Browse Source

Cleanup clients, add documenation, and fix 2 tests

This commit does the following:

- Cleanup the service clients to not hard code resource values
  used in API endpoints
- Add documentation to the README
- Fix the following tests that were not previously working:
  - `test_get_action_validation`
  - `test_invoke_action_control`

Change-Id: I8636f3b704871ad98c346b4a19c7f7f41c705e13
Rick Bartra 8 months ago
parent
commit
9ede7e5237

+ 45
- 0
README.rst View File

@@ -2,13 +2,58 @@
2 2
 Tempest Integration of airship-tempest-plugin
3 3
 ===============================================
4 4
 
5
+Purpose:
6
+--------
5 7
 The purpose of this plugin is to provide automated tests
6 8
 for all OpenStack Airship components.
7 9
 
8 10
 DISCALIMER:
11
+-----------
9 12
 This initial implementation is just to meet the first use case which is RBAC
10 13
 testing. For RBAC testing, we only need to hit the API endpoint and check
11 14
 role permission to the API being tested. Some of the REST clients will need to be
12 15
 rewritten if functional testing is desired. Those that need to be rewritten
13 16
 are documented in each service client code.
14 17
 
18
+Environment Information:
19
+------------------------
20
+Testing can be done in a airship-in-a-bottle environment. Please refer to [0] and [1].
21
+Tempest and Tempest plugin installation can be done in a Python virtual environment.
22
+
23
+FAQ:
24
+----
25
+- Where do the REST clients exist?
26
+  https://github.com/att-comdev/airship-tempest-plugin/tree/master/airship_tempest_plugin/services
27
+- Where do the tests exists? [3]
28
+  https://github.com/att-comdev/airship-tempest-plugin/tree/master/airship_tempest_plugin/tests/api
29
+- Example of where/how the REST clients are instantiated.
30
+  https://github.com/att-comdev/airship-tempest-plugin/blob/master/airship_tempest_plugin/tests/api/shipyard/base.py
31
+- Where do we define expected results (requirements)?
32
+  https://github.com/att-comdev/airship-tempest-plugin/blob/master/airship_tempest_plugin/tests/api/common/rbac_roles.yaml
33
+- Where do we add configuration to support another Airship component?
34
+  https://github.com/att-comdev/airship-tempest-plugin/blob/master/airship_tempest_plugin/config.py
35
+- Where do we run the test from?
36
+  After the plugin is installed, run it from the tempest directory
37
+- Example of how to run all the RBAC tests for Shipyard:
38
+  'tempest run --regex airship_tempest_plugin.tests.api.shipyard.rbac'
39
+- What is Patrole?
40
+  https://github.com/openstack/patrole/blob/master/README.rst
41
+- What is a Tempest plugin? [8]
42
+  https://docs.openstack.org/tempest/latest/plugin.html
43
+
44
+Patrole Supporting Documentation:
45
+---------------------------------
46
+Patrole documentation for requirements driven approach that is used: https://github.com/openstack/patrole/blob/master/doc/source/framework/requirements_authority.rst
47
+Patrole role-overriding: https://github.com/openstack/patrole/blob/master/doc/source/framework/rbac_utils.rst#role-overriding
48
+Patrole under-permission exception: https://github.com/openstack/patrole/blob/master/patrole_tempest_plugin/rbac_exceptions.py#L51
49
+Patrole over-permission exception: https://github.com/openstack/patrole/blob/master/patrole_tempest_plugin/rbac_exceptions.py#L44
50
+
51
+Future Considerations:
52
+---------------------
53
+Will the airship-tempest-plugin continue to live here: https://github.com/att-comdev/airship-tempest-plugin or will it be moved under OpenStack?
54
+Will there exist a RBAC gate for all Airship projects? 
55
+
56
+Referenced Links:
57
+-----------------
58
+[0] https://github.com/openstack/airship-in-a-bottle
59
+[1] https://www.airshipit.org/

+ 12
- 10
airship_tempest_plugin/services/shipyard/json/actions_client.py View File

@@ -24,7 +24,7 @@ from tempest.lib.common import rest_client
24 24
 
25 25
 # NOTE(rb560u): The following will need to be rewritten in the future if
26 26
 # functional testing is desired:
27
-#  - 'def post_actions`
27
+#  - 'def create_action`
28 28
 # This initial implementation is just to meet the first use case which is RBAC
29 29
 # testing. For RBAC testing, we only need to hit the API endpoint and check
30 30
 # role permission to that API.
@@ -40,33 +40,35 @@ class ActionsClient(rest_client.RestClient):
40 40
         return rest_client.ResponseBody(resp, body)
41 41
 
42 42
     def create_action(self):
43
-        url = "actions"
43
+        url = 'actions'
44
+        # Update post_body if functional testing is desired
44 45
         post_body = json.dumps({})
45 46
         resp, body = self.post(url, post_body)
46 47
         self.expected_success(201, resp.status)
47 48
         body = json.loads(body)
48 49
         return rest_client.ResponseBody(resp, body)
49 50
 
50
-    def get_action(self):
51
-        resp, body = self.get('actions/1')
51
+    def get_action(self, action_id=None):
52
+        resp, body = self.get('actions/%s' % action_id)
52 53
         self.expected_success(200, resp.status)
53 54
         body = json.loads(body)
54 55
         return rest_client.ResponseBody(resp, body)
55 56
 
56
-    def get_action_validation(self):
57
-        resp, body = self.get('actions/1/validationdetails/1')
57
+    def get_action_validation(self, action_id=None, validation_id=None):
58
+        resp, body = \
59
+            self.get('actions/%s/validations/%s' % (action_id, validation_id))
58 60
         self.expected_success(200, resp.status)
59 61
         body = json.loads(body)
60 62
         return rest_client.ResponseBody(resp, body)
61 63
 
62
-    def get_action_step(self):
63
-        resp, body = self.get('actions/1/steps/1')
64
+    def get_action_step(self, action_id=None, step_id=None):
65
+        resp, body = self.get('actions/%s/steps/%s' % (action_id, step_id))
64 66
         self.expected_success(200, resp.status)
65 67
         body = json.loads(body)
66 68
         return rest_client.ResponseBody(resp, body)
67 69
 
68
-    def invoke_action_control(self):
69
-        url = "actions/1/pause"
70
+    def invoke_action_control(self, action_id=None, control_verb=None):
71
+        url = 'actions/%s/control/%s' % (action_id, control_verb)
70 72
         post_body = json.dumps({})
71 73
         resp, body = self.post(url, post_body)
72 74
         self.expected_success(202, resp.status)

+ 2
- 2
airship_tempest_plugin/services/shipyard/json/airflow_monitoring_client.py View File

@@ -32,8 +32,8 @@ class AirflowMonitoringClient(rest_client.RestClient):
32 32
         body = json.loads(body)
33 33
         return rest_client.ResponseBody(resp, body)
34 34
 
35
-    def get_workflow(self):
36
-        resp, body = self.get('workflows/1')
35
+    def get_workflow(self, workflow_id=None):
36
+        resp, body = self.get('workflows/%s' % workflow_id)
37 37
         self.expected_success(200, resp.status)
38 38
         body = json.loads(body)
39 39
         return rest_client.ResponseBody(resp, body)

+ 8
- 9
airship_tempest_plugin/services/shipyard/json/document_staging_client.py View File

@@ -24,9 +24,7 @@ from tempest.lib.common import rest_client
24 24
 
25 25
 # NOTE(rb560u): The following will need to be rewritten in the future if
26 26
 # functional testing is desired:
27
-#  - 'def post_configdocs`
28
-#  - `def get_configdocs_within_collection`
29
-#  - 'def post_commitconfigdocs'
27
+#  - 'def create_configdocs`
30 28
 # This initial implementation is just to meet the first use case which is RBAC
31 29
 # testing. For RBAC testing, we only need to hit the API endpoint and check
32 30
 # role permission to that API.
@@ -41,16 +39,17 @@ class DocumentStagingClient(rest_client.RestClient):
41 39
         body = json.loads(body)
42 40
         return rest_client.ResponseBody(resp, body)
43 41
 
44
-    def create_configdocs(self):
45
-        url = "configdocs/1"
42
+    def create_configdocs(self, collection_id=None):
43
+        url = "configdocs/%s" % collection_id
44
+        # Update post_body if functional testing is desired
46 45
         post_body = json.dumps({})
47 46
         resp, body = self.post(url, post_body)
48 47
         self.expected_success(201, resp.status)
49 48
         body = json.loads(body)
50 49
         return rest_client.ResponseBody(resp, body)
51 50
 
52
-    def get_configdocs(self):
53
-        resp, body = self.get('configdocs/1')
51
+    def get_configdocs(self, collection_id=None):
52
+        resp, body = self.get('configdocs/%s' % collection_id)
54 53
         self.expected_success(200, resp.status)
55 54
         body = json.loads(body)
56 55
         return rest_client.ResponseBody(resp, body)
@@ -61,8 +60,8 @@ class DocumentStagingClient(rest_client.RestClient):
61 60
         body = json.loads(body)
62 61
         return rest_client.ResponseBody(resp, body)
63 62
 
64
-    def commit_configdocs(self):
65
-        post_body = json.dumps({})
63
+    def commit_configdocs(self, force=False, dryrun=False):
64
+        post_body = json.dumps({"force": force, "dryrun": dryrun})
66 65
         resp, body = self.post("commitconfigdocs", post_body)
67 66
         self.expected_success(200, resp.status)
68 67
         body = json.loads(body)

+ 3
- 2
airship_tempest_plugin/services/shipyard/json/log_retrieval_client.py View File

@@ -26,8 +26,9 @@ from tempest.lib.common import rest_client
26 26
 class LogRetrievalClient(rest_client.RestClient):
27 27
     api_version = "v1.0"
28 28
 
29
-    def get_action_step_logs(self):
30
-        resp, body = self.get('actions/1/steps/1/logs')
29
+    def get_action_step_logs(self, action_id=None, step_id=None):
30
+        resp, body = \
31
+            self.get('actions/%s/steps/%s/logs' % (action_id, step_id))
31 32
         self.expected_success(200, resp.status)
32 33
         body = json.loads(body)
33 34
         return rest_client.ResponseBody(resp, body)

+ 0
- 1
airship_tempest_plugin/tests/api/common/rbac_roles.yaml View File

@@ -43,7 +43,6 @@ shipyard:
43 43
   workflow_orchestrator:commit_configdocs:
44 44
     - admin
45 45
     - admin_ucp
46
-    - admin_ucp_viewer
47 46
   workflow_orchestrator:list_workflows:
48 47
     - admin
49 48
     - admin_ucp

+ 16
- 7
airship_tempest_plugin/tests/api/shipyard/rbac/test_actions_rbac.py View File

@@ -41,9 +41,10 @@ class ActionsRbacTest(rbac_base.BaseShipyardRbacTest):
41 41
             # As this is a RBAC test, we only care about whether the role has
42 42
             # permission or not. Role permission is checked prior to validating
43 43
             # the post body, therefore we will ignore a BadRequest exception
44
+            # and NotFound exception
44 45
             try:
45 46
                 self.shipyard_actions_client.create_action()
46
-            except exceptions.BadRequest:
47
+            except (exceptions.BadRequest, exceptions.NotFound):
47 48
                 pass
48 49
 
49 50
     @rbac_rule_validation.action(
@@ -60,15 +61,19 @@ class ActionsRbacTest(rbac_base.BaseShipyardRbacTest):
60 61
             except exceptions.NotFound:
61 62
                 pass
62 63
 
63
-    ''' NEEDS REWORK AS SHIPYARD NOT DOING POLICY ENFORCEMENT FIRST
64 64
     @rbac_rule_validation.action(
65 65
         service="shipyard",
66 66
         rules=["workflow_orchestrator:get_action_validation"])
67 67
     @decorators.idempotent_id('a5156dcd-2674-4295-aa6a-d8db1bd4cf4b')
68 68
     def test_get_action_validation(self):
69 69
         with self.rbac_utils.override_role(self):
70
-            self.shipyard_actions_client.get_action_validation()
71
-    '''
70
+            # As this is a RBAC test, we only care about whether the role has
71
+            # permission or not. Role permission is checked prior to validating
72
+            # the post body, therefore we will ignore a NotFound exception
73
+            try:
74
+                self.shipyard_actions_client.get_action_validation()
75
+            except exceptions.NotFound:
76
+                pass
72 77
 
73 78
     @rbac_rule_validation.action(
74 79
         service="shipyard",
@@ -84,12 +89,16 @@ class ActionsRbacTest(rbac_base.BaseShipyardRbacTest):
84 89
             except exceptions.NotFound:
85 90
                 pass
86 91
 
87
-    ''' NEEDS REWORK AS SHIPYARD NOT DOING POLICY ENFORCEMENT FIRST
88 92
     @rbac_rule_validation.action(
89 93
         service="shipyard",
90 94
         rules=["workflow_orchestrator:invoke_action_control"])
91 95
     @decorators.idempotent_id('4f6b6564-ff1d-463a-aee8-ed2d51e2a286')
92 96
     def test_invoke_action_control(self):
93 97
         with self.rbac_utils.override_role(self):
94
-            self.shipyard_actions_client.invoke_action_control()
95
-    '''
98
+            # As this is a RBAC test, we only care about whether the role has
99
+            # permission or not. Role permission is checked prior to validating
100
+            # the post body, therefore we will ignore a NotFound exception
101
+            try:
102
+                self.shipyard_actions_client.invoke_action_control()
103
+            except exceptions.NotFound:
104
+                pass

Loading…
Cancel
Save