openstack
/
patrole
Code Issues Proposed changes

Add vol extra specs/type access RBAC tests 

Added RBAC tests for volume type access API and additional tests for
volume type extra specs API (there was only 1 test for this API
before this patch), providing coverage for the following policy actions:
    * "volume_extension:types_extra_specs"
    * "volume_extension:volume_type_access"
    * "volume_extension:volume_type_access:addProjectAccess"
    * "volume_extension:volume_type_access:removeProjectAccess"

Change-Id: I99628d26fb594967a49d30319921b9b60f0b5eaf
This commit is contained in:
Felipe Monteiro 2017-05-12 20:42:05 +01:00
parent 7308f78c43
commit 12a52d9fca
3 changed files with 163 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
patrole_tempest_plugin/tests/api/volume/test_volume_types_access_rbac.py Normal file
View File

@ -0,0 +1,81 @@
# Copyright 2017 AT&T Corporation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
class VolumeTypesAccessRbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
@classmethod
def skip_checks(cls):
super(VolumeTypesAccessRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-volume-type-access', 'volume'):
msg = "os-volume-type-access extension not enabled."
raise cls.skipException(msg)
@classmethod
def resource_setup(cls):
super(VolumeTypesAccessRbacTest, cls).resource_setup()
cls.vol_type = cls.create_volume_type(
**{'os-volume-type-access:is_public': False})
cls.project_id = cls.auth_provider.credentials.project_id
def _add_type_access(self, ignore_not_found=False):
self.volume_types_client.add_type_access(
self.vol_type['id'], project=self.project_id)
if ignore_not_found:
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.volume_types_client.remove_type_access,
self.vol_type['id'], project=self.project_id)
else:
self.addCleanup(self.volume_types_client.remove_type_access,
self.vol_type['id'], project=self.project_id)
@decorators.idempotent_id('af70e6ad-e931-419f-9200-8bcc284e4e47')
@rbac_rule_validation.action(
service="cinder",
rule="volume_extension:volume_type_access")
def test_list_type_access(self):
self._add_type_access()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.list_type_access(self.vol_type['id'])[
'volume_type_access']
@decorators.idempotent_id('b462eeba-45d0-4d6e-945a-a1d27708d367')
@rbac_rule_validation.action(
service="cinder",
rule="volume_extension:volume_type_access:addProjectAccess")
def test_add_type_access(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._add_type_access(ignore_not_found=True)
@decorators.idempotent_id('8f848aeb-636a-46f1-aeeb-e2a60e9d2bfe')
@rbac_rule_validation.action(
service="cinder",
rule="volume_extension:volume_type_access:removeProjectAccess")
def test_remove_type_access(self):
self._add_type_access(ignore_not_found=True)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.remove_type_access(
self.vol_type['id'], project=self.project_id)

77
patrole_tempest_plugin/tests/api/volume/test_volume_types_extra_specs_rbac.py
View File

@ -13,21 +13,88 @@
# License for the specific language governing permissions and limitations
# under the License.
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
class VolumeTypesExtraSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
_api_version = 3
@classmethod
def skip_checks(cls):
super(VolumeTypesExtraSpecsRbacTest, cls).skip_checks()
if not test.is_extension_enabled('os-types-extra-specs', 'volume'):
msg = "os-types-extra-specs extension not enabled."
raise cls.skipException(msg)
@classmethod
def resource_setup(cls):
super(VolumeTypesExtraSpecsRbacTest, cls).resource_setup()
cls.vol_type = cls.create_volume_type()
cls.spec_key = data_utils.rand_name(cls.__name__ + '-Spec')
def _create_volume_type_extra_specs(self, ignore_not_found=False):
extra_specs = {self.spec_key: "val1"}
self.volume_types_client.create_volume_type_extra_specs(
self.vol_type['id'], extra_specs)
if ignore_not_found:
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
self.volume_types_client.delete_volume_type_extra_specs,
self.vol_type['id'], self.spec_key)
else:
self.addCleanup(
self.volume_types_client.delete_volume_type_extra_specs,
self.vol_type['id'], self.spec_key)
@decorators.idempotent_id('76c36be2-2b6c-4acf-9aac-c9dc5c17cdbe')
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
def test_list_volume_types_extra_specs(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.list_volume_types_extra_specs(
self.vol_type['id'])['extra_specs']
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
@decorators.idempotent_id('eea40251-990b-49b0-99ae-10e4585b479b')
def test_create_volume_type_extra_specs(self):
vol_type = self.create_volume_type()
# List Volume types extra specs.
extra_specs = {"spec1": "val1"}
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.create_volume_type_extra_specs(
vol_type['id'], extra_specs)
self._create_volume_type_extra_specs(ignore_not_found=True)
@decorators.idempotent_id('e2dcc9c6-2fef-431d-afaf-92b45bc76d1a')
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
def test_show_volume_type_extra_specs(self):
self._create_volume_type_extra_specs()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.show_volume_type_extra_specs(
self.vol_type['id'], self.spec_key)
@decorators.idempotent_id('93001912-f938-41c7-8787-62dc7010fd52')
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
def test_delete_volume_type_extra_specs(self):
self._create_volume_type_extra_specs(ignore_not_found=True)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.delete_volume_type_extra_specs(
self.vol_type['id'], self.spec_key)
@decorators.idempotent_id('0a444437-7402-4fbe-a18a-93af2ee00618')
@rbac_rule_validation.action(service="cinder",
rule="volume_extension:types_extra_specs")
def test_update_volume_type_extra_specs(self):
self._create_volume_type_extra_specs()
update_extra_specs = {self.spec_key: "val2"}
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.volume_types_client.update_volume_type_extra_specs(
self.vol_type['id'], self.spec_key, update_extra_specs)

10
releasenotes/notes/extra-volume-types-tests-2e4538bed7348be4.yaml Normal file
View File

@ -0,0 +1,10 @@
---
features:
- |
Added RBAC tests for volume type access and volume type extra specs
APIs, providing coverage for the following policy actions:
* "volume_extension:types_extra_specs"
* "volume_extension:volume_type_access"
* "volume_extension:volume_type_access:addProjectAccess"
* "volume_extension:volume_type_access:removeProjectAccess"