Merge "Add image cache client"
diff --git a/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
new file mode 100644
index 0000000..f96c030
--- /dev/null
+++ b/releasenotes/notes/temp_url_tests_digest_config-3d8c9bb271961ddd.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - |
+ Add configuration parameter `tempurl_digest_hashlib` into
+ `object-storage-feature-enabled` which configures the hashing algorithm to
+ use for the temp_url tests; defaults to 'sha256'.
+security:
+ - |
+ Swift used to support only 'sha1' for temp_url hashing but from many
+ years now 'sha256' and 'sha512' are also available. These are stronger
+ than 'sha1' and tempest now allows configuring which one to use.
diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index e1e6597..9b5aad3 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst
@@ -6,6 +6,7 @@
:maxdepth: 1
unreleased
+ v31.1.0
v31.0.0
v30.0.0
v29.2.0
diff --git a/releasenotes/source/v31.1.0.rst b/releasenotes/source/v31.1.0.rst
new file mode 100644
index 0000000..ecd7c36
--- /dev/null
+++ b/releasenotes/source/v31.1.0.rst
@@ -0,0 +1,5 @@
+=====================
+v31.1.0 Release Notes
+=====================
+.. release-notes:: 31.1.0 Release Notes
+ :version: 31.1.0
diff --git a/tempest/api/object_storage/test_container_sync.py b/tempest/api/object_storage/test_container_sync.py
index 6b1f849..b31ff76 100644
--- a/tempest/api/object_storage/test_container_sync.py
+++ b/tempest/api/object_storage/test_container_sync.py
@@ -126,7 +126,7 @@
self.assertEqual(object_content, obj_name[::-1].encode())
@decorators.attr(type='slow')
- @decorators.unstable_test(bug='1317133')
+ @decorators.skip_because(bug='1317133')
@decorators.idempotent_id('be008325-1bba-4925-b7dd-93b58f22ce9b')
@testtools.skipIf(
not CONF.object_storage_feature_enabled.container_sync,
diff --git a/tempest/api/object_storage/test_object_services.py b/tempest/api/object_storage/test_object_services.py
index 2823185..a11bed8 100644
--- a/tempest/api/object_storage/test_object_services.py
+++ b/tempest/api/object_storage/test_object_services.py
@@ -182,7 +182,6 @@
self.assertEqual(data, body)
@decorators.idempotent_id('4f84422a-e2f2-4403-b601-726a4220b54e')
- @decorators.unstable_test(bug='1905432')
def test_create_object_with_transfer_encoding(self):
"""Test creating object with transfer_encoding"""
object_name = data_utils.rand_name(name='TestObject')
diff --git a/tempest/api/object_storage/test_object_temp_url.py b/tempest/api/object_storage/test_object_temp_url.py
index 4ca7412..8f218e2 100644
--- a/tempest/api/object_storage/test_object_temp_url.py
+++ b/tempest/api/object_storage/test_object_temp_url.py
@@ -19,9 +19,12 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
+CONF = config.CONF
+
class ObjectTempUrlTest(base.BaseObjectTest):
"""Test object temp url"""
@@ -77,8 +80,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/object_storage/test_object_temp_url_negative.py b/tempest/api/object_storage/test_object_temp_url_negative.py
index e5f4cf2..712697e 100644
--- a/tempest/api/object_storage/test_object_temp_url_negative.py
+++ b/tempest/api/object_storage/test_object_temp_url_negative.py
@@ -19,10 +19,13 @@
from tempest.api.object_storage import base
from tempest.common import utils
+from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
+CONF = config.CONF
+
class ObjectTempUrlNegativeTest(base.BaseObjectTest):
"""Negative tests of object temp url"""
@@ -82,8 +85,11 @@
container, object_name)
hmac_body = '%s\n%s\n%s' % (method, expires, path)
+ hlib = getattr(
+ hashlib,
+ CONF.object_storage_feature_enabled.tempurl_digest_hashlib)
sig = hmac.new(
- key.encode(), hmac_body.encode(), hashlib.sha256
+ key.encode(), hmac_body.encode(), hlib
).hexdigest()
url = "%s/%s?temp_url_sig=%s&temp_url_expires=%s" % (container,
diff --git a/tempest/api/volume/admin/test_backends_capabilities.py b/tempest/api/volume/admin/test_backends_capabilities.py
index 9a85ed4..e3a8156 100644
--- a/tempest/api/volume/admin/test_backends_capabilities.py
+++ b/tempest/api/volume/admin/test_backends_capabilities.py
@@ -37,6 +37,33 @@
# Check response schema
self.admin_capabilities_client.show_backend_capabilities(self.hosts[0])
+ @staticmethod
+ def _change_capabilities_storage_protocol(capabilities):
+ """Convert storage_protocol to its canonical version"""
+ # List of storage protocols variants defined in cinder.common.constants
+ # The canonical name for storage protocol comes first in the list
+ VARIANTS = [['iSCSI', 'iscsi'], ['FC', 'fibre_channel', 'fc'],
+ ['NFS', 'nfs'], ['NVMe-oF', 'NVMeOF', 'nvmeof']]
+
+ capabilities = sorted(list(capabilities))
+
+ # Cinder Bug #1966103: Some drivers were reporting different strings
+ # to represent the same storage protocol. For backward compatibility,
+ # the scheduler can handle the variants, but to standardize this for
+ # operators (who may need to refer to the protocol in volume-type
+ # extra-specs), the get-pools and get-capabilities response was changed
+ # to only report the canonical name for a storage protocol, but these
+ # 2 REST API call swere not changed simultaneously, so we may or may
+ # not get canonical names, so just convert canonical names.
+ for item in range(len(capabilities)):
+ for variants in VARIANTS:
+ if capabilities[item][2] in variants:
+ capabilities[item] = (capabilities[item][0],
+ capabilities[item][1],
+ variants[0])
+
+ return capabilities
+
@decorators.idempotent_id('a9035743-d46a-47c5-9cb7-3c80ea16dea0')
def test_compare_volume_stats_values(self):
"""Test comparing volume stats values
@@ -47,11 +74,6 @@
'volume_backend_name',
'storage_protocol')
- # List of storage protocols variants defined in cinder.common.constants
- # The canonical name for storage protocol comes first in the list
- VARIANTS = [['iSCSI', 'iscsi'], ['FC', 'fibre_channel', 'fc'],
- ['NFS', 'nfs'], ['NVMe-oF', 'NVMeOF', 'nvmeof']]
-
# Get list backend capabilities using show_pools
cinder_pools = [
pool['capabilities'] for pool in
@@ -65,27 +87,9 @@
]
# Returns a tuple of VOLUME_STATS values
- expected_list = sorted(list(map(operator.itemgetter(*VOLUME_STATS),
- cinder_pools)))
- observed_list = sorted(list(map(operator.itemgetter(*VOLUME_STATS),
- capabilities)))
-
- # Cinder Bug #1966103: Some drivers were reporting different strings
- # to represent the same storage protocol. For backward compatibility,
- # the scheduler can handle the variants, but to standardize this for
- # operators (who may need to refer to the protocol in volume-type
- # extra-specs), the get-pools response was changed by I07d74078dbb1
- # to only report the canonical name for a storage protocol. Thus, the
- # expected_list (which we got from the get-pools call) will only
- # contain canonical names, while the observed_list (which we got
- # from the driver capabilities call) may contain a variant. So before
- # comparing the lists, we need to look for known variants in the
- # observed_list elements and replace them with their canonical values
- for item in range(len(observed_list)):
- for variants in VARIANTS:
- if observed_list[item][2] in variants:
- observed_list[item] = (observed_list[item][0],
- observed_list[item][1],
- variants[0])
+ expected_list = self._change_capabilities_storage_protocol(
+ map(operator.itemgetter(*VOLUME_STATS), cinder_pools))
+ observed_list = self._change_capabilities_storage_protocol(
+ map(operator.itemgetter(*VOLUME_STATS), capabilities))
self.assertEqual(expected_list, observed_list)
diff --git a/tempest/api/volume/admin/test_encrypted_volumes_extend.py b/tempest/api/volume/admin/test_encrypted_volumes_extend.py
index 7339179..e85a00d 100644
--- a/tempest/api/volume/admin/test_encrypted_volumes_extend.py
+++ b/tempest/api/volume/admin/test_encrypted_volumes_extend.py
@@ -31,5 +31,18 @@
"Attached encrypted volume extend is disabled.")
@utils.services('compute')
def test_extend_attached_encrypted_volume_luksv1(self):
+ """LUKs v1 decrypts and extends through libvirt."""
volume = self.create_encrypted_volume(encryption_provider="luks")
self._test_extend_attached_volume(volume)
+
+ @decorators.idempotent_id('381a2a3a-b2f4-4631-a910-720881f2cc2f')
+ @testtools.skipUnless(
+ CONF.volume_feature_enabled.extend_attached_encrypted_volume,
+ "Attached encrypted volume extend is disabled.")
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @utils.services('compute')
+ def test_extend_attached_encrypted_volume_luksv2(self):
+ """LUKs v2 decrypts and extends through os-brick."""
+ volume = self.create_encrypted_volume(encryption_provider="luks2")
+ self._test_extend_attached_volume(volume)
diff --git a/tempest/config.py b/tempest/config.py
index 4098f32..f986ddb 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -1164,6 +1164,11 @@
cfg.BoolOpt('discoverability',
default=True,
help="Execute discoverability tests"),
+ cfg.StrOpt('tempurl_digest_hashlib',
+ default='sha256',
+ help="Hashing algorithm to use for the temp_url tests. "
+ "Needs to be supported both by Swift and the "
+ "hashlib module, for example sha1 or sha256"),
]
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 73ce08f..2843498 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -815,7 +815,9 @@
name = data_utils.rand_name(self.__class__.__name__ + 'snapshot')
LOG.debug("Creating a snapshot image for server: %s", server['name'])
image = _images_client.create_image(server['id'], name=name, **kwargs)
- image_id = image.response['location'].split('images/')[1]
+ # microversion 2.45 and above returns image_id
+ image_id = image.get('image_id') or image.response['location'].split(
+ 'images/')[1]
waiters.wait_for_image_status(_image_client, image_id, 'active')
self.addCleanup(_image_client.wait_for_resource_deletion,
diff --git a/tempest/scenario/test_encrypted_cinder_volumes.py b/tempest/scenario/test_encrypted_cinder_volumes.py
index 6ee9f28..9788e19 100644
--- a/tempest/scenario/test_encrypted_cinder_volumes.py
+++ b/tempest/scenario/test_encrypted_cinder_volumes.py
@@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+import testtools
+
from tempest.common import utils
from tempest import config
from tempest.lib import decorators
@@ -27,7 +29,7 @@
This test is for verifying the functionality of encrypted cinder volumes.
- For both LUKS and cryptsetup encryption types, this test performs
+ For both LUKS (v1 & v2) and cryptsetup encryption types, this test performs
the following:
* Boots an instance from an image (CONF.compute.image_ref)
@@ -55,11 +57,24 @@
@decorators.attr(type='slow')
@utils.services('compute', 'volume', 'image')
def test_encrypted_cinder_volumes_luks(self):
+ """LUKs v1 decrypts volume through libvirt."""
server = self.launch_instance()
volume = self.create_encrypted_volume('luks',
volume_type='luks')
self.attach_detach_volume(server, volume)
+ @decorators.idempotent_id('7abec0a3-61a0-42a5-9e36-ad3138fb38b4')
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @decorators.attr(type='slow')
+ @utils.services('compute', 'volume', 'image')
+ def test_encrypted_cinder_volumes_luksv2(self):
+ """LUKs v2 decrypts volume through os-brick."""
+ server = self.launch_instance()
+ volume = self.create_encrypted_volume('luks2',
+ volume_type='luksv2')
+ self.attach_detach_volume(server, volume)
+
@decorators.idempotent_id('cbc752ed-b716-4717-910f-956cce965722')
@decorators.attr(type='slow')
@utils.services('compute', 'volume', 'image')
diff --git a/tempest/scenario/test_minimum_basic.py b/tempest/scenario/test_minimum_basic.py
index 8cafd1f..5fcaa10 100644
--- a/tempest/scenario/test_minimum_basic.py
+++ b/tempest/scenario/test_minimum_basic.py
@@ -234,6 +234,8 @@
fip, server)
# fetch the server again to make sure the addresses were refreshed
# after associating the floating IP
+ waiters.wait_for_server_floating_ip(self.servers_client, server,
+ floating_ip)
server = self.servers_client.show_server(server['id'])['server']
address = self._get_floating_ip_in_server_addresses(
floating_ip, server)
diff --git a/tempest/scenario/test_network_advanced_server_ops.py b/tempest/scenario/test_network_advanced_server_ops.py
index 1c00212..e630e29 100644
--- a/tempest/scenario/test_network_advanced_server_ops.py
+++ b/tempest/scenario/test_network_advanced_server_ops.py
@@ -283,7 +283,6 @@
self._wait_server_status_and_check_network_connectivity(
server, keypair, floating_ip)
- @decorators.unstable_test(bug='1836595')
@decorators.idempotent_id('25b188d7-0183-4b1e-a11d-15840c8e2fd6')
@testtools.skipUnless(CONF.compute_feature_enabled.cold_migration,
'Cold migration is not available.')
diff --git a/tempest/scenario/test_volume_boot_pattern.py b/tempest/scenario/test_volume_boot_pattern.py
index 5a5cc27..2e87c15 100644
--- a/tempest/scenario/test_volume_boot_pattern.py
+++ b/tempest/scenario/test_volume_boot_pattern.py
@@ -246,14 +246,10 @@
# Assert that the underlying volume is gone.
self.volumes_client.wait_for_resource_deletion(volume_origin['id'])
- @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125')
- @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
- 'Encrypted volume attach is not supported')
- @utils.services('compute', 'volume')
- def test_boot_server_from_encrypted_volume_luks(self):
+ def _do_test_boot_server_from_encrypted_volume_luks(self, provider):
# Create an encrypted volume
- volume = self.create_encrypted_volume('luks',
- volume_type='luks')
+ volume = self.create_encrypted_volume(provider,
+ volume_type=provider)
self.volumes_client.set_bootable_volume(volume['id'], bootable=True)
@@ -266,3 +262,21 @@
server_info = self.servers_client.show_server(server['id'])['server']
created_volume = server_info['os-extended-volumes:volumes_attached']
self.assertEqual(volume['id'], created_volume[0]['id'])
+
+ @decorators.idempotent_id('cb78919a-e553-4bab-b73b-10cf4d2eb125')
+ @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
+ 'Encrypted volume attach is not supported')
+ @utils.services('compute', 'volume')
+ def test_boot_server_from_encrypted_volume_luks(self):
+ """LUKs v1 decrypts volume through libvirt."""
+ self._do_test_boot_server_from_encrypted_volume_luks('luks')
+
+ @decorators.idempotent_id('5ab6100f-1b31-4dd0-a774-68cfd837ef77')
+ @testtools.skipIf(CONF.volume.storage_protocol == 'ceph',
+ 'Ceph only supports LUKSv2 if doing host attach.')
+ @testtools.skipUnless(CONF.compute_feature_enabled.attach_encrypted_volume,
+ 'Encrypted volume attach is not supported')
+ @utils.services('compute', 'volume')
+ def test_boot_server_from_encrypted_volume_luksv2(self):
+ """LUKs v2 decrypts volume through os-brick."""
+ self._do_test_boot_server_from_encrypted_volume_luks('luks2')
diff --git a/tools/tempest-integrated-gate-networking-exclude-list.txt b/tools/tempest-integrated-gate-networking-exclude-list.txt
index 263b2e4..9d79a35 100644
--- a/tools/tempest-integrated-gate-networking-exclude-list.txt
+++ b/tools/tempest-integrated-gate-networking-exclude-list.txt
@@ -11,9 +11,11 @@
# Skip Cinder, Glance and Swift only scenario tests.
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks
+tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks2
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_cryptsetup
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_basic_ops
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_acl_anonymous_download
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks
+tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks2
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_image_defined_boot_from_volume
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_create_server_from_volume_snapshot
diff --git a/tools/tempest-integrated-gate-placement-exclude-list.txt b/tools/tempest-integrated-gate-placement-exclude-list.txt
index efba796..eb68b32 100644
--- a/tools/tempest-integrated-gate-placement-exclude-list.txt
+++ b/tools/tempest-integrated-gate-placement-exclude-list.txt
@@ -11,9 +11,11 @@
# Skip Cinder, Glance and Swift only scenario tests.
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks
+tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_luks2
tempest.scenario.test_encrypted_cinder_volumes.TestEncryptedCinderVolumes.test_encrypted_cinder_volumes_cryptsetup
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_basic_ops
tempest.scenario.test_object_storage_basic_ops.TestObjectStorageBasicOps.test_swift_acl_anonymous_download
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks
+tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted_volume_luks2
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_image_defined_boot_from_volume
tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_create_server_from_volume_snapshot