Quellcode durchsuchen

Set clustertemplate:publish to admin only

Set the clustertemplate:publish policy to be admin only by default -
currently it is admin_or_user, which means any openstack user can create
a public cluster template.

Update tests for bay model and cluster template, splitting tests
requiring admin credentials into a separate class.

Change-Id: I0bfb57c569863f1ecf7d697cd5ac161a9a710432
Closes-Bug: #1687887
(cherry picked from commit 12052b1253)
tags/4.1.2
Ricardo Rocha vor 2 Jahren
Ursprung
Commit
bf8a7d986a

+ 2
- 2
etc/magnum/policy.json Datei anzeigen

@@ -20,7 +20,7 @@
"baymodel:get": "rule:deny_cluster_user",
"baymodel:get_all": "rule:deny_cluster_user",
"baymodel:update": "rule:deny_cluster_user",
"baymodel:publish": "rule:admin_or_owner",
"baymodel:publish": "rule:admin_api",

"cluster:create": "rule:deny_cluster_user",
"cluster:delete": "rule:deny_cluster_user",
@@ -35,7 +35,7 @@
"clustertemplate:get": "rule:deny_cluster_user",
"clustertemplate:get_all": "rule:deny_cluster_user",
"clustertemplate:update": "rule:deny_cluster_user",
"clustertemplate:publish": "rule:admin_or_owner",
"clustertemplate:publish": "rule:admin_api",

"quotas:get": "rule:default",
"quotas:get_all": "rule:admin_api",

+ 6
- 12
magnum/tests/functional/api/v1/test_baymodel.py Datei anzeigen

@@ -75,11 +75,9 @@ class BayModelTest(base.BaseTempestTest):
@testtools.testcase.attr('positive')
def test_create_get_public_baymodel(self):
gen_model = datagen.valid_swarm_baymodel(is_public=True)
resp, model = self._create_baymodel(gen_model)

resp, model = self.baymodel_client.get_baymodel(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.baymodel_client.post_baymodel, gen_model)

@testtools.testcase.attr('positive')
def test_update_baymodel_public_by_uuid(self):
@@ -88,13 +86,9 @@ class BayModelTest(base.BaseTempestTest):
resp, old_model = self._create_baymodel(gen_model)

patch_model = datagen.baymodel_replace_patch_data(path, value=True)
resp, new_model = self.baymodel_client.patch_baymodel(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)

resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.baymodel_client.patch_baymodel, old_model.uuid, patch_model)

@testtools.testcase.attr('positive')
def test_update_baymodel_by_uuid(self):

+ 80
- 0
magnum/tests/functional/api/v1/test_baymodel_admin.py Datei anzeigen

@@ -0,0 +1,80 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


import testtools

from magnum.tests.functional.api import base
from magnum.tests.functional.common import datagen


class BayModelAdminTest(base.BaseTempestTest):

"""Tests for baymodel admin operations."""

def __init__(self, *args, **kwargs):
super(BayModelAdminTest, self).__init__(*args, **kwargs)
self.baymodels = []
self.baymodel_client = None
self.keypairs_client = None

def setUp(self):
try:
super(BayModelAdminTest, self).setUp()
(self.baymodel_client,
self.keypairs_client) = self.get_clients_with_new_creds(
type_of_creds='admin',
request_type='baymodel')
except Exception:
self.tearDown()
raise

def tearDown(self):
for baymodel_id in self.baymodels:
self._delete_baymodel(baymodel_id)
self.baymodels.remove(baymodel_id)
super(BayModelAdminTest, self).tearDown()

def _create_baymodel(self, baymodel_model):
resp, model = self.baymodel_client.post_baymodel(baymodel_model)
self.assertEqual(201, resp.status)
self.baymodels.append(model.uuid)
return resp, model

def _delete_baymodel(self, baymodel_id):
resp, model = self.baymodel_client.delete_baymodel(baymodel_id)
self.assertEqual(204, resp.status)
return resp, model

@testtools.testcase.attr('positive')
def test_create_get_public_baymodel(self):
gen_model = datagen.valid_swarm_baymodel(is_public=True)
resp, model = self._create_baymodel(gen_model)

resp, model = self.baymodel_client.get_baymodel(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

@testtools.testcase.attr('positive')
def test_update_baymodel_public_by_uuid(self):
path = "/public"
gen_model = datagen.baymodel_data_with_valid_keypair_image_flavor()
resp, old_model = self._create_baymodel(gen_model)

patch_model = datagen.baymodel_replace_patch_data(path, value=True)
resp, new_model = self.baymodel_client.patch_baymodel(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)

resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

+ 6
- 13
magnum/tests/functional/api/v1/test_cluster_template.py Datei anzeigen

@@ -80,12 +80,9 @@ class ClusterTemplateTest(base.BaseTempestTest):
@testtools.testcase.attr('positive')
def test_create_get_public_cluster_template(self):
gen_model = datagen.valid_swarm_cluster_template(is_public=True)
resp, model = self._create_cluster_template(gen_model)

resp, model = \
self.cluster_template_client.get_cluster_template(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.cluster_template_client.post_cluster_template, gen_model)

@testtools.testcase.attr('positive')
def test_update_cluster_template_public_by_uuid(self):
@@ -96,14 +93,10 @@ class ClusterTemplateTest(base.BaseTempestTest):

patch_model = datagen.cluster_template_replace_patch_data(path,
value=True)
resp, new_model = self.cluster_template_client.patch_cluster_template(
self.assertRaises(
exceptions.Forbidden,
self.cluster_template_client.patch_cluster_template,
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)

resp, model = self.cluster_template_client.get_cluster_template(
new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

@testtools.testcase.attr('positive')
def test_update_cluster_template_by_uuid(self):

+ 86
- 0
magnum/tests/functional/api/v1/test_cluster_template_admin.py Datei anzeigen

@@ -0,0 +1,86 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


import testtools

from magnum.tests.functional.api import base
from magnum.tests.functional.common import datagen


class ClusterTemplateAdminTest(base.BaseTempestTest):

"""Tests for clustertemplate admin operations."""

def __init__(self, *args, **kwargs):
super(ClusterTemplateAdminTest, self).__init__(*args, **kwargs)
self.cluster_templates = []
self.cluster_template_client = None
self.keypairs_client = None

def setUp(self):
try:
super(ClusterTemplateAdminTest, self).setUp()
(self.cluster_template_client,
self.keypairs_client) = self.get_clients_with_new_creds(
type_of_creds='admin',
request_type='cluster_template')
except Exception:
self.tearDown()
raise

def tearDown(self):
for cluster_template_id in self.cluster_templates:
self._delete_cluster_template(cluster_template_id)
self.cluster_templates.remove(cluster_template_id)
super(ClusterTemplateAdminTest, self).tearDown()

def _create_cluster_template(self, cmodel_model):
resp, model = \
self.cluster_template_client.post_cluster_template(cmodel_model)
self.assertEqual(201, resp.status)
self.cluster_templates.append(model.uuid)
return resp, model

def _delete_cluster_template(self, model_id):
resp, model = \
self.cluster_template_client.delete_cluster_template(model_id)
self.assertEqual(204, resp.status)
return resp, model

@testtools.testcase.attr('positive')
def test_create_get_public_cluster_template(self):
gen_model = datagen.valid_swarm_cluster_template(is_public=True)
resp, model = self._create_cluster_template(gen_model)

resp, model = \
self.cluster_template_client.get_cluster_template(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

@testtools.testcase.attr('positive')
def test_update_cluster_template_public_by_uuid(self):
path = "/public"
gen_model = \
datagen.cluster_template_data_with_valid_keypair_image_flavor()
resp, old_model = self._create_cluster_template(gen_model)

patch_model = datagen.cluster_template_replace_patch_data(path,
value=True)
resp, new_model = self.cluster_template_client.patch_cluster_template(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)

resp, model = self.cluster_template_client.get_cluster_template(
new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

Laden…
Abbrechen
Speichern