Refactor public share test cases
The RBAC policy defaults to create a public share or to update an existing share to public have changed since the Stein release. [1] Let's stop assuming that regular users can perform these actions, so that manila can safely remove the policy rule deprecation support for these APIs. [1] https://review.opendev.org/634864 Change-Id: I2a647fd5871ef6bb7d1ab45db893a44a560bed72 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit is contained in:
parent
8868f18b7c
commit
a3ed445fff
|
@ -0,0 +1,106 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from testtools import testcase as tc
|
||||
|
||||
from manila_tempest_tests.tests.api import base
|
||||
|
||||
CONF = config.CONF
|
||||
LATEST_MICROVERSION = CONF.share.max_api_microversion
|
||||
|
||||
|
||||
class PublicSharesTest(base.BaseSharesMixedTest):
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(PublicSharesTest, cls).resource_setup()
|
||||
# create share_type
|
||||
share_type = cls._create_share_type()
|
||||
cls.share_type_id = share_type['id']
|
||||
|
||||
@decorators.idempotent_id('557a0474-9e30-47b4-a766-19e2afb13e66')
|
||||
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_list_shares_public_with_detail(self):
|
||||
# The default RBAC policy in manila only allows admin users with
|
||||
# system scope to create public shares since the Stein release
|
||||
public_share = self.create_share(
|
||||
name='public_share - must be visible to all projects in the cloud',
|
||||
description='public_share_desc',
|
||||
share_type_id=self.share_type_id,
|
||||
is_public=True,
|
||||
cleanup_in_class=False,
|
||||
client=self.admin_shares_v2_client,
|
||||
version=LATEST_MICROVERSION
|
||||
)
|
||||
private_share = self.create_share(
|
||||
name='private_share',
|
||||
description='private share in the primary user project',
|
||||
share_type_id=self.share_type_id,
|
||||
is_public=False,
|
||||
cleanup_in_class=False,
|
||||
version=LATEST_MICROVERSION
|
||||
)
|
||||
|
||||
params = {'is_public': True}
|
||||
shares = self.alt_shares_v2_client.list_shares_with_detail(params)
|
||||
|
||||
keys = [
|
||||
'status', 'description', 'links', 'availability_zone',
|
||||
'created_at', 'share_proto', 'name', 'snapshot_id', 'id',
|
||||
'size', 'project_id', 'is_public',
|
||||
]
|
||||
[self.assertIn(key, sh.keys()) for sh in shares for key in keys]
|
||||
|
||||
retrieved_public_share = [
|
||||
share for share in shares if share['id'] == public_share['id']
|
||||
]
|
||||
msg = 'expected id lists %s times in share list' % (
|
||||
len(retrieved_public_share))
|
||||
self.assertEqual(1, len(retrieved_public_share), msg)
|
||||
self.assertTrue(retrieved_public_share[0]['is_public'])
|
||||
|
||||
self.assertFalse(any([s['id'] == private_share['id'] for s in shares]))
|
||||
|
||||
@decorators.idempotent_id('e073182e-459d-4e08-9300-5bc964ca806b')
|
||||
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_share_set_is_public(self):
|
||||
share_name = data_utils.rand_name('tempest-share-name')
|
||||
share = self.create_share(name=share_name,
|
||||
description='a share we will update',
|
||||
share_type_id=self.share_type_id,
|
||||
is_public=False,
|
||||
cleanup_in_class=False,
|
||||
version=LATEST_MICROVERSION)
|
||||
|
||||
share = self.shares_v2_client.get_share(share['id'])
|
||||
self.assertEqual(share_name, share['name'])
|
||||
self.assertEqual('a share we will update', share['description'])
|
||||
self.assertFalse(share['is_public'])
|
||||
|
||||
# update share, manila's default RBAC only allows administrator
|
||||
# users with a system scope token to update a private share to public
|
||||
new_name = data_utils.rand_name('tempest-new-share-name')
|
||||
new_desc = 'share is now updated'
|
||||
updated = self.admin_shares_v2_client.update_share(
|
||||
share['id'], name=new_name, desc=new_desc, is_public=True)
|
||||
self.assertEqual(new_name, updated['name'])
|
||||
self.assertEqual(new_desc, updated['description'])
|
||||
self.assertTrue(updated['is_public'])
|
||||
|
||||
# this share must now be publicly accessible
|
||||
share = self.alt_shares_v2_client.get_share(share['id'])
|
||||
self.assertEqual(new_name, share['name'])
|
||||
self.assertEqual(new_desc, share['description'])
|
||||
self.assertTrue(share['is_public'])
|
|
@ -0,0 +1,84 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
from testtools import testcase as tc
|
||||
|
||||
from manila_tempest_tests.tests.api import base
|
||||
|
||||
|
||||
class PublicSharesNegativeTest(base.BaseSharesMixedTest):
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(PublicSharesNegativeTest, cls).resource_setup()
|
||||
# create share_type
|
||||
share_type = cls._create_share_type()
|
||||
share_type_id = share_type['id']
|
||||
# create a public share - manila's default RBAC only allows
|
||||
# administrator users operating at system scope to create public shares
|
||||
cls.share = cls.create_share(
|
||||
name='public_share',
|
||||
description='public_share_desc',
|
||||
share_type_id=share_type_id,
|
||||
is_public=True,
|
||||
metadata={'key': 'value'},
|
||||
client=cls.admin_shares_v2_client
|
||||
)
|
||||
|
||||
@decorators.idempotent_id('255011c0-4ed9-4174-bb13-8bbd06a62529')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_share_with_wrong_public_value(self):
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.admin_shares_v2_client.update_share,
|
||||
self.share["id"],
|
||||
is_public="truebar")
|
||||
|
||||
@decorators.idempotent_id('3443493b-f56a-4faa-9968-e7cbb0d2802f')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.update_share,
|
||||
self.share["id"],
|
||||
name="new_name")
|
||||
|
||||
@decorators.idempotent_id('68d1f1bc-16e4-4086-8982-7e44ca6bdc4d')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_delete_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.delete_share,
|
||||
self.share['id'])
|
||||
|
||||
@decorators.idempotent_id('1f9e5d84-0885-4a4b-9196-9031a1c01508')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_set_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.set_metadata,
|
||||
self.share['id'],
|
||||
{'key': 'value'})
|
||||
|
||||
@decorators.idempotent_id('fed7a935-9699-43a1-854e-67b61ba6233e')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.update_all_metadata,
|
||||
self.share['id'],
|
||||
{'key': 'value'})
|
||||
|
||||
@decorators.idempotent_id('bd62adeb-73c2-4b04-8812-80b479cd5c3b')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_delete_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.delete_metadata,
|
||||
self.share['id'],
|
||||
'key')
|
|
@ -435,40 +435,6 @@ class SharesActionsTest(base.BaseSharesMixedTest):
|
|||
shares = self.shares_v2_client.list_shares_with_detail(params)
|
||||
self.assertGreater(shares["count"], 0)
|
||||
|
||||
@decorators.idempotent_id('557a0474-9e30-47b4-a766-19e2afb13e66')
|
||||
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_list_shares_public_with_detail(self):
|
||||
public_share = self.create_share(
|
||||
name='public_share',
|
||||
description='public_share_desc',
|
||||
share_type_id=self.share_type_id,
|
||||
is_public=True,
|
||||
cleanup_in_class=False
|
||||
)
|
||||
private_share = self.create_share(
|
||||
name='private_share',
|
||||
description='private_share_desc',
|
||||
share_type_id=self.share_type_id,
|
||||
is_public=False,
|
||||
cleanup_in_class=False
|
||||
)
|
||||
|
||||
params = {"is_public": True}
|
||||
shares = self.alt_shares_client.list_shares_with_detail(params)
|
||||
|
||||
keys = [
|
||||
"status", "description", "links", "availability_zone",
|
||||
"created_at", "export_location", "share_proto",
|
||||
"name", "snapshot_id", "id", "size", "project_id", "is_public",
|
||||
]
|
||||
[self.assertIn(key, sh.keys()) for sh in shares for key in keys]
|
||||
|
||||
gen = [sid["id"] for sid in shares if sid["id"] == public_share["id"]]
|
||||
msg = "expected id lists %s times in share list" % (len(gen))
|
||||
self.assertEqual(1, len(gen), msg)
|
||||
|
||||
self.assertFalse(any([s["id"] == private_share["id"] for s in shares]))
|
||||
|
||||
@decorators.idempotent_id('174829eb-fd3e-46ef-880b-f05c3d44d1fe')
|
||||
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
|
||||
@testtools.skipUnless(CONF.share.run_snapshot_tests,
|
||||
|
@ -748,16 +714,15 @@ class SharesRenameTest(base.BaseSharesMixedTest):
|
|||
new_name = data_utils.rand_name("tempest-new-name")
|
||||
new_desc = data_utils.rand_name("tempest-new-description")
|
||||
updated = self.shares_client.update_share(
|
||||
share["id"], new_name, new_desc, is_public=True)
|
||||
share["id"], name=new_name, desc=new_desc)
|
||||
self.assertEqual(new_name, updated["name"])
|
||||
self.assertEqual(new_desc, updated["description"])
|
||||
self.assertTrue(updated["is_public"])
|
||||
|
||||
# get share
|
||||
share = self.shares_client.get_share(self.share['id'])
|
||||
self.assertEqual(new_name, share["name"])
|
||||
self.assertEqual(new_desc, share["description"])
|
||||
self.assertTrue(share["is_public"])
|
||||
self.assertFalse(share["is_public"])
|
||||
|
||||
@decorators.idempotent_id('20f299f6-2441-4629-b44e-d791d57f413c')
|
||||
@tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
|
||||
|
|
|
@ -147,7 +147,6 @@ class SharesFromSnapshotAcrossPools(base.BaseSharesMixedTest):
|
|||
raise self.skipException(msg)
|
||||
azs = list(azs)
|
||||
share_a = self.create_share(share_type_id=self.share_type_id,
|
||||
is_public=True,
|
||||
availability_zone=azs[0])
|
||||
|
||||
# Create snapshot
|
||||
|
|
|
@ -34,22 +34,6 @@ class SharesNegativeTest(base.BaseSharesMixedTest):
|
|||
cls.share_type = cls._create_share_type()
|
||||
cls.share_type_id = cls.share_type['id']
|
||||
|
||||
# create share
|
||||
cls.share = cls.create_share(
|
||||
name='public_share',
|
||||
description='public_share_desc',
|
||||
share_type_id=cls.share_type_id,
|
||||
is_public=True,
|
||||
metadata={'key': 'value'}
|
||||
)
|
||||
|
||||
@decorators.idempotent_id('255011c0-4ed9-4174-bb13-8bbd06a62529')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_share_with_wrong_public_value(self):
|
||||
self.assertRaises(lib_exc.BadRequest,
|
||||
self.shares_client.update_share, self.share["id"],
|
||||
is_public="truebar")
|
||||
|
||||
@decorators.idempotent_id('b9bb8dee-0c7c-4e51-909c-028335b1a6a0')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
@testtools.skipUnless(CONF.share.run_snapshot_tests,
|
||||
|
@ -154,45 +138,6 @@ class SharesNegativeTest(base.BaseSharesMixedTest):
|
|||
snapshot_id=snap["id"],
|
||||
)
|
||||
|
||||
@decorators.idempotent_id('3443493b-f56a-4faa-9968-e7cbb0d2802f')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.update_share,
|
||||
self.share["id"],
|
||||
name="new_name")
|
||||
|
||||
@decorators.idempotent_id('68d1f1bc-16e4-4086-8982-7e44ca6bdc4d')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_delete_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.delete_share,
|
||||
self.share['id'])
|
||||
|
||||
@decorators.idempotent_id('1f9e5d84-0885-4a4b-9196-9031a1c01508')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_set_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.set_metadata,
|
||||
self.share['id'],
|
||||
{'key': 'value'})
|
||||
|
||||
@decorators.idempotent_id('fed7a935-9699-43a1-854e-67b61ba6233e')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_update_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.update_all_metadata,
|
||||
self.share['id'],
|
||||
{'key': 'value'})
|
||||
|
||||
@decorators.idempotent_id('bd62adeb-73c2-4b04-8812-80b479cd5c3b')
|
||||
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
|
||||
def test_delete_metadata_of_other_tenants_public_share(self):
|
||||
self.assertRaises(lib_exc.Forbidden,
|
||||
self.alt_shares_v2_client.delete_metadata,
|
||||
self.share['id'],
|
||||
'key')
|
||||
|
||||
|
||||
class SharesAPIOnlyNegativeTest(base.BaseSharesMixedTest):
|
||||
|
||||
|
|
Loading…
Reference in New Issue