)]}' { "log": [ { "commit": "75f2363601d1812fbade748ac28e487e148f09fc", "tree": "81737bdfcb88aecf1386c281b802fbf111a49454", "parents": [ "5ad0fec679aeabf32ddbee7264dc20c9022c2106" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Apr 07 15:56:26 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Apr 07 16:56:57 2017 +0000" }, "message": "Renames switchToRbacRole to toggle_rbac_role\n\nThis is a trivial change that renames switchToRbacRole to\ntoggle_rbac_role.\n\nThis change is needed because:\n - switchToRbacRole is camel case which is inconsistent with\n all the snake-case variables names throughout Patrole and\n OpenStack\n - It violates Python\u0027s naming conventions [0].\n\n[0] See pep8 styling guideline:\n\n\"Function names should be lowercase, with words separated\nby underscores as necessary to improve readability. mixedCase\nis allowed only in contexts where that\u0027s already the prevailing\nstyle.\"\n\nAnd for variable names:\n\n\"Use the function naming rules: lowercase with words separated\nby underscores as necessary to improve readability.\"\n\nChange-Id: Ib6dd50ba02c25d585e2ca0c9383771f9337212b8\nDepends-On: Ie1c4b6a2801f10c8e83f6d3f88fe0364d69317fa" }, { "commit": "5ad0fec679aeabf32ddbee7264dc20c9022c2106", "tree": "3368ff04dffc4e2834fa0265822296d267d9d361", "parents": [ "b486134f03aab5c039e613094fe240bbdad0990d", "7aae506e692a69ccdc18ce95fc2d7f3644048929" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Apr 06 22:59:05 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Apr 06 22:59:05 2017 +0000" }, "message": "Merge \"Fix test_migration_live throwing AttributeError.\"" }, { "commit": "b486134f03aab5c039e613094fe240bbdad0990d", "tree": "33b0cb15fa23e34fa89d317b79bcab8dc1a99b83", "parents": [ "6b6c610a5f5ffa7dd9276c70e66a8efa66f99762", "521e5c1e4c4e14f3404bf3d83760b78da901f760" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Apr 06 18:40:41 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Apr 06 18:40:41 2017 +0000" }, "message": "Merge \"Fix role validation edge case bug in rbac_utils\"" }, { "commit": "6b6c610a5f5ffa7dd9276c70e66a8efa66f99762", "tree": "6c2c49488bdf199da44bf6c1a066a955110b97aa", "parents": [ "44e7ac93e815cd28aa93cd807e369d21553a7692" ], "author": { "name": "Andrea Frittoli", "email": "andrea.frittoli@gmail.com", "time": "Thu Apr 06 10:34:53 2017 +0100" }, "committer": { "name": "Andrea Frittoli", "email": "andrea.frittoli@gmail.com", "time": "Thu Apr 06 10:35:55 2017 +0100" }, "message": "Add py3.5 support in setup.cfg\n\nAs defined in https://governance.openstack.org/tc/goals/pike/python35.html\nPike community goal for py35, adding py35 to setup.cfg.\n\nI believe the py35 unit tests should be enough for this, but eventually we\nshould setup a py35 dsvm test as well.\n\nChange-Id: I44d5465bf4d6223e603853c03d53d2b8cd98d1e0\n" }, { "commit": "44e7ac93e815cd28aa93cd807e369d21553a7692", "tree": "82d7d28e046787bacc1ee671e12b0ed16ab450a6", "parents": [ "f01a48fb95753b79c2bd59a08b07cdc1cef94044", "b83861ca068ac163a2f8817a7bfa46644b6f11e1" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Apr 05 22:14:55 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Apr 05 22:14:55 2017 +0000" }, "message": "Merge \"Add RBAC tests for the Nova images API.\"" }, { "commit": "521e5c1e4c4e14f3404bf3d83760b78da901f760", "tree": "972d07b06bf05e915794107c8b51df94b477d430", "parents": [ "3cc966f093dbc8db2ca7c99cb52b74c0cfd51af4" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 22:59:57 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 22:09:11 2017 +0000" }, "message": "Fix role validation edge case bug in rbac_utils\n\nCurrently, a history of the order of switchToRbacRole calls is\nmaintained by class name in rbac_utils. This means that each\nuniquely named class has its own distinct history, allowing\nfor determination of whether proper role-switching is being\nperformed.\n\nHowever, sometimes class names are not unique across modules:\nfor example, both network and compute service folders have\na test called test_floating_ips_rbac, causing essentially\ncollisions to take place in the role-switching history dictionary.\nThis currently causes a false negative in role validation\nin the logs [0].\n\nThe solution to this edge case is straightforward: the key\nthat indexes into the history dictionary should be changed\nfrom class name to module path + class name. For example,\nthe key \"TestFloatingIpsRbac\" will be changed to:\n\n - \"patrole_tempest_plugin.tests.api.compute...\" + class name\n - \"patrole_tempest_plugin.tests.api.network...\" + class name\n\nThis also works for different versions of, say, test_users_rbac:\n\n - \"patrole_tempest_plugin.tests.api.identity.v2...\" + class name\n - \"patrole_tempest_plugin.tests.api.identity.v3...\" + class name\n\n[0] http://logs.openstack.org/82/448782/11/check/gate-tempest-dsvm-patrole-member-ubuntu-xenial-nv/bce54d8/console.html\n\nChange-Id: I4a1273e56a25dbc7fee950cf55f439f36cbf8e5c\nCloses-Bug: #1680262\n" }, { "commit": "f01a48fb95753b79c2bd59a08b07cdc1cef94044", "tree": "ad43fe7975fbc5be6387cca1fe004d964d64e4a9", "parents": [ "3cc966f093dbc8db2ca7c99cb52b74c0cfd51af4" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 21:27:54 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 20:30:38 2017 +0000" }, "message": "RBAC test for compute os-multinic policy action.\n\nThe \u0027addFixedIp\u0027 action is used in this test case,\nwhich adds a fixed IP to the server instance, but\nthereby causes os_compute_api:os-multinic to be enforced [0].\n\n[0] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/openstack/compute/multinic.py\n\nCo-Authored-By: Michael Sliem \u003cms272s@att.com\u003e\nCo-Authored-By: Rao Adnan Khan \u003crk221s@att.com\u003e\n\nPartially-Implements: blueprint initial-tests-compute\nChange-Id: Ic2e0efb4416255d9dcae1021c78955f60c85ba61\n" }, { "commit": "b83861ca068ac163a2f8817a7bfa46644b6f11e1", "tree": "c6331d28310b1ba33dd555fbd9e1abdcfcdb7c57", "parents": [ "62252fd8c2366ba6e2dc51e8750f2f0fa6c526d4" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 17:00:01 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 20:18:58 2017 +0000" }, "message": "Add RBAC tests for the Nova images API.\n\nThese APIs are proxy calls to the Image service. Consequently, no nova\npolicy actions are enforced; instead, only glance policy actions are\nenforced. As such, these tests check that only glance policy actions are\nexecuted.\n\nIn addition, these tests will fail with a 404 starting from microversion\n2.36 onward, so max_microversion is set to 2.35.\n\nFinally, this patch removes CONF from test_agents_rbac and updates\nan error message.\n\nCo-Authored-By: Samantha Blanco \u003csamantha.blanco@att.com\u003e\nChange-Id: I16677bf17a61caf9ba8c03d8dc4fda8c5f90d078\n" }, { "commit": "3cc966f093dbc8db2ca7c99cb52b74c0cfd51af4", "tree": "28341f2291cc79771f06ee4f502b11a3b70691d5", "parents": [ "5cc41329774bb99f6dc4cecb580555066b86d68d", "aa1953000a080abf68c04fad4732d7b0889903c0" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Apr 05 17:57:25 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Apr 05 17:57:25 2017 +0000" }, "message": "Merge \"Add implied roles rbac tests to identity v3.\"" }, { "commit": "5cc41329774bb99f6dc4cecb580555066b86d68d", "tree": "b45953156b3ad315658cfd369158e2b0b3ff8335", "parents": [ "62252fd8c2366ba6e2dc51e8750f2f0fa6c526d4", "fa01d5f4e8a151b582397b17688505a8f0ac71d9" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Apr 05 17:41:52 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Apr 05 17:41:53 2017 +0000" }, "message": "Merge \"Add role-switching validation to Patrole framework.\"" }, { "commit": "aa1953000a080abf68c04fad4732d7b0889903c0", "tree": "3017bb051ea987eb7cabaaeaa229329af9d9efe0", "parents": [ "62252fd8c2366ba6e2dc51e8750f2f0fa6c526d4" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 31 05:06:21 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Apr 05 16:38:20 2017 +0000" }, "message": "Add implied roles rbac tests to identity v3.\n\nAdd implied roles rbac tests to identity v3. These tests cover the\nAPIs in OS-INHERIT API.\n\nPartially-Implements: blueprint initial-tests-identity\nDepends-On: I9d6c0dc83a85bbca173b753183d838adfee04008\nChange-Id: I3f64751a5e68924ec27aaee4cb4a91596b404a69\n" }, { "commit": "62252fd8c2366ba6e2dc51e8750f2f0fa6c526d4", "tree": "489484a0b2337cbcfbeb0551af066bbecf0a3599", "parents": [ "e34cae02dffba101a0437ce6e8a2cb2e6ecc080f", "9af4e53a8a8512056108ac64541716c45e424ac7" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Apr 04 21:43:26 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Apr 04 21:43:26 2017 +0000" }, "message": "Merge \"Update installation guide\"" }, { "commit": "7aae506e692a69ccdc18ce95fc2d7f3644048929", "tree": "11c805d8ef77ccdc61eb9f5f799725c0628e38e7", "parents": [ "90c7eef9cdd090f1f2afbe5aab66f56952c48ecf" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Apr 04 21:48:51 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Apr 04 21:48:51 2017 +0100" }, "message": "Fix test_migration_live throwing AttributeError.\n\nThis patch fixes test_migration_live, which currently throws\nan AttributeError, because self.block_migration is undefined.\n\nThis patch sets self.block_migration \u003d \u0027auto\u0027 and the minimum\nmicroversion to 2.25, which is when the block_migration\nkwarg for live_migrate_server can be set to auto, so that nova\ncan decide the value of block_migration during live migration [0].\n\n[0] https://developer.openstack.org/api-ref/compute/?expanded\u003dlive-migrate-server-os-migratelive-action-detail\n\nChange-Id: I82572d9418901070d6925723241e5aabe0aeae8d\n" }, { "commit": "9af4e53a8a8512056108ac64541716c45e424ac7", "tree": "454e630e199cc66ce67cada6c38b8464a1deebfa", "parents": [ "78b192553a9a51db1d4a53de893a7134d96a3303" ], "author": { "name": "Samantha Blanco", "email": "samantha.blanco@att.com", "time": "Mon Apr 03 17:06:11 2017 -0400" }, "committer": { "name": "Samantha Blanco", "email": "samantha.blanco@att.com", "time": "Tue Apr 04 18:50:43 2017 +0000" }, "message": "Update installation guide\n\nUpdates installation guide to remove deprecated configuration options.\n\nChange-Id: Ida4d6a934d6f3e5122f8f9e49e4739f368097a2d\nCloses-Bug: #1679282\n" }, { "commit": "e34cae02dffba101a0437ce6e8a2cb2e6ecc080f", "tree": "b88cc40c63f031a7d46002ff2f32ee423cb4829d", "parents": [ "a585f56bdbc738093002fac3f5b6a81230e29742", "f512433299b78e837201940439dd1df45f9f5afc" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Apr 04 17:24:37 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Apr 04 17:24:37 2017 +0000" }, "message": "Merge \"Identity V3 (ext) Tests - Oauth Consumers\"" }, { "commit": "fa01d5f4e8a151b582397b17688505a8f0ac71d9", "tree": "69a8b9b28735570fbe551bec047c2caa8bbfd53a", "parents": [ "934acae7a18fd7e368421319723333b5a30420b6" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat Apr 01 06:18:25 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Apr 04 18:02:26 2017 +0100" }, "message": "Add role-switching validation to Patrole framework.\n\nCurrently, no role validation is performed when calling switch_role. This\nis problematic for the following reasons:\n - The only \"validation\" right now checks whether switchToRbacRole is None.\n If so, None is returned. The validation used is nowhere near as robust\n as it should be -- what if a string or int is passed in? -- and an error\n should be thrown instead of silently returning None.\n - If switch_role is called with the same boolean value twice, then the\n rbac_role under test is never switched to: this should be detected\n and flagged as an error.\n - If switch_role is not called in a test, then an error should definitely\n be thrown as well, because then the test may pass as a false positive.\n\nThis patch adds role validation so that the above cases are avoided.\n\nThis patch also updated unit tests and added additional ones\nwhere needed.\n\nImplements: blueprint add-switch-role-validation\nChange-Id: Ida0f03af236eb0f91d8cc96d51ca57671b4eef7c\n" }, { "commit": "f512433299b78e837201940439dd1df45f9f5afc", "tree": "ffddcb24a1b3941a395efb6d4d32afbfb5cd5c84", "parents": [ "ae2ebab27c11e2925be3a2a65758e48a08dfa484" ], "author": { "name": "Nicolas Helgeson", "email": "nh202b@att.com", "time": "Wed Mar 15 16:42:27 2017 -0700" }, "committer": { "name": "Nicolas Helgeson", "email": "nh202b@att.com", "time": "Tue Apr 04 15:31:23 2017 +0000" }, "message": "Identity V3 (ext) Tests - Oauth Consumers\n\nTests for identity v3 extension oauth consumers\nRequires missing Oauth Consumers Client (missing from tempest)\n\nCo-Authored-By: Kaustuv Royburman (kr336r@us.att.com)\nPartially-Implements bp: initial-tests-identity\n\nChange-Id: Ifcca3a127d8ed7811521189077ce428f656806fa\nDepends-On: I6d0884637cfe00a5313a5d019e1e062316f76d57\n" }, { "commit": "a585f56bdbc738093002fac3f5b6a81230e29742", "tree": "097f36a41d209186cfb6b4e478211c22572e612c", "parents": [ "90c7eef9cdd090f1f2afbe5aab66f56952c48ecf", "fb185791f96051fbdfeed15edd79d6eae7444f64" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Apr 04 14:20:29 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Apr 04 14:20:29 2017 +0000" }, "message": "Merge \"Add role assignments rbac tests to identity v3.\"" }, { "commit": "90c7eef9cdd090f1f2afbe5aab66f56952c48ecf", "tree": "6bbc6c9996f9b1f92fd8d03426db5774dfad5ac5", "parents": [ "78b192553a9a51db1d4a53de893a7134d96a3303" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Apr 03 14:42:06 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Apr 03 15:00:30 2017 +0000" }, "message": "Update post_test_hook to use multinode environment.\n\nNow that a new infra job has been added to Patrole for a\nmultinode environment [0], the post_test_hook in Patrole\nneeds to be updated.\n\nThis change will still keep \"fast\" tests in the \"fast\" gates,\nalthough they have been renamed to not have the \"fast\" substring;\nand it will still keep \"slow\" tests in the \"slow\" gates,\nalthough they have been renamed with \"multinode\" instead of \"slow\".\n\nThis means that tests that require multiple nodes, like migrating\na server, can be run, rather than skipped.\n\n[0] https://review.openstack.org/#/c/450278/\n\nChange-Id: I278695026ce273daa8cb44e9c472cf84e880a618\n" }, { "commit": "fb185791f96051fbdfeed15edd79d6eae7444f64", "tree": "d299aa125da516cffdfb64770e9fffed649ebdff", "parents": [ "934acae7a18fd7e368421319723333b5a30420b6" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat Apr 01 05:33:50 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Apr 02 16:40:24 2017 +0100" }, "message": "Add role assignments rbac tests to identity v3.\n\nAdd role assignments rbac tests to identity v3. These\ntests cover the policy actions here [0]:\n - identity:list_role_assignments\n - identity:list_role_assignments_for_tree\n\n[0] https://github.com/openstack/keystone/blob/master/keystone/common/policies/role_assignment.py\n\nChange-Id: I7bdeedf51f77ba008dbad74c32c668eb0cab8aac\nPartially-Implements: blueprint initial-tests-identity\n" }, { "commit": "78b192553a9a51db1d4a53de893a7134d96a3303", "tree": "19e84792cdc2b0d3f8091e5d545e8840281f9dea", "parents": [ "934acae7a18fd7e368421319723333b5a30420b6" ], "author": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Sat Apr 01 16:19:09 2017 +0800" }, "committer": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Sun Apr 02 06:50:04 2017 +0000" }, "message": "Fix check-uuid not working\n\n\u0027check-uuid\u0027 and \u0027check-uuid --fix\u0027 are not working because we do not\nset package name for them. This patch fixes that.\n\nChange-Id: I553c364e3fc0d640620a01046dd7f70bdb704be2\nCloses-Bug: #1678407\n" }, { "commit": "934acae7a18fd7e368421319723333b5a30420b6", "tree": "817db1392468fe1852a6fdfbaa9a1cbf9b62356d", "parents": [ "6da4d213ae22fb38604b91a941189f4c50b551a9" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 31 18:32:55 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 31 19:19:56 2017 +0000" }, "message": "Refactor identity v3 rbac_base to use classmethods.\n\nCurrently, identity v3 rbac_base uses self.addCleanup to do cleanup\nfor the resources it creates. But this locks the tests into using\nonly test-level resources. This is inefficient. Instead,\nclass-level resources should be used wherever possible.\n\nThis patch changes the identity v3 rbac_base to create class-level\nresources, that are then set up in resource_setup and cleaned up\nin resource_cleanup.\n\nThis patch also refactors test_roles_rbac in identity v3 to work\nwith these changes.\n\nChange-Id: I80f56464a9391e0e41548b266e9b748bf961e1b6\n" }, { "commit": "6da4d213ae22fb38604b91a941189f4c50b551a9", "tree": "56c089d964ed026cf61c817de13603af76321993", "parents": [ "ae2ebab27c11e2925be3a2a65758e48a08dfa484" ], "author": { "name": "Nicolas Helgeson", "email": "nh202b@att.com", "time": "Tue Mar 07 15:58:08 2017 -0800" }, "committer": { "name": "Nicolas Helgeson", "email": "nh202b@att.com", "time": "Thu Mar 30 12:57:15 2017 -0700" }, "message": "Identity V3 Tests - Roles\n\nTests for identity v3 roles\n\nPartially-Implements bp: initial-tests-identity\nDepends-On: I4e28de9ab106239b3926634591ce4a550f108a3e\n\nChange-Id: Id6652b195ae4e32ec2404d2bbd183e81ec605bca\nCo-Authored-By: Nishant Kumar \u003cnk613n@att.com\u003e\n" }, { "commit": "ae2ebab27c11e2925be3a2a65758e48a08dfa484", "tree": "b04a00cfb99d26a154d496658ab24e5262d6c07d", "parents": [ "d4a4aa674b1e2682689ac51d2782b67496108a67" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 23 22:49:06 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 29 19:07:52 2017 +0000" }, "message": "Modify policy parser to combine custom and default policy files.\n\nCurrently, the rbac policy parser file tries to:\n 1) Read the custom policy file if it exists\n 2) Otherwise check if the default policy file exists in code\n\nThe problem with this approach is:\n - What if the custom policy file does not specify all policy actions?\n This is problematic when it comes to validating the policy action:\n is it defined or not?\n - This also holds true for default policy files which may not define\n all the policy actions enforced by the service explicitly.\n\nThis patch partially fixes this issue by 1) using all the\ndefault policy actions defined in code, if they exist and 2)\noverwriting any default policy actions with the custom\npolicy actions provided by the user in a custom policy file.\n\nThe end result is that the Patrole framework uses as many policy actions\nas possible for reference, while using as many custom-defined policy\nactions as possible. This patch, therefore, makes it more feasible to\nthrow an exception if a policy action is invalid.\n\nChange-Id: Idb6b8a99170fd32097940d5b23182f5e43956548\nDepends-On: I7feb522b2ea5f56e48982169c7ebbb2ec2ef2cb3\n" }, { "commit": "d4a4aa674b1e2682689ac51d2782b67496108a67", "tree": "86732423bd3214b40e7c7153ebb787c1c484d7d9", "parents": [ "696be11bd3eadc550132a850ab7ea66b9c4cb1ea" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 28 16:50:05 2017 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 28 19:27:57 2017 +0100" }, "message": "Add heat resource types rbac tests.\n\nImplements RBAC tests for the following policy actions:\n - stacks:list_resource_types\n - stacks:generate_template\n - stacks:resource_schema\n\nCo-Authored-By: Avishek Dutta \u003cad620p@att.com\u003e\nCo-Authored-By: Anthony Bellino \u003cab2434@att.com\u003e\nCo-Authored-By: Rick Bartra \u003crb560u@att.com\u003e\n\nChange-Id: If4f0ec3b5fe1ebb66c42652e8dee9dda8089bb42\nPartially-Implements: blueprint initial-tests-orchestration\n" }, { "commit": "696be11bd3eadc550132a850ab7ea66b9c4cb1ea", "tree": "5c0f3dadad2feb44fbb5f266526ee5f7e24215d4", "parents": [ "75feb83f3f80ee9fd65e878bea634887620c3847", "ee0205d4cc254199363e6c6252042a361a0183a3" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 28 15:01:02 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 28 15:01:02 2017 +0000" }, "message": "Merge \"Compute API Compute Flavor Rxtx Test.\"" }, { "commit": "ee0205d4cc254199363e6c6252042a361a0183a3", "tree": "11cbf2a3a35edd085cac4d99dad7b593cb0b357f", "parents": [ "8141149e557a9e43443d38848ccd33d6591bac5c" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Feb 16 17:16:50 2017 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 28 02:43:28 2017 +0100" }, "message": "Compute API Compute Flavor Rxtx Test.\n\nAdds test for compute flavor rxtx policy action [1].\n\n[1] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/openstack/compute/flavor_rxtx.py\n\nChange-Id: I0095e068079ab27482ad196209ee4d9270227d47\n" }, { "commit": "75feb83f3f80ee9fd65e878bea634887620c3847", "tree": "578801d7819b9610686e79071cf3abf8bc7d9979", "parents": [ "cd2b03fcec99fc32c247951ab85c0c78708de468", "0d88008a1ec99474b48c58856d6015a8a97ae6e0" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 27 19:51:55 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 27 19:51:55 2017 +0000" }, "message": "Merge \"Improve Patrole config options\"" }, { "commit": "cd2b03fcec99fc32c247951ab85c0c78708de468", "tree": "432be72936e752af7546a15b47fa2bdb3369b37b", "parents": [ "dcddd6e4f204a6df6a17b7768edb3d51a639b197", "06e3bc687028ff0dbcce7d21b2ae3b73b29b2397" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 27 18:35:00 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 27 18:35:00 2017 +0000" }, "message": "Merge \"Tag additional slow tests to run in slow gate.\"" }, { "commit": "06e3bc687028ff0dbcce7d21b2ae3b73b29b2397", "tree": "cfba044d133e3c6d811a3f28d97cd803ec30eb0a", "parents": [ "e28d4ddb53d7df6cea5a488f1aa7f5ff18cbbefa" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 24 20:40:31 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat Mar 25 19:19:21 2017 +0000" }, "message": "Tag additional slow tests to run in slow gate.\n\nThis patch tags additional slow tests with @test.attr(type\u003d\u0027slow\u0027)\nso that they can run in the slow gate.\n\nThese tests are:\n - test_migration_live\n - test_cold_migration\n - test_volume_backup_create\n - test_volume_backup_get\n - test_volume_backup_restore\n - test_volume_backup_delete\n - test_detach_volume_to_instance\n\nChange-Id: I45de98c301af560cd2bdae33daaaec50ed26132d\n" }, { "commit": "dcddd6e4f204a6df6a17b7768edb3d51a639b197", "tree": "d3de81b38efdb411844bb8289cb5fec9b7968e0f", "parents": [ "e28d4ddb53d7df6cea5a488f1aa7f5ff18cbbefa" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 24 19:43:33 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 24 19:48:19 2017 +0000" }, "message": "Network tests should take advantage of net_utils to find unused ip.\n\nCurrently, test_create_router_external_fixed_ips fails [0] for the\nsame reason described in this patch [1].\n\nBasically, calling random.choice to select an ip address from\nan allocation pool can potentially select an already-used ip\naddress, resulting in an error.\n\nThe best way to resolve such issues is to use the built-in\nTempest helper function `get_unused_ip_addresses` defined\nhere [2].\n\nThis patch makes the necessary changes to the code in [1] and\nto test_routers_rbac as well.\n\n[0] http://logs.openstack.org/03/448603/7/check/gate-tempest-dsvm-patrole-admin-fast-ubuntu-xenial-nv/2bb077f/console.html\n[1] https://review.openstack.org/#/c/448250/\n[2] https://github.com/openstack/tempest/blob/master/tempest/common/utils/net_utils.py\n\nChange-Id: I9bbb7cd77cde9287e398f506de58ff23e9e95496\nCloses-Bug: #1675342\n" }, { "commit": "e28d4ddb53d7df6cea5a488f1aa7f5ff18cbbefa", "tree": "4fe24d15646cc8a111a9d14a3a9665f19b15988a", "parents": [ "8141149e557a9e43443d38848ccd33d6591bac5c", "8eda8cc284991bf97517e1e1d67d42f73db8f8da" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Mar 24 19:29:52 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Mar 24 19:29:52 2017 +0000" }, "message": "Merge \"Refactors exceptions in rbac_rule_validation decorator.\"" }, { "commit": "0d88008a1ec99474b48c58856d6015a8a97ae6e0", "tree": "839780a26e5fbb6ba98109651b712ada9cc92e10", "parents": [ "8141149e557a9e43443d38848ccd33d6591bac5c" ], "author": { "name": "Samantha Blanco", "email": "samantha.blanco@att.com", "time": "Thu Mar 23 18:14:37 2017 -0400" }, "committer": { "name": "Samantha Blanco", "email": "samantha.blanco@att.com", "time": "Fri Mar 24 14:45:18 2017 -0400" }, "message": "Improve Patrole config options\n\n- Renames \"rbac_flag\" to \"enable_rbac\"\n- Creates \"strict_policy_check\" option\n- Resolves bug where policy not in policy.json\n would pass RBAC test, leading to false test\n results\n\nChange-Id: I76429e6cb0ed4cad154a07b7a873fd23209da674\nCloses-Bug: #1673626\n" }, { "commit": "8141149e557a9e43443d38848ccd33d6591bac5c", "tree": "ad825b25d73bfab3e4e2e3feb10742ee073dc0ef", "parents": [ "6c204ecee475de3c906d88fd03def634feb74c0c", "59c886c219a5fb6ca912fbfedfcfb64f868ee025" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Mar 24 18:03:38 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Mar 24 18:03:38 2017 +0000" }, "message": "Merge \"Add new regex for \"slow test\" gate\"" }, { "commit": "59c886c219a5fb6ca912fbfedfcfb64f868ee025", "tree": "40925997b22a26b5dcbe0edf54aacb9a85897b0f", "parents": [ "c0c31404ba001ebaad6afed81045d28dcb7d5410" ], "author": { "name": "anthony.lin", "email": "al498u@att.com", "time": "Thu Mar 23 14:33:00 2017 -0500" }, "committer": { "name": "anthony.lin", "email": "al498u@att.com", "time": "Fri Mar 24 11:14:30 2017 -0500" }, "message": "Add new regex for \"slow test\" gate\n\nInclude \"Type\" to ensure that only slow tests\nare executed in \"slow test\" gate and fast tests\nare executed in \"fast test\"gate\n\nChange-Id: I3cff12ee4f9c49ffc1d6c568c5466e068e65c8fd\n" }, { "commit": "8eda8cc284991bf97517e1e1d67d42f73db8f8da", "tree": "cfc4f1266668a853a44d7a026f8840efc8178de0", "parents": [ "c0c31404ba001ebaad6afed81045d28dcb7d5410" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 14:15:14 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 24 15:50:19 2017 +0000" }, "message": "Refactors exceptions in rbac_rule_validation decorator.\n\nCurrently, rbac_rule_validation decorator repeats code\nunderneath \"except expected_exception\" and \"except RbacActionFailed\".\nThese 2 blocks of code can be merged by using a tuple that\ncontains both of these exceptions on 1 line.\n\nThis patch makes the above change. It also adds a new exception\nblock for a wildcard exception. If a 404 is expected but a 403 is\nthrown, the 403 is caught and an error message saying that the\nexpected error code differs from the one caught is then re-raised.\nThat is, a more informative error message is thrown than\notherwise would be.\n\nThis patch finally improves upon rbac_rule_validation unit tests by:\n - removing redundant tests\n - renames tests to make them more understandable\n - adds docstrings to each tests to make them more understandable\n\nChange-Id: Idea4a45f721893c997acbfb2a1beb978ccfe11e6\n" }, { "commit": "6c204ecee475de3c906d88fd03def634feb74c0c", "tree": "6aa6ab4b32c985b02e68a7a3e1a6298f984cc9f4", "parents": [ "2d95e9d516ddfb5fb9c5a22dc3e367ce4bcf0fc5", "42933e56d0472e749932e27ca2a9f90d619705b8" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Mar 24 15:11:12 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Mar 24 15:11:12 2017 +0000" }, "message": "Merge \"Add server tests for nova.\"" }, { "commit": "2d95e9d516ddfb5fb9c5a22dc3e367ce4bcf0fc5", "tree": "df394f1b29bd29b8b9e77d79c945a9b8e6260871", "parents": [ "c0c31404ba001ebaad6afed81045d28dcb7d5410" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 23 20:20:32 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 23 22:52:28 2017 +0000" }, "message": "Remove special_fields definition from volume tests.\n\nFollowing recent change to Tempest [0], it is necessary to\nmake this change to Patrole, since Patrole base classes inherit\nfrom Tempest base classes.\n\n[0] https://review.openstack.org/#/c/448869/\n\nChange-Id: Ibd5dbff3e125da5a5d2d1659d82b891a4a3124c5\n" }, { "commit": "42933e56d0472e749932e27ca2a9f90d619705b8", "tree": "3764e41841122c073059956e4fc685de9b19770e", "parents": [ "c0c31404ba001ebaad6afed81045d28dcb7d5410" ], "author": { "name": "Chi Lo", "email": "cl566n@att.com", "time": "Thu Mar 23 16:59:54 2017 -0400" }, "committer": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Thu Mar 23 17:10:58 2017 -0400" }, "message": "Add server tests for nova.\n\nThe following RBAC test cases are added:\nos_compute_api:servers:create:forced_host\nos_compute_api:servers:create:attach_volume\nos_compute_api:servers:create:attach_network\n\nChange-Id: I99489adaa009bb19f7faaac31d25af4b6fef9a18\nPartially-Implements: blueprint initial-tests-nova\n" }, { "commit": "c0c31404ba001ebaad6afed81045d28dcb7d5410", "tree": "d2ed6d5d077d6d882778ec414ab02218fc9be199", "parents": [ "bb91325fdbe6d4bcc33e663da7cac47f1a3af590", "68015d1315734cb4970588f7e442c49a2c2bf697" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 18:43:30 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 18:43:30 2017 +0000" }, "message": "Merge \"Adding compute server tests\"" }, { "commit": "bb91325fdbe6d4bcc33e663da7cac47f1a3af590", "tree": "0d1bc2db2a0725543af63d9cbe276a0fb3d6a286", "parents": [ "cccc225c714144de3c7f71fbf8c329c296e90c23", "479c6031d6cf13495b621663118ce3fcfb39214c" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 18:40:28 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 18:40:28 2017 +0000" }, "message": "Merge \"Add missing requirements\"" }, { "commit": "cccc225c714144de3c7f71fbf8c329c296e90c23", "tree": "9f6f12504c602065d33906d350abe1ceb36e6643", "parents": [ "08d9d0224076372a72bc92d39817d85be634869d", "ae9db6fd2b99c2645ce41dfd7d227f8778828cbd" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 18:39:43 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 18:39:43 2017 +0000" }, "message": "Merge \"Fix oslo_debug_helper not running\"" }, { "commit": "08d9d0224076372a72bc92d39817d85be634869d", "tree": "53d670214246c3d65209b7fd978f670d15174dde", "parents": [ "ca36e10fa732b120f316f5831d179cd9eae7c45a", "7bae840cd813cfc664a51f4c3aba014180288b46" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 15:45:40 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 15:45:40 2017 +0000" }, "message": "Merge \"Identity V3 tests - Regions\"" }, { "commit": "ca36e10fa732b120f316f5831d179cd9eae7c45a", "tree": "55d1ba8223b4ced75837932f171e92cea76f1e36", "parents": [ "c563089da48ed92abc216f87f6869093f6b73530", "89f498fdee398359b5785ab6dfa6eeff2e6b815d" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 15:43:24 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 15:43:24 2017 +0000" }, "message": "Merge \"Configure devstack gate to use UUID tokens\"" }, { "commit": "c563089da48ed92abc216f87f6869093f6b73530", "tree": "f7530f4aed4ad7f38920d7cf7f58d117bb8aa47e", "parents": [ "e1014befadba18023afda378d45a879659a92a10", "8ec953f00330251f62cca2bfee7c2f5238b55c3c" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 23 15:39:46 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 23 15:39:46 2017 +0000" }, "message": "Merge \"Identity V3 rbac_base method refactor\"" }, { "commit": "68015d1315734cb4970588f7e442c49a2c2bf697", "tree": "ca1c7b84a63f25aa608031b31f7fceabcb82fe47", "parents": [ "e83a257b06a79ff3fc8f8d857f3a7e24728ca118" ], "author": { "name": "raiesmh08", "email": "mr290n@att.com", "time": "Tue Mar 14 16:40:28 2017 +0530" }, "committer": { "name": "Mh Raies", "email": "mh.raies@ericsson.com", "time": "Thu Mar 23 14:59:06 2017 +0000" }, "message": "Adding compute server tests\n\nThis patch adds following compute server tests\n 1. create server\n 2. delete server\n 3. update server\n 4. create agent\n 5. instance migration\n 6. instance live migration\n 7. get server passowrd\n 8. get virtual interfaces\n\nPartially-Implements: blueprint initial-tests-compute\n\nChange-Id: I941e72c1277b3d0a9563fa9de0c51920162263ac\n" }, { "commit": "479c6031d6cf13495b621663118ce3fcfb39214c", "tree": "5452fdcc89e2dd2d0141d68a69cc26f392f9baef", "parents": [ "e1014befadba18023afda378d45a879659a92a10" ], "author": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Thu Mar 23 07:12:35 2017 -0700" }, "committer": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Thu Mar 23 07:12:35 2017 -0700" }, "message": "Add missing requirements\n\noslo.config and tempest are imported in code [1][2], need\nto add them to requirements.txt.\n\n[1] https://github.com/openstack/patrole/blob/master/patrole_tempest_plugin/config.py#L16\n[2] https://github.com/openstack/patrole/blob/master/patrole_tempest_plugin/plugin.py#L18\n\nChange-Id: Iff07023c9d9ac9a9435cc09f0a1dbc869a89d527\n" }, { "commit": "ae9db6fd2b99c2645ce41dfd7d227f8778828cbd", "tree": "c9a8548ea1432cc4b26ab412817bf53745096a97", "parents": [ "6ebeed09e02cd7573bc8f8dbfd1c6afd7be4226b" ], "author": { "name": "HaiJieZhang", "email": "zhanghj@gohighsec.com", "time": "Thu Mar 23 11:28:16 2017 +0800" }, "committer": { "name": "HaiJieZhang", "email": "zhanghj@gohighsec.com", "time": "Thu Mar 23 11:29:16 2017 +0800" }, "message": "Fix oslo_debug_helper not running\n\nSpecify test directory so that tox won\u0027t complain\n`ImportError: Start directory is not importable`.\n\nChange-Id: I03108f71254e8cc99fb0fcab7d4f1f8614b4e60e\nCloses-Bug: #1666560\n" }, { "commit": "e1014befadba18023afda378d45a879659a92a10", "tree": "118434aed76a48acdc8dff0772bef7f3d0c7a02a", "parents": [ "6ebeed09e02cd7573bc8f8dbfd1c6afd7be4226b" ], "author": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Wed Mar 22 18:33:00 2017 -0700" }, "committer": { "name": "Jeremy Liu", "email": "liujiong@gohighsec.com", "time": "Wed Mar 22 18:38:31 2017 -0700" }, "message": "Standardize tox\n\nChange-Id: If59a61ac449c8b65abeb5900d5c5e0005fbc0186\n" }, { "commit": "89f498fdee398359b5785ab6dfa6eeff2e6b815d", "tree": "14dd09132d98297771bf8139f9cce3c50945fa37", "parents": [ "6ebeed09e02cd7573bc8f8dbfd1c6afd7be4226b" ], "author": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Mon Mar 20 15:54:45 2017 -0400" }, "committer": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Wed Mar 22 20:29:41 2017 +0000" }, "message": "Configure devstack gate to use UUID tokens\n\nUsing uuid tokens will result in faster test runs as there wouldn\u0027t\nbe a need for time.sleep in the rbac_utils.py.\n\nFor environments that use fernet tokens, continue to use the\ntime.sleep(1).\n\nChange-Id: I82eda2e23bee412c3b7bb375649cae43b6f6c061\n" }, { "commit": "8ec953f00330251f62cca2bfee7c2f5238b55c3c", "tree": "5e3b75a8039b7e8444fbb0a9ecfc36e4c2d48cef", "parents": [ "6ebeed09e02cd7573bc8f8dbfd1c6afd7be4226b" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 16:41:13 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 19:31:39 2017 +0000" }, "message": "Identity V3 rbac_base method refactor\n\nThis patch:\n - Pulls out frequently used methods into rbac_base.\n - Renames frequently used methods to be uniformly called\n setup_test_x where x is a resource name\n - Refactors relevant tests to use new setup_test_x methods\n - Fixes create tests that required other resources, but were\n denied permission\n\nCo-Authored-By: Nicolas Hegleson \u003cnicolas.helgeson@att.com\u003e\nChange-Id: I4e28de9ab106239b3926634591ce4a550f108a3e\nCloses-Bug: #1672248\nPartial-Bug: #1670553\n" }, { "commit": "7bae840cd813cfc664a51f4c3aba014180288b46", "tree": "ca155251a90508da5f3a802045510a95448fe111", "parents": [ "df889039243419e63583bf2e6f41903d84d510bd" ], "author": { "name": "Nicolas Helgeson", "email": "nh202b@att.com", "time": "Tue Mar 07 16:24:01 2017 -0800" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 17:19:34 2017 +0000" }, "message": "Identity V3 tests - Regions\n\nTests for identity v3 regions\n\nPartially-Implements bp: initial-tests-identity\nDepends-On: I4e28de9ab106239b3926634591ce4a550f108a3e\n\nChange-Id: Ib9164a455b245db03ef24f0c4f2450637947b7fa\nCo-Authored-By: Hemachandra Reddy \u003chr858f@att.com\u003e\n" }, { "commit": "6ebeed09e02cd7573bc8f8dbfd1c6afd7be4226b", "tree": "420a7c8a1a54c8707c7775f075d12ee57b9350c9", "parents": [ "df889039243419e63583bf2e6f41903d84d510bd" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 17:11:39 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 17:11:51 2017 +0000" }, "message": "Fixes IpAddressAlreadyAllocated thrown by fixed_ip port tests.\n\nCurrently, a IpAddressAlreadyAllocated may be thrown by the test\ntest_update_port_fixed_ips [0]. This can also happen for\ntest_create_port_fixed_ips.\n\nThis is because the test 1) creates a port and 2) tries to update\na port with a fixed ip, but because random.choice() is used to\nselect a random address across the ip range, the same address for\nupdate may be chosen as the address that was used for creation,\nresulting in the error.\n\nThis patch excludes the ip address for the port that was first\ncreated from the range over which random.choice selects the\nnext ip address for updating the port with a fixed ip.\n\n[0] http://logs.openstack.org/04/448204/1/check/gate-tempest-dsvm-patrole-member-ubuntu-xenial-nv/0971b9d/console.html\n\nChange-Id: I2e351f9332cafe70efe6f4ecbfaa184079a58b93\nPartial-Bug: #1670553\n" }, { "commit": "df889039243419e63583bf2e6f41903d84d510bd", "tree": "5cf9d44cdc485f578708945a0d59d355365c4dab", "parents": [ "8ad258694221274ffc6729c24a03d3b4987f3406", "d5d76b8ebbd36e291d5037e7fb85ccc630148958" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 22 16:57:33 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 22 16:57:33 2017 +0000" }, "message": "Merge \"Fix failing v2 identity user tests by adding admin_only kwarg.\"" }, { "commit": "8ad258694221274ffc6729c24a03d3b4987f3406", "tree": "3b0d92222bc0204b649dbb7e1036a3d7059f4fa7", "parents": [ "1250c8fc1a94da89caf9fcd8009378c0fa79bf92", "c01b1e6de7e382fd72b31c7be366ec6a602395ee" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 22 16:54:08 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 22 16:54:08 2017 +0000" }, "message": "Merge \"Fix failing neutron port tests for Member role.\"" }, { "commit": "d5d76b8ebbd36e291d5037e7fb85ccc630148958", "tree": "b832f9d68298f47b96c0025162f0db19c151354b", "parents": [ "6ef58806fbc34a8b7f12245bc0ea1825c490f55b" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 20 23:18:50 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 14:23:49 2017 +0000" }, "message": "Fix failing v2 identity user tests by adding admin_only kwarg.\n\nCurrently, a number of identity v2 Patrole tests wrongly assume that policy\nenforcement is executed by Keystone: for example [0]. These tests are\nwritten just like any other Patrole tests but cannot be.\n\nThis is because Keystone does not actually perform a policy lookup for\nmany v2 endpoints: for example [1]. In the listed example, policy enforcement\nis not done at all; instead, Keystone executes \"self.assert_admin(request)\"\nwhich checks whether the request context has admin credentials. If not, a\n403 is thrown, which is why many identity v2 Patrole tests are failing.\n\nPolicy enforcement is only executed when @controllers.protected() is\npresent above the API [2]; otherwise it is not. Since it is unlikely\nthat Keystone will change policy enforcement in its deprecated v2 API,\nPatrole should instead compensate for this limitation with new\nfunctionality.\n\nThus, Patrole\u0027s rbac_rule_validation.action decorator was\nenhanced to take a new kwarg called \"admin_only\" whose default value\nis False. When set to True, the local variable allowed in\nrbac_rule_validation.action will check whether the current\nrbac_test_role is admin: if it is, then the Patrole framework will\nexpect the test to pass; otherwise it will expect the test to fail.\n\n[0] https://github.com/openstack/patrole/blob/master/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py\n[1] https://github.com/openstack/keystone/blob/a3aee6ccb52d85eac1deedec31724a955d47fa96/keystone/identity/controllers.py\n[2] https://github.com/openstack/keystone/blob/master/keystone/common/controller.py\n\nChange-Id: Ie4025f45dc0b9434b0f5216bad8e441cdbe3b6f4\nCloses-Bug: #1674495\nPartial-Bug: #1670553\n" }, { "commit": "1250c8fc1a94da89caf9fcd8009378c0fa79bf92", "tree": "dff7b04933f9fdab69845de10461e2781479c38d", "parents": [ "6ef58806fbc34a8b7f12245bc0ea1825c490f55b", "da03cc0b00a13e8aa8188322d0ea97b99e9b5398" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 22 14:20:04 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 22 14:20:04 2017 +0000" }, "message": "Merge \"Update Cinder test that incorrectly handles 404\"" }, { "commit": "c01b1e6de7e382fd72b31c7be366ec6a602395ee", "tree": "df66ec43f3c70b0e3c841e7e5bb251a5e1c35491", "parents": [ "6ef58806fbc34a8b7f12245bc0ea1825c490f55b" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 02:16:59 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 22 02:17:13 2017 +0000" }, "message": "Fix failing neutron port tests for Member role.\n\nCurrently, 4 tests related to neutron ports are failing:\n - get_port:binding:host_id\n - get_port:binding:profile\n - get_port:binding:vif_details\n - get_port:binding:vif_type\n\nThese tests fail because while the endpoint does not throw a 403\nor 404, the response body does not contain the field in question.\n\nHence, this patch throws an RbacActionFailed exception when\nthe field is hidden, resolving the bug.\n\nChange-Id: I02d5c22bc2672540f2f8d537edbcea8d1ba9910d\nPartial-Bug: #1670553\n" }, { "commit": "6ef58806fbc34a8b7f12245bc0ea1825c490f55b", "tree": "b6e2c120104f9dc59026b1002749d06e6eb63ccd", "parents": [ "7a9c1ecdb73bc25be21c8e6e8ec28452a1f04c49", "0d537eae21ac28729f57b03a782de4523fc25285" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 21 20:44:02 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 21 20:44:02 2017 +0000" }, "message": "Merge \"Fixes server fault thrown by delete password compute rbac test.\"" }, { "commit": "7a9c1ecdb73bc25be21c8e6e8ec28452a1f04c49", "tree": "6be12e7ad013005d668eaaccf23e1d518ed06d09", "parents": [ "ca8844b6edb93bb687dc15d7aab64e027d84db4b", "1299894159b01bda1d2df6bab7f9f93c2a355ff3" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 21 20:41:16 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 21 20:41:17 2017 +0000" }, "message": "Merge \"Enhance validation decorator with error code\"" }, { "commit": "ca8844b6edb93bb687dc15d7aab64e027d84db4b", "tree": "a3f74094e7358b2d3fe5dbe64b7c86dbb6b2b857", "parents": [ "ea977ebce1964a08c38aea6259ae3f388e808323" ], "author": { "name": "Chi Lo", "email": "cl566n@att.com", "time": "Mon Feb 20 20:14:33 2017 -0600" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 20 19:55:41 2017 +0000" }, "message": "Enhance test_server_actions_rbac with create image actions.\n\nAdd RBAC test cases for the following server actions:\nos_compute_api:servers:create_image\nos_compute_api:servers:create_image:allow_volume_backed\n\nChange-Id: Ic2926610b570439c26e8d48073aae93a01f974b8\nPartially-Implements: blueprint blueprint initial-tests-nova\n" }, { "commit": "0d537eae21ac28729f57b03a782de4523fc25285", "tree": "c694e54b45112a7335cf6bb02f9ba76d5d2ec2d6", "parents": [ "ea977ebce1964a08c38aea6259ae3f388e808323" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 17:38:36 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 20 19:01:58 2017 +0000" }, "message": "Fixes server fault thrown by delete password compute rbac test.\n\nCurrently, a server fault can be thrown by test_delete_password\nin test_server_password_rbac [0], because the server needs to be\nactive before the admin password can be deleted [1].\n\nThis patch waits until the server is created.\n\n[0] http://logs.openstack.org/55/446155/6/check/gate-tempest-dsvm-patrole-admin-ubuntu-xenial-nv/dd6c829/console.html\n[1] https://github.com/openstack/tempest/blob/master/tempest/api/compute/servers/test_server_password.py\n\nChange-Id: Ic8401925402b6d9f125d922b3d88574d1990ab01\n" }, { "commit": "ea977ebce1964a08c38aea6259ae3f388e808323", "tree": "94862c30d0f575bd6780254e95c503542a2f4c22", "parents": [ "25ddd6753ee6847b0714f225590e7397df381aee", "68d922342afd4ba0662a48761497851d4a6c87e7" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 20 18:25:52 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 20 18:25:52 2017 +0000" }, "message": "Merge \"Fixes v3 identity tests with policy actions with rule admin_or_owner.\"" }, { "commit": "25ddd6753ee6847b0714f225590e7397df381aee", "tree": "2bdfe91bb707cd1303c061ed96ef21f373bdbba4", "parents": [ "6981e9a44d722743ff959b3a069f7e2b0384bad9", "23923f0eba8f79b2a7015dd97b97323c1ab1db02" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 20 18:09:32 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 20 18:09:32 2017 +0000" }, "message": "Merge \"Partially revert removal of time.sleep if v3 auth enabled in conf.\"" }, { "commit": "1299894159b01bda1d2df6bab7f9f93c2a355ff3", "tree": "d857dd1ef3c5cd731d0a27675c18a9b79931875d", "parents": [ "3db2fb7279fd6c90b2255998e970624d0c214006" ], "author": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Fri Mar 17 17:35:45 2017 -0400" }, "committer": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Mon Mar 20 13:53:11 2017 -0400" }, "message": "Enhance validation decorator with error code\n\nRather than wrapping each API call in a try/except block in the event\nthat a 404 rather than a 403 is thrown due to lack of permissions, the\ndecorator rbac_rule_validation.action is enhanced with the a new kwarg\ncalled \u0027expected_error_code\u0027.\n\nThe decorator now handles any error code that is passed in, and raises\nthe Forbidden exception even if the error code is not 403.\n\nThis commit also refactors the tests that use the try/except block to\nhandle non-403 error codes.\n\nChange-Id: I9d263e21110fb9f988a6d4d781bf54e81f485f14\nImplements: blueprint enhance-validation-decorator-with-error-code\n" }, { "commit": "6981e9a44d722743ff959b3a069f7e2b0384bad9", "tree": "4dad84a3d553d8a0b43e793b2836cf16280d30b0", "parents": [ "3db2fb7279fd6c90b2255998e970624d0c214006", "9abe87da9d2732321961b7b5f2e28cc10940ea32" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 20 17:08:00 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 20 17:08:00 2017 +0000" }, "message": "Merge \"Fixes router external_fixed_ip tests sometimes failing with Conflict.\"" }, { "commit": "3db2fb7279fd6c90b2255998e970624d0c214006", "tree": "58f99113e715c94fc2581b024439cb458da3cb6d", "parents": [ "18120de2820617e233e6d283f71ac40c8620bd5d", "280a2a02879700dfaf267b37967d9c8a4f28495b" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Mar 17 20:23:31 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Mar 17 20:23:31 2017 +0000" }, "message": "Merge \"Fixes failing flavor access tests for Member role.\"" }, { "commit": "280a2a02879700dfaf267b37967d9c8a4f28495b", "tree": "3498ddee022213feba1c017c0f2876c15fee5968", "parents": [ "e83a257b06a79ff3fc8f8d857f3a7e24728ca118" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 01:02:36 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 17:15:57 2017 +0000" }, "message": "Fixes failing flavor access tests for Member role.\n\nFixes the test for policy action os_compute_api:os-flavor-access,\nwhich currently throws a 404 as Member, even though the policy\naction is defined as admin_or_owner. This means that Member should\nbe allowed to pass the policy rule, but previously the API call\nflavors_client.list_flavor_accesss was used which calls other\npolicy actions which disallow Member to do the API call.\n\nThis patch uses a different API--flavors_client.show_flavor--which\ncalls the relevant policy action. The test passes, so long\nas a public flavor is used. Since CONF.compute.flavor_ref is by\ndefault public, it is used instead of dynamically creating a\npublic flavor, which adds unnecessary overhead.\n\nChange-Id: I107c4daa48cf6922cee1746dc1fc8490b542fc8a\nPartial-Bug: #1670553\n" }, { "commit": "9abe87da9d2732321961b7b5f2e28cc10940ea32", "tree": "fc7dd1fe17563513fb7d829a44fd38fad6c4913c", "parents": [ "18120de2820617e233e6d283f71ac40c8620bd5d" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 16:40:41 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 16:40:41 2017 +0000" }, "message": "Fixes router external_fixed_ip tests sometimes failing with Conflict.\n\nCurrently, a Conflict is thrown for tests like\ntest_create_router_external_fixed_ips because an IP address will\nalready be in use, due to improper clean up in other tests,\ncausing this test to throw a Conflict exception.\n\nChange-Id: Iec090d4740c2fd7e230086e3e35e25ef8812ba71\nCloses-Bug: #1673290\nPartial-Bug: #1670553\n" }, { "commit": "da03cc0b00a13e8aa8188322d0ea97b99e9b5398", "tree": "143d14e55ec9579bc87882a71669cd35bf802582", "parents": [ "f0256e3fe19a6c3ca160649b9e0702821bc46f85" ], "author": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Thu Mar 16 16:04:36 2017 -0400" }, "committer": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Fri Mar 17 15:40:26 2017 +0000" }, "message": "Update Cinder test that incorrectly handles 404\n\nThe volume test that checks the \"volume:delete\" action incorrectly\nhandles a 404. When a role doesn\u0027t have permission to delete a\nvolume, Cinder actually throws a 403 and not a 404.\n\nThis commit also refactors existing test to group basic volume CRUD\n(create, read, update, and delete) tests into a single file.\n\nAdditionally, there was not a test for \"volume:update\", so this commit\nalso covers that action.\n\nChange-Id: Ib5f63ecc1ac51918ee4b1e35763b0c91aa7d5ae2\nCloses-Bug: #1671903\n" }, { "commit": "23923f0eba8f79b2a7015dd97b97323c1ab1db02", "tree": "33be6a62b9dbc19a35bb49673ae97ab484120498", "parents": [ "e83a257b06a79ff3fc8f8d857f3a7e24728ca118" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 02:15:07 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 02:15:07 2017 +0000" }, "message": "Partially revert removal of time.sleep if v3 auth enabled in conf.\n\nIn a previous patch [0], an attempt was made to speed up Patrole\ntests by skipping over time.sleep(1) if v3 auth was enabled\nin tempest.conf.\n\nHowever, this resulted in more tests failing than otherwise should\nbe for non-admin roles (i.e. Member role). This is because:\n\n\"Fernet tokens are not subsecond aware and Keystone should only be\n precise to the second. Sleep to ensure we are passing the second\n boundary before attempting to authenticate.\" [1][2]\n\nThis patch guarantees that time.sleep(1) is always executed,\nregardless of identity auth version used by Tempest. While this\nprolongs the test runs in the gates, this change is necessary\nto guarantee correct test execution for non-admin roles.\n\n[0] https://review.openstack.org/#/c/444967/\n[1] https://github.com/openstack/tempest/blob/master/tempest/api/identity/v2/test_users.py\n[2] https://github.com/openstack/tempest/blob/master/tempest/api/identity/v3/test_users.py\n\nChange-Id: I007190906e710f540ed0e44e76bd17047fcddea4\nCloses-Bug: #1673497\n" }, { "commit": "18120de2820617e233e6d283f71ac40c8620bd5d", "tree": "a5cc051bb8a694b27b1bec1f2517649efcaa234a", "parents": [ "e83a257b06a79ff3fc8f8d857f3a7e24728ca118" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 02:03:22 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 17 02:03:22 2017 +0000" }, "message": "Fixes instance actions compute rbac test failing for Member role.\n\nCurrently, test_get_instance_action is failing with an over\npermission error with Member role [0]. Even though\nthe policy action os-instance-actions:events has rule\nadmin_api (is_admin:True) [1], Nova still allows the\nAPI call (servers_client.show_instance_actions) to be\nperformed.\n\nThis can be seen in the nova controller code [2]:\nInstanceActionsController.show enforces\nos_compute_api:os-instance-actions (which allows\nMember to get some instance action info), then\ntries to do os_compute_api:os-instance-actions:events,\nbut fails, which is not a fatal error; instead,\nthe response body is not populated with \"events\"\ninfo.\n\nThis patch adds a check for \"events\" in the response\nbody to the test: if \"events\" is not found,\nthen an RbacActionFailed exception is raised.\n\n[0] http://logs.openstack.org/99/446799/1/check/gate-tempest-dsvm-patrole-member-ubuntu-xenial-nv/6072e55/console.html\n[1] https://github.com/openstack/nova/blob/master/nova/policies/instance_actions.py\n[2] https://github.com/openstack/nova/blob/4f91ed3a547965ed96a22520edcfb783e7936e95/nova/api/openstack/compute/instance_actions.py\n\nChange-Id: Iecae5aafaa51eb28f06d34556027be8b0bb46708\nPartial-Bug: #1670553\n" }, { "commit": "e83a257b06a79ff3fc8f8d857f3a7e24728ca118", "tree": "9e0decd0400747a1e4b1b4f4b8bc4c4df767f532", "parents": [ "f0256e3fe19a6c3ca160649b9e0702821bc46f85", "48c913dee05966e4033f9e27e1e8d20ec058844a" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 16 22:12:06 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 16 22:12:06 2017 +0000" }, "message": "Merge \"Throw skipException for invalid policy actions.\"" }, { "commit": "68d922342afd4ba0662a48761497851d4a6c87e7", "tree": "31e6a9510fca9b69a62bca0182e9601e58e8a32b", "parents": [ "f0256e3fe19a6c3ca160649b9e0702821bc46f85" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 16 17:20:23 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 16 17:20:23 2017 -0400" }, "message": "Fixes v3 identity tests with policy actions with rule admin_or_owner.\n\nCurrently, v3 identity tests like show_user fail because Keystone\nonly allows a non-admin user to show itself, not any other user.\n\nThese v3 identity tests are failing on admin_or_owner policy actions\nbecause Keystone interprets \"user_id\" as \"your own\" user_id.\nadmin_or_owner policy action is defined as \"user_id: %(user_id)s\",\nso any tests with that policy rule are currently failing.\n\nThe solution is to not dynamically create users during these tests\nand instead pass the current Tempest user_id to these APIs, so\nthat the tests pass for Member (and not just admin).\n\nChange-Id: I5dc0914c95c51194dfee7c823488c4d346bda884\nPartial-Bug: #1670553\n" }, { "commit": "f0256e3fe19a6c3ca160649b9e0702821bc46f85", "tree": "bf3445b1b3a071aaf681938269bbc8efe8147a39", "parents": [ "ebc8de5f45f72d77413d1b122e6d7f89368fd1e6", "09698bbcf2ddc6c79bb3bbe05bb383c200fe61d4" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 16 19:16:51 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 16 19:16:51 2017 +0000" }, "message": "Merge \"Fixes test_volume_backup_delete failing during tearDown.\"" }, { "commit": "48c913dee05966e4033f9e27e1e8d20ec058844a", "tree": "64ff0b41f1a5856222ae8e45edba2fdb07a0c538", "parents": [ "ebc8de5f45f72d77413d1b122e6d7f89368fd1e6" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 15 12:07:48 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 16 19:11:28 2017 +0000" }, "message": "Throw skipException for invalid policy actions.\n\nCurrently, if an invalid policy action is passed to the\nrbac_rule_validation.action decorator, then\nrbac_policy_parser.RbacPolicyParser.allowed \u003d\u003e false to\nrbac_auth.RbacAuthority.get_permission \u003d\u003e false to allowed in\nrbac_rule_validation. At this point, if the test passes, then\nan OverPermission error is thrown, which is nonsensical. If\nthe test fails, then the test will silently pass. This is very\nbad.\n\nInstead, the Patrole framework should be changed to throw a\nskipException if the policy action that is passed to the\ndecorator is invalid, with a detailed error message as to\nwhat happened. The reason why a skipException should be\nthrown is because of backwards compatibility: since policy\nactions change all the time, they are not\nbackwards-compatible. Failing the test in a previous version\nof, say, Nova, will make adopting Patrole for testing in\nearlier OS releases more challenging, because failures might\noccur everywhere, since the policy actions probably won\u0027t exist\nin either the default policy file or a custom policy file.\n\nAlso, expecting a failure is not appropriate either, since\nthere is no perfect correlation between the policy action\nbeing passed in and the logic inside the test. (For example,\nit is possible to set the policy action to \"foo\", then call\n\"nova list\" -- the test will probably pass, causing the\nexpected failure to fail.)\n\nThis patch throws a skipException if an invalid policy action\nis passed to the rbac_rule_validation.action decorator.\n\nChange-Id: I7ef87417e1bb05450e9e750bc605aa34d985c835\nImplements: blueprint skip-invalid-policy-actions\n" }, { "commit": "ebc8de5f45f72d77413d1b122e6d7f89368fd1e6", "tree": "86458053cf9f72d50db1185aff7f5a012fdeb404", "parents": [ "523a927657fcdcb1107e9d62c88087a133551fff", "b0475fa7118dd81705d7127a08a0b7e225ab67a6" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 16 18:49:16 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 16 18:49:16 2017 +0000" }, "message": "Merge \"Enhance test_server_actions_rbac with index/detail/show server actions.\"" }, { "commit": "09698bbcf2ddc6c79bb3bbe05bb383c200fe61d4", "tree": "ae83c1db1f940be26030d423a2c687a54b47d946", "parents": [ "523a927657fcdcb1107e9d62c88087a133551fff" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 16 13:28:03 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 16 14:01:08 2017 -0400" }, "message": "Fixes test_volume_backup_delete failing during tearDown.\n\nThis test is currently failing because after doing\nself.backups_client.delete_backup(), the backup\ngoes into deleting status, and directly afterward tearDown\nis called, during which the\ntest_utils.call_and_ignore_notfound_exc calls the\nbackup deletion method again... However, the backup\nis still in deleting status, as it has not been fully\ndeleted, causing a 400 Bad Request to be thrown.\n\nThis patch adds a waiter (wait_for_resource_deletion)\ncall right after the first delete backup call is made.\n\nChange-Id: Ie3e8e7371bb169043377bfd4e04c1320f8939004\nPartial-Bug: #1670553\n" }, { "commit": "523a927657fcdcb1107e9d62c88087a133551fff", "tree": "483d60bc02cd4f94158ee36f454daaf9d152223a", "parents": [ "cb1525cda14f0cf280c78718de87a229cccf847f", "387430074f4140aeefa3a640bfa34095b8c8583f" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Mar 16 14:55:46 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Mar 16 14:55:46 2017 +0000" }, "message": "Merge \"Fix broken volume tests\"" }, { "commit": "cb1525cda14f0cf280c78718de87a229cccf847f", "tree": "8d2be290ce8fed7867c44fabb86ee9dee36838e3", "parents": [ "a0051a7e4ec4fca68c6fb3c57e822d128869b663", "426f3cb53979bfa346cd5d7e2ec9f26fc84e21fe" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 15 20:14:15 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 15 20:14:15 2017 +0000" }, "message": "Merge \"Compute API Quota Sets RBAC tests.\"" }, { "commit": "387430074f4140aeefa3a640bfa34095b8c8583f", "tree": "ab9ca39715e39a5fea2d2a401cce78052ffaa711", "parents": [ "a0051a7e4ec4fca68c6fb3c57e822d128869b663" ], "author": { "name": "Samantha Blanco", "email": "samantha.blanco@att.com", "time": "Tue Mar 07 15:42:10 2017 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 15 12:17:58 2017 -0400" }, "message": "Fix broken volume tests\n\nFixes volume tests that new CI gates have detected as broken.\n\nCo-Authored-By: Mh Raies \u003cmh.raies@ericsson.com\u003e\nCo-Authored-By: Samantha Blanco \u003csamantha.blanco@att.com\u003e\n\nCloses-Bug: #1672863\nCloses-Bug: #1672855\nCloses-Bug: #1672859\nPartial-Bug: #1670553\n\nChange-Id: Ic1525932df6d98d099e3f4f23fbbcbaf99eb61e9\n" }, { "commit": "a0051a7e4ec4fca68c6fb3c57e822d128869b663", "tree": "30ecd034eb26f0b056a6822bb98bb5f5cd3db7ac", "parents": [ "f0b44d8fd474c8d6381160b06dab83c153110e5a", "8590c0c62848a70d6eb494b09f843c5f5d555038" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 15 15:44:34 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 15 15:44:34 2017 +0000" }, "message": "Merge \"Removal of re-switching of rbac-role from tearDown\"" }, { "commit": "426f3cb53979bfa346cd5d7e2ec9f26fc84e21fe", "tree": "cac5dd9cd432eb8e31b927767f7e27b5c67af719", "parents": [ "f0b44d8fd474c8d6381160b06dab83c153110e5a" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Feb 08 10:29:14 2017 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 15 11:33:10 2017 -0400" }, "message": "Compute API Quota Sets RBAC tests.\n\nAdds rbac tests for compute quota sets policy actions [0].\n\n[0] https://github.com/openstack/nova/blob/master/nova/policies/quota_sets.py\n\nChange-Id: Ia533b5e679a96de16632461b7a4c33ad61efa4c5\nPartially-Implements: blueprint initial-tests-compute\nDepends-On: I3f0026533255c87b8128f2bf3a4aa488382a2523\nCo-Authored-By: Rick Bartra \u003crb560u@att.com\u003e\nCo-Authored-By: Michael Sliem \u003cms272s@att.com\u003e\n" }, { "commit": "f0b44d8fd474c8d6381160b06dab83c153110e5a", "tree": "b4588d38d65d938bafb0e689adab74e22f492ba8", "parents": [ "3642309e96c6deba99200d9bcb56f5d1bf27f3ba", "dbea7df218bb351b62bdd4bf0dbf587cd76032dd" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 14 19:24:36 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 14 19:24:36 2017 +0000" }, "message": "Merge \"Fixes test_images_member_rbac missing os credentials for image v2.\"" }, { "commit": "8590c0c62848a70d6eb494b09f843c5f5d555038", "tree": "f410462348105f9b7f648106fff727a156bfbef7", "parents": [ "3642309e96c6deba99200d9bcb56f5d1bf27f3ba" ], "author": { "name": "raiesmh08", "email": "mh.raies@ericsson.com", "time": "Tue Mar 14 18:06:52 2017 +0530" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 14 15:08:46 2017 -0400" }, "message": "Removal of re-switching of rbac-role from tearDown\n\nCurrently, for every test case class, we need to add\nre-switching rbac role in tearDown method. Thus for\nevery testcase using the tearDown method becomes\nmandatory.\n\nThis patch removes tearDown dependency for re-switching\nrbac-role.\n\nCo-Authored-By: Mh Raies \u003cmh.raies@ericsson.com\u003e\nCo-Authored-By: Felipe Monteiro \u003cfelipe.monteiro@att.com\u003e\n\nImplements: blueprint refactor-teardown-switch-roles\nChange-Id: I3f0026533255c87b8128f2bf3a4aa488382a2523\n" }, { "commit": "3642309e96c6deba99200d9bcb56f5d1bf27f3ba", "tree": "286c2efa35cb27b5ff1de76f7c72c989e5a96271", "parents": [ "1883e42acf14789122b7cc6d93e8c4c5d83b67cc", "86fdd63bf043d3eaa2ab0b1f0be56d1367c08bb8" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 14 18:23:30 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 14 18:23:30 2017 +0000" }, "message": "Merge \"Decrease overall run time when identity auth is set to v3.\"" }, { "commit": "1883e42acf14789122b7cc6d93e8c4c5d83b67cc", "tree": "2d54f3a695913e228b63ae5c271131db44759346", "parents": [ "4fa65f2d0296ccb76f1f9591e9b6c23bf6e34adc", "61b90493ffb0f13b8159e6d8757608927c927e5e" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 14 18:21:39 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 14 18:21:39 2017 +0000" }, "message": "Merge \"Switch to admin role during client set up to fix some gate bugs.\"" }, { "commit": "61b90493ffb0f13b8159e6d8757608927c927e5e", "tree": "865ac89f7a49139ccb7abebd4b2e0e38298e64fb", "parents": [ "470c8b01521f2956378b5aa3417b4fbbdfc79105" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 14 11:52:22 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 14 11:56:40 2017 -0400" }, "message": "Switch to admin role during client set up to fix some gate bugs.\n\nThe current framework only adds the admin role to\nthe cls.os.\u003cclient-name\u003e namespace when switchToRbacRole\u003dFalse\nis executed; meaning that the first test that is executed\nin a test run will not have the admin role during set up.\n\nThus, it is necessary to add a switch_role with\nswitchToRbacRole\u003dFalse to setup_clients (after rbac_utils\nis instantiated), so that class-level resources are set\nup with admin credentials. This is why\ntest_flavor_extra_specs_rbac is currently failing [0].\n(setup_clients is called before resource_setup.)\n\nThis patch:\n * Performs switchToRbacRole\u003dFalse in the setup_clients\n of every base Patrole test class.\n\n[0] http://logs.openstack.org/94/444994/2/check/gate-tempest-dsvm-patrole-admin-ubuntu-xenial-nv/a00e22a/console.html\n\nChange-Id: I8027938daa4fdfff0ac5336324aa6d647322237b\nPartial-Bug: #1670553\n" }, { "commit": "4fa65f2d0296ccb76f1f9591e9b6c23bf6e34adc", "tree": "86a08deadf31836c338b063ca91cfc194445679a", "parents": [ "470c8b01521f2956378b5aa3417b4fbbdfc79105", "d5bd33b72e3f2ff296b63eb0a18c54b2ee612c3e" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Tue Mar 14 15:04:17 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Mar 14 15:04:17 2017 +0000" }, "message": "Merge \"Add switchToRbacRole\u003dTrue to test instance actions in compute.\"" }, { "commit": "dbea7df218bb351b62bdd4bf0dbf587cd76032dd", "tree": "ef5aa23a7fe12457dc70de898b874ab9cd41006d", "parents": [ "470c8b01521f2956378b5aa3417b4fbbdfc79105" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 14 00:40:35 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Mar 14 00:40:35 2017 +0000" }, "message": "Fixes test_images_member_rbac missing os credentials for image v2.\n\nCurrently Patrole test in image.v2.test_images_member_rbac fails\nbecause of an AttributeError [0], related to the attribute \u0027os\u0027\nmissing, meaning that the credentials array lacks the \u0027primary\u0027\nuser. This patch adds the \u0027primary\u0027 user to the credentials\narray for this test.\n\n[0] http://logs.openstack.org/94/444994/4/check/gate-tempest-dsvm-patrole-admin-ubuntu-xenial-nv/370bc2d/console.html\n\nChange-Id: I62050cc8595acb87b49ecb9e9c6ff80503591bc3\nPartial-Bug: #1670553\n" }, { "commit": "86fdd63bf043d3eaa2ab0b1f0be56d1367c08bb8", "tree": "d103a88d37c457bf959b245f724363ad4b3224b0", "parents": [ "503c557c2510803618992b0f64bc450735420c16" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 13 12:07:38 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 13 21:17:31 2017 +0000" }, "message": "Decrease overall run time when identity auth is set to v3.\n\nThis patch avoids executing time.sleep(1) in rbac_utils, when\nKeystone v3 auth is enabled, which greatly reduces run time\n(approximately by 5 min or more). Thus, this patch also changes\npost_test_hook to forcibly set Keystone v3 auth in the tempest\ngates, so that tests run much faster.\n\nCurrently time.sleep(1) is used to avoid rounding issues with the\n\"created_at\" field when creating a token. This field drops the\nmilliseconds from the time field. Attempting to use a token before\nthe time in the \"created_at\" field results in an error, meaning that\nit is necessary to do time.sleep(1). However, with Keystone v3 this\nis not the case, so this time.sleep(1) can be avoided with v3, resulting\nin much faster overall test execution time.\n\nChange-Id: I679f75b54bcc61f688f761a6e6f16d4cf0173cb7\n" }, { "commit": "d5bd33b72e3f2ff296b63eb0a18c54b2ee612c3e", "tree": "b1dc29f990cfc6fac79d4ac204d8e232ea845745", "parents": [ "503c557c2510803618992b0f64bc450735420c16" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 13 12:15:39 2017 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Mar 13 12:15:39 2017 -0400" }, "message": "Add switchToRbacRole\u003dTrue to test instance actions in compute.\n\nAs the title says, switchToRbacRole\u003dTrue is not performed in\neither of the 2 tests. Also, the test file should be renamed\nfrom test_instance_actions \u003d\u003e test_instance_actions_rbac.\n\nThis patch resolves both issues.\n\nChange-Id: I2a21c63af491466c94a1a94bb69e48eb9d31ab16\nCloses-Bug: #1672445\n" }, { "commit": "470c8b01521f2956378b5aa3417b4fbbdfc79105", "tree": "d2e415836ec3f0a1bca7fe4b4618cf10af9c56fe", "parents": [ "503c557c2510803618992b0f64bc450735420c16", "ef1d21dfe0ff57ce425f7389f9e46208fa702231" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Mar 13 15:56:23 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Mar 13 15:56:23 2017 +0000" }, "message": "Merge \"Removing unused admin_client\"" }, { "commit": "503c557c2510803618992b0f64bc450735420c16", "tree": "04551fa5f07160ec0ecd4e47b06625e83cddcfb1", "parents": [ "2b77d3c168c37492a7ab897243ca596225b96453" ], "author": { "name": "Rick Bartra", "email": "rb560u@att.com", "time": "Thu Mar 09 13:49:58 2017 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Mar 12 02:08:55 2017 +0000" }, "message": "Add service validation to Patrole framework\n\nVerify that the service being passed in the rbac_rule_validation\ndecorator is a valid service. The Tempest Identity v3 services_client\nis being used to make a call to Keystone to list the services that\nare available.\n\nIf an invalid service is passed in the decorator, then an exception\nis thrown.\n\nChange-Id: I3de3fccf18456bb8382864eeabcbfe64e2cffebb\nImplements: blueprint add-service-validation\n" }, { "commit": "2b77d3c168c37492a7ab897243ca596225b96453", "tree": "fc5c5fcc672d457b16e8c822ba93aeece3a86ff2", "parents": [ "613de663d12df65b90a3af5224ffb1bcb1479b1e", "8a8b59f8323028faac3e532e24a389014d13e0f0" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Mar 10 20:30:58 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Mar 10 20:30:58 2017 +0000" }, "message": "Merge \"Fix for V2 image failing test cases.\"" }, { "commit": "8a8b59f8323028faac3e532e24a389014d13e0f0", "tree": "f81e17adb27d8b60d647988d6075a2e662bc6618", "parents": [ "7d40894e98d2cbb75aa38e13d2a70c16db1cbbf9" ], "author": { "name": "raiesmh08", "email": "mh.raies@ericsson.com", "time": "Tue Mar 07 15:31:13 2017 +0530" }, "committer": { "name": "raiesmh08", "email": "mh.raies@ericsson.com", "time": "Fri Mar 10 23:01:53 2017 +0530" }, "message": "Fix for V2 image failing test cases.\n\nFollowing V2 image api test is failing -\n 1. test_update_image_member\n\nThis patch provides fix for this test case.\n\nChange-Id: Ibd0ac1bd9a150391ae90c7fd7dd0427adbb867cd\nCloses-Bug: #1670616\n" }, { "commit": "613de663d12df65b90a3af5224ffb1bcb1479b1e", "tree": "f06c58e8491e325dae7f7146babfc9303f2dc277", "parents": [ "7d40894e98d2cbb75aa38e13d2a70c16db1cbbf9" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Mar 09 05:20:48 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Mar 10 16:54:05 2017 +0000" }, "message": "Fixes many failing identity tests for member.\n\nMany identity tests are failing for member role because the\nframework doesn\u0027t currently take how Keystone does policy\nenforcement into consideration. Currently, the framework\nsets up one admin credential type which creates a user\nwith admin credentials. During the entire lifecycle of a Patrole\ntest run, the user retains its admin credentials -- but the admin\ncredentials are still assigned to the default domain, rather than\nto the Tempest project.\n\nIt appears that most services only care about whether a user\nhas a specific role on a project, rather than a domain. However,\nKeystone behaves differently, allowing the test user with domain\nadmin credentials to perform admin actions that should otherwise\nbe disallowed. This is problematic, because then over-permission\nerrors are thrown, as the test user that performs the action\nas, say, Member retains the admin role on the default domain.\n\nThe solution is to create 2 crendential types: admin and primary.\nThe admin user is responsible for adding/revoking admin role\nto/from the primary user, who sets up/cleans up resources with admin\nrole and performs the API action under test with the rbac role only.\n\nThis patch also:\n* takes care of removing cls.os \u003d cls.os_adm simultaneously,\n which is extremely deceptive and hard to debug\n* removes 2 extension tests from compute admin test files\n* refactors identity test files that use deprecated/incorrect\n functionality\n\nChange-Id: I08b02394276b74711900ff4b6ca286da0e76fd97\nCloses-Bug: #1671704\n" }, { "commit": "ef1d21dfe0ff57ce425f7389f9e46208fa702231", "tree": "6a9e9684272e1937a3a71c62051c80289aa30693", "parents": [ "7d40894e98d2cbb75aa38e13d2a70c16db1cbbf9" ], "author": { "name": "raiesmh08", "email": "mh.raies@ericsson.com", "time": "Thu Mar 09 16:38:48 2017 +0530" }, "committer": { "name": "raiesmh08", "email": "mh.raies@ericsson.com", "time": "Thu Mar 09 16:38:48 2017 +0530" }, "message": "Removing unused admin_client\n\nAfter the merger of blueprint \u0027modifying-switching-role-mechanism\u0027,\nno admin_client is needed.\nAs a part part of cleanup, this patch aims to remove unused admin_client.\n\nPartially implements: blueprint cleanup-as-a-result-of-framework-change\n\nChange-Id: I576bc2319d6d621443f816765e9b6ff2ae739f8a\n" }, { "commit": "7d40894e98d2cbb75aa38e13d2a70c16db1cbbf9", "tree": "0f5973fa433ce9929fa53b1c6f3ae69fe7e23c01", "parents": [ "18d92b5380fb4386c7159cbd651c8ce1cc2f10e8", "e68ac0b8700bfe3bee8646ba3115f5d4a1c14a9e" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Wed Mar 08 22:15:21 2017 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Wed Mar 08 22:15:21 2017 +0000" }, "message": "Merge \"Add negative lookahead to post_test_hook to skip slow tests.\"" }, { "commit": "e68ac0b8700bfe3bee8646ba3115f5d4a1c14a9e", "tree": "a92f4c3df61be83656a0c8b77f003c88b470bae9", "parents": [ "4f48884ff8319db39bb748c609530ab961f18288" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 08 13:45:18 2017 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Mar 08 13:45:18 2017 -0500" }, "message": "Add negative lookahead to post_test_hook to skip slow tests.\n\nThis will skip a few slow tests in compute and volume with the\n@test.attr(type\u003d\u0027slow\u0027) decorator above that, so that the patrole\ntests that run in the tempest gates can finish in a reasonable\namount of time.\n\nThe post_test_hook can later be modified, once new gates are\nintroduced in infra, to run the slow tests independent from\nthe \"fast\" tests.\n\nChange-Id: I794a5da46a11bedd92a91d4b4c1f69f3d6e4e804\nPartially-Implements: blueprint decrease-tempest-gate-runtime\n" } ], "next": "18d92b5380fb4386c7159cbd651c8ce1cc2f10e8" }