Merge "Add RBAC test for force-deleting a backup"
This commit is contained in:
commit
a0e6940339
@ -13,8 +13,6 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from oslo_log import log as logging
|
|
||||||
|
|
||||||
from tempest import config
|
from tempest import config
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
|
|
||||||
@ -22,7 +20,6 @@ from patrole_tempest_plugin import rbac_rule_validation
|
|||||||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||||
|
|
||||||
CONF = config.CONF
|
CONF = config.CONF
|
||||||
LOG = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||||
@ -41,9 +38,7 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
@classmethod
|
@classmethod
|
||||||
def resource_setup(cls):
|
def resource_setup(cls):
|
||||||
super(SnapshotsActionsRbacTest, cls).resource_setup()
|
super(SnapshotsActionsRbacTest, cls).resource_setup()
|
||||||
# Create a volume
|
|
||||||
cls.volume = cls.create_volume()
|
cls.volume = cls.create_volume()
|
||||||
# Create a snapshot
|
|
||||||
cls.snapshot = cls.create_snapshot(volume_id=cls.volume['id'])
|
cls.snapshot = cls.create_snapshot(volume_id=cls.volume['id'])
|
||||||
cls.snapshot_id = cls.snapshot['id']
|
cls.snapshot_id = cls.snapshot['id']
|
||||||
|
|
||||||
@ -52,22 +47,17 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
rule="volume_extension:snapshot_admin_actions:reset_status")
|
rule="volume_extension:snapshot_admin_actions:reset_status")
|
||||||
@decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb')
|
@decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb')
|
||||||
def test_reset_snapshot_status(self):
|
def test_reset_snapshot_status(self):
|
||||||
# Reset snapshot status to error
|
|
||||||
status = 'error'
|
status = 'error'
|
||||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
self.client.\
|
self.client.reset_snapshot_status(self.snapshot['id'], status)
|
||||||
reset_snapshot_status(self.snapshot['id'], status)
|
|
||||||
|
|
||||||
@rbac_rule_validation.action(
|
@rbac_rule_validation.action(
|
||||||
service="cinder",
|
service="cinder",
|
||||||
rule="volume_extension:volume_admin_actions:force_delete")
|
rule="volume_extension:snapshot_admin_actions:force_delete")
|
||||||
@decorators.idempotent_id('a8b0f7d8-4c00-4645-b8d5-33ab4eecc6cb')
|
@decorators.idempotent_id('a8b0f7d8-4c00-4645-b8d5-33ab4eecc6cb')
|
||||||
def test_snapshot_force_delete(self):
|
def test_snapshot_force_delete(self):
|
||||||
# Test force delete of snapshot
|
|
||||||
# Create snapshot,
|
|
||||||
# and force delete temp snapshot
|
|
||||||
temp_snapshot = self.create_snapshot(self.volume['id'])
|
temp_snapshot = self.create_snapshot(self.volume['id'])
|
||||||
# Force delete the snapshot
|
|
||||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
self.client.force_delete_snapshot(temp_snapshot['id'])
|
self.client.force_delete_snapshot(temp_snapshot['id'])
|
||||||
self.client.wait_for_resource_deletion(temp_snapshot['id'])
|
self.client.wait_for_resource_deletion(temp_snapshot['id'])
|
||||||
|
@ -65,7 +65,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
backup.update(changes)
|
backup.update(changes)
|
||||||
return self._encode_backup(backup)
|
return self._encode_backup(backup)
|
||||||
|
|
||||||
@test.attr(type="slow")
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:create")
|
rule="backup:create")
|
||||||
@decorators.idempotent_id('6887ec94-0bcf-4ab7-b30f-3808a4b5a2a5')
|
@decorators.idempotent_id('6887ec94-0bcf-4ab7-b30f-3808a4b5a2a5')
|
||||||
@ -73,7 +73,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
self._create_backup(volume_id=self.volume['id'])
|
self._create_backup(volume_id=self.volume['id'])
|
||||||
|
|
||||||
@test.attr(type="slow")
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:get")
|
rule="backup:get")
|
||||||
@decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a')
|
@decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a')
|
||||||
@ -91,7 +91,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
self.backups_client.list_backups()
|
self.backups_client.list_backups()
|
||||||
|
|
||||||
@test.attr(type="slow")
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:restore")
|
rule="backup:restore")
|
||||||
@decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d')
|
@decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d')
|
||||||
@ -104,7 +104,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
waiters.wait_for_volume_resource_status(
|
waiters.wait_for_volume_resource_status(
|
||||||
self.backups_client, restore['backup_id'], 'available')
|
self.backups_client, restore['backup_id'], 'available')
|
||||||
|
|
||||||
@test.attr(type="slow")
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:delete")
|
rule="backup:delete")
|
||||||
@decorators.idempotent_id('d5d0c6a2-413d-437e-a73f-4bf2b41a20ed')
|
@decorators.idempotent_id('d5d0c6a2-413d-437e-a73f-4bf2b41a20ed')
|
||||||
@ -116,7 +116,19 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
self.backups_client.delete_backup(backup['id'])
|
self.backups_client.delete_backup(backup['id'])
|
||||||
self.backups_client.wait_for_resource_deletion(backup['id'])
|
self.backups_client.wait_for_resource_deletion(backup['id'])
|
||||||
|
|
||||||
@test.attr(type='slow')
|
@decorators.idempotent_id('48325aaa-13f5-4ba3-96a3-24b6c9d77b6d')
|
||||||
|
@test.attr(type=["slow"])
|
||||||
|
@rbac_rule_validation.action(
|
||||||
|
service="cinder",
|
||||||
|
rule="volume_extension:backup_admin_actions:force_delete")
|
||||||
|
def test_volume_backup_force_delete(self):
|
||||||
|
backup = self._create_backup(volume_id=self.volume['id'])
|
||||||
|
|
||||||
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
|
self.backups_client.force_delete_backup(backup['id'])
|
||||||
|
self.backups_client.wait_for_resource_deletion(backup['id'])
|
||||||
|
|
||||||
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:backup-export")
|
rule="backup:backup-export")
|
||||||
@decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
|
@decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
|
||||||
@ -128,7 +140,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
self.backups_client.export_backup(backup['id'])['backup-record']
|
self.backups_client.export_backup(backup['id'])['backup-record']
|
||||||
|
|
||||||
@test.attr(type='slow')
|
@test.attr(type=["slow"])
|
||||||
@rbac_rule_validation.action(service="cinder",
|
@rbac_rule_validation.action(service="cinder",
|
||||||
rule="backup:backup-import")
|
rule="backup:backup-import")
|
||||||
@decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
|
@decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added an RBAC test for force-deleting a backup which enforces the cinder
|
||||||
|
policy action: "volume_extension:backup_admin_actions:force_delete".
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Corrected the policy action in the ``rbac_rule_validation`` decorator
|
||||||
|
for the test ``test_snapshot_force_delete`` from
|
||||||
|
"volume_extension:volume_admin_actions:force_delete" to
|
||||||
|
"volume_extension:snapshot_admin_actions:force_delete".
|
Loading…
Reference in New Issue
Block a user