diff --git a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py index 30c1092a..5a4e246c 100644 --- a/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py +++ b/patrole_tempest_plugin/tests/api/volume/test_snapshots_actions_rbac.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_log import log as logging - from tempest import config from tempest.lib import decorators @@ -22,7 +20,6 @@ from patrole_tempest_plugin import rbac_rule_validation from patrole_tempest_plugin.tests.api.volume import rbac_base CONF = config.CONF -LOG = logging.getLogger(__name__) class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest): @@ -41,9 +38,7 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest): @classmethod def resource_setup(cls): super(SnapshotsActionsRbacTest, cls).resource_setup() - # Create a volume cls.volume = cls.create_volume() - # Create a snapshot cls.snapshot = cls.create_snapshot(volume_id=cls.volume['id']) cls.snapshot_id = cls.snapshot['id'] @@ -52,22 +47,17 @@ class SnapshotsActionsRbacTest(rbac_base.BaseVolumeRbacTest): rule="volume_extension:snapshot_admin_actions:reset_status") @decorators.idempotent_id('ea430145-34ef-408d-b678-95d5ae5f46eb') def test_reset_snapshot_status(self): - # Reset snapshot status to error status = 'error' self.rbac_utils.switch_role(self, toggle_rbac_role=True) - self.client.\ - reset_snapshot_status(self.snapshot['id'], status) + self.client.reset_snapshot_status(self.snapshot['id'], status) @rbac_rule_validation.action( service="cinder", - rule="volume_extension:volume_admin_actions:force_delete") + rule="volume_extension:snapshot_admin_actions:force_delete") @decorators.idempotent_id('a8b0f7d8-4c00-4645-b8d5-33ab4eecc6cb') def test_snapshot_force_delete(self): - # Test force delete of snapshot - # Create snapshot, - # and force delete temp snapshot temp_snapshot = self.create_snapshot(self.volume['id']) - # Force delete the snapshot + self.rbac_utils.switch_role(self, toggle_rbac_role=True) self.client.force_delete_snapshot(temp_snapshot['id']) self.client.wait_for_resource_deletion(temp_snapshot['id']) diff --git a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py index 6a3367a0..50973b8c 100644 --- a/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py +++ b/patrole_tempest_plugin/tests/api/volume/test_volumes_backup_rbac.py @@ -65,7 +65,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): backup.update(changes) return self._encode_backup(backup) - @test.attr(type="slow") + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:create") @decorators.idempotent_id('6887ec94-0bcf-4ab7-b30f-3808a4b5a2a5') @@ -73,7 +73,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): self.rbac_utils.switch_role(self, toggle_rbac_role=True) self._create_backup(volume_id=self.volume['id']) - @test.attr(type="slow") + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:get") @decorators.idempotent_id('abd92bdd-b0fb-4dc4-9cfc-de9e968f8c8a') @@ -91,7 +91,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): self.rbac_utils.switch_role(self, toggle_rbac_role=True) self.backups_client.list_backups() - @test.attr(type="slow") + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:restore") @decorators.idempotent_id('9c794bf9-2446-4f41-8fe0-80b71e757f9d') @@ -104,7 +104,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): waiters.wait_for_volume_resource_status( self.backups_client, restore['backup_id'], 'available') - @test.attr(type="slow") + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:delete") @decorators.idempotent_id('d5d0c6a2-413d-437e-a73f-4bf2b41a20ed') @@ -116,7 +116,19 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): self.backups_client.delete_backup(backup['id']) self.backups_client.wait_for_resource_deletion(backup['id']) - @test.attr(type='slow') + @decorators.idempotent_id('48325aaa-13f5-4ba3-96a3-24b6c9d77b6d') + @test.attr(type=["slow"]) + @rbac_rule_validation.action( + service="cinder", + rule="volume_extension:backup_admin_actions:force_delete") + def test_volume_backup_force_delete(self): + backup = self._create_backup(volume_id=self.volume['id']) + + self.rbac_utils.switch_role(self, toggle_rbac_role=True) + self.backups_client.force_delete_backup(backup['id']) + self.backups_client.wait_for_resource_deletion(backup['id']) + + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:backup-export") @decorators.idempotent_id('e984ec8d-e8eb-485c-98bc-f1856020303c') @@ -128,7 +140,7 @@ class VolumesBackupsRbacTest(rbac_base.BaseVolumeRbacTest): self.rbac_utils.switch_role(self, toggle_rbac_role=True) self.backups_client.export_backup(backup['id'])['backup-record'] - @test.attr(type='slow') + @test.attr(type=["slow"]) @rbac_rule_validation.action(service="cinder", rule="backup:backup-import") @decorators.idempotent_id('1e70f039-4556-44cc-9cc1-edf2b7ed648b') diff --git a/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml b/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml new file mode 100644 index 00000000..3d81baa6 --- /dev/null +++ b/releasenotes/notes/add-force-delete-backup-test-7e896affd1471328.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + Added an RBAC test for force-deleting a backup which enforces the cinder + policy action: "volume_extension:backup_admin_actions:force_delete". +fixes: + - | + Corrected the policy action in the ``rbac_rule_validation`` decorator + for the test ``test_snapshot_force_delete`` from + "volume_extension:volume_admin_actions:force_delete" to + "volume_extension:snapshot_admin_actions:force_delete".