Complete RBAC test coverage for Shipyard Document Staging API
This commmit completes RBAC coverage for Shipyard Document Staging API, for the APIs noted here [0]. For now, the goal is to meet the first use-case of this plugin, which is to test RBAC for Shipyard. With this in mind, for RBAC testing, we only care if a role has permission to an API in question. Therefore, some of the more complex APIs are 'short circuit' tests - meaning only RBAC permissions are checked and other expections are ignored. [0] http://airship-shipyard.readthedocs.io/en/latest/API.html#document-staging-api
This commit is contained in:
parent
6b87d7d633
commit
e7807b4caf
@ -4,3 +4,11 @@ Tempest Integration of airship-tempest-plugin
|
|||||||
|
|
||||||
The purpose of this plugin is to provide automated tests
|
The purpose of this plugin is to provide automated tests
|
||||||
for all OpenStack Airship components.
|
for all OpenStack Airship components.
|
||||||
|
|
||||||
|
DISCALIMER:
|
||||||
|
This initial implementation is just to meet the first use case which is RBAC
|
||||||
|
testing. For RBAC testing, we only need to hit the API endpoint and check
|
||||||
|
role permission to the API being tested. Some of the REST clients will need to be
|
||||||
|
rewritten if functional testing is desired. Those that need to be rewritten
|
||||||
|
are documented in each service client code.
|
||||||
|
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
===============================================
|
|
||||||
Tempest Integration of airship-tempest-plugin
|
|
||||||
===============================================
|
|
||||||
|
|
||||||
This directory contains Tempest tests to cover the airship-tempest-plugin project.
|
|
||||||
|
|
@ -23,6 +23,15 @@ from six.moves.urllib import parse as urllib
|
|||||||
|
|
||||||
from tempest.lib.common import rest_client
|
from tempest.lib.common import rest_client
|
||||||
|
|
||||||
|
# NOTE(rb560u): The following will need to be rewritten in the future if
|
||||||
|
# functional testing is desired:
|
||||||
|
# - 'def post_configdocs`
|
||||||
|
# - `def get_configdocs_within_collection`
|
||||||
|
# - 'def post_commitconfigdocs'
|
||||||
|
# This initial implementation is just to meet the first use case which is RBAC
|
||||||
|
# testing. For RBAC testing, we only need to hit the API endpoint and check
|
||||||
|
# role permission to that API.
|
||||||
|
|
||||||
|
|
||||||
class DocumentStagingClient(rest_client.RestClient):
|
class DocumentStagingClient(rest_client.RestClient):
|
||||||
api_version = "v1.0"
|
api_version = "v1.0"
|
||||||
@ -32,3 +41,30 @@ class DocumentStagingClient(rest_client.RestClient):
|
|||||||
self.expected_success(200, resp.status)
|
self.expected_success(200, resp.status)
|
||||||
body = json.loads(body)
|
body = json.loads(body)
|
||||||
return rest_client.ResponseBody(resp, body)
|
return rest_client.ResponseBody(resp, body)
|
||||||
|
|
||||||
|
def post_configdocs(self):
|
||||||
|
url = "configdocs/1"
|
||||||
|
post_body = json.dumps({})
|
||||||
|
resp, body = self.post(url, post_body)
|
||||||
|
self.expected_success(201, resp.status)
|
||||||
|
body = json.loads(body)
|
||||||
|
return rest_client.ResponseBody(resp, body)
|
||||||
|
|
||||||
|
def get_configdocs_within_collection(self):
|
||||||
|
resp, body = self.get('configdocs/1')
|
||||||
|
self.expected_success(200, resp.status)
|
||||||
|
body = json.loads(body)
|
||||||
|
return rest_client.ResponseBody(resp, body)
|
||||||
|
|
||||||
|
def get_renderedconfigdocs(self):
|
||||||
|
resp, body = self.get('renderedconfigdocs')
|
||||||
|
self.expected_success(200, resp.status)
|
||||||
|
body = json.loads(body)
|
||||||
|
return rest_client.ResponseBody(resp, body)
|
||||||
|
|
||||||
|
def post_commitconfigdocs(self):
|
||||||
|
post_body = json.dumps({})
|
||||||
|
resp, body = self.post("commitconfigdocs", post_body)
|
||||||
|
self.expected_success(200, resp.status)
|
||||||
|
body = json.loads(body)
|
||||||
|
return rest_client.ResponseBody(resp, body)
|
||||||
|
@ -11,3 +11,18 @@ shipyard:
|
|||||||
- admin
|
- admin
|
||||||
- admin_ucp
|
- admin_ucp
|
||||||
- admin_ucp_viewer
|
- admin_ucp_viewer
|
||||||
|
post_configdocs:
|
||||||
|
- admin
|
||||||
|
- admin_ucp
|
||||||
|
get_configdocs_within_collection:
|
||||||
|
- admin
|
||||||
|
- admin_ucp
|
||||||
|
- admin_ucp_viewer
|
||||||
|
get_renderedconfigdocs:
|
||||||
|
- admin
|
||||||
|
- admin_ucp
|
||||||
|
- admin_ucp_viewer
|
||||||
|
post_commitconfigdocs:
|
||||||
|
- admin
|
||||||
|
- admin_ucp
|
||||||
|
- admin_ucp_viewer
|
||||||
|
@ -20,6 +20,7 @@ from patrole_tempest_plugin import rbac_rule_validation
|
|||||||
|
|
||||||
from tempest.common import utils
|
from tempest.common import utils
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
|
from tempest.lib import exceptions
|
||||||
from tempest.lib.common.utils import data_utils
|
from tempest.lib.common.utils import data_utils
|
||||||
from tempest.lib.common.utils import test_utils
|
from tempest.lib.common.utils import test_utils
|
||||||
|
|
||||||
@ -33,3 +34,55 @@ class DocumentStagingRbacTest(rbac_base.BaseShipyardRbacTest):
|
|||||||
def test_get_configdocs(self):
|
def test_get_configdocs(self):
|
||||||
with self.rbac_utils.override_role(self):
|
with self.rbac_utils.override_role(self):
|
||||||
self.shipyard_document_staging_client.get_configdocs()
|
self.shipyard_document_staging_client.get_configdocs()
|
||||||
|
|
||||||
|
@rbac_rule_validation.action(service="shipyard",
|
||||||
|
rules=["post_configdocs"])
|
||||||
|
@decorators.idempotent_id('1a0daf92-9dba-470c-a317-66b41c0b3df7')
|
||||||
|
def test_post_configdocs(self):
|
||||||
|
with self.rbac_utils.override_role(self):
|
||||||
|
# As this is a RBAC test, we only care about whether the role has
|
||||||
|
# permission or not. Role permission is checked prior to validating
|
||||||
|
# the post body, therefore we will ignore a BadRequest exception
|
||||||
|
try:
|
||||||
|
self.shipyard_document_staging_client.post_configdocs()
|
||||||
|
except exceptions.BadRequest:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@rbac_rule_validation.action(service="shipyard",
|
||||||
|
rules=["get_configdocs_within_collection"])
|
||||||
|
@decorators.idempotent_id('d64cfa75-3bbe-4688-8849-db5a54ce98ea')
|
||||||
|
def test_get_configdocs_within_collection(self):
|
||||||
|
with self.rbac_utils.override_role(self):
|
||||||
|
# As this is a RBAC test, we only care about whether the role has
|
||||||
|
# permission or not. Role permission is checked prior to validating
|
||||||
|
# the post body, therefore we will ignore a NotFound exception
|
||||||
|
try:
|
||||||
|
self.shipyard_document_staging_client.get_configdocs_within_collection()
|
||||||
|
except exceptions.NotFound:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@rbac_rule_validation.action(service="shipyard",
|
||||||
|
rules=["get_renderedconfigdocs"])
|
||||||
|
@decorators.idempotent_id('0ab53b15-bce9-494f-9a11-34dd2c44d699')
|
||||||
|
def test_get_renderedconfigdocs(self):
|
||||||
|
with self.rbac_utils.override_role(self):
|
||||||
|
# As this is a RBAC test, we only care about whether the role has
|
||||||
|
# permission or not. Role permission is checked prior to validating
|
||||||
|
# the post body, therefore we will ignore a NotFound exception
|
||||||
|
try:
|
||||||
|
self.shipyard_document_staging_client.get_renderedconfigdocs()
|
||||||
|
except exceptions.NotFound:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@rbac_rule_validation.action(service="shipyard",
|
||||||
|
rules=["post_commitconfigdocs"])
|
||||||
|
@decorators.idempotent_id('200d1cbf-ca11-4b92-9cfd-6cd2a90bc919')
|
||||||
|
def test_post_commitconfigdocs(self):
|
||||||
|
with self.rbac_utils.override_role(self):
|
||||||
|
# As this is a RBAC test, we only care about whether the role has
|
||||||
|
# permission or not. Role permission is checked prior to validating
|
||||||
|
# the post body, therefore we will ignore a Conflict exception
|
||||||
|
try:
|
||||||
|
self.shipyard_document_staging_client.post_commitconfigdocs()
|
||||||
|
except exceptions.Conflict:
|
||||||
|
pass
|
||||||
|
Loading…
Reference in New Issue
Block a user