Update service client access in tempest tests
All the load balancer service clients are registered via the plugin interface[1],
that way Tempest register and create the lazy initialization of registered clients
so that they can be access from there in consistent way.
But octavia-tempest-client create a separate instance of those and access instead of
accessing the registered service client in Tempest. This commit makes all the service clients
access from Tempest registry and remove the separate objects.
[1] cac3eefc44/octavia_tempest_plugin/plugin.py (L54)
Change-Id: Ie24909b49baf2c6a886e2ff711e641e36ffe6b50
This commit is contained in:
Michael Johnson
parent
cac3eefc44
commit
29d8e61ca2
@ -1,90 +0,0 @@
|
||||
# Copyright 2017 GoDaddy
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
from tempest import clients
|
||||
from tempest import config
|
||||
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
amphora_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
availability_zone_capabilities_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
availability_zone_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
availability_zone_profile_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
flavor_capabilities_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
flavor_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
flavor_profile_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
healthmonitor_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
l7policy_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
l7rule_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
listener_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
loadbalancer_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
member_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
pool_client)
|
||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||
provider_client)
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class ManagerV2(clients.Manager):
|
||||
|
||||
def __init__(self, credentials):
|
||||
super(ManagerV2, self).__init__(credentials)
|
||||
|
||||
params = dict(self.default_params)
|
||||
params.update({
|
||||
'auth_provider': self.auth_provider,
|
||||
'service': CONF.load_balancer.catalog_type,
|
||||
'region': CONF.load_balancer.region or CONF.identity.region,
|
||||
'endpoint_type': CONF.load_balancer.endpoint_type,
|
||||
'build_interval': CONF.load_balancer.build_interval,
|
||||
'build_timeout': CONF.load_balancer.build_timeout
|
||||
})
|
||||
|
||||
self.loadbalancer_client = loadbalancer_client.LoadbalancerClient(
|
||||
**params)
|
||||
self.listener_client = listener_client.ListenerClient(**params)
|
||||
self.pool_client = pool_client.PoolClient(**params)
|
||||
self.member_client = member_client.MemberClient(**params)
|
||||
self.healthmonitor_client = healthmonitor_client.HealthMonitorClient(
|
||||
**params)
|
||||
self.l7policy_client = l7policy_client.L7PolicyClient(**params)
|
||||
self.l7rule_client = l7rule_client.L7RuleClient(**params)
|
||||
self.amphora_client = amphora_client.AmphoraClient(**params)
|
||||
self.flavor_profile_client = flavor_profile_client.FlavorProfileClient(
|
||||
**params)
|
||||
self.flavor_client = flavor_client.FlavorClient(**params)
|
||||
self.provider_client = provider_client.ProviderClient(**params)
|
||||
self.flavor_capabilities_client = (
|
||||
flavor_capabilities_client.FlavorCapabilitiesClient(**params))
|
||||
self.availability_zone_capabilities_client = (
|
||||
availability_zone_capabilities_client
|
||||
.AvailabilityZoneCapabilitiesClient(**params))
|
||||
self.availability_zone_profile_client = (
|
||||
availability_zone_profile_client.AvailabilityZoneProfileClient(
|
||||
**params))
|
||||
self.availability_zone_client = (
|
||||
availability_zone_client.AvailabilityZoneClient(**params))
|
||||
@ -19,6 +19,7 @@ from tempest import config
|
||||
from tempest.test_discover import plugins
|
||||
|
||||
from octavia_tempest_plugin import config as project_config
|
||||
from octavia_tempest_plugin.services.load_balancer import v2 as lb_v2_services
|
||||
|
||||
|
||||
class OctaviaTempestPlugin(plugins.TempestPlugin):
|
||||
@ -57,10 +58,10 @@ class OctaviaTempestPlugin(plugins.TempestPlugin):
|
||||
)
|
||||
|
||||
params = {
|
||||
'name': 'load-balancer_v2',
|
||||
'name': 'load_balancer_v2',
|
||||
'service_version': 'load-balancer.v2',
|
||||
'module_path': 'octavia_tempest_plugin.services.load_balancer.v2',
|
||||
'client_names': ['LoadbalancerClient'],
|
||||
'client_names': lb_v2_services.__all__,
|
||||
}
|
||||
params.update(octavia_config)
|
||||
|
||||
|
||||
@ -12,6 +12,35 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from .amphora_client import AmphoraClient
|
||||
from .availability_zone_capabilities_client import (
|
||||
AvailabilityZoneCapabilitiesClient)
|
||||
from .availability_zone_client import AvailabilityZoneClient
|
||||
from .availability_zone_profile_client import AvailabilityZoneProfileClient
|
||||
from .flavor_capabilities_client import FlavorCapabilitiesClient
|
||||
from .flavor_client import FlavorClient
|
||||
from .flavor_profile_client import FlavorProfileClient
|
||||
from .healthmonitor_client import HealthMonitorClient
|
||||
from .l7policy_client import L7PolicyClient
|
||||
from .l7rule_client import L7RuleClient
|
||||
from .listener_client import ListenerClient
|
||||
from .loadbalancer_client import LoadbalancerClient
|
||||
from .member_client import MemberClient
|
||||
from .pool_client import PoolClient
|
||||
from .provider_client import ProviderClient
|
||||
|
||||
__all__ = ['LoadbalancerClient']
|
||||
__all__ = ['LoadbalancerClient',
|
||||
'ListenerClient',
|
||||
'PoolClient',
|
||||
'MemberClient',
|
||||
'HealthMonitorClient',
|
||||
'L7PolicyClient',
|
||||
'L7RuleClient',
|
||||
'FlavorClient',
|
||||
'FlavorProfileClient',
|
||||
'FlavorCapabilitiesClient',
|
||||
'AmphoraClient',
|
||||
'ProviderClient',
|
||||
'AvailabilityZoneClient',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'AvailabilityZoneCapabilitiesClient']
|
||||
|
||||
@ -28,12 +28,20 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
class RBACTestsMixin(test.BaseTestCase):
|
||||
|
||||
def _get_client_method(self, cred_obj, client_str, method_str):
|
||||
"""Get requested method from registered clients in Tempest."""
|
||||
lb_clients = getattr(cred_obj, 'load_balancer_v2')
|
||||
client = getattr(lb_clients, client_str)
|
||||
client_obj = client()
|
||||
method = getattr(client_obj, method_str)
|
||||
return method
|
||||
|
||||
def _check_allowed(self, client_str, method_str, allowed_list,
|
||||
*args, **kwargs):
|
||||
"""Test an API call allowed RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param allowed_list: The list of credentials expected to be
|
||||
@ -62,8 +70,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
'testing was not created by tempest '
|
||||
'credentials setup. This is likely a bug in the '
|
||||
'test.'.format(cred))
|
||||
client = getattr(cred_obj, client_str)
|
||||
method = getattr(client, method_str)
|
||||
method = self._get_client_method(cred_obj, client_str, method_str)
|
||||
try:
|
||||
method(*args, **kwargs)
|
||||
except exceptions.Forbidden as e:
|
||||
@ -76,7 +83,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API call disallowed RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param allowed_list: The list of credentials expected to be
|
||||
@ -98,8 +105,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
set(allowed_list))
|
||||
for cred in expected_disallowed:
|
||||
cred_obj = getattr(self, cred)
|
||||
client = getattr(cred_obj, client_str)
|
||||
method = getattr(client, method_str)
|
||||
method = self._get_client_method(cred_obj, client_str, method_str)
|
||||
|
||||
# Unfortunately tempest uses testtools assertRaises[1] which means
|
||||
# we cannot use the unittest assertRaises context[2] with msg= to
|
||||
@ -133,7 +139,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -173,7 +179,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API show call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -195,7 +201,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API list call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -218,7 +224,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API create/update/delete call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -259,7 +265,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API create call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -286,7 +292,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API delete call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -313,7 +319,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
"""Test an API update call RBAC enforcement.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -347,7 +353,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
will validate that only the expected count of results are returned.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -391,8 +397,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
'testing was not created by tempest '
|
||||
'credentials setup. This is likely a bug in the '
|
||||
'test.'.format(cred))
|
||||
client = getattr(cred_obj, client_str)
|
||||
method = getattr(client, method_str)
|
||||
method = self._get_client_method(cred_obj, client_str, method_str)
|
||||
try:
|
||||
result = method(*args, **kwargs)
|
||||
except exceptions.Forbidden as e:
|
||||
@ -416,7 +421,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
will validate that the expected object Ids in included in the results.
|
||||
|
||||
:param client_str: The service client to use for the test, without the
|
||||
credential. Example: 'amphora_client'
|
||||
credential. Example: 'AmphoraClient'
|
||||
:param method_str: The method on the client to call for the test.
|
||||
Example: 'list_amphorae'
|
||||
:param expected_allowed: The list of credentials expected to be
|
||||
@ -460,8 +465,7 @@ class RBACTestsMixin(test.BaseTestCase):
|
||||
'testing was not created by tempest '
|
||||
'credentials setup. This is likely a bug in the '
|
||||
'test.'.format(cred))
|
||||
client = getattr(cred_obj, client_str)
|
||||
method = getattr(client, method_str)
|
||||
method = self._get_client_method(cred_obj, client_str, method_str)
|
||||
try:
|
||||
result = method(*args, **kwargs)
|
||||
except exceptions.Forbidden as e:
|
||||
|
||||
@ -183,6 +183,7 @@ class ActiveStandbyScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
* Sends traffic through the load balancer
|
||||
* Validates that the Backup has assumed the Master role
|
||||
"""
|
||||
amphora_client = self.os_admin.load_balancer_v2.AmphoraClient()
|
||||
# We have to do this here as the api_version and clients are not
|
||||
# setup in time to use a decorator or the skip_checks mixin
|
||||
if not self.mem_listener_client.is_version_supported(
|
||||
@ -197,7 +198,7 @@ class ActiveStandbyScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
self.check_members_balanced(self.lb_vip_address)
|
||||
|
||||
# Get the amphorae associated with this load balancer
|
||||
amphorae = self.os_admin.amphora_client.list_amphorae(
|
||||
amphorae = amphora_client.list_amphorae(
|
||||
query_params='{loadbalancer_id}={lb_id}'.format(
|
||||
loadbalancer_id=const.LOADBALANCER_ID,
|
||||
lb_id=self.lb_id))
|
||||
@ -216,7 +217,7 @@ class ActiveStandbyScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
start = int(time.time())
|
||||
while True:
|
||||
for amp in amphorae:
|
||||
amphora_stats = self.os_admin.amphora_client.get_amphora_stats(
|
||||
amphora_stats = amphora_client.get_amphora_stats(
|
||||
amp[const.ID])
|
||||
for listener in amphora_stats:
|
||||
if listener[const.TOTAL_CONNECTIONS] > 0:
|
||||
@ -243,7 +244,7 @@ class ActiveStandbyScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
else:
|
||||
backup_amp = amp
|
||||
self.assertIsNotNone(backup_amp)
|
||||
amphora_stats = self.os_admin.amphora_client.get_amphora_stats(
|
||||
amphora_stats = amphora_client.get_amphora_stats(
|
||||
backup_amp[const.ID])
|
||||
for listener in amphora_stats:
|
||||
self.assertEqual(0, listener[const.TOTAL_CONNECTIONS])
|
||||
@ -265,7 +266,7 @@ class ActiveStandbyScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
time.sleep(1)
|
||||
|
||||
# Check that the Backup amphora is now Master
|
||||
amphora_stats = self.os_admin.amphora_client.get_amphora_stats(
|
||||
amphora_stats = amphora_client.get_amphora_stats(
|
||||
backup_amp[const.ID])
|
||||
connections = 0
|
||||
for listener in amphora_stats:
|
||||
|
||||
@ -99,7 +99,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'amphora_client', 'list_amphorae', expected_allowed)
|
||||
'AmphoraClient', 'list_amphorae', expected_allowed)
|
||||
|
||||
# Get an actual list of the amphorae
|
||||
amphorae = self.lb_admin_amphora_client.list_amphorae()
|
||||
@ -119,7 +119,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
||||
# Test RBAC for show amphora
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'amphora_client', 'show_amphora', expected_allowed,
|
||||
'AmphoraClient', 'show_amphora', expected_allowed,
|
||||
amphora_id=amphorae[0][const.ID])
|
||||
|
||||
show_amphora_response_fields = const.SHOW_AMPHORA_RESPONSE_FIELDS
|
||||
@ -187,7 +187,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'amphora_client', 'update_amphora_config', expected_allowed,
|
||||
'AmphoraClient', 'update_amphora_config', expected_allowed,
|
||||
None, None, amphora_1[const.ID])
|
||||
|
||||
self.lb_admin_amphora_client.update_amphora_config(amphora_1[const.ID])
|
||||
@ -222,7 +222,7 @@ class AmphoraAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'amphora_client', 'amphora_failover', expected_allowed,
|
||||
'AmphoraClient', 'amphora_failover', expected_allowed,
|
||||
None, None, amphora_1[const.ID])
|
||||
|
||||
self.lb_admin_amphora_client.amphora_failover(amphora_1[const.ID])
|
||||
|
||||
@ -114,7 +114,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'availability_zone_client', 'create_availability_zone',
|
||||
'AvailabilityZoneClient', 'create_availability_zone',
|
||||
expected_allowed, **availability_zone_kwargs)
|
||||
|
||||
# Happy path
|
||||
@ -243,7 +243,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'availability_zone_client', 'list_availability_zones',
|
||||
'AvailabilityZoneClient', 'list_availability_zones',
|
||||
expected_allowed)
|
||||
|
||||
# Check the default sort order (by ID)
|
||||
@ -396,7 +396,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'availability_zone_client', 'show_availability_zone',
|
||||
'AvailabilityZoneClient', 'show_availability_zone',
|
||||
expected_allowed, availability_zone[const.NAME])
|
||||
|
||||
result = self.mem_availability_zone_client.show_availability_zone(
|
||||
@ -463,7 +463,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'availability_zone_client', 'update_availability_zone',
|
||||
'AvailabilityZoneClient', 'update_availability_zone',
|
||||
expected_allowed, None, None, availability_zone[const.NAME],
|
||||
**availability_zone_updated_kwargs)
|
||||
|
||||
@ -540,7 +540,7 @@ class AvailabilityZoneAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'availability_zone_client', 'delete_availability_zone',
|
||||
'AvailabilityZoneClient', 'delete_availability_zone',
|
||||
expected_allowed, None, None, availability_zone[const.NAME])
|
||||
|
||||
# Happy path
|
||||
|
||||
@ -53,7 +53,7 @@ class AvailabilityZoneCapabilitiesAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'availability_zone_capabilities_client',
|
||||
'AvailabilityZoneCapabilitiesClient',
|
||||
'list_availability_zone_capabilities', expected_allowed,
|
||||
CONF.load_balancer.provider)
|
||||
|
||||
|
||||
@ -85,7 +85,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'availability_zone_profile_client',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'create_availability_zone_profile',
|
||||
expected_allowed, **availability_zone_profile_kwargs)
|
||||
|
||||
@ -240,7 +240,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'availability_zone_profile_client',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'list_availability_zone_profiles', expected_allowed)
|
||||
|
||||
# Check the default sort order (by ID)
|
||||
@ -401,7 +401,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'availability_zone_profile_client',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'show_availability_zone_profile', expected_allowed,
|
||||
availability_zone_profile[const.ID])
|
||||
|
||||
@ -503,7 +503,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'availability_zone_profile_client',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'update_availability_zone_profile', expected_allowed,
|
||||
None, None, availability_zone_profile[const.ID],
|
||||
**availability_zone_profile_updated_kwargs)
|
||||
@ -585,7 +585,7 @@ class AvailabilityZoneProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'availability_zone_profile_client',
|
||||
'AvailabilityZoneProfileClient',
|
||||
'delete_availability_zone_profile', expected_allowed,
|
||||
None, None, availability_zone_profile[const.ID])
|
||||
|
||||
|
||||
@ -97,7 +97,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'flavor_client', 'create_flavor',
|
||||
'FlavorClient', 'create_flavor',
|
||||
expected_allowed, None, None, **flavor_kwargs)
|
||||
|
||||
# Happy path
|
||||
@ -209,7 +209,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'flavor_client', 'list_flavors', expected_allowed)
|
||||
'FlavorClient', 'list_flavors', expected_allowed)
|
||||
|
||||
# Check the default sort order (by ID)
|
||||
flavors = self.mem_flavor_client.list_flavors()
|
||||
@ -337,7 +337,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'flavor_client', 'show_flavor', expected_allowed,
|
||||
'FlavorClient', 'show_flavor', expected_allowed,
|
||||
flavor[const.ID])
|
||||
|
||||
result = self.mem_flavor_client.show_flavor(flavor[const.ID])
|
||||
@ -399,7 +399,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'flavor_client', 'update_flavor', expected_allowed, None, None,
|
||||
'FlavorClient', 'update_flavor', expected_allowed, None, None,
|
||||
flavor[const.ID], **flavor_updated_kwargs)
|
||||
|
||||
updated_flavor = self.lb_admin_flavor_client.update_flavor(
|
||||
@ -463,7 +463,7 @@ class FlavorAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'flavor_client', 'delete_flavor', expected_allowed,
|
||||
'FlavorClient', 'delete_flavor', expected_allowed,
|
||||
None, None, flavor[const.ID])
|
||||
|
||||
# Happy path
|
||||
|
||||
@ -51,7 +51,7 @@ class FlavorCapabilitiesAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'flavor_capabilities_client',
|
||||
'FlavorCapabilitiesClient',
|
||||
'list_flavor_capabilities', expected_allowed,
|
||||
CONF.load_balancer.provider)
|
||||
|
||||
|
||||
@ -69,7 +69,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'flavor_profile_client', 'create_flavor_profile',
|
||||
'FlavorProfileClient', 'create_flavor_profile',
|
||||
expected_allowed, None, None, **flavor_profile_kwargs)
|
||||
|
||||
# Happy path
|
||||
@ -189,7 +189,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'flavor_profile_client', 'list_flavor_profiles',
|
||||
'FlavorProfileClient', 'list_flavor_profiles',
|
||||
expected_allowed)
|
||||
|
||||
# Check the default sort order (by ID)
|
||||
@ -318,7 +318,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'flavor_profile_client', 'show_flavor_profile',
|
||||
'FlavorProfileClient', 'show_flavor_profile',
|
||||
expected_allowed, flavor_profile[const.ID])
|
||||
|
||||
result = (
|
||||
@ -396,7 +396,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'flavor_profile_client', 'update_flavor_profile',
|
||||
'FlavorProfileClient', 'update_flavor_profile',
|
||||
expected_allowed, None, None, flavor_profile[const.ID],
|
||||
**flavor_profile_updated_kwargs)
|
||||
|
||||
@ -463,7 +463,7 @@ class FlavorProfileAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'flavor_profile_client', 'delete_flavor_profile',
|
||||
'FlavorProfileClient', 'delete_flavor_profile',
|
||||
expected_allowed, None, None, flavor_profile[const.ID])
|
||||
|
||||
# Happy path
|
||||
|
||||
@ -288,7 +288,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'healthmonitor_client', 'create_healthmonitor',
|
||||
'HealthMonitorClient', 'create_healthmonitor',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **hm_kwargs)
|
||||
@ -731,7 +731,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement_count(
|
||||
'healthmonitor_client', 'list_healthmonitors',
|
||||
'HealthMonitorClient', 'list_healthmonitors',
|
||||
expected_allowed, 0)
|
||||
|
||||
# Test credentials that should see these healthmonitors can see them.
|
||||
@ -747,7 +747,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'healthmonitor_client', 'list_healthmonitors',
|
||||
'HealthMonitorClient', 'list_healthmonitors',
|
||||
expected_allowed, test_ids)
|
||||
|
||||
# Test that users without the lb member role cannot list healthmonitors
|
||||
@ -774,7 +774,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'healthmonitor_client', 'list_healthmonitors',
|
||||
'HealthMonitorClient', 'list_healthmonitors',
|
||||
expected_allowed)
|
||||
|
||||
# Check the default sort order, created_at
|
||||
@ -1202,7 +1202,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'healthmonitor_client', 'show_healthmonitor',
|
||||
'HealthMonitorClient', 'show_healthmonitor',
|
||||
expected_allowed, hm[const.ID])
|
||||
|
||||
@decorators.idempotent_id('2417164b-ec03-4488-afd2-60b096dc0077')
|
||||
@ -1481,7 +1481,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'healthmonitor_client', 'update_healthmonitor',
|
||||
'HealthMonitorClient', 'update_healthmonitor',
|
||||
expected_allowed, None, None, hm[const.ID],
|
||||
admin_state_up=True)
|
||||
|
||||
@ -1784,7 +1784,7 @@ class HealthMonitorAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'healthmonitor_client', 'delete_healthmonitor',
|
||||
'HealthMonitorClient', 'delete_healthmonitor',
|
||||
expected_allowed, None, None, hm[const.ID])
|
||||
|
||||
self.mem_healthmonitor_client.delete_healthmonitor(hm[const.ID])
|
||||
|
||||
@ -145,7 +145,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'l7policy_client', 'create_l7policy',
|
||||
'L7PolicyClient', 'create_l7policy',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **l7policy_kwargs)
|
||||
@ -372,7 +372,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement_count(
|
||||
'l7policy_client', 'list_l7policies',
|
||||
'L7PolicyClient', 'list_l7policies',
|
||||
expected_allowed, 0)
|
||||
|
||||
# Test credentials that should see these l7policies can see them.
|
||||
@ -388,7 +388,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'l7policy_client', 'list_l7policies',
|
||||
'L7PolicyClient', 'list_l7policies',
|
||||
expected_allowed, test_ids,
|
||||
query_params='listener_id={listener_id}'.format(
|
||||
listener_id=listener_id))
|
||||
@ -417,7 +417,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'l7policy_client', 'list_l7policies',
|
||||
'L7PolicyClient', 'list_l7policies',
|
||||
expected_allowed)
|
||||
|
||||
# Check the default sort order, created_at
|
||||
@ -661,7 +661,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'l7policy_client', 'show_l7policy',
|
||||
'L7PolicyClient', 'show_l7policy',
|
||||
expected_allowed, l7policy[const.ID])
|
||||
|
||||
@decorators.idempotent_id('08f73b22-550b-4e5a-b3d6-2ec03251ca13')
|
||||
@ -767,7 +767,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'l7policy_client', 'update_l7policy',
|
||||
'L7PolicyClient', 'update_l7policy',
|
||||
expected_allowed, None, None, l7policy[const.ID],
|
||||
admin_state_up=True)
|
||||
|
||||
@ -878,7 +878,7 @@ class L7PolicyAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'l7policy_client', 'delete_l7policy',
|
||||
'L7PolicyClient', 'delete_l7policy',
|
||||
expected_allowed, None, None, l7policy[const.ID])
|
||||
|
||||
self.mem_l7policy_client.delete_l7policy(l7policy[const.ID])
|
||||
|
||||
@ -153,7 +153,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'l7rule_client', 'create_l7rule',
|
||||
'L7RuleClient', 'create_l7rule',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **l7rule_kwargs)
|
||||
@ -365,7 +365,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'l7rule_client', 'list_l7rules', expected_allowed, test_ids,
|
||||
'L7RuleClient', 'list_l7rules', expected_allowed, test_ids,
|
||||
l7policy_id)
|
||||
|
||||
# Test that users without the lb member role cannot list L7 rules.
|
||||
@ -389,7 +389,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'l7rule_client', 'list_l7rules', expected_allowed, l7policy_id)
|
||||
'L7RuleClient', 'list_l7rules', expected_allowed, l7policy_id)
|
||||
|
||||
# Check the default sort order, created_at
|
||||
l7rules = self.mem_l7rule_client.list_l7rules(l7policy_id)
|
||||
@ -575,7 +575,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'l7rule_client', 'show_l7rule',
|
||||
'L7RuleClient', 'show_l7rule',
|
||||
expected_allowed, l7rule[const.ID],
|
||||
l7policy_id=self.l7policy_id)
|
||||
|
||||
@ -660,7 +660,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'l7rule_client', 'update_l7rule',
|
||||
'L7RuleClient', 'update_l7rule',
|
||||
expected_allowed, None, None, l7rule[const.ID],
|
||||
l7policy_id=self.l7policy_id, admin_state_up=True)
|
||||
|
||||
@ -762,7 +762,7 @@ class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'l7rule_client', 'delete_l7rule',
|
||||
'L7RuleClient', 'delete_l7rule',
|
||||
expected_allowed, None, None, l7rule[const.ID],
|
||||
l7policy_id=self.l7policy_id)
|
||||
|
||||
|
||||
@ -59,6 +59,14 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
if CONF.load_balancer.test_with_ipv6:
|
||||
cls.allowed_cidrs = ['2001:db8:a0b:12f0::/64']
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
"""Setup client aliases."""
|
||||
super(ListenerAPITest, cls).setup_clients()
|
||||
cls.listener_client = cls.os_primary.load_balancer_v2.ListenerClient()
|
||||
cls.member2_listener_client = (
|
||||
cls.os_roles_lb_member2.load_balancer_v2.ListenerClient())
|
||||
|
||||
@decorators.idempotent_id('88d0ec83-7b08-48d9-96e2-0df1d2f8cd98')
|
||||
def test_http_listener_create(self):
|
||||
self._test_listener_create(const.HTTP, 8000)
|
||||
@ -156,7 +164,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'listener_client', 'create_listener',
|
||||
'ListenerClient', 'create_listener',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **listener_kwargs)
|
||||
@ -545,7 +553,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement_count(
|
||||
'listener_client', 'list_listeners', expected_allowed, 0,
|
||||
'ListenerClient', 'list_listeners', expected_allowed, 0,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
# Test credentials that should see these listeners can see them.
|
||||
@ -561,7 +569,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'listener_client', 'list_listeners', expected_allowed,
|
||||
'ListenerClient', 'list_listeners', expected_allowed,
|
||||
test_ids,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
@ -589,7 +597,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'listener_client', 'list_listeners', expected_allowed,
|
||||
'ListenerClient', 'list_listeners', expected_allowed,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
# Check the default sort order, created_at
|
||||
@ -864,7 +872,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'listener_client', 'show_listener',
|
||||
'ListenerClient', 'show_listener',
|
||||
expected_allowed, listener[const.ID])
|
||||
|
||||
@decorators.idempotent_id('aaae0298-5778-4c7e-a27a-01549a71b319')
|
||||
@ -996,7 +1004,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
self.assertRaises(
|
||||
exceptions.Forbidden,
|
||||
self.os_primary.listener_client.update_listener,
|
||||
self.listener_client.update_listener,
|
||||
listener[const.ID], admin_state_up=True)
|
||||
|
||||
# Assert we didn't go into PENDING_*
|
||||
@ -1009,7 +1017,7 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
# Test that a user, without the load balancer member role, cannot
|
||||
# update this listener
|
||||
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||
member2_client = self.os_roles_lb_member2.listener_client
|
||||
member2_client = self.member2_listener_client
|
||||
self.assertRaises(exceptions.Forbidden,
|
||||
member2_client.update_listener,
|
||||
listener[const.ID], admin_state_up=True)
|
||||
@ -1180,13 +1188,13 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
self.assertRaises(
|
||||
exceptions.Forbidden,
|
||||
self.os_primary.listener_client.delete_listener,
|
||||
self.listener_client.delete_listener,
|
||||
listener[const.ID])
|
||||
|
||||
# Test that a different user, with the load balancer member role
|
||||
# cannot delete this listener
|
||||
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||
member2_client = self.os_roles_lb_member2.listener_client
|
||||
member2_client = self.member2_listener_client
|
||||
self.assertRaises(exceptions.Forbidden,
|
||||
member2_client.delete_listener,
|
||||
listener[const.ID])
|
||||
@ -1279,13 +1287,13 @@ class ListenerAPITest(test_base.LoadBalancerBaseTest):
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
self.assertRaises(
|
||||
exceptions.Forbidden,
|
||||
self.os_primary.listener_client.get_listener_stats,
|
||||
self.listener_client.get_listener_stats,
|
||||
listener[const.ID])
|
||||
|
||||
# Test that a different user, with the load balancer role, cannot see
|
||||
# the listener stats
|
||||
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||
member2_client = self.os_roles_lb_member2.listener_client
|
||||
member2_client = self.member2_listener_client
|
||||
self.assertRaises(exceptions.Forbidden,
|
||||
member2_client.get_listener_stats,
|
||||
listener[const.ID])
|
||||
|
||||
@ -96,7 +96,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'loadbalancer_client', 'create_loadbalancer',
|
||||
'LoadbalancerClient', 'create_loadbalancer',
|
||||
expected_allowed, None, None, **lb_kwargs_with_project_id)
|
||||
|
||||
lb = self.mem_lb_client.create_loadbalancer(**lb_kwargs)
|
||||
@ -199,7 +199,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'loadbalancer_client', 'delete_loadbalancer',
|
||||
'LoadbalancerClient', 'delete_loadbalancer',
|
||||
expected_allowed, None, None, lb[const.ID])
|
||||
|
||||
self.mem_lb_client.delete_loadbalancer(lb[const.ID])
|
||||
@ -248,7 +248,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'loadbalancer_client', 'delete_loadbalancer',
|
||||
'LoadbalancerClient', 'delete_loadbalancer',
|
||||
expected_allowed, None, None, lb[const.ID], cascade=True)
|
||||
|
||||
self.mem_lb_client.delete_loadbalancer(lb[const.ID], cascade=True)
|
||||
@ -425,7 +425,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement_count(
|
||||
'loadbalancer_client', 'list_loadbalancers',
|
||||
'LoadbalancerClient', 'list_loadbalancers',
|
||||
expected_allowed, 0)
|
||||
|
||||
# Test credentials that should see these load balancers can see them.
|
||||
@ -441,7 +441,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'loadbalancer_client', 'list_loadbalancers',
|
||||
'LoadbalancerClient', 'list_loadbalancers',
|
||||
expected_allowed, test_ids)
|
||||
|
||||
# Test that users without the lb member role cannot list load balancers
|
||||
@ -468,7 +468,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'loadbalancer_client', 'list_loadbalancers', expected_allowed)
|
||||
'LoadbalancerClient', 'list_loadbalancers', expected_allowed)
|
||||
|
||||
# Check the default sort order, created_at
|
||||
lbs = self.mem_lb_client.list_loadbalancers()
|
||||
@ -644,7 +644,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'loadbalancer_client', 'show_loadbalancer',
|
||||
'LoadbalancerClient', 'show_loadbalancer',
|
||||
expected_allowed, lb[const.ID])
|
||||
|
||||
# Attempt to clean up so that one full test run doesn't start 10+
|
||||
@ -745,7 +745,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'loadbalancer_client', 'update_loadbalancer',
|
||||
'LoadbalancerClient', 'update_loadbalancer',
|
||||
expected_allowed, None, None, lb[const.ID],
|
||||
admin_state_up=True)
|
||||
|
||||
@ -840,7 +840,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'loadbalancer_client', 'get_loadbalancer_stats',
|
||||
'LoadbalancerClient', 'get_loadbalancer_stats',
|
||||
expected_allowed, lb[const.ID])
|
||||
|
||||
stats = self.mem_lb_client.get_loadbalancer_stats(lb[const.ID])
|
||||
@ -911,7 +911,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'loadbalancer_client', 'get_loadbalancer_status',
|
||||
'LoadbalancerClient', 'get_loadbalancer_status',
|
||||
expected_allowed, lb[const.ID])
|
||||
|
||||
status = self.mem_lb_client.get_loadbalancer_status(lb[const.ID])
|
||||
@ -983,7 +983,7 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_system_admin', 'os_roles_lb_admin']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'loadbalancer_client', 'failover_loadbalancer',
|
||||
'LoadbalancerClient', 'failover_loadbalancer',
|
||||
expected_allowed, None, None, lb[const.ID])
|
||||
|
||||
# Assert we didn't go into PENDING_*
|
||||
@ -995,8 +995,9 @@ class LoadBalancerAPITest(test_base.LoadBalancerBaseTest):
|
||||
query_params='{loadbalancer_id}={lb_id}'.format(
|
||||
loadbalancer_id=const.LOADBALANCER_ID, lb_id=lb[const.ID]))
|
||||
|
||||
self.os_roles_lb_admin.loadbalancer_client.failover_loadbalancer(
|
||||
lb[const.ID])
|
||||
admin_lb_client = (
|
||||
self.os_roles_lb_admin.load_balancer_v2.LoadbalancerClient())
|
||||
admin_lb_client.failover_loadbalancer(lb[const.ID])
|
||||
|
||||
lb = waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||
lb[const.ID], const.PROVISIONING_STATUS,
|
||||
|
||||
@ -887,9 +887,10 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
# Test that a user without the load balancer role cannot
|
||||
# create a member
|
||||
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||
member_client = self.os_primary.load_balancer_v2.MemberClient()
|
||||
self.assertRaises(
|
||||
exceptions.Forbidden,
|
||||
self.os_primary.member_client.create_member,
|
||||
member_client.create_member,
|
||||
**member_kwargs)
|
||||
|
||||
# Test that a user without the loadbalancer role cannot
|
||||
@ -905,7 +906,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'member_client', 'create_member',
|
||||
'MemberClient', 'create_member',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **member_kwargs)
|
||||
@ -1238,7 +1239,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'member_client', 'list_members', expected_allowed,
|
||||
'MemberClient', 'list_members', expected_allowed,
|
||||
test_ids, pool_id)
|
||||
|
||||
# Test that users without the lb member role cannot list members
|
||||
@ -1261,7 +1262,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'member_client', 'list_members', expected_allowed, pool_id)
|
||||
'MemberClient', 'list_members', expected_allowed, pool_id)
|
||||
|
||||
# Check the default sort order, created_at
|
||||
members = self.mem_member_client.list_members(pool_id)
|
||||
@ -1802,7 +1803,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'member_client', 'show_member',
|
||||
'MemberClient', 'show_member',
|
||||
expected_allowed, member[const.ID],
|
||||
pool_id=pool_id)
|
||||
|
||||
@ -2256,7 +2257,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'member_client', 'update_member',
|
||||
'MemberClient', 'update_member',
|
||||
expected_allowed, None, None, member[const.ID],
|
||||
pool_id=pool_id, admin_state_up=True)
|
||||
|
||||
@ -2714,7 +2715,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'member_client', 'update_members',
|
||||
'MemberClient', 'update_members',
|
||||
expected_allowed, None, None,
|
||||
pool_id=pool_id, members_list=batch_update_list)
|
||||
|
||||
@ -2959,7 +2960,7 @@ class MemberAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'member_client', 'delete_member',
|
||||
'MemberClient', 'delete_member',
|
||||
expected_allowed, None, None, member[const.ID],
|
||||
pool_id=pool_id)
|
||||
|
||||
|
||||
@ -414,7 +414,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_create_RBAC_enforcement(
|
||||
'pool_client', 'create_pool',
|
||||
'PoolClient', 'create_pool',
|
||||
expected_allowed,
|
||||
status_method=self.mem_lb_client.show_loadbalancer,
|
||||
obj_id=self.lb_id, **pool_kwargs)
|
||||
@ -762,7 +762,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
expected_allowed = ['os_roles_lb_observer', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement_count(
|
||||
'pool_client', 'list_pools', expected_allowed, 0,
|
||||
'PoolClient', 'list_pools', expected_allowed, 0,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
# Test credentials that should see these pools can see them.
|
||||
@ -778,7 +778,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_global_observer']
|
||||
if expected_allowed:
|
||||
self.check_list_IDs_RBAC_enforcement(
|
||||
'pool_client', 'list_pools', expected_allowed, test_ids,
|
||||
'PoolClient', 'list_pools', expected_allowed, test_ids,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
# Test that users without the lb member role cannot list pools.
|
||||
@ -805,7 +805,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'pool_client', 'list_pools', expected_allowed,
|
||||
'PoolClient', 'list_pools', expected_allowed,
|
||||
query_params='loadbalancer_id={lb_id}'.format(lb_id=lb_id))
|
||||
|
||||
# Check the default sort order, created_at
|
||||
@ -1138,7 +1138,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_show_RBAC_enforcement(
|
||||
'pool_client', 'show_pool',
|
||||
'PoolClient', 'show_pool',
|
||||
expected_allowed, pool[const.ID])
|
||||
|
||||
@decorators.idempotent_id('d73755fe-ba3a-4248-9543-8e167a5aa7f4')
|
||||
@ -1370,7 +1370,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_update_RBAC_enforcement(
|
||||
'pool_client', 'update_pool',
|
||||
'PoolClient', 'update_pool',
|
||||
expected_allowed, None, None, pool[const.ID],
|
||||
admin_state_up=True)
|
||||
|
||||
@ -1667,7 +1667,7 @@ class PoolAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member']
|
||||
if expected_allowed:
|
||||
self.check_delete_RBAC_enforcement(
|
||||
'pool_client', 'delete_pool',
|
||||
'PoolClient', 'delete_pool',
|
||||
expected_allowed, None, None, pool[const.ID])
|
||||
|
||||
self.mem_pool_client.delete_pool(pool[const.ID])
|
||||
|
||||
@ -60,7 +60,7 @@ class ProviderAPITest(test_base.LoadBalancerBaseTest):
|
||||
'os_roles_lb_member', 'os_roles_lb_member2']
|
||||
if expected_allowed:
|
||||
self.check_list_RBAC_enforcement(
|
||||
'provider_client', 'list_providers', expected_allowed)
|
||||
'ProviderClient', 'list_providers', expected_allowed)
|
||||
|
||||
providers = self.mem_provider_client.list_providers()
|
||||
|
||||
|
||||
@ -57,10 +57,10 @@ class SparePoolTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
* Send traffic through load balancer
|
||||
* Validate amphora spare pool size is restored
|
||||
"""
|
||||
|
||||
amphora_client = self.os_admin.load_balancer_v2.AmphoraClient()
|
||||
# Check there is at least one amphora in spare pool
|
||||
spare_amps = waiters.wait_for_spare_amps(
|
||||
self.os_admin.amphora_client.list_amphorae,
|
||||
amphora_client.list_amphorae,
|
||||
CONF.load_balancer.lb_build_interval,
|
||||
CONF.load_balancer.lb_build_timeout)
|
||||
|
||||
@ -100,7 +100,7 @@ class SparePoolTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
|
||||
# Confirm the spare pool has changed since last check
|
||||
spare_amps_2 = waiters.wait_for_spare_amps(
|
||||
self.os_admin.amphora_client.list_amphorae,
|
||||
amphora_client.list_amphorae,
|
||||
CONF.load_balancer.lb_build_interval,
|
||||
CONF.load_balancer.lb_build_timeout)
|
||||
self.assertNotEqual(spare_amps, spare_amps_2)
|
||||
@ -180,12 +180,12 @@ class SparePoolTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
|
||||
# Check there is at least one amphora in spare pool
|
||||
spare_amps = waiters.wait_for_spare_amps(
|
||||
self.os_admin.amphora_client.list_amphorae,
|
||||
amphora_client.list_amphorae,
|
||||
CONF.load_balancer.lb_build_interval,
|
||||
CONF.load_balancer.lb_build_timeout)
|
||||
|
||||
# Delete amphora compute instance
|
||||
amp = self.os_admin.amphora_client.list_amphorae(
|
||||
amp = amphora_client.list_amphorae(
|
||||
query_params='{loadbalancer_id}={lb_id}'.format(
|
||||
loadbalancer_id=const.LOADBALANCER_ID, lb_id=self.lb_id))
|
||||
|
||||
@ -211,12 +211,12 @@ class SparePoolTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||
|
||||
# Confirm the spare pool has changed since last check
|
||||
spare_amps_2 = waiters.wait_for_spare_amps(
|
||||
self.os_admin.amphora_client.list_amphorae,
|
||||
amphora_client.list_amphorae,
|
||||
CONF.load_balancer.lb_build_interval,
|
||||
CONF.load_balancer.lb_build_timeout)
|
||||
self.assertNotEqual(spare_amps, spare_amps_2)
|
||||
|
||||
# Check there is at least one amphora in spare pool
|
||||
waiters.wait_for_spare_amps(self.os_admin.amphora_client.list_amphorae,
|
||||
waiters.wait_for_spare_amps(amphora_client.list_amphorae,
|
||||
CONF.load_balancer.lb_build_interval,
|
||||
CONF.load_balancer.lb_build_timeout)
|
||||
|
||||
@ -30,7 +30,6 @@ from tempest.lib import exceptions
|
||||
from tempest import test
|
||||
import tenacity
|
||||
|
||||
from octavia_tempest_plugin import clients
|
||||
from octavia_tempest_plugin.common import cert_utils
|
||||
from octavia_tempest_plugin.common import constants as const
|
||||
from octavia_tempest_plugin.tests import RBAC_tests
|
||||
@ -89,7 +88,6 @@ class LoadBalancerBaseTest(validators.ValidatorsMixin,
|
||||
# Tests shall not mess with the list of allocated credentials
|
||||
allocated_credentials = tuple(allocated_creds)
|
||||
|
||||
client_manager = clients.ManagerV2
|
||||
webserver1_response = 1
|
||||
webserver2_response = 5
|
||||
used_ips = []
|
||||
@ -165,6 +163,7 @@ class LoadBalancerBaseTest(validators.ValidatorsMixin,
|
||||
def setup_clients(cls):
|
||||
"""Setup client aliases."""
|
||||
super(LoadBalancerBaseTest, cls).setup_clients()
|
||||
lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
|
||||
cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
|
||||
cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
|
||||
cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
|
||||
@ -175,33 +174,41 @@ class LoadBalancerBaseTest(validators.ValidatorsMixin,
|
||||
cls.os_roles_lb_member.security_group_rules_client)
|
||||
cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
|
||||
cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
|
||||
cls.mem_lb_client = cls.os_roles_lb_member.loadbalancer_client
|
||||
cls.mem_listener_client = cls.os_roles_lb_member.listener_client
|
||||
cls.mem_pool_client = cls.os_roles_lb_member.pool_client
|
||||
cls.mem_member_client = cls.os_roles_lb_member.member_client
|
||||
cls.mem_lb_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
|
||||
cls.mem_listener_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
|
||||
cls.mem_pool_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.PoolClient())
|
||||
cls.mem_member_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.MemberClient())
|
||||
cls.mem_healthmonitor_client = (
|
||||
cls.os_roles_lb_member.healthmonitor_client)
|
||||
cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
|
||||
cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
|
||||
cls.lb_admin_amphora_client = cls.os_roles_lb_admin.amphora_client
|
||||
cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
|
||||
cls.mem_l7policy_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
|
||||
cls.mem_l7rule_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
|
||||
cls.lb_admin_amphora_client = lb_admin_prefix.AmphoraClient()
|
||||
cls.lb_admin_flavor_profile_client = (
|
||||
cls.os_roles_lb_admin.flavor_profile_client)
|
||||
cls.lb_admin_flavor_client = cls.os_roles_lb_admin.flavor_client
|
||||
cls.mem_flavor_client = cls.os_roles_lb_member.flavor_client
|
||||
cls.mem_provider_client = cls.os_roles_lb_member.provider_client
|
||||
lb_admin_prefix.FlavorProfileClient())
|
||||
cls.lb_admin_flavor_client = lb_admin_prefix.FlavorClient()
|
||||
cls.mem_flavor_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
|
||||
cls.mem_provider_client = (
|
||||
cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
|
||||
cls.os_admin_servers_client = cls.os_admin.servers_client
|
||||
cls.os_admin_routers_client = cls.os_admin.routers_client
|
||||
cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
|
||||
cls.lb_admin_flavor_capabilities_client = (
|
||||
cls.os_roles_lb_admin.flavor_capabilities_client)
|
||||
lb_admin_prefix.FlavorCapabilitiesClient())
|
||||
cls.lb_admin_availability_zone_capabilities_client = (
|
||||
cls.os_roles_lb_admin.availability_zone_capabilities_client)
|
||||
lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
|
||||
cls.lb_admin_availability_zone_profile_client = (
|
||||
cls.os_roles_lb_admin.availability_zone_profile_client)
|
||||
lb_admin_prefix.AvailabilityZoneProfileClient())
|
||||
cls.lb_admin_availability_zone_client = (
|
||||
cls.os_roles_lb_admin.availability_zone_client)
|
||||
lb_admin_prefix.AvailabilityZoneClient())
|
||||
cls.mem_availability_zone_client = (
|
||||
cls.os_roles_lb_member.availability_zone_client)
|
||||
cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user