openstack/patrole
Code Issues Proposed changes

Use admin creds for waiting

Browse Source 
Use admin creds for waiting for all RBAC tests that use waiters after
rbac_utils has switched to RBAC role. It is not necessary (though not
detrimental either) to do this during tearDown.

The reason why this should be done is because "waiting" entails calling
a "show" API action in a loop, until the resource reaches a desired
status. In other words, a policy action related to the "show" API action
is enforced -- which is problematic within the context of RBAC testing.

Change-Id: Id4b896b3ad0dff33e70f46a8dda950f7c3b148bf
This commit is contained in:
Felipe Monteiro 2017-06-21 19:28:18 +01:00
parent e9e3c2d595
commit a20add27cf
12 changed files with 49 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
patrole_tempest_plugin/tests/api/compute/test_attach_interfaces_rbac.py
View File

@ -60,8 +60,8 @@ class AttachInterfacesRbacTest(rbac_base.BaseV2ComputeRbacTest):
'ACTIVE')
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
self.interfaces_client.delete_interface, self.server['id'],
interface['port_id'])
self.os_admin.interfaces_client.delete_interface,
self.server['id'], interface['port_id'])
return interface
@decorators.idempotent_id('ddf53cb6-4a0a-4e5a-91e3-6c32aaa3b9b6')

32
patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
View File

@ -116,36 +116,36 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
flavorRef=CONF.compute.flavor_ref,
**device_mapping)['server']
waiters.wait_for_server_status(self.servers_client, server['id'],
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, server['id'], 'ACTIVE')
self.servers.append(server)
return server
def _test_start_server(self):
self.servers_client.start_server(self.server_id)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
def _test_stop_server(self):
self.servers_client.stop_server(self.server_id)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'SHUTOFF')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'SHUTOFF')
def _test_resize_server(self, flavor):
self.servers_client.resize_server(self.server_id, flavor)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'VERIFY_RESIZE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'VERIFY_RESIZE')
def _test_revert_resize_server(self):
self.servers_client.revert_resize_server(self.server_id)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
def _test_confirm_resize_server(self):
self.servers_client.confirm_resize_server(self.server_id)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
@ -211,8 +211,8 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_rebuild_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.rebuild_server(self.server_id, self.image_ref)
waiters.wait_for_server_status(self.servers_client, self.server_id,
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",
@ -221,8 +221,8 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
def test_reboot_server(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.reboot_server(self.server_id, type='HARD')
waiters.wait_for_server_status(self.servers_client, self.server_id,
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, self.server_id, 'ACTIVE')
@rbac_rule_validation.action(
service="nova",

7
patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
View File

@ -97,8 +97,8 @@ class ComputeServersRbacTest(base.BaseV2ComputeRbacTest):
flavorRef=CONF.compute.flavor_ref,
**device_mapping)['server']
waiters.wait_for_server_status(self.servers_client, server['id'],
'ACTIVE')
waiters.wait_for_server_status(
self.os_admin.servers_client, server['id'], 'ACTIVE')
self.servers.append(server)
return server
@ -164,7 +164,8 @@ class ComputeServersRbacTest(base.BaseV2ComputeRbacTest):
server = self.create_test_server(wait_until='ACTIVE')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.delete_server(server['id'])
waiters.wait_for_server_termination(self.servers_client, server['id'])
waiters.wait_for_server_termination(
self.os_admin.servers_client, server['id'])
@rbac_rule_validation.action(
service="nova",

3
patrole_tempest_plugin/tests/api/compute/test_suspend_server_rbac.py
View File

@ -68,8 +68,9 @@ class SuspendServerRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.servers_client.suspend_server(self.server['id'])
waiters.wait_for_server_status(self.servers_client, self.server['id'],
'SUSPENDED')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.servers_client.resume_server(self.server['id'])
waiters.wait_for_server_status(self.servers_client,
waiters.wait_for_server_status(self.os_admin.servers_client,
self.server['id'],
'ACTIVE')

2
patrole_tempest_plugin/tests/api/compute/test_volume_rbac.py
View File

@ -43,7 +43,7 @@ class VolumeRbacTest(rbac_base.BaseV2ComputeRbacTest):
self.os_admin.snapshots_extensions_client, snapshot_id,
'available')
self.snapshots_extensions_client.delete_snapshot(snapshot_id)
self.snapshots_extensions_client.wait_for_resource_deletion(
self.os_admin.snapshots_extensions_client.wait_for_resource_deletion(
snapshot_id)
@decorators.idempotent_id('2402013e-a624-43e3-9518-44a5d1dbb32d')

27
patrole_tempest_plugin/tests/api/image/test_images_rbac.py
View File

@ -27,7 +27,8 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
@classmethod
def setup_clients(cls):
super(BasicOperationsImagesRbacTest, cls).setup_clients()
cls.client = cls.os_primary.image_client_v2
cls.image_client = cls.os_primary.image_client_v2
cls.admin_image_client = cls.os_admin.image_client_v2
def _create_image(self, **kwargs):
image_name = data_utils.rand_name(self.__class__.__name__ + '-Image')
@ -39,7 +40,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
def _upload_image(self, image_id):
image_file = six.BytesIO(data_utils.random_bytes())
return self.client.store_image_file(image_id, image_file)
return self.image_client.store_image_file(image_id, image_file)
@rbac_rule_validation.action(service="glance",
rule="add_image")
@ -80,7 +81,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
self._upload_image(image['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.show_image_file(image['id'])
self.image_client.show_image_file(image['id'])
@rbac_rule_validation.action(service="glance",
rule="delete_image")
@ -94,8 +95,8 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
image = self._create_image()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.delete_image(image['id'])
self.client.wait_for_resource_deletion(image['id'])
self.image_client.delete_image(image['id'])
self.admin_image_client.wait_for_resource_deletion(image['id'])
@rbac_rule_validation.action(service="glance",
rule="get_image")
@ -109,7 +110,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
image = self._create_image()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.show_image(image['id'])
self.image_client.show_image(image['id'])
@rbac_rule_validation.action(service="glance",
rule="get_images")
@ -121,7 +122,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
RBAC test for the glance list_images endpoint
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.list_images()['images']
self.image_client.list_images()['images']
@rbac_rule_validation.action(service="glance",
rule="modify_image")
@ -137,7 +138,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
updated_image_name = data_utils.rand_name(
self.__class__.__name__ + '-image')
self.client.update_image(image['id'], [
self.image_client.update_image(image['id'], [
dict(replace='/name', value=updated_image_name)])
@decorators.idempotent_id('244050d9-1b9a-446a-b3c5-f26f3ba8eb75')
@ -152,7 +153,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
image = self._create_image()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.add_image_tag(
self.image_client.add_image_tag(
image['id'],
data_utils.rand_name(self.__class__.__name__ + '-tag'))
@ -167,10 +168,10 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
"""
image = self._create_image()
tag_name = data_utils.rand_name(self.__class__.__name__ + '-tag')
self.client.add_image_tag(image['id'], tag_name)
self.image_client.add_image_tag(image['id'], tag_name)
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.delete_image_tag(image['id'], tag_name)
self.image_client.delete_image_tag(image['id'], tag_name)
@rbac_rule_validation.action(service="glance",
rule="publicize_image")
@ -209,7 +210,7 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
self._upload_image(image['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.deactivate_image(image['id'])
self.image_client.deactivate_image(image['id'])
@rbac_rule_validation.action(service="glance",
rule="reactivate")
@ -224,4 +225,4 @@ class BasicOperationsImagesRbacTest(rbac_base.BaseV2ImageRbacTest):
self._upload_image(image['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.client.reactivate_image(image['id'])
self.image_client.reactivate_image(image['id'])

6
patrole_tempest_plugin/tests/api/volume/test_qos_rbac.py
View File

@ -98,7 +98,7 @@ class VolumeQOSRbacTest(rbac_base.BaseVolumeRbacTest):
keys = ['iops_bytes']
self.qos_client.unset_qos_key(qos['id'], keys)
operation = 'qos-key-unset'
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
waiters.wait_for_qos_operations(self.os_admin.qos_client, qos['id'],
operation, args=keys)
@rbac_rule_validation.action(
@ -143,7 +143,7 @@ class VolumeQOSRbacTest(rbac_base.BaseVolumeRbacTest):
# disassociate a volume-type with qos-specs
self.qos_client.disassociate_qos(qos['id'], vol_type)
operation = 'disassociate'
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
waiters.wait_for_qos_operations(self.os_admin.qos_client, qos['id'],
operation, args=vol_type)
@rbac_rule_validation.action(
@ -161,5 +161,5 @@ class VolumeQOSRbacTest(rbac_base.BaseVolumeRbacTest):
# disassociate all volume-types from qos-specs
self.qos_client.disassociate_all_qos(qos['id'])
operation = 'disassociate-all'
waiters.wait_for_qos_operations(self.qos_client, qos['id'],
waiters.wait_for_qos_operations(self.os_admin.qos_client, qos['id'],
operation)

3
patrole_tempest_plugin/tests/api/volume/test_user_messages_rbac.py
View File

@ -33,6 +33,7 @@ class MessagesV3RbacTest(rbac_base.BaseVolumeRbacTest):
def setup_clients(cls):
super(MessagesV3RbacTest, cls).setup_clients()
cls.messages_client = cls.os_primary.volume_v3_messages_client
cls.admin_messages_client = cls.os_admin.volume_v3_messages_client
def _create_user_message(self):
"""Trigger a 'no valid host' situation to generate a message."""
@ -90,4 +91,4 @@ class MessagesV3RbacTest(rbac_base.BaseVolumeRbacTest):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.messages_client.delete_message(message_id)
self.messages_client.wait_for_resource_deletion(message_id)
self.admin_messages_client.wait_for_resource_deletion(message_id)

4
patrole_tempest_plugin/tests/api/volume/test_volume_actions_rbac.py
View File

@ -54,7 +54,7 @@ class VolumesActionsRbacTest(rbac_base.BaseVolumeRbacTest):
server['id'], volumeId=volume_id,
device='/dev/%s' % CONF.compute.volume_device_name)
waiters.wait_for_volume_resource_status(
self.volumes_client, volume_id, 'in-use')
self.os_admin.volumes_client, volume_id, 'in-use')
self.addCleanup(self._detach_volume, volume_id)
def _detach_volume(self, volume_id=None):
@ -63,7 +63,7 @@ class VolumesActionsRbacTest(rbac_base.BaseVolumeRbacTest):
self.volumes_client.detach_volume(volume_id)
waiters.wait_for_volume_resource_status(
self.volumes_client, volume_id, 'available')
self.os_admin.volumes_client, volume_id, 'available')
@test.services('compute')
@rbac_rule_validation.action(service="cinder", rule="volume:attach")

2
patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py
View File

@ -86,7 +86,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
restore = self.backups_client.restore_backup(backup['id'])['restore']
waiters.wait_for_volume_resource_status(
self.backups_client, restore['backup_id'], 'available')
self.os_admin.backups_client, restore['backup_id'], 'available')
@test.attr(type=["slow"])
@rbac_rule_validation.action(service="cinder",

2
patrole_tempest_plugin/tests/api/volume/test_volumes_extend_rbac.py
View File

@ -40,7 +40,7 @@ class VolumesExtendRbacTest(rbac_base.BaseVolumeRbacTest):
self.volumes_client.extend_volume(self.volume['id'],
new_size=extend_size)
waiters.wait_for_volume_resource_status(
self.volumes_client, self.volume['id'], 'available')
self.os_admin.volumes_client, self.volume['id'], 'available')
class VolumesExtendV3RbacTest(VolumesExtendRbacTest):

2
patrole_tempest_plugin/tests/api/volume/test_volumes_manage_rbac.py
View File

@ -59,7 +59,7 @@ class VolumesManageRbacTest(rbac_base.BaseVolumeRbacTest):
new_volume_id = self.volume_manage_client.manage_volume(
**new_volume_ref)['volume']['id']
waiters.wait_for_volume_resource_status(self.volumes_client,
waiters.wait_for_volume_resource_status(self.os_admin.volumes_client,
new_volume_id, 'available')
self.addCleanup(self.delete_volume,
self.volumes_client, new_volume_id)