openstack/patrole
Code Issues Proposed changes

Merge "Migrate to override_role for compute module (part 2)"

Browse Source
This commit is contained in:
Zuul
2018-01-01 17:01:24 +00:00
committed by Gerrit Code Review
parent f8cd8e3c31 d278efe4d5
commit 4ffa4b401a
11 changed files with 177 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
patrole_tempest_plugin/tests/api/compute/test_hosts_rbac.py
View File

@@ -34,5 +34,5 @@ class HostsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-hosts")
def test_list_hosts(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hosts_client.list_hosts()['hosts']
with self.rbac_utils.override_role(self):
self.hosts_client.list_hosts()

36
patrole_tempest_plugin/tests/api/compute/test_hypervisor_rbac.py
View File

@@ -41,58 +41,56 @@ class HypervisorRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_hypervisors(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.list_hypervisors()['hypervisors']
with self.rbac_utils.override_role(self):
self.hypervisor_client.list_hypervisors()
@decorators.idempotent_id('36b95c7d-1085-487a-a674-b7c1ca35f520')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_hypervisors_with_details(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.list_hypervisors(detail=True)['hypervisors']
with self.rbac_utils.override_role(self):
self.hypervisor_client.list_hypervisors(detail=True)
@decorators.idempotent_id('8a7f6f9e-34a6-4480-8875-bba566c3a581')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.show_hypervisor(
self.hypervisor['id'])['hypervisor']
with self.rbac_utils.override_role(self):
self.hypervisor_client.show_hypervisor(self.hypervisor['id'])
@decorators.idempotent_id('b86f03cf-2e79-4d88-9eea-62f761591413')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_list_servers_on_hypervisor(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.list_servers_on_hypervisor(
self.hypervisor['hypervisor_hostname'])['hypervisors']
with self.rbac_utils.override_role(self):
self.hypervisor_client.list_servers_on_hypervisor(
self.hypervisor['hypervisor_hostname'])
@decorators.idempotent_id('ca0e465c-6365-4a7f-ae58-6f8ddbca06c2')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor_statistics(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.\
show_hypervisor_statistics()['hypervisor_statistics']
with self.rbac_utils.override_role(self):
self.hypervisor_client.show_hypervisor_statistics()
@decorators.idempotent_id('109b37c5-91ba-4da5-b2a2-d7618d84406d')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_show_hypervisor_uptime(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.show_hypervisor_uptime(
self.hypervisor['id'])['hypervisor']
with self.rbac_utils.override_role(self):
self.hypervisor_client.show_hypervisor_uptime(
self.hypervisor['id'])
@decorators.idempotent_id('3dbc71c1-8f04-4674-a67c-dcb2fd99b1b4')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-hypervisors")
def test_search_hypervisor(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.hypervisor_client.search_hypervisor(
self.hypervisor['hypervisor_hostname'])['hypervisors']
with self.rbac_utils.override_role(self):
self.hypervisor_client.search_hypervisor(
self.hypervisor['hypervisor_hostname'])

64
patrole_tempest_plugin/tests/api/compute/test_images_rbac.py
View File

@@ -78,24 +78,24 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="glance",
rule="get_images")
def test_list_images(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.list_images()
with self.rbac_utils.override_role(self):
self.compute_images_client.list_images()
@decorators.idempotent_id('4365ae0f-15ee-4b54-a527-1679faaed140')
@rbac_rule_validation.action(
service="glance",
rule="get_images")
def test_list_images_with_details(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.list_images(detail=True)
with self.rbac_utils.override_role(self):
self.compute_images_client.list_images(detail=True)
@decorators.idempotent_id('886dfcae-51bf-4610-9e52-82d7189524c2')
@rbac_rule_validation.action(
service="glance",
rule="get_image")
def test_show_image_details(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.show_image(self.image['id'])
with self.rbac_utils.override_role(self):
self.compute_images_client.show_image(self.image['id'])
@decorators.idempotent_id('dbe09d4c-e615-48cb-b908-a06a0f410a8e')
@rbac_rule_validation.action(
@@ -107,17 +107,17 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.show_image_metadata_item(self.image['id'],
key='foo')
with self.rbac_utils.override_role(self):
self.compute_images_client.show_image_metadata_item(
self.image['id'], key='foo')
@decorators.idempotent_id('59f66079-d564-47e8-81b0-03c2e84d339e')
@rbac_rule_validation.action(
service="glance",
rule="get_image")
def test_list_image_metadata(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.list_image_metadata(self.image['id'])
with self.rbac_utils.override_role(self):
self.compute_images_client.list_image_metadata(self.image['id'])
@decorators.idempotent_id('5888c7aa-0803-46d4-a3fb-5d4729465cd5')
@rbac_rule_validation.action(
@@ -129,20 +129,20 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.glance_image_client.delete_image, image['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.delete_image(image['id'])
with self.rbac_utils.override_role(self):
self.compute_images_client.delete_image(image['id'])
@decorators.idempotent_id('575604aa-909f-4b1b-a5a5-cfae1f63044b')
@rbac_rule_validation.action(
service="glance",
rule="modify_image")
def test_create_image_metadata(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# NOTE(felipemonteiro): Although the name of the client function
# appears wrong, it's actually correct: update_image_metadata does an
# http post.
self.compute_images_client.update_image_metadata(self.image['id'],
meta={'foo': 'bar'})
with self.rbac_utils.override_role(self):
# NOTE(felipemonteiro): Although the name of the client function
# appears wrong, it's actually correct: update_image_metadata does
# an http post.
self.compute_images_client.update_image_metadata(
self.image['id'], meta={'foo': 'bar'})
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -151,9 +151,9 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="glance",
rule="modify_image")
def test_update_image_metadata(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.set_image_metadata(self.image['id'],
meta={'foo': 'bar'})
with self.rbac_utils.override_role(self):
self.compute_images_client.set_image_metadata(self.image['id'],
meta={'foo': 'bar'})
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -162,9 +162,9 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="glance",
rule="modify_image")
def test_update_image_metadata_item(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.set_image_metadata_item(
self.image['id'], meta={'foo': 'bar'}, key='foo')
with self.rbac_utils.override_role(self):
self.compute_images_client.set_image_metadata_item(
self.image['id'], meta={'foo': 'bar'}, key='foo')
self.addCleanup(self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
@@ -179,9 +179,9 @@ class ImagesRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.compute_images_client.delete_image_metadata_item,
self.image['id'], key='foo')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.delete_image_metadata_item(self.image['id'],
key='foo')
with self.rbac_utils.override_role(self):
self.compute_images_client.delete_image_metadata_item(
self.image['id'], key='foo')
class ImageSizeRbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -202,13 +202,13 @@ class ImageSizeRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:image-size")
def test_list_images(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.list_images()
with self.rbac_utils.override_role(self):
self.compute_images_client.list_images()
@decorators.idempotent_id('08342c7d-297d-42ee-b398-90fce2443792')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:image-size")
def test_list_images_with_details(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.compute_images_client.list_images(detail=True)
with self.rbac_utils.override_role(self):
self.compute_images_client.list_images(detail=True)

14
patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py
View File

@@ -38,9 +38,9 @@ class InstanceUsagesAuditLogRbacTest(rbac_base.BaseV2ComputeRbacTest):
@rbac_rule_validation.action(
service="nova", rule="os_compute_api:os-instance-usage-audit-log")
def test_list_instance_usage_audit_logs(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.instance_usages_audit_log_client.list_instance_usage_audit_logs()
["instance_usage_audit_logs"]
with self.rbac_utils.override_role(self):
(self.instance_usages_audit_log_client
.list_instance_usage_audit_logs())
@decorators.idempotent_id('ded8bfbd-5d90-4a58-aee0-d31231bf3c9b')
@rbac_rule_validation.action(
@@ -48,7 +48,7 @@ class InstanceUsagesAuditLogRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_show_instance_usage_audit_log(self):
now = datetime.datetime.now()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.instance_usages_audit_log_client.show_instance_usage_audit_log(
urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S")))[
"instance_usage_audit_log"]
with self.rbac_utils.override_role(self):
(self.instance_usages_audit_log_client.
show_instance_usage_audit_log(
urllib.quote(now.strftime("%Y-%m-%d %H:%M:%S"))))

16
patrole_tempest_plugin/tests/api/compute/test_keypairs_rbac.py
View File

@@ -36,8 +36,8 @@ class KeypairsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-keypairs:create")
def test_create_keypair(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._create_keypair()
with self.rbac_utils.override_role(self):
self._create_keypair()
@decorators.idempotent_id('85a5eb99-40ec-4e77-9358-bee2cdf9d7df')
@rbac_rule_validation.action(
@@ -45,8 +45,8 @@ class KeypairsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-keypairs:show")
def test_show_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.keypairs_client.show_keypair(kp_name)
with self.rbac_utils.override_role(self):
self.keypairs_client.show_keypair(kp_name)
@decorators.idempotent_id('6bff9f1c-b809-43c1-8d63-61fbd19d49d3')
@rbac_rule_validation.action(
@@ -54,13 +54,13 @@ class KeypairsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-keypairs:delete")
def test_delete_keypair(self):
kp_name = self._create_keypair()['keypair']['name']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.keypairs_client.delete_keypair(kp_name)
with self.rbac_utils.override_role(self):
self.keypairs_client.delete_keypair(kp_name)
@decorators.idempotent_id('6bb31346-ff7f-4b10-978e-170ac5fcfa3e')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-keypairs:index")
def test_index_keypair(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.keypairs_client.list_keypairs()
with self.rbac_utils.override_role(self):
self.keypairs_client.list_keypairs()

4
patrole_tempest_plugin/tests/api/compute/test_limits_rbac.py
View File

@@ -31,5 +31,5 @@ class LimitsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:limits")
@decorators.idempotent_id('3fb60f83-9a5f-4fdd-89d9-26c3710844a1')
def test_show_limits(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.limits_client.show_limits()
with self.rbac_utils.override_role(self):
self.limits_client.show_limits()

4
patrole_tempest_plugin/tests/api/compute/test_migrations_rbac.py
View File

@@ -34,5 +34,5 @@ class MigrationsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-migrations:index")
def test_list_services(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.migrations_client.list_migrations()['migrations']
with self.rbac_utils.override_role(self):
self.migrations_client.list_migrations()

11
patrole_tempest_plugin/tests/api/compute/test_quota_class_sets_rbac.py
View File

@@ -59,9 +59,8 @@ class QuotaClassesRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-quota-class-sets:show")
def test_show_quota_class_set(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quota_classes_client.show_quota_class_set('default')[
'quota_class_set']
with self.rbac_utils.override_role(self):
self.quota_classes_client.show_quota_class_set('default')
@decorators.idempotent_id('81889e69-efd2-4e96-bb4c-ee3b646b9755')
@rbac_rule_validation.action(
@@ -75,6 +74,6 @@ class QuotaClassesRbacTest(rbac_base.BaseV2ComputeRbacTest):
for quota, default in quota_class_set.items():
quota_class_set[quota] = default + 100
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quota_classes_client.update_quota_class_set(
self.project_id, **quota_class_set)['quota_class_set']
with self.rbac_utils.override_role(self):
self.quota_classes_client.update_quota_class_set(
self.project_id, **quota_class_set)

26
patrole_tempest_plugin/tests/api/compute/test_quota_sets_rbac.py
View File

@@ -59,10 +59,10 @@ class QuotaSetsRbacTest(rbac_base.BaseV2ComputeRbacTest):
default_quota_set.pop('id')
new_quota_set = {'injected_file_content_bytes': 20480}
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.update_quota_set(self.tenant_id,
force=True,
**new_quota_set)['quota_set']
with self.rbac_utils.override_role(self):
self.quotas_client.update_quota_set(self.tenant_id,
force=True,
**new_quota_set)
self.addCleanup(self.quotas_client.update_quota_set, self.tenant_id,
**default_quota_set)
@@ -71,16 +71,16 @@ class QuotaSetsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-quota-sets:defaults")
def test_show_default_quota_set(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.show_default_quota_set(self.tenant_id)['quota_set']
with self.rbac_utils.override_role(self):
self.quotas_client.show_default_quota_set(self.tenant_id)
@decorators.idempotent_id('e8169ac4-c402-4864-894e-aba74e3a459c')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-quota-sets:show")
def test_show_quota_set(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.show_quota_set(self.tenant_id)['quota_set']
with self.rbac_utils.override_role(self):
self.quotas_client.show_quota_set(self.tenant_id)
@decorators.idempotent_id('4e240644-bf61-4872-9c32-8289ee2fdbbd')
@rbac_rule_validation.action(
@@ -94,14 +94,14 @@ class QuotaSetsRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.projects_client.delete_project, project_id)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.delete_quota_set(project_id)
with self.rbac_utils.override_role(self):
self.quotas_client.delete_quota_set(project_id)
@decorators.idempotent_id('ac9184b6-f3b3-4e17-a632-4b92c6500f86')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-quota-sets:detail")
def test_show_quota_set_details(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.quotas_client.show_quota_set(self.tenant_id,
detail=True)['quota_set']
with self.rbac_utils.override_role(self):
self.quotas_client.show_quota_set(self.tenant_id,
detail=True)

39
patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
View File

@@ -58,8 +58,9 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
def test_list_security_groups_by_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.list_security_groups_by_server(self.server['id'])
with self.rbac_utils.override_role(self):
self.servers_client.list_security_groups_by_server(
self.server['id'])
@rbac_rule_validation.action(
service="nova",
@@ -68,8 +69,9 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_create_security_group_for_server(self):
sg_name = self.create_security_group()['name']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.add_security_group(self.server['id'], name=sg_name)
with self.rbac_utils.override_role(self):
self.servers_client.add_security_group(self.server['id'],
name=sg_name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.servers_client.remove_security_group,
self.server['id'], name=sg_name)
@@ -86,9 +88,9 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.servers_client.remove_security_group,
self.server['id'], name=sg_name)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.remove_security_group(
self.server['id'], name=sg_name)
with self.rbac_utils.override_role(self):
self.servers_client.remove_security_group(
self.server['id'], name=sg_name)
class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
@@ -117,16 +119,16 @@ class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('4ac58e49-48c1-4fca-a6c3-3f95fb99eb77')
def test_list_security_groups(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.list_security_groups()
with self.rbac_utils.override_role(self):
self.security_groups_client.list_security_groups()
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-security-groups")
@decorators.idempotent_id('e8fe7f5a-69ee-412d-81d3-a8c7a488b54d')
def test_create_security_groups(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.create_security_group()['id']
with self.rbac_utils.override_role(self):
self.create_security_group()['id']
@rbac_rule_validation.action(
service="nova",
@@ -134,8 +136,8 @@ class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
@decorators.idempotent_id('59127e8e-302d-11e7-93ae-92361f002671')
def test_delete_security_groups(self):
sec_group_id = self.create_security_group()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.delete_security_group(sec_group_id)
with self.rbac_utils.override_role(self):
self.security_groups_client.delete_security_group(sec_group_id)
@rbac_rule_validation.action(
service="nova",
@@ -146,10 +148,9 @@ class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
new_name = data_utils.rand_name()
new_desc = data_utils.rand_name()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.update_security_group(sec_group_id,
name=new_name,
description=new_desc)
with self.rbac_utils.override_role(self):
self.security_groups_client.update_security_group(
sec_group_id, name=new_name, description=new_desc)
@rbac_rule_validation.action(
service="nova",
@@ -157,5 +158,5 @@ class SecurityGroupsRbacMaxV235Test(rbac_base.BaseV2ComputeRbacTest):
@decorators.idempotent_id('6edc0320-302d-11e7-93ae-92361f002671')
def test_show_security_groups(self):
sec_group_id = self.create_security_group()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.security_groups_client.show_security_group(sec_group_id)
with self.rbac_utils.override_role(self):
self.security_groups_client.show_security_group(sec_group_id)

144
patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
View File

@@ -33,8 +33,6 @@ CONF = config.CONF
class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
credentials = ['primary', 'admin']
@classmethod
def resource_setup(cls):
super(ServerActionsRbacTest, cls).resource_setup()
@@ -60,17 +58,17 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def _stop_server(self):
self.servers_client.stop_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'SHUTOFF')
self.servers_client, self.server_id, 'SHUTOFF')
def _resize_server(self, flavor):
self.servers_client.resize_server(self.server_id, flavor)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'VERIFY_RESIZE')
self.servers_client, self.server_id, 'VERIFY_RESIZE')
def _confirm_resize_server(self):
self.servers_client.confirm_resize_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
def _shelve_server(self):
self.servers_client.shelve_server(self.server_id)
@@ -79,13 +77,13 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.server_id)
offload_time = CONF.compute.shelved_offload_time
if offload_time >= 0:
waiters.wait_for_server_status(self.os_admin.servers_client,
waiters.wait_for_server_status(self.servers_client,
self.server_id,
'SHELVED_OFFLOADED',
extra_timeout=offload_time)
else:
waiters.wait_for_server_status(self.os_admin.servers_client,
self.server_id, 'SHELVED')
waiters.wait_for_server_status(self.servers_client, self.server_id,
'SHELVED')
def _pause_server(self):
self.servers_client.pause_server(self.server_id)
@@ -93,7 +91,7 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.servers_client.unpause_server,
self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'PAUSED')
self.servers_client, self.server_id, 'PAUSED')
def _cleanup_server_actions(self, function, server_id, **kwargs):
server = self.servers_client.show_server(server_id)['server']
@@ -107,8 +105,8 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-pause-server:pause")
def test_pause_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._pause_server()
with self.rbac_utils.override_role(self):
self._pause_server()
@decorators.idempotent_id('087008cf-82fa-4eeb-ae8b-32c4126456ad')
@testtools.skipUnless(CONF.compute_feature_enabled.pause,
@@ -118,18 +116,18 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-pause-server:unpause")
def test_unpause_server(self):
self._pause_server()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.unpause_server(self.server_id)
with self.rbac_utils.override_role(self):
self.servers_client.unpause_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:stop")
@decorators.idempotent_id('ab4a17d2-166f-4a6d-9944-f17baa576cf2')
def test_stop_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._stop_server()
with self.rbac_utils.override_role(self):
self._stop_server()
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -139,10 +137,10 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_start_server(self):
self._stop_server()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.start_server(self.server_id)
with self.rbac_utils.override_role(self):
self.servers_client.start_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -152,8 +150,8 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@testtools.skipUnless(CONF.compute_feature_enabled.resize,
'Resize is not available.')
def test_resize_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._resize_server(self.flavor_ref_alt)
with self.rbac_utils.override_role(self):
self._resize_server(self.flavor_ref_alt)
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -165,10 +163,10 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_revert_resize_server(self):
self._resize_server(self.flavor_ref_alt)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.revert_resize_server(self.server_id)
with self.rbac_utils.override_role(self):
self.servers_client.revert_resize_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
@decorators.attr(type='slow')
@rbac_rule_validation.action(
@@ -182,68 +180,68 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.addCleanup(self._confirm_resize_server)
self.addCleanup(self._resize_server, self.flavor_ref)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._confirm_resize_server()
with self.rbac_utils.override_role(self):
self._confirm_resize_server()
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:rebuild")
@decorators.idempotent_id('54b1a30b-c96c-472c-9c83-ccaf6ec7e20b')
def test_rebuild_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.rebuild_server(self.server_id, self.image_ref)
with self.rbac_utils.override_role(self):
self.servers_client.rebuild_server(self.server_id, self.image_ref)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:reboot")
@decorators.idempotent_id('19f27856-56e1-44f8-8615-7257f6b85cbb')
def test_reboot_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.reboot_server(self.server_id, type='HARD')
with self.rbac_utils.override_role(self):
self.servers_client.reboot_server(self.server_id, type='HARD')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:index")
@decorators.idempotent_id('631f0d86-7607-4198-8312-9da2f05464a4')
def test_server_index(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.list_servers(minimal=True)
with self.rbac_utils.override_role(self):
self.servers_client.list_servers(minimal=True)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:detail")
@decorators.idempotent_id('96093480-3ce5-4a8b-b569-aed870379c24')
def test_server_detail(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.list_servers(detail=True)
with self.rbac_utils.override_role(self):
self.servers_client.list_servers(detail=True)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:detail:get_all_tenants")
@decorators.idempotent_id('a9e5a1c0-acfe-49a2-b2b1-fd8b19d61f71')
def test_server_detail_all_tenants(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.list_servers(detail=True, all_tenants=1)
with self.rbac_utils.override_role(self):
self.servers_client.list_servers(detail=True, all_tenants=1)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:index:get_all_tenants")
@decorators.idempotent_id('4b93ba56-69e6-41f5-82c4-84a5c4c42091')
def test_server_index_all_tenants(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.list_servers(minimal=True, all_tenants=1)
with self.rbac_utils.override_role(self):
self.servers_client.list_servers(minimal=True, all_tenants=1)
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:servers:show")
@decorators.idempotent_id('eaaf4f51-31b5-497f-8f0f-f527e5f70b83')
def test_show_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.show_server(self.server_id)
with self.rbac_utils.override_role(self):
self.servers_client.show_server(self.server_id)
@utils.services('image')
@rbac_rule_validation.action(
@@ -251,10 +249,9 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:servers:create_image")
@decorators.idempotent_id('ba0ac859-99f4-4055-b5e0-e0905a44d331')
def test_create_image(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# This function will also call show image
self.create_image_from_server(self.server_id, wait_until='ACTIVE')
with self.rbac_utils.override_role(self):
# This function will also call show image
self.create_image_from_server(self.server_id, wait_until='ACTIVE')
@utils.services('image', 'volume')
@rbac_rule_validation.action(
@@ -267,12 +264,11 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
# this test.
server = self.create_test_server(volume_backed=True,
wait_until='ACTIVE')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
# This function will also call show image.
image = self.create_image_from_server(server['id'],
wait_until='ACTIVE',
wait_for_server=False)
with self.rbac_utils.override_role(self):
# This function will also call show image.
image = self.create_image_from_server(server['id'],
wait_until='ACTIVE',
wait_for_server=False)
self.addCleanup(self.compute_images_client.wait_for_resource_deletion,
image['id'])
self.addCleanup(
@@ -289,9 +285,9 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_create_backup(self):
# Prioritize glance v2 over v1 for deleting/waiting for image status.
if CONF.image_feature_enabled.api_v2:
glance_admin_client = self.os_admin.image_client_v2
glance_client = self.os_primary.image_client_v2
elif CONF.image_feature_enabled.api_v1:
glance_admin_client = self.os_admin.image_client
glance_client = self.os_primary.image_client
else:
raise lib_exc.InvalidConfiguration(
'Either api_v1 or api_v2 must be True in '
@@ -299,10 +295,10 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
backup_name = data_utils.rand_name(self.__class__.__name__ + '-Backup')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
resp = self.servers_client.create_backup(
self.server_id, backup_type='daily', rotation=1,
name=backup_name).response
with self.rbac_utils.override_role(self):
resp = self.servers_client.create_backup(
self.server_id, backup_type='daily', rotation=1,
name=backup_name).response
# Prior to microversion 2.45, image ID must be parsed from location
# header. With microversion 2.45+, image_id is returned.
@@ -312,11 +308,9 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
else:
image_id = data_utils.parse_image_id(resp['location'])
# Use admin credentials to wait since waiting involves show, which is
# a different policy.
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
glance_admin_client.delete_image, image_id)
waiters.wait_for_image_status(glance_admin_client, image_id, 'active')
glance_client.delete_image, image_id)
waiters.wait_for_image_status(glance_client, image_id, 'active')
@decorators.attr(type='slow')
@decorators.idempotent_id('0b70c527-af75-4bed-9ccf-4f1310a8b60f')
@@ -324,8 +318,8 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
service="nova",
rule="os_compute_api:os-shelve:shelve")
def test_shelve_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self._shelve_server()
with self.rbac_utils.override_role(self):
self._shelve_server()
@decorators.attr(type='slow')
@decorators.idempotent_id('4b6e849a-9182-49ff-9257-e97e751b475e')
@@ -334,10 +328,10 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:os-shelve:unshelve")
def test_unshelve_server(self):
self._shelve_server()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.unshelve_server(self.server_id)
with self.rbac_utils.override_role(self):
self.servers_client.unshelve_server(self.server_id)
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
self.servers_client, self.server_id, 'ACTIVE')
class ServerActionsV214RbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -361,12 +355,12 @@ class ServerActionsV214RbacTest(rbac_base.BaseV2ComputeRbacTest):
# NOTE(felipemonteiro): Because evacuating a server is a risky action
# to test in the gates, a 404 is coerced using a fake host. However,
# the policy check is done before the 404 is thrown.
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.assertRaisesRegex(lib_exc.NotFound,
"Compute host %s not found." % fake_host_name,
self.servers_client.evacuate_server,
self.server_id,
host=fake_host_name)
with self.rbac_utils.override_role(self):
self.assertRaisesRegex(
lib_exc.NotFound,
"Compute host %s not found." % fake_host_name,
self.servers_client.evacuate_server, self.server_id,
host=fake_host_name)
class ServerActionsV216RbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -387,8 +381,8 @@ class ServerActionsV216RbacTest(rbac_base.BaseV2ComputeRbacTest):
rule="os_compute_api:servers:show:host_status")
@decorators.idempotent_id('736da575-86f8-4b2a-9902-dd37dc9a409b')
def test_show_server_host_status(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
server = self.servers_client.show_server(self.server_id)['server']
with self.rbac_utils.override_role(self):
server = self.servers_client.show_server(self.server_id)['server']
if 'host_status' not in server:
raise rbac_exceptions.RbacMalformedResponse(