Codebase list cinder-tempest-plugin / 09048ae
Merge "test srbac on volume-types" Zuul authored 2 years ago Gerrit Code Review committed 2 years ago
1 changed file(s) with 516 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+516
-0
cinder_tempest_plugin/rbac/v3/test_volume_types.py less more
0 # Licensed under the Apache License, Version 2.0 (the "License"); you may
1 # not use this file except in compliance with the License. You may obtain
2 # a copy of the License at
3 #
4 # http://www.apache.org/licenses/LICENSE-2.0
5 #
6 # Unless required by applicable law or agreed to in writing, software
7 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
8 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
9 # License for the specific language governing permissions and limitations
10 # under the License.
11
12 from tempest.lib.common.utils import data_utils
13 from tempest.lib import decorators
14 from tempest.lib import exceptions
15
16 from cinder_tempest_plugin.rbac.v3 import base as rbac_base
17
18
19 class RbacV3VolumeTypesTests(rbac_base.VolumeV3RbacBaseTests):
20
21 min_microversion = '3.3'
22 extra_spec_key = 'key1'
23 encryption_type_key_cipher = 'cipher'
24 create_kwargs = {
25 'provider': 'LuksEncryptor',
26 'key_size': 256,
27 encryption_type_key_cipher: 'aes-xts-plain64',
28 'control_location': 'front-end'
29 }
30
31 @classmethod
32 def setup_clients(cls):
33 super().setup_clients()
34 admin_client = cls.os_project_admin
35 cls.admin_volumes_client = admin_client.volumes_client_latest
36 cls.admin_types_client = admin_client.volume_types_client_latest
37 cls.admin_encryption_types_client = \
38 admin_client.encryption_types_client_latest
39
40 @classmethod
41 def resource_setup(cls):
42 """Create a new volume-type for the test"""
43 super(RbacV3VolumeTypesTests, cls).resource_setup()
44 # create a volume type
45 cls.volume_type = cls.create_volume_type()
46
47 @classmethod
48 def create_volume_type(
49 cls, name=None, with_encryption=True, cleanup=True
50 ):
51 # create a volume type
52 if not name:
53 name = data_utils.rand_name("volume-type")
54 extra_specs = {cls.extra_spec_key: 'value1'}
55 params = {'name': name,
56 'description': "description",
57 'extra_specs': extra_specs,
58 'os-volume-type-access:is_public': True}
59 volume_type = cls.admin_types_client.create_volume_type(
60 **params
61 )['volume_type']
62
63 if with_encryption:
64 # Create encryption_type
65 cls.encryption_type = \
66 cls.admin_encryption_types_client.create_encryption_type(
67 volume_type['id'], **cls.create_kwargs)['encryption']
68
69 if cleanup:
70 cls.addClassResourceCleanup(
71 cls.admin_types_client.delete_volume_type, volume_type['id']
72 )
73
74 return volume_type
75
76 def _update_volume_type(self, expected_status):
77 """Update volume type"""
78 self.do_request(
79 method='update_volume_type',
80 expected_status=expected_status,
81 volume_type_id=self.volume_type['id'],
82 description='Updated volume type description'
83 )
84
85 def _create_or_update_extra_specs_for_volume_type(self, expected_status):
86 """Create or update extra specs"""
87 volume_type = self.create_volume_type(with_encryption=False)
88 # Create extra spec 'key2' with value 'value2'
89 extra_spec = {'key2': 'value2'}
90 self.do_request(
91 method='create_volume_type_extra_specs',
92 expected_status=expected_status,
93 volume_type_id=volume_type['id'],
94 extra_specs=extra_spec
95 )
96
97 # Update extra spec 'key2' with value 'updated value'
98 extra_spec = {'key2': 'updated value'}
99 self.do_request(
100 method='update_volume_type_extra_specs',
101 expected_status=expected_status,
102 volume_type_id=volume_type['id'],
103 extra_spec_name='key2',
104 extra_specs=extra_spec
105 )
106
107 def _list_all_extra_specs_for_volume_type(self, expected_status):
108 """List all extra_specs for a volume type"""
109 extra_specs = self.do_request(
110 method='list_volume_types_extra_specs',
111 expected_status=expected_status,
112 volume_type_id=self.volume_type['id']
113 )['extra_specs']
114 self.assertIn(
115 self.extra_spec_key,
116 list(extra_specs.keys()),
117 message=f"Key '{self.extra_spec_key}' not found in extra_specs."
118 )
119
120 def _show_extra_spec_for_volume_type(self, expected_status):
121 """Show extra_spec for a volume type"""
122 self.do_request(
123 method='show_volume_type_extra_specs',
124 expected_status=expected_status,
125 volume_type_id=self.volume_type['id'],
126 extra_specs_name=self.extra_spec_key
127 )
128
129 def _update_extra_spec_for_volume_type(self, expected_status):
130 """Update extra_spec for a volume type"""
131 spec_name = self.extra_spec_key
132 extra_spec = {spec_name: 'updated value'}
133 self.do_request(
134 method='update_volume_type_extra_specs',
135 expected_status=expected_status,
136 volume_type_id=self.volume_type['id'],
137 extra_spec_name=spec_name,
138 extra_specs=extra_spec
139 )
140
141 def _delete_extra_spec_for_volume_type(self, expected_status):
142 """Delete a volume type extra_spec"""
143 volume_type = self.create_volume_type(with_encryption=False)
144
145 self.do_request(
146 method='delete_volume_type_extra_specs',
147 expected_status=expected_status,
148 volume_type_id=volume_type['id'],
149 extra_spec_name=self.extra_spec_key
150 )
151
152 def _show_volume_type_detail(self, expected_status):
153 """Show volume type"""
154 self.do_request(
155 method='show_volume_type',
156 expected_status=expected_status,
157 volume_type_id=self.volume_type['id']
158 )
159
160 def _show_default_volume_type(self, expected_status):
161 """Show default volume type"""
162 self.do_request(
163 method='show_default_volume_type',
164 expected_status=expected_status
165 )
166
167 def _delete_volume_type(self, expected_status):
168 """Delete a volume type"""
169 cleanup = True if expected_status == exceptions.Forbidden\
170 else False
171 volume_type = self.create_volume_type(
172 with_encryption=False, cleanup=cleanup
173 )
174
175 self.do_request(
176 method='delete_volume_type',
177 expected_status=expected_status,
178 volume_type_id=volume_type['id']
179 )
180
181 def _list_volume_types(self, expected_status):
182 """List all volume types"""
183 self.do_request(
184 method='list_volume_types',
185 expected_status=expected_status
186 )
187
188 def _create_volume_type(self, expected_status):
189 """Create a volume type"""
190 volume_type = self.do_request(
191 method='create_volume_type',
192 expected_status=expected_status,
193 name="test-new-volume-type"
194 )
195 if expected_status != exceptions.Forbidden:
196 volume_type = volume_type['volume_type']
197 self.admin_types_client.delete_volume_type(
198 volume_type_id=volume_type['id']
199 )
200
201 def _show_encryption_type(self, expected_status):
202 """Show volume type's encryption type"""
203 self.do_request(
204 method='show_encryption_type',
205 expected_status=expected_status,
206 client=self.encryption_types_client,
207 volume_type_id=self.volume_type['id']
208 )
209
210 def _show_encryption_spec_item(self, expected_status):
211 """Show encryption spec item"""
212 self.do_request(
213 method='show_encryption_specs_item',
214 expected_status=expected_status,
215 client=self.encryption_types_client,
216 volume_type_id=self.volume_type['id'],
217 key=self.encryption_type_key_cipher
218 )
219
220 def _delete_encryption_type(self, expected_status):
221 """Delete encryption type"""
222 volume_type = self.create_volume_type(with_encryption=True)
223
224 self.do_request(
225 method='delete_encryption_type',
226 expected_status=expected_status,
227 client=self.encryption_types_client,
228 volume_type_id=volume_type['id']
229 )
230
231 def _create_encryption_type(self, expected_status):
232 """Create encryption type"""
233 volume_type = self.create_volume_type(with_encryption=False)
234
235 self.do_request(
236 method='create_encryption_type',
237 expected_status=expected_status,
238 client=self.encryption_types_client,
239 volume_type_id=volume_type['id'],
240 **self.create_kwargs
241 )
242
243 def _update_encryption_type(self, expected_status):
244 """Update encryption type"""
245 update_kwargs = {'key_size': 128}
246
247 self.do_request(
248 method='update_encryption_type',
249 expected_status=expected_status,
250 client=self.encryption_types_client,
251 volume_type_id=self.volume_type['id'],
252 **update_kwargs
253 )
254
255
256 class VolumeTypesReaderTests(RbacV3VolumeTypesTests):
257 """Test Volume types using 'reader' user"""
258 credentials = ['project_reader', 'project_admin']
259
260 @classmethod
261 def setup_clients(cls):
262 super().setup_clients()
263 cls.client = cls.os_project_reader.volume_types_client_latest
264 cls.encryption_types_client = \
265 cls.os_project_reader.encryption_types_client_latest
266
267 @decorators.idempotent_id('e3fdabf0-fd8c-4bab-9870-5a67fe25c6e4')
268 def test_update_volume_type(self):
269 self._update_volume_type(expected_status=exceptions.Forbidden)
270
271 @decorators.idempotent_id('b046a4d7-79a0-436b-9075-863e2299b73d')
272 def test_create_or_update_extra_specs_for_volume_type(self):
273 self._create_or_update_extra_specs_for_volume_type(
274 expected_status=exceptions.Forbidden
275 )
276
277 @decorators.skip_because(bug='2018467')
278 @decorators.idempotent_id('9499752c-3b27-41a3-8f55-4bdba7297f92')
279 def test_list_all_extra_specs_for_volume_type(self):
280 self._list_all_extra_specs_for_volume_type(
281 expected_status=200
282 )
283
284 @decorators.skip_because(bug='2018467')
285 @decorators.idempotent_id('a38f7248-3a5b-4e51-8e32-d2dcf9c771ea')
286 def test_show_extra_spec_for_volume_type(self):
287 self._show_extra_spec_for_volume_type(expected_status=200)
288
289 @decorators.idempotent_id('68689644-22a8-4ba6-a642-db4258681586')
290 def test_update_extra_spec_for_volume_type(self):
291 self._update_extra_spec_for_volume_type(
292 expected_status=exceptions.Forbidden
293 )
294
295 @decorators.idempotent_id('a7cdd9ae-f389-48f6-b144-abf336b1637b')
296 def test_delete_extra_spec_for_volume_type(self):
297 self._delete_extra_spec_for_volume_type(
298 expected_status=exceptions.Forbidden
299 )
300
301 @decorators.skip_because(bug='2016402')
302 @decorators.idempotent_id('7ea28fc2-ce5a-48c9-8d03-31c2826fe566')
303 def test_show_volume_type_detail(self):
304 self._show_volume_type_detail(expected_status=200)
305
306 @decorators.skip_because(bug='2016402')
307 @decorators.idempotent_id('aceab52a-c503-4081-936e-b9df1c31046d')
308 def test_show_default_volume_type(self):
309 self._show_default_volume_type(expected_status=200)
310
311 @decorators.idempotent_id('35581811-6288-4698-aaaf-7f5a4fe662e8')
312 def test_delete_volume_type(self):
313 self._delete_volume_type(expected_status=exceptions.Forbidden)
314
315 @decorators.skip_because(bug='2016402')
316 @decorators.idempotent_id('e8a438f9-e9c1-4f3f-8ae3-ad80ee02cd6a')
317 def test_list_volume_types(self):
318 self._list_volume_types(expected_status=200)
319
320 @decorators.idempotent_id('3c3a39b1-fff5-492b-8c1c-9520063901ef')
321 def test_create_volume_type(self):
322 self._create_volume_type(expected_status=exceptions.Forbidden)
323
324 @decorators.idempotent_id('84bd20f1-621c-416d-add2-fbae57137239')
325 def test_show_encryption_type(self):
326 self._show_encryption_type(expected_status=exceptions.Forbidden)
327
328 @decorators.idempotent_id('ab9c7149-fab7-4584-b4ff-8b997cd62e75')
329 def test_show_encryption_spec_item(self):
330 self._show_encryption_spec_item(expected_status=exceptions.Forbidden)
331
332 @decorators.idempotent_id('8d85ec39-bc32-4f49-88e6-63adc7e1f832')
333 def test_delete_encryption_type(self):
334 self._delete_encryption_type(expected_status=exceptions.Forbidden)
335
336 @decorators.idempotent_id('c7c0892e-08d1-45e0-8ebf-be949cb4ab02')
337 def test_create_encryption_type(self):
338 self._create_encryption_type(expected_status=exceptions.Forbidden)
339
340 @decorators.idempotent_id('8186d5bc-183a-4fcc-9c6a-e2b247a0caee')
341 def test_update_encryption_type(self):
342 self._update_encryption_type(expected_status=exceptions.Forbidden)
343
344
345 class VolumeTypesMemberTests(RbacV3VolumeTypesTests):
346 """Test Volume types using 'member' user"""
347 credentials = ['project_member', 'project_admin']
348
349 @classmethod
350 def setup_clients(cls):
351 super().setup_clients()
352 cls.client = cls.os_project_member.volume_types_client_latest
353 cls.encryption_types_client = \
354 cls.os_project_member.encryption_types_client_latest
355
356 @decorators.idempotent_id('e5e642bf-2f31-4d04-ad43-6ad75562b7e4')
357 def test_update_volume_type(self):
358 self._update_volume_type(expected_status=exceptions.Forbidden)
359
360 @decorators.idempotent_id('fda21e7e-9292-49b8-9754-f3c25b8e5f57')
361 def test_create_or_update_extra_specs_for_volume_type(self):
362 self._create_or_update_extra_specs_for_volume_type(
363 expected_status=exceptions.Forbidden
364 )
365
366 @decorators.skip_because(bug='2018467')
367 @decorators.idempotent_id('82fd0d34-17b3-4f45-bd2e-728c9a8bff8c')
368 def test_list_all_extra_specs_for_volume_type(self):
369 self._list_all_extra_specs_for_volume_type(
370 expected_status=200
371 )
372
373 @decorators.skip_because(bug='2018467')
374 @decorators.idempotent_id('67aa0b40-7c0a-4ae7-8682-fb4f20abd390')
375 def test_show_extra_spec_for_volume_type(self):
376 self._show_extra_spec_for_volume_type(expected_status=200)
377
378 @decorators.idempotent_id('65470a71-254d-4152-bdaa-6b7f43e9c74f')
379 def test_update_extra_spec_for_volume_type(self):
380 self._update_extra_spec_for_volume_type(
381 expected_status=exceptions.Forbidden
382 )
383
384 @decorators.idempotent_id('3695be33-bd22-4090-8252-9c42eb7eeef6')
385 def test_delete_extra_spec_for_volume_type(self):
386 self._delete_extra_spec_for_volume_type(
387 expected_status=exceptions.Forbidden
388 )
389
390 @decorators.idempotent_id('319f3ca1-bdd7-433c-9bed-03c7b093e7a2')
391 def test_show_volume_type_detail(self):
392 self._show_volume_type_detail(expected_status=200)
393
394 @decorators.skip_because(bug='2016402')
395 @decorators.idempotent_id('2e990c61-a2ea-4a01-a2dc-1f483c934e8d')
396 def test_show_default_volume_type(self):
397 self._show_default_volume_type(expected_status=200)
398
399 @decorators.idempotent_id('6847c211-647b-4d02-910c-773e76b99fcd')
400 def test_delete_volume_type(self):
401 self._delete_volume_type(expected_status=exceptions.Forbidden)
402
403 @decorators.idempotent_id('308f80c9-6342-45a1-8e6e-9e400b510013')
404 def test_list_volume_types(self):
405 self._list_volume_types(expected_status=200)
406
407 @decorators.idempotent_id('81cebbb8-fa0d-4bd8-a433-e43c7b187456')
408 def test_create_volume_type(self):
409 self._create_volume_type(expected_status=exceptions.Forbidden)
410
411 @decorators.idempotent_id('7c84b013-c5a8-434f-8ea7-23c5b2d46d5e')
412 def test_show_encryption_type(self):
413 self._show_encryption_type(expected_status=exceptions.Forbidden)
414
415 @decorators.idempotent_id('387974ce-3544-48e3-81c0-3f86a5b60b93')
416 def test_show_encryption_spec_item(self):
417 self._show_encryption_spec_item(expected_status=exceptions.Forbidden)
418
419 @decorators.idempotent_id('c0163522-524f-4dfb-a3d4-6648f58ce99c')
420 def test_delete_encryption_type(self):
421 self._delete_encryption_type(expected_status=exceptions.Forbidden)
422
423 @decorators.idempotent_id('65d86181-905a-4aa6-a9e5-672415d819a0')
424 def test_create_encryption_type(self):
425 self._create_encryption_type(expected_status=exceptions.Forbidden)
426
427 @decorators.idempotent_id('2633f1d3-e648-4d12-86b9-e7f72b41ec68')
428 def test_update_encryption_type(self):
429 self._update_encryption_type(expected_status=exceptions.Forbidden)
430
431
432 class VolumeTypesAdminTests(RbacV3VolumeTypesTests):
433 """Test Volume types using 'admin' user"""
434 credentials = ['project_admin']
435
436 @classmethod
437 def setup_clients(cls):
438 super().setup_clients()
439 cls.client = cls.os_project_admin.volume_types_client_latest
440 cls.encryption_types_client = \
441 cls.os_project_admin.encryption_types_client_latest
442
443 @decorators.idempotent_id('77d065ef-ffdd-4749-b326-d64fbf5d0432')
444 def test_update_volume_type(self):
445 self._update_volume_type(expected_status=200)
446
447 @decorators.idempotent_id('422271a7-0128-4fd6-9f60-aeb4a1ce16ea')
448 def test_create_or_update_extra_specs_for_volume_type(self):
449 self._create_or_update_extra_specs_for_volume_type(
450 expected_status=200
451 )
452
453 @decorators.idempotent_id('5c491d13-df15-4721-812e-2ed473b86a12')
454 def test_list_all_extra_specs_for_volume_type(self):
455 self._list_all_extra_specs_for_volume_type(
456 expected_status=200
457 )
458
459 @decorators.skip_because(bug='2018467')
460 @decorators.idempotent_id('a2cca7b6-0af9-47e5-b8c1-4e0f01822d4e')
461 def test_show_extra_spec_for_volume_type(self):
462 self._show_extra_spec_for_volume_type(expected_status=200)
463
464 @decorators.idempotent_id('d0ff17d3-2c47-485f-b2f1-d53ec32c32e2')
465 def test_update_extra_spec_for_volume_type(self):
466 self._update_extra_spec_for_volume_type(
467 expected_status=200
468 )
469
470 @decorators.idempotent_id('4661cc2f-8727-4998-a427-8cb1d512b68a')
471 def test_delete_extra_spec_for_volume_type(self):
472 self._delete_extra_spec_for_volume_type(
473 expected_status=202
474 )
475
476 @decorators.idempotent_id('7f794e33-b5cf-4172-b39e-a56cd9c18a2e')
477 def test_show_volume_type_detail(self):
478 self._show_volume_type_detail(expected_status=200)
479
480 @decorators.skip_because(bug='2016402')
481 @decorators.idempotent_id('93886ad8-5cd0-4def-8b0e-40418e55050d')
482 def test_show_default_volume_type(self):
483 self._show_default_volume_type(expected_status=200)
484
485 @decorators.idempotent_id('7486259d-5c40-4fb3-8a95-491c45a0a872')
486 def test_delete_volume_type(self):
487 self._delete_volume_type(expected_status=202)
488
489 @decorators.idempotent_id('e075e8ff-bb05-4c84-b2ab-0205ef3e8dbd')
490 def test_list_volume_types(self):
491 self._list_volume_types(expected_status=200)
492
493 @decorators.idempotent_id('57384db2-9408-4a31-8c15-022eea5f9b76')
494 def test_create_volume_type(self):
495 self._create_volume_type(expected_status=200)
496
497 @decorators.idempotent_id('46fc49a3-f76f-4c22-ac83-8d1665437810')
498 def test_show_encryption_type(self):
499 self._show_encryption_type(expected_status=200)
500
501 @decorators.idempotent_id('4ff57649-bfe1-48f4-aaac-4577affba8d7')
502 def test_show_encryption_spec_item(self):
503 self._show_encryption_spec_item(expected_status=200)
504
505 @decorators.idempotent_id('e622af7d-a412-4903-9256-256d8e3cc560')
506 def test_delete_encryption_type(self):
507 self._delete_encryption_type(expected_status=202)
508
509 @decorators.idempotent_id('e7c4e925-6ce6-439b-8be8-6df4cbc32cdc')
510 def test_create_encryption_type(self):
511 self._create_encryption_type(expected_status=200)
512
513 @decorators.idempotent_id('90beb71d-93fa-4252-8566-192bdd517715')
514 def test_update_encryption_type(self):
515 self._update_encryption_type(expected_status=200)