Merge "Update auth section of the configuration guide"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index d81d3bb..a2db4f4 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -156,6 +156,7 @@
# The endpoint type to use for the baremetal provisioning service
# (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Timeout for Ironic node to completely provision (integer value)
@@ -341,6 +342,7 @@
#region =
# The endpoint type to use for the compute service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Path to a private key file for SSH access to remote hosts (string
@@ -467,6 +469,7 @@
# The endpoint type to use for the data processing service. (string
# value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
@@ -550,6 +553,7 @@
#region = RegionOne
# The endpoint type to use for the identity service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Username to use for Nova API requests. (string value)
@@ -631,6 +635,7 @@
#region =
# The endpoint type to use for the image service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# http accessible image (string value)
@@ -739,6 +744,7 @@
#region =
# The endpoint type to use for the network service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# The cidr block to allocate tenant ipv4 subnets from (string value)
@@ -781,6 +787,7 @@
# vnic_type to use when Launching instances with pre-configured ports.
# Supported ports are: ['normal','direct','macvtap'] (string value)
+# Allowed values: <None>, normal, direct, macvtap
#port_vnic_type = <None>
@@ -819,6 +826,7 @@
# The endpoint type to use for the object-store service. (string
# value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Number of seconds to time on waiting for a container to container
@@ -884,6 +892,7 @@
# The endpoint type to use for the orchestration service. (string
# value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Time in seconds between build status checks. (integer value)
@@ -950,6 +959,7 @@
# DHCP client used by images to renew DCHP lease. If left empty,
# update operation will be skipped. Supported clients: "udhcpc",
# "dhclient" (string value)
+# Allowed values: udhcpc, dhclient
#dhcp_client = udhcpc
@@ -1049,6 +1059,7 @@
#catalog_type = metering
# The endpoint type to use for the telemetry service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# This variable is used as flag to enable notification tests (boolean
@@ -1078,6 +1089,7 @@
#region =
# The endpoint type to use for the volume service. (string value)
+# Allowed values: public, admin, internal, publicURL, adminURL, internalURL
#endpoint_type = publicURL
# Name of the backend1 (must be declared in cinder.conf) (string
diff --git a/tempest/api/compute/admin/test_agents.py b/tempest/api/compute/admin/test_agents.py
index 2bd15ac..fce6550 100644
--- a/tempest/api/compute/admin/test_agents.py
+++ b/tempest/api/compute/admin/test_agents.py
@@ -28,8 +28,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(AgentsAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(AgentsAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.agents_client
def setUp(self):
diff --git a/tempest/api/compute/admin/test_aggregates.py b/tempest/api/compute/admin/test_aggregates.py
index e3b0151..32521e4 100644
--- a/tempest/api/compute/admin/test_aggregates.py
+++ b/tempest/api/compute/admin/test_aggregates.py
@@ -30,9 +30,13 @@
_host_key = 'OS-EXT-SRV-ATTR:host'
@classmethod
+ def setup_clients(cls):
+ super(AggregatesAdminTestJSON, cls).setup_clients()
+ cls.client = cls.os_adm.aggregates_client
+
+ @classmethod
def resource_setup(cls):
super(AggregatesAdminTestJSON, cls).resource_setup()
- cls.client = cls.os_adm.aggregates_client
cls.aggregate_name_prefix = 'test_aggregate_'
cls.az_name_prefix = 'test_az_'
diff --git a/tempest/api/compute/admin/test_aggregates_negative.py b/tempest/api/compute/admin/test_aggregates_negative.py
index 02e2b0b..24236f4 100644
--- a/tempest/api/compute/admin/test_aggregates_negative.py
+++ b/tempest/api/compute/admin/test_aggregates_negative.py
@@ -28,10 +28,14 @@
"""
@classmethod
- def resource_setup(cls):
- super(AggregatesAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(AggregatesAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.aggregates_client
cls.user_client = cls.aggregates_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(AggregatesAdminNegativeTestJSON, cls).resource_setup()
cls.aggregate_name_prefix = 'test_aggregate_'
cls.az_name_prefix = 'test_az_'
@@ -45,7 +49,7 @@
def test_aggregate_create_as_user(self):
# Regular user is not allowed to create an aggregate.
aggregate_name = data_utils.rand_name(self.aggregate_name_prefix)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.create_aggregate,
name=aggregate_name)
@@ -86,7 +90,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.delete_aggregate,
aggregate['id'])
@@ -94,7 +98,7 @@
@test.idempotent_id('b7d475a6-5dcd-4ff4-b70a-cd9de66a6672')
def test_aggregate_list_as_user(self):
# Regular user is not allowed to list aggregates.
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.list_aggregates)
@test.attr(type=['negative', 'gate'])
@@ -105,7 +109,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.get_aggregate,
aggregate['id'])
@@ -149,7 +153,7 @@
aggregate = self.client.create_aggregate(name=aggregate_name)
self.addCleanup(self.client.delete_aggregate, aggregate['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.add_host,
aggregate['id'], self.host)
@@ -178,7 +182,7 @@
self.client.add_host(aggregate['id'], self.host)
self.addCleanup(self.client.remove_host, aggregate['id'], self.host)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.remove_host,
aggregate['id'], self.host)
diff --git a/tempest/api/compute/admin/test_availability_zone.py b/tempest/api/compute/admin/test_availability_zone.py
index 9d24b00..eadc15a 100644
--- a/tempest/api/compute/admin/test_availability_zone.py
+++ b/tempest/api/compute/admin/test_availability_zone.py
@@ -24,8 +24,8 @@
_api_version = 2
@classmethod
- def resource_setup(cls):
- super(AZAdminV2TestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(AZAdminV2TestJSON, cls).setup_clients()
cls.client = cls.availability_zone_admin_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/admin/test_availability_zone_negative.py b/tempest/api/compute/admin/test_availability_zone_negative.py
index caecddc..d6e577e 100644
--- a/tempest/api/compute/admin/test_availability_zone_negative.py
+++ b/tempest/api/compute/admin/test_availability_zone_negative.py
@@ -25,8 +25,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(AZAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(AZAdminNegativeTestJSON, cls).setup_clients()
cls.non_adm_client = cls.availability_zone_client
@test.attr(type=['negative', 'gate'])
@@ -35,5 +35,5 @@
# List of availability zones and available services with
# non-administrator user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_availability_zone_list_detail)
diff --git a/tempest/api/compute/admin/test_fixed_ips.py b/tempest/api/compute/admin/test_fixed_ips.py
index 820b9b0..acfd659 100644
--- a/tempest/api/compute/admin/test_fixed_ips.py
+++ b/tempest/api/compute/admin/test_fixed_ips.py
@@ -23,12 +23,20 @@
class FixedIPsTestJson(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(FixedIPsTestJson, cls).resource_setup()
+ def skip_checks(cls):
+ super(FixedIPsTestJson, cls).skip_checks()
if CONF.service_available.neutron:
msg = ("%s skipped as neutron is available" % cls.__name__)
raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(FixedIPsTestJson, cls).setup_clients()
cls.client = cls.os_adm.fixed_ips_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FixedIPsTestJson, cls).resource_setup()
server = cls.create_test_server(wait_until='ACTIVE')
server = cls.servers_client.get_server(server['id'])
for ip_set in server['addresses']:
diff --git a/tempest/api/compute/admin/test_fixed_ips_negative.py b/tempest/api/compute/admin/test_fixed_ips_negative.py
index df3c390..052ed71 100644
--- a/tempest/api/compute/admin/test_fixed_ips_negative.py
+++ b/tempest/api/compute/admin/test_fixed_ips_negative.py
@@ -24,13 +24,21 @@
class FixedIPsNegativeTestJson(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(FixedIPsNegativeTestJson, cls).resource_setup()
+ def skip_checks(cls):
+ super(FixedIPsNegativeTestJson, cls).skip_checks()
if CONF.service_available.neutron:
msg = ("%s skipped as neutron is available" % cls.__name__)
raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(FixedIPsNegativeTestJson, cls).setup_clients()
cls.client = cls.os_adm.fixed_ips_client
cls.non_admin_client = cls.fixed_ips_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FixedIPsNegativeTestJson, cls).resource_setup()
server = cls.create_test_server(wait_until='ACTIVE')
server = cls.servers_client.get_server(server['id'])
for ip_set in server['addresses']:
@@ -45,7 +53,7 @@
@test.idempotent_id('9f17f47d-daad-4adc-986e-12370c93e407')
@test.services('network')
def test_list_fixed_ip_details_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.get_fixed_ip_details, self.ip)
@test.attr(type=['negative', 'gate'])
@@ -53,7 +61,7 @@
@test.services('network')
def test_set_reserve_with_non_admin_user(self):
body = {"reserve": "None"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reserve_fixed_ip,
self.ip, body)
@@ -62,7 +70,7 @@
@test.services('network')
def test_set_unreserve_with_non_admin_user(self):
body = {"unreserve": "None"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reserve_fixed_ip,
self.ip, body)
diff --git a/tempest/api/compute/admin/test_flavors.py b/tempest/api/compute/admin/test_flavors.py
index cd3a4f1..72f73a3 100644
--- a/tempest/api/compute/admin/test_flavors.py
+++ b/tempest/api/compute/admin/test_flavors.py
@@ -28,14 +28,22 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsAdminTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsAdminTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
cls.user_client = cls.os.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsAdminTestJSON, cls).resource_setup()
+
cls.flavor_name_prefix = 'test_flavor_'
cls.ram = 512
cls.vcpus = 1
diff --git a/tempest/api/compute/admin/test_flavors_access.py b/tempest/api/compute/admin/test_flavors_access.py
index aaa96ac..4558db2 100644
--- a/tempest/api/compute/admin/test_flavors_access.py
+++ b/tempest/api/compute/admin/test_flavors_access.py
@@ -26,14 +26,21 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsAccessTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsAccessTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
- # Compute admin flavor client
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsAccessTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsAccessTestJSON, cls).resource_setup()
+
# Non admin tenant ID
cls.tenant_id = cls.flavors_client.tenant_id
# Compute admin tenant ID
diff --git a/tempest/api/compute/admin/test_flavors_access_negative.py b/tempest/api/compute/admin/test_flavors_access_negative.py
index af53985..f38e3c7 100644
--- a/tempest/api/compute/admin/test_flavors_access_negative.py
+++ b/tempest/api/compute/admin/test_flavors_access_negative.py
@@ -29,13 +29,21 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsAccessNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsAccessNegativeTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsAccessNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsAccessNegativeTestJSON, cls).resource_setup()
+
cls.tenant_id = cls.flavors_client.tenant_id
cls.flavor_name_prefix = 'test_flavor_access_'
cls.ram = 512
@@ -70,7 +78,7 @@
new_flavor_id,
is_public='False')
self.addCleanup(self.client.delete_flavor, new_flavor['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.add_flavor_access,
new_flavor['id'],
self.tenant_id)
@@ -91,7 +99,7 @@
self.client.add_flavor_access(new_flavor['id'], self.tenant_id)
self.addCleanup(self.client.remove_flavor_access,
new_flavor['id'], self.tenant_id)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.remove_flavor_access,
new_flavor['id'],
self.tenant_id)
diff --git a/tempest/api/compute/admin/test_flavors_extra_specs.py b/tempest/api/compute/admin/test_flavors_extra_specs.py
index 5847a64..2bf793c 100644
--- a/tempest/api/compute/admin/test_flavors_extra_specs.py
+++ b/tempest/api/compute/admin/test_flavors_extra_specs.py
@@ -27,13 +27,20 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsExtraSpecsTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsExtraSpecsTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsExtraSpecsTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsExtraSpecsTestJSON, cls).resource_setup()
flavor_name = data_utils.rand_name('test_flavor')
ram = 512
vcpus = 1
diff --git a/tempest/api/compute/admin/test_flavors_extra_specs_negative.py b/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
index 979fdd3..7998c3d 100644
--- a/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
+++ b/tempest/api/compute/admin/test_flavors_extra_specs_negative.py
@@ -29,13 +29,21 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsExtraSpecsNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsExtraSpecsNegativeTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsExtraSpecsNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsExtraSpecsNegativeTestJSON, cls).resource_setup()
+
flavor_name = data_utils.rand_name('test_flavor')
ram = 512
vcpus = 1
@@ -63,7 +71,7 @@
def test_flavor_non_admin_set_keys(self):
# Test to SET flavor extra spec as a user without admin privileges.
specs = {"key1": "value1", "key2": "value2"}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.set_flavor_extra_spec,
self.flavor['id'],
specs)
@@ -76,7 +84,7 @@
body = self.client.set_flavor_extra_spec(
self.flavor['id'], specs)
self.assertEqual(body['key1'], 'value1')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.
update_flavor_extra_spec,
self.flavor['id'],
@@ -89,7 +97,7 @@
specs = {"key1": "value1", "key2": "value2"}
self.client.set_flavor_extra_spec(self.flavor['id'], specs)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.flavors_client.unset_flavor_extra_spec,
self.flavor['id'],
'key1')
diff --git a/tempest/api/compute/admin/test_flavors_negative.py b/tempest/api/compute/admin/test_flavors_negative.py
index 042c270..9fc60ea 100644
--- a/tempest/api/compute/admin/test_flavors_negative.py
+++ b/tempest/api/compute/admin/test_flavors_negative.py
@@ -36,14 +36,21 @@
"""
@classmethod
- def resource_setup(cls):
- super(FlavorsAdminNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(FlavorsAdminNegativeTestJSON, cls).skip_checks()
if not test.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
+ @classmethod
+ def setup_clients(cls):
+ super(FlavorsAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.flavors_client
cls.user_client = cls.os.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(FlavorsAdminNegativeTestJSON, cls).resource_setup()
cls.flavor_name_prefix = 'test_flavor_'
cls.ram = 512
cls.vcpus = 1
@@ -91,7 +98,7 @@
flavor_name = data_utils.rand_name(self.flavor_name_prefix)
new_flavor_id = str(uuid.uuid4())
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.create_flavor,
flavor_name, self.ram, self.vcpus, self.disk,
new_flavor_id, ephemeral=self.ephemeral,
@@ -101,7 +108,7 @@
@test.idempotent_id('a9a6dc02-8c14-4e05-a1ca-3468d4214882')
def test_delete_flavor_as_user(self):
# only admin user can delete a flavor
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.user_client.delete_flavor,
self.flavor_ref_alt)
diff --git a/tempest/api/compute/admin/test_floating_ips_bulk.py b/tempest/api/compute/admin/test_floating_ips_bulk.py
index 7ca081a..3c5f507 100644
--- a/tempest/api/compute/admin/test_floating_ips_bulk.py
+++ b/tempest/api/compute/admin/test_floating_ips_bulk.py
@@ -31,9 +31,13 @@
"""
@classmethod
+ def setup_clients(cls):
+ super(FloatingIPsBulkAdminTestJSON, cls).setup_clients()
+ cls.client = cls.os_adm.floating_ips_client
+
+ @classmethod
def resource_setup(cls):
super(FloatingIPsBulkAdminTestJSON, cls).resource_setup()
- cls.client = cls.os_adm.floating_ips_client
cls.ip_range = CONF.compute.floating_ip_range
cls.verify_unallocated_floating_ip_range(cls.ip_range)
diff --git a/tempest/api/compute/admin/test_hosts.py b/tempest/api/compute/admin/test_hosts.py
index bef5d1f..e525358 100644
--- a/tempest/api/compute/admin/test_hosts.py
+++ b/tempest/api/compute/admin/test_hosts.py
@@ -24,8 +24,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(HostsAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(HostsAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.hosts_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/admin/test_hosts_negative.py b/tempest/api/compute/admin/test_hosts_negative.py
index 3c070ce..ea553fd 100644
--- a/tempest/api/compute/admin/test_hosts_negative.py
+++ b/tempest/api/compute/admin/test_hosts_negative.py
@@ -26,8 +26,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(HostsAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(HostsAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.hosts_client
cls.non_admin_client = cls.os.hosts_client
@@ -40,7 +40,7 @@
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('dd032027-0210-4d9c-860e-69b1b8deed5f')
def test_list_hosts_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_hosts)
@test.attr(type=['negative', 'gate'])
@@ -55,7 +55,7 @@
def test_show_host_detail_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.show_host_detail,
hostname)
@@ -64,7 +64,7 @@
def test_update_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_host,
hostname,
status='enable',
@@ -142,7 +142,7 @@
def test_startup_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.startup_host,
hostname)
@@ -160,7 +160,7 @@
def test_shutdown_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.shutdown_host,
hostname)
@@ -178,6 +178,6 @@
def test_reboot_host_with_non_admin_user(self):
hostname = self._get_host_name()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.reboot_host,
hostname)
diff --git a/tempest/api/compute/admin/test_hypervisor.py b/tempest/api/compute/admin/test_hypervisor.py
index c65bded..5e83e95 100644
--- a/tempest/api/compute/admin/test_hypervisor.py
+++ b/tempest/api/compute/admin/test_hypervisor.py
@@ -24,8 +24,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(HypervisorAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(HypervisorAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.hypervisor_client
def _list_hypervisors(self):
diff --git a/tempest/api/compute/admin/test_hypervisor_negative.py b/tempest/api/compute/admin/test_hypervisor_negative.py
index 556424a..bbb9112 100644
--- a/tempest/api/compute/admin/test_hypervisor_negative.py
+++ b/tempest/api/compute/admin/test_hypervisor_negative.py
@@ -28,8 +28,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(HypervisorAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(HypervisorAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.hypervisor_client
cls.non_adm_client = cls.hypervisor_client
@@ -55,7 +55,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_show_details,
hypers[0]['id'])
@@ -66,7 +66,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_servers,
hypers[0]['id'])
@@ -84,7 +84,7 @@
@test.idempotent_id('e2b061bb-13f9-40d8-9d6e-d5bf17595849')
def test_get_hypervisor_stats_with_non_admin_user(self):
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_stats)
@test.attr(type=['negative', 'gate'])
@@ -104,7 +104,7 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_uptime,
hypers[0]['id'])
@@ -113,7 +113,7 @@
def test_get_hypervisor_list_with_non_admin_user(self):
# List of hypervisor and available services with non admin user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_list)
@test.attr(type=['negative', 'gate'])
@@ -121,7 +121,7 @@
def test_get_hypervisor_list_details_with_non_admin_user(self):
# List of hypervisor details and available services with non admin user
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.get_hypervisor_list_details)
@test.attr(type=['negative', 'gate'])
@@ -141,6 +141,6 @@
self.assertTrue(len(hypers) > 0)
self.assertRaises(
- lib_exc.Unauthorized,
+ lib_exc.Forbidden,
self.non_adm_client.search_hypervisor,
hypers[0]['hypervisor_hostname'])
diff --git a/tempest/api/compute/admin/test_instance_usage_audit_log.py b/tempest/api/compute/admin/test_instance_usage_audit_log.py
index 1a86b2d..6565810 100644
--- a/tempest/api/compute/admin/test_instance_usage_audit_log.py
+++ b/tempest/api/compute/admin/test_instance_usage_audit_log.py
@@ -23,8 +23,8 @@
class InstanceUsageAuditLogTestJSON(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(InstanceUsageAuditLogTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(InstanceUsageAuditLogTestJSON, cls).setup_clients()
cls.adm_client = cls.os_adm.instance_usages_audit_log_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py b/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
index 6b5a82f..e9f3371 100644
--- a/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
+++ b/tempest/api/compute/admin/test_instance_usage_audit_log_negative.py
@@ -25,19 +25,19 @@
class InstanceUsageAuditLogNegativeTestJSON(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(InstanceUsageAuditLogNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(InstanceUsageAuditLogNegativeTestJSON, cls).setup_clients()
cls.adm_client = cls.os_adm.instance_usages_audit_log_client
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('a9d33178-d2c9-4131-ad3b-f4ca8d0308a2')
def test_instance_usage_audit_logs_with_nonadmin_user(self):
# the instance_usage_audit_logs API just can be accessed by admin user
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.instance_usages_audit_log_client.
list_instance_usage_audit_logs)
now = datetime.datetime.now()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.instance_usages_audit_log_client.
get_instance_usage_audit_log,
urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S")))
diff --git a/tempest/api/compute/admin/test_migrations.py b/tempest/api/compute/admin/test_migrations.py
index 67e4fe3..3c31e77 100644
--- a/tempest/api/compute/admin/test_migrations.py
+++ b/tempest/api/compute/admin/test_migrations.py
@@ -24,8 +24,8 @@
class MigrationsAdminTest(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(MigrationsAdminTest, cls).resource_setup()
+ def setup_clients(cls):
+ super(MigrationsAdminTest, cls).setup_clients()
cls.client = cls.os_adm.migrations_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/admin/test_networks.py b/tempest/api/compute/admin/test_networks.py
index fa72c01..c20d483 100644
--- a/tempest/api/compute/admin/test_networks.py
+++ b/tempest/api/compute/admin/test_networks.py
@@ -30,8 +30,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(NetworksTest, cls).resource_setup()
+ def setup_clients(cls):
+ super(NetworksTest, cls).setup_clients()
cls.client = cls.os_adm.networks_client
@test.idempotent_id('d206d211-8912-486f-86e2-a9d090d1f416')
diff --git a/tempest/api/compute/admin/test_quotas.py b/tempest/api/compute/admin/test_quotas.py
index 35e682e..6b6db47 100644
--- a/tempest/api/compute/admin/test_quotas.py
+++ b/tempest/api/compute/admin/test_quotas.py
@@ -34,9 +34,13 @@
super(QuotasAdminTestJSON, self).setUp()
@classmethod
+ def setup_clients(cls):
+ super(QuotasAdminTestJSON, cls).setup_clients()
+ cls.adm_client = cls.os_adm.quotas_client
+
+ @classmethod
def resource_setup(cls):
super(QuotasAdminTestJSON, cls).resource_setup()
- cls.adm_client = cls.os_adm.quotas_client
# NOTE(afazekas): these test cases should always create and use a new
# tenant most of them should be skipped if we can't do that
diff --git a/tempest/api/compute/admin/test_quotas_negative.py b/tempest/api/compute/admin/test_quotas_negative.py
index 73428df..9b87bfc 100644
--- a/tempest/api/compute/admin/test_quotas_negative.py
+++ b/tempest/api/compute/admin/test_quotas_negative.py
@@ -27,12 +27,15 @@
force_tenant_isolation = True
@classmethod
- def resource_setup(cls):
- super(QuotasAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(QuotasAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os.quotas_client
cls.adm_client = cls.os_adm.quotas_client
cls.sg_client = cls.security_groups_client
+ @classmethod
+ def resource_setup(cls):
+ super(QuotasAdminNegativeTestJSON, cls).resource_setup()
# NOTE(afazekas): these test cases should always create and use a new
# tenant most of them should be skipped if we can't do that
cls.demo_tenant_id = cls.client.tenant_id
@@ -40,7 +43,7 @@
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('733abfe8-166e-47bb-8363-23dbd7ff3476')
def test_update_quota_normal_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.client.update_quota_set,
self.demo_tenant_id,
ram=0)
@@ -61,7 +64,7 @@
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
cores=default_vcpu_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@test.attr(type=['negative', 'gate'])
@@ -78,7 +81,7 @@
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
ram=default_mem_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@test.attr(type=['negative', 'gate'])
@@ -94,7 +97,7 @@
instances=instances_quota)
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
instances=default_instances_quota)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server)
@decorators.skip_because(bug="1186354",
@@ -121,7 +124,7 @@
# Check we cannot create anymore
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.sg_client.create_security_group,
"sg-overlimit", "sg-desc")
@@ -161,6 +164,6 @@
# Check we cannot create SG rule anymore
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.OverLimit, lib_exc.Unauthorized),
+ self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
self.sg_client.create_security_group_rule,
secgroup_id, ip_protocol, 1025, 1025)
diff --git a/tempest/api/compute/admin/test_security_groups.py b/tempest/api/compute/admin/test_security_groups.py
index 19f5b8c..58b5669 100644
--- a/tempest/api/compute/admin/test_security_groups.py
+++ b/tempest/api/compute/admin/test_security_groups.py
@@ -26,8 +26,8 @@
class SecurityGroupsTestAdminJSON(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(SecurityGroupsTestAdminJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(SecurityGroupsTestAdminJSON, cls).setup_clients()
cls.adm_client = cls.os_adm.security_groups_client
cls.client = cls.security_groups_client
diff --git a/tempest/api/compute/admin/test_servers.py b/tempest/api/compute/admin/test_servers.py
index adeb64b..e2e1665 100644
--- a/tempest/api/compute/admin/test_servers.py
+++ b/tempest/api/compute/admin/test_servers.py
@@ -28,12 +28,16 @@
_host_key = 'OS-EXT-SRV-ATTR:host'
@classmethod
- def resource_setup(cls):
- super(ServersAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServersAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.servers_client
cls.non_admin_client = cls.servers_client
cls.flavors_client = cls.os_adm.flavors_client
+ @classmethod
+ def resource_setup(cls):
+ super(ServersAdminTestJSON, cls).resource_setup()
+
cls.s1_name = data_utils.rand_name('server')
server = cls.create_test_server(name=cls.s1_name,
wait_until='ACTIVE')
diff --git a/tempest/api/compute/admin/test_servers_negative.py b/tempest/api/compute/admin/test_servers_negative.py
index cafbf81..a9cb2ee 100644
--- a/tempest/api/compute/admin/test_servers_negative.py
+++ b/tempest/api/compute/admin/test_servers_negative.py
@@ -33,11 +33,15 @@
"""
@classmethod
- def resource_setup(cls):
- super(ServersAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServersAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.servers_client
cls.non_adm_client = cls.servers_client
cls.flavors_client = cls.os_adm.flavors_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ServersAdminNegativeTestJSON, cls).resource_setup()
cls.tenant_id = cls.client.tenant_id
cls.s1_name = data_utils.rand_name('server')
@@ -72,7 +76,7 @@
ram, vcpus, disk,
flavor_id)
self.addCleanup(self.flavors_client.delete_flavor, flavor_id)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.resize,
self.servers[0]['id'],
flavor_ref['id'])
@@ -94,7 +98,7 @@
ram, vcpus, disk,
flavor_id)
self.addCleanup(self.flavors_client.delete_flavor, flavor_id)
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.resize,
self.servers[0]['id'],
flavor_ref['id'])
@@ -123,7 +127,7 @@
@test.idempotent_id('e84e2234-60d2-42fa-8b30-e2d3049724ac')
def test_get_server_diagnostics_by_non_admin(self):
# Non-admin user can not view server diagnostics according to policy
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_adm_client.get_server_diagnostics,
self.s1_id)
diff --git a/tempest/api/compute/admin/test_services.py b/tempest/api/compute/admin/test_services.py
index a6f79aa..932a74e 100644
--- a/tempest/api/compute/admin/test_services.py
+++ b/tempest/api/compute/admin/test_services.py
@@ -25,8 +25,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(ServicesAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServicesAdminTestJSON, cls).setup_clients()
cls.client = cls.os_adm.services_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/admin/test_services_negative.py b/tempest/api/compute/admin/test_services_negative.py
index b8974ca..2d4ec51 100644
--- a/tempest/api/compute/admin/test_services_negative.py
+++ b/tempest/api/compute/admin/test_services_negative.py
@@ -25,15 +25,15 @@
"""
@classmethod
- def resource_setup(cls):
- super(ServicesAdminNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServicesAdminNegativeTestJSON, cls).setup_clients()
cls.client = cls.os_adm.services_client
cls.non_admin_client = cls.services_client
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('1126d1f8-266e-485f-a687-adc547492646')
def test_list_services_with_non_admin_user(self):
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_services)
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/compute/admin/test_simple_tenant_usage.py b/tempest/api/compute/admin/test_simple_tenant_usage.py
index be62b1d..cf7b672 100644
--- a/tempest/api/compute/admin/test_simple_tenant_usage.py
+++ b/tempest/api/compute/admin/test_simple_tenant_usage.py
@@ -23,10 +23,14 @@
class TenantUsagesTestJSON(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(TenantUsagesTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(TenantUsagesTestJSON, cls).setup_clients()
cls.adm_client = cls.os_adm.tenant_usages_client
cls.client = cls.os.tenant_usages_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(TenantUsagesTestJSON, cls).resource_setup()
cls.tenant_id = cls.client.tenant_id
# Create a server in the demo tenant
diff --git a/tempest/api/compute/admin/test_simple_tenant_usage_negative.py b/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
index 8801e85..a83d727 100644
--- a/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
+++ b/tempest/api/compute/admin/test_simple_tenant_usage_negative.py
@@ -23,11 +23,14 @@
class TenantUsagesNegativeTestJSON(base.BaseV2ComputeAdminTest):
@classmethod
- def resource_setup(cls):
- super(TenantUsagesNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(TenantUsagesNegativeTestJSON, cls).setup_clients()
cls.adm_client = cls.os_adm.tenant_usages_client
cls.client = cls.os.tenant_usages_client
- cls.identity_client = cls._get_identity_admin_client()
+
+ @classmethod
+ def resource_setup(cls):
+ super(TenantUsagesNegativeTestJSON, cls).resource_setup()
now = datetime.datetime.now()
cls.start = cls._parse_strtime(now - datetime.timedelta(days=1))
cls.end = cls._parse_strtime(now + datetime.timedelta(days=1))
@@ -64,5 +67,5 @@
params = {'start': self.start,
'end': self.end,
'detailed': int(bool(True))}
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.client.list_tenant_usages, params)
diff --git a/tempest/api/compute/flavors/test_flavors.py b/tempest/api/compute/flavors/test_flavors.py
index b9056c7..8a66282 100644
--- a/tempest/api/compute/flavors/test_flavors.py
+++ b/tempest/api/compute/flavors/test_flavors.py
@@ -24,8 +24,8 @@
_min_ram = 'minRam'
@classmethod
- def resource_setup(cls):
- super(FlavorsV2TestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(FlavorsV2TestJSON, cls).setup_clients()
cls.client = cls.flavors_client
@test.attr(type='smoke')
diff --git a/tempest/api/compute/images/test_image_metadata.py b/tempest/api/compute/images/test_image_metadata.py
index 8193a55..6844038 100644
--- a/tempest/api/compute/images/test_image_metadata.py
+++ b/tempest/api/compute/images/test_image_metadata.py
@@ -26,14 +26,21 @@
class ImagesMetadataTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ImagesMetadataTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ImagesMetadataTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
+ @classmethod
+ def setup_clients(cls):
+ super(ImagesMetadataTestJSON, cls).setup_clients()
cls.glance_client = cls.os.image_client
cls.client = cls.images_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ImagesMetadataTestJSON, cls).resource_setup()
cls.image_id = None
name = data_utils.rand_name('image')
diff --git a/tempest/api/compute/images/test_image_metadata_negative.py b/tempest/api/compute/images/test_image_metadata_negative.py
index d181ed9..9f1c21a 100644
--- a/tempest/api/compute/images/test_image_metadata_negative.py
+++ b/tempest/api/compute/images/test_image_metadata_negative.py
@@ -23,8 +23,8 @@
class ImagesMetadataTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ImagesMetadataTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ImagesMetadataTestJSON, cls).setup_clients()
cls.client = cls.images_client
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/compute/images/test_images.py b/tempest/api/compute/images/test_images.py
index 396d629..c29c40d 100644
--- a/tempest/api/compute/images/test_images.py
+++ b/tempest/api/compute/images/test_images.py
@@ -23,17 +23,19 @@
class ImagesTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ImagesTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ImagesTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
-
if not CONF.compute_feature_enabled.snapshot:
skip_msg = ("%s skipped as instance snapshotting is not supported"
% cls.__name__)
raise cls.skipException(skip_msg)
+ @classmethod
+ def setup_clients(cls):
+ super(ImagesTestJSON, cls).setup_clients()
cls.client = cls.images_client
cls.servers_client = cls.servers_client
diff --git a/tempest/api/compute/images/test_images_negative.py b/tempest/api/compute/images/test_images_negative.py
index ee52f37..85243f5 100644
--- a/tempest/api/compute/images/test_images_negative.py
+++ b/tempest/api/compute/images/test_images_negative.py
@@ -25,17 +25,19 @@
class ImagesNegativeTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ImagesNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ImagesNegativeTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
-
if not CONF.compute_feature_enabled.snapshot:
skip_msg = ("%s skipped as instance snapshotting is not supported"
% cls.__name__)
raise cls.skipException(skip_msg)
+ @classmethod
+ def setup_clients(cls):
+ super(ImagesNegativeTestJSON, cls).setup_clients()
cls.client = cls.images_client
cls.servers_client = cls.servers_client
diff --git a/tempest/api/compute/images/test_images_oneserver.py b/tempest/api/compute/images/test_images_oneserver.py
index abdeb18..337d5d1 100644
--- a/tempest/api/compute/images/test_images_oneserver.py
+++ b/tempest/api/compute/images/test_images_oneserver.py
@@ -47,9 +47,8 @@
self.__class__.server_id = self.rebuild_server(self.server_id)
@classmethod
- def resource_setup(cls):
- super(ImagesOneServerTestJSON, cls).resource_setup()
- cls.client = cls.images_client
+ def skip_checks(cls):
+ super(ImagesOneServerTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
@@ -59,6 +58,14 @@
% cls.__name__)
raise cls.skipException(skip_msg)
+ @classmethod
+ def setup_clients(cls):
+ super(ImagesOneServerTestJSON, cls).setup_clients()
+ cls.client = cls.images_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ImagesOneServerTestJSON, cls).resource_setup()
server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/images/test_images_oneserver_negative.py b/tempest/api/compute/images/test_images_oneserver_negative.py
index f6a4aec..a50a09d 100644
--- a/tempest/api/compute/images/test_images_oneserver_negative.py
+++ b/tempest/api/compute/images/test_images_oneserver_negative.py
@@ -56,9 +56,8 @@
self.__class__.server_id = self.rebuild_server(self.server_id)
@classmethod
- def resource_setup(cls):
- super(ImagesOneServerNegativeTestJSON, cls).resource_setup()
- cls.client = cls.images_client
+ def skip_checks(cls):
+ super(ImagesOneServerNegativeTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
@@ -68,6 +67,14 @@
% cls.__name__)
raise cls.skipException(skip_msg)
+ @classmethod
+ def setup_clients(cls):
+ super(ImagesOneServerNegativeTestJSON, cls).setup_clients()
+ cls.client = cls.images_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ImagesOneServerNegativeTestJSON, cls).resource_setup()
server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/images/test_list_image_filters.py b/tempest/api/compute/images/test_list_image_filters.py
index 6176d85..36b9a46 100644
--- a/tempest/api/compute/images/test_list_image_filters.py
+++ b/tempest/api/compute/images/test_list_image_filters.py
@@ -32,14 +32,22 @@
class ListImageFiltersTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ListImageFiltersTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ListImageFiltersTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(ListImageFiltersTestJSON, cls).setup_clients()
cls.client = cls.images_client
cls.glance_client = cls.os.image_client
+ @classmethod
+ def resource_setup(cls):
+ super(ListImageFiltersTestJSON, cls).resource_setup()
+
def _create_image():
name = data_utils.rand_name('image')
body = cls.glance_client.create_image(name=name,
diff --git a/tempest/api/compute/images/test_list_image_filters_negative.py b/tempest/api/compute/images/test_list_image_filters_negative.py
index e5418ad..d660e2b 100644
--- a/tempest/api/compute/images/test_list_image_filters_negative.py
+++ b/tempest/api/compute/images/test_list_image_filters_negative.py
@@ -25,11 +25,15 @@
class ListImageFiltersNegativeTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ListImageFiltersNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ListImageFiltersNegativeTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(ListImageFiltersNegativeTestJSON, cls).setup_clients()
cls.client = cls.images_client
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/compute/images/test_list_images.py b/tempest/api/compute/images/test_list_images.py
index 36451ec..7a7a363 100644
--- a/tempest/api/compute/images/test_list_images.py
+++ b/tempest/api/compute/images/test_list_images.py
@@ -23,11 +23,15 @@
class ListImagesTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ListImagesTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ListImagesTestJSON, cls).skip_checks()
if not CONF.service_available.glance:
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
raise cls.skipException(skip_msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(ListImagesTestJSON, cls).setup_clients()
cls.client = cls.images_client
@test.attr(type='smoke')
diff --git a/tempest/api/compute/keypairs/test_keypairs.py b/tempest/api/compute/keypairs/test_keypairs.py
index 972f0de..d7c6f0b 100644
--- a/tempest/api/compute/keypairs/test_keypairs.py
+++ b/tempest/api/compute/keypairs/test_keypairs.py
@@ -23,8 +23,8 @@
_api_version = 2
@classmethod
- def resource_setup(cls):
- super(KeyPairsV2TestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(KeyPairsV2TestJSON, cls).setup_clients()
cls.client = cls.keypairs_client
def _delete_keypair(self, keypair_name):
diff --git a/tempest/api/compute/keypairs/test_keypairs_negative.py b/tempest/api/compute/keypairs/test_keypairs_negative.py
index e63f3c7..71e2bd7 100644
--- a/tempest/api/compute/keypairs/test_keypairs_negative.py
+++ b/tempest/api/compute/keypairs/test_keypairs_negative.py
@@ -24,8 +24,8 @@
class KeyPairsNegativeTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(KeyPairsNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(KeyPairsNegativeTestJSON, cls).setup_clients()
cls.client = cls.keypairs_client
def _create_keypair(self, keypair_name, pub_key=None):
diff --git a/tempest/api/compute/limits/test_absolute_limits_negative.py b/tempest/api/compute/limits/test_absolute_limits_negative.py
index 507f24e..843dc1a 100644
--- a/tempest/api/compute/limits/test_absolute_limits_negative.py
+++ b/tempest/api/compute/limits/test_absolute_limits_negative.py
@@ -53,5 +53,5 @@
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server, meta=meta_data)
diff --git a/tempest/api/compute/servers/test_availability_zone.py b/tempest/api/compute/servers/test_availability_zone.py
index 5962042..f3650ac 100644
--- a/tempest/api/compute/servers/test_availability_zone.py
+++ b/tempest/api/compute/servers/test_availability_zone.py
@@ -24,8 +24,8 @@
_api_version = 2
@classmethod
- def resource_setup(cls):
- super(AZV2TestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(AZV2TestJSON, cls).setup_clients()
cls.client = cls.availability_zone_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/servers/test_create_server.py b/tempest/api/compute/servers/test_create_server.py
index 14eb536..03008f3 100644
--- a/tempest/api/compute/servers/test_create_server.py
+++ b/tempest/api/compute/servers/test_create_server.py
@@ -31,8 +31,18 @@
disk_config = 'AUTO'
@classmethod
- def resource_setup(cls):
+ def setup_credentials(cls):
cls.prepare_instance_network()
+ super(ServersTestJSON, cls).setup_credentials()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ServersTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+ cls.network_client = cls.os.network_client
+
+ @classmethod
+ def resource_setup(cls):
super(ServersTestJSON, cls).resource_setup()
cls.meta = {'hello': 'world'}
cls.accessIPv4 = '1.1.1.1'
@@ -41,8 +51,6 @@
file_contents = 'This is a test file.'
personality = [{'path': '/test.txt',
'contents': base64.b64encode(file_contents)}]
- cls.client = cls.servers_client
- cls.network_client = cls.os.network_client
disk_config = cls.disk_config
cls.server_initial = cls.create_test_server(name=cls.name,
meta=cls.meta,
@@ -194,9 +202,9 @@
disk_config = 'AUTO'
@classmethod
- def resource_setup(cls):
+ def setup_clients(cls):
cls.prepare_instance_network()
- super(ServersWithSpecificFlavorTestJSON, cls).resource_setup()
+ super(ServersWithSpecificFlavorTestJSON, cls).setup_clients()
cls.flavor_client = cls.os_adm.flavors_client
cls.client = cls.servers_client
@@ -277,8 +285,8 @@
disk_config = 'MANUAL'
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(ServersTestManualDisk, cls).skip_checks()
if not CONF.compute_feature_enabled.disk_config:
msg = "DiskConfig extension not enabled."
raise cls.skipException(msg)
- super(ServersTestManualDisk, cls).resource_setup()
diff --git a/tempest/api/compute/servers/test_delete_server.py b/tempest/api/compute/servers/test_delete_server.py
index 6155958..7160265 100644
--- a/tempest/api/compute/servers/test_delete_server.py
+++ b/tempest/api/compute/servers/test_delete_server.py
@@ -28,8 +28,8 @@
# for preventing "Quota exceeded for instances"
@classmethod
- def resource_setup(cls):
- super(DeleteServersTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(DeleteServersTestJSON, cls).setup_clients()
cls.client = cls.servers_client
@test.attr(type='gate')
@@ -141,8 +141,8 @@
# for preventing "Quota exceeded for instances".
@classmethod
- def resource_setup(cls):
- super(DeleteServersAdminTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(DeleteServersAdminTestJSON, cls).setup_clients()
cls.non_admin_client = cls.servers_client
cls.admin_client = cls.os_adm.servers_client
diff --git a/tempest/api/compute/servers/test_disk_config.py b/tempest/api/compute/servers/test_disk_config.py
index a15a9b7..c4cb2bd 100644
--- a/tempest/api/compute/servers/test_disk_config.py
+++ b/tempest/api/compute/servers/test_disk_config.py
@@ -25,12 +25,20 @@
class ServerDiskConfigTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(ServerDiskConfigTestJSON, cls).skip_checks()
if not CONF.compute_feature_enabled.disk_config:
msg = "DiskConfig extension not enabled."
raise cls.skipException(msg)
- super(ServerDiskConfigTestJSON, cls).resource_setup()
+
+ @classmethod
+ def setup_clients(cls):
+ super(ServerDiskConfigTestJSON, cls).setup_clients()
cls.client = cls.os.servers_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ServerDiskConfigTestJSON, cls).resource_setup()
server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/servers/test_instance_actions.py b/tempest/api/compute/servers/test_instance_actions.py
index b00221c..c804170 100644
--- a/tempest/api/compute/servers/test_instance_actions.py
+++ b/tempest/api/compute/servers/test_instance_actions.py
@@ -20,9 +20,13 @@
class InstanceActionsTestJSON(base.BaseV2ComputeTest):
@classmethod
+ def setup_clients(cls):
+ super(InstanceActionsTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+
+ @classmethod
def resource_setup(cls):
super(InstanceActionsTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
server = cls.create_test_server(wait_until='ACTIVE')
cls.request_id = server.response['x-compute-request-id']
cls.server_id = server['id']
diff --git a/tempest/api/compute/servers/test_instance_actions_negative.py b/tempest/api/compute/servers/test_instance_actions_negative.py
index a0064b2..2eb46f5 100644
--- a/tempest/api/compute/servers/test_instance_actions_negative.py
+++ b/tempest/api/compute/servers/test_instance_actions_negative.py
@@ -23,9 +23,13 @@
class InstanceActionsNegativeTestJSON(base.BaseV2ComputeTest):
@classmethod
+ def setup_clients(cls):
+ super(InstanceActionsNegativeTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+
+ @classmethod
def resource_setup(cls):
super(InstanceActionsNegativeTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/servers/test_list_servers_negative.py b/tempest/api/compute/servers/test_list_servers_negative.py
index 7837ac1..1c466c5 100644
--- a/tempest/api/compute/servers/test_list_servers_negative.py
+++ b/tempest/api/compute/servers/test_list_servers_negative.py
@@ -24,9 +24,13 @@
force_tenant_isolation = True
@classmethod
+ def setup_clients(cls):
+ super(ListServersNegativeTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+
+ @classmethod
def resource_setup(cls):
super(ListServersNegativeTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
# The following servers are created for use
# by the test methods in this class. These
diff --git a/tempest/api/compute/servers/test_server_actions.py b/tempest/api/compute/servers/test_server_actions.py
index ce3772f..2f657c9 100644
--- a/tempest/api/compute/servers/test_server_actions.py
+++ b/tempest/api/compute/servers/test_server_actions.py
@@ -53,10 +53,14 @@
super(ServerActionsTestJSON, self).tearDown()
@classmethod
+ def setup_clients(cls):
+ super(ServerActionsTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+
+ @classmethod
def resource_setup(cls):
cls.prepare_instance_network()
super(ServerActionsTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
cls.server_id = cls.rebuild_server(None)
@test.idempotent_id('6158df09-4b82-4ab3-af6d-29cf36af858d')
diff --git a/tempest/api/compute/servers/test_server_group.py b/tempest/api/compute/servers/test_server_group.py
index ac04feb..d1c6256 100644
--- a/tempest/api/compute/servers/test_server_group.py
+++ b/tempest/api/compute/servers/test_server_group.py
@@ -28,12 +28,20 @@
It also adds the tests for list and get details of server-groups
"""
@classmethod
- def resource_setup(cls):
- super(ServerGroupTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(ServerGroupTestJSON, cls).skip_checks()
if not test.is_extension_enabled('os-server-groups', 'compute'):
msg = "os-server-groups extension is not enabled."
raise cls.skipException(msg)
+
+ @classmethod
+ def setup_clients(cls):
+ super(ServerGroupTestJSON, cls).setup_clients()
cls.client = cls.servers_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ServerGroupTestJSON, cls).resource_setup()
server_group_name = data_utils.rand_name('server-group')
cls.policy = ['affinity']
diff --git a/tempest/api/compute/servers/test_server_metadata.py b/tempest/api/compute/servers/test_server_metadata.py
index 4a14228..3bdd380 100644
--- a/tempest/api/compute/servers/test_server_metadata.py
+++ b/tempest/api/compute/servers/test_server_metadata.py
@@ -20,10 +20,14 @@
class ServerMetadataTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ServerMetadataTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServerMetadataTestJSON, cls).setup_clients()
cls.client = cls.servers_client
cls.quotas = cls.quotas_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ServerMetadataTestJSON, cls).resource_setup()
server = cls.create_test_server(meta={}, wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/servers/test_server_metadata_negative.py b/tempest/api/compute/servers/test_server_metadata_negative.py
index 0eb3800..833832e 100644
--- a/tempest/api/compute/servers/test_server_metadata_negative.py
+++ b/tempest/api/compute/servers/test_server_metadata_negative.py
@@ -23,10 +23,14 @@
class ServerMetadataNegativeTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ServerMetadataNegativeTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServerMetadataNegativeTestJSON, cls).setup_clients()
cls.client = cls.servers_client
cls.quotas = cls.quotas_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(ServerMetadataNegativeTestJSON, cls).resource_setup()
cls.tenant_id = cls.client.tenant_id
server = cls.create_test_server(meta={}, wait_until='ACTIVE')
@@ -141,14 +145,14 @@
req_metadata = {}
for num in range(1, quota_metadata + 2):
req_metadata['key' + str(num)] = 'val' + str(num)
- self.assertRaises((lib_exc.OverLimit, lib_exc.Unauthorized),
+ self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
self.client.set_server_metadata,
self.server_id, req_metadata)
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised while exceeding metadata items limit for
# tenant.
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.client.update_server_metadata,
self.server_id, req_metadata)
diff --git a/tempest/api/compute/servers/test_server_password.py b/tempest/api/compute/servers/test_server_password.py
index 57fa408..a82fddf 100644
--- a/tempest/api/compute/servers/test_server_password.py
+++ b/tempest/api/compute/servers/test_server_password.py
@@ -21,9 +21,13 @@
class ServerPasswordTestJSON(base.BaseV2ComputeTest):
@classmethod
+ def setup_clients(cls):
+ super(ServerPasswordTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+
+ @classmethod
def resource_setup(cls):
super(ServerPasswordTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
cls.server = cls.create_test_server(wait_until="ACTIVE")
@test.attr(type='gate')
diff --git a/tempest/api/compute/servers/test_server_personality.py b/tempest/api/compute/servers/test_server_personality.py
index 4a28dfb..dbfee8f 100644
--- a/tempest/api/compute/servers/test_server_personality.py
+++ b/tempest/api/compute/servers/test_server_personality.py
@@ -23,8 +23,8 @@
class ServerPersonalityTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ServerPersonalityTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServerPersonalityTestJSON, cls).setup_clients()
cls.client = cls.servers_client
cls.user_client = cls.limits_client
@@ -45,7 +45,7 @@
'contents': base64.b64encode(file_contents)})
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
- self.assertRaises((lib_exc.Unauthorized, lib_exc.OverLimit),
+ self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
self.create_test_server, personality=personality)
@test.attr(type='gate')
diff --git a/tempest/api/compute/servers/test_servers.py b/tempest/api/compute/servers/test_servers.py
index 624d9c2..8668d1a 100644
--- a/tempest/api/compute/servers/test_servers.py
+++ b/tempest/api/compute/servers/test_servers.py
@@ -21,8 +21,8 @@
class ServersTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
- super(ServersTestJSON, cls).resource_setup()
+ def setup_clients(cls):
+ super(ServersTestJSON, cls).setup_clients()
cls.client = cls.servers_client
def tearDown(self):
diff --git a/tempest/api/compute/servers/test_servers_negative.py b/tempest/api/compute/servers/test_servers_negative.py
index dd82893..e696c6b 100644
--- a/tempest/api/compute/servers/test_servers_negative.py
+++ b/tempest/api/compute/servers/test_servers_negative.py
@@ -41,11 +41,19 @@
super(ServersNegativeTestJSON, self).tearDown()
@classmethod
+ def setup_credentials(cls):
+ super(ServersNegativeTestJSON, cls).setup_credentials()
+ cls.alt_os = clients.Manager(cls.isolated_creds.get_alt_creds())
+
+ @classmethod
+ def setup_clients(cls):
+ super(ServersNegativeTestJSON, cls).setup_clients()
+ cls.client = cls.servers_client
+ cls.alt_client = cls.alt_os.servers_client
+
+ @classmethod
def resource_setup(cls):
super(ServersNegativeTestJSON, cls).resource_setup()
- cls.client = cls.servers_client
- cls.alt_os = clients.Manager(cls.isolated_creds.get_alt_creds())
- cls.alt_client = cls.alt_os.servers_client
server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
diff --git a/tempest/api/compute/test_live_block_migration.py b/tempest/api/compute/test_live_block_migration.py
index d2221e1..c3f91ee 100644
--- a/tempest/api/compute/test_live_block_migration.py
+++ b/tempest/api/compute/test_live_block_migration.py
@@ -27,12 +27,15 @@
_host_key = 'OS-EXT-SRV-ATTR:host'
@classmethod
- def resource_setup(cls):
- super(LiveBlockMigrationTestJSON, cls).resource_setup()
-
+ def setup_clients(cls):
+ super(LiveBlockMigrationTestJSON, cls).setup_clients()
cls.admin_hosts_client = cls.os_adm.hosts_client
cls.admin_servers_client = cls.os_adm.servers_client
+ @classmethod
+ def resource_setup(cls):
+ super(LiveBlockMigrationTestJSON, cls).resource_setup()
+
cls.created_server_ids = []
def _get_compute_hostnames(self):
diff --git a/tempest/api/compute/test_live_block_migration_negative.py b/tempest/api/compute/test_live_block_migration_negative.py
index bed53d6..1a4e0c6 100644
--- a/tempest/api/compute/test_live_block_migration_negative.py
+++ b/tempest/api/compute/test_live_block_migration_negative.py
@@ -27,10 +27,14 @@
_host_key = 'OS-EXT-SRV-ATTR:host'
@classmethod
- def resource_setup(cls):
- super(LiveBlockMigrationNegativeTestJSON, cls).resource_setup()
+ def skip_checks(cls):
+ super(LiveBlockMigrationNegativeTestJSON, cls).skip_checks()
if not CONF.compute_feature_enabled.live_migration:
raise cls.skipException("Live migration is not enabled")
+
+ @classmethod
+ def setup_clients(cls):
+ super(LiveBlockMigrationNegativeTestJSON, cls).setup_clients()
cls.admin_hosts_client = cls.os_adm.hosts_client
cls.admin_servers_client = cls.os_adm.servers_client
diff --git a/tempest/api/compute/test_networks.py b/tempest/api/compute/test_networks.py
index c30beb7..2279723 100644
--- a/tempest/api/compute/test_networks.py
+++ b/tempest/api/compute/test_networks.py
@@ -21,10 +21,14 @@
class NetworksTestJSON(base.BaseV2ComputeTest):
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(NetworksTestJSON, cls).skip_checks()
if CONF.service_available.neutron:
raise cls.skipException('nova-network is not available.')
- super(NetworksTestJSON, cls).resource_setup()
+
+ @classmethod
+ def setup_clients(cls):
+ super(NetworksTestJSON, cls).setup_clients()
cls.client = cls.os.networks_client
@test.attr(type='gate')
diff --git a/tempest/api/compute/test_quotas.py b/tempest/api/compute/test_quotas.py
index 1df67d9..86bf5fa 100644
--- a/tempest/api/compute/test_quotas.py
+++ b/tempest/api/compute/test_quotas.py
@@ -26,9 +26,13 @@
super(QuotasTestJSON, self).setUp()
@classmethod
+ def setup_clients(cls):
+ super(QuotasTestJSON, cls).setup_clients()
+ cls.client = cls.quotas_client
+
+ @classmethod
def resource_setup(cls):
super(QuotasTestJSON, cls).resource_setup()
- cls.client = cls.quotas_client
cls.tenant_id = cls.client.tenant_id
cls.user_id = cls.client.user_id
cls.default_quota_set = set(('injected_file_content_bytes',
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
index be9fb52..0885eab 100644
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ b/tempest/api/identity/admin/v2/test_roles_negative.py
@@ -35,7 +35,7 @@
@test.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
def test_list_roles_by_unauthorized_user(self):
# Non-administrator user should not be able to list roles
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_roles)
@test.attr(type=['negative', 'gate'])
@@ -58,7 +58,7 @@
def test_create_role_by_unauthorized_user(self):
# Non-administrator user should not be able to create role
role_name = data_utils.rand_name(name='role-')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_role, role_name)
@test.attr(type=['negative', 'gate'])
@@ -91,7 +91,7 @@
body = self.client.create_role(role_name)
self.data.roles.append(body)
role_id = body.get('id')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_role, role_id)
@test.attr(type=['negative', 'gate'])
@@ -123,7 +123,7 @@
# Non-administrator user should not be authorized to
# assign a role to user
(user, tenant, role) = self._get_role_params()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.assign_user_role,
tenant['id'], user['id'], role['id'])
@@ -175,7 +175,7 @@
self.client.assign_user_role(tenant['id'],
user['id'],
role['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.remove_user_role,
tenant['id'], user['id'], role['id'])
@@ -225,7 +225,7 @@
# a user's roles
(user, tenant, role) = self._get_role_params()
self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_user_roles, tenant['id'],
user['id'])
diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py
index 8346a3d..952b625 100644
--- a/tempest/api/identity/admin/v2/test_tenant_negative.py
+++ b/tempest/api/identity/admin/v2/test_tenant_negative.py
@@ -27,7 +27,7 @@
@test.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
def test_list_tenants_by_unauthorized_user(self):
# Non-administrator user should not be able to list tenants
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_tenants)
@test.attr(type=['negative', 'gate'])
@@ -46,7 +46,7 @@
tenant_name = data_utils.rand_name(name='tenant-')
tenant = self.client.create_tenant(tenant_name)
self.data.tenants.append(tenant)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_tenant, tenant['id'])
@test.attr(type=['negative', 'gate'])
@@ -89,7 +89,7 @@
def test_create_tenant_by_unauthorized_user(self):
# Non-administrator user should not be authorized to create a tenant
tenant_name = data_utils.rand_name(name='tenant-')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_tenant, tenant_name)
@test.attr(type=['negative', 'gate'])
@@ -132,7 +132,7 @@
tenant_name = data_utils.rand_name(name='tenant-')
tenant = self.client.create_tenant(tenant_name)
self.data.tenants.append(tenant)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_tenant, tenant['id'])
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
index f40621b..0336ef1 100644
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ b/tempest/api/identity/admin/v2/test_users_negative.py
@@ -35,7 +35,7 @@
def test_create_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to create a user
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.create_user, self.alt_user,
self.alt_password, self.data.tenant['id'],
self.alt_email)
@@ -131,7 +131,7 @@
def test_update_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to update user
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.update_user, self.alt_user)
@test.attr(type=['negative', 'gate'])
@@ -139,7 +139,7 @@
def test_delete_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to delete a user
self.data.setup_test_user()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.delete_user,
self.data.user['id'])
@@ -220,7 +220,7 @@
def test_get_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to get user list
self.data.setup_test_user()
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.get_users)
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/identity/admin/v3/test_projects_negative.py b/tempest/api/identity/admin/v3/test_projects_negative.py
index bc92900..897eecc 100644
--- a/tempest/api/identity/admin/v3/test_projects_negative.py
+++ b/tempest/api/identity/admin/v3/test_projects_negative.py
@@ -26,7 +26,7 @@
@test.idempotent_id('24c49279-45dd-4155-887a-cb738c2385aa')
def test_list_projects_by_unauthorized_user(self):
# Non-admin user should not be able to list projects
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.non_admin_client.list_projects)
@test.attr(type=['negative', 'gate'])
@@ -46,7 +46,7 @@
# Non-admin user should not be authorized to create a project
project_name = data_utils.rand_name('project-')
self.assertRaises(
- lib_exc.Unauthorized, self.non_admin_client.create_project,
+ lib_exc.Forbidden, self.non_admin_client.create_project,
project_name)
@test.attr(type=['negative', 'gate'])
@@ -72,7 +72,7 @@
project = self.client.create_project(project_name)
self.data.projects.append(project)
self.assertRaises(
- lib_exc.Unauthorized, self.non_admin_client.delete_project,
+ lib_exc.Forbidden, self.non_admin_client.delete_project,
project['id'])
@test.attr(type=['negative', 'gate'])
diff --git a/tempest/api/image/v2/test_images_member_negative.py b/tempest/api/image/v2/test_images_member_negative.py
index a0c59ff..c07db0e 100644
--- a/tempest/api/image/v2/test_images_member_negative.py
+++ b/tempest/api/image/v2/test_images_member_negative.py
@@ -37,7 +37,7 @@
self.alt_tenant_id)
self.assertEqual(member['status'], 'pending')
self.assertNotIn(image_id, self._list_image_ids_as_alt())
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.os_img_client.update_member_status,
image_id, self.alt_tenant_id, 'accepted')
self.assertNotIn(image_id, self._list_image_ids_as_alt())
diff --git a/tempest/api/object_storage/base.py b/tempest/api/object_storage/base.py
index 6a025d9..f75f4c8 100644
--- a/tempest/api/object_storage/base.py
+++ b/tempest/api/object_storage/base.py
@@ -15,7 +15,6 @@
from tempest_lib import exceptions as lib_exc
-from tempest.api.identity import base
from tempest import clients
from tempest.common import credentials
from tempest.common import custom_matchers
@@ -38,29 +37,25 @@
def setup_credentials(cls):
cls.set_network_resources()
super(BaseObjectTest, cls).setup_credentials()
-
cls.isolated_creds = credentials.get_isolated_credentials(
cls.__name__, network_resources=cls.network_resources)
- # Get isolated creds for normal user
- cls.os = clients.Manager(cls.isolated_creds.get_primary_creds())
- # Get isolated creds for admin user
- cls.os_admin = clients.Manager(cls.isolated_creds.get_admin_creds())
- cls.data = SwiftDataGenerator(cls.os_admin.identity_client)
- # Get isolated creds for alt user
- cls.os_alt = clients.Manager(cls.isolated_creds.get_alt_creds())
+ operator_role = CONF.object_storage.operator_role
+ if not cls.isolated_creds.is_role_available(operator_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, operator_role))
+ raise cls.skipException(skip_msg)
+ else:
+ # Get isolated creds for normal user
+ cls.os = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+ [operator_role]))
@classmethod
def setup_clients(cls):
super(BaseObjectTest, cls).setup_clients()
-
cls.object_client = cls.os.object_client
cls.container_client = cls.os.container_client
cls.account_client = cls.os.account_client
- cls.token_client = cls.os_admin.token_client
- cls.identity_admin_client = cls.os_admin.identity_client
- cls.object_client_alt = cls.os_alt.object_client
- cls.container_client_alt = cls.os_alt.container_client
- cls.identity_client_alt = cls.os_alt.identity_client
@classmethod
def resource_setup(cls):
@@ -70,12 +65,9 @@
cls.object_client.auth_provider.clear_auth()
cls.container_client.auth_provider.clear_auth()
cls.account_client.auth_provider.clear_auth()
- cls.object_client_alt.auth_provider.clear_auth()
- cls.container_client_alt.auth_provider.clear_auth()
@classmethod
def resource_cleanup(cls):
- cls.data.teardown_all()
cls.isolated_creds.clear_isolated_creds()
super(BaseObjectTest, cls).resource_cleanup()
@@ -119,28 +111,3 @@
self.assertThat(resp, custom_matchers.ExistsAllResponseHeaders(
target, method))
self.assertThat(resp, custom_matchers.AreAllWellFormatted())
-
-
-class SwiftDataGenerator(base.DataGenerator):
-
- def setup_test_user(self, reseller=False):
- super(SwiftDataGenerator, self).setup_test_user()
- if reseller:
- role_name = CONF.object_storage.reseller_admin_role
- else:
- role_name = CONF.object_storage.operator_role
- role_id = self._get_role_id(role_name)
- self._assign_role(role_id)
-
- def _get_role_id(self, role_name):
- try:
- roles = self.client.list_roles()
- return next(r['id'] for r in roles if r['name'] == role_name)
- except StopIteration:
- msg = "Role name '%s' is not found" % role_name
- raise lib_exc.NotFound(msg)
-
- def _assign_role(self, role_id):
- self.client.assign_user_role(self.tenant['id'],
- self.user['id'],
- role_id)
diff --git a/tempest/api/object_storage/test_account_quotas.py b/tempest/api/object_storage/test_account_quotas.py
index 9b379f4..74bc519 100644
--- a/tempest/api/object_storage/test_account_quotas.py
+++ b/tempest/api/object_storage/test_account_quotas.py
@@ -26,8 +26,16 @@
@classmethod
def setup_credentials(cls):
super(AccountQuotasTest, cls).setup_credentials()
- cls.data.setup_test_user(reseller=True)
- cls.os_reselleradmin = clients.Manager(cls.data.test_credentials)
+ reseller_admin_role = CONF.object_storage.reseller_admin_role
+ if not cls.isolated_creds.is_role_available(reseller_admin_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, reseller_admin_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_reselleradmin = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[reseller_admin_role]))
@classmethod
def resource_setup(cls):
diff --git a/tempest/api/object_storage/test_account_quotas_negative.py b/tempest/api/object_storage/test_account_quotas_negative.py
index 7d4008c..cfcdae4 100644
--- a/tempest/api/object_storage/test_account_quotas_negative.py
+++ b/tempest/api/object_storage/test_account_quotas_negative.py
@@ -29,8 +29,16 @@
@classmethod
def setup_credentials(cls):
super(AccountQuotasNegativeTest, cls).setup_credentials()
- cls.data.setup_test_user(reseller=True)
- cls.os_reselleradmin = clients.Manager(cls.data.test_credentials)
+ reseller_admin_role = CONF.object_storage.reseller_admin_role
+ if not cls.isolated_creds.is_role_available(reseller_admin_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, reseller_admin_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_reselleradmin = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[reseller_admin_role]))
@classmethod
def resource_setup(cls):
@@ -86,12 +94,12 @@
"""
# Not able to remove quota
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.create_account_metadata,
{"Quota-Bytes": ""})
# Not able to modify quota
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.create_account_metadata,
{"Quota-Bytes": "100"})
diff --git a/tempest/api/object_storage/test_account_services.py b/tempest/api/object_storage/test_account_services.py
index 63d0425..14ccc12 100644
--- a/tempest/api/object_storage/test_account_services.py
+++ b/tempest/api/object_storage/test_account_services.py
@@ -32,6 +32,13 @@
containers = []
@classmethod
+ def setup_credentials(cls):
+ super(AccountTest, cls).setup_credentials()
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
def resource_setup(cls):
super(AccountTest, cls).resource_setup()
for i in moves.xrange(ord('a'), ord('f') + 1):
@@ -63,12 +70,9 @@
# To test listing no containers, create new user other than
# the base user of this instance.
- self.data.setup_test_user()
-
- os_test_user = clients.Manager(self.data.test_credentials)
resp, container_list = \
- os_test_user.account_client.list_account_containers()
+ self.os_operator.account_client.list_account_containers()
# When sending a request to an account which has not received a PUT
# container request, the response does not contain 'accept-ranges'
diff --git a/tempest/api/object_storage/test_account_services_negative.py b/tempest/api/object_storage/test_account_services_negative.py
index f329675..4a482da 100644
--- a/tempest/api/object_storage/test_account_services_negative.py
+++ b/tempest/api/object_storage/test_account_services_negative.py
@@ -16,20 +16,27 @@
from tempest.api.object_storage import base
from tempest import clients
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class AccountNegativeTest(base.BaseObjectTest):
+ @classmethod
+ def setup_credentials(cls):
+ super(AccountNegativeTest, cls).setup_credentials()
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
@test.attr(type=['negative', 'gate'])
@test.idempotent_id('070e6aca-6152-4867-868d-1118d68fb38c')
def test_list_containers_with_non_authorized_user(self):
# list containers using non-authorized user
- # create user
- self.data.setup_test_user()
- test_os = clients.Manager(self.data.test_credentials)
- test_auth_provider = test_os.auth_provider
+ test_auth_provider = self.os_operator.auth_provider
# Get auth for the test user
test_auth_provider.auth_data
@@ -44,6 +51,6 @@
params = {'format': 'json'}
# list containers with non-authorized user token
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.account_client.list_account_containers,
params=params)
diff --git a/tempest/api/object_storage/test_container_acl.py b/tempest/api/object_storage/test_container_acl.py
index 6368bec..2c00022 100644
--- a/tempest/api/object_storage/test_container_acl.py
+++ b/tempest/api/object_storage/test_container_acl.py
@@ -16,21 +16,25 @@
from tempest.api.object_storage import base
from tempest import clients
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectTestACLs(base.BaseObjectTest):
@classmethod
def setup_credentials(cls):
super(ObjectTestACLs, cls).setup_credentials()
- cls.data.setup_test_user()
- cls.test_os = clients.Manager(cls.data.test_credentials)
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
@classmethod
def resource_setup(cls):
super(ObjectTestACLs, cls).resource_setup()
- cls.test_auth_data = cls.test_os.auth_provider.auth_data
+ cls.test_auth_data = cls.os_operator.auth_provider.auth_data
def setUp(self):
super(ObjectTestACLs, self).setUp()
@@ -46,8 +50,9 @@
def test_read_object_with_rights(self):
# attempt to read object using authorized user
# update X-Container-Read metadata ACL
- cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user}
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
+ cont_headers = {'X-Container-Read': tenant_name + ':' + username}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
metadata_prefix='')
@@ -71,8 +76,9 @@
def test_write_object_with_rights(self):
# attempt to write object using authorized user
# update X-Container-Write metadata ACL
- cont_headers = {'X-Container-Write':
- self.data.test_tenant + ':' + self.data.test_user}
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
+ cont_headers = {'X-Container-Write': tenant_name + ':' + username}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
metadata_prefix='')
diff --git a/tempest/api/object_storage/test_container_acl_negative.py b/tempest/api/object_storage/test_container_acl_negative.py
index 5892340..18939f0 100644
--- a/tempest/api/object_storage/test_container_acl_negative.py
+++ b/tempest/api/object_storage/test_container_acl_negative.py
@@ -17,21 +17,25 @@
from tempest.api.object_storage import base
from tempest import clients
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectACLsNegativeTest(base.BaseObjectTest):
@classmethod
def setup_credentials(cls):
super(ObjectACLsNegativeTest, cls).setup_credentials()
- cls.data.setup_test_user()
- cls.test_os = clients.Manager(cls.data.test_credentials)
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
@classmethod
def resource_setup(cls):
super(ObjectACLsNegativeTest, cls).resource_setup()
- cls.test_auth_data = cls.test_os.auth_provider.auth_data
+ cls.test_auth_data = cls.os_operator.auth_provider.auth_data
def setUp(self):
super(ObjectACLsNegativeTest, self).setUp()
@@ -84,7 +88,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name, object_name, 'data', headers={})
@@ -102,7 +106,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.get_object,
self.container_name, object_name)
@@ -120,7 +124,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.delete_object,
self.container_name, object_name)
@@ -144,7 +148,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.get_object,
self.container_name, object_name)
@@ -164,7 +168,7 @@
auth_data=self.test_auth_data
)
object_name = data_utils.rand_name(name='Object')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name,
object_name, 'data', headers={})
@@ -174,8 +178,10 @@
def test_write_object_without_write_rights(self):
# attempt to write object using non-authorized user
# update X-Container-Read and X-Container-Write metadata ACL
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user,
+ tenant_name + ':' + username,
'X-Container-Write': ''}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
@@ -187,7 +193,7 @@
auth_data=self.test_auth_data
)
object_name = data_utils.rand_name(name='Object')
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.create_object,
self.container_name,
object_name, 'data', headers={})
@@ -197,8 +203,10 @@
def test_delete_object_without_write_rights(self):
# attempt to delete object using non-authorized user
# update X-Container-Read and X-Container-Write metadata ACL
+ tenant_name = self.os_operator.credentials.tenant_name
+ username = self.os_operator.credentials.username
cont_headers = {'X-Container-Read':
- self.data.test_tenant + ':' + self.data.test_user,
+ tenant_name + ':' + username,
'X-Container-Write': ''}
resp_meta, body = self.container_client.update_container_metadata(
self.container_name, metadata=cont_headers,
@@ -214,7 +222,7 @@
request_part='headers',
auth_data=self.test_auth_data
)
- self.assertRaises(lib_exc.Unauthorized,
+ self.assertRaises(lib_exc.Forbidden,
self.object_client.delete_object,
self.container_name,
object_name)
diff --git a/tempest/api/object_storage/test_container_sync.py b/tempest/api/object_storage/test_container_sync.py
index 71f1275..ae42da6 100644
--- a/tempest/api/object_storage/test_container_sync.py
+++ b/tempest/api/object_storage/test_container_sync.py
@@ -19,6 +19,7 @@
import urlparse
from tempest.api.object_storage import base
+from tempest import clients
from tempest.common.utils import data_utils
from tempest import config
from tempest import test
@@ -36,6 +37,18 @@
clients = {}
@classmethod
+ def setup_credentials(cls):
+ super(ContainerSyncTest, cls).setup_credentials()
+ cls.os_alt = clients.Manager(cls.isolated_creds.get_creds_by_roles(
+ [CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
+ def setup_clients(cls):
+ super(ContainerSyncTest, cls).setup_clients()
+ cls.object_client_alt = cls.os_alt.object_client
+ cls.container_client_alt = cls.os_alt.container_client
+
+ @classmethod
def resource_setup(cls):
super(ContainerSyncTest, cls).resource_setup()
cls.containers = []
diff --git a/tempest/api/object_storage/test_object_services.py b/tempest/api/object_storage/test_object_services.py
index a4d0377..f9220cf 100644
--- a/tempest/api/object_storage/test_object_services.py
+++ b/tempest/api/object_storage/test_object_services.py
@@ -23,12 +23,17 @@
import six
from tempest.api.object_storage import base
+from tempest import clients
from tempest.common import custom_matchers
from tempest.common.utils import data_utils
+from tempest import config
from tempest import test
+CONF = config.CONF
+
class ObjectTest(base.BaseObjectTest):
+
@classmethod
def resource_setup(cls):
super(ObjectTest, cls).resource_setup()
@@ -1016,6 +1021,19 @@
class PublicObjectTest(base.BaseObjectTest):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(PublicObjectTest, cls).setup_credentials()
+ cls.os_alt = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ roles=[CONF.object_storage.operator_role], force_new=True))
+
+ @classmethod
+ def setup_clients(cls):
+ super(PublicObjectTest, cls).setup_clients()
+ cls.identity_client_alt = cls.os_alt.identity_client
+
def setUp(self):
super(PublicObjectTest, self).setUp()
self.container_name = data_utils.rand_name(name='TestContainer')
diff --git a/tempest/api/orchestration/stacks/test_neutron_resources.py b/tempest/api/orchestration/stacks/test_neutron_resources.py
index 253d197..bed3f1b 100644
--- a/tempest/api/orchestration/stacks/test_neutron_resources.py
+++ b/tempest/api/orchestration/stacks/test_neutron_resources.py
@@ -96,7 +96,7 @@
for resource in resources:
cls.test_resources[resource['logical_resource_id']] = resource
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('f9e2664c-bc44-4eef-98b6-495e4f9d74b3')
def test_created_resources(self):
"""Verifies created neutron resources."""
@@ -115,7 +115,7 @@
self.assertEqual(resource_type, resource['resource_type'])
self.assertEqual('CREATE_COMPLETE', resource['resource_status'])
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('c572b915-edb1-4e90-b196-c7199a6848c0')
@test.services('network')
def test_created_network(self):
@@ -128,7 +128,7 @@
self.assertEqual(self.neutron_basic_template['resources'][
'Network']['properties']['name'], network['name'])
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('e8f84b96-f9d7-4684-ad5f-340203e9f2c2')
@test.services('network')
def test_created_subnet(self):
@@ -147,7 +147,7 @@
'Subnet']['properties']['ip_version'], subnet['ip_version'])
self.assertEqual(str(self.subnet_cidr), subnet['cidr'])
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('96af4c7f-5069-44bc-bdcf-c0390f8a67d1')
@test.services('network')
def test_created_router(self):
@@ -161,7 +161,7 @@
router['external_gateway_info']['network_id'])
self.assertEqual(True, router['admin_state_up'])
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('89f605bd-153e-43ee-a0ed-9919b63423c5')
@test.services('network')
def test_created_router_interface(self):
@@ -185,7 +185,7 @@
self.assertEqual(str(self.subnet_cidr.iter_hosts().next()),
router_interface_ip)
- @test.attr(type='slow')
+ @test.attr(type='gate')
@test.idempotent_id('75d85316-4ac2-4c0e-a1a9-edd2148fc10e')
@test.services('compute', 'network')
def test_created_server(self):
diff --git a/tempest/api_schema/response/compute/v2/servers.py b/tempest/api_schema/response/compute/v2/servers.py
index 0132350..83dbb4f 100644
--- a/tempest/api_schema/response/compute/v2/servers.py
+++ b/tempest/api_schema/response/compute/v2/servers.py
@@ -93,6 +93,15 @@
# these attributes. So they are not 'required'.
'hostId'
)
+# NOTE(gmann): Update OS-EXT-IPS:type and OS-EXT-IPS-MAC:mac_addr
+# attributes in server address. Those are API extension,
+# and some environments return a response without
+# these attributes. So they are not 'required'.
+get_server['response_body']['properties']['server']['properties'][
+ 'addresses']['patternProperties']['^[a-zA-Z0-9-_.]+$']['items'][
+ 'properties'].update({
+ 'OS-EXT-IPS:type': {'type': 'string'},
+ 'OS-EXT-IPS-MAC:mac_addr': parameter_types.mac_address})
list_virtual_interfaces = {
'status_code': [200],
@@ -293,11 +302,21 @@
'accessIPv4': parameter_types.access_ip_v4,
'accessIPv6': parameter_types.access_ip_v6
})
-# NOTE(GMann): OS-DCF:diskConfig, security_groups and accessIPv4/v6 are API
-# extensions, and some environments return a response
+# NOTE(GMann): OS-DCF:diskConfig, security_groups and accessIPv4/v6
+# are API extensions, and some environments return a response
# without these attributes. So they are not 'required'.
list_servers_detail['response_body']['properties']['servers']['items'][
'required'].append('hostId')
+# NOTE(gmann): Update OS-EXT-IPS:type and OS-EXT-IPS-MAC:mac_addr
+# attributes in server address. Those are API extension,
+# and some environments return a response without
+# these attributes. So they are not 'required'.
+list_servers_detail['response_body']['properties']['servers']['items'][
+ 'properties']['addresses']['patternProperties']['^[a-zA-Z0-9-_.]+$'][
+ 'items']['properties'].update({
+ 'OS-EXT-IPS:type': {'type': 'string'},
+ 'OS-EXT-IPS-MAC:mac_addr': parameter_types.mac_address})
+
rebuild_server = copy.deepcopy(update_server)
rebuild_server['status_code'] = [202]
diff --git a/tempest/cli/simple_read_only/identity/__init__.py b/tempest/cli/simple_read_only/identity/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/cli/simple_read_only/identity/__init__.py
+++ /dev/null
diff --git a/tempest/cli/simple_read_only/identity/test_keystone.py b/tempest/cli/simple_read_only/identity/test_keystone.py
deleted file mode 100644
index 10a26d5..0000000
--- a/tempest/cli/simple_read_only/identity/test_keystone.py
+++ /dev/null
@@ -1,155 +0,0 @@
-# Copyright 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import re
-
-from tempest_lib import exceptions
-
-from tempest import cli
-from tempest import config
-from tempest.openstack.common import log as logging
-from tempest import test
-
-CONF = config.CONF
-
-
-LOG = logging.getLogger(__name__)
-
-
-class SimpleReadOnlyKeystoneClientTest(cli.ClientTestBase):
- """Basic, read-only tests for Keystone CLI client.
-
- Checks return values and output of read-only commands.
- These tests do not presume any content, nor do they create
- their own. They only verify the structure of output if present.
- """
-
- def keystone(self, *args, **kwargs):
- return self.clients.keystone(*args, **kwargs)
-
- @test.idempotent_id('19c3ae95-3c19-4bba-8ba3-48ad19939b71')
- def test_admin_fake_action(self):
- self.assertRaises(exceptions.CommandFailed,
- self.keystone,
- 'this-does-not-exist')
-
- @test.idempotent_id('a1100917-c7c5-4887-a4da-f7d7f13194f5')
- def test_admin_catalog_list(self):
- out = self.keystone('catalog')
- catalog = self.parser.details_multiple(out, with_label=True)
- for svc in catalog:
- if svc.get('__label'):
- self.assertTrue(svc['__label'].startswith('Service:'),
- msg=('Invalid beginning of service block: '
- '%s' % svc['__label']))
- # check that region and publicURL exists. One might also
- # check for adminURL and internalURL. id seems to be optional
- # and is missing in the catalog backend
- self.assertIn('publicURL', svc.keys())
- self.assertIn('region', svc.keys())
-
- @test.idempotent_id('35c73506-eab6-4abc-956e-42da90aba8ec')
- def test_admin_endpoint_list(self):
- out = self.keystone('endpoint-list')
- endpoints = self.parser.listing(out)
- self.assertTableStruct(endpoints, [
- 'id', 'region', 'publicurl', 'internalurl',
- 'adminurl', 'service_id'])
-
- @test.idempotent_id('f17cb155-bd16-4f32-9956-1b073752fc07')
- def test_admin_endpoint_service_match(self):
- endpoints = self.parser.listing(self.keystone('endpoint-list'))
- services = self.parser.listing(self.keystone('service-list'))
- svc_by_id = {}
- for svc in services:
- svc_by_id[svc['id']] = svc
- for endpoint in endpoints:
- self.assertIn(endpoint['service_id'], svc_by_id)
-
- @test.idempotent_id('be7176f2-9c34-4d84-bb7d-b4bc85d06a33')
- def test_admin_role_list(self):
- roles = self.parser.listing(self.keystone('role-list'))
- self.assertTableStruct(roles, ['id', 'name'])
-
- @test.idempotent_id('96a4de8d-aa9e-4ca5-89f0-985809eccd66')
- def test_admin_service_list(self):
- services = self.parser.listing(self.keystone('service-list'))
- self.assertTableStruct(services, ['id', 'name', 'type', 'description'])
-
- @test.idempotent_id('edb45480-0f7b-49eb-8f95-7562cbba96da')
- def test_admin_tenant_list(self):
- tenants = self.parser.listing(self.keystone('tenant-list'))
- self.assertTableStruct(tenants, ['id', 'name', 'enabled'])
-
- @test.idempotent_id('25a2753d-6bd1-40c0-addc-32864b00cb2d')
- def test_admin_user_list(self):
- users = self.parser.listing(self.keystone('user-list'))
- self.assertTableStruct(users, [
- 'id', 'name', 'enabled', 'email'])
-
- @test.idempotent_id('f92bf8d4-b27b-47c9-8450-e27c57758de9')
- def test_admin_user_role_list(self):
- user_roles = self.parser.listing(self.keystone('user-role-list'))
- self.assertTableStruct(user_roles, [
- 'id', 'name', 'user_id', 'tenant_id'])
-
- @test.idempotent_id('14a2687b-3ce1-404c-9f78-a0e28e2f8f7b')
- def test_admin_discover(self):
- discovered = self.keystone('discover')
- self.assertIn('Keystone found at http', discovered)
- self.assertIn('supports version', discovered)
-
- @test.idempotent_id('9a567c8c-3787-4e5f-9c30-bed55f2b75c0')
- def test_admin_help(self):
- help_text = self.keystone('help')
- lines = help_text.split('\n')
- self.assertFirstLineStartsWith(lines, 'usage: keystone')
-
- commands = []
- cmds_start = lines.index('Positional arguments:')
- cmds_end = lines.index('Optional arguments:')
- command_pattern = re.compile('^ {4}([a-z0-9\-\_]+)')
- for line in lines[cmds_start:cmds_end]:
- match = command_pattern.match(line)
- if match:
- commands.append(match.group(1))
- commands = set(commands)
- wanted_commands = set(('catalog', 'endpoint-list', 'help',
- 'token-get', 'discover', 'bootstrap'))
- self.assertFalse(wanted_commands - commands)
-
- @test.idempotent_id('a7b9e1fe-db31-4846-82c5-52a7aa9863c3')
- def test_admin_bashcompletion(self):
- self.keystone('bash-completion')
-
- @test.idempotent_id('5328c681-df8b-4874-a65c-8fa278f0af8f')
- def test_admin_ec2_credentials_list(self):
- creds = self.keystone('ec2-credentials-list')
- creds = self.parser.listing(creds)
- self.assertTableStruct(creds, ['tenant', 'access', 'secret'])
-
- # Optional arguments:
-
- @test.idempotent_id('af95e809-ce95-4505-8627-170d803b1d13')
- def test_admin_version(self):
- self.keystone('', flags='--version')
-
- @test.idempotent_id('9e26521f-7bfa-4d8e-9d61-fd364f0c20c0')
- def test_admin_debug_list(self):
- self.keystone('catalog', flags='--debug')
-
- @test.idempotent_id('097b3a52-725f-4df7-84b6-277a2b6f6e38')
- def test_admin_timeout(self):
- self.keystone('catalog', flags='--timeout %d' % CONF.cli.timeout)
diff --git a/tempest/common/accounts.py b/tempest/common/accounts.py
index 89de69b..8766e7d 100644
--- a/tempest/common/accounts.py
+++ b/tempest/common/accounts.py
@@ -236,10 +236,16 @@
def get_admin_creds(self):
return self.get_creds_by_roles([CONF.identity.admin_role])
- def admin_available(self):
- if not self.hash_dict['roles'].get(CONF.identity.admin_role):
+ def is_role_available(self, role):
+ if self.use_default_creds:
return False
- return True
+ else:
+ if self.hash_dict['roles'].get(role):
+ return True
+ return False
+
+ def admin_available(self):
+ return self.is_role_available(CONF.identity.admin_role)
class NotLockingAccounts(Accounts):
diff --git a/tempest/common/cred_provider.py b/tempest/common/cred_provider.py
index c22dc1f..ea628f6 100644
--- a/tempest/common/cred_provider.py
+++ b/tempest/common/cred_provider.py
@@ -117,3 +117,7 @@
@abc.abstractmethod
def get_creds_by_roles(self, roles, force_new=False):
return
+
+ @abc.abstractmethod
+ def is_role_available(self, role):
+ return
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index b0531fd..72a3183 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -79,8 +79,15 @@
except StopIteration:
msg = 'No "%s" role found' % role_name
raise lib_exc.NotFound(msg)
- self.identity_admin_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
+ try:
+ self.identity_admin_client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ except lib_exc.Conflict:
+ LOG.warning('Trying to add %s for user %s in tenant %s but they '
+ ' were already granted that role' % (role_name,
+ user['name'],
+ tenant['name']))
def _delete_user(self, user):
self.identity_admin_client.delete_user(user)
@@ -114,11 +121,6 @@
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self._create_user(username, self.password,
tenant, email)
- if CONF.service_available.swift:
- # NOTE(andrey-mp): user needs this role to create containers
- # in swift
- swift_operator_role = CONF.object_storage.operator_role
- self._assign_user_role(tenant, user, swift_operator_role)
if admin:
self._assign_user_role(tenant, user, CONF.identity.admin_role)
# Add roles specified in config file
@@ -385,3 +387,6 @@
def is_multi_tenant(self):
return True
+
+ def is_role_available(self, role):
+ return True
diff --git a/tempest/common/service_client.py b/tempest/common/service_client.py
index fde05af..ad6610a 100644
--- a/tempest/common/service_client.py
+++ b/tempest/common/service_client.py
@@ -13,7 +13,6 @@
# under the License.
from tempest_lib.common import rest_client
-from tempest_lib import exceptions as lib_exceptions
from tempest import config
@@ -47,24 +46,6 @@
super(ServiceClient, self).__init__(auth_provider, service, region,
**params)
- def request(self, method, url, extra_headers=False, headers=None,
- body=None):
- # TODO(oomichi): This translation is just for avoiding a single
- # huge patch to migrate rest_client module to tempest-lib.
- # Ideally(in the future), we need to remove this translation and
- # replace each API tests with tempest-lib's exceptions.
- try:
- return super(ServiceClient, self).request(
- method, url,
- extra_headers=extra_headers,
- headers=headers, body=body)
- # TODO(oomichi): This is just a workaround for failing gate tests
- # when separating Forbidden from Unauthorized in tempest-lib.
- # We will need to remove this translation and replace negative tests
- # with lib_exceptions.Forbidden in the future.
- except lib_exceptions.Forbidden as ex:
- raise lib_exceptions.Unauthorized(ex)
-
class ResponseBody(dict):
"""Class that wraps an http response and dict body into a single value.
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index f24a22a..55d4a52 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -41,8 +41,8 @@
"""Base class for scenario tests. Uses tempest own clients. """
@classmethod
- def resource_setup(cls):
- super(ScenarioTest, cls).resource_setup()
+ def setup_credentials(cls):
+ super(ScenarioTest, cls).setup_credentials()
# TODO(andreaf) Some of the code from this resource_setup could be
# moved into `BaseTestCase`
cls.isolated_creds = credentials.get_isolated_credentials(
@@ -51,6 +51,10 @@
credentials=cls.credentials()
)
cls.admin_manager = clients.Manager(cls.admin_credentials())
+
+ @classmethod
+ def setup_clients(cls):
+ super(ScenarioTest, cls).setup_clients()
# Clients (in alphabetical order)
cls.flavors_client = cls.manager.flavors_client
cls.floating_ips_client = cls.manager.floating_ips_client
@@ -534,13 +538,13 @@
"""
@classmethod
- def check_preconditions(cls):
+ def skip_checks(cls):
+ super(NetworkScenarioTest, cls).skip_checks()
if not CONF.service_available.neutron:
raise cls.skipException('Neutron not available')
@classmethod
def resource_setup(cls):
- cls.check_preconditions()
super(NetworkScenarioTest, cls).resource_setup()
cls.tenant_id = cls.manager.identity_client.tenant_id
@@ -1141,12 +1145,16 @@
class BaremetalScenarioTest(ScenarioTest):
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(BaremetalScenarioTest, cls).skip_checks()
if (not CONF.service_available.ironic or
not CONF.baremetal.driver_enabled):
msg = 'Ironic not available or Ironic compute driver not enabled'
raise cls.skipException(msg)
- super(BaremetalScenarioTest, cls).resource_setup()
+
+ @classmethod
+ def setup_credentials(cls):
+ super(BaremetalScenarioTest, cls).setup_credentials()
# use an admin client manager for baremetal client
manager = clients.Manager(
@@ -1154,6 +1162,9 @@
)
cls.baremetal_client = manager.baremetal_client
+ @classmethod
+ def resource_setup(cls):
+ super(BaremetalScenarioTest, cls).resource_setup()
# allow any issues obtaining the node list to raise early
cls.baremetal_client.list_nodes()
@@ -1272,8 +1283,8 @@
"""
@classmethod
- def resource_setup(cls):
- super(EncryptionScenarioTest, cls).resource_setup()
+ def setup_clients(cls):
+ super(EncryptionScenarioTest, cls).setup_clients()
cls.admin_volume_types_client = cls.admin_manager.volume_types_client
def _wait_for_volume_status(self, status):
@@ -1319,10 +1330,10 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(OrchestrationScenarioTest, cls).skip_checks()
if not CONF.service_available.heat:
raise cls.skipException("Heat support is required")
- super(OrchestrationScenarioTest, cls).resource_setup()
@classmethod
def credentials(cls):
@@ -1365,17 +1376,35 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(SwiftScenarioTest, cls).skip_checks()
if not CONF.service_available.swift:
skip_msg = ("%s skipped as swift is not available" %
cls.__name__)
raise cls.skipException(skip_msg)
+
+ @classmethod
+ def setup_credentials(cls):
cls.set_network_resources()
- super(SwiftScenarioTest, cls).resource_setup()
+ super(SwiftScenarioTest, cls).setup_credentials()
+ operator_role = CONF.object_storage.operator_role
+ if not cls.isolated_creds.is_role_available(operator_role):
+ skip_msg = ("%s skipped because the configured credential provider"
+ " is not able to provide credentials with the %s role "
+ "assigned." % (cls.__name__, operator_role))
+ raise cls.skipException(skip_msg)
+ else:
+ cls.os_operator = clients.Manager(
+ cls.isolated_creds.get_creds_by_roles(
+ [operator_role]))
+
+ @classmethod
+ def setup_clients(cls):
+ super(SwiftScenarioTest, cls).setup_clients()
# Clients for Swift
- cls.account_client = cls.manager.account_client
- cls.container_client = cls.manager.container_client
- cls.object_client = cls.manager.object_client
+ cls.account_client = cls.os_operator.account_client
+ cls.container_client = cls.os_operator.container_client
+ cls.object_client = cls.os_operator.object_client
def get_swift_stat(self):
"""get swift status for our user account."""
diff --git a/tempest/scenario/orchestration/__init__.py b/tempest/scenario/orchestration/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/scenario/orchestration/__init__.py
+++ /dev/null
diff --git a/tempest/scenario/orchestration/cfn_init_signal.yaml b/tempest/scenario/orchestration/cfn_init_signal.yaml
deleted file mode 100644
index c95aabf..0000000
--- a/tempest/scenario/orchestration/cfn_init_signal.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
-HeatTemplateFormatVersion: '2012-12-12'
-Description: |
- Template which uses a wait condition to confirm that a minimal
- cfn-init and cfn-signal has worked
-Parameters:
- key_name:
- Type: String
- flavor:
- Type: String
- image:
- Type: String
- network:
- Type: String
- timeout:
- Type: Number
-Resources:
- CfnUser:
- Type: AWS::IAM::User
- SmokeSecurityGroup:
- Type: AWS::EC2::SecurityGroup
- Properties:
- GroupDescription: Enable only ping and SSH access
- SecurityGroupIngress:
- - {CidrIp: 0.0.0.0/0, FromPort: '-1', IpProtocol: icmp, ToPort: '-1'}
- - {CidrIp: 0.0.0.0/0, FromPort: '22', IpProtocol: tcp, ToPort: '22'}
- SmokeKeys:
- Type: AWS::IAM::AccessKey
- Properties:
- UserName: {Ref: CfnUser}
- SmokeServer:
- Type: OS::Nova::Server
- Metadata:
- AWS::CloudFormation::Init:
- config:
- files:
- /tmp/smoke-status:
- content: smoke test complete
- /etc/cfn/cfn-credentials:
- content:
- Fn::Replace:
- - SmokeKeys: {Ref: SmokeKeys}
- SecretAccessKey:
- 'Fn::GetAtt': [SmokeKeys, SecretAccessKey]
- - |
- AWSAccessKeyId=SmokeKeys
- AWSSecretKey=SecretAccessKey
- mode: '000400'
- owner: root
- group: root
- Properties:
- image: {Ref: image}
- flavor: {Ref: flavor}
- key_name: {Ref: key_name}
- security_groups:
- - {Ref: SmokeSecurityGroup}
- networks:
- - uuid: {Ref: network}
- user_data:
- Fn::Replace:
- - WaitHandle: {Ref: WaitHandle}
- - |
- #!/bin/bash -v
- /opt/aws/bin/cfn-init
- /opt/aws/bin/cfn-signal -e 0 --data "`cat /tmp/smoke-status`" \
- --id smoke_status "WaitHandle"
- WaitHandle:
- Type: AWS::CloudFormation::WaitConditionHandle
- WaitCondition:
- Type: AWS::CloudFormation::WaitCondition
- DependsOn: SmokeServer
- Properties:
- Handle: {Ref: WaitHandle}
- Timeout: {Ref: timeout}
-Outputs:
- WaitConditionStatus:
- Description: Contents of /tmp/smoke-status on SmokeServer
- Value:
- Fn::GetAtt: [WaitCondition, Data]
- SmokeServerIp:
- Description: IP address of server
- Value:
- Fn::GetAtt: [SmokeServer, first_address]
diff --git a/tempest/scenario/orchestration/test_server_cfn_init.py b/tempest/scenario/orchestration/test_server_cfn_init.py
deleted file mode 100644
index 53f7843..0000000
--- a/tempest/scenario/orchestration/test_server_cfn_init.py
+++ /dev/null
@@ -1,134 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import json
-
-from tempest_lib import decorators
-
-from tempest import config
-from tempest import exceptions
-from tempest.openstack.common import log as logging
-from tempest.scenario import manager
-from tempest import test
-
-CONF = config.CONF
-LOG = logging.getLogger(__name__)
-
-
-class CfnInitScenarioTest(manager.OrchestrationScenarioTest):
-
- def setUp(self):
- super(CfnInitScenarioTest, self).setUp()
- if not CONF.orchestration.image_ref:
- raise self.skipException("No image available to test")
- self.client = self.orchestration_client
- self.template_name = 'cfn_init_signal.yaml'
-
- def assign_keypair(self):
- self.stack_name = self._stack_rand_name()
- if CONF.orchestration.keypair_name:
- self.keypair = None
- self.keypair_name = CONF.orchestration.keypair_name
- else:
- self.keypair = self.create_keypair()
- self.keypair_name = self.keypair['name']
-
- def launch_stack(self):
- net = self._get_default_network()
- self.parameters = {
- 'key_name': self.keypair_name,
- 'flavor': CONF.orchestration.instance_type,
- 'image': CONF.orchestration.image_ref,
- 'timeout': CONF.orchestration.build_timeout,
- 'network': net['id'],
- }
-
- # create the stack
- self.template = self._load_template(__file__, self.template_name)
- stack = self.client.create_stack(
- name=self.stack_name,
- template=self.template,
- parameters=self.parameters)
- stack = stack['stack']
-
- self.stack = self.client.get_stack(stack['id'])
- self.stack_identifier = '%s/%s' % (self.stack_name, self.stack['id'])
- self.addCleanup(self.delete_wrapper,
- self.orchestration_client.delete_stack,
- self.stack_identifier)
-
- def check_stack(self):
- sid = self.stack_identifier
- self.client.wait_for_resource_status(
- sid, 'WaitHandle', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeSecurityGroup', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeKeys', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'CfnUser', 'CREATE_COMPLETE')
- self.client.wait_for_resource_status(
- sid, 'SmokeServer', 'CREATE_COMPLETE')
-
- server_resource = self.client.get_resource(sid, 'SmokeServer')
- server_id = server_resource['physical_resource_id']
- server = self.servers_client.get_server(server_id)
- server_ip =\
- server['addresses'][CONF.compute.network_for_ssh][0]['addr']
-
- if not self.ping_ip_address(
- server_ip, ping_timeout=CONF.orchestration.build_timeout):
- self._log_console_output(servers=[server])
- self.fail(
- "(CfnInitScenarioTest:test_server_cfn_init) Timed out waiting "
- "for %s to become reachable" % server_ip)
-
- try:
- self.client.wait_for_resource_status(
- sid, 'WaitCondition', 'CREATE_COMPLETE')
- except (exceptions.StackResourceBuildErrorException,
- exceptions.TimeoutException) as e:
- raise e
- finally:
- # attempt to log the server console regardless of WaitCondition
- # going to complete. This allows successful and failed cloud-init
- # logs to be compared
- self._log_console_output(servers=[server])
-
- self.client.wait_for_stack_status(sid, 'CREATE_COMPLETE')
-
- stack = self.client.get_stack(sid)
-
- # This is an assert of great significance, as it means the following
- # has happened:
- # - cfn-init read the provided metadata and wrote out a file
- # - a user was created and credentials written to the server
- # - a cfn-signal was built which was signed with provided credentials
- # - the wait condition was fulfilled and the stack has changed state
- wait_status = json.loads(
- self._stack_output(stack, 'WaitConditionStatus'))
- self.assertEqual('smoke test complete', wait_status['smoke_status'])
-
- if self.keypair:
- # Check that the user can authenticate with the generated
- # keypair
- self.get_remote_client(server_ip, username='ec2-user',
- log_console_of_servers=[server])
-
- @test.attr(type='slow')
- @decorators.skip_because(bug='1374175')
- @test.idempotent_id('2be9be1f-8106-4ee2-a7ba-444c7557db2f')
- @test.services('orchestration', 'compute')
- def test_server_cfn_init(self):
- self.assign_keypair()
- self.launch_stack()
- self.check_stack()
diff --git a/tempest/scenario/test_aggregates_basic_ops.py b/tempest/scenario/test_aggregates_basic_ops.py
index ff450de..c94a787 100644
--- a/tempest/scenario/test_aggregates_basic_ops.py
+++ b/tempest/scenario/test_aggregates_basic_ops.py
@@ -33,8 +33,8 @@
Deletes aggregate
"""
@classmethod
- def resource_setup(cls):
- super(TestAggregatesBasicOps, cls).resource_setup()
+ def setup_clients(cls):
+ super(TestAggregatesBasicOps, cls).setup_clients()
cls.aggregates_client = cls.manager.aggregates_client
cls.hosts_client = cls.manager.hosts_client
diff --git a/tempest/scenario/test_dashboard_basic_ops.py b/tempest/scenario/test_dashboard_basic_ops.py
index 4c4dc94..dd7376a 100644
--- a/tempest/scenario/test_dashboard_basic_ops.py
+++ b/tempest/scenario/test_dashboard_basic_ops.py
@@ -57,11 +57,15 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestDashboardBasicOps, cls).skip_checks()
if not CONF.service_available.horizon:
raise cls.skipException("Horizon support is required")
+
+ @classmethod
+ def setup_credentials(cls):
cls.set_network_resources()
- super(TestDashboardBasicOps, cls).resource_setup()
+ super(TestDashboardBasicOps, cls).setup_credentials()
def check_login_page(self):
response = urllib2.urlopen(CONF.dashboard.dashboard_url)
diff --git a/tempest/scenario/test_large_ops.py b/tempest/scenario/test_large_ops.py
index af2b4cb..613732a 100644
--- a/tempest/scenario/test_large_ops.py
+++ b/tempest/scenario/test_large_ops.py
@@ -39,11 +39,19 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestLargeOpsScenario, cls).skip_checks()
if CONF.scenario.large_ops_number < 1:
raise cls.skipException("large_ops_number not set to multiple "
"instances")
+
+ @classmethod
+ def setup_credentials(cls):
cls.set_network_resources()
+ super(TestLargeOpsScenario, cls).setup_credentials()
+
+ @classmethod
+ def resource_setup(cls):
super(TestLargeOpsScenario, cls).resource_setup()
# list of cleanup calls to be executed in reverse order
cls._cleanup_resources = []
diff --git a/tempest/scenario/test_load_balancer_basic.py b/tempest/scenario/test_load_balancer_basic.py
index 6f6036f..0d17048 100644
--- a/tempest/scenario/test_load_balancer_basic.py
+++ b/tempest/scenario/test_load_balancer_basic.py
@@ -43,8 +43,8 @@
"""
@classmethod
- def check_preconditions(cls):
- super(TestLoadBalancerBasic, cls).check_preconditions()
+ def skip_checks(cls):
+ super(TestLoadBalancerBasic, cls).skip_checks()
cfg = config.network
if not test.is_extension_enabled('lbaas', 'network'):
msg = 'LBaaS Extension is not enabled'
@@ -57,7 +57,6 @@
@classmethod
def resource_setup(cls):
super(TestLoadBalancerBasic, cls).resource_setup()
- cls.check_preconditions()
cls.servers_keypairs = {}
cls.members = []
cls.floating_ips = {}
@@ -262,6 +261,8 @@
port_id=port_id)
self.floating_ips.setdefault(vip.id, [])
self.floating_ips[vip.id].append(floating_ip)
+ # Check for floating ip status before you check load-balancer
+ self.check_floating_ip_status(floating_ip, "ACTIVE")
def _create_load_balancer(self):
self._create_pool()
diff --git a/tempest/scenario/test_network_advanced_server_ops.py b/tempest/scenario/test_network_advanced_server_ops.py
index 6e82a41..1d4f915 100644
--- a/tempest/scenario/test_network_advanced_server_ops.py
+++ b/tempest/scenario/test_network_advanced_server_ops.py
@@ -41,8 +41,8 @@
"""
@classmethod
- def check_preconditions(cls):
- super(TestNetworkAdvancedServerOps, cls).check_preconditions()
+ def skip_checks(cls):
+ super(TestNetworkAdvancedServerOps, cls).skip_checks()
if not (CONF.network.tenant_networks_reachable
or CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
@@ -50,10 +50,10 @@
raise cls.skipException(msg)
@classmethod
- def resource_setup(cls):
+ def setup_credentials(cls):
# Create no network resources for these tests.
cls.set_network_resources()
- super(TestNetworkAdvancedServerOps, cls).resource_setup()
+ super(TestNetworkAdvancedServerOps, cls).setup_credentials()
def _setup_network_and_servers(self):
self.keypair = self.create_keypair()
@@ -84,10 +84,11 @@
should_connect=should_connect,
servers_for_debug=[self.server])
floating_ip = self.floating_ip.floating_ip_address
+ # Check FloatingIP status before checking the connectivity
+ self.check_floating_ip_status(self.floating_ip, 'ACTIVE')
self.check_public_network_connectivity(floating_ip, username,
private_key, should_connect,
servers=[self.server])
- self.check_floating_ip_status(self.floating_ip, 'ACTIVE')
def _wait_server_status_and_check_network_connectivity(self):
self.servers_client.wait_for_server_status(self.server['id'], 'ACTIVE')
diff --git a/tempest/scenario/test_network_basic_ops.py b/tempest/scenario/test_network_basic_ops.py
index 4199b2c..f4db878 100644
--- a/tempest/scenario/test_network_basic_ops.py
+++ b/tempest/scenario/test_network_basic_ops.py
@@ -77,23 +77,23 @@
"""
@classmethod
- def check_preconditions(cls):
- super(TestNetworkBasicOps, cls).check_preconditions()
+ def skip_checks(cls):
+ super(TestNetworkBasicOps, cls).skip_checks()
if not (CONF.network.tenant_networks_reachable
or CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
-
- @classmethod
- def resource_setup(cls):
for ext in ['router', 'security-group']:
if not test.is_extension_enabled(ext, 'network'):
msg = "%s extension not enabled." % ext
raise cls.skipException(msg)
+
+ @classmethod
+ def setup_credentials(cls):
# Create no network resources for these tests.
cls.set_network_resources()
- super(TestNetworkBasicOps, cls).resource_setup()
+ super(TestNetworkBasicOps, cls).setup_credentials()
def setUp(self):
super(TestNetworkBasicOps, self).setUp()
@@ -190,12 +190,13 @@
if should_connect:
private_key = self._get_server_key(server)
floatingip_status = 'ACTIVE'
+ # Check FloatingIP Status before initiating a connection
+ if should_check_floating_ip_status:
+ self.check_floating_ip_status(floating_ip, floatingip_status)
# call the common method in the parent class
super(TestNetworkBasicOps, self).check_public_network_connectivity(
ip_address, ssh_login, private_key, should_connect, msg,
self.servers)
- if should_check_floating_ip_status:
- self.check_floating_ip_status(floating_ip, floatingip_status)
def _disassociate_floating_ips(self):
floating_ip, server = self.floating_ip_tuple
diff --git a/tempest/scenario/test_network_v6.py b/tempest/scenario/test_network_v6.py
index d5d2d77..7b2bdd5 100644
--- a/tempest/scenario/test_network_v6.py
+++ b/tempest/scenario/test_network_v6.py
@@ -34,13 +34,8 @@
"""
@classmethod
- def resource_setup(cls):
- # Create no network resources for these tests.
- cls.set_network_resources()
- super(TestGettingAddress, cls).resource_setup()
-
- @classmethod
- def check_preconditions(cls):
+ def skip_checks(cls):
+ super(TestGettingAddress, cls).skip_checks()
if not (CONF.network_feature_enabled.ipv6
and CONF.network_feature_enabled.ipv6_subnet_attributes):
raise cls.skipException('IPv6 or its attributes not supported')
@@ -53,7 +48,11 @@
msg = ('Baremetal does not currently support network isolation')
raise cls.skipException(msg)
- super(TestGettingAddress, cls).check_preconditions()
+ @classmethod
+ def setup_credentials(cls):
+ # Create no network resources for these tests.
+ cls.set_network_resources()
+ super(TestGettingAddress, cls).setup_credentials()
def setUp(self):
super(TestGettingAddress, self).setUp()
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 4fbadb0..f9667a5 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -119,11 +119,11 @@
self.router = router
@classmethod
- def check_preconditions(cls):
+ def skip_checks(cls):
+ super(TestSecurityGroupsBasicOps, cls).skip_checks()
if CONF.baremetal.driver_enabled:
msg = ('Not currently supported by baremetal.')
raise cls.skipException(msg)
- super(TestSecurityGroupsBasicOps, cls).check_preconditions()
if not (CONF.network.tenant_networks_reachable or
CONF.network.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
@@ -131,10 +131,10 @@
raise cls.skipException(msg)
@classmethod
- def resource_setup(cls):
+ def setup_credentials(cls):
# Create no network resources for these tests.
cls.set_network_resources()
- super(TestSecurityGroupsBasicOps, cls).resource_setup()
+ super(TestSecurityGroupsBasicOps, cls).setup_credentials()
# TODO(mnewby) Consider looking up entities as needed instead
# of storing them as collections on the class.
@@ -144,6 +144,9 @@
# Credentials from the manager are filled with both IDs and Names
cls.alt_creds = cls.alt_manager.credentials
+ @classmethod
+ def resource_setup(cls):
+ super(TestSecurityGroupsBasicOps, cls).resource_setup()
cls.floating_ips = {}
cls.tenants = {}
creds = cls.credentials()
@@ -151,6 +154,7 @@
cls.alt_tenant = cls.TenantProperties(cls.alt_creds)
for tenant in [cls.primary_tenant, cls.alt_tenant]:
cls.tenants[tenant.creds.tenant_id] = tenant
+
cls.floating_ip_access = not CONF.network.public_router_id
def cleanup_wrapper(self, resource):
diff --git a/tempest/scenario/test_server_advanced_ops.py b/tempest/scenario/test_server_advanced_ops.py
index d0b595a..8cbc388 100644
--- a/tempest/scenario/test_server_advanced_ops.py
+++ b/tempest/scenario/test_server_advanced_ops.py
@@ -35,12 +35,16 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestServerAdvancedOps, cls).skip_checks()
if CONF.compute.flavor_ref_alt == CONF.compute.flavor_ref:
msg = "Skipping test - flavor_ref and flavor_ref_alt are identical"
raise cls.skipException(msg)
+
+ @classmethod
+ def setup_credentials(cls):
cls.set_network_resources()
- super(TestServerAdvancedOps, cls).resource_setup()
+ super(TestServerAdvancedOps, cls).setup_credentials()
@test.idempotent_id('e6c28180-7454-4b59-b188-0257af08a63b')
@testtools.skipUnless(CONF.compute_feature_enabled.resize,
diff --git a/tempest/scenario/test_stamp_pattern.py b/tempest/scenario/test_stamp_pattern.py
index bd3cefa..3614e97 100644
--- a/tempest/scenario/test_stamp_pattern.py
+++ b/tempest/scenario/test_stamp_pattern.py
@@ -54,10 +54,10 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestStampPattern, cls).skip_checks()
if not CONF.volume_feature_enabled.snapshot:
raise cls.skipException("Cinder volume snapshots are disabled")
- super(TestStampPattern, cls).resource_setup()
def _wait_for_volume_snapshot_status(self, volume_snapshot, status):
self.snapshots_client.wait_for_snapshot_status(volume_snapshot['id'],
diff --git a/tempest/scenario/test_swift_telemetry_middleware.py b/tempest/scenario/test_swift_telemetry_middleware.py
index 8305641..a10168c 100644
--- a/tempest/scenario/test_swift_telemetry_middleware.py
+++ b/tempest/scenario/test_swift_telemetry_middleware.py
@@ -44,7 +44,8 @@
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestSwiftTelemetry, cls).skip_checks()
if not CONF.service_available.ceilometer:
skip_msg = ("%s skipped as ceilometer is not available" %
cls.__name__)
@@ -52,8 +53,11 @@
elif CONF.telemetry.too_slow_to_test:
skip_msg = "Ceilometer feature for fast work mysql is disabled"
raise cls.skipException(skip_msg)
- super(TestSwiftTelemetry, cls).resource_setup()
- cls.telemetry_client = cls.manager.telemetry_client
+
+ @classmethod
+ def setup_clients(cls):
+ super(TestSwiftTelemetry, cls).setup_clients()
+ cls.telemetry_client = cls.os_operator.telemetry_client
def _confirm_notifications(self, container_name, obj_name):
"""
@@ -79,15 +83,15 @@
meta = sample['resource_metadata']
if meta.get('container') and meta['container'] != 'None':
containers.append(meta['container'])
- elif (meta.get('target') and
- meta['target']['metadata']['container'] != 'None'):
- containers.append(meta['target']['metadata']['container'])
+ elif (meta.get('target.metadata:container') and
+ meta['target.metadata:container'] != 'None'):
+ containers.append(meta['target.metadata:container'])
if meta.get('object') and meta['object'] != 'None':
objects.append(meta['object'])
- elif (meta.get('target') and
- meta['target']['metadata']['object'] != 'None'):
- objects.append(meta['target']['metadata']['object'])
+ elif (meta.get('target.metadata:object') and
+ meta['target.metadata:object'] != 'None'):
+ objects.append(meta['target.metadata:object'])
return (container_name in containers and obj_name in objects)
diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py
index d1ea270..95edbd2 100644
--- a/tempest/scenario/test_volume_boot_pattern.py
+++ b/tempest/scenario/test_volume_boot_pattern.py
@@ -38,10 +38,10 @@
* Check written content in the instance booted from snapshot
"""
@classmethod
- def resource_setup(cls):
+ def skip_checks(cls):
+ super(TestVolumeBootPattern, cls).skip_checks()
if not CONF.volume_feature_enabled.snapshot:
raise cls.skipException("Cinder volume snapshots are disabled")
- super(TestVolumeBootPattern, cls).resource_setup()
def _create_volume_from_image(self):
img_uuid = CONF.compute.image_ref
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_tenant_isolation.py
index a18ad46..a420a8f 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_tenant_isolation.py
@@ -156,7 +156,6 @@
'assign_user_role') as user_mock:
admin_creds = iso_creds.get_admin_creds()
user_mock.assert_has_calls([
- mock.call('1234', '1234', '1'),
mock.call('1234', '1234', '1234')])
self.assertEqual(admin_creds.username, 'fake_admin_user')
self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant')
@@ -182,9 +181,8 @@
role_creds = iso_creds.get_creds_by_roles(roles=['role1', 'role2'])
calls = user_mock.mock_calls
# Assert that the role creation is called with the 2 specified roles
- self.assertEqual(len(calls), 3)
+ self.assertEqual(len(calls), 2)
args = map(lambda x: x[1], calls)
- self.assertIn(('1234', '1234', '1'), args)
self.assertIn(('1234', '1234', '1234'), args)
self.assertIn(('1234', '1234', '12345'), args)
self.assertEqual(role_creds.username, 'fake_role_user')