diff --git a/glance/tests/functional/v2/metadef_base.py b/glance/tests/functional/v2/metadef_base.py index 9c4b838994..bbc58bac5b 100644 --- a/glance/tests/functional/v2/metadef_base.py +++ b/glance/tests/functional/v2/metadef_base.py @@ -11,6 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +from oslo_utils.fixture import uuidsentinel as uuids import requests from glance.tests import functional @@ -19,6 +20,11 @@ from glance.tests import functional class MetadefFunctionalTestBase(functional.FunctionalTest): """A basic set of assertions and utilities for testing the metadef API.""" + def setUp(self): + super().setUp() + self.tenant1 = uuids.owner1 + self.tenant2 = uuids.owner2 + def assertNamespacesEqual(self, actual, expected): """Assert two namespace dictionaries are the same.""" actual.pop('created_at', None) diff --git a/glance/tests/functional/v2/test_metadef_namespaces.py b/glance/tests/functional/v2/test_metadef_namespaces.py index 1687f258aa..aa4fed316f 100644 --- a/glance/tests/functional/v2/test_metadef_namespaces.py +++ b/glance/tests/functional/v2/test_metadef_namespaces.py @@ -13,17 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -import uuid - from oslo_serialization import jsonutils import requests from six.moves import http_client as http from glance.tests.functional.v2 import metadef_base -TENANT1 = str(uuid.uuid4()) -TENANT2 = str(uuid.uuid4()) - class TestNamespaces(metadef_base.MetadefFunctionalTestBase): @@ -41,7 +36,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): 'X-Identity-Status': 'Confirmed', 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96', 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e', - 'X-Tenant-Id': TENANT1, + 'X-Tenant-Id': self.tenant1, 'X-Roles': 'admin', } base_headers.update(custom_headers or {}) @@ -90,7 +85,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): "description": "My description", "visibility": "private", "protected": False, - "owner": TENANT1, + "owner": self.tenant1, "self": "/v2/metadefs/namespaces/%s" % namespace_name, "schema": "/v2/schemas/metadefs/namespace" } @@ -107,7 +102,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): namespace = jsonutils.loads(response.text) self.assertEqual(namespace_name, namespace['namespace']) self.assertNotIn('object', namespace) - self.assertEqual(TENANT1, namespace['owner']) + self.assertEqual(self.tenant1, namespace['owner']) self.assertEqual('private', namespace['visibility']) self.assertFalse(namespace['protected']) @@ -123,7 +118,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): "description": "description-UPDATED", "visibility": "private", # Not changed "protected": True, - "owner": TENANT2 + "owner": self.tenant2 } ) response = requests.put(path, headers=headers, data=data) @@ -136,7 +131,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): self.assertEqual('description-UPDATED', namespace['description']) self.assertEqual('private', namespace['visibility']) self.assertTrue(namespace['protected']) - self.assertEqual(TENANT2, namespace['owner']) + self.assertEqual(self.tenant2, namespace['owner']) # Updates should persist across requests path = self._url('/v2/metadefs/namespaces/%s' % namespace_name) @@ -148,7 +143,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): self.assertEqual('description-UPDATED', namespace['description']) self.assertEqual('private', namespace['visibility']) self.assertTrue(namespace['protected']) - self.assertEqual(TENANT2, namespace['owner']) + self.assertEqual(self.tenant2, namespace['owner']) # Deletion should not work on protected namespaces path = self._url('/v2/metadefs/namespaces/%s' % namespace_name) @@ -165,7 +160,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): "description": "My description", "visibility": "public", "protected": False, - "owner": TENANT2 + "owner": self.tenant2 } data = jsonutils.dumps(doc) response = requests.put(path, headers=headers, data=data) @@ -278,7 +273,7 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): path = self._url('/v2/metadefs/namespaces') headers = self._headers({'content-type': 'application/json'}) tenant_namespaces = dict() - for tenant in [TENANT1, TENANT2]: + for tenant in [self.tenant1, self.tenant2]: headers['X-Tenant-Id'] = tenant for visibility in ['public', 'private']: namespace_data = { @@ -300,16 +295,18 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): expected_namespaces = [] for x in tenant_namespaces[tenant]: expected_namespaces.append(x['namespace']) - if tenant == TENANT1: + if tenant == self.tenant1: expected_namespaces.append( - tenant_namespaces[TENANT2][0]['namespace']) + tenant_namespaces[self.tenant2][0]['namespace']) else: expected_namespaces.append( - tenant_namespaces[TENANT1][0]['namespace']) + tenant_namespaces[self.tenant1][0]['namespace']) return expected_namespaces - for tenant in [TENANT1, TENANT2]: + # Check Tenant 1 and Tenant 2 will be able to see total 3 namespaces + # (two of own and 1 public of other tenant) + for tenant in [self.tenant1, self.tenant2]: path = self._url('/v2/metadefs/namespaces') headers = self._headers({'X-Tenant-Id': tenant, 'X-Roles': 'reader,member'}) @@ -335,13 +332,16 @@ class TestNamespaces(metadef_base.MetadefFunctionalTestBase): # Check Tenant 1 can access public namespace and cannot access private # namespace of Tenant 2 - _check_namespace_access(tenant_namespaces[TENANT2], TENANT1) + _check_namespace_access(tenant_namespaces[self.tenant2], + self.tenant1) # Check Tenant 2 can access public namespace and cannot access private # namespace of Tenant 1 - _check_namespace_access(tenant_namespaces[TENANT1], TENANT2) + _check_namespace_access(tenant_namespaces[self.tenant1], + self.tenant2) - total_ns = tenant_namespaces[TENANT1] + tenant_namespaces[TENANT2] + total_ns = tenant_namespaces[self.tenant1] \ + + tenant_namespaces[self.tenant2] for namespace in total_ns: data = { "namespace": namespace['namespace'], diff --git a/glance/tests/functional/v2/test_metadef_objects.py b/glance/tests/functional/v2/test_metadef_objects.py index 5aa07a735c..7d0bd4030c 100644 --- a/glance/tests/functional/v2/test_metadef_objects.py +++ b/glance/tests/functional/v2/test_metadef_objects.py @@ -14,15 +14,11 @@ # limitations under the License. from oslo_serialization import jsonutils -from oslo_utils.fixture import uuidsentinel as uuids import requests from six.moves import http_client as http from glance.tests.functional.v2 import metadef_base -TENANT1 = uuids.owner1 -TENANT2 = uuids.owner2 - class TestMetadefObjects(metadef_base.MetadefFunctionalTestBase): @@ -40,7 +36,7 @@ class TestMetadefObjects(metadef_base.MetadefFunctionalTestBase): 'X-Identity-Status': 'Confirmed', 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96', 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e', - 'X-Tenant-Id': TENANT1, + 'X-Tenant-Id': self.tenant1, 'X-Roles': 'admin', } base_headers.update(custom_headers or {}) @@ -333,7 +329,7 @@ class TestMetadefObjects(metadef_base.MetadefFunctionalTestBase): headers = self._headers({'content-type': 'application/json'}) tenant1_namespaces = [] tenant2_namespaces = [] - for tenant in [TENANT1, TENANT2]: + for tenant in [self.tenant1, self.tenant2]: headers['X-Tenant-Id'] = tenant for visibility in ['public', 'private']: namespace_data = { @@ -346,7 +342,7 @@ class TestMetadefObjects(metadef_base.MetadefFunctionalTestBase): namespace = self.create_namespace(path, headers, namespace_data) self.assertNamespacesEqual(namespace, namespace_data) - if tenant == TENANT1: + if tenant == self.tenant1: tenant1_namespaces.append(namespace) else: tenant2_namespaces.append(namespace) @@ -384,11 +380,11 @@ class TestMetadefObjects(metadef_base.MetadefFunctionalTestBase): # Check Tenant 1 can access objects of all public namespace # and cannot access object of private namespace of Tenant 2 - _check_object_access(tenant2_objects, TENANT1) + _check_object_access(tenant2_objects, self.tenant1) # Check Tenant 2 can access objects of public namespace and # cannot access objects of private namespace of Tenant 1 - _check_object_access(tenant1_objects, TENANT2) + _check_object_access(tenant1_objects, self.tenant2) # Update objects with admin and non admin role total_objects = tenant1_objects + tenant2_objects diff --git a/glance/tests/functional/v2/test_metadef_properties.py b/glance/tests/functional/v2/test_metadef_properties.py index 4853ec0d3c..bd7b26da2e 100644 --- a/glance/tests/functional/v2/test_metadef_properties.py +++ b/glance/tests/functional/v2/test_metadef_properties.py @@ -14,15 +14,11 @@ # limitations under the License. from oslo_serialization import jsonutils -from oslo_utils.fixture import uuidsentinel as uuids import requests from six.moves import http_client as http from glance.tests.functional.v2 import metadef_base -TENANT1 = uuids.owner1 -TENANT2 = uuids.owner2 - class TestNamespaceProperties(metadef_base.MetadefFunctionalTestBase): @@ -40,7 +36,7 @@ class TestNamespaceProperties(metadef_base.MetadefFunctionalTestBase): 'X-Identity-Status': 'Confirmed', 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96', 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e', - 'X-Tenant-Id': TENANT1, + 'X-Tenant-Id': self.tenant1, 'X-Roles': 'admin', } base_headers.update(custom_headers or {}) @@ -266,7 +262,7 @@ class TestNamespaceProperties(metadef_base.MetadefFunctionalTestBase): headers = self._headers({'content-type': 'application/json'}) tenant1_namespaces = [] tenant2_namespaces = [] - for tenant in [TENANT1, TENANT2]: + for tenant in [self.tenant1, self.tenant2]: headers['X-Tenant-Id'] = tenant for visibility in ['public', 'private']: namespace_data = { @@ -279,7 +275,7 @@ class TestNamespaceProperties(metadef_base.MetadefFunctionalTestBase): namespace = self.create_namespace(path, headers, namespace_data) self.assertNamespacesEqual(namespace, namespace_data) - if tenant == TENANT1: + if tenant == self.tenant1: tenant1_namespaces.append(namespace) else: tenant2_namespaces.append(namespace) @@ -321,11 +317,11 @@ class TestNamespaceProperties(metadef_base.MetadefFunctionalTestBase): # Check Tenant 1 can access properties of all public namespace # and cannot access properties of private namespace of Tenant 2 - _check_properties_access(tenant2_properties, TENANT1) + _check_properties_access(tenant2_properties, self.tenant1) # Check Tenant 2 can access properties of public namespace and # cannot access properties of private namespace of Tenant 1 - _check_properties_access(tenant1_properties, TENANT2) + _check_properties_access(tenant1_properties, self.tenant2) # Update properties with admin and non admin role total_properties = tenant1_properties + tenant2_properties diff --git a/glance/tests/functional/v2/test_metadef_resourcetypes.py b/glance/tests/functional/v2/test_metadef_resourcetypes.py index b2509c1612..b1769747af 100644 --- a/glance/tests/functional/v2/test_metadef_resourcetypes.py +++ b/glance/tests/functional/v2/test_metadef_resourcetypes.py @@ -14,15 +14,11 @@ # limitations under the License. from oslo_serialization import jsonutils -from oslo_utils.fixture import uuidsentinel as uuids import requests from six.moves import http_client as http from glance.tests.functional.v2 import metadef_base -TENANT1 = uuids.owner1 -TENANT2 = uuids.owner2 - class TestMetadefResourceTypes(metadef_base.MetadefFunctionalTestBase): @@ -40,7 +36,7 @@ class TestMetadefResourceTypes(metadef_base.MetadefFunctionalTestBase): 'X-Identity-Status': 'Confirmed', 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96', 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e', - 'X-Tenant-Id': TENANT1, + 'X-Tenant-Id': self.tenant1, 'X-Roles': 'admin', } base_headers.update(custom_headers or {}) @@ -174,7 +170,7 @@ class TestMetadefResourceTypes(metadef_base.MetadefFunctionalTestBase): headers = self._headers({'content-type': 'application/json'}) tenant1_namespaces = [] tenant2_namespaces = [] - for tenant in [TENANT1, TENANT2]: + for tenant in [self.tenant1, self.tenant2]: headers['X-Tenant-Id'] = tenant for visibility in ['public', 'private']: namespace_data = { @@ -187,7 +183,7 @@ class TestMetadefResourceTypes(metadef_base.MetadefFunctionalTestBase): namespace = self.create_namespace(path, headers, namespace_data) self.assertNamespacesEqual(namespace, namespace_data) - if tenant == TENANT1: + if tenant == self.tenant1: tenant1_namespaces.append(namespace) else: tenant2_namespaces.append(namespace) @@ -229,17 +225,17 @@ class TestMetadefResourceTypes(metadef_base.MetadefFunctionalTestBase): # Check Tenant 1 can access resource types of all public namespace # and cannot access resource type of private namespace of Tenant 2 - _check_resource_type_access(tenant2_namespaces, TENANT1) + _check_resource_type_access(tenant2_namespaces, self.tenant1) # Check Tenant 2 can access public namespace and cannot access private # namespace of Tenant 1 - _check_resource_type_access(tenant1_namespaces, TENANT2) + _check_resource_type_access(tenant1_namespaces, self.tenant2) # List all resource type irrespective of namespace & tenant are # accessible non admin roles total_resource_types = tenant1_resource_types + tenant2_resource_types - _check_resource_types(TENANT1, total_resource_types) - _check_resource_types(TENANT2, total_resource_types) + _check_resource_types(self.tenant1, total_resource_types) + _check_resource_types(self.tenant2, total_resource_types) # Disassociate resource type should not be allowed to non admin role for resource_type in total_resource_types: diff --git a/glance/tests/functional/v2/test_metadef_tags.py b/glance/tests/functional/v2/test_metadef_tags.py index 35e49dcd06..632a8724e2 100644 --- a/glance/tests/functional/v2/test_metadef_tags.py +++ b/glance/tests/functional/v2/test_metadef_tags.py @@ -14,15 +14,11 @@ # limitations under the License. from oslo_serialization import jsonutils -from oslo_utils.fixture import uuidsentinel as uuids import requests from six.moves import http_client as http from glance.tests.functional.v2 import metadef_base -TENANT1 = uuids.owner1 -TENANT2 = uuids.owner2 - class TestMetadefTags(metadef_base.MetadefFunctionalTestBase): @@ -40,7 +36,7 @@ class TestMetadefTags(metadef_base.MetadefFunctionalTestBase): 'X-Identity-Status': 'Confirmed', 'X-Auth-Token': '932c5c84-02ac-4fe5-a9ba-620af0e2bb96', 'X-User-Id': 'f9a41d13-0c13-47e9-bee2-ce4e8bfe958e', - 'X-Tenant-Id': TENANT1, + 'X-Tenant-Id': self.tenant1, 'X-Roles': 'admin', } base_headers.update(custom_headers or {}) @@ -212,7 +208,7 @@ class TestMetadefTags(metadef_base.MetadefFunctionalTestBase): headers = self._headers({'content-type': 'application/json'}) tenant1_namespaces = [] tenant2_namespaces = [] - for tenant in [TENANT1, TENANT2]: + for tenant in [self.tenant1, self.tenant2]: headers['X-Tenant-Id'] = tenant for visibility in ['public', 'private']: namespace_data = { @@ -225,7 +221,7 @@ class TestMetadefTags(metadef_base.MetadefFunctionalTestBase): namespace = self.create_namespace(path, headers, namespace_data) self.assertNamespacesEqual(namespace, namespace_data) - if tenant == TENANT1: + if tenant == self.tenant1: tenant1_namespaces.append(namespace) else: tenant2_namespaces.append(namespace) @@ -266,11 +262,11 @@ class TestMetadefTags(metadef_base.MetadefFunctionalTestBase): # Check Tenant 1 can access tags of all public namespace # and cannot access tags of private namespace of Tenant 2 - _check_tag_access(tenant2_tags, TENANT1) + _check_tag_access(tenant2_tags, self.tenant1) # Check Tenant 2 can access tags of public namespace and # cannot access tags of private namespace of Tenant 1 - _check_tag_access(tenant1_tags, TENANT2) + _check_tag_access(tenant1_tags, self.tenant2) # Update tags with admin and non admin role total_tags = tenant1_tags + tenant2_tags