b610b77df4
Currently compute security_groups_client returns Response by removing top key from Response. For example- return service_client.ResponseBody(resp, body['security_group']) As service clients are in direction to move to Tempest-lib, all service clients should return Response without any truncation. One good example is Resource pagination links which are lost with current way of return value. Resource pagination links are present in parallel (not inside) to top key of Response. This patch makes compute security_groups_client to return complete Response body. Change-Id: I8cfd1845be221ae2e3629cc79ab5fdfd14ac48d4 Implements: blueprint method-return-value-and-move-service-clients-to-lib
174 lines
7.6 KiB
Python
174 lines
7.6 KiB
Python
# Copyright 2014 NEC Corporation. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from tempest_lib import decorators
|
|
from tempest_lib import exceptions as lib_exc
|
|
|
|
from tempest.api.compute import base
|
|
from tempest.common.utils import data_utils
|
|
from tempest import config
|
|
from tempest import test
|
|
|
|
CONF = config.CONF
|
|
|
|
|
|
class QuotasAdminNegativeTestJSON(base.BaseV2ComputeAdminTest):
|
|
force_tenant_isolation = True
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(QuotasAdminNegativeTestJSON, cls).setup_clients()
|
|
cls.client = cls.os.quotas_client
|
|
cls.adm_client = cls.os_adm.quotas_client
|
|
cls.sg_client = cls.security_groups_client
|
|
cls.sgr_client = cls.security_group_rules_client
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(QuotasAdminNegativeTestJSON, cls).resource_setup()
|
|
# NOTE(afazekas): these test cases should always create and use a new
|
|
# tenant most of them should be skipped if we can't do that
|
|
cls.demo_tenant_id = cls.client.tenant_id
|
|
|
|
@test.attr(type=['negative'])
|
|
@test.idempotent_id('733abfe8-166e-47bb-8363-23dbd7ff3476')
|
|
def test_update_quota_normal_user(self):
|
|
self.assertRaises(lib_exc.Forbidden,
|
|
self.client.update_quota_set,
|
|
self.demo_tenant_id,
|
|
ram=0)
|
|
|
|
# TODO(afazekas): Add dedicated tenant to the skiped quota tests
|
|
# it can be moved into the setUpClass as well
|
|
@test.attr(type=['negative'])
|
|
@test.idempotent_id('91058876-9947-4807-9f22-f6eb17140d9b')
|
|
def test_create_server_when_cpu_quota_is_full(self):
|
|
# Disallow server creation when tenant's vcpu quota is full
|
|
quota_set = self.adm_client.show_quota_set(self.demo_tenant_id)
|
|
default_vcpu_quota = quota_set['cores']
|
|
vcpu_quota = 0 # Set the quota to zero to conserve resources
|
|
|
|
quota_set = self.adm_client.update_quota_set(self.demo_tenant_id,
|
|
force=True,
|
|
cores=vcpu_quota)
|
|
|
|
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
|
|
cores=default_vcpu_quota)
|
|
self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
|
|
self.create_test_server)
|
|
|
|
@test.attr(type=['negative'])
|
|
@test.idempotent_id('6fdd7012-584d-4327-a61c-49122e0d5864')
|
|
def test_create_server_when_memory_quota_is_full(self):
|
|
# Disallow server creation when tenant's memory quota is full
|
|
quota_set = self.adm_client.show_quota_set(self.demo_tenant_id)
|
|
default_mem_quota = quota_set['ram']
|
|
mem_quota = 0 # Set the quota to zero to conserve resources
|
|
|
|
self.adm_client.update_quota_set(self.demo_tenant_id,
|
|
force=True,
|
|
ram=mem_quota)
|
|
|
|
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
|
|
ram=default_mem_quota)
|
|
self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
|
|
self.create_test_server)
|
|
|
|
@test.attr(type=['negative'])
|
|
@test.idempotent_id('7c6be468-0274-449a-81c3-ac1c32ee0161')
|
|
def test_create_server_when_instances_quota_is_full(self):
|
|
# Once instances quota limit is reached, disallow server creation
|
|
quota_set = self.adm_client.show_quota_set(self.demo_tenant_id)
|
|
default_instances_quota = quota_set['instances']
|
|
instances_quota = 0 # Set quota to zero to disallow server creation
|
|
|
|
self.adm_client.update_quota_set(self.demo_tenant_id,
|
|
force=True,
|
|
instances=instances_quota)
|
|
self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
|
|
instances=default_instances_quota)
|
|
self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
|
|
self.create_test_server)
|
|
|
|
@decorators.skip_because(bug="1186354",
|
|
condition=CONF.service_available.neutron)
|
|
@test.idempotent_id('7c6c8f3b-2bf6-4918-b240-57b136a66aa0')
|
|
@test.services('network')
|
|
def test_security_groups_exceed_limit(self):
|
|
# Negative test: Creation Security Groups over limit should FAIL
|
|
|
|
quota_set = self.adm_client.show_quota_set(self.demo_tenant_id)
|
|
default_sg_quota = quota_set['security_groups']
|
|
|
|
# Set the quota to number of used security groups
|
|
sg_quota = self.limits_client.show_limits()['absolute'][
|
|
'totalSecurityGroupsUsed']
|
|
|
|
quota_set =\
|
|
self.adm_client.update_quota_set(self.demo_tenant_id,
|
|
force=True,
|
|
security_groups=sg_quota)
|
|
|
|
self.addCleanup(self.adm_client.update_quota_set,
|
|
self.demo_tenant_id,
|
|
security_groups=default_sg_quota)
|
|
|
|
# Check we cannot create anymore
|
|
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
|
|
# will be raised when out of quota
|
|
self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit),
|
|
self.sg_client.create_security_group,
|
|
name="sg-overlimit", description="sg-desc")
|
|
|
|
@decorators.skip_because(bug="1186354",
|
|
condition=CONF.service_available.neutron)
|
|
@test.attr(type=['negative'])
|
|
@test.idempotent_id('6e9f436d-f1ed-4f8e-a493-7275dfaa4b4d')
|
|
@test.services('network')
|
|
def test_security_groups_rules_exceed_limit(self):
|
|
# Negative test: Creation of Security Group Rules should FAIL
|
|
# when we reach limit maxSecurityGroupRules
|
|
|
|
quota_set = self.adm_client.show_quota_set(self.demo_tenant_id)
|
|
default_sg_rules_quota = quota_set['security_group_rules']
|
|
sg_rules_quota = 0 # Set the quota to zero to conserve resources
|
|
|
|
quota_set =\
|
|
self.adm_client.update_quota_set(
|
|
self.demo_tenant_id,
|
|
force=True,
|
|
security_group_rules=sg_rules_quota)
|
|
|
|
self.addCleanup(self.adm_client.update_quota_set,
|
|
self.demo_tenant_id,
|
|
security_group_rules=default_sg_rules_quota)
|
|
|
|
s_name = data_utils.rand_name('securitygroup')
|
|
s_description = data_utils.rand_name('description')
|
|
securitygroup = self.sg_client.create_security_group(
|
|
name=s_name, description=s_description)['security_group']
|
|
self.addCleanup(self.sg_client.delete_security_group,
|
|
securitygroup['id'])
|
|
|
|
secgroup_id = securitygroup['id']
|
|
ip_protocol = 'tcp'
|
|
|
|
# Check we cannot create SG rule anymore
|
|
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
|
|
# will be raised when out of quota
|
|
self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
|
|
self.sgr_client.create_security_group_rule,
|
|
parent_group_id=secgroup_id, ip_protocol=ip_protocol,
|
|
from_port=1025, to_port=1025)
|