openstack/manila-tempest-plugin
Code Issues Proposed changes

Merge "[RBAC] Generate unique cephx IDs for each operation in tests"

Browse Source
This commit is contained in:
Zuul 2024-12-13 01:08:11 +00:00 committed by Gerrit Code Review
commit 1e8acf1170
1 changed files with 32 additions and 86 deletions

118
manila_tempest_tests/tests/rbac/test_rules.py

@ -58,10 +58,10 @@ class ShareRbacRulesTests(rbac_base.ShareRbacBaseTests, metaclass=abc.ABCMeta):
access['access_level'] = access_level access['access_level'] = access_level
return access return access
def allow_access(self, client, share_id, access_type, access_to, def allow_access(self, client, share_id, access_level='rw', metadata=None,
access_level='rw', metadata=None, status='active', status='active', cleanup=True):
cleanup=True): access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
kwargs = { kwargs = {
'access_type': access_type, 'access_type': access_type,
'access_to': access_to, 'access_to': access_to,
@ -127,35 +127,27 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('5b6897d1-4b2a-490c-990e-941ea4893f47') @decorators.idempotent_id('5b6897d1-4b2a-490c-990e-941ea4893f47')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_get_access(self): def test_get_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'get_access_rule', expected_status=200, access_id=access['id']) 'get_access_rule', expected_status=200, access_id=access['id'])
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'get_access_rule', expected_status=200, access_id=alt_access['id']) 'get_access_rule', expected_status=200, access_id=alt_access['id'])
@decorators.idempotent_id('f8e9a2bb-ccff-4fc5-8d61-2930f87406cd') @decorators.idempotent_id('f8e9a2bb-ccff-4fc5-8d61-2930f87406cd')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_list_access(self): def test_list_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'])
access_type=access_type, access_to=access_to)
access_list = self.do_request( access_list = self.do_request(
'list_access_rules', expected_status=200, 'list_access_rules', expected_status=200,
share_id=self.share['id'])['access_list'][0]['id'] share_id=self.share['id'])['access_list'][0]['id']
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
alt_access_list = self.do_request( alt_access_list = self.do_request(
'list_access_rules', expected_status=200, 'list_access_rules', expected_status=200,
share_id=self.share['id'])['access_list'][0]['id'] share_id=self.share['id'])['access_list'][0]['id']
@ -180,6 +172,8 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
self.addCleanup( self.addCleanup(
self.client.delete_access_rule, self.share['id'], access['id']) self.client.delete_access_rule, self.share['id'], access['id'])
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
alt_access = self.do_request( alt_access = self.do_request(
'create_access_rule', expected_status=200, 'create_access_rule', expected_status=200,
**self.access( **self.access(
@ -197,12 +191,8 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('e24d7018-cb49-4306-9947-716b4e4250c5') @decorators.idempotent_id('e24d7018-cb49-4306-9947-716b4e4250c5')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access(self): def test_delete_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'], cleanup=False)
access_type=access_type,
access_to=access_to, cleanup=False)
self.do_request( self.do_request(
'delete_access_rule', expected_status=202, 'delete_access_rule', expected_status=202,
share_id=self.share['id'], rule_id=access['id']) share_id=self.share['id'], rule_id=access['id'])
@ -211,7 +201,6 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'],
access_type=access_type, access_to=access_to,
cleanup=False) cleanup=False)
self.do_request( self.do_request(
'delete_access_rule', expected_status=202, 'delete_access_rule', expected_status=202,
@ -222,18 +211,14 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('ffc07445-d0d1-4bf9-9fbc-4f409d48bccd') @decorators.idempotent_id('ffc07445-d0d1-4bf9-9fbc-4f409d48bccd')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_update_access_rule_metadata(self): def test_update_access_rule_metadata(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=200, 'update_access_metadata', expected_status=200,
access_id=access['id'], metadata=self.metadata) access_id=access['id'], metadata=self.metadata)
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=200, 'update_access_metadata', expected_status=200,
access_id=alt_access['id'], metadata=self.metadata) access_id=alt_access['id'], metadata=self.metadata)
@ -241,19 +226,14 @@ class TestProjectAdminTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('fd580d91-1d8d-4dd0-8484-01c412ddb768') @decorators.idempotent_id('fd580d91-1d8d-4dd0-8484-01c412ddb768')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access_rule_metadata(self): def test_delete_access_rule_metadata(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'], metadata=self.metadata)
access_type=access_type, access_to=access_to,
metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=200, 'delete_access_metadata', expected_status=200,
access_id=access['id'], key='key') access_id=access['id'], key='key')
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'],
access_type=access_type, access_to=access_to,
metadata=self.metadata) metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=200, 'delete_access_metadata', expected_status=200,
@ -276,18 +256,13 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('de643909-88a2-470b-8a14-0417696ec451') @decorators.idempotent_id('de643909-88a2-470b-8a14-0417696ec451')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_get_access(self): def test_get_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
share_client = getattr(self, 'share_member_client', self.client) share_client = getattr(self, 'share_member_client', self.client)
access = self.allow_access( access = self.allow_access(share_client, self.share['id'])
share_client, self.share['id'], access_type=access_type,
access_to=access_to)
self.do_request( self.do_request(
'get_access_rule', expected_status=200, access_id=access['id']) 'get_access_rule', expected_status=200, access_id=access['id'])
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'get_access_rule', expected_status=lib_exc.NotFound, 'get_access_rule', expected_status=lib_exc.NotFound,
access_id=alt_access['id']) access_id=alt_access['id'])
@ -295,15 +270,10 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('7c6c4262-5095-4cd7-9d9c-8064009a9055') @decorators.idempotent_id('7c6c4262-5095-4cd7-9d9c-8064009a9055')
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
def test_list_access(self): def test_list_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
share_client = getattr(self, 'share_member_client', self.client) share_client = getattr(self, 'share_member_client', self.client)
access = self.allow_access( access = self.allow_access(share_client, self.share['id'])
share_client, self.share['id'], access_type=access_type,
access_to=access_to)
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
access_list = self.do_request( access_list = self.do_request(
'list_access_rules', expected_status=200, 'list_access_rules', expected_status=200,
@ -333,6 +303,8 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
self.addCleanup( self.addCleanup(
self.client.delete_access_rule, self.share['id'], access['id']) self.client.delete_access_rule, self.share['id'], access['id'])
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
self.do_request( self.do_request(
'create_access_rule', client=share_client, 'create_access_rule', client=share_client,
expected_status=lib_exc.NotFound, expected_status=lib_exc.NotFound,
@ -341,12 +313,9 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('8665d1b1-de4c-42d4-93ff-8dc6d2b73a2d') @decorators.idempotent_id('8665d1b1-de4c-42d4-93ff-8dc6d2b73a2d')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access(self): def test_delete_access(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
share_client = getattr(self, 'share_member_client', self.client) share_client = getattr(self, 'share_member_client', self.client)
access = self.allow_access( access = self.allow_access(
share_client, self.share['id'], access_type=access_type, share_client, self.share['id'], cleanup=False)
access_to=access_to, cleanup=False)
self.do_request( self.do_request(
'delete_access_rule', expected_status=202, 'delete_access_rule', expected_status=202,
share_id=self.share['id'], rule_id=access['id']) share_id=self.share['id'], rule_id=access['id'])
@ -354,8 +323,7 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
rule_id=access['id'], share_id=self.share['id']) rule_id=access['id'], share_id=self.share['id'])
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'delete_access_rule', expected_status=lib_exc.NotFound, 'delete_access_rule', expected_status=lib_exc.NotFound,
share_id=self.alt_share['id'], rule_id=alt_access['id']) share_id=self.alt_share['id'], rule_id=alt_access['id'])
@ -363,19 +331,14 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('c5e84362-6075-425b-bfa3-898abfd9d5a0') @decorators.idempotent_id('c5e84362-6075-425b-bfa3-898abfd9d5a0')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_update_access_rule_metadata(self): def test_update_access_rule_metadata(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
share_client = getattr(self, 'share_member_client', self.client) share_client = getattr(self, 'share_member_client', self.client)
access = self.allow_access( access = self.allow_access(share_client, self.share['id'])
share_client, self.share['id'], access_type=access_type,
access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=200, 'update_access_metadata', expected_status=200,
access_id=access['id'], metadata=self.metadata) access_id=access['id'], metadata=self.metadata)
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=lib_exc.NotFound, 'update_access_metadata', expected_status=lib_exc.NotFound,
access_id=alt_access['id'], metadata=self.metadata) access_id=alt_access['id'], metadata=self.metadata)
@ -383,19 +346,15 @@ class TestProjectMemberTestsNFS(ShareRbacRulesTests, base.BaseSharesTest):
@decorators.idempotent_id('abb17315-6510-4b6e-ae6c-dd99a6088954') @decorators.idempotent_id('abb17315-6510-4b6e-ae6c-dd99a6088954')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access_rule_metadata(self): def test_delete_access_rule_metadata(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
share_client = getattr(self, 'share_member_client', self.client) share_client = getattr(self, 'share_member_client', self.client)
access = self.allow_access( access = self.allow_access(
share_client, self.share['id'], access_type=access_type, share_client, self.share['id'], metadata=self.metadata)
access_to=access_to, metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=200, 'delete_access_metadata', expected_status=200,
access_id=access['id'], key='key') access_id=access['id'], key='key')
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'],
access_type=access_type, access_to=access_to,
metadata=self.metadata) metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=lib_exc.NotFound, 'delete_access_metadata', expected_status=lib_exc.NotFound,
@ -441,6 +400,8 @@ class TestProjectReaderTestsNFS(TestProjectMemberTestsNFS):
'create_access_rule', expected_status=lib_exc.Forbidden, 'create_access_rule', expected_status=lib_exc.Forbidden,
**self.access(self.share['id'], access_type, access_to)) **self.access(self.share['id'], access_type, access_to))
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
self.do_request( self.do_request(
'create_access_rule', expected_status=lib_exc.Forbidden, 'create_access_rule', expected_status=lib_exc.Forbidden,
**self.access(self.alt_share['id'], access_type, access_to)) **self.access(self.alt_share['id'], access_type, access_to))
@ -448,18 +409,13 @@ class TestProjectReaderTestsNFS(TestProjectMemberTestsNFS):
@decorators.idempotent_id('7a702c74-8d31-49e3-859a-cc8a78d7915e') @decorators.idempotent_id('7a702c74-8d31-49e3-859a-cc8a78d7915e')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access(self): def test_delete_access(self):
access_type, access_to = ( access = self.allow_access(self.share_member_client, self.share['id'])
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access(
self.share_member_client, self.share['id'],
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'delete_access_rule', expected_status=lib_exc.Forbidden, 'delete_access_rule', expected_status=lib_exc.Forbidden,
share_id=self.share['id'], rule_id=access['id']) share_id=self.share['id'], rule_id=access['id'])
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'delete_access_rule', expected_status=lib_exc.Forbidden, 'delete_access_rule', expected_status=lib_exc.Forbidden,
share_id=self.alt_share['id'], rule_id=alt_access['id']) share_id=self.alt_share['id'], rule_id=alt_access['id'])
@ -467,18 +423,13 @@ class TestProjectReaderTestsNFS(TestProjectMemberTestsNFS):
@decorators.idempotent_id('a61d7f06-6f0e-4da3-b11d-1c3a0b5bd416') @decorators.idempotent_id('a61d7f06-6f0e-4da3-b11d-1c3a0b5bd416')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_update_access_rule_metadata(self): def test_update_access_rule_metadata(self):
access_type, access_to = ( access = self.allow_access(self.share_member_client, self.share['id'])
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access(
self.share_member_client, self.share['id'],
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=lib_exc.Forbidden, 'update_access_metadata', expected_status=lib_exc.Forbidden,
access_id=access['id'], metadata=self.metadata) access_id=access['id'], metadata=self.metadata)
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'])
access_type=access_type, access_to=access_to)
self.do_request( self.do_request(
'update_access_metadata', expected_status=lib_exc.Forbidden, 'update_access_metadata', expected_status=lib_exc.Forbidden,
access_id=alt_access['id'], metadata=self.metadata) access_id=alt_access['id'], metadata=self.metadata)
@ -486,19 +437,14 @@ class TestProjectReaderTestsNFS(TestProjectMemberTestsNFS):
@decorators.idempotent_id('5faf0e0b-b246-4392-901d-9e7d628f0d6e') @decorators.idempotent_id('5faf0e0b-b246-4392-901d-9e7d628f0d6e')
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
def test_delete_access_rule_metadata(self): def test_delete_access_rule_metadata(self):
access_type, access_to = (
utils.get_access_rule_data_from_config(self.protocol))
access = self.allow_access( access = self.allow_access(
self.share_member_client, self.share['id'], self.share_member_client, self.share['id'], metadata=self.metadata)
access_type=access_type, access_to=access_to,
metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=lib_exc.Forbidden, 'delete_access_metadata', expected_status=lib_exc.Forbidden,
access_id=access['id'], key='key') access_id=access['id'], key='key')
alt_access = self.allow_access( alt_access = self.allow_access(
self.alt_project_share_v2_client, self.alt_share['id'], self.alt_project_share_v2_client, self.alt_share['id'],
access_type=access_type, access_to=access_to,
metadata=self.metadata) metadata=self.metadata)
self.do_request( self.do_request(
'delete_access_metadata', expected_status=lib_exc.Forbidden, 'delete_access_metadata', expected_status=lib_exc.Forbidden,