diff --git a/manila_tempest_tests/services/share/json/shares_client.py b/manila_tempest_tests/services/share/json/shares_client.py index b2eabb4b..150c1e02 100644 --- a/manila_tempest_tests/services/share/json/shares_client.py +++ b/manila_tempest_tests/services/share/json/shares_client.py @@ -262,7 +262,8 @@ class SharesClient(rest_client.RestClient): (snapshot_name, status, self.build_timeout)) raise exceptions.TimeoutException(message) - def wait_for_access_rule_status(self, share_id, rule_id, status): + def wait_for_access_rule_status(self, share_id, rule_id, status, + raise_rule_in_error_state=True): """Waits for an access rule to reach a given status.""" rule_status = "new" start = int(time.time()) @@ -273,7 +274,7 @@ class SharesClient(rest_client.RestClient): if rule["id"] in rule_id: rule_status = rule['state'] break - if 'error' in rule_status: + if 'error' in rule_status and raise_rule_in_error_state: raise share_exceptions.AccessRuleBuildErrorException( rule_id=rule_id) diff --git a/manila_tempest_tests/tests/api/base.py b/manila_tempest_tests/tests/api/base.py index 7915eaf3..8b01cefe 100755 --- a/manila_tempest_tests/tests/api/base.py +++ b/manila_tempest_tests/tests/api/base.py @@ -738,7 +738,8 @@ class BaseSharesTest(test.BaseTestCase): access_to = "client3.com" elif protocol in CONF.share.enable_cephx_rules_for_protocols: access_type = "cephx" - access_to = "eve" + access_to = data_utils.rand_name( + cls.__class__.__name__ + '-cephx-id') else: message = "Unrecognized protocol and access rules configuration." raise cls.skipException(message) @@ -1082,6 +1083,25 @@ class BaseSharesTest(test.BaseTestCase): self.shares_v2_client.wait_for_share_status(share['id'], "error") return self.shares_v2_client.wait_for_message(share['id']) + def allow_access(self, share_id, client=None, access_type=None, + access_level='rw', access_to=None, status='active', + raise_rule_in_error_state=True, cleanup=True): + + client = client or self.shares_v2_client + a_type, a_to = self._get_access_rule_data_from_config() + access_type = access_type or a_type + access_to = access_to or a_to + + rule = client.create_access_rule(share_id, access_type, access_to, + access_level) + client.wait_for_access_rule_status(share_id, rule['id'], status, + raise_rule_in_error_state) + if cleanup: + self.addCleanup(client.wait_for_resource_deletion, + rule_id=rule['id'], share_id=share_id) + self.addCleanup(client.delete_access_rule, share_id, rule['id']) + return rule + class BaseSharesAltTest(BaseSharesTest): """Base test case class for all Shares Alt API tests.""" diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py index 0fb629eb..2f33ee16 100644 --- a/manila_tempest_tests/tests/api/test_rules_negative.py +++ b/manila_tempest_tests/tests/api/test_rules_negative.py @@ -20,7 +20,6 @@ import testtools from testtools import testcase as tc from manila_tempest_tests.common import constants -from manila_tempest_tests import share_exceptions from manila_tempest_tests.tests.api import base from manila_tempest_tests import utils @@ -389,10 +388,7 @@ class ShareCephxRulesForCephFSNegativeTest(base.BaseSharesMixedTest): @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) def test_different_tenants_cannot_use_same_cephx_id(self): # Grant access to the share - access1 = self.shares_v2_client.create_access_rule( - self.share['id'], self.access_type, self.access_to, 'rw') - self.shares_v2_client.wait_for_access_rule_status( - self.share['id'], access1['id'], 'active') + self.allow_access(self.share['id'], access_to=self.access_to) # Create second share by the new user share2 = self.create_share(client=self.alt_shares_v2_client, @@ -400,13 +396,47 @@ class ShareCephxRulesForCephFSNegativeTest(base.BaseSharesMixedTest): share_type_id=self.share_type_id) # Try grant access to the second share using the same cephx id as used - # on the first share - access2 = self.alt_shares_v2_client.create_access_rule( - share2['id'], self.access_type, self.access_to, 'rw') - self.assertRaises( - share_exceptions.AccessRuleBuildErrorException, - self.alt_shares_v2_client.wait_for_access_rule_status, - share2['id'], access2['id'], 'active') + # on the first share. + # Rule must be set to "error" status. + self.allow_access(share2['id'], client=self.alt_shares_v2_client, + access_to=self.access_to, status='error', + raise_rule_in_error_state=False) + + share_alt_updated = self.alt_shares_v2_client.get_share( + share2['id']) + self.assertEqual('error', share_alt_updated['access_rules_status']) + + @tc.attr(base.TAG_NEGATIVE, base.TAG_API) + def test_can_apply_new_cephx_rules_when_one_is_in_error_state(self): + # Create share on "primary" tenant + share_primary = self.create_share() + # Add access rule to "Joe" by "primary" user + self.allow_access(share_primary['id'], access_to='Joe') + + # Create share on "alt" tenant + share_alt = self.create_share(client=self.alt_shares_v2_client) + # Add access rule to "Joe" by "alt" user. + # Rule must be set to "error" status. + rule1 = self.allow_access(share_alt['id'], + client=self.alt_shares_v2_client, + access_to='Joe', + status='error', + raise_rule_in_error_state=False, + cleanup=False) + + # Share's "access_rules_status" must be in "error" status + share_alt_updated = self.alt_shares_v2_client.get_share( + share_alt['id']) + self.assertEqual('error', share_alt_updated['access_rules_status']) + + # Add second access rule to different client by "alt" user. + self.allow_access(share_alt['id'], client=self.alt_shares_v2_client) + + # Check share's access_rules_status has transitioned to "active" status + self.alt_shares_v2_client.delete_access_rule( + share_alt['id'], rule1['id']) + self.alt_shares_v2_client.wait_for_share_status( + share_alt['id'], 'active', status_attr='access_rules_status') @ddt.ddt