Merge "Gate fix and update compute tests to adopt new policies"
This commit is contained in:
commit
6e1e78802f
|
@ -186,9 +186,10 @@ class PolicyAuthority(RbacAuthority):
|
|||
}
|
||||
)
|
||||
LOG.warn(deprecated_msg)
|
||||
check_str = '(%s) or (%s)' % (default.check_str,
|
||||
deprecated_rule.check_str)
|
||||
return policy.RuleDefault(default.name, check_str)
|
||||
default.check = policy.OrCheck(
|
||||
[policy._parser.parse_rule(cs) for cs in
|
||||
[default.check_str,
|
||||
deprecated_rule.check_str]])
|
||||
|
||||
def get_rules(self):
|
||||
rules = policy.Rules()
|
||||
|
@ -229,7 +230,7 @@ class PolicyAuthority(RbacAuthority):
|
|||
# The `DocumentedRuleDefault` object has no
|
||||
# `deprecated_rule` attribute in Pike
|
||||
if getattr(rule, 'deprecated_rule', False):
|
||||
rule = self._handle_deprecated_rule(rule)
|
||||
self._handle_deprecated_rule(rule)
|
||||
rules[rule.name] = rule.check
|
||||
elif str(rule.check) != str(rules[rule.name]):
|
||||
msg = ("The same policy name: %s was found in the "
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
@ -20,6 +21,17 @@ from tempest.lib import decorators
|
|||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
if CONF.policy_feature_enabled.changed_nova_policies_ussuri:
|
||||
_SG_LIST = "os_compute_api:os-security-groups:list"
|
||||
_SG_ADD = "os_compute_api:os-security-groups:add"
|
||||
_SG_REMOVE = "os_compute_api:os-security-groups:remove"
|
||||
else:
|
||||
_SG_LIST = "os_compute_api:os-security-groups"
|
||||
_SG_ADD = "os_compute_api:os-security-groups"
|
||||
_SG_REMOVE = "os_compute_api:os-security-groups"
|
||||
|
||||
|
||||
class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
"""Tests non-deprecated security group policies. Requires network service.
|
||||
|
@ -55,7 +67,7 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rules=["os_compute_api:os-security-groups"])
|
||||
rules=[_SG_LIST])
|
||||
@decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
|
||||
def test_list_security_groups_by_server(self):
|
||||
with self.override_role():
|
||||
|
@ -64,7 +76,7 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rules=["os_compute_api:os-security-groups"])
|
||||
rules=[_SG_ADD])
|
||||
@decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
|
||||
def test_create_security_group_for_server(self):
|
||||
sg_name = self.create_security_group()['name']
|
||||
|
@ -78,7 +90,7 @@ class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rules=["os_compute_api:os-security-groups"])
|
||||
rules=[_SG_REMOVE])
|
||||
@decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
|
||||
def test_remove_security_group_from_server(self):
|
||||
sg_name = self.create_security_group()['name']
|
||||
|
|
|
@ -36,11 +36,15 @@ if CONF.policy_feature_enabled.changed_nova_policies_ussuri:
|
|||
_ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces:list"
|
||||
_ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces:show"
|
||||
_INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions:list"
|
||||
_SERVER_PASSWORD_SHOW = "os_compute_api:os-server-password:show"
|
||||
_SERVER_PASSWORD_CLEAR = "os_compute_api:os-server-password:clear"
|
||||
else:
|
||||
_DEFERRED_FORCE = "os_compute_api:os-deferred-delete"
|
||||
_ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces"
|
||||
_ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces"
|
||||
_INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions"
|
||||
_SERVER_PASSWORD_SHOW = "os_compute_api:os-server-password"
|
||||
_SERVER_PASSWORD_CLEAR = "os_compute_api:os-server-password"
|
||||
|
||||
|
||||
class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
|
@ -493,7 +497,7 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
@decorators.idempotent_id('aaf43f78-c178-4581-ac18-14afd3f1f6ba')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rules=["os_compute_api:os-server-password"])
|
||||
rules=[_SERVER_PASSWORD_CLEAR])
|
||||
def test_delete_server_password(self):
|
||||
"""Test delete server password, part of os-server-password."""
|
||||
with self.override_role():
|
||||
|
@ -502,7 +506,7 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
@utils.requires_ext(extension='os-server-password', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rules=["os_compute_api:os-server-password"])
|
||||
rules=[_SERVER_PASSWORD_SHOW])
|
||||
@decorators.idempotent_id('f677971a-7d20-493c-977f-6ff0a74b5b2c')
|
||||
def test_get_server_password(self):
|
||||
"""Test show server password, part of os-server-password."""
|
||||
|
|
|
@ -13,3 +13,6 @@ features:
|
|||
- os_compute_api:os-instance-usage-audit-log
|
||||
- os_compute_api:os-agents
|
||||
- os_compute_api:os-hypervisors
|
||||
- os_compute_api:os-instance-actions
|
||||
- os_compute_api:os-security-groups
|
||||
- os_compute_api:os-server-password
|
||||
|
|
Loading…
Reference in New Issue