Browse Source

Complete RBAC test coverage for Shipyard Document Staging API

This commmit completes RBAC coverage for Shipyard Document Staging API,
for the APIs noted here [0]. For now, the goal is to meet the first use-case
of this plugin, which is to test RBAC for Shipyard. With this in mind, for RBAC
testing, we only care if a role has permission to an API in question. Therefore,
some of the more complex APIs are 'short circuit' tests - meaning only RBAC
permissions are checked and other expections are ignored.

[0] http://airship-shipyard.readthedocs.io/en/latest/API.html#document-staging-api
Rick Bartra 8 months ago
parent
commit
e7807b4caf

+ 8
- 0
README.rst View File

@@ -4,3 +4,11 @@ Tempest Integration of airship-tempest-plugin
4 4
 
5 5
 The purpose of this plugin is to provide automated tests
6 6
 for all OpenStack Airship components.
7
+
8
+DISCALIMER:
9
+This initial implementation is just to meet the first use case which is RBAC
10
+testing. For RBAC testing, we only need to hit the API endpoint and check
11
+role permission to the API being tested. Some of the REST clients will need to be
12
+rewritten if functional testing is desired. Those that need to be rewritten
13
+are documented in each service client code.
14
+

+ 0
- 6
airship_tempest_plugin/README.rst View File

@@ -1,6 +0,0 @@
1
-===============================================
2
-Tempest Integration of airship-tempest-plugin
3
-===============================================
4
-
5
-This directory contains Tempest tests to cover the airship-tempest-plugin project.
6
-

+ 36
- 0
airship_tempest_plugin/services/shipyard/json/document_staging_client.py View File

@@ -23,6 +23,15 @@ from six.moves.urllib import parse as urllib
23 23
 
24 24
 from tempest.lib.common import rest_client
25 25
 
26
+# NOTE(rb560u): The following will need to be rewritten in the future if
27
+# functional testing is desired:
28
+#  - 'def post_configdocs`
29
+#  - `def get_configdocs_within_collection`
30
+#  - 'def post_commitconfigdocs'
31
+# This initial implementation is just to meet the first use case which is RBAC
32
+# testing. For RBAC testing, we only need to hit the API endpoint and check
33
+# role permission to that API.
34
+
26 35
 
27 36
 class DocumentStagingClient(rest_client.RestClient):
28 37
     api_version = "v1.0"
@@ -32,3 +41,30 @@ class DocumentStagingClient(rest_client.RestClient):
32 41
         self.expected_success(200, resp.status)
33 42
         body = json.loads(body)
34 43
         return rest_client.ResponseBody(resp, body)
44
+
45
+    def post_configdocs(self):
46
+        url = "configdocs/1"
47
+        post_body = json.dumps({})
48
+        resp, body = self.post(url, post_body)
49
+        self.expected_success(201, resp.status)
50
+        body = json.loads(body)
51
+        return rest_client.ResponseBody(resp, body)
52
+
53
+    def get_configdocs_within_collection(self):
54
+        resp, body = self.get('configdocs/1')
55
+        self.expected_success(200, resp.status)
56
+        body = json.loads(body)
57
+        return rest_client.ResponseBody(resp, body)
58
+
59
+    def get_renderedconfigdocs(self):
60
+        resp, body = self.get('renderedconfigdocs')
61
+        self.expected_success(200, resp.status)
62
+        body = json.loads(body)
63
+        return rest_client.ResponseBody(resp, body)
64
+
65
+    def post_commitconfigdocs(self):
66
+        post_body = json.dumps({})
67
+        resp, body = self.post("commitconfigdocs", post_body)
68
+        self.expected_success(200, resp.status)
69
+        body = json.loads(body)
70
+        return rest_client.ResponseBody(resp, body)

+ 15
- 0
airship_tempest_plugin/tests/api/common/rbac_roles.yaml View File

@@ -11,3 +11,18 @@ shipyard:
11 11
     - admin
12 12
     - admin_ucp
13 13
     - admin_ucp_viewer
14
+  post_configdocs:
15
+    - admin
16
+    - admin_ucp
17
+  get_configdocs_within_collection:
18
+    - admin
19
+    - admin_ucp
20
+    - admin_ucp_viewer
21
+  get_renderedconfigdocs:
22
+    - admin
23
+    - admin_ucp
24
+    - admin_ucp_viewer
25
+  post_commitconfigdocs:
26
+    - admin
27
+    - admin_ucp
28
+    - admin_ucp_viewer

+ 53
- 0
airship_tempest_plugin/tests/api/shipyard/rbac/test_document_staging_rbac.py View File

@@ -20,6 +20,7 @@ from patrole_tempest_plugin import rbac_rule_validation
20 20
 
21 21
 from tempest.common import utils
22 22
 from tempest.lib import decorators
23
+from tempest.lib import exceptions
23 24
 from tempest.lib.common.utils import data_utils
24 25
 from tempest.lib.common.utils import test_utils
25 26
 
@@ -33,3 +34,55 @@ class DocumentStagingRbacTest(rbac_base.BaseShipyardRbacTest):
33 34
     def test_get_configdocs(self):
34 35
         with self.rbac_utils.override_role(self):
35 36
             self.shipyard_document_staging_client.get_configdocs()
37
+
38
+    @rbac_rule_validation.action(service="shipyard",
39
+                                 rules=["post_configdocs"])
40
+    @decorators.idempotent_id('1a0daf92-9dba-470c-a317-66b41c0b3df7')
41
+    def test_post_configdocs(self):
42
+        with self.rbac_utils.override_role(self):
43
+            # As this is a RBAC test, we only care about whether the role has
44
+            # permission or not. Role permission is checked prior to validating
45
+            # the post body, therefore we will ignore a BadRequest exception
46
+            try:
47
+                self.shipyard_document_staging_client.post_configdocs()
48
+            except exceptions.BadRequest:
49
+                pass
50
+
51
+    @rbac_rule_validation.action(service="shipyard",
52
+                                 rules=["get_configdocs_within_collection"])
53
+    @decorators.idempotent_id('d64cfa75-3bbe-4688-8849-db5a54ce98ea')
54
+    def test_get_configdocs_within_collection(self):
55
+        with self.rbac_utils.override_role(self):
56
+            # As this is a RBAC test, we only care about whether the role has
57
+            # permission or not. Role permission is checked prior to validating
58
+            # the post body, therefore we will ignore a NotFound exception
59
+            try:
60
+                self.shipyard_document_staging_client.get_configdocs_within_collection()
61
+            except exceptions.NotFound:
62
+                pass
63
+
64
+    @rbac_rule_validation.action(service="shipyard",
65
+                                 rules=["get_renderedconfigdocs"])
66
+    @decorators.idempotent_id('0ab53b15-bce9-494f-9a11-34dd2c44d699')
67
+    def test_get_renderedconfigdocs(self):
68
+        with self.rbac_utils.override_role(self):
69
+            # As this is a RBAC test, we only care about whether the role has
70
+            # permission or not. Role permission is checked prior to validating
71
+            # the post body, therefore we will ignore a NotFound exception
72
+            try:
73
+                self.shipyard_document_staging_client.get_renderedconfigdocs()
74
+            except exceptions.NotFound:
75
+                pass
76
+
77
+    @rbac_rule_validation.action(service="shipyard",
78
+                                 rules=["post_commitconfigdocs"])
79
+    @decorators.idempotent_id('200d1cbf-ca11-4b92-9cfd-6cd2a90bc919')
80
+    def test_post_commitconfigdocs(self):
81
+        with self.rbac_utils.override_role(self):
82
+            # As this is a RBAC test, we only care about whether the role has
83
+            # permission or not. Role permission is checked prior to validating
84
+            # the post body, therefore we will ignore a Conflict exception
85
+            try:
86
+                self.shipyard_document_staging_client.post_commitconfigdocs()
87
+            except exceptions.Conflict:
88
+                pass

Loading…
Cancel
Save