Rbac tests for Neutron list actions
Add RBAC tests for * list_routers [0] * list_subnetpools [1] * list_networks [2] * list_ports [3] * list_trunks [4] * list_address_scopes [5] * list_floatingips [6] * list_rbac_policies [8] * list_metering_labels [10] * list_metering_label_rules [11] * list_qos_policies [12] * list_dscp_marking_rules [13] * list_agents [14] * list_segments [15] Update RBAC tests to use validate_list function for: * list_subnets [7] * list_security_groups [9] [0] https://developer.openstack.org/api-ref/network/v2/index.html#list-routers [1] https://developer.openstack.org/api-ref/network/v2/index.html#list-subnet-pools [2] https://developer.openstack.org/api-ref/network/v2/index.html#list-networks [3] https://developer.openstack.org/api-ref/network/v2/index.html#list-ports [4] https://developer.openstack.org/api-ref/network/v2/index.html#list-trunks [5] https://developer.openstack.org/api-ref/network/v2/index.html#list-address-scopes [6] https://developer.openstack.org/api-ref/network/v2/index.html#list-floating-ips [7] https://developer.openstack.org/api-ref/network/v2/index.html#list-subnets [8] https://developer.openstack.org/api-ref/network/v2/index.html#list-rbac-policies [9] https://developer.openstack.org/api-ref/network/v2/index.html#list-security-groups [10] https://developer.openstack.org/api-ref/network/v2/index.html#list-metering-labels [11] https://developer.openstack.org/api-ref/network/v2/index.html#list-metering-label-rules [12] https://developer.openstack.org/api-ref/network/v2/index.html#list-qos-policies [13] https://developer.openstack.org/api-ref/network/v2/index.html#list-dscp-marking-rules-for-qos-policy [14] https://developer.openstack.org/api-ref/network/v2/index.html#list-all-agents [15] https://developer.openstack.org/api-ref/network/v2/index.html#list-segments Change-Id: I0dae01a3271efe6d3469718976c471416279e337
This commit is contained in:
parent
fe6ad6b44c
commit
0a824743b5
|
@ -137,3 +137,18 @@ class AddressScopeExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
address_scope = self._create_address_scope()
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_address_scope(address_scope['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_address_scope"])
|
||||
@decorators.idempotent_id('c093fd34-96ee-4abe-8fa5-916dc29653e3')
|
||||
def test_list_address_scopes(self):
|
||||
"""List Address Scopes
|
||||
|
||||
RBAC test for the neutron ``list_address_scopes`` function and
|
||||
the ``get_address_scope`` policy
|
||||
"""
|
||||
admin_resource_id = self._create_address_scope()['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_address_scopes(
|
||||
id=admin_resource_id)["address_scopes"]
|
||||
|
|
|
@ -65,6 +65,20 @@ class AgentsRbacTest(base.BaseNetworkRbacTest):
|
|||
self.agents_client.update_agent(agent_id=self.agent['id'],
|
||||
agent=agent_status)
|
||||
|
||||
@decorators.idempotent_id('f7a085e2-71b1-4d39-be3e-fea4bc10ccb8')
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_agent"])
|
||||
def test_list_agents(self):
|
||||
"""List agents test.
|
||||
|
||||
RBAC test for the neutron ``list_agents`` function and
|
||||
the ``get_agent`` policy
|
||||
"""
|
||||
admin_resource_id = self.agent['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.agents_client.list_agents(
|
||||
id=admin_resource_id)["agents"]
|
||||
|
||||
|
||||
class L3AgentSchedulerRbacTest(base.BaseNetworkRbacTest):
|
||||
|
||||
|
|
|
@ -104,3 +104,18 @@ class DscpMarkingRuleExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_dscp_marking_rule(self.policy_id, rule_id)
|
||||
|
||||
@decorators.idempotent_id('c012fd4f-3a3e-4af4-9075-dd3e170daecd')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_policy_dscp_marking_rule"])
|
||||
def test_list_policy_dscp_marking_rules(self):
|
||||
"""List policy_dscp_marking_rules.
|
||||
|
||||
RBAC test for the neutron ``list_dscp_marking_rules`` function and
|
||||
the ``get_policy_dscp_marking_rule`` policy
|
||||
"""
|
||||
admin_resource_id = self.create_policy_dscp_marking_rule()
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_dscp_marking_rules(
|
||||
policy_id=self.policy_id)["dscp_marking_rules"]
|
||||
|
|
|
@ -130,3 +130,17 @@ class FloatingIpsRbacTest(base.BaseNetworkRbacTest):
|
|||
with self.rbac_utils.override_role(self):
|
||||
# Delete the floating IP
|
||||
self.floating_ips_client.delete_floatingip(floating_ip['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_floatingip"])
|
||||
@decorators.idempotent_id('824965e3-8be8-46e2-be64-0d793533ad20')
|
||||
def test_list_floating_ips(self):
|
||||
"""List Floating IPs.
|
||||
|
||||
RBAC test for the neutron ``list_floatingips`` function and
|
||||
the ``get_floatingip`` policy
|
||||
"""
|
||||
admin_resource_id = self._create_floatingip()['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.floating_ips_client.list_floatingips(
|
||||
id=admin_resource_id)["floatingips"]
|
||||
|
|
|
@ -101,3 +101,20 @@ class MeteringLabelRulesRbacTest(base.BaseNetworkRbacTest):
|
|||
with self.rbac_utils.override_role(self):
|
||||
self.metering_label_rules_client.delete_metering_label_rule(
|
||||
label_rule['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_metering_label_rule"])
|
||||
@decorators.idempotent_id('eaaf9eb5-ee53-4b6b-a4d3-a721dd39bc40')
|
||||
def test_list_metering_label_rules(self):
|
||||
"""List metering label rules.
|
||||
|
||||
RBAC test for the neutron ``list_metering_label_rules`` function and
|
||||
the ``get_metering_label_rule`` policy
|
||||
"""
|
||||
admin_resource_id = self._create_metering_label_rule(self.label)['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = (
|
||||
self.metering_label_rules_client.
|
||||
list_metering_label_rules(id=admin_resource_id)
|
||||
["metering_label_rules"])
|
||||
|
|
|
@ -83,3 +83,20 @@ class MeteringLabelsRbacTest(base.BaseNetworkRbacTest):
|
|||
label = self._create_metering_label()
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.metering_labels_client.delete_metering_label(label['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_metering_label"])
|
||||
@decorators.idempotent_id('d60d72b0-cb8f-44db-b10b-5092fa01cb0e')
|
||||
def test_list_metering_labels(self):
|
||||
"""List metering label.
|
||||
|
||||
RBAC test for the neutron ``list_metering_labels`` function and
|
||||
the ``get_metering_label`` policy
|
||||
"""
|
||||
admin_resource_id = self._create_metering_label()['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = (
|
||||
self.metering_labels_client.
|
||||
list_metering_labels(id=admin_resource_id)
|
||||
["metering_labels"])
|
||||
|
|
|
@ -457,3 +457,18 @@ class NetworksRbacTest(base.BaseNetworkRbacTest):
|
|||
with self.rbac_utils.override_role(self):
|
||||
self.networks_client.list_dhcp_agents_on_hosting_network(
|
||||
self.network['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_network"])
|
||||
@decorators.idempotent_id('53d6d826-ec9a-4407-9362-b474187fae6d')
|
||||
def test_list_networks(self):
|
||||
"""List Networks
|
||||
|
||||
RBAC test for the neutron ``list_networks`` function and
|
||||
the ``get_network`` policy
|
||||
"""
|
||||
|
||||
admin_resource_id = self.network['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.networks_client.list_networks(
|
||||
id=admin_resource_id)["networks"]
|
||||
|
|
|
@ -388,3 +388,17 @@ class PortsRbacTest(base.BaseNetworkRbacTest):
|
|||
port = self.create_port(self.network)
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ports_client.delete_port(port['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_port"])
|
||||
@decorators.idempotent_id('877ea70d-b000-4af4-9322-0a76b47b7890')
|
||||
def test_list_ports(self):
|
||||
"""List Ports
|
||||
|
||||
RBAC test for the neutron ``list_ports`` function and
|
||||
the ``get_port`` policy
|
||||
"""
|
||||
admin_resource_id = self.port['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ports_client.list_ports(
|
||||
id=admin_resource_id)["ports"]
|
||||
|
|
|
@ -98,3 +98,17 @@ class QosExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
policy = self.create_policy()
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_qos_policy(policy['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_policy"])
|
||||
@decorators.idempotent_id('e84cec88-8478-4787-b603-5fcdd8ed7bd5')
|
||||
def test_list_policies(self):
|
||||
"""List Policies Test
|
||||
|
||||
RBAC test for the neutron ``list_qos_policies`` function and
|
||||
the ``get_policy``
|
||||
"""
|
||||
admin_resource_id = self.create_policy()['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_qos_policies(
|
||||
id=admin_resource_id)["policies"]
|
||||
|
|
|
@ -109,3 +109,18 @@ class RbacPoliciesExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_rbac_policy(policy_id)
|
||||
|
||||
@decorators.idempotent_id('5337d95a-2e75-47bb-a0ea-0a082be930bf')
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_rbac_policy"])
|
||||
def test_list_rbac_policies(self):
|
||||
"""List RBAC policies.
|
||||
|
||||
RBAC test for the neutron ``list_rbac_policies`` function and
|
||||
the ``get_rbac_policy`` policy
|
||||
"""
|
||||
admin_resource_id = self.create_rbac_policy(self.tenant_id,
|
||||
self.network_id)
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_rbac_policies(
|
||||
id=admin_resource_id)["rbac_policies"]
|
||||
|
|
|
@ -401,3 +401,18 @@ class RouterRbacTest(base.BaseNetworkRbacTest):
|
|||
self.routers_client.remove_router_interface(
|
||||
router['id'],
|
||||
subnet_id=subnet['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_router"])
|
||||
@decorators.idempotent_id('86816700-12d1-4173-a50f-34bd137f47e6')
|
||||
def test_list_routers(self):
|
||||
"""List Routers
|
||||
|
||||
RBAC test for the neutron ``get_router policy`` and
|
||||
the ``get_router`` policy
|
||||
"""
|
||||
|
||||
admin_resource_id = self.router['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.routers_client.list_routers(
|
||||
id=admin_resource_id)["routers"]
|
||||
|
|
|
@ -119,14 +119,16 @@ class SecGroupRbacTest(base.BaseNetworkRbacTest):
|
|||
rules=["get_security_group"])
|
||||
@decorators.idempotent_id('fbaf8d96-ed3e-49af-b24c-5fb44f05bbb7')
|
||||
def test_list_security_groups(self):
|
||||
"""List Security Groups
|
||||
|
||||
with self.rbac_utils.override_role(self):
|
||||
security_groups = self.security_groups_client.\
|
||||
list_security_groups()
|
||||
|
||||
# Neutron may return an empty list if access is denied.
|
||||
if not security_groups['security_groups']:
|
||||
raise rbac_exceptions.RbacEmptyResponseBody()
|
||||
RBAC test for the neutron ``list_security_groups`` function and
|
||||
the ``get_security_group`` policy
|
||||
"""
|
||||
admin_resource_id = self.secgroup['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.security_groups_client.list_security_groups(
|
||||
id=admin_resource_id)["security_groups"]
|
||||
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["create_security_group_rule"])
|
||||
|
|
|
@ -120,3 +120,17 @@ class SegmentsExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_segment(segment['segment']['id'])
|
||||
|
||||
@decorators.idempotent_id('d68a0578-36ae-435e-8aaa-508ee96bdfae')
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_segment"])
|
||||
def test_list_segments(self):
|
||||
"""List segments.
|
||||
|
||||
RBAC test for the neutron ``list_segments`` function and
|
||||
the``get_segment`` policy
|
||||
"""
|
||||
admin_resource_id = self.create_segment(self.network)['segment']['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_segments(
|
||||
id=admin_resource_id)["segments"]
|
||||
|
|
|
@ -164,3 +164,17 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
|
|||
subnetpool = self._create_subnetpool()
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.subnetpools_client.delete_subnetpool(subnetpool['id'])
|
||||
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_subnetpool"])
|
||||
@decorators.idempotent_id('f1caf0f6-bde5-11e8-a355-529269fb1459')
|
||||
def test_list_subnetpools(self):
|
||||
"""List subnetpools.
|
||||
|
||||
RBAC test for the neutron ``list_subnetpools`` function and
|
||||
the ``get_subnetpool`` policy
|
||||
"""
|
||||
admin_resource_id = self._create_subnetpool()['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.subnetpools_client.list_subnetpools(
|
||||
id=admin_resource_id)["subnetpools"]
|
||||
|
|
|
@ -17,7 +17,6 @@ from tempest.common import utils
|
|||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_exceptions
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.network import rbac_base as base
|
||||
|
||||
|
@ -61,19 +60,18 @@ class SubnetsRbacTest(base.BaseNetworkRbacTest):
|
|||
self.subnets_client.show_subnet(self.subnet['id'])
|
||||
|
||||
@decorators.idempotent_id('e2ddc415-5cab-43f4-9b61-166aed65d637')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_subnet"])
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_subnet"])
|
||||
def test_list_subnets(self):
|
||||
"""List subnets.
|
||||
|
||||
RBAC test for the neutron "get_subnet" policy
|
||||
RBAC test for the neutron ``list_subnets`` function and
|
||||
the ``get_subnet`` policy
|
||||
"""
|
||||
with self.rbac_utils.override_role(self):
|
||||
subnets = self.subnets_client.list_subnets()
|
||||
|
||||
# Neutron may return an empty list if access is denied.
|
||||
if not subnets['subnets']:
|
||||
raise rbac_exceptions.RbacEmptyResponseBody()
|
||||
admin_resource_id = self.subnet['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.subnets_client.list_subnets(
|
||||
id=admin_resource_id)["subnets"]
|
||||
|
||||
@decorators.idempotent_id('f36cd821-dd22-4bd0-b43d-110fc4b553eb')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
|
|
|
@ -84,6 +84,20 @@ class TrunksExtRbacTest(base.BaseNetworkExtRbacTest):
|
|||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_trunk(trunk['trunk']['id'])
|
||||
|
||||
@decorators.idempotent_id('047badd1-e4ff-40c5-9929-99ffcb8750a7')
|
||||
@rbac_rule_validation.action(service="neutron", rules=["get_trunk"])
|
||||
def test_list_trunks(self):
|
||||
"""Show trunk.
|
||||
|
||||
RBAC test for the neutron ``list_trunks``` function and
|
||||
the ``get_trunk`` policy
|
||||
"""
|
||||
admin_resource_id = self.create_trunk(self.port_id)["trunk"]['id']
|
||||
with (self.rbac_utils.override_role_and_validate_list(
|
||||
self, admin_resource_id=admin_resource_id)) as ctx:
|
||||
ctx.resources = self.ntp_client.list_trunks(
|
||||
id=admin_resource_id)["trunks"]
|
||||
|
||||
|
||||
class TrunksSubportsExtRbacTest(base.BaseNetworkExtRbacTest):
|
||||
|
||||
|
|
Loading…
Reference in New Issue