Minimize number of servers created for more tests
Move additional RBAC tests into test_server_misc_policy_actions_rbac.py to further increase gate stability and decrease gate run time. The number of calls to create_test_server() should be minimized for RBAC testing because we don't do too much modification to the resources that are created -- only what's necessary to trigger the API action corresponding to the RBAC policy under test. Further, minimizing such calls reduces the risk of spinning up too many servers concurrently in our gates: the source of various gate failures as limited resources lead to server faults being raised. To that end, the following tests can be migrated to test_server_misc_policy_actions_rbac.py: - test_admin_password_rbac - test_lock_server_rbac - test_suspend_server_rbac Additional migrations will be made in follow-up patches. Change-Id: I7cf80d39b770afeb02d666266411fa2a91601eb9 Partial-Bug: #1699415
This commit is contained in:
parent
c5cf33790e
commit
a662f824fe
@ -1,44 +0,0 @@
|
||||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import testtools
|
||||
|
||||
from tempest.common import waiters
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class AdminPasswordRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
|
||||
@testtools.skipUnless(CONF.compute_feature_enabled.change_password,
|
||||
'Change password not available.')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-admin-password")
|
||||
@decorators.idempotent_id('908a7d59-3a66-441c-94cf-38e57ed14956')
|
||||
def test_change_server_password(self):
|
||||
server_id = self.create_test_server(wait_until='ACTIVE')['id']
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.change_password(
|
||||
server_id, adminPass=data_utils.rand_password())
|
||||
waiters.wait_for_server_status(
|
||||
self.os_admin.servers_client, server_id, 'ACTIVE')
|
@ -1,58 +0,0 @@
|
||||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base as base
|
||||
|
||||
|
||||
class ComputeLockServersRbacTest(base.BaseV2ComputeRbacTest):
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:lock")
|
||||
@decorators.idempotent_id('b81e10fb-1864-498f-8c1d-5175c6fec5fb')
|
||||
def test_lock_server(self):
|
||||
server = self.create_test_server(wait_until='ACTIVE')
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.lock_server(server['id'])
|
||||
self.addCleanup(self.servers_client.unlock_server, server['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:unlock")
|
||||
@decorators.idempotent_id('d50ef8e8-4bce-11e7-b114-b2f933d5fe66')
|
||||
def test_unlock_server(self):
|
||||
server = self.create_test_server(wait_until='ACTIVE')
|
||||
self.servers_client.lock_server(server['id'])
|
||||
self.addCleanup(self.servers_client.unlock_server, server['id'])
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.unlock_server(server['id'])
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:unlock:unlock_override")
|
||||
@decorators.idempotent_id('40dfeef9-73ee-48a9-be19-a219875de457')
|
||||
def test_unlock_server_override(self):
|
||||
server = self.create_test_server(wait_until='ACTIVE')
|
||||
# In order to trigger the unlock:unlock_override policy instead
|
||||
# of the unlock policy, the server must be locked by a different
|
||||
# user than the one who is attempting to unlock it.
|
||||
self.os_admin.servers_client.lock_server(server['id'])
|
||||
self.addCleanup(self.servers_client.unlock_server, server['id'])
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.unlock_server(server['id'])
|
@ -13,7 +13,11 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import testtools
|
||||
|
||||
from tempest.common import waiters
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
from tempest import test
|
||||
@ -21,6 +25,8 @@ from tempest import test
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
"""Test multiple policy actions that require a server to be created.
|
||||
@ -88,6 +94,24 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.reset_network(self.server_id)
|
||||
|
||||
@testtools.skipUnless(CONF.compute_feature_enabled.change_password,
|
||||
'Change password not available.')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-admin-password")
|
||||
@decorators.idempotent_id('908a7d59-3a66-441c-94cf-38e57ed14956')
|
||||
def test_change_server_password(self):
|
||||
"""Test change admin password, part of os-admin-password."""
|
||||
original_password = self.servers_client.show_password(self.server_id)
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.change_password(
|
||||
self.server_id, adminPass=data_utils.rand_password())
|
||||
self.addCleanup(self.servers_client.change_password, self.server_id,
|
||||
adminPass=original_password)
|
||||
waiters.wait_for_server_status(
|
||||
self.os_admin.servers_client, self.server_id, 'ACTIVE')
|
||||
|
||||
@test.requires_ext(extension='os-deferred-delete', service='compute')
|
||||
@decorators.idempotent_id('189bfed4-1e6d-475c-bb8c-d57e60895391')
|
||||
@rbac_rule_validation.action(
|
||||
@ -99,6 +123,45 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
# Force-deleting a server enforces os-deferred-delete.
|
||||
self.servers_client.force_delete_server(self.server_id)
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:lock")
|
||||
@decorators.idempotent_id('b81e10fb-1864-498f-8c1d-5175c6fec5fb')
|
||||
def test_lock_server(self):
|
||||
"""Test lock server, part of os-lock-server."""
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.lock_server(self.server_id)
|
||||
self.addCleanup(self.servers_client.unlock_server, self.server_id)
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:unlock")
|
||||
@decorators.idempotent_id('d50ef8e8-4bce-11e7-b114-b2f933d5fe66')
|
||||
def test_unlock_server(self):
|
||||
"""Test unlock server, part of os-lock-server."""
|
||||
self.servers_client.lock_server(self.server_id)
|
||||
self.addCleanup(self.servers_client.unlock_server, self.server_id)
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.unlock_server(self.server_id)
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-lock-server:unlock:unlock_override")
|
||||
@decorators.idempotent_id('40dfeef9-73ee-48a9-be19-a219875de457')
|
||||
def test_unlock_server_override(self):
|
||||
"""Test force unlock server, part of os-lock-server.
|
||||
|
||||
In order to trigger the unlock:unlock_override policy instead
|
||||
of the unlock policy, the server must be locked by a different
|
||||
user than the one who is attempting to unlock it.
|
||||
"""
|
||||
self.os_admin.servers_client.lock_server(self.server_id)
|
||||
self.addCleanup(self.servers_client.unlock_server, self.server_id)
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.unlock_server(self.server_id)
|
||||
|
||||
@test.requires_ext(extension='os-rescue', service='compute')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
@ -152,3 +215,34 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
"""
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.show_server(self.server_id)
|
||||
|
||||
@testtools.skipUnless(CONF.compute_feature_enabled.suspend,
|
||||
"Suspend compute feature is not available.")
|
||||
@decorators.idempotent_id('b775930f-237c-431c-83ae-d33ed1b9700b')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-suspend-server:suspend")
|
||||
def test_suspend_server(self):
|
||||
"""Test suspend server, part of os-suspend-server."""
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.suspend_server(self.server_id)
|
||||
self.addCleanup(self.servers_client.resume_server, self.server_id)
|
||||
waiters.wait_for_server_status(
|
||||
self.os_admin.servers_client, self.server_id, 'SUSPENDED')
|
||||
|
||||
@testtools.skipUnless(CONF.compute_feature_enabled.suspend,
|
||||
"Suspend compute feature is not available.")
|
||||
@decorators.idempotent_id('4d90bd02-11f8-45b1-a8a1-534665584675')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-suspend-server:resume")
|
||||
def test_resume_server(self):
|
||||
"""Test resume server, part of os-suspend-server."""
|
||||
self.servers_client.suspend_server(self.server_id)
|
||||
waiters.wait_for_server_status(self.servers_client, self.server_id,
|
||||
'SUSPENDED')
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.resume_server(self.server_id)
|
||||
waiters.wait_for_server_status(
|
||||
self.os_admin.servers_client, self.server_id, 'ACTIVE')
|
||||
|
@ -1,76 +0,0 @@
|
||||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.common import waiters
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class SuspendServerRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
|
||||
@classmethod
|
||||
def skip_checks(cls):
|
||||
super(SuspendServerRbacTest, cls).skip_checks()
|
||||
if not CONF.compute_feature_enabled.suspend:
|
||||
msg = "%s skipped as suspend compute feature is not available." \
|
||||
% cls.__name__
|
||||
raise cls.skipException(msg)
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(SuspendServerRbacTest, cls).resource_setup()
|
||||
cls.server = cls.create_test_server(wait_until='ACTIVE')
|
||||
|
||||
def tearDown(self):
|
||||
# Guarantee that the server is active during each test run.
|
||||
vm_state = self.servers_client.show_server(
|
||||
self.server['id'])['server']['OS-EXT-STS:vm_state'].upper()
|
||||
if vm_state != 'ACTIVE':
|
||||
self.servers_client.resume_server(self.server['id'])
|
||||
waiters.wait_for_server_status(self.servers_client,
|
||||
self.server['id'],
|
||||
'ACTIVE')
|
||||
|
||||
super(SuspendServerRbacTest, self).tearDown()
|
||||
|
||||
@decorators.idempotent_id('b775930f-237c-431c-83ae-d33ed1b9700b')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-suspend-server:suspend")
|
||||
def test_suspend_server(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.suspend_server(self.server['id'])
|
||||
waiters.wait_for_server_status(self.servers_client, self.server['id'],
|
||||
'SUSPENDED')
|
||||
|
||||
@decorators.idempotent_id('4d90bd02-11f8-45b1-a8a1-534665584675')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-suspend-server:resume")
|
||||
def test_resume_server(self):
|
||||
self.servers_client.suspend_server(self.server['id'])
|
||||
waiters.wait_for_server_status(self.servers_client, self.server['id'],
|
||||
'SUSPENDED')
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.servers_client.resume_server(self.server['id'])
|
||||
waiters.wait_for_server_status(self.os_admin.servers_client,
|
||||
self.server['id'],
|
||||
'ACTIVE')
|
Loading…
Reference in New Issue
Block a user