Merge "Implement secure RBAC for inventories"
This commit is contained in:
commit
07bbe95b3c
|
@ -11,6 +11,7 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -24,45 +25,80 @@ UPDATE = PREFIX % 'update'
|
|||
DELETE = PREFIX % 'delete'
|
||||
BASE_PATH = '/resource_providers/{uuid}/inventories'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The inventory API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_inventories = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_create_inventory = policy.DeprecatedRule(
|
||||
name=CREATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_show_inventory = policy.DeprecatedRule(
|
||||
name=SHOW,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_inventory = policy.DeprecatedRule(
|
||||
name=UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_delete_inventory = policy.DeprecatedRule(
|
||||
name=DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
LIST,
|
||||
base.RULE_ADMIN_API,
|
||||
"List resource provider inventories.",
|
||||
[
|
||||
name=LIST,
|
||||
check_str=base.SYSTEM_READER,
|
||||
description="List resource provider inventories.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': BASE_PATH
|
||||
}
|
||||
],
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_inventories,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
policy.DocumentedRuleDefault(
|
||||
CREATE,
|
||||
base.RULE_ADMIN_API,
|
||||
"Create one resource provider inventory.",
|
||||
[
|
||||
name=CREATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
description="Create one resource provider inventory.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': BASE_PATH
|
||||
}
|
||||
],
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_create_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
policy.DocumentedRuleDefault(
|
||||
SHOW,
|
||||
base.RULE_ADMIN_API,
|
||||
"Show resource provider inventory.",
|
||||
[
|
||||
name=SHOW,
|
||||
check_str=base.SYSTEM_READER,
|
||||
description="Show resource provider inventory.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': BASE_PATH + '/{resource_class}'
|
||||
}
|
||||
],
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_show_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
policy.DocumentedRuleDefault(
|
||||
UPDATE,
|
||||
base.RULE_ADMIN_API,
|
||||
"Update resource provider inventory.",
|
||||
[
|
||||
name=UPDATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
description="Update resource provider inventory.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'PUT',
|
||||
'path': BASE_PATH
|
||||
|
@ -72,12 +108,15 @@ rules = [
|
|||
'path': BASE_PATH + '/{resource_class}'
|
||||
}
|
||||
],
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
policy.DocumentedRuleDefault(
|
||||
DELETE,
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete resource provider inventory.",
|
||||
[
|
||||
name=DELETE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
description="Delete resource provider inventory.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'DELETE',
|
||||
'path': BASE_PATH
|
||||
|
@ -87,7 +126,10 @@ rules = [
|
|||
'path': BASE_PATH + '/{resource_class}'
|
||||
}
|
||||
],
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_delete_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,424 @@
|
|||
---
|
||||
fixtures:
|
||||
- LegacyRBACPolicyFixture
|
||||
|
||||
vars:
|
||||
- &project_id $ENVIRON['PROJECT_ID']
|
||||
- &system_admin_headers
|
||||
x-auth-token: user
|
||||
x-roles: admin,member,reader
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
openstack-system-scope: all
|
||||
- &system_reader_headers
|
||||
x-auth-token: user
|
||||
x-roles: reader
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
openstack-system-scope: all
|
||||
- &project_admin_headers
|
||||
x-auth-token: user
|
||||
x-roles: admin,member,reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
- &project_member_headers
|
||||
x-auth-token: user
|
||||
x-roles: member,reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
- &project_reader_headers
|
||||
x-auth-token: user
|
||||
x-roles: reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
|
||||
tests:
|
||||
|
||||
# create resource provider
|
||||
|
||||
- name: system admin can create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
name: fc65b9c3-2d41-44b1-96ca-1d1a13b4dd69
|
||||
uuid: 85475179-de26-4f7a-8c11-b4dc10fe47f4
|
||||
status: 200
|
||||
|
||||
- name: system reader cannot create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
name: de40da45-e029-450d-b147-178136518e4d
|
||||
uuid: 7d7e6957-45b0-4791-b79a-69a88327ab0d
|
||||
status: 403
|
||||
|
||||
- name: project admin can create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
name: f4720d4c-3a29-4676-aeb1-faa39084051e
|
||||
uuid: 0e4fdc4e-5790-477a-9e4f-4f6898537ad9
|
||||
status: 200
|
||||
|
||||
- name: project member cannot create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
name: cf4511a9-a4f8-402c-ae03-233eb97e2358
|
||||
uuid: 6bb64c0f-4704-4337-8bae-18bbc6131a32
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
name: 53519f75-dcd3-45dc-b355-8c0e2628a8e8
|
||||
uuid: 29742738-d409-4e2e-b4bc-b941ee9268fa
|
||||
status: 403
|
||||
|
||||
# list inventory
|
||||
|
||||
- name: system admin can list inventories
|
||||
GET: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_admin_headers
|
||||
response_json_paths:
|
||||
$.resource_provider_generation: 0
|
||||
$.inventories: {}
|
||||
|
||||
- name: system reader can list inventories
|
||||
GET: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_reader_headers
|
||||
response_json_paths:
|
||||
$.resource_provider_generation: 0
|
||||
$.inventories: {}
|
||||
|
||||
- name: project admin can list inventories
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_admin_headers
|
||||
response_json_paths:
|
||||
$.resource_provider_generation: 0
|
||||
$.inventories: {}
|
||||
|
||||
- name: project member cannot list inventories
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot list inventories
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
# create inventory
|
||||
|
||||
- name: system admin can create an inventory
|
||||
POST: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 201
|
||||
response_headers:
|
||||
location: $SCHEME://$NETLOC/resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
|
||||
- name: system reader cannot create an inventory
|
||||
POST: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project admin can create an inventory
|
||||
POST: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 201
|
||||
response_headers:
|
||||
location: $SCHEME://$NETLOC/resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
|
||||
- name: project member cannot create an inventory
|
||||
POST: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot create an inventory
|
||||
POST: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
# show inventory
|
||||
|
||||
- name: system admin can show inventory
|
||||
GET: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_admin_headers
|
||||
status: 200
|
||||
|
||||
- name: system reader can show inventory
|
||||
GET: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_reader_headers
|
||||
status: 200
|
||||
|
||||
- name: project admin can show inventory
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_admin_headers
|
||||
status: 200
|
||||
|
||||
- name: project member cannot show inventory
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot show inventory
|
||||
GET: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
# update inventory
|
||||
|
||||
- name: system admin can update inventory
|
||||
PUT: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 200
|
||||
|
||||
- name: system reader cannot update inventory
|
||||
PUT: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project admin can update inventory
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 200
|
||||
|
||||
- name: project member cannot update inventory
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot update inventory
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
# update all inventories
|
||||
|
||||
- name: system admin can update all inventories
|
||||
PUT: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 200
|
||||
|
||||
- name: system reader cannot update all inventories
|
||||
PUT: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: project admin can update all inventories
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 200
|
||||
|
||||
- name: project member cannot update all inventories
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot update all inventories
|
||||
PUT: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
# delete inventory
|
||||
|
||||
- name: system admin can delete a specific inventory
|
||||
DELETE: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_admin_headers
|
||||
status: 204
|
||||
|
||||
- name: system reader cannot delete a specific inventory
|
||||
DELETE: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories/DISK_GB
|
||||
request_headers: *system_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: project admin can delete a specific inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_admin_headers
|
||||
status: 204
|
||||
|
||||
- name: project member cannot delete a specific inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot delete a specific inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories/DISK_GB
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
# delete all inventory
|
||||
#
|
||||
- name: system admin can delete all inventory
|
||||
DELETE: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_admin_headers
|
||||
status: 204
|
||||
|
||||
- name: system reader cannot delete all inventory
|
||||
DELETE: /resource_providers/85475179-de26-4f7a-8c11-b4dc10fe47f4/inventories
|
||||
request_headers: *system_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: project admin can delete all inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_admin_headers
|
||||
status: 204
|
||||
|
||||
- name: project member cannot delete all inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot delete all inventory
|
||||
DELETE: /resource_providers/0e4fdc4e-5790-477a-9e4f-4f6898537ad9/inventories
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
|
@ -0,0 +1,372 @@
|
|||
---
|
||||
fixtures:
|
||||
- SecureRBACPolicyFixture
|
||||
|
||||
vars:
|
||||
- &project_id $ENVIRON['PROJECT_ID']
|
||||
- &system_admin_headers
|
||||
x-auth-token: user
|
||||
x-roles: admin,member,reader
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
openstack-system-scope: all
|
||||
- &system_reader_headers
|
||||
x-auth-token: user
|
||||
x-roles: reader
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
openstack-system-scope: all
|
||||
- &project_admin_headers
|
||||
x-auth-token: user
|
||||
x-roles: admin,member,reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
- &project_member_headers
|
||||
x-auth-token: user
|
||||
x-roles: member,reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
- &project_reader_headers
|
||||
x-auth-token: user
|
||||
x-roles: reader
|
||||
x-project-id: *project_id
|
||||
accept: application/json
|
||||
content-type: application/json
|
||||
openstack-api-version: placement latest
|
||||
|
||||
tests:
|
||||
|
||||
- name: system admin can create resource providers
|
||||
POST: /resource_providers
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
name: $ENVIRON['RP_NAME']
|
||||
uuid: $ENVIRON['RP_UUID']
|
||||
status: 200
|
||||
|
||||
- name: system admin can list inventories
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_admin_headers
|
||||
response_json_paths:
|
||||
$.resource_provider_generation: 0
|
||||
$.inventories: {}
|
||||
|
||||
- name: system reader can list inventories
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_reader_headers
|
||||
response_json_paths:
|
||||
$.resource_provider_generation: 0
|
||||
$.inventories: {}
|
||||
|
||||
- name: project admin cannot list inventories
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_admin_headers
|
||||
status: 403
|
||||
|
||||
- name: project member cannot list inventories
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot list inventories
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: project admin cannot create an inventory
|
||||
POST: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project member cannot create an inventory
|
||||
POST: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot create an inventory
|
||||
POST: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: system reader cannot create an inventory
|
||||
POST: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: system admin can create an inventory
|
||||
POST: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_class: DISK_GB
|
||||
total: 2048
|
||||
reserved: 512
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 201
|
||||
response_headers:
|
||||
location: $SCHEME://$NETLOC/resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
|
||||
- name: project admin cannot show inventory
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_admin_headers
|
||||
status: 403
|
||||
|
||||
- name: project member cannot show inventory
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot show inventory
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: system reader can show inventory
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *system_reader_headers
|
||||
status: 200
|
||||
|
||||
- name: system admin can show inventory
|
||||
GET: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *system_admin_headers
|
||||
status: 200
|
||||
|
||||
- name: project admin cannot update inventory
|
||||
PUT: $LAST_URL
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project member cannot update inventory
|
||||
PUT: $LAST_URL
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot update inventory
|
||||
PUT: $LAST_URL
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: system reader cannot update inventory
|
||||
PUT: $LAST_URL
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 403
|
||||
|
||||
- name: system admin can update inventory
|
||||
PUT: $LAST_URL
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 1
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
status: 200
|
||||
|
||||
- name: project admin cannot update all inventories
|
||||
PUT: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: project member cannot update all inventories
|
||||
PUT: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_member_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot update all inventories
|
||||
PUT: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: system reader cannot update all inventories
|
||||
PUT: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_reader_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 403
|
||||
|
||||
- name: system admin can update all inventories
|
||||
PUT: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_admin_headers
|
||||
data:
|
||||
resource_provider_generation: 2
|
||||
inventories:
|
||||
DISK_GB:
|
||||
total: 2048
|
||||
reserved: 1024
|
||||
min_unit: 10
|
||||
max_unit: 1024
|
||||
step_size: 10
|
||||
allocation_ratio: 1.0
|
||||
VCPU:
|
||||
total: 8
|
||||
status: 200
|
||||
|
||||
- name: project admin cannot delete a specific inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_admin_headers
|
||||
status: 403
|
||||
|
||||
- name: project member cannot delete a specific inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot delete a specific inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: system reader cannot delete a specific inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *system_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: system admin can delete a specific inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories/DISK_GB
|
||||
request_headers: *system_admin_headers
|
||||
status: 204
|
||||
|
||||
- name: project admin cannot delete all inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_admin_headers
|
||||
status: 403
|
||||
|
||||
- name: project member cannot delete all inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_member_headers
|
||||
status: 403
|
||||
|
||||
- name: project reader cannot delete all inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *project_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: system reader cannot delete all inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_reader_headers
|
||||
status: 403
|
||||
|
||||
- name: system admin can delete all inventory
|
||||
DELETE: /resource_providers/$ENVIRON['RP_UUID']/inventories
|
||||
request_headers: *system_admin_headers
|
||||
status: 204
|
Loading…
Reference in New Issue