Skip the deprecated API extensions policy tests
A new policy feature flag called ``[policy_feature_flag].removed_nova_policies_stein`` has been added to Patrole's config to handle Nova API extension policies removed in Stein [0]. The policy feature flag is applied to tests that validate response bodies for expected attributes previously returned for the following policies that passed authorization: - os_compute_api:os-config-drive - os_compute_api:os-extended-availability-zone - os_compute_api:os-extended-status - os_compute_api:os-extended-volumes - os_compute_api:os-keypairs - os_compute_api:os-server-usage - os_compute_api:os-flavor-rxtx - os_compute_api:os-flavor-access (only from /flavors APIs) - os_compute_api:image-size Note that not all removed policies are included above because test coverage is missing for them (like os_compute_api:os-security-groups). Also fixes test flows associated with image_size tests: * endpoints are list images with details and show image (not list image) * both tests should check for OS-EXT-IMG-SIZE:size attribute [0] https://review.openstack.org/#/c/586872/8 Story: 2003501 Change-Id: Ia6f8d255a540f7063beedd80a3ca1833f3987490
This commit is contained in:
parent
d063b409bb
commit
6bffc5c5c6
|
@ -26,12 +26,18 @@ function install_patrole_tempest_plugin {
|
|||
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_attach_policy False
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_reserve_policy False
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled volume_extension_volume_actions_unreserve_policy False
|
||||
|
||||
# These policies were removed in Stein but are available in Pike.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
||||
fi
|
||||
|
||||
if [[ ${DEVSTACK_SERIES} == 'queens' ]]; then
|
||||
if [[ "$RBAC_TEST_ROLE" == "member" ]]; then
|
||||
RBAC_TEST_ROLE="Member"
|
||||
fi
|
||||
|
||||
# These policies were removed in Stein but are available in Queens.
|
||||
iniset $TEMPEST_CONFIG policy-feature-enabled removed_nova_policies_stein False
|
||||
fi
|
||||
|
||||
iniset $TEMPEST_CONFIG patrole enable_rbac True
|
||||
|
|
|
@ -160,7 +160,17 @@ was changed in a backwards-incompatible way."""),
|
|||
default=True,
|
||||
help="""Is the Cinder policy
|
||||
"volume_extension:volume_actions:unreserve" available in the cloud? This policy
|
||||
was changed in a backwards-incompatible way.""")
|
||||
was changed in a backwards-incompatible way."""),
|
||||
# *** Include feature flags for groups of policies below. ***
|
||||
# Best practice is to capture new policies, removed policies, renamed
|
||||
# policies in a group, per release.
|
||||
#
|
||||
# TODO(felipemonteiro): Remove these feature flags once Stein is EOL.
|
||||
cfg.BoolOpt('removed_nova_policies_stein',
|
||||
default=True,
|
||||
help="""Are the Nova API extension policies available in the
|
||||
cloud (e.g. os_compute_api:os-extended-availability-zone)? These policies were
|
||||
removed in Stein because Nova API extension concept was removed in Pike."""),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -13,8 +13,9 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest import config
|
||||
import testtools
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
|
@ -34,6 +35,8 @@ class FlavorAccessRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
cls.public_flavor_id = CONF.compute.flavor_ref
|
||||
cls.tenant_id = cls.os_primary.credentials.tenant_id
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('a2bd3740-765d-4c95-ac98-9e027378c75e')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
|
@ -50,6 +53,8 @@ class FlavorAccessRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('dd388146-9750-4124-82ba-62deff1052bb')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import testtools
|
||||
|
||||
from tempest.common import utils
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
@ -33,6 +35,8 @@ class FlavorRxtxRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
msg = "os-flavor-rxtx extension not enabled."
|
||||
raise cls.skipException(msg)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('5e1fd9f0-9a08-485a-ad9c-0fc66e4d64b7')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
|
@ -44,6 +48,8 @@ class FlavorRxtxRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute='rxtx_factor')
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('70c55a07-c843-4627-a29d-ba78673c1e63')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import testtools
|
||||
|
||||
from tempest.common import image as common_image
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
|
@ -20,6 +22,7 @@ from tempest.lib.common.utils import test_utils
|
|||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
from patrole_tempest_plugin import rbac_exceptions
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
|
@ -245,18 +248,67 @@ class ImageSizeRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
# https://developer.openstack.org/api-ref/compute/#images-deprecated
|
||||
max_microversion = '2.35'
|
||||
|
||||
@classmethod
|
||||
def skip_checks(cls):
|
||||
super(ImageSizeRbacTest, cls).skip_checks()
|
||||
if not CONF.service_available.glance:
|
||||
skip_msg = ("%s skipped as glance is not available" % cls.__name__)
|
||||
raise cls.skipException(skip_msg)
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
super(ImageSizeRbacTest, cls).setup_clients()
|
||||
if CONF.image_feature_enabled.api_v2:
|
||||
cls.glance_image_client = cls.os_primary.image_client_v2
|
||||
elif CONF.image_feature_enabled.api_v1:
|
||||
cls.glance_image_client = cls.os_primary.image_client
|
||||
else:
|
||||
raise lib_exc.InvalidConfiguration(
|
||||
'Either api_v1 or api_v2 must be True in '
|
||||
'[image-feature-enabled].')
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(ImageSizeRbacTest, cls).resource_setup()
|
||||
params = {'name': data_utils.rand_name(cls.__name__ + '-image')}
|
||||
if CONF.image_feature_enabled.api_v1:
|
||||
params = {'headers': common_image.image_meta_to_headers(**params)}
|
||||
|
||||
cls.image = cls.glance_image_client.create_image(**params)
|
||||
cls.addClassResourceCleanup(
|
||||
cls.glance_image_client.wait_for_resource_deletion,
|
||||
cls.image['id'])
|
||||
cls.addClassResourceCleanup(
|
||||
cls.glance_image_client.delete_image, cls.image['id'])
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('fe34d2a6-5743-45bf-8f92-a1d703d7c7ab')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:image-size")
|
||||
def test_list_images(self):
|
||||
def test_show_image_includes_image_size(self):
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.compute_images_client.list_images()
|
||||
body = self.compute_images_client.show_image(self.image['id'])[
|
||||
'image']
|
||||
|
||||
expected_attr = 'OS-EXT-IMG-SIZE:size'
|
||||
if expected_attr not in body:
|
||||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('08342c7d-297d-42ee-b398-90fce2443792')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:image-size")
|
||||
def test_list_images_with_details(self):
|
||||
def test_list_images_with_details_includes_image_size(self):
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.compute_images_client.list_images(detail=True)
|
||||
body = self.compute_images_client.list_images(detail=True)[
|
||||
'images']
|
||||
|
||||
expected_attr = 'OS-EXT-IMG-SIZE:size'
|
||||
if expected_attr not in body[0]:
|
||||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
|
|
@ -129,6 +129,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
waiters.wait_for_server_status(
|
||||
self.servers_client, self.server['id'], 'ACTIVE')
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@utils.requires_ext(extension='os-config-drive', service='compute')
|
||||
@decorators.idempotent_id('2c82e819-382d-4d6f-87f0-a45954cbbc64')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -144,6 +146,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@utils.requires_ext(extension='os-config-drive', service='compute')
|
||||
@decorators.idempotent_id('55c62ef7-b72b-4970-acc6-05b0a4316e5d')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -169,6 +173,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
# Force-deleting a server enforces os-deferred-delete.
|
||||
self.servers_client.force_delete_server(self.server['id'])
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('d873740a-7b10-40a9-943d-7cc18115370e')
|
||||
@utils.requires_ext(extension='OS-EXT-AZ', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -185,6 +191,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('727e5360-770a-4b9c-8015-513a40216635')
|
||||
@utils.requires_ext(extension='OS-EXT-AZ', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -200,6 +208,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('4aa5d93e-4887-468a-8eb4-b6eca0ca6437')
|
||||
@utils.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -222,6 +232,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=whole_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('2ed7aee2-94b2-4a9f-ae63-a51b7f94fe30')
|
||||
@utils.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -244,6 +256,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=whole_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('82053c27-3134-4003-9b55-bc9fafdb0e3b')
|
||||
@utils.requires_ext(extension='OS-EXT-STS', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -261,6 +275,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('7d2620a5-eea1-4a8b-96ea-86ad77a73fc8')
|
||||
@utils.requires_ext(extension='OS-EXT-STS', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -278,6 +294,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('21e39cbe-6c32-48fc-80dd-3e1fece6053f')
|
||||
@utils.requires_ext(extension='os-extended-volumes', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -295,6 +313,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute=expected_attr)
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@decorators.idempotent_id('7f163708-0d25-4138-8512-dfdd72a92989')
|
||||
@utils.requires_ext(extension='os-extended-volumes', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
|
@ -348,6 +368,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute='events.traceback')
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-keypairs")
|
||||
|
@ -360,6 +382,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute='key_name')
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-keypairs")
|
||||
|
@ -469,6 +493,8 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
with self.rbac_utils.override_role(self):
|
||||
self.servers_client.show_password(self.server['id'])
|
||||
|
||||
@testtools.skipIf(CONF.policy_feature_enabled.removed_nova_policies_stein,
|
||||
"This API extension policy was removed in Stein")
|
||||
@utils.requires_ext(extension='OS-SRV-USG', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
A new policy feature flag called
|
||||
``[policy_feature_flag].removed_nova_policies_stein`` has been added to
|
||||
Patrole's config to handle Nova API extension policies removed in Stein.
|
||||
|
||||
The policy feature flag is applied to tests that validate response bodies
|
||||
for expected attributes previously returned for the following policies
|
||||
that passed authorization:
|
||||
|
||||
- os_compute_api:os-config-drive
|
||||
- os_compute_api:os-extended-availability-zone
|
||||
- os_compute_api:os-extended-status
|
||||
- os_compute_api:os-extended-volumes
|
||||
- os_compute_api:os-keypairs
|
||||
- os_compute_api:os-server-usage
|
||||
- os_compute_api:os-flavor-rxtx
|
||||
- os_compute_api:os-flavor-access (only from /flavors APIs)
|
||||
- os_compute_api:image-size
|
||||
|
||||
Note that not all removed policies are included above because test coverage
|
||||
is missing for them (like os_compute_api:os-security-groups).
|
Loading…
Reference in New Issue