Refactor public share test cases

The RBAC policy defaults to create
a public share or to update an existing
share to public have changed since the
Stein release. [1]

Let's stop assuming that regular users
can perform these actions, so that manila
can safely remove the policy rule deprecation
support for these APIs.

[1] https://review.opendev.org/634864
Change-Id: I2a647fd5871ef6bb7d1ab45db893a44a560bed72
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>

manila_tempest_tests/tests/api/test_public_shares.py

@@ -0,0 +1,106 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from testtools import testcase as tc
+
+from manila_tempest_tests.tests.api import base
+
+CONF = config.CONF
+LATEST_MICROVERSION = CONF.share.max_api_microversion
+
+
+class PublicSharesTest(base.BaseSharesMixedTest):
+
+    @classmethod
+    def resource_setup(cls):
+        super(PublicSharesTest, cls).resource_setup()
+        # create share_type
+        share_type = cls._create_share_type()
+        cls.share_type_id = share_type['id']
+
+    @decorators.idempotent_id('557a0474-9e30-47b4-a766-19e2afb13e66')
+    @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+    def test_list_shares_public_with_detail(self):
+        # The default RBAC policy in manila only allows admin users with
+        # system scope to create public shares since the Stein release
+        public_share = self.create_share(
+            name='public_share - must be visible to all projects in the cloud',
+            description='public_share_desc',
+            share_type_id=self.share_type_id,
+            is_public=True,
+            cleanup_in_class=False,
+            client=self.admin_shares_v2_client,
+            version=LATEST_MICROVERSION
+        )
+        private_share = self.create_share(
+            name='private_share',
+            description='private share in the primary user project',
+            share_type_id=self.share_type_id,
+            is_public=False,
+            cleanup_in_class=False,
+            version=LATEST_MICROVERSION
+        )
+
+        params = {'is_public': True}
+        shares = self.alt_shares_v2_client.list_shares_with_detail(params)
+
+        keys = [
+            'status', 'description', 'links', 'availability_zone',
+            'created_at', 'share_proto', 'name', 'snapshot_id', 'id',
+            'size', 'project_id', 'is_public',
+        ]
+        [self.assertIn(key, sh.keys()) for sh in shares for key in keys]
+
+        retrieved_public_share = [
+            share for share in shares if share['id'] == public_share['id']
+        ]
+        msg = 'expected id lists %s times in share list' % (
+            len(retrieved_public_share))
+        self.assertEqual(1, len(retrieved_public_share), msg)
+        self.assertTrue(retrieved_public_share[0]['is_public'])
+
+        self.assertFalse(any([s['id'] == private_share['id'] for s in shares]))
+
+    @decorators.idempotent_id('e073182e-459d-4e08-9300-5bc964ca806b')
+    @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
+    def test_update_share_set_is_public(self):
+        share_name = data_utils.rand_name('tempest-share-name')
+        share = self.create_share(name=share_name,
+                                  description='a share we will update',
+                                  share_type_id=self.share_type_id,
+                                  is_public=False,
+                                  cleanup_in_class=False,
+                                  version=LATEST_MICROVERSION)
+
+        share = self.shares_v2_client.get_share(share['id'])
+        self.assertEqual(share_name, share['name'])
+        self.assertEqual('a share we will update', share['description'])
+        self.assertFalse(share['is_public'])
+
+        # update share, manila's default RBAC only allows administrator
+        # users with a system scope token to update a private share to public
+        new_name = data_utils.rand_name('tempest-new-share-name')
+        new_desc = 'share is now updated'
+        updated = self.admin_shares_v2_client.update_share(
+            share['id'], name=new_name, desc=new_desc, is_public=True)
+        self.assertEqual(new_name, updated['name'])
+        self.assertEqual(new_desc, updated['description'])
+        self.assertTrue(updated['is_public'])
+
+        # this share must now be publicly accessible
+        share = self.alt_shares_v2_client.get_share(share['id'])
+        self.assertEqual(new_name, share['name'])
+        self.assertEqual(new_desc, share['description'])
+        self.assertTrue(share['is_public'])

manila_tempest_tests/tests/api/test_public_shares_negative.py

@@ -0,0 +1,84 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
+from testtools import testcase as tc
+
+from manila_tempest_tests.tests.api import base
+
+
+class PublicSharesNegativeTest(base.BaseSharesMixedTest):
+
+    @classmethod
+    def resource_setup(cls):
+        super(PublicSharesNegativeTest, cls).resource_setup()
+        # create share_type
+        share_type = cls._create_share_type()
+        share_type_id = share_type['id']
+        # create a public share - manila's default RBAC only allows
+        # administrator users operating at system scope to create public shares
+        cls.share = cls.create_share(
+            name='public_share',
+            description='public_share_desc',
+            share_type_id=share_type_id,
+            is_public=True,
+            metadata={'key': 'value'},
+            client=cls.admin_shares_v2_client
+        )
+
+    @decorators.idempotent_id('255011c0-4ed9-4174-bb13-8bbd06a62529')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_update_share_with_wrong_public_value(self):
+        self.assertRaises(lib_exc.BadRequest,
+                          self.admin_shares_v2_client.update_share,
+                          self.share["id"],
+                          is_public="truebar")
+
+    @decorators.idempotent_id('3443493b-f56a-4faa-9968-e7cbb0d2802f')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_update_other_tenants_public_share(self):
+        self.assertRaises(lib_exc.Forbidden,
+                          self.alt_shares_v2_client.update_share,
+                          self.share["id"],
+                          name="new_name")
+
+    @decorators.idempotent_id('68d1f1bc-16e4-4086-8982-7e44ca6bdc4d')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_delete_other_tenants_public_share(self):
+        self.assertRaises(lib_exc.Forbidden,
+                          self.alt_shares_v2_client.delete_share,
+                          self.share['id'])
+
+    @decorators.idempotent_id('1f9e5d84-0885-4a4b-9196-9031a1c01508')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_set_metadata_of_other_tenants_public_share(self):
+        self.assertRaises(lib_exc.Forbidden,
+                          self.alt_shares_v2_client.set_metadata,
+                          self.share['id'],
+                          {'key': 'value'})
+
+    @decorators.idempotent_id('fed7a935-9699-43a1-854e-67b61ba6233e')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_update_metadata_of_other_tenants_public_share(self):
+        self.assertRaises(lib_exc.Forbidden,
+                          self.alt_shares_v2_client.update_all_metadata,
+                          self.share['id'],
+                          {'key': 'value'})
+
+    @decorators.idempotent_id('bd62adeb-73c2-4b04-8812-80b479cd5c3b')
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_delete_metadata_of_other_tenants_public_share(self):
+        self.assertRaises(lib_exc.Forbidden,
+                          self.alt_shares_v2_client.delete_metadata,
+                          self.share['id'],
+                          'key')

manila_tempest_tests/tests/api/test_shares_actions.py

@@ -435,40 +435,6 @@ class SharesActionsTest(base.BaseSharesMixedTest):
         shares = self.shares_v2_client.list_shares_with_detail(params)
         self.assertGreater(shares["count"], 0)
 
-    @decorators.idempotent_id('557a0474-9e30-47b4-a766-19e2afb13e66')
-    @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
-    def test_list_shares_public_with_detail(self):
-        public_share = self.create_share(
-            name='public_share',
-            description='public_share_desc',
-            share_type_id=self.share_type_id,
-            is_public=True,
-            cleanup_in_class=False
-        )
-        private_share = self.create_share(
-            name='private_share',
-            description='private_share_desc',
-            share_type_id=self.share_type_id,
-            is_public=False,
-            cleanup_in_class=False
-        )
-
-        params = {"is_public": True}
-        shares = self.alt_shares_client.list_shares_with_detail(params)
-
-        keys = [
-            "status", "description", "links", "availability_zone",
-            "created_at", "export_location", "share_proto",
-            "name", "snapshot_id", "id", "size", "project_id", "is_public",
-        ]
-        [self.assertIn(key, sh.keys()) for sh in shares for key in keys]
-
-        gen = [sid["id"] for sid in shares if sid["id"] == public_share["id"]]
-        msg = "expected id lists %s times in share list" % (len(gen))
-        self.assertEqual(1, len(gen), msg)
-
-        self.assertFalse(any([s["id"] == private_share["id"] for s in shares]))
-
     @decorators.idempotent_id('174829eb-fd3e-46ef-880b-f05c3d44d1fe')
     @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)
     @testtools.skipUnless(CONF.share.run_snapshot_tests,
@@ -748,16 +714,15 @@ class SharesRenameTest(base.BaseSharesMixedTest):
         new_name = data_utils.rand_name("tempest-new-name")
         new_desc = data_utils.rand_name("tempest-new-description")
         updated = self.shares_client.update_share(
-            share["id"], new_name, new_desc, is_public=True)
+            share["id"], name=new_name, desc=new_desc)
         self.assertEqual(new_name, updated["name"])
         self.assertEqual(new_desc, updated["description"])
-        self.assertTrue(updated["is_public"])
 
         # get share
         share = self.shares_client.get_share(self.share['id'])
         self.assertEqual(new_name, share["name"])
         self.assertEqual(new_desc, share["description"])
-        self.assertTrue(share["is_public"])
+        self.assertFalse(share["is_public"])
 
     @decorators.idempotent_id('20f299f6-2441-4629-b44e-d791d57f413c')
     @tc.attr(base.TAG_POSITIVE, base.TAG_API_WITH_BACKEND)

manila_tempest_tests/tests/api/test_shares_from_snapshot_across_pools.py

@@ -147,7 +147,6 @@ class SharesFromSnapshotAcrossPools(base.BaseSharesMixedTest):
             raise self.skipException(msg)
         azs = list(azs)
         share_a = self.create_share(share_type_id=self.share_type_id,
-                                    is_public=True,
                                     availability_zone=azs[0])
 
         # Create snapshot

manila_tempest_tests/tests/api/test_shares_negative.py

@@ -34,22 +34,6 @@ class SharesNegativeTest(base.BaseSharesMixedTest):
         cls.share_type = cls._create_share_type()
         cls.share_type_id = cls.share_type['id']
 
-        # create share
-        cls.share = cls.create_share(
-            name='public_share',
-            description='public_share_desc',
-            share_type_id=cls.share_type_id,
-            is_public=True,
-            metadata={'key': 'value'}
-        )
-
-    @decorators.idempotent_id('255011c0-4ed9-4174-bb13-8bbd06a62529')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_update_share_with_wrong_public_value(self):
-        self.assertRaises(lib_exc.BadRequest,
-                          self.shares_client.update_share, self.share["id"],
-                          is_public="truebar")
-
     @decorators.idempotent_id('b9bb8dee-0c7c-4e51-909c-028335b1a6a0')
     @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
     @testtools.skipUnless(CONF.share.run_snapshot_tests,
@@ -154,45 +138,6 @@ class SharesNegativeTest(base.BaseSharesMixedTest):
             snapshot_id=snap["id"],
         )
 
-    @decorators.idempotent_id('3443493b-f56a-4faa-9968-e7cbb0d2802f')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_update_other_tenants_public_share(self):
-        self.assertRaises(lib_exc.Forbidden,
-                          self.alt_shares_v2_client.update_share,
-                          self.share["id"],
-                          name="new_name")
-
-    @decorators.idempotent_id('68d1f1bc-16e4-4086-8982-7e44ca6bdc4d')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_delete_other_tenants_public_share(self):
-        self.assertRaises(lib_exc.Forbidden,
-                          self.alt_shares_v2_client.delete_share,
-                          self.share['id'])
-
-    @decorators.idempotent_id('1f9e5d84-0885-4a4b-9196-9031a1c01508')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_set_metadata_of_other_tenants_public_share(self):
-        self.assertRaises(lib_exc.Forbidden,
-                          self.alt_shares_v2_client.set_metadata,
-                          self.share['id'],
-                          {'key': 'value'})
-
-    @decorators.idempotent_id('fed7a935-9699-43a1-854e-67b61ba6233e')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_update_metadata_of_other_tenants_public_share(self):
-        self.assertRaises(lib_exc.Forbidden,
-                          self.alt_shares_v2_client.update_all_metadata,
-                          self.share['id'],
-                          {'key': 'value'})
-
-    @decorators.idempotent_id('bd62adeb-73c2-4b04-8812-80b479cd5c3b')
-    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_delete_metadata_of_other_tenants_public_share(self):
-        self.assertRaises(lib_exc.Forbidden,
-                          self.alt_shares_v2_client.delete_metadata,
-                          self.share['id'],
-                          'key')
-
 
 class SharesAPIOnlyNegativeTest(base.BaseSharesMixedTest):