_exc(
cls.domains_client.delete_domain, domain['id'])
- for endpoint in cls.endpoints:
- test_utils.call_and_ignore_notfound_exc(
- cls.endpoints_client.delete_endpoint, endpoint['id'])
-
for group in cls.groups:
test_utils.call_and_ignore_notfound_exc(
cls.groups_client.delete_group, group['id'])
@@ -105,22 +265,10 @@
test_utils.call_and_ignore_notfound_exc(
cls.regions_client.delete_region, region['id'])
- for role in cls.roles:
- test_utils.call_and_ignore_notfound_exc(
- cls.roles_client.delete_role, role['id'])
-
- for service in cls.services:
- test_utils.call_and_ignore_notfound_exc(
- cls.services_client.delete_service, service['id'])
-
for trust in cls.trusts:
test_utils.call_and_ignore_notfound_exc(
cls.trusts_client.delete_trust, trust['id'])
- for user in cls.users:
- test_utils.call_and_ignore_notfound_exc(
- cls.users_client.delete_user, user['id'])
-
super(BaseIdentityV3RbacTest, cls).resource_cleanup()
@classmethod
@@ -150,23 +298,6 @@
return domain
@classmethod
- def setup_test_endpoint(cls, service=None):
- """Creates a service and an endpoint for test."""
- interface = 'public'
- url = data_utils.rand_url()
- # Endpoint creation requires a service
- if service is None:
- service = cls.setup_test_service()
-
- endpoint = cls.endpoints_client.create_endpoint(
- service_id=service['id'],
- interface=interface,
- url=url)['endpoint']
- cls.endpoints.append(endpoint)
-
- return endpoint
-
- @classmethod
def setup_test_group(cls):
"""Creates a group for test."""
name = data_utils.rand_name('test_group')
@@ -211,30 +342,6 @@
return region
@classmethod
- def setup_test_role(cls):
- """Set up a test role."""
- name = data_utils.rand_name('test_role')
- role = cls.roles_client.create_role(name=name)['role']
- cls.roles.append(role)
-
- return role
-
- @classmethod
- def setup_test_service(cls):
- """Setup a test service."""
- name = data_utils.rand_name('service')
- serv_type = data_utils.rand_name('type')
- desc = data_utils.rand_name('description')
-
- service = cls.services_client.create_service(
- name=name,
- type=serv_type,
- description=desc)['service']
- cls.services.append(service)
-
- return service
-
- @classmethod
def setup_test_trust(cls, trustee_user_id, trustor_user_id, **kwargs):
"""Setup a test trust."""
trust = cls.trusts_client.create_trust(
@@ -243,18 +350,3 @@
cls.trusts.append(trust)
return trust
-
- @classmethod
- def setup_test_user(cls, password=None, **kwargs):
- """Set up a test user."""
- username = data_utils.rand_name('test_user')
- email = username + '@testmail.tm'
-
- user = cls.users_client.create_user(
- name=username,
- email=email,
- password=password,
- **kwargs)['user']
- cls.users.append(user)
-
- return user
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
deleted file mode 100644
index bc07675..0000000
--- a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-
-from patrole_tempest_plugin.rbac_utils import rbac_utils
-
-CONF = config.CONF
-
-
-class BaseIdentityV2AdminRbacTest(base.BaseIdentityV2Test):
- """Base test class for the Identity v2 admin API.
-
- Keystone's v2 API is split into two APIs: an admin and non-admin API. RBAC
- testing is only provided for the admin API. Instead of policy enforcement,
- these APIs execute ``self.assert_admin(request)``, which checks that the
- request object has ``context_is_admin``. For more details, see the
- implementation of ``assert_admin`` in ``keystone.common.wsgi``.
- """
-
- credentials = ['admin', 'primary']
-
- @classmethod
- def skip_checks(cls):
- super(BaseIdentityV2AdminRbacTest, cls).skip_checks()
- if not CONF.rbac.enable_rbac:
- raise cls.skipException(
- "%s skipped as RBAC testing not enabled" % cls.__name__)
- if not CONF.identity_feature_enabled.api_v2_admin:
- raise cls.skipException('Identity v2 admin not available')
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2AdminRbacTest, cls).setup_clients()
- cls.auth_provider = cls.os_primary.auth_provider
-
- cls.rbac_utils = rbac_utils()
- cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
-
- cls.client = cls.os_primary.identity_client
- cls.endpoints_client = cls.os_primary.endpoints_client
- cls.roles_client = cls.os_primary.roles_client
- cls.services_client = cls.os_primary.identity_services_client
- cls.tenants_client = cls.os_primary.tenants_client
- cls.token_client = cls.os_primary.token_client
- cls.users_client = cls.os_primary.users_client
-
- def _create_service(self):
- name = data_utils.rand_name('service')
- type = data_utils.rand_name('type')
-
- self.service = self.services_client.create_service(
- name=name, type=type,
- description="description")
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.services_client.delete_service,
- self.service['OS-KSADM:service']['id'])
- return self.service
-
- def _create_user(self, name=None, email=None, password=None, **kwargs):
- """Set up a test user."""
- if name is None:
- name = data_utils.rand_name('test_user')
- if email is None:
- email = name + '@testmail.tm'
- if password is None:
- password = data_utils.rand_password()
- user = self.users_client.create_user(
- name=name, email=email, password=password, **kwargs)['user']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.users_client.delete_user,
- user['id'])
- return user
-
- def _create_tenant(self):
- """Set up a test tenant."""
- name = data_utils.rand_name('test_tenant')
- tenant = self.tenants_client.create_tenant(
- name=name,
- description=data_utils.rand_name('desc'))['tenant']
- # Delete the tenant at the end of the test
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.tenants_client.delete_tenant,
- tenant['id'])
- return tenant
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
index f16d0aa..0a9feef 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
@@ -13,43 +13,14 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
- @classmethod
- def setup_clients(cls):
- super(IdentityEndpointsV2AdminRbacTest, cls).setup_clients()
- cls.endpoints_client = cls.os_primary.endpoints_client
-
- @classmethod
- def resource_setup(cls):
- super(IdentityEndpointsV2AdminRbacTest, cls).resource_setup()
- cls.region = data_utils.rand_name('region')
- cls.public_url = data_utils.rand_url()
- cls.admin_url = data_utils.rand_url()
- cls.internal_url = data_utils.rand_url()
-
- def _create_endpoint(self):
- self._create_service()
- endpoint = self.endpoints_client.create_endpoint(
- service_id=self.service['OS-KSADM:service']['id'],
- region=self.region,
- publicurl=self.public_url,
- adminurl=self.admin_url,
- internalurl=self.internal_url
- )
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.endpoints_client.delete_endpoint,
- endpoint['endpoint']['id'])
- return endpoint
-
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd124')
@@ -61,7 +32,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_endpoint()
+ self.setup_test_endpoint()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -73,9 +44,9 @@
RBAC test for Identity v2 delete_endpoint
"""
- endpoint = self._create_endpoint()
+ endpoint = self.setup_test_endpoint()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.delete_endpoint(endpoint['endpoint']['id'])
+ self.endpoints_client.delete_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
index a557bb8..9a4363d 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
@@ -18,7 +18,7 @@
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
@@ -36,7 +36,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_tenant()
+ self.setup_test_tenant()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -47,7 +47,7 @@
RBAC test for Identity 2.0 update_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.update_tenant(tenant['id'],
@@ -62,7 +62,7 @@
RBAC test for Identity 2.0 delete_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.delete_tenant(tenant['id'])
@@ -77,7 +77,7 @@
RBAC test for Identity 2.0 show_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.show_tenant(tenant['id'])
@@ -91,7 +91,7 @@
RBAC test for Identity 2.0 list_tenant_users
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.list_tenant_users(tenant['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
index a1ec5c6..9d80469 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
@@ -13,12 +13,11 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRolesV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
@@ -28,17 +27,10 @@
super(IdentityRolesV2AdminRbacTest, cls).setup_clients()
cls.roles_client = cls.os_primary.roles_client
- def _create_role(self):
- role = self.roles_client.create_role(
- name=data_utils.rand_name('test_role'))['role']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.roles_client.delete_role, role['id'])
- return role
-
def _create_tenant_user_and_role(self):
- tenant = self._create_tenant()
- user = self._create_user(tenantid=tenant['id'])
- role = self._create_role()
+ tenant = self.setup_test_tenant()
+ user = self.setup_test_user(tenantid=tenant['id'])
+ role = self.setup_test_role()
return tenant, user, role
def _create_role_on_project(self, tenant, user, role):
@@ -60,7 +52,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_role()
+ self.setup_test_role()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -71,7 +63,7 @@
RBAC test for Identity v2 delete_role
"""
- role = self._create_role()
+ role = self.setup_test_role()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.delete_role(role['id'])
@@ -85,7 +77,7 @@
RBAC test for Identity v2 show_role
"""
- role = self._create_role()
+ role = self.setup_test_role()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.show_role(role['id'])
@@ -140,8 +132,8 @@
RBAC test for Identity v2 list_user_roles_on_project
"""
- tenant = self._create_tenant()
- user = self._create_user(tenantid=tenant['id'])
+ tenant = self.setup_test_tenant()
+ user = self.setup_test_user(tenantid=tenant['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.list_user_roles_on_project(
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
index ad47fd2..8419ec9 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
@@ -16,16 +16,11 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityServicesV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
- @classmethod
- def setup_clients(cls):
- super(IdentityServicesV2AdminRbacTest, cls).setup_clients()
- cls.services_client = cls.os_primary.identity_services_client
-
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('370050f6-d271-4fb4-abc5-4de1d6dfbad2')
@@ -35,7 +30,7 @@
RBAC test for Identity v2 create_service
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_service()
+ self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -45,7 +40,7 @@
RBAC test for Identity v2 delete_service
"""
- service_id = self._create_service()['OS-KSADM:service']['id']
+ service_id = self.setup_test_service()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.services_client.delete_service(service_id)
@@ -58,7 +53,7 @@
RBAC test for Identity v2 show_service
"""
- service_id = self._create_service()['OS-KSADM:service']['id']
+ service_id = self.setup_test_service()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.services_client.show_service(service_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
index f90680d..dfe6e71 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityUsersV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
@@ -27,13 +27,13 @@
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d904')
def test_create_user(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_user()
+ self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d905')
def test_update_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user(user['id'], email="changedUser@xyz.com")
@@ -42,7 +42,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d9a1')
def test_update_user_enabled(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user_enabled(user['id'], enabled=True)
@@ -51,7 +51,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d906')
def test_delete_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.delete_user(user['id'])
@@ -67,7 +67,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d908')
def test_show_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.show_user(user['id'])
@@ -76,7 +76,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d909')
def test_update_user_password(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user_password(
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
index 42f2c01..995c3b0 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityCredentialsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
index ba5d5e0..b45c091 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityDomainsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
index 77ad647..7e844e7 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsFilterV3RbacTest(
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
index eabebb6..2659bae 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
index 3cc71a6..74402d5 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityGroupsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
index f331cff..fab5a6e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
@@ -18,7 +18,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityConsumersV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
index 8f11e30..da587d9 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityPoliciesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
index 325b987..0c65602 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityProjectV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
index b35facd..541e8af 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRegionsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
index 2dd0ff5..6fe6c29 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
@@ -16,7 +16,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRoleAssignmentsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
index 2676bf9..0458e16 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
@@ -18,7 +18,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRolesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
index c02b471..2f0d1ac 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentitySericesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
index 622b330..763c407 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
@@ -19,7 +19,7 @@
from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index 7380531..d3b3e4c 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityUserV3AdminRbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/orchestration/__init__.py b/patrole_tempest_plugin/tests/api/orchestration/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/patrole_tempest_plugin/tests/api/orchestration/__init__.py
+++ /dev/null
diff --git a/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py b/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py
deleted file mode 100644
index 7be7d40..0000000
--- a/patrole_tempest_plugin/tests/api/orchestration/rbac_base.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.orchestration import base as heat_base
-from tempest import config
-
-from patrole_tempest_plugin.rbac_utils import rbac_utils
-
-CONF = config.CONF
-
-
-class BaseOrchestrationRbacTest(heat_base.BaseOrchestrationTest):
-
- credentials = ['admin', 'primary']
-
- @classmethod
- def skip_checks(cls):
- super(BaseOrchestrationRbacTest, cls).skip_checks()
- if not CONF.rbac.enable_rbac:
- raise cls.skipException(
- "%s skipped as RBAC Flag not enabled" % cls.__name__)
-
- @classmethod
- def setup_clients(cls):
- super(BaseOrchestrationRbacTest, cls).setup_clients()
- cls.auth_provider = cls.os_primary.auth_provider
- cls.rbac_utils = rbac_utils()
- cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
diff --git a/patrole_tempest_plugin/tests/api/orchestration/test_resource_types_rbac.py b/patrole_tempest_plugin/tests/api/orchestration/test_resource_types_rbac.py
deleted file mode 100644
index a348512..0000000
--- a/patrole_tempest_plugin/tests/api/orchestration/test_resource_types_rbac.py
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 2017 AT&T Corporation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.orchestration import rbac_base
-
-
-class ResourceTypesRbacTest(rbac_base.BaseOrchestrationRbacTest):
-
- @classmethod
- def setup_clients(cls):
- super(ResourceTypesRbacTest, cls).setup_clients()
- cls.client = cls.orchestration_client
-
- @classmethod
- def resource_setup(cls):
- super(ResourceTypesRbacTest, cls).resource_setup()
-
- cls.resource_types = cls.client.list_resource_types()['resource_types']
-
- # There should always be several resource types on a system. But just
- # in case there are none, skip these tests, as that implies the system
- # is misconfigured.
- if cls.resource_types:
- cls.resource_type_name = cls.resource_types[0]
- else:
- raise cls.skipException('No resource types found.')
-
- @decorators.idempotent_id('56c06e92-df96-47b5-bcf2-0104e74e2511')
- @rbac_rule_validation.action(service="heat",
- rule="stacks:list_resource_types")
- def test_list_resource_types(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.list_resource_types()['resource_types']
-
- @decorators.idempotent_id('8b0290f9-0d53-479e-8e4d-3d865b0107a4')
- @rbac_rule_validation.action(service="heat",
- rule="stacks:generate_template")
- def test_show_resource_type_template(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_resource_type_template(self.resource_type_name)
-
- @decorators.idempotent_id('2cdcd47f-6abe-43af-b736-c188df27dd38')
- @rbac_rule_validation.action(service="heat",
- rule="stacks:resource_schema")
- def test_show_resource_type_schema(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_resource_type(self.resource_type_name)[
- 'resource_type']
diff --git a/patrole_tempest_plugin/tests/api/orchestration/test_soft_config_rbac.py b/patrole_tempest_plugin/tests/api/orchestration/test_soft_config_rbac.py
deleted file mode 100644
index d219ace..0000000
--- a/patrole_tempest_plugin/tests/api/orchestration/test_soft_config_rbac.py
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-from tempest.lib import decorators
-
-from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.orchestration import rbac_base
-
-
-class TestRbacSoftwareConfig(rbac_base.BaseOrchestrationRbacTest):
-
- def setUp(self):
- super(TestRbacSoftwareConfig, self).setUp()
- self.config = self._config_create('a')
- self._deployment_create(self.config['id'])
-
- @rbac_rule_validation.action(service="heat",
- rule="software_configs:show")
- @decorators.idempotent_id('b2e7c98c-e17b-4f37-82f3-5d21eff86e79')
- def test_get_software_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_software_config(self.config['id'])
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:metadata")
- @decorators.idempotent_id('defa34ab-9d1f-4b14-8613-34e964c0c478')
- def test_get_deployment_metadata(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_software_deployment_metadata(self.server_id)
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:index")
- @decorators.idempotent_id('2a4dcb91-1803-4749-9cb7-5b69ba668b18')
- def test_get_deployment_list(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.list_software_deployments()
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:show")
- @decorators.idempotent_id('d4e627bc-88a3-4189-8092-151f22ed989d')
- def test_software_show_deployment(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_software_deployment(self.deployment_id)
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:update")
- @decorators.idempotent_id('90e8958c-6fa7-4515-b6d7-6d6952979f8c')
- def test_software_deployment_update(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- new_action = data_utils.rand_name('ACTION')
- new_status = data_utils.rand_name('STATUS')
- new_reason = data_utils.rand_name('REASON')
- self.client.update_software_deploy(self.deployment_id,
- self.server_id,
- self.config['id'],
- new_action, new_status,
- self.input_values,
- self.output_values,
- new_reason,
- self.signal_transport)
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:create")
- @decorators.idempotent_id('9175fe7b-4210-4c1d-acbb-954998a9fd77')
- def test_software_deployment_create(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._deployment_create(self.config['id'])
-
- @rbac_rule_validation.action(service="heat",
- rule="software_deployments:delete")
- @decorators.idempotent_id('20f4683d-7316-4d88-a6ea-1ee6013da908')
- def test_software_deployment_delete(self):
- deploy_id = self._deployment_create(self.config['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.delete_software_deploy(deploy_id)
-
- @rbac_rule_validation.action(service="heat",
- rule="software_configs:create")
- @decorators.idempotent_id('c8fb1c73-fcb6-46c2-9510-8ef0083c9620')
- def test_config_create(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._config_create('e')
-
- @rbac_rule_validation.action(service="heat",
- rule="software_configs:delete")
- @decorators.idempotent_id('f4f784ea-9878-4306-bc5f-041ba5307ce5')
- def test_config_delete(self):
- configuration = self._config_create('d')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.delete_software_config(configuration['id'])
-
- def _config_create(self, suffix):
- configuration = {'group': 'script',
- 'inputs': [],
- 'outputs': [],
- 'options': {}}
- configuration['name'] = 'heat_soft_config_%s' % suffix
- configuration['config'] = '#!/bin/bash echo init-%s' % suffix
- api_config = self.client.create_software_config(**configuration)
- self.addCleanup(
- test_utils.call_and_ignore_notfound_exc,
- self.client.delete_software_config,
- api_config['software_config']['id'])
- configuration['id'] = api_config['software_config']['id']
- return configuration
-
- def _deployment_create(self, config_id):
- self.server_id = data_utils.rand_name('dummy-server')
- self.action = 'ACTION_0'
- self.status = 'STATUS_0'
- self.input_values = {}
- self.output_values = []
- self.status_reason = 'REASON_0'
- self.signal_transport = 'NO_SIGNAL'
- self.deployment = self.client.create_software_deploy(
- self.server_id, config_id, self.action, self.status,
- self.input_values, self.output_values, self.status_reason,
- self.signal_transport)
- self.addCleanup(
- test_utils.call_and_ignore_notfound_exc,
- self.client.delete_software_deploy,
- self.deployment['software_deployment']['id'])
- self.deployment_id = self.deployment['software_deployment']['id']
- return self.deployment_id
diff --git a/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py
new file mode 100644
index 0000000..c1d8a65
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/volume/test_volume_services_rbac.py
@@ -0,0 +1,51 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.lib import decorators
+from tempest import test
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.volume import rbac_base
+
+
+class VolumeServicesRbacTest(rbac_base.BaseVolumeRbacTest):
+
+ # TODO(felipemonteiro): Implement a test to cover the policy action,
+ # "volume_extension:services:update", once the Tempest client endpoint
+ # is implemented.
+
+ @classmethod
+ def skip_checks(cls):
+ super(VolumeServicesRbacTest, cls).skip_checks()
+ if not test.is_extension_enabled('os-services', 'volume'):
+ msg = "%s skipped as os-services not enabled." % cls.__name__
+ raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(VolumeServicesRbacTest, cls).setup_clients()
+ cls.client = cls.os_primary.volume_services_v2_client
+
+ @decorators.idempotent_id('b9134f01-97c0-4abd-9455-fe2f03e3f966')
+ @rbac_rule_validation.action(
+ service="cinder",
+ rule="volume_extension:services:index")
+ def test_list_services(self):
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ self.client.list_services()['services']
+
+
+class VolumeServicesV3RbacTest(VolumeServicesRbacTest):
+ _api_version = 3
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index 057ce20..a2917cf 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -51,12 +51,15 @@
self.mock_test_obj.os_admin = mock.Mock(
**{'roles_v3_client.list_roles.return_value': available_roles})
- CONF.set_override('rbac_test_role', 'Member', group='rbac',
+ CONF.set_override('admin_role', 'admin', group='identity',
enforce_type=True)
CONF.set_override('auth_version', 'v3', group='identity',
enforce_type=True)
+ CONF.set_override('rbac_test_role', 'Member', group='rbac',
+ enforce_type=True)
self.addCleanup(CONF.clear_override, 'rbac_test_role', group='rbac')
+ self.addCleanup(CONF.clear_override, 'admin_role', group='identity')
self.addCleanup(CONF.clear_override, 'auth_version', group='identity')
self.addCleanup(mock.patch.stopall)
diff --git a/releasenotes/notes/volume-services-rbac-test-57e69f9952c8746e.yaml b/releasenotes/notes/volume-services-rbac-test-57e69f9952c8746e.yaml
new file mode 100644
index 0000000..5b6f0cd
--- /dev/null
+++ b/releasenotes/notes/volume-services-rbac-test-57e69f9952c8746e.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added RBAC test for the volume services API, which covers the following
+ policy action: "volume_extension:services:index".