From 1ffe2662847e0b9f0cd5112ae8aa80da31326a9f Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 23 Jan 2024 15:13:44 -0800 Subject: [PATCH] DNM/WIP: Detect misconfig and navigate Change-Id: I483b1250835bd73fe41d7b7acf5f7a382ba6b6e8 --- ironic_tempest_plugin/tests/api/base.py | 28 +++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/ironic_tempest_plugin/tests/api/base.py b/ironic_tempest_plugin/tests/api/base.py index 6ebb162a..2fab1469 100644 --- a/ironic_tempest_plugin/tests/api/base.py +++ b/ironic_tempest_plugin/tests/api/base.py @@ -40,6 +40,9 @@ SUPPORTED_DRIVERS = ['fake', 'fake-hardware'] RESOURCE_TYPES = ['port', 'portgroup', 'node', 'volume_connector', 'volume_target', 'chassis', 'deploy_template'] +# Flag to allow us to discover a misconfiguration state and handle it. +USE_SCOPED_RBAC = None + def creates(resource): """Decorator that adds resources to the appropriate cleanup list.""" @@ -62,6 +65,7 @@ class BaseBaremetalTest(api_version_utils.BaseMicroversionTest, """Base class for Baremetal API tests.""" credentials = ['admin', 'system_admin'] + use_system_scope = None @classmethod def skip_checks(cls): @@ -81,6 +85,12 @@ class BaseBaremetalTest(api_version_utils.BaseMicroversionTest, cfg_min_version, cfg_max_version) + @classmethod + def change_to_system_client(cls): + cls.client = cls.os_system_admin.baremetal.BaremetalClient() + global USE_SCOPED_RBAC + USE_SCOPED_RBAC = True + @classmethod def setup_credentials(cls): cls.request_microversion = ( @@ -95,7 +105,8 @@ class BaseBaremetalTest(api_version_utils.BaseMicroversionTest, @classmethod def setup_clients(cls): super(BaseBaremetalTest, cls).setup_clients() - if CONF.enforce_scope.ironic: + # if CONF.enforce_scope.ironic: + if USE_SCOPED_RBAC: cls.client = cls.os_system_admin.baremetal.BaremetalClient() else: cls.client = cls.os_admin.baremetal.BaremetalClient() @@ -192,9 +203,18 @@ class BaseBaremetalTest(api_version_utils.BaseMicroversionTest, :return: A tuple with the server response and the created chassis. """ - description = description or data_utils.rand_name('test-chassis') - resp, body = cls.client.create_chassis(description=description, - **kwargs) + try: + description = description or data_utils.rand_name('test-chassis') + resp, body = cls.client.create_chassis(description=description, + **kwargs) + except lib_exc.ServerFault as e: + if 'request was made with project scope' in e: + # Server is enforcing Secure RBAC and tempest was misconfigured + cls.change_to_system_client() + resp, body = cls.client.create_chassis( + description=description, **kwargs) + else: + raise return resp, body @classmethod