Commit 490c8257137097ae9d561f326b5ae469f480038f - cinder-tempest-plugin

Test capabilites for srbac feature Changed the test to keep convention without abstract methods Also remvoed base.BaseVolumeTest inheritance, to isolate RBAC tests from the normal tests while they are developed, even though this could be revisited in the future the base classes for API tests in cinder-tempest-plugin could be unified. Change-Id: I7020487fcdb0a8e34be92a2b0f110b885cbeb339 Signed-off-by: Yosi Ben Shimon <ybenshim@redhat.com> Yosi Ben Shimon 3 years ago

2 changed file(s) with 58 addition(s) and 49 deletion(s). Raw diff Collapse all Expand all

+31

-1

cinder_tempest_plugin/rbac/v3/base.py less more

10	10	# under the License.
11	11
12	12	from tempest import config
	13	from tempest.lib.common import api_microversion_fixture
	14	from tempest.lib.common import api_version_utils
	15	from tempest import test
13	16
14	17	CONF = config.CONF
15	18
16	19
17		class VolumeV3RbacBaseTests(object):
	20	class VolumeV3RbacBaseTests(
	21	api_version_utils.BaseMicroversionTest, test.BaseTestCase
	22	):
18	23
19	24	identity_version = 'v3'
20	25

27	32	"skipping RBAC tests. To enable these tests set "
28	33	"`tempest.conf [enforce_scope] cinder=True`."
29	34	)
	35	if not CONF.service_available.cinder:
	36	skip_msg = ("%s skipped as Cinder is not available" % cls.__name__)
	37	raise cls.skipException(skip_msg)
	38
	39	api_version_utils.check_skip_with_microversion(
	40	cls.min_microversion, cls.max_microversion,
	41	CONF.volume.min_microversion, CONF.volume.max_microversion)
	42
	43	@classmethod
	44	def setup_credentials(cls):
	45	cls.set_network_resources()
	46	super(VolumeV3RbacBaseTests, cls).setup_credentials()
	47
	48	def setUp(self):
	49	super(VolumeV3RbacBaseTests, self).setUp()
	50	self.useFixture(api_microversion_fixture.APIMicroversionFixture(
	51	volume_microversion=self.request_microversion))
	52
	53	@classmethod
	54	def resource_setup(cls):
	55	super(VolumeV3RbacBaseTests, cls).resource_setup()
	56	cls.request_microversion = (
	57	api_version_utils.select_request_microversion(
	58	cls.min_microversion,
	59	CONF.volume.min_microversion))
30	60
31	61	def do_request(self, method, expected_status=200, client=None, **payload):
32	62	if not client:

+27

-48

cinder_tempest_plugin/rbac/v3/test_capabilities.py less more

9	9	# License for the specific language governing permissions and limitations
10	10	# under the License.
11	11
12		import abc
13
	12	from cinder_tempest_plugin.rbac.v3 import base as rbac_base
14	13	from tempest.lib import decorators
15	14	from tempest.lib import exceptions
16	15
17		from cinder_tempest_plugin.api.volume import base
18		from cinder_tempest_plugin.rbac.v3 import base as rbac_base
19	16
20
21		class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests,
22		metaclass=abc.ABCMeta):
	17	class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests):
23	18
24	19	@classmethod
25	20	def setup_clients(cls):

36	31	cls.admin_stats_client = (
37	32	admin_client.volume_scheduler_stats_client_latest)
38	33
39		@classmethod
40		def setup_credentials(cls):
41		super().setup_credentials()
42		cls.os_primary = getattr(cls, 'os_%s' % cls.credentials[0])
43
44		@abc.abstractmethod
45		def test_get_capabilities(self):
46		"""Test volume_extension:capabilities policy.
47
48		This test must check:
49		* whether the persona can fetch capabilities for a host.
50
51		"""
52		pass
	34	def _get_capabilities(self, expected_status):
	35	pools = self.admin_stats_client.list_pools()['pools']
	36	host_name = pools[0]['name']
	37	self.do_request(
	38	'show_backend_capabilities',
	39	expected_status=expected_status,
	40	host=host_name
	41	)
53	42
54	43
55		class ProjectAdminTests(VolumeV3RbacCapabilityTests, base.BaseVolumeTest):
	44	class ProjectReaderTests(VolumeV3RbacCapabilityTests):
	45	credentials = ['project_reader', 'project_admin', 'system_admin']
56	46
	47	@decorators.idempotent_id('d16034fc-4204-4ea8-94b3-714de59fdfbf')
	48	def test_get_capabilities(self):
	49	self._get_capabilities(expected_status=exceptions.Forbidden)
	50
	51
	52	class ProjectMemberTests(VolumeV3RbacCapabilityTests):
	53	credentials = ['project_member', 'project_admin', 'system_admin']
	54
	55	@decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab')
	56	def test_get_capabilities(self):
	57	self._get_capabilities(expected_status=exceptions.Forbidden)
	58
	59
	60	class ProjectAdminTests(VolumeV3RbacCapabilityTests):
57	61	credentials = ['project_admin', 'system_admin']
58	62
59	63	@decorators.idempotent_id('1fdbe493-e58f-48bf-bb38-52003eeef8cb')
60	64	def test_get_capabilities(self):
61		pools = self.admin_stats_client.list_pools()['pools']
62		host_name = pools[0]['name']
63		self.do_request('show_backend_capabilities', expected_status=200,
64		host=host_name)
65
66
67		class ProjectMemberTests(ProjectAdminTests, base.BaseVolumeTest):
68
69		credentials = ['project_member', 'project_admin', 'system_admin']
70
71		@decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab')
72		def test_get_capabilities(self):
73		pools = self.admin_stats_client.list_pools()['pools']
74		host_name = pools[0]['name']
75		self.do_request('show_backend_capabilities',
76		expected_status=exceptions.Forbidden,
77		host=host_name)
78
79
80		class ProjectReaderTests(ProjectMemberTests, base.BaseVolumeTest):
81
82		credentials = ['project_reader', 'project_admin', 'system_admin']
83
84		@decorators.idempotent_id('d16034fc-4204-4ea8-94b3-714de59fdfbf')
85		def test_get_capabilities(self):
86		super().test_get_capabilities()
	65	self._get_capabilities(expected_status=200)