Add RBAC test for force-deleting a backup
This patch adds a new test for force-deleting a backup in test_volumes_backup_rbac, which tests the cinder policy action: "volume_extension:backup_admin_actions:force_delete". This patch also corrects the currently wrong policy action for the test test_snapshot_force_delete from "volume_extension:volume_admin_actions:force_delete" to "volume_extension:snapshot_admin_actions:force_delete". (The ``_force_delete`` function in the cinder admin actions API enforces the policy action corresponding to the resource name [0][1]). [0] https://github.com/openstack/cinder/blob/master/cinder/api/contrib/admin_actions.py#L133 [1] https://github.com/openstack/cinder/blob/master/cinder/api/contrib/admin_actions.py#L82 Change-Id: Icecf2152fe84da2847ae677a74a4d183eb4cd88b
This commit is contained in:
parent
edcdbecd6b
commit
b45a05e8be
|
@ -13,8 +13,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
|
@ -22,7 +20,6 @@ from patrole_tempest_plugin import rbac_rule_validation
|
|||
from patrole_tempest_plugin.tests.api.volume import rbac_base
|
||||
|
||||
CONF = config.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
||||
|
@ -41,9 +38,7 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(SnapshotsActionsRbacTest, cls).resource_setup()
|
||||
# Create a volume
|
||||
cls.volume = cls.create_volume()
|
||||
# Create a snapshot
|
||||
cls.snapshot = cls.create_snapshot(volume_id=cls.volume['id'])
|
||||
cls.snapshot_id = cls.snapshot['id']
|
||||
|
||||
|
@ -52,22 +47,17 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
rule="volume_extension:snapshot_admin_actions:reset_status")
|
||||
@decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb')
|
||||
def test_reset_snapshot_status(self):
|
||||
# Reset snapshot status to error
|
||||
status = 'error'
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.client.\
|
||||
reset_snapshot_status(self.snapshot['id'], status)
|
||||
self.client.reset_snapshot_status(self.snapshot['id'], status)
|
||||
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rule="volume_extension:volume_admin_actions:force_delete")
|
||||
rule="volume_extension:snapshot_admin_actions:force_delete")
|
||||
@decorators.idempotent_id('a8b0f7d8-4c00-4645-b8d5-33ab4eecc6cb')
|
||||
def test_snapshot_force_delete(self):
|
||||
# Test force delete of snapshot
|
||||
# Create snapshot,
|
||||
# and force delete temp snapshot
|
||||
temp_snapshot = self.create_snapshot(self.volume['id'])
|
||||
# Force delete the snapshot
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.client.force_delete_snapshot(temp_snapshot['id'])
|
||||
self.client.wait_for_resource_deletion(temp_snapshot['id'])
|
||||
|
|
|
@ -65,7 +65,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
backup.update(changes)
|
||||
return self._encode_backup(backup)
|
||||
|
||||
@test.attr(type="slow")
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:create")
|
||||
@decorators.idempotent_id('6887ec94-0bcf-4ab7-b30f-3808a4b5a2a5')
|
||||
|
@ -73,7 +73,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self._create_backup(volume_id=self.volume['id'])
|
||||
|
||||
@test.attr(type="slow")
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:get")
|
||||
@decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a')
|
||||
|
@ -91,7 +91,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.backups_client.list_backups()
|
||||
|
||||
@test.attr(type="slow")
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:restore")
|
||||
@decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d')
|
||||
|
@ -104,7 +104,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
waiters.wait_for_volume_resource_status(
|
||||
self.backups_client, restore['backup_id'], 'available')
|
||||
|
||||
@test.attr(type="slow")
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:delete")
|
||||
@decorators.idempotent_id('d5d0c6a2-413d-437e-a73f-4bf2b41a20ed')
|
||||
|
@ -116,7 +116,19 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
self.backups_client.delete_backup(backup['id'])
|
||||
self.backups_client.wait_for_resource_deletion(backup['id'])
|
||||
|
||||
@test.attr(type='slow')
|
||||
@decorators.idempotent_id('48325aaa-13f5-4ba3-96a3-24b6c9d77b6d')
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(
|
||||
service="cinder",
|
||||
rule="volume_extension:backup_admin_actions:force_delete")
|
||||
def test_volume_backup_force_delete(self):
|
||||
backup = self._create_backup(volume_id=self.volume['id'])
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.backups_client.force_delete_backup(backup['id'])
|
||||
self.backups_client.wait_for_resource_deletion(backup['id'])
|
||||
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:backup-export")
|
||||
@decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c')
|
||||
|
@ -128,7 +140,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest):
|
|||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.backups_client.export_backup(backup['id'])['backup-record']
|
||||
|
||||
@test.attr(type='slow')
|
||||
@test.attr(type=["slow"])
|
||||
@rbac_rule_validation.action(service="cinder",
|
||||
rule="backup:backup-import")
|
||||
@decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b')
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added an RBAC test for force-deleting a backup which enforces the cinder
|
||||
policy action: "volume_extension:backup_admin_actions:force_delete".
|
||||
fixes:
|
||||
- |
|
||||
Corrected the policy action in the ``rbac_rule_validation`` decorator
|
||||
for the test ``test_snapshot_force_delete`` from
|
||||
"volume_extension:volume_admin_actions:force_delete" to
|
||||
"volume_extension:snapshot_admin_actions:force_delete".
|
Loading…
Reference in New Issue