da45177a2f
The tenant_id property of RestClient in tempest was deprecated in 25.0.0. This replaces the deprecated property by the new project_id property to avoid the following warning. WARNING tempest.lib.common.rest_client [-] Deprecated: "tenant_id" property is deprecated for removal, use "project_id" instead Depends-on: https://review.opendev.org/c/openstack/tempest/+/707938 Change-Id: Ie3c32f9f2278b78603a4214c5717df8691ba490a
591 lines
26 KiB
Python
591 lines
26 KiB
Python
# Copyright 2015 Hewlett-Packard Development Company, L.P.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
import testtools
|
|
|
|
from tempest.common import utils
|
|
from tempest.lib.common.utils import data_utils
|
|
from tempest.lib import decorators
|
|
from tempest.lib import exceptions as lib_exc
|
|
|
|
from neutron_tempest_plugin.api import base
|
|
|
|
SUBNETPOOL_NAME = 'smoke-subnetpool'
|
|
SUBNET_NAME = 'smoke-subnet'
|
|
|
|
|
|
class SubnetPoolsTestBase(base.BaseAdminNetworkTest):
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(SubnetPoolsTestBase, cls).resource_setup()
|
|
min_prefixlen = '29'
|
|
prefixes = [u'10.11.12.0/24']
|
|
cls._subnetpool_data = {'prefixes': prefixes,
|
|
'min_prefixlen': min_prefixlen}
|
|
|
|
@classmethod
|
|
def _create_subnetpool(cls, is_admin=False, **kwargs):
|
|
if 'name' not in kwargs:
|
|
name = data_utils.rand_name(SUBNETPOOL_NAME)
|
|
else:
|
|
name = kwargs.pop('name')
|
|
|
|
if 'prefixes' not in kwargs:
|
|
kwargs['prefixes'] = cls._subnetpool_data['prefixes']
|
|
|
|
if 'min_prefixlen' not in kwargs:
|
|
kwargs['min_prefixlen'] = cls._subnetpool_data['min_prefixlen']
|
|
|
|
return cls.create_subnetpool(name=name, is_admin=is_admin, **kwargs)
|
|
|
|
|
|
class SubnetPoolsTest(SubnetPoolsTestBase):
|
|
|
|
min_prefixlen = '28'
|
|
max_prefixlen = '30'
|
|
_ip_version = 4
|
|
subnet_cidr = u'10.11.12.0/29'
|
|
new_prefix = u'10.11.15.0/24'
|
|
larger_prefix = u'10.11.0.0/16'
|
|
|
|
"""Test Subnet Pools
|
|
|
|
Tests the following operations in the Neutron API using the REST client for
|
|
Neutron:
|
|
|
|
create a subnetpool for a tenant
|
|
list tenant's subnetpools
|
|
show a tenant subnetpool details
|
|
subnetpool update
|
|
delete a subnetpool
|
|
|
|
All subnetpool tests are run once with ipv4 and once with ipv6.
|
|
|
|
v2.0 of the Neutron API is assumed.
|
|
|
|
"""
|
|
|
|
def _new_subnetpool_attributes(self):
|
|
new_name = data_utils.rand_name(SUBNETPOOL_NAME)
|
|
return {'name': new_name, 'min_prefixlen': self.min_prefixlen,
|
|
'max_prefixlen': self.max_prefixlen}
|
|
|
|
def _check_equality_updated_subnetpool(self, expected_values,
|
|
updated_pool):
|
|
self.assertEqual(expected_values['name'],
|
|
updated_pool['name'])
|
|
self.assertEqual(expected_values['min_prefixlen'],
|
|
updated_pool['min_prefixlen'])
|
|
self.assertEqual(expected_values['max_prefixlen'],
|
|
updated_pool['max_prefixlen'])
|
|
# expected_values may not contains all subnetpool values
|
|
if 'prefixes' in expected_values:
|
|
self.assertEqual(expected_values['prefixes'],
|
|
updated_pool['prefixes'])
|
|
|
|
@decorators.idempotent_id('6e1781ec-b45b-4042-aebe-f485c022996e')
|
|
def test_create_list_subnetpool(self):
|
|
created_subnetpool = self._create_subnetpool()
|
|
body = self.client.list_subnetpools()
|
|
subnetpools = body['subnetpools']
|
|
self.assertIn(created_subnetpool['id'],
|
|
[sp['id'] for sp in subnetpools],
|
|
"Created subnetpool id should be in the list")
|
|
self.assertIn(created_subnetpool['name'],
|
|
[sp['name'] for sp in subnetpools],
|
|
"Created subnetpool name should be in the list")
|
|
|
|
@decorators.idempotent_id('c72c1c0c-2193-4aca-ddd4-b1442640bbbb')
|
|
@utils.requires_ext(extension="standard-attr-description",
|
|
service="network")
|
|
def test_create_update_subnetpool_description(self):
|
|
body = self._create_subnetpool(description='d1')
|
|
self.assertEqual('d1', body['description'])
|
|
sub_id = body['id']
|
|
subnet_pools = [x for x in
|
|
self.client.list_subnetpools()['subnetpools'] if x['id'] == sub_id]
|
|
body = subnet_pools[0]
|
|
self.assertEqual('d1', body['description'])
|
|
body = self.client.update_subnetpool(sub_id, description='d2')
|
|
self.assertEqual('d2', body['subnetpool']['description'])
|
|
subnet_pools = [x for x in
|
|
self.client.list_subnetpools()['subnetpools'] if x['id'] == sub_id]
|
|
body = subnet_pools[0]
|
|
self.assertEqual('d2', body['description'])
|
|
|
|
@decorators.idempotent_id('741d08c2-1e3f-42be-99c7-0ea93c5b728c')
|
|
def test_get_subnetpool(self):
|
|
created_subnetpool = self._create_subnetpool()
|
|
prefixlen = self._subnetpool_data['min_prefixlen']
|
|
body = self.client.show_subnetpool(created_subnetpool['id'])
|
|
subnetpool = body['subnetpool']
|
|
self.assertEqual(created_subnetpool['name'], subnetpool['name'])
|
|
self.assertEqual(created_subnetpool['id'], subnetpool['id'])
|
|
self.assertEqual(prefixlen, subnetpool['min_prefixlen'])
|
|
self.assertEqual(prefixlen, subnetpool['default_prefixlen'])
|
|
self.assertFalse(subnetpool['shared'])
|
|
|
|
@decorators.idempotent_id('5bf9f1e2-efc8-4195-acf3-d12b2bd68dd3')
|
|
@utils.requires_ext(extension="project-id", service="network")
|
|
def test_show_subnetpool_has_project_id(self):
|
|
subnetpool = self._create_subnetpool()
|
|
body = self.client.show_subnetpool(subnetpool['id'])
|
|
show_subnetpool = body['subnetpool']
|
|
self.assertIn('project_id', show_subnetpool)
|
|
self.assertIn('tenant_id', show_subnetpool)
|
|
self.assertEqual(self.client.project_id, show_subnetpool['project_id'])
|
|
self.assertEqual(self.client.project_id, show_subnetpool['tenant_id'])
|
|
|
|
@decorators.idempotent_id('764f1b93-1c4a-4513-9e7b-6c2fc5e9270c')
|
|
def test_tenant_update_subnetpool(self):
|
|
created_subnetpool = self._create_subnetpool()
|
|
pool_id = created_subnetpool['id']
|
|
subnetpool_data = self._new_subnetpool_attributes()
|
|
self.client.update_subnetpool(created_subnetpool['id'],
|
|
**subnetpool_data)
|
|
|
|
body = self.client.show_subnetpool(pool_id)
|
|
subnetpool = body['subnetpool']
|
|
self._check_equality_updated_subnetpool(subnetpool_data,
|
|
subnetpool)
|
|
self.assertFalse(subnetpool['shared'])
|
|
|
|
@decorators.idempotent_id('4b496082-c992-4319-90be-d4a7ce646290')
|
|
def test_update_subnetpool_prefixes_append(self):
|
|
# We can append new prefixes to subnetpool
|
|
create_subnetpool = self._create_subnetpool()
|
|
pool_id = create_subnetpool['id']
|
|
old_prefixes = self._subnetpool_data['prefixes']
|
|
new_prefixes = old_prefixes[:]
|
|
new_prefixes.append(self.new_prefix)
|
|
subnetpool_data = {'prefixes': new_prefixes}
|
|
self.client.update_subnetpool(pool_id, **subnetpool_data)
|
|
body = self.client.show_subnetpool(pool_id)
|
|
prefixes = body['subnetpool']['prefixes']
|
|
self.assertIn(self.new_prefix, prefixes)
|
|
self.assertIn(old_prefixes[0], prefixes)
|
|
|
|
@decorators.idempotent_id('2cae5d6a-9d32-42d8-8067-f13970ae13bb')
|
|
def test_update_subnetpool_prefixes_extend(self):
|
|
# We can extend current subnetpool prefixes
|
|
created_subnetpool = self._create_subnetpool()
|
|
pool_id = created_subnetpool['id']
|
|
old_prefixes = self._subnetpool_data['prefixes']
|
|
subnetpool_data = {'prefixes': [self.larger_prefix]}
|
|
self.client.update_subnetpool(pool_id, **subnetpool_data)
|
|
body = self.client.show_subnetpool(pool_id)
|
|
prefixes = body['subnetpool']['prefixes']
|
|
self.assertIn(self.larger_prefix, prefixes)
|
|
self.assertNotIn(old_prefixes[0], prefixes)
|
|
|
|
@decorators.idempotent_id('d70c6c35-913b-4f24-909f-14cd0d29b2d2')
|
|
def test_admin_create_shared_subnetpool(self):
|
|
created_subnetpool = self._create_subnetpool(is_admin=True,
|
|
shared=True)
|
|
pool_id = created_subnetpool['id']
|
|
# Shared subnetpool can be retrieved by tenant user.
|
|
body = self.client.show_subnetpool(pool_id)
|
|
subnetpool = body['subnetpool']
|
|
self.assertEqual(created_subnetpool['name'], subnetpool['name'])
|
|
self.assertTrue(subnetpool['shared'])
|
|
|
|
def _create_subnet_from_pool(self, subnet_values=None, pool_values=None):
|
|
if pool_values is None:
|
|
pool_values = {}
|
|
|
|
created_subnetpool = self._create_subnetpool(**pool_values)
|
|
pool_id = created_subnetpool['id']
|
|
subnet_name = data_utils.rand_name(SUBNETPOOL_NAME)
|
|
network = self.create_network()
|
|
subnet_kwargs = {'name': subnet_name,
|
|
'subnetpool_id': pool_id}
|
|
if subnet_values:
|
|
subnet_kwargs.update(subnet_values)
|
|
# not creating the subnet using the base.create_subnet because
|
|
# that function needs to be enhanced to support subnet_create when
|
|
# prefixlen and subnetpool_id is specified.
|
|
body = self.client.create_subnet(
|
|
network_id=network['id'],
|
|
ip_version=self._ip_version,
|
|
**subnet_kwargs)
|
|
subnet = body['subnet']
|
|
return pool_id, subnet
|
|
|
|
@decorators.idempotent_id('1362ed7d-3089-42eb-b3a5-d6cb8398ee77')
|
|
def test_create_subnet_from_pool_with_prefixlen(self):
|
|
subnet_values = {"prefixlen": self.max_prefixlen}
|
|
pool_id, subnet = self._create_subnet_from_pool(
|
|
subnet_values=subnet_values)
|
|
cidr = str(subnet['cidr'])
|
|
self.assertEqual(pool_id, subnet['subnetpool_id'])
|
|
self.assertTrue(cidr.endswith(str(self.max_prefixlen)))
|
|
|
|
@decorators.idempotent_id('86b86189-9789-4582-9c3b-7e2bfe5735ee')
|
|
def test_create_subnet_from_pool_with_subnet_cidr(self):
|
|
subnet_values = {"cidr": self.subnet_cidr}
|
|
pool_id, subnet = self._create_subnet_from_pool(
|
|
subnet_values=subnet_values)
|
|
cidr = str(subnet['cidr'])
|
|
self.assertEqual(pool_id, subnet['subnetpool_id'])
|
|
self.assertEqual(cidr, self.subnet_cidr)
|
|
|
|
@decorators.idempotent_id('83f76e3a-9c40-40c2-a015-b7c5242178d8')
|
|
def test_create_subnet_from_pool_with_default_prefixlen(self):
|
|
# If neither cidr nor prefixlen is specified,
|
|
# subnet will use subnetpool default_prefixlen for cidr.
|
|
pool_id, subnet = self._create_subnet_from_pool()
|
|
cidr = str(subnet['cidr'])
|
|
self.assertEqual(pool_id, subnet['subnetpool_id'])
|
|
prefixlen = self._subnetpool_data['min_prefixlen']
|
|
self.assertTrue(cidr.endswith(str(prefixlen)))
|
|
|
|
@decorators.idempotent_id('a64af292-ec52-4bde-b654-a6984acaf477')
|
|
def test_create_subnet_from_pool_with_quota(self):
|
|
pool_values = {'default_quota': 4}
|
|
subnet_values = {"prefixlen": self.max_prefixlen}
|
|
pool_id, subnet = self._create_subnet_from_pool(
|
|
subnet_values=subnet_values, pool_values=pool_values)
|
|
cidr = str(subnet['cidr'])
|
|
self.assertEqual(pool_id, subnet['subnetpool_id'])
|
|
self.assertTrue(cidr.endswith(str(self.max_prefixlen)))
|
|
|
|
@decorators.idempotent_id('49b44c64-1619-4b29-b527-ffc3c3115dc4')
|
|
@utils.requires_ext(extension='address-scope', service='network')
|
|
def test_create_subnetpool_associate_address_scope(self):
|
|
address_scope = self.create_address_scope(
|
|
name=data_utils.rand_name('smoke-address-scope'),
|
|
ip_version=self._ip_version)
|
|
created_subnetpool = self._create_subnetpool(
|
|
address_scope_id=address_scope['id'])
|
|
body = self.client.show_subnetpool(created_subnetpool['id'])
|
|
self.assertEqual(address_scope['id'],
|
|
body['subnetpool']['address_scope_id'])
|
|
|
|
@decorators.idempotent_id('910b6393-db24-4f6f-87dc-b36892ad6c8c')
|
|
@utils.requires_ext(extension='address-scope', service='network')
|
|
def test_update_subnetpool_associate_address_scope(self):
|
|
address_scope = self.create_address_scope(
|
|
name=data_utils.rand_name('smoke-address-scope'),
|
|
ip_version=self._ip_version)
|
|
created_subnetpool = self._create_subnetpool()
|
|
pool_id = created_subnetpool['id']
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertIsNone(body['subnetpool']['address_scope_id'])
|
|
self.client.update_subnetpool(pool_id,
|
|
address_scope_id=address_scope['id'])
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertEqual(address_scope['id'],
|
|
body['subnetpool']['address_scope_id'])
|
|
|
|
@decorators.idempotent_id('18302e80-46a3-4563-82ac-ccd1dd57f652')
|
|
@utils.requires_ext(extension='address-scope', service='network')
|
|
def test_update_subnetpool_associate_another_address_scope(self):
|
|
address_scope = self.create_address_scope(
|
|
name=data_utils.rand_name('smoke-address-scope'),
|
|
ip_version=self._ip_version)
|
|
another_address_scope = self.create_address_scope(
|
|
name=data_utils.rand_name('smoke-address-scope'),
|
|
ip_version=self._ip_version)
|
|
created_subnetpool = self._create_subnetpool(
|
|
address_scope_id=address_scope['id'])
|
|
pool_id = created_subnetpool['id']
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertEqual(address_scope['id'],
|
|
body['subnetpool']['address_scope_id'])
|
|
self.client.update_subnetpool(
|
|
pool_id, address_scope_id=another_address_scope['id'])
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertEqual(another_address_scope['id'],
|
|
body['subnetpool']['address_scope_id'])
|
|
|
|
@decorators.idempotent_id('f8970048-e41b-42d6-934b-a1297b07706a')
|
|
@utils.requires_ext(extension='address-scope', service='network')
|
|
def test_update_subnetpool_disassociate_address_scope(self):
|
|
address_scope = self.create_address_scope(
|
|
name=data_utils.rand_name('smoke-address-scope'),
|
|
ip_version=self._ip_version)
|
|
created_subnetpool = self._create_subnetpool(
|
|
address_scope_id=address_scope['id'])
|
|
pool_id = created_subnetpool['id']
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertEqual(address_scope['id'],
|
|
body['subnetpool']['address_scope_id'])
|
|
self.client.update_subnetpool(pool_id,
|
|
address_scope_id=None)
|
|
body = self.client.show_subnetpool(pool_id)
|
|
self.assertIsNone(body['subnetpool']['address_scope_id'])
|
|
|
|
@decorators.idempotent_id('4c6963c2-f54c-4347-b288-75d18421c4c4')
|
|
@utils.requires_ext(extension='default-subnetpools', service='network')
|
|
def test_tenant_create_non_default_subnetpool(self):
|
|
"""Test creates a subnetpool, the "is_default" attribute is False."""
|
|
created_subnetpool = self._create_subnetpool()
|
|
self.assertFalse(created_subnetpool['is_default'])
|
|
|
|
|
|
class SubnetPoolsTestV6(SubnetPoolsTest):
|
|
|
|
min_prefixlen = '48'
|
|
max_prefixlen = '64'
|
|
_ip_version = 6
|
|
subnet_cidr = '2001:db8:3::/64'
|
|
new_prefix = u'2001:db8:5::/64'
|
|
larger_prefix = u'2001:db8::/32'
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(SubnetPoolsTestV6, cls).resource_setup()
|
|
min_prefixlen = '64'
|
|
prefixes = [u'2001:db8:3::/48']
|
|
cls._subnetpool_data = {'min_prefixlen': min_prefixlen,
|
|
'prefixes': prefixes}
|
|
|
|
@decorators.idempotent_id('f62d73dc-cf6f-4879-b94b-dab53982bf3b')
|
|
def test_create_dual_stack_subnets_from_subnetpools(self):
|
|
pool_id_v6, subnet_v6 = self._create_subnet_from_pool()
|
|
pool_values_v4 = {'prefixes': ['192.168.0.0/16'],
|
|
'min_prefixlen': 21,
|
|
'max_prefixlen': 32}
|
|
create_v4_subnetpool = self._create_subnetpool(**pool_values_v4)
|
|
pool_id_v4 = create_v4_subnetpool['id']
|
|
subnet_v4 = self.client.create_subnet(
|
|
network_id=subnet_v6['network_id'], ip_version=4,
|
|
subnetpool_id=pool_id_v4)['subnet']
|
|
self.assertEqual(subnet_v4['network_id'], subnet_v6['network_id'])
|
|
|
|
|
|
class SubnetPoolsSearchCriteriaTest(base.BaseSearchCriteriaTest,
|
|
SubnetPoolsTestBase):
|
|
|
|
resource = 'subnetpool'
|
|
|
|
list_kwargs = {'shared': False}
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(SubnetPoolsSearchCriteriaTest, cls).resource_setup()
|
|
for name in cls.resource_names:
|
|
cls._create_subnetpool(name=name)
|
|
|
|
@decorators.idempotent_id('6e3f842e-6bfb-49cb-82d3-0026be4e8e04')
|
|
def test_list_sorts_asc(self):
|
|
self._test_list_sorts_asc()
|
|
|
|
@decorators.idempotent_id('f336859b-b868-438c-a6fc-2c06374115f2')
|
|
def test_list_sorts_desc(self):
|
|
self._test_list_sorts_desc()
|
|
|
|
@decorators.idempotent_id('1291fae7-c196-4372-ad59-ce7988518f7b')
|
|
def test_list_pagination(self):
|
|
self._test_list_pagination()
|
|
|
|
@decorators.idempotent_id('ddb20d14-1952-49b4-a17e-231cc2239a52')
|
|
def test_list_pagination_with_marker(self):
|
|
self._test_list_pagination_with_marker()
|
|
|
|
@decorators.idempotent_id('b3bd9665-2769-4a43-b50c-31b1add12891')
|
|
def test_list_pagination_with_href_links(self):
|
|
self._test_list_pagination_with_href_links()
|
|
|
|
@decorators.idempotent_id('1ec1f325-43b0-406e-96ce-20539e38a61d')
|
|
def test_list_pagination_page_reverse_asc(self):
|
|
self._test_list_pagination_page_reverse_asc()
|
|
|
|
@decorators.idempotent_id('f43a293e-4aaa-48f4-aeaf-de63a676357c')
|
|
def test_list_pagination_page_reverse_desc(self):
|
|
self._test_list_pagination_page_reverse_desc()
|
|
|
|
@decorators.idempotent_id('73511385-839c-4829-8ac1-b5ad992126c4')
|
|
def test_list_pagination_page_reverse_with_href_links(self):
|
|
self._test_list_pagination_page_reverse_with_href_links()
|
|
|
|
@decorators.idempotent_id('82a13efc-c18f-4249-b8ec-cec7cf26fbd6')
|
|
def test_list_no_pagination_limit_0(self):
|
|
self._test_list_no_pagination_limit_0()
|
|
|
|
@decorators.idempotent_id('27feb3f8-40f4-4e50-8cd2-7d0096a98682')
|
|
def test_list_validation_filters(self):
|
|
self._test_list_validation_filters(self.list_kwargs)
|
|
self._test_list_validation_filters({
|
|
'unknown_filter': 'value'}, filter_is_valid=False)
|
|
|
|
|
|
class RbacSubnetPoolTest(SubnetPoolsTestBase):
|
|
|
|
force_tenant_isolation = True
|
|
credentials = ['primary', 'alt', 'admin']
|
|
required_extensions = ['rbac-subnetpool']
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(RbacSubnetPoolTest, cls).resource_setup()
|
|
cls.client2 = cls.os_alt.network_client
|
|
|
|
def _make_admin_snp_shared_to_project_id(self, project_id):
|
|
snp = self._create_subnetpool(is_admin=True)
|
|
rbac_policy = self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool',
|
|
object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=project_id,
|
|
)['rbac_policy']
|
|
return {'subnetpool': snp, 'rbac_policy': rbac_policy}
|
|
|
|
@decorators.idempotent_id('71b35ad0-51cd-40da-985d-89a51c95ec6a')
|
|
def test_policy_target_update(self):
|
|
res = self._make_admin_snp_shared_to_project_id(
|
|
self.client.project_id)
|
|
# change to client2
|
|
update_res = self.admin_client.update_rbac_policy(
|
|
res['rbac_policy']['id'], target_tenant=self.client2.project_id)
|
|
self.assertEqual(self.client2.project_id,
|
|
update_res['rbac_policy']['target_tenant'])
|
|
# make sure everything else stayed the same
|
|
res['rbac_policy'].pop('target_tenant')
|
|
update_res['rbac_policy'].pop('target_tenant')
|
|
self.assertEqual(res['rbac_policy'], update_res['rbac_policy'])
|
|
|
|
@decorators.idempotent_id('451d9d38-65a0-4916-a805-1460d6a938d1')
|
|
def test_subnet_presence_prevents_rbac_policy_deletion(self):
|
|
res = self._make_admin_snp_shared_to_project_id(
|
|
self.client2.project_id)
|
|
network = self.create_network(client=self.client2)
|
|
subnet = self.client2.create_subnet(
|
|
network_id=network['id'],
|
|
ip_version=4,
|
|
subnetpool_id=res['subnetpool']['id'],
|
|
name=data_utils.rand_name("rbac-subnetpool"),
|
|
)["subnet"]
|
|
self.addCleanup(self.client2.delete_network, network['id'])
|
|
self.addCleanup(
|
|
self.admin_client.delete_subnetpool,
|
|
res['subnetpool']['id']
|
|
)
|
|
self.addCleanup(self.client2.delete_subnet, subnet['id'])
|
|
|
|
# a port with shared sg should prevent the deletion of an
|
|
# rbac-policy required for it to be shared
|
|
with testtools.ExpectedException(lib_exc.Conflict):
|
|
self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
|
|
|
|
@decorators.idempotent_id('f74a71de-9abf-49c6-8199-4ac7f53e383b')
|
|
@utils.requires_ext(extension='rbac-address-scope', service='network')
|
|
def test_cannot_share_if_no_access_to_address_scope(self):
|
|
# Create Address Scope shared only to client but not to client2
|
|
a_s = self.admin_client.create_address_scope(
|
|
name=data_utils.rand_name("rbac-subnetpool"),
|
|
ip_version=4
|
|
)["address_scope"]
|
|
rbac_policy = self.admin_client.create_rbac_policy(
|
|
object_type='address_scope', object_id=a_s['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.client.project_id)['rbac_policy']
|
|
|
|
# Create subnet pool owned by client with shared AS
|
|
snp = self._create_subnetpool(address_scope_id=a_s["id"])
|
|
|
|
with testtools.ExpectedException(lib_exc.BadRequest):
|
|
self.client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.client2.project_id
|
|
)
|
|
|
|
# cleanup
|
|
self.client.delete_subnetpool(snp["id"])
|
|
self.admin_client.delete_rbac_policy(rbac_policy['id'])
|
|
self.admin_client.delete_address_scope(a_s['id'])
|
|
|
|
@decorators.idempotent_id('9cf8bba5-0163-4083-9397-678bb9b5f5a2')
|
|
def test_regular_client_shares_to_another_regular_client(self):
|
|
# owned by self.admin_client
|
|
snp = self._create_subnetpool(is_admin=True)
|
|
with testtools.ExpectedException(lib_exc.NotFound):
|
|
self.client.show_subnetpool(snp['id'])
|
|
rbac_policy = self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.client.project_id)['rbac_policy']
|
|
self.client.show_subnetpool(snp['id'])
|
|
|
|
self.assertIn(rbac_policy,
|
|
self.admin_client.list_rbac_policies()['rbac_policies'])
|
|
# ensure that 'client2' can't see the rbac-policy sharing the
|
|
# as to it because the rbac-policy belongs to 'client'
|
|
self.assertNotIn(rbac_policy['id'], [p['id'] for p in
|
|
self.client2.list_rbac_policies()['rbac_policies']])
|
|
|
|
@decorators.idempotent_id('17b2b437-a5fa-4340-ad98-912a986d0d7c')
|
|
def test_filter_fields(self):
|
|
snp = self._create_subnetpool()
|
|
self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared', target_tenant=self.client2.project_id)
|
|
field_args = (('id',), ('id', 'action'), ('object_type', 'object_id'),
|
|
('project_id', 'target_tenant'))
|
|
for fields in field_args:
|
|
res = self.admin_client.list_rbac_policies(fields=fields)
|
|
self.assertEqual(set(fields), set(res['rbac_policies'][0].keys()))
|
|
|
|
@decorators.idempotent_id('e59e4502-4e6a-4e49-b446-a5d5642bbd69')
|
|
def test_rbac_policy_show(self):
|
|
res = self._make_admin_snp_shared_to_project_id(
|
|
self.client.project_id)
|
|
p1 = res['rbac_policy']
|
|
p2 = self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool',
|
|
object_id=res['subnetpool']['id'],
|
|
action='access_as_shared',
|
|
target_tenant='*')['rbac_policy']
|
|
|
|
self.assertEqual(
|
|
p1, self.admin_client.show_rbac_policy(p1['id'])['rbac_policy'])
|
|
self.assertEqual(
|
|
p2, self.admin_client.show_rbac_policy(p2['id'])['rbac_policy'])
|
|
|
|
@decorators.idempotent_id('1c24c28c-eb1e-466e-af29-255cf127653a')
|
|
def test_filter_rbac_policies(self):
|
|
snp = self._create_subnetpool()
|
|
rbac_pol1 = self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.client2.project_id)['rbac_policy']
|
|
rbac_pol2 = self.admin_client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.admin_client.project_id)['rbac_policy']
|
|
res1 = self.admin_client.list_rbac_policies(id=rbac_pol1['id'])[
|
|
'rbac_policies']
|
|
res2 = self.admin_client.list_rbac_policies(id=rbac_pol2['id'])[
|
|
'rbac_policies']
|
|
self.assertEqual(1, len(res1))
|
|
self.assertEqual(1, len(res2))
|
|
self.assertEqual(rbac_pol1['id'], res1[0]['id'])
|
|
self.assertEqual(rbac_pol2['id'], res2[0]['id'])
|
|
|
|
@decorators.idempotent_id('63d9acbe-403c-4e77-9ffd-80e636a4621e')
|
|
def test_regular_client_blocked_from_sharing_anothers_policy(self):
|
|
snp = self._make_admin_snp_shared_to_project_id(
|
|
self.client.project_id)['subnetpool']
|
|
with testtools.ExpectedException(lib_exc.BadRequest):
|
|
self.client.create_rbac_policy(
|
|
object_type='subnetpool', object_id=snp['id'],
|
|
action='access_as_shared',
|
|
target_tenant=self.client2.project_id)
|
|
|
|
# make sure the rbac-policy is invisible to the tenant for which it's
|
|
# being shared
|
|
self.assertFalse(self.client.list_rbac_policies()['rbac_policies'])
|