[Fix gate]: Cinder policy change handling in tests
Cinder policies are made more granular and now we need to adjust the patrole tests to handle those changed policies. This commit introduces a new flag so that we test the old policies in stable branches and new one in Xena onwards. Change-Id: I4be60e3e92704f8e55d3acdb0e025078ae5b21f1
This commit is contained in:
parent
f304d7aaac
commit
588c33d6d7
|
@ -84,6 +84,9 @@ function install_patrole_tempest_plugin {
|
|||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'rocky' ]]; then
|
||||
|
@ -106,6 +109,9 @@ function install_patrole_tempest_plugin {
|
|||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'stein' ]]; then
|
||||
|
@ -123,6 +129,8 @@ function install_patrole_tempest_plugin {
|
|||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'train' ]]; then
|
||||
|
@ -132,6 +140,8 @@ function install_patrole_tempest_plugin {
|
|||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'ussuri' ]]; then
|
||||
|
@ -140,14 +150,21 @@ function install_patrole_tempest_plugin {
|
|||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'victoria' ]]; then
|
||||
# TODO(gmann): Remove these once stable/victoria becomes EOL.
|
||||
# These policies were removed in Wallaby.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_wallaby False
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
if [[ ${DEVSTACK_SERIES} == 'wallaby' ]]; then
|
||||
# TODO(gmann): Remove these once stable/xena becomes EOL.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled changed_cinder_policies_xena False
|
||||
fi
|
||||
|
||||
iniset $TEMPEST_CONFIG patrole rbac_test_roles $RBAC_TEST_ROLES
|
||||
}
|
||||
|
||||
|
|
|
@ -204,7 +204,12 @@ changed in Ussuri."""),
|
|||
default=True,
|
||||
help="""Are the Nova deprecated API policies available in the
|
||||
cloud (e.g. os_compute_api:os-networks)? These policies were
|
||||
changed in Victoria.""")
|
||||
changed in Victoria."""),
|
||||
cfg.BoolOpt('changed_cinder_policies_xena',
|
||||
default=True,
|
||||
help="""Are the Cinder API policies changed in the
|
||||
cloud (e.g. 'group:group_types_specs')? These policies were
|
||||
changed in Xena.""")
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -13,11 +13,28 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_GROUP_SPEC_SHOW = "group:group_types_specs:get"
|
||||
_GROUP_SPEC_LIST = "group:group_types_specs:get_all"
|
||||
_GROUP_SPEC_CREATE = "group:group_types_specs:create"
|
||||
_GROUP_SPEC_UPDATE = "group:group_types_specs:update"
|
||||
_GROUP_SPEC_DELETE = "group:group_types_specs:delete"
|
||||
else:
|
||||
_GROUP_SPEC_SHOW = "group:group_types_specs"
|
||||
_GROUP_SPEC_LIST = "group:group_types_specs"
|
||||
_GROUP_SPEC_CREATE = "group:group_types_specs"
|
||||
_GROUP_SPEC_UPDATE = "group:group_types_specs"
|
||||
_GROUP_SPEC_DELETE = "group:group_types_specs"
|
||||
|
||||
|
||||
class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
_api_version = 3
|
||||
|
@ -27,7 +44,7 @@ class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('b2859734-00ad-4a22-88ee-541698e90d12')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_specs"]
|
||||
rules=[_GROUP_SPEC_CREATE]
|
||||
)
|
||||
def test_group_type_specs_create(self):
|
||||
# Create new group type
|
||||
|
@ -47,7 +64,7 @@ class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('469d0253-aa13-423f-8264-231ac17effbf')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_specs"]
|
||||
rules=[_GROUP_SPEC_SHOW]
|
||||
)
|
||||
def test_group_type_specs_show(self):
|
||||
group_type = self.create_group_type()
|
||||
|
@ -65,7 +82,7 @@ class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('2e706a4e-dec9-46bf-9426-1c5b6f3ce102')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_specs"]
|
||||
rules=[_GROUP_SPEC_UPDATE]
|
||||
)
|
||||
def test_group_type_specs_update(self):
|
||||
group_type = self.create_group_type()
|
||||
|
@ -81,7 +98,7 @@ class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('fd5e332b-fb2c-4957-ace9-11d60ddd5472')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_specs"]
|
||||
rules=[_GROUP_SPEC_LIST]
|
||||
)
|
||||
def test_group_type_specs_list(self):
|
||||
group_type = self.create_group_type()
|
||||
|
@ -92,7 +109,7 @@ class GroupTypeSpecsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('d9639a07-e441-4576-baf6-7ec732b16572')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_specs"]
|
||||
rules=[_GROUP_SPEC_DELETE]
|
||||
)
|
||||
def test_group_type_specs_delete(self):
|
||||
group_type = self.create_group_type()
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
# under the License.
|
||||
|
||||
from tempest.common import waiters
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
@ -22,6 +23,17 @@ from patrole_tempest_plugin import rbac_exceptions
|
|||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_GROUP_CREATE = "group:group_types:create"
|
||||
_GROUP_UPDATE = "group:group_types:update"
|
||||
_GROUP_DELETE = "group:group_types:delete"
|
||||
else:
|
||||
_GROUP_CREATE = "group:group_types_manage"
|
||||
_GROUP_UPDATE = "group:group_types_manage"
|
||||
_GROUP_DELETE = "group:group_types_manage"
|
||||
|
||||
|
||||
class BaseGroupRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
||||
|
@ -166,7 +178,7 @@ class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('2820f12c-4681-4c7f-b28d-e6925637dff6')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_manage"])
|
||||
rules=[_GROUP_CREATE])
|
||||
def test_create_group_type(self):
|
||||
with self.override_role():
|
||||
self.create_group_type(ignore_notfound=True)
|
||||
|
@ -174,7 +186,7 @@ class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('f77f8156-4fc9-4f02-be15-8930f748e10c')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_manage"])
|
||||
rules=[_GROUP_DELETE])
|
||||
def test_delete_group_type(self):
|
||||
group_type = self.create_group_type(ignore_notfound=True)
|
||||
|
||||
|
@ -184,7 +196,7 @@ class GroupTypesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('67929954-4551-4d22-b15a-27fb6e56b711')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["group:group_types_manage"])
|
||||
rules=[_GROUP_DELETE])
|
||||
def test_update_group_type(self):
|
||||
group_type = self.create_group_type()
|
||||
update_params = {
|
||||
|
|
|
@ -14,12 +14,22 @@
|
|||
# under the License.
|
||||
|
||||
from tempest.common import utils
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_QUOTA_SET_SHOW = "volume_extension:quota_classes:get"
|
||||
_QUOTA_SET_UPDATE = "volume_extension:quota_classes:update"
|
||||
else:
|
||||
_QUOTA_SET_SHOW = "volume_extension:quota_classes"
|
||||
_QUOTA_SET_UPDATE = "volume_extension:quota_classes"
|
||||
|
||||
|
||||
class QuotaClassesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
||||
|
@ -39,7 +49,7 @@ class QuotaClassesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
|
||||
@decorators.idempotent_id('1a060def-2b43-4534-97f5-5eadbbe8c726')
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rules=["volume_extension:quota_classes"])
|
||||
rules=[_QUOTA_SET_SHOW])
|
||||
def test_show_quota_class_set(self):
|
||||
with self.override_role():
|
||||
self.quota_classes_client.show_quota_class_set(
|
||||
|
@ -47,7 +57,7 @@ class QuotaClassesV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
|
||||
@decorators.idempotent_id('72159478-23a7-4c75-989f-6bac609eca62')
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rules=["volume_extension:quota_classes"])
|
||||
rules=[_QUOTA_SET_UPDATE])
|
||||
def test_update_quota_class_set(self):
|
||||
quota_class_set = self.quota_classes_client.show_quota_class_set(
|
||||
self.quota_name)['quota_class_set']
|
||||
|
|
|
@ -23,6 +23,15 @@ from patrole_tempest_plugin.tests.api.volume import rbac_base
|
|||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_METADATA_SHOW = "volume_extension:volume_image_metadata:show"
|
||||
_METADATA_SET = "volume_extension:volume_image_metadata:set"
|
||||
_METADATA_REMOVE = "volume_extension:volume_image_metadata:remove"
|
||||
else:
|
||||
_METADATA_SHOW = "volume_extension:volume_image_metadata"
|
||||
_METADATA_SET = "volume_extension:volume_image_metadata"
|
||||
_METADATA_REMOVE = "volume_extension:volume_image_metadata"
|
||||
|
||||
|
||||
class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
||||
|
@ -99,7 +108,7 @@ class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('39e8f82c-f1fc-4905-bf47-177ce2f71bb9')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:volume_image_metadata"])
|
||||
rules=[_METADATA_SET])
|
||||
def test_list_volumes_details_image_metadata(self):
|
||||
self.volumes_client.update_volume_image_metadata(
|
||||
self.volume['id'], image_id=self.image_id)
|
||||
|
@ -117,7 +126,7 @@ class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('53f94d52-0dd5-42cf-a3a4-59b35150b3d5')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:volume_image_metadata"])
|
||||
rules=[_METADATA_SHOW])
|
||||
def test_show_volume_details_image_metadata(self):
|
||||
self.volumes_client.update_volume_image_metadata(
|
||||
self.volume['id'], image_id=self.image_id)
|
||||
|
@ -135,7 +144,7 @@ class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('a9d9e825-5ea3-42e6-96f3-7ac4e97b2ed0')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:volume_image_metadata"])
|
||||
rules=[_METADATA_SET])
|
||||
def test_update_volume_image_metadata(self):
|
||||
with self.override_role():
|
||||
self.volumes_client.update_volume_image_metadata(
|
||||
|
@ -146,7 +155,7 @@ class VolumeMetadataV3RbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('a41c8eed-2051-4a25-b401-df036faacbdc')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:volume_image_metadata"])
|
||||
rules=[_METADATA_REMOVE])
|
||||
def test_delete_volume_image_metadata(self):
|
||||
self.volumes_client.update_volume_image_metadata(
|
||||
self.volume['id'], image_id=self.image_id)
|
||||
|
|
|
@ -14,12 +14,20 @@
|
|||
# under the License.
|
||||
|
||||
from tempest.common import utils
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_TYPE_ACCESS_LIST = "volume_extension:volume_type_access:get_all_for_type"
|
||||
else:
|
||||
_TYPE_ACCESS_LIST = "volume_extension:volume_type_access"
|
||||
|
||||
|
||||
class VolumeTypesAccessRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
||||
|
@ -52,7 +60,7 @@ class VolumeTypesAccessRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('af70e6ad-e931-419f-9200-8bcc284e4e47')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:volume_type_access"])
|
||||
rules=[_TYPE_ACCESS_LIST])
|
||||
def test_list_type_access(self):
|
||||
self._add_type_access()
|
||||
|
||||
|
|
|
@ -13,18 +13,30 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_cinder_policies_xena:
|
||||
_TYPE_MANAGE_CREATE = "volume_extension:type_create"
|
||||
_TYPE_MANAGE_UPDATE = "volume_extension:type_update"
|
||||
_TYPE_MANAGE_DELETE = "volume_extension:type_delete"
|
||||
else:
|
||||
_TYPE_MANAGE_CREATE = "volume_extension:types_manage"
|
||||
_TYPE_MANAGE_UPDATE = "volume_extension:types_manage"
|
||||
_TYPE_MANAGE_DELETE = "volume_extension:types_manage"
|
||||
|
||||
|
||||
class VolumeTypesRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
||||
@decorators.idempotent_id('e2bbf968-d947-4a15-a4da-a98c3069731e')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:types_manage"])
|
||||
rules=[_TYPE_MANAGE_CREATE])
|
||||
def test_create_volume_type(self):
|
||||
with self.override_role():
|
||||
self.create_volume_type()
|
||||
|
@ -32,7 +44,7 @@ class VolumeTypesRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('2b74ac82-e03e-4801-86f3-d05c9acfd66b')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:types_manage"])
|
||||
rules=[_TYPE_MANAGE_UPDATE])
|
||||
def test_update_volume_type(self):
|
||||
volume_type = self.create_volume_type()
|
||||
with self.override_role():
|
||||
|
@ -42,7 +54,7 @@ class VolumeTypesRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@decorators.idempotent_id('90aec0ef-4f9b-4170-be6b-a392c12540be')
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rules=["volume_extension:types_manage"])
|
||||
rules=[_TYPE_MANAGE_DELETE])
|
||||
def test_delete_volume_type(self):
|
||||
volume_type = self.create_volume_type()
|
||||
with self.override_role():
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added new feature flag called ``changed_cinder_policies_xena`` under
|
||||
the configuration group ``[policy-feature-enabled]`` for testing Cinder
|
||||
tests withe old and new policies.
|
Loading…
Reference in New Issue