Merge "Update roles required for testing"
This commit is contained in:
commit
f95155dc76
29
.zuul.yaml
29
.zuul.yaml
@ -42,7 +42,7 @@
|
|||||||
test-config:
|
test-config:
|
||||||
$TEMPEST_CONFIG:
|
$TEMPEST_CONFIG:
|
||||||
auth:
|
auth:
|
||||||
tempest_roles: creator
|
create_isolated_networks: False
|
||||||
image-feature-enabled:
|
image-feature-enabled:
|
||||||
# this may be removed soon, as api_v1 is false since tempest>=20
|
# this may be removed soon, as api_v1 is false since tempest>=20
|
||||||
api_v1: False
|
api_v1: False
|
||||||
@ -159,21 +159,20 @@
|
|||||||
name: barbican-tempest-plugin-simple-crypto-secure-rbac
|
name: barbican-tempest-plugin-simple-crypto-secure-rbac
|
||||||
parent: barbican-tempest-plugin-simple-crypto
|
parent: barbican-tempest-plugin-simple-crypto
|
||||||
vars:
|
vars:
|
||||||
|
devstack_localrc:
|
||||||
|
ENFORCE_SCOPE: True
|
||||||
devstack_local_conf:
|
devstack_local_conf:
|
||||||
post-config:
|
# (lpiwowar): Uncomment once this bug is resolved:
|
||||||
$BARBICAN_CONF:
|
# https://bugs.launchpad.net/barbican/+bug/2043457
|
||||||
oslo_policy:
|
# post-config:
|
||||||
enforce_new_defaults: True
|
# $BARBICAN_CONF:
|
||||||
enforce_scope: True
|
# secretstore:
|
||||||
# (lpiwowar): Uncomment once this bug is resolved:
|
# enable_multiple_secret_stores: True
|
||||||
# https://bugs.launchpad.net/barbican/+bug/2043457
|
# stores_lookup_suffix: simple_crypto
|
||||||
# secretstore:
|
# secretstore:simple_crypto:
|
||||||
# enable_multiple_secret_stores: True
|
# secret_store_plugin: store_crypto
|
||||||
# stores_lookup_suffix: simple_crypto
|
# crypto_plugin: simple_crypto
|
||||||
# secretstore:simple_crypto:
|
# global_default: true
|
||||||
# secret_store_plugin: store_crypto
|
|
||||||
# crypto_plugin: simple_crypto
|
|
||||||
# global_default: true
|
|
||||||
test-config:
|
test-config:
|
||||||
$TEMPEST_CONFIG:
|
$TEMPEST_CONFIG:
|
||||||
enforce_scope:
|
enforce_scope:
|
||||||
|
@ -61,8 +61,7 @@ class BaseKeyManagerTest(test.BaseTestCase,
|
|||||||
api_version_utils.BaseMicroversionTest):
|
api_version_utils.BaseMicroversionTest):
|
||||||
"""Base class for all api tests."""
|
"""Base class for all api tests."""
|
||||||
|
|
||||||
# Why do I have to be an admin to create secrets? No idea...
|
credentials = ['project_admin']
|
||||||
credentials = ('admin', ['service_admin', 'key-manager:service-admin'])
|
|
||||||
client_manager = clients.Clients
|
client_manager = clients.Clients
|
||||||
created_objects = {}
|
created_objects = {}
|
||||||
|
|
||||||
@ -88,8 +87,6 @@ class BaseKeyManagerTest(test.BaseTestCase,
|
|||||||
cls.secret_consumer_client = os.secret_v1_1.SecretConsumerClient()
|
cls.secret_consumer_client = os.secret_v1_1.SecretConsumerClient()
|
||||||
cls.secret_metadata_client = os.secret_v1.SecretMetadataClient()
|
cls.secret_metadata_client = os.secret_v1.SecretMetadataClient()
|
||||||
cls.version_client = os.secret_v1_1.VersionClient()
|
cls.version_client = os.secret_v1_1.VersionClient()
|
||||||
|
|
||||||
os = getattr(cls, 'os_roles_%s' % cls.credentials[1][0])
|
|
||||||
cls.quota_client = os.secret_v1.QuotaClient()
|
cls.quota_client = os.secret_v1.QuotaClient()
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
@ -16,7 +16,7 @@ from barbican_tempest_plugin.tests.api import base
|
|||||||
|
|
||||||
from tempest import config
|
from tempest import config
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
from tempest.lib import exceptions
|
|
||||||
|
|
||||||
CONF = config.CONF
|
CONF = config.CONF
|
||||||
|
|
||||||
@ -26,26 +26,19 @@ class QuotasTest(base.BaseKeyManagerTest):
|
|||||||
|
|
||||||
@decorators.idempotent_id('47ebc42b-0e53-4060-b1a1-55bee2c7c43f')
|
@decorators.idempotent_id('47ebc42b-0e53-4060-b1a1-55bee2c7c43f')
|
||||||
def test_get_effective_quota(self):
|
def test_get_effective_quota(self):
|
||||||
if CONF.enforce_scope.barbican:
|
body = self.quota_client.get_default_project_quota()
|
||||||
# This test is using key-manager:service-admin legacy
|
quotas = body.get('quotas')
|
||||||
# role. User with only this role should get a Forbidden
|
self.assertEqual(-1, quotas.get('secrets'))
|
||||||
# error when trying to get effective quotas in SRBAC
|
self.assertEqual(-1, quotas.get('cas'))
|
||||||
# environment.
|
self.assertEqual(-1, quotas.get('orders'))
|
||||||
self.assertRaises(
|
self.assertEqual(-1, quotas.get('containers'))
|
||||||
exceptions.Forbidden,
|
self.assertEqual(-1, quotas.get('consumers'))
|
||||||
self.quota_client.get_default_project_quota)
|
|
||||||
else:
|
|
||||||
body = self.quota_client.get_default_project_quota()
|
|
||||||
quotas = body.get('quotas')
|
|
||||||
self.assertEqual(-1, quotas.get('secrets'))
|
|
||||||
self.assertEqual(-1, quotas.get('cas'))
|
|
||||||
self.assertEqual(-1, quotas.get('orders'))
|
|
||||||
self.assertEqual(-1, quotas.get('containers'))
|
|
||||||
self.assertEqual(-1, quotas.get('consumers'))
|
|
||||||
|
|
||||||
|
|
||||||
class ProjectQuotasTest(base.BaseKeyManagerTest):
|
class ProjectQuotasTest(base.BaseKeyManagerTest):
|
||||||
|
|
||||||
|
credentials = ['admin', ['service_admin', 'key-manager:service-admin']]
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def skip_checks(cls):
|
def skip_checks(cls):
|
||||||
super().skip_checks()
|
super().skip_checks()
|
||||||
@ -56,6 +49,11 @@ class ProjectQuotasTest(base.BaseKeyManagerTest):
|
|||||||
raise cls.skipException("enforce_scope is enabled for barbican, "
|
raise cls.skipException("enforce_scope is enabled for barbican, "
|
||||||
"skipping project quota tests.")
|
"skipping project quota tests.")
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def setup_clients(cls):
|
||||||
|
super().setup_clients()
|
||||||
|
cls.quota_client = cls.os_roles_service_admin.secret_v1.QuotaClient()
|
||||||
|
|
||||||
@decorators.idempotent_id('07dec492-7f19-4d94-a9d7-28c0643db1bc')
|
@decorators.idempotent_id('07dec492-7f19-4d94-a9d7-28c0643db1bc')
|
||||||
def test_manage_project_quotas(self):
|
def test_manage_project_quotas(self):
|
||||||
# Confirm that there are no quotas
|
# Confirm that there are no quotas
|
||||||
|
Loading…
x
Reference in New Issue
Block a user