openstack/designate
Code Issues Proposed changes
Files
c2e51939b43afcdc20e24f86595655bf588a81a0
designate/designate/tests/test_api/test_v2/test_quotas.py
Michael Johnson c2e51939b4 Update designate for RBAC "direction change" 
The RBAC goal has changed[1] and system scope is no longer going to be
used. This patch updates Designate to align to this change in direction
by removing the system scope from the policies.
It also updates the functional tests to be ready for the switch to using
the new keystone roles by default.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change

Depends-On: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/879111
Change-Id: I1937e215dbd072b0a095df659c75f17a3f48c937
2023-03-31 00:38:50 +00:00

150 lines
4.7 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_log import log as logging
from designate.tests.test_api.test_v2 import ApiV2TestCase
LOG = logging.getLogger(__name__)
class ApiV2QuotasTest(ApiV2TestCase):
def setUp(self):
super(ApiV2QuotasTest, self).setUp()
def test_get_quotas(self):
self.config(quota_api_export_size=1)
result = self.client.get('/quotas/a', status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
self.assertEqual(
{
'zones': 10,
'zone_recordsets': 500,
'zone_records': 500,
'recordset_records': 20,
'api_export_size': 1
},
result.json
)
def test_get_all_quotas(self):
self.config(quota_zone_recordsets=1)
result = self.client.get('/quotas', status=200,
headers={'X-Test-Role': 'member'})
self.assertEqual(
{
'api_export_size': 1000,
'recordset_records': 20,
'zone_records': 500,
'zone_recordsets': 1,
'zones': 10
},
result.json
)
def test_set_quotas(self):
self.policy({'set_quota': '@'})
self.client.patch_json('/quotas/a', {'zones': 123}, status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
result = self.client.get('/quotas/a', status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
self.assertEqual(
{
'zones': 123,
'zone_recordsets': 500,
'zone_records': 500,
'recordset_records': 20,
'api_export_size': 1000
},
result.json
)
def test_set_quotas_with_verify_project_id(self):
self.config(
quotas_verify_project_id=True,
group='service:api'
)
self.policy({'set_quota': '@'})
self.client.patch_json('/quotas/a', {'zones': 123}, status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
result = self.client.get('/quotas/a', status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
self.assertEqual(
{
'zones': 123,
'zone_recordsets': 500,
'zone_records': 500,
'recordset_records': 20,
'api_export_size': 1000
},
result.json
)
def test_delete_quotas(self):
self.config(quota_zone_records=1)
self.policy({'set_quota': '@'})
# Update recordset_records quota.
result = self.client.patch_json(
'/quotas/a', {'recordset_records': 123},
status=200, headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'}
)
self.assertEqual(
{
'zones': 10,
'zone_recordsets': 500,
'zone_records': 1,
'recordset_records': 123,
'api_export_size': 1000
},
result.json
)
# Delete quota.
self.client.delete('/quotas/a', status=204,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
# Make sure we are back to the default quotas.
result = self.client.get('/quotas/a', status=200,
headers={'X-Test-Tenant-Id': 'a',
'X-Test-Role': 'member'})
self.assertEqual(
{
'zones': 10,
'zone_recordsets': 500,
'zone_records': 1,
'recordset_records': 20,
'api_export_size': 1000
},
result.json
)
View Git Blame Copy Permalink