Merge "Wait for floating IP assocation in test_minimum_basic test"
diff --git a/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
new file mode 100644
index 0000000..f96c030
--- /dev/null
+++ b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ Add configuration parameter `tempurl_digest_hashlib` into
+ `object-storage-feature-enabled` which configures the hashing algorithm to
+ use for the temp_url tests; defaults to 'sha256'.
+security:
+ - |
+ Swift used to support only 'sha1' for temp_url hashing but from many
+ years now 'sha256' and 'sha512' are also available. These are stronger
+ than 'sha1' and tempest now allows configuring which one to use.
diff --git a/tempest/api/object_storage/test_object_services.py b/tempest/api/object_storage/test_object_services.py
index 2823185..a11bed8 100644
--- a/tempest/api/object_storage/test_object_services.py
+++ b/tempest/api/object_storage/test_object_services.py
@@ -182,7 +182,6 @@
self.assertEqual(data, body)
@decorators.idempotent_id('4f84422a-e2f2-4403-b601-726a4220b54e')
- @decorators.unstable_test(bug='1905432')
def test_create_object_with_transfer_encoding(self):
"""Test creating object with transfer_encoding"""
object_name = data_utils.rand_name(name='TestObject')
diff --git a/tempest/api/object_storage/test_object_temp_url.py b/tempest/api/object_storage/test_object_temp_url.py
index 4ca7412..8f218e2 100644
--- a/tempest/api/object_storage/test_object_temp_url.py
+++ b/tempest/api/object_storage/test_object_temp_url.py
@@ -19,9 +19,12 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
+CONF = config.CONF
+
class ObjectTempUrlTest(base.BaseObjectTest):
"""Test object temp url"""
@@ -77,8 +80,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/object_storage/test_object_temp_url_negative.py b/tempest/api/object_storage/test_object_temp_url_negative.py
index e5f4cf2..712697e 100644
--- a/tempest/api/object_storage/test_object_temp_url_negative.py
+++ b/tempest/api/object_storage/test_object_temp_url_negative.py
@@ -19,10 +19,13 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
+CONF = config.CONF
+
class ObjectTempUrlNegativeTest(base.BaseObjectTest):
"""Negative tests of object temp url"""
@@ -82,8 +85,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/volume/admin/test_backends_capabilities.py b/tempest/api/volume/admin/test_backends_capabilities.py
index 9a85ed4..e3a8156 100644
--- a/tempest/api/volume/admin/test_backends_capabilities.py
+++ b/tempest/api/volume/admin/test_backends_capabilities.py
@@ -37,6 +37,33 @@
# Check response schema
self.admin_capabilities_client.show_backend_capabilities(self.hosts[0])
+ @staticmethod
+ def _change_capabilities_storage_protocol(capabilities):
+ """Convert storage_protocol to its canonical version"""
+ # List of storage protocols variants defined in cinder.common.constants
+ # The canonical name for storage protocol comes first in the list
+ VARIANTS = [['iSCSI', 'iscsi'], ['FC', 'fibre_channel', 'fc'],
+ ['NFS', 'nfs'], ['NVMe-oF', 'NVMeOF', 'nvmeof']]
+
+ capabilities = sorted(list(capabilities))
+
+ # Cinder Bug #1966103: Some drivers were reporting different strings
+ # to represent the same storage protocol. For backward compatibility,
+ # the scheduler can handle the variants, but to standardize this for
+ # operators (who may need to refer to the protocol in volume-type
+ # extra-specs), the get-pools and get-capabilities response was changed
+ # to only report the canonical name for a storage protocol, but these
+ # 2 REST API call swere not changed simultaneously, so we may or may
+ # not get canonical names, so just convert canonical names.
+ for item in range(len(capabilities)):
+ for variants in VARIANTS:
+ if capabilities[item][2] in variants:
+ capabilities[item] = (capabilities[item][0],
+ capabilities[item][1],
+ variants[0])
+
+ return capabilities
+
@decorators.idempotent_id('a9035743-d46a-47c5-9cb7-3c80ea16dea0')
def test_compare_volume_stats_values(self):
"""Test comparing volume stats values
@@ -47,11 +74,6 @@
'volume_backend_name',
'storage_protocol')
- # List of storage protocols variants defined in cinder.common.constants
- # The canonical name for storage protocol comes first in the list
- VARIANTS = [['iSCSI', 'iscsi'], ['FC', 'fibre_channel', 'fc'],
- ['NFS', 'nfs'], ['NVMe-oF', 'NVMeOF', 'nvmeof']]
-
# Get list backend capabilities using show_pools
cinder_pools = [
pool['capabilities'] for pool in
@@ -65,27 +87,9 @@
]
# Returns a tuple of VOLUME_STATS values
- expected_list = sorted(list(map(operator.itemgetter(*VOLUME_STATS),
- cinder_pools)))
- observed_list = sorted(list(map(operator.itemgetter(*VOLUME_STATS),
- capabilities)))
-
- # Cinder Bug #1966103: Some drivers were reporting different strings
- # to represent the same storage protocol. For backward compatibility,
- # the scheduler can handle the variants, but to standardize this for
- # operators (who may need to refer to the protocol in volume-type
- # extra-specs), the get-pools response was changed by I07d74078dbb1
- # to only report the canonical name for a storage protocol. Thus, the
- # expected_list (which we got from the get-pools call) will only
- # contain canonical names, while the observed_list (which we got
- # from the driver capabilities call) may contain a variant. So before
- # comparing the lists, we need to look for known variants in the
- # observed_list elements and replace them with their canonical values
- for item in range(len(observed_list)):
- for variants in VARIANTS:
- if observed_list[item][2] in variants:
- observed_list[item] = (observed_list[item][0],
- observed_list[item][1],
- variants[0])
+ expected_list = self._change_capabilities_storage_protocol(
+ map(operator.itemgetter(*VOLUME_STATS), cinder_pools))
+ observed_list = self._change_capabilities_storage_protocol(
+ map(operator.itemgetter(*VOLUME_STATS), capabilities))
self.assertEqual(expected_list, observed_list)
diff --git a/tempest/config.py b/tempest/config.py
index 4098f32..f986ddb 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -1164,6 +1164,11 @@
cfg.BoolOpt('discoverability',
default=True,
help="Execute discoverability tests"),
+ cfg.StrOpt('tempurl_digest_hashlib',
+ default='sha256',
+ help="Hashing algorithm to use for the temp_url tests. "
+ "Needs to be supported both by Swift and the "
+ "hashlib module, for example sha1 or sha256"),
]
diff --git a/tempest/scenario/test_network_advanced_server_ops.py b/tempest/scenario/test_network_advanced_server_ops.py
index 1c00212..e630e29 100644
--- a/tempest/scenario/test_network_advanced_server_ops.py
+++ b/tempest/scenario/test_network_advanced_server_ops.py
@@ -283,7 +283,6 @@
self._wait_server_status_and_check_network_connectivity(
server, keypair, floating_ip)
- @decorators.unstable_test(bug='1836595')
@decorators.idempotent_id('25b188d7-0183-4b1e-a11d-15840c8e2fd6')
@testtools.skipUnless(CONF.compute_feature_enabled.cold_migration,
'Cold migration is not available.')