Browse Source

Set clustertemplate:publish to admin only

Set the clustertemplate:publish policy to be admin only by default -
currently it is admin_or_user, which means any openstack user can create
a public cluster template.

Update tests for bay model and cluster template, splitting tests
requiring admin credentials into a separate class.

Change-Id: I0bfb57c569863f1ecf7d697cd5ac161a9a710432
Closes-Bug: #1687887
(cherry picked from commit 12052b1253)
Ricardo Rocha 2 years ago
parent
commit
bf8a7d986a

+ 2
- 2
etc/magnum/policy.json View File

@@ -20,7 +20,7 @@
20 20
     "baymodel:get": "rule:deny_cluster_user",
21 21
     "baymodel:get_all": "rule:deny_cluster_user",
22 22
     "baymodel:update": "rule:deny_cluster_user",
23
-    "baymodel:publish": "rule:admin_or_owner",
23
+    "baymodel:publish": "rule:admin_api",
24 24
 
25 25
     "cluster:create": "rule:deny_cluster_user",
26 26
     "cluster:delete": "rule:deny_cluster_user",
@@ -35,7 +35,7 @@
35 35
     "clustertemplate:get": "rule:deny_cluster_user",
36 36
     "clustertemplate:get_all": "rule:deny_cluster_user",
37 37
     "clustertemplate:update": "rule:deny_cluster_user",
38
-    "clustertemplate:publish": "rule:admin_or_owner",
38
+    "clustertemplate:publish": "rule:admin_api",
39 39
 
40 40
     "quotas:get": "rule:default",
41 41
     "quotas:get_all": "rule:admin_api",

+ 6
- 12
magnum/tests/functional/api/v1/test_baymodel.py View File

@@ -75,11 +75,9 @@ class BayModelTest(base.BaseTempestTest):
75 75
     @testtools.testcase.attr('positive')
76 76
     def test_create_get_public_baymodel(self):
77 77
         gen_model = datagen.valid_swarm_baymodel(is_public=True)
78
-        resp, model = self._create_baymodel(gen_model)
79
-
80
-        resp, model = self.baymodel_client.get_baymodel(model.uuid)
81
-        self.assertEqual(200, resp.status)
82
-        self.assertTrue(model.public)
78
+        self.assertRaises(
79
+            exceptions.Forbidden,
80
+            self.baymodel_client.post_baymodel, gen_model)
83 81
 
84 82
     @testtools.testcase.attr('positive')
85 83
     def test_update_baymodel_public_by_uuid(self):
@@ -88,13 +86,9 @@ class BayModelTest(base.BaseTempestTest):
88 86
         resp, old_model = self._create_baymodel(gen_model)
89 87
 
90 88
         patch_model = datagen.baymodel_replace_patch_data(path, value=True)
91
-        resp, new_model = self.baymodel_client.patch_baymodel(
92
-            old_model.uuid, patch_model)
93
-        self.assertEqual(200, resp.status)
94
-
95
-        resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
96
-        self.assertEqual(200, resp.status)
97
-        self.assertTrue(model.public)
89
+        self.assertRaises(
90
+            exceptions.Forbidden,
91
+            self.baymodel_client.patch_baymodel, old_model.uuid, patch_model)
98 92
 
99 93
     @testtools.testcase.attr('positive')
100 94
     def test_update_baymodel_by_uuid(self):

+ 80
- 0
magnum/tests/functional/api/v1/test_baymodel_admin.py View File

@@ -0,0 +1,80 @@
1
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+# not use this file except in compliance with the License. You may obtain
3
+# a copy of the License at
4
+#
5
+# http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+# Unless required by applicable law or agreed to in writing, software
8
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+# License for the specific language governing permissions and limitations
11
+# under the License.
12
+
13
+
14
+import testtools
15
+
16
+from magnum.tests.functional.api import base
17
+from magnum.tests.functional.common import datagen
18
+
19
+
20
+class BayModelAdminTest(base.BaseTempestTest):
21
+
22
+    """Tests for baymodel admin operations."""
23
+
24
+    def __init__(self, *args, **kwargs):
25
+        super(BayModelAdminTest, self).__init__(*args, **kwargs)
26
+        self.baymodels = []
27
+        self.baymodel_client = None
28
+        self.keypairs_client = None
29
+
30
+    def setUp(self):
31
+        try:
32
+            super(BayModelAdminTest, self).setUp()
33
+            (self.baymodel_client,
34
+             self.keypairs_client) = self.get_clients_with_new_creds(
35
+                 type_of_creds='admin',
36
+                 request_type='baymodel')
37
+        except Exception:
38
+            self.tearDown()
39
+            raise
40
+
41
+    def tearDown(self):
42
+        for baymodel_id in self.baymodels:
43
+            self._delete_baymodel(baymodel_id)
44
+            self.baymodels.remove(baymodel_id)
45
+        super(BayModelAdminTest, self).tearDown()
46
+
47
+    def _create_baymodel(self, baymodel_model):
48
+        resp, model = self.baymodel_client.post_baymodel(baymodel_model)
49
+        self.assertEqual(201, resp.status)
50
+        self.baymodels.append(model.uuid)
51
+        return resp, model
52
+
53
+    def _delete_baymodel(self, baymodel_id):
54
+        resp, model = self.baymodel_client.delete_baymodel(baymodel_id)
55
+        self.assertEqual(204, resp.status)
56
+        return resp, model
57
+
58
+    @testtools.testcase.attr('positive')
59
+    def test_create_get_public_baymodel(self):
60
+        gen_model = datagen.valid_swarm_baymodel(is_public=True)
61
+        resp, model = self._create_baymodel(gen_model)
62
+
63
+        resp, model = self.baymodel_client.get_baymodel(model.uuid)
64
+        self.assertEqual(200, resp.status)
65
+        self.assertTrue(model.public)
66
+
67
+    @testtools.testcase.attr('positive')
68
+    def test_update_baymodel_public_by_uuid(self):
69
+        path = "/public"
70
+        gen_model = datagen.baymodel_data_with_valid_keypair_image_flavor()
71
+        resp, old_model = self._create_baymodel(gen_model)
72
+
73
+        patch_model = datagen.baymodel_replace_patch_data(path, value=True)
74
+        resp, new_model = self.baymodel_client.patch_baymodel(
75
+            old_model.uuid, patch_model)
76
+        self.assertEqual(200, resp.status)
77
+
78
+        resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
79
+        self.assertEqual(200, resp.status)
80
+        self.assertTrue(model.public)

+ 6
- 13
magnum/tests/functional/api/v1/test_cluster_template.py View File

@@ -80,12 +80,9 @@ class ClusterTemplateTest(base.BaseTempestTest):
80 80
     @testtools.testcase.attr('positive')
81 81
     def test_create_get_public_cluster_template(self):
82 82
         gen_model = datagen.valid_swarm_cluster_template(is_public=True)
83
-        resp, model = self._create_cluster_template(gen_model)
84
-
85
-        resp, model = \
86
-            self.cluster_template_client.get_cluster_template(model.uuid)
87
-        self.assertEqual(200, resp.status)
88
-        self.assertTrue(model.public)
83
+        self.assertRaises(
84
+            exceptions.Forbidden,
85
+            self.cluster_template_client.post_cluster_template, gen_model)
89 86
 
90 87
     @testtools.testcase.attr('positive')
91 88
     def test_update_cluster_template_public_by_uuid(self):
@@ -96,14 +93,10 @@ class ClusterTemplateTest(base.BaseTempestTest):
96 93
 
97 94
         patch_model = datagen.cluster_template_replace_patch_data(path,
98 95
                                                                   value=True)
99
-        resp, new_model = self.cluster_template_client.patch_cluster_template(
96
+        self.assertRaises(
97
+            exceptions.Forbidden,
98
+            self.cluster_template_client.patch_cluster_template,
100 99
             old_model.uuid, patch_model)
101
-        self.assertEqual(200, resp.status)
102
-
103
-        resp, model = self.cluster_template_client.get_cluster_template(
104
-            new_model.uuid)
105
-        self.assertEqual(200, resp.status)
106
-        self.assertTrue(model.public)
107 100
 
108 101
     @testtools.testcase.attr('positive')
109 102
     def test_update_cluster_template_by_uuid(self):

+ 86
- 0
magnum/tests/functional/api/v1/test_cluster_template_admin.py View File

@@ -0,0 +1,86 @@
1
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+# not use this file except in compliance with the License. You may obtain
3
+# a copy of the License at
4
+#
5
+# http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+# Unless required by applicable law or agreed to in writing, software
8
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+# License for the specific language governing permissions and limitations
11
+# under the License.
12
+
13
+
14
+import testtools
15
+
16
+from magnum.tests.functional.api import base
17
+from magnum.tests.functional.common import datagen
18
+
19
+
20
+class ClusterTemplateAdminTest(base.BaseTempestTest):
21
+
22
+    """Tests for clustertemplate admin operations."""
23
+
24
+    def __init__(self, *args, **kwargs):
25
+        super(ClusterTemplateAdminTest, self).__init__(*args, **kwargs)
26
+        self.cluster_templates = []
27
+        self.cluster_template_client = None
28
+        self.keypairs_client = None
29
+
30
+    def setUp(self):
31
+        try:
32
+            super(ClusterTemplateAdminTest, self).setUp()
33
+            (self.cluster_template_client,
34
+             self.keypairs_client) = self.get_clients_with_new_creds(
35
+                 type_of_creds='admin',
36
+                 request_type='cluster_template')
37
+        except Exception:
38
+            self.tearDown()
39
+            raise
40
+
41
+    def tearDown(self):
42
+        for cluster_template_id in self.cluster_templates:
43
+            self._delete_cluster_template(cluster_template_id)
44
+            self.cluster_templates.remove(cluster_template_id)
45
+        super(ClusterTemplateAdminTest, self).tearDown()
46
+
47
+    def _create_cluster_template(self, cmodel_model):
48
+        resp, model = \
49
+            self.cluster_template_client.post_cluster_template(cmodel_model)
50
+        self.assertEqual(201, resp.status)
51
+        self.cluster_templates.append(model.uuid)
52
+        return resp, model
53
+
54
+    def _delete_cluster_template(self, model_id):
55
+        resp, model = \
56
+            self.cluster_template_client.delete_cluster_template(model_id)
57
+        self.assertEqual(204, resp.status)
58
+        return resp, model
59
+
60
+    @testtools.testcase.attr('positive')
61
+    def test_create_get_public_cluster_template(self):
62
+        gen_model = datagen.valid_swarm_cluster_template(is_public=True)
63
+        resp, model = self._create_cluster_template(gen_model)
64
+
65
+        resp, model = \
66
+            self.cluster_template_client.get_cluster_template(model.uuid)
67
+        self.assertEqual(200, resp.status)
68
+        self.assertTrue(model.public)
69
+
70
+    @testtools.testcase.attr('positive')
71
+    def test_update_cluster_template_public_by_uuid(self):
72
+        path = "/public"
73
+        gen_model = \
74
+            datagen.cluster_template_data_with_valid_keypair_image_flavor()
75
+        resp, old_model = self._create_cluster_template(gen_model)
76
+
77
+        patch_model = datagen.cluster_template_replace_patch_data(path,
78
+                                                                  value=True)
79
+        resp, new_model = self.cluster_template_client.patch_cluster_template(
80
+            old_model.uuid, patch_model)
81
+        self.assertEqual(200, resp.status)
82
+
83
+        resp, model = self.cluster_template_client.get_cluster_template(
84
+            new_model.uuid)
85
+        self.assertEqual(200, resp.status)
86
+        self.assertTrue(model.public)

Loading…
Cancel
Save