diff --git a/.zuul.yaml b/.zuul.yaml index 85e15bc..01c465e 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -13,6 +13,8 @@ # do about this, which should be at the March 2023 virtual PTG. - cinder-tempest-plugin-lvm-tgt-barbican: voting: false + - cinder-tempest-plugin-lvm-lio-barbican-fips: + voting: false - nova-ceph-multistore: voting: false - cinder-tempest-plugin-cbak-ceph @@ -25,9 +27,7 @@ - cinder-tempest-plugin-basic-zed - cinder-tempest-plugin-basic-yoga - cinder-tempest-plugin-basic-xena - # Set this job to voting once we have some actual tests to run - - cinder-tempest-plugin-protection-functional: - voting: false + - cinder-tempest-plugin-protection-functional gate: jobs: - cinder-tempest-plugin-lvm-lio-barbican @@ -73,7 +73,9 @@ tempest_test_regex: '(^tempest\.(api|scenario)|(^cinder_tempest_plugin))' tempest_test_exclude_list: '{{ ansible_user_dir }}/{{ zuul.projects["opendev.org/openstack/tempest"].src_dir }}/tools/tempest-integrated-gate-storage-exclude-list.txt' # Temporarily exclude TestMultiAttachVolumeSwap until LP bug #1980816 is resolved. - tempest_exclude_regex: 'TestMultiAttachVolumeSwap' + # Other excluded tests are tests that are somewhat time consuming but unrelated + # to multi-attach testing. + tempest_exclude_regex: 'TestMultiAttachVolumeSwap|^tempest.api.image|^tempest.api.object_storage|^tempest.scenario.test_volume_boot_pattern.TestVolumeBootPattern.test_boot_server_from_encrypted|^tempest.scenario.test_server_advanced_ops|^tempest.scenario.test_unified_limits' tox_envlist: all devstack_localrc: ENABLE_VOLUME_MULTIATTACH: true @@ -83,6 +85,7 @@ - ^.*\.rst$ - ^doc/.*$ - ^releasenotes/.*$ + timeout: 10800 - job: name: cinder-tempest-plugin-lvm-barbican-base-abstract @@ -217,6 +220,9 @@ volume_revert: True devstack_services: c-bak: true + devstack_localrc: + CINDER_QUOTA_VOLUMES: 25 + timeout: 10800 - job: name: cinder-tempest-plugin-cbak-ceph-zed @@ -279,6 +285,19 @@ description: | This jobs configures Cinder with LVM, LIO, barbican and runs tempest tests and cinderlib tests on CentOS Stream 9. + +- job: + name: cinder-tempest-plugin-lvm-lio-barbican-fips + parent: cinder-tempest-plugin-lvm-lio-barbican-centos-9-stream + description: | + This job configures Cinder with LVM, LIO, barbican and + runs tempest tests and cinderlib tests on CentOS Stream 9 + under FIPS mode + pre-run: playbooks/enable-fips.yaml + vars: + configure_swap_size: 4096 + nslookup_target: 'opendev.org' + tempest_exclude_regex: 'test_encrypted_cinder_volumes_cryptsetup' - job: name: cinder-tempest-plugin-lvm-tgt-barbican diff --git a/cinder_tempest_plugin/api/volume/base.py b/cinder_tempest_plugin/api/volume/base.py index f948a93..ea6bd2e 100644 --- a/cinder_tempest_plugin/api/volume/base.py +++ b/cinder_tempest_plugin/api/volume/base.py @@ -138,6 +138,11 @@ 'name', data_utils.rand_name(self.__class__.__name__ + '-instance')) + if wait_until == 'SSHABLE' and not kwargs.get('validation_resources'): + kwargs['validation_resources'] = ( + self.get_test_validation_resources(self.os_primary)) + kwargs['validatable'] = True + tenant_network = self.get_tenant_network() body, _ = compute.create_test_server( self.os_primary, diff --git a/cinder_tempest_plugin/api/volume/test_volume_backup.py b/cinder_tempest_plugin/api/volume/test_volume_backup.py index 7ac33c2..190a483 100644 --- a/cinder_tempest_plugin/api/volume/test_volume_backup.py +++ b/cinder_tempest_plugin/api/volume/test_volume_backup.py @@ -30,6 +30,16 @@ super(VolumesBackupsTest, cls).skip_checks() if not CONF.volume_feature_enabled.backup: raise cls.skipException("Cinder backup feature disabled") + + @classmethod + def setup_credentials(cls): + # Setting network=True, subnet=True creates a default network + cls.set_network_resources( + network=True, + subnet=True, + router=True, + dhcp=True) + super(VolumesBackupsTest, cls).setup_credentials() @decorators.idempotent_id('885410c6-cd1d-452c-a409-7c32b7e0be15') def test_volume_snapshot_backup(self): @@ -107,7 +117,7 @@ server = self.create_server( name=server_name, block_device_mapping=bd_map, - wait_until='ACTIVE') + wait_until='SSHABLE') # Delete VM self.os_primary.servers_client.delete_server(server['id']) diff --git a/cinder_tempest_plugin/rbac/v3/base.py b/cinder_tempest_plugin/rbac/v3/base.py index d1a11e5..17644f4 100644 --- a/cinder_tempest_plugin/rbac/v3/base.py +++ b/cinder_tempest_plugin/rbac/v3/base.py @@ -10,12 +10,21 @@ # License for the specific language governing permissions and limitations # under the License. +from tempest.common import waiters from tempest import config +from tempest.lib.common import api_microversion_fixture +from tempest.lib.common import api_version_utils +from tempest.lib.common.utils import data_utils +from tempest.lib.common.utils import test_utils +from tempest.lib.decorators import cleanup_order +from tempest import test CONF = config.CONF -class VolumeV3RbacBaseTests(object): +class VolumeV3RbacBaseTests( + api_version_utils.BaseMicroversionTest, test.BaseTestCase +): identity_version = 'v3' @@ -28,8 +37,44 @@ "skipping RBAC tests. To enable these tests set " "`tempest.conf [enforce_scope] cinder=True`." ) + if not CONF.service_available.cinder: + skip_msg = ("%s skipped as Cinder is not available" % cls.__name__) + raise cls.skipException(skip_msg) + + api_version_utils.check_skip_with_microversion( + cls.min_microversion, cls.max_microversion, + CONF.volume.min_microversion, CONF.volume.max_microversion) + + @classmethod + def setup_credentials(cls): + cls.set_network_resources() + super(VolumeV3RbacBaseTests, cls).setup_credentials() + + def setUp(self): + super(VolumeV3RbacBaseTests, self).setUp() + self.useFixture(api_microversion_fixture.APIMicroversionFixture( + volume_microversion=self.request_microversion)) + + @classmethod + def resource_setup(cls): + super(VolumeV3RbacBaseTests, cls).resource_setup() + cls.request_microversion = ( + api_version_utils.select_request_microversion( + cls.min_microversion, + CONF.volume.min_microversion)) def do_request(self, method, expected_status=200, client=None, **payload): + """Perform API call + + Args: + method: Name of the API call + expected_status: HTTP desired response code + client: Client object if exists, None otherwise + payload: API call required parameters + + Returns: + HTTP response + """ if not client: client = self.client if isinstance(expected_status, type(Exception)): @@ -40,3 +85,78 @@ response = getattr(client, method)(**payload) self.assertEqual(response.response.status, expected_status) return response + + @cleanup_order + def create_volume(self, client, **kwargs): + """Wrapper utility that returns a test volume + + Args: + client: Client object + + Returns: + ID of the created volume + """ + kwargs['size'] = CONF.volume.volume_size + kwargs['name'] = data_utils.rand_name( + VolumeV3RbacBaseTests.__name__ + '-Volume' + ) + + volume_id = client.create_volume(**kwargs)['volume']['id'] + self.cleanup( + test_utils.call_and_ignore_notfound_exc, func=self.delete_resource, + client=client, volume_id=volume_id + ) + waiters.wait_for_volume_resource_status( + client=client, resource_id=volume_id, status='available' + ) + + return volume_id + + @cleanup_order + def create_snapshot(self, client, volume_id, cleanup=True, **kwargs): + """Wrapper utility that returns a test snapshot. + + Args: + client: Client object + volume_id: ID of the volume + cleanup: Boolean if should delete the snapshot + + Returns: + ID of the created snapshot + """ + kwargs['name'] = data_utils.rand_name( + VolumeV3RbacBaseTests.__name__ + '-Snapshot' + ) + + snapshot_id = client.create_snapshot( + volume_id=volume_id, **kwargs)['snapshot']['id'] + if cleanup: + self.cleanup( + test_utils.call_and_ignore_notfound_exc, + func=self.delete_resource, + client=client, snapshot_id=snapshot_id + ) + waiters.wait_for_volume_resource_status( + client=client, resource_id=snapshot_id, status='available' + ) + + return snapshot_id + + @classmethod + def delete_resource(cls, client, **kwargs): + """Delete a resource by a given client + + Args: + client: Client object + + Keyword Args: + snapshot_id: ID of a snapshot + volume_id: ID of a volume + """ + key, resource_id = list(kwargs.items())[0] + resource_name = key.split('_')[0] + + del_action = getattr(client, f'delete_{resource_name}') + test_utils.call_and_ignore_notfound_exc(del_action, resource_id) + test_utils.call_and_ignore_notfound_exc( + client.wait_for_resource_deletion, resource_id) diff --git a/cinder_tempest_plugin/rbac/v3/test_capabilities.py b/cinder_tempest_plugin/rbac/v3/test_capabilities.py index 62f9b58..861cca9 100644 --- a/cinder_tempest_plugin/rbac/v3/test_capabilities.py +++ b/cinder_tempest_plugin/rbac/v3/test_capabilities.py @@ -10,17 +10,12 @@ # License for the specific language governing permissions and limitations # under the License. -import abc - +from cinder_tempest_plugin.rbac.v3 import base as rbac_base from tempest.lib import decorators from tempest.lib import exceptions -from cinder_tempest_plugin.api.volume import base -from cinder_tempest_plugin.rbac.v3 import base as rbac_base - -class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests, - metaclass=abc.ABCMeta): +class VolumeV3RbacCapabilityTests(rbac_base.VolumeV3RbacBaseTests): @classmethod def setup_clients(cls): @@ -37,51 +32,35 @@ cls.admin_stats_client = ( admin_client.volume_scheduler_stats_client_latest) - @classmethod - def setup_credentials(cls): - super().setup_credentials() - cls.os_primary = getattr(cls, 'os_%s' % cls.credentials[0]) - - @abc.abstractmethod - def test_get_capabilities(self): - """Test volume_extension:capabilities policy. - - This test must check: - * whether the persona can fetch capabilities for a host. - - """ - pass + def _get_capabilities(self, expected_status): + pools = self.admin_stats_client.list_pools()['pools'] + host_name = pools[0]['name'] + self.do_request( + 'show_backend_capabilities', + expected_status=expected_status, + host=host_name + ) -class ProjectAdminTests(VolumeV3RbacCapabilityTests, base.BaseVolumeTest): +class ProjectReaderTests(VolumeV3RbacCapabilityTests): + credentials = ['project_reader', 'project_admin', 'system_admin'] + @decorators.idempotent_id('d16034fc-4204-4ea8-94b3-714de59fdfbf') + def test_get_capabilities(self): + self._get_capabilities(expected_status=exceptions.Forbidden) + + +class ProjectMemberTests(VolumeV3RbacCapabilityTests): + credentials = ['project_member', 'project_admin', 'system_admin'] + + @decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab') + def test_get_capabilities(self): + self._get_capabilities(expected_status=exceptions.Forbidden) + + +class ProjectAdminTests(VolumeV3RbacCapabilityTests): credentials = ['project_admin', 'system_admin'] @decorators.idempotent_id('1fdbe493-e58f-48bf-bb38-52003eeef8cb') def test_get_capabilities(self): - pools = self.admin_stats_client.list_pools()['pools'] - host_name = pools[0]['name'] - self.do_request('show_backend_capabilities', expected_status=200, - host=host_name) - - -class ProjectMemberTests(ProjectAdminTests, base.BaseVolumeTest): - - credentials = ['project_member', 'project_admin', 'system_admin'] - - @decorators.idempotent_id('dbaf51de-fafa-4f55-875f-7537524489ab') - def test_get_capabilities(self): - pools = self.admin_stats_client.list_pools()['pools'] - host_name = pools[0]['name'] - self.do_request('show_backend_capabilities', - expected_status=exceptions.Forbidden, - host=host_name) - - -class ProjectReaderTests(ProjectMemberTests, base.BaseVolumeTest): - - credentials = ['project_reader', 'project_admin', 'system_admin'] - - @decorators.idempotent_id('d16034fc-4204-4ea8-94b3-714de59fdfbf') - def test_get_capabilities(self): - super().test_get_capabilities() + self._get_capabilities(expected_status=200) diff --git a/cinder_tempest_plugin/rbac/v3/test_snapshots.py b/cinder_tempest_plugin/rbac/v3/test_snapshots.py new file mode 100644 index 0000000..f11da42 --- /dev/null +++ b/cinder_tempest_plugin/rbac/v3/test_snapshots.py @@ -0,0 +1,374 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.common import waiters +from tempest import config +from tempest.lib.common.utils import data_utils +from tempest.lib.common.utils import test_utils +from tempest.lib import decorators +from tempest.lib import exceptions + +from cinder_tempest_plugin.rbac.v3 import base as rbac_base + +CONF = config.CONF + + +class VolumeV3RbacSnapshotsTests(rbac_base.VolumeV3RbacBaseTests): + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.vol_other_client = cls.os_project_admin.volumes_client_latest + cls.snap_other_client = cls.os_project_admin.snapshots_client_latest + + def _list_snapshots(self, expected_status): + """Test list_snapshots operation + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + self.do_request( + expected_status=expected_status, method='list_snapshots' + ) + + def _show_snapshot(self, expected_status): + """Test show_snapshot operation + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + self.do_request( + expected_status=expected_status, method='show_snapshot', + snapshot_id=snapshot_id + ) + + def _create_snapshot(self, expected_status): + """Test create_snapshot operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snap_name = data_utils.rand_name( + self.__name__ + '-Snapshot' + ) + if expected_status == 202: + snapshot_id = self.do_request( + method='create_snapshot', expected_status=202, + volume_id=volume_id, name=snap_name + )['snapshot']['id'] + self.addCleanup( + test_utils.call_and_ignore_notfound_exc, self.delete_resource, + client=self.client, snapshot_id=snapshot_id + ) + waiters.wait_for_volume_resource_status( + client=self.client, resource_id=snapshot_id, status='available' + ) + elif expected_status == exceptions.Forbidden: + self.do_request( + method='create_snapshot', expected_status=expected_status, + volume_id=volume_id, name=snap_name + ) + + def _remove_snapshot(self, expected_status): + """Test create_snapshot operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + + self.do_request( + method='delete_snapshot', snapshot_id=snapshot_id, + expected_status=expected_status + ) + if expected_status == 202: + self.client.wait_for_resource_deletion(id=snapshot_id) + + def _reset_snapshot_status(self, expected_status): + """Test reset_snapshot_status operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + self.do_request( + 'reset_snapshot_status', expected_status=expected_status, + snapshot_id=snapshot_id, status='error' + ) + + def _update_snapshot(self, expected_status): + """Test update_snapshot operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + new_desc = self.__name__ + '-update_test' + self.do_request( + method='update_snapshot', expected_status=expected_status, + snapshot_id=snapshot_id, description=new_desc + ) + + def _update_snapshot_status(self, expected_status): + """Test update_snapshot_status operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + + reset_status = 'creating' if expected_status == 202 else 'error' + request_status = 'error' if expected_status == 202 else 'creating' + self.os_project_admin.snapshots_client_latest.reset_snapshot_status( + snapshot_id=snapshot_id, status=reset_status + ) + waiters.wait_for_volume_resource_status( + client=self.os_project_admin.snapshots_client_latest, + resource_id=snapshot_id, status=reset_status + ) + + self.do_request( + 'update_snapshot_status', expected_status=expected_status, + snapshot_id=snapshot_id, status=request_status, progress='80%' + ) + + def _force_delete_snapshot(self, expected_status): + """Test force_delete_snapshot operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + self.do_request( + method='force_delete_snapshot', snapshot_id=snapshot_id, + expected_status=expected_status + ) + if expected_status != exceptions.Forbidden: + self.client.wait_for_resource_deletion(id=snapshot_id) + waiters.wait_for_volume_resource_status( + client=self.os_project_admin.volumes_client_latest, + resource_id=volume_id, status='available' + ) + + def _unmanage_snapshot(self, expected_status): + """Test unmanage_snapshot operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + snapshot_id = self.create_snapshot( + client=self.snap_other_client, volume_id=volume_id + ) + self.do_request( + method='unmanage_snapshot', + expected_status=expected_status, snapshot_id=snapshot_id + ) + if expected_status != exceptions.Forbidden: + self.client.wait_for_resource_deletion(id=snapshot_id) + + def _manage_snapshot(self, client, expected_status): + """Test reset_snapshot_status operation. + + Args: + client: The client to perform the needed request + expected_status: The expected HTTP response code + """ + # Create a volume + volume_id = self.create_volume(client=self.vol_other_client) + + # Create a snapshot + snapshot_id = self.create_snapshot( + client=self.snap_other_client, + volume_id=volume_id, + cleanup=False + ) + # Unmanage the snapshot + # Unmanage snapshot function works almost the same as delete snapshot, + # but it does not delete the snapshot data + self.snap_other_client.unmanage_snapshot(snapshot_id) + self.client.wait_for_resource_deletion(snapshot_id) + + # Verify the original snapshot does not exist in snapshot list + params = {'all_tenants': 1} + all_snapshots = self.snap_other_client.list_snapshots( + detail=True, **params)['snapshots'] + self.assertNotIn(snapshot_id, [v['id'] for v in all_snapshots]) + + # Manage the snapshot + name = data_utils.rand_name( + self.__class__.__name__ + '-Managed-Snapshot' + ) + description = data_utils.rand_name( + self.__class__.__name__ + '-Managed-Snapshot-Description' + ) + metadata = {"manage-snap-meta1": "value1", + "manage-snap-meta2": "value2", + "manage-snap-meta3": "value3"} + snapshot_ref = { + 'volume_id': volume_id, + 'ref': {CONF.volume.manage_snapshot_ref[0]: + CONF.volume.manage_snapshot_ref[1] % snapshot_id}, + 'name': name, + 'description': description, + 'metadata': metadata + } + + new_snapshot = self.do_request( + client=client, + method='manage_snapshot', expected_status=expected_status, + volume_id=volume_id, ref=snapshot_ref + ) + if expected_status != exceptions.Forbidden: + snapshot = new_snapshot['snapshot'] + waiters.wait_for_volume_resource_status( + client=self.snap_other_client, + resource_id=snapshot['id'], + status='available' + ) + self.delete_resource( + client=self.snap_other_client, snapshot_id=snapshot['id'] + ) + + +class ProjectReaderTests(VolumeV3RbacSnapshotsTests): + + credentials = ['project_reader', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_reader.snapshots_client_latest + + @decorators.idempotent_id('dd8e19dc-c8fd-443c-8aed-cdffe07fa6be') + def test_list_snapshots(self): + self._list_snapshots(expected_status=200) + + @decorators.idempotent_id('6f69e8ed-4e11-40a1-9620-258cf3c45872') + def test_show_snapshot(self): + self._show_snapshot(expected_status=200) + + @decorators.skip_because(bug="2017108") + @decorators.idempotent_id('13ae344f-fa01-44cc-b9f1-d04452940dc1') + def test_create_snapshot(self): + self._create_snapshot(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2017108") + @decorators.idempotent_id('5b58f647-da0f-4d2a-bf68-680fc692efb4') + def test_delete_snapshot(self): + self._remove_snapshot(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('809d8c8c-25bf-4f1f-9b77-1a81ce4292d1') + def test_reset_snapshot_status(self): + self._reset_snapshot_status(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2017108") + @decorators.idempotent_id('c46f5df8-9a6f-4ed6-b94c-3b65ef05ee9e') + def test_update_snapshot(self): + self._update_snapshot(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2017108") + @decorators.idempotent_id('c90f98d7-3665-4c9f-820f-3f4c2adfdbf5') + def test_update_snapshot_status(self): + self._update_snapshot_status(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('63aa8184-897d-4e00-9b80-d2e7828f1b13') + def test_force_delete_snapshot(self): + self._force_delete_snapshot(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('35495666-b663-4c68-ba44-0695e30a6838') + def test_unmanage_snapshot(self): + self._unmanage_snapshot(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('d2d1326d-fb47-4448-a1e1-2d1219d30fd5') + def test_manage_snapshot(self): + self._manage_snapshot( + expected_status=exceptions.Forbidden, + client=self.os_project_reader.snapshot_manage_client_latest + ) + + +class ProjectMemberTests(VolumeV3RbacSnapshotsTests): + + credentials = ['project_member', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_member.snapshots_client_latest + + @decorators.idempotent_id('5b3ec87f-443f-42f7-bd3c-ab05ea30c5e1') + def test_list_snapshots(self): + self._list_snapshots(expected_status=200) + + @decorators.idempotent_id('6fee8967-951c-4957-b51b-97b83c13c7c3') + def test_show_snapshot(self): + self._show_snapshot(expected_status=200) + + @decorators.idempotent_id('43f77b31-aab4-46d0-b76f-e17000d23589') + def test_create_snapshot(self): + self._create_snapshot(expected_status=202) + + @decorators.idempotent_id('22939122-8b4e-47d5-abaa-774bc55c07fc') + def test_delete_snapshot(self): + self._remove_snapshot(expected_status=202) + + @decorators.idempotent_id('da391afd-8baa-458b-b222-f6ab42ab47c3') + def test_reset_snapshot_status(self): + self._reset_snapshot_status(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('a774bdca-bfbe-477d-9711-5fb64d7e34ea') + def test_update_snapshot(self): + self._update_snapshot(expected_status=200) + + @decorators.idempotent_id('12e00e1b-bf84-41c1-8a1e-8625d1317789') + def test_update_snapshot_status(self): + self._update_snapshot_status(expected_status=202) + + @decorators.idempotent_id('e7cb3eb0-d607-4c90-995d-df82d030eca8') + def test_force_delete_snapshot(self): + self._force_delete_snapshot(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('dd7da3da-68ef-42f5-af1d-29803a4a04fd') + def test_unmanage_snapshot(self): + self._unmanage_snapshot(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('c2501d05-9bca-42d7-9ab5-c0d9133e762f') + def test_manage_snapshot(self): + self._manage_snapshot( + expected_status=exceptions.Forbidden, + client=self.os_project_member.snapshot_manage_client_latest + ) diff --git a/cinder_tempest_plugin/rbac/v3/test_user_messages.py b/cinder_tempest_plugin/rbac/v3/test_user_messages.py new file mode 100644 index 0000000..c55a4dd --- /dev/null +++ b/cinder_tempest_plugin/rbac/v3/test_user_messages.py @@ -0,0 +1,168 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.common import waiters +from tempest import config +from tempest.lib.common.utils import data_utils +from tempest.lib.common.utils import test_utils +from tempest.lib import decorators +from tempest.lib import exceptions + +from cinder_tempest_plugin.rbac.v3 import base as rbac_base + +CONF = config.CONF + + +class RbacV3UserMessagesTests(rbac_base.VolumeV3RbacBaseTests): + min_microversion = '3.3' + + @classmethod + def setup_clients(cls): + super().setup_clients() + admin_client = cls.os_project_admin + cls.admin_messages_client = admin_client.volume_messages_client_latest + cls.admin_volumes_client = admin_client.volumes_client_latest + cls.admin_types_client = admin_client.volume_types_client_latest + + def create_user_message(self): + """Trigger a 'no valid host' situation to generate a message.""" + bad_protocol = data_utils.rand_name('storage_protocol') + bad_vendor = data_utils.rand_name('vendor_name') + extra_specs = {'storage_protocol': bad_protocol, + 'vendor_name': bad_vendor} + vol_type_name = data_utils.rand_name( + self.__class__.__name__ + '-volume-type' + ) + bogus_type = self.admin_types_client.create_volume_type( + name=vol_type_name, extra_specs=extra_specs + )['volume_type'] + self.addCleanup( + self.admin_types_client.delete_volume_type, bogus_type['id'] + ) + + params = { + 'volume_type': bogus_type['id'], 'size': CONF.volume.volume_size + } + volume = self.admin_volumes_client.create_volume(**params)['volume'] + waiters.wait_for_volume_resource_status( + self.admin_volumes_client, volume['id'], 'error' + ) + self.addCleanup( + test_utils.call_and_ignore_notfound_exc, + self.admin_volumes_client.delete_volume, + volume['id'] + ) + + messages = self.admin_messages_client.list_messages()['messages'] + message_id = None + for message in messages: + if message['resource_uuid'] == volume['id']: + message_id = message['id'] + break + self.assertIsNotNone( + message_id, f"No user message generated for volume {volume['id']}" + ) + return message_id + + def _list_messages(self, expected_status): + message_id = self.create_user_message() + self.addCleanup( + self.admin_messages_client.delete_message, message_id + ) + self.do_request( + method='list_messages', expected_status=expected_status + ) + + def _show_message(self, expected_status): + message_id = self.create_user_message() + self.addCleanup(self.admin_messages_client.delete_message, message_id) + self.do_request( + method='show_message', expected_status=expected_status, + message_id=message_id + ) + + def _delete_message(self, expected_status): + message_id = self.create_user_message() + self.do_request( + method='delete_message', expected_status=expected_status, + message_id=message_id + ) + if expected_status == exceptions.Forbidden: + self.addCleanup( + self.admin_messages_client.delete_message, message_id + ) + else: + self.client.wait_for_resource_deletion(id=message_id) + + +class ProjectReaderTests(RbacV3UserMessagesTests): + credentials = ['project_reader', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_reader.volume_messages_client_latest + + @decorators.idempotent_id('1bef8bf9-6457-40f8-ada2-bc4d27602a07') + def test_list_messages(self): + self._list_messages(expected_status=200) + + @decorators.idempotent_id('689c53a9-6db9-44a8-9878-41d28899e0af') + def test_show_message(self): + self._show_message(expected_status=200) + + @decorators.skip_because(bug='2009818') + @decorators.idempotent_id('c6e8744b-7749-425f-81b6-b1c3df6c7162') + def test_delete_message(self): + self._delete_message(expected_status=exceptions.Forbidden) + + +class ProjectMemberTests(RbacV3UserMessagesTests): + credentials = ['project_member', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_member.volume_messages_client_latest + + @decorators.idempotent_id('fb470249-a482-49c6-84af-eda34891a714') + def test_list_messages(self): + self._list_messages(expected_status=200) + + @decorators.idempotent_id('43d248ef-008d-4aff-8c7f-37959a0fa195') + def test_show_message(self): + self._show_message(expected_status=200) + + @decorators.idempotent_id('a77cd089-cb74-4b44-abcb-06f1a6f80378') + def test_delete_message(self): + self._delete_message(expected_status=204) + + +class ProjectAdminTests(RbacV3UserMessagesTests): + credentials = ['project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_admin.volume_messages_client_latest + + @decorators.idempotent_id('f3567efc-863c-4668-8fb1-6aa3f836451d') + def test_list_messages(self): + self._list_messages(expected_status=200) + + @decorators.idempotent_id('eecc7045-017b-492c-8594-2d40f5fda139') + def test_show_message(self): + self._show_message(expected_status=200) + + @decorators.idempotent_id('1f2db6f2-148f-44c2-97ef-dcff0fccd49a') + def test_delete_message(self): + self._delete_message(expected_status=204) diff --git a/cinder_tempest_plugin/rbac/v3/test_volume_actions.py b/cinder_tempest_plugin/rbac/v3/test_volume_actions.py new file mode 100644 index 0000000..bf34f58 --- /dev/null +++ b/cinder_tempest_plugin/rbac/v3/test_volume_actions.py @@ -0,0 +1,154 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest import config +from tempest.lib import decorators +from tempest.lib import exceptions + +from cinder_tempest_plugin.rbac.v3 import base as rbac_base + +CONF = config.CONF + + +class VolumeV3RbacVolumeActionsTests(rbac_base.VolumeV3RbacBaseTests): + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.vol_other_client = cls.os_project_admin.volumes_client_latest + + def _extend_volume(self, expected_status): + """Test extend_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='extend_volume', volume_id=volume_id, + new_size=2, expected_status=expected_status + ) + + def _reset_volume_status(self, expected_status): + """Test reset_volume_status operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='reset_volume_status', volume_id=volume_id, + status='error', expected_status=expected_status + ) + + def _retype_volume(self, expected_status): + """Test retype_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='retype_volume', volume_id=volume_id, + new_type='dedup-tier-replication', expected_status=expected_status + ) + + def _update_volume_readonly(self, expected_status): + """Test update_volume_readonly operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='update_volume_readonly', volume_id=volume_id, + readonly=True, expected_status=expected_status + ) + + def _force_delete_volume(self, expected_status): + """Test force_delete_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='force_delete_volume', volume_id=volume_id, + expected_status=expected_status + ) + + def _reserve_volume(self, expected_status): + """Test reserve_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='reserve_volume', volume_id=volume_id, + expected_status=expected_status + ) + + def _unreserve_volume(self, expected_status): + """Test unreserve_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='unreserve_volume', volume_id=volume_id, + expected_status=expected_status + ) + + +class ProjectReaderTests(VolumeV3RbacVolumeActionsTests): + + credentials = ['project_reader', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_reader.volumes_client_latest + + @decorators.skip_because(bug="2020261") + @decorators.idempotent_id('4d721c58-2f6f-4857-8f4f-0664d5f7bf49') + def test_extend_volume(self): + self._extend_volume(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('434b454a-5cbe-492d-a416-70b8ff41f636') + def test_reset_volume_status(self): + self._reset_volume_status(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020261") + @decorators.idempotent_id('4675295a-7c72-4b04-8a43-03d7c88ab6bf') + def test_retype_volume(self): + self._retype_volume(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020261") + @decorators.idempotent_id('3beecd52-e314-40d8-875d-a0e7db8dd88f') + def test_update_volume_readonly(self): + self._update_volume_readonly(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('b025ff12-73a4-4f15-af55-876cd43cade3') + def test_force_delete_volume(self): + self._force_delete_volume(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020261") + @decorators.idempotent_id('d2c13bf9-267a-4a71-be5c-391f22e9b433') + def test_reserve_volume(self): + self._reserve_volume(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020261") + @decorators.idempotent_id('725d85cf-96b2-4338-98f4-2f468099c4ed') + def test_unreserve_volume(self): + self._unreserve_volume(expected_status=exceptions.Forbidden) diff --git a/cinder_tempest_plugin/rbac/v3/test_volume_types.py b/cinder_tempest_plugin/rbac/v3/test_volume_types.py new file mode 100644 index 0000000..cdbc341 --- /dev/null +++ b/cinder_tempest_plugin/rbac/v3/test_volume_types.py @@ -0,0 +1,516 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.lib.common.utils import data_utils +from tempest.lib import decorators +from tempest.lib import exceptions + +from cinder_tempest_plugin.rbac.v3 import base as rbac_base + + +class RbacV3VolumeTypesTests(rbac_base.VolumeV3RbacBaseTests): + + min_microversion = '3.3' + extra_spec_key = 'key1' + encryption_type_key_cipher = 'cipher' + create_kwargs = { + 'provider': 'LuksEncryptor', + 'key_size': 256, + encryption_type_key_cipher: 'aes-xts-plain64', + 'control_location': 'front-end' + } + + @classmethod + def setup_clients(cls): + super().setup_clients() + admin_client = cls.os_project_admin + cls.admin_volumes_client = admin_client.volumes_client_latest + cls.admin_types_client = admin_client.volume_types_client_latest + cls.admin_encryption_types_client = \ + admin_client.encryption_types_client_latest + + @classmethod + def resource_setup(cls): + """Create a new volume-type for the test""" + super(RbacV3VolumeTypesTests, cls).resource_setup() + # create a volume type + cls.volume_type = cls.create_volume_type() + + @classmethod + def create_volume_type( + cls, name=None, with_encryption=True, cleanup=True + ): + # create a volume type + if not name: + name = data_utils.rand_name("volume-type") + extra_specs = {cls.extra_spec_key: 'value1'} + params = {'name': name, + 'description': "description", + 'extra_specs': extra_specs, + 'os-volume-type-access:is_public': True} + volume_type = cls.admin_types_client.create_volume_type( + **params + )['volume_type'] + + if with_encryption: + # Create encryption_type + cls.encryption_type = \ + cls.admin_encryption_types_client.create_encryption_type( + volume_type['id'], **cls.create_kwargs)['encryption'] + + if cleanup: + cls.addClassResourceCleanup( + cls.admin_types_client.delete_volume_type, volume_type['id'] + ) + + return volume_type + + def _update_volume_type(self, expected_status): + """Update volume type""" + self.do_request( + method='update_volume_type', + expected_status=expected_status, + volume_type_id=self.volume_type['id'], + description='Updated volume type description' + ) + + def _create_or_update_extra_specs_for_volume_type(self, expected_status): + """Create or update extra specs""" + volume_type = self.create_volume_type(with_encryption=False) + # Create extra spec 'key2' with value 'value2' + extra_spec = {'key2': 'value2'} + self.do_request( + method='create_volume_type_extra_specs', + expected_status=expected_status, + volume_type_id=volume_type['id'], + extra_specs=extra_spec + ) + + # Update extra spec 'key2' with value 'updated value' + extra_spec = {'key2': 'updated value'} + self.do_request( + method='update_volume_type_extra_specs', + expected_status=expected_status, + volume_type_id=volume_type['id'], + extra_spec_name='key2', + extra_specs=extra_spec + ) + + def _list_all_extra_specs_for_volume_type(self, expected_status): + """List all extra_specs for a volume type""" + extra_specs = self.do_request( + method='list_volume_types_extra_specs', + expected_status=expected_status, + volume_type_id=self.volume_type['id'] + )['extra_specs'] + self.assertIn( + self.extra_spec_key, + list(extra_specs.keys()), + message=f"Key '{self.extra_spec_key}' not found in extra_specs." + ) + + def _show_extra_spec_for_volume_type(self, expected_status): + """Show extra_spec for a volume type""" + self.do_request( + method='show_volume_type_extra_specs', + expected_status=expected_status, + volume_type_id=self.volume_type['id'], + extra_specs_name=self.extra_spec_key + ) + + def _update_extra_spec_for_volume_type(self, expected_status): + """Update extra_spec for a volume type""" + spec_name = self.extra_spec_key + extra_spec = {spec_name: 'updated value'} + self.do_request( + method='update_volume_type_extra_specs', + expected_status=expected_status, + volume_type_id=self.volume_type['id'], + extra_spec_name=spec_name, + extra_specs=extra_spec + ) + + def _delete_extra_spec_for_volume_type(self, expected_status): + """Delete a volume type extra_spec""" + volume_type = self.create_volume_type(with_encryption=False) + + self.do_request( + method='delete_volume_type_extra_specs', + expected_status=expected_status, + volume_type_id=volume_type['id'], + extra_spec_name=self.extra_spec_key + ) + + def _show_volume_type_detail(self, expected_status): + """Show volume type""" + self.do_request( + method='show_volume_type', + expected_status=expected_status, + volume_type_id=self.volume_type['id'] + ) + + def _show_default_volume_type(self, expected_status): + """Show default volume type""" + self.do_request( + method='show_default_volume_type', + expected_status=expected_status + ) + + def _delete_volume_type(self, expected_status): + """Delete a volume type""" + cleanup = True if expected_status == exceptions.Forbidden\ + else False + volume_type = self.create_volume_type( + with_encryption=False, cleanup=cleanup + ) + + self.do_request( + method='delete_volume_type', + expected_status=expected_status, + volume_type_id=volume_type['id'] + ) + + def _list_volume_types(self, expected_status): + """List all volume types""" + self.do_request( + method='list_volume_types', + expected_status=expected_status + ) + + def _create_volume_type(self, expected_status): + """Create a volume type""" + volume_type = self.do_request( + method='create_volume_type', + expected_status=expected_status, + name="test-new-volume-type" + ) + if expected_status != exceptions.Forbidden: + volume_type = volume_type['volume_type'] + self.admin_types_client.delete_volume_type( + volume_type_id=volume_type['id'] + ) + + def _show_encryption_type(self, expected_status): + """Show volume type's encryption type""" + self.do_request( + method='show_encryption_type', + expected_status=expected_status, + client=self.encryption_types_client, + volume_type_id=self.volume_type['id'] + ) + + def _show_encryption_spec_item(self, expected_status): + """Show encryption spec item""" + self.do_request( + method='show_encryption_specs_item', + expected_status=expected_status, + client=self.encryption_types_client, + volume_type_id=self.volume_type['id'], + key=self.encryption_type_key_cipher + ) + + def _delete_encryption_type(self, expected_status): + """Delete encryption type""" + volume_type = self.create_volume_type(with_encryption=True) + + self.do_request( + method='delete_encryption_type', + expected_status=expected_status, + client=self.encryption_types_client, + volume_type_id=volume_type['id'] + ) + + def _create_encryption_type(self, expected_status): + """Create encryption type""" + volume_type = self.create_volume_type(with_encryption=False) + + self.do_request( + method='create_encryption_type', + expected_status=expected_status, + client=self.encryption_types_client, + volume_type_id=volume_type['id'], + **self.create_kwargs + ) + + def _update_encryption_type(self, expected_status): + """Update encryption type""" + update_kwargs = {'key_size': 128} + + self.do_request( + method='update_encryption_type', + expected_status=expected_status, + client=self.encryption_types_client, + volume_type_id=self.volume_type['id'], + **update_kwargs + ) + + +class VolumeTypesReaderTests(RbacV3VolumeTypesTests): + """Test Volume types using 'reader' user""" + credentials = ['project_reader', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_reader.volume_types_client_latest + cls.encryption_types_client = \ + cls.os_project_reader.encryption_types_client_latest + + @decorators.idempotent_id('e3fdabf0-fd8c-4bab-9870-5a67fe25c6e4') + def test_update_volume_type(self): + self._update_volume_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('b046a4d7-79a0-436b-9075-863e2299b73d') + def test_create_or_update_extra_specs_for_volume_type(self): + self._create_or_update_extra_specs_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.skip_because(bug='2018467') + @decorators.idempotent_id('9499752c-3b27-41a3-8f55-4bdba7297f92') + def test_list_all_extra_specs_for_volume_type(self): + self._list_all_extra_specs_for_volume_type( + expected_status=200 + ) + + @decorators.skip_because(bug='2018467') + @decorators.idempotent_id('a38f7248-3a5b-4e51-8e32-d2dcf9c771ea') + def test_show_extra_spec_for_volume_type(self): + self._show_extra_spec_for_volume_type(expected_status=200) + + @decorators.idempotent_id('68689644-22a8-4ba6-a642-db4258681586') + def test_update_extra_spec_for_volume_type(self): + self._update_extra_spec_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.idempotent_id('a7cdd9ae-f389-48f6-b144-abf336b1637b') + def test_delete_extra_spec_for_volume_type(self): + self._delete_extra_spec_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.skip_because(bug='2016402') + @decorators.idempotent_id('7ea28fc2-ce5a-48c9-8d03-31c2826fe566') + def test_show_volume_type_detail(self): + self._show_volume_type_detail(expected_status=200) + + @decorators.skip_because(bug='2016402') + @decorators.idempotent_id('aceab52a-c503-4081-936e-b9df1c31046d') + def test_show_default_volume_type(self): + self._show_default_volume_type(expected_status=200) + + @decorators.idempotent_id('35581811-6288-4698-aaaf-7f5a4fe662e8') + def test_delete_volume_type(self): + self._delete_volume_type(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug='2016402') + @decorators.idempotent_id('e8a438f9-e9c1-4f3f-8ae3-ad80ee02cd6a') + def test_list_volume_types(self): + self._list_volume_types(expected_status=200) + + @decorators.idempotent_id('3c3a39b1-fff5-492b-8c1c-9520063901ef') + def test_create_volume_type(self): + self._create_volume_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('84bd20f1-621c-416d-add2-fbae57137239') + def test_show_encryption_type(self): + self._show_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('ab9c7149-fab7-4584-b4ff-8b997cd62e75') + def test_show_encryption_spec_item(self): + self._show_encryption_spec_item(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('8d85ec39-bc32-4f49-88e6-63adc7e1f832') + def test_delete_encryption_type(self): + self._delete_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('c7c0892e-08d1-45e0-8ebf-be949cb4ab02') + def test_create_encryption_type(self): + self._create_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('8186d5bc-183a-4fcc-9c6a-e2b247a0caee') + def test_update_encryption_type(self): + self._update_encryption_type(expected_status=exceptions.Forbidden) + + +class VolumeTypesMemberTests(RbacV3VolumeTypesTests): + """Test Volume types using 'member' user""" + credentials = ['project_member', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_member.volume_types_client_latest + cls.encryption_types_client = \ + cls.os_project_member.encryption_types_client_latest + + @decorators.idempotent_id('e5e642bf-2f31-4d04-ad43-6ad75562b7e4') + def test_update_volume_type(self): + self._update_volume_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('fda21e7e-9292-49b8-9754-f3c25b8e5f57') + def test_create_or_update_extra_specs_for_volume_type(self): + self._create_or_update_extra_specs_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.skip_because(bug='2018467') + @decorators.idempotent_id('82fd0d34-17b3-4f45-bd2e-728c9a8bff8c') + def test_list_all_extra_specs_for_volume_type(self): + self._list_all_extra_specs_for_volume_type( + expected_status=200 + ) + + @decorators.skip_because(bug='2018467') + @decorators.idempotent_id('67aa0b40-7c0a-4ae7-8682-fb4f20abd390') + def test_show_extra_spec_for_volume_type(self): + self._show_extra_spec_for_volume_type(expected_status=200) + + @decorators.idempotent_id('65470a71-254d-4152-bdaa-6b7f43e9c74f') + def test_update_extra_spec_for_volume_type(self): + self._update_extra_spec_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.idempotent_id('3695be33-bd22-4090-8252-9c42eb7eeef6') + def test_delete_extra_spec_for_volume_type(self): + self._delete_extra_spec_for_volume_type( + expected_status=exceptions.Forbidden + ) + + @decorators.idempotent_id('319f3ca1-bdd7-433c-9bed-03c7b093e7a2') + def test_show_volume_type_detail(self): + self._show_volume_type_detail(expected_status=200) + + @decorators.skip_because(bug='2016402') + @decorators.idempotent_id('2e990c61-a2ea-4a01-a2dc-1f483c934e8d') + def test_show_default_volume_type(self): + self._show_default_volume_type(expected_status=200) + + @decorators.idempotent_id('6847c211-647b-4d02-910c-773e76b99fcd') + def test_delete_volume_type(self): + self._delete_volume_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('308f80c9-6342-45a1-8e6e-9e400b510013') + def test_list_volume_types(self): + self._list_volume_types(expected_status=200) + + @decorators.idempotent_id('81cebbb8-fa0d-4bd8-a433-e43c7b187456') + def test_create_volume_type(self): + self._create_volume_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('7c84b013-c5a8-434f-8ea7-23c5b2d46d5e') + def test_show_encryption_type(self): + self._show_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('387974ce-3544-48e3-81c0-3f86a5b60b93') + def test_show_encryption_spec_item(self): + self._show_encryption_spec_item(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('c0163522-524f-4dfb-a3d4-6648f58ce99c') + def test_delete_encryption_type(self): + self._delete_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('65d86181-905a-4aa6-a9e5-672415d819a0') + def test_create_encryption_type(self): + self._create_encryption_type(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('2633f1d3-e648-4d12-86b9-e7f72b41ec68') + def test_update_encryption_type(self): + self._update_encryption_type(expected_status=exceptions.Forbidden) + + +class VolumeTypesAdminTests(RbacV3VolumeTypesTests): + """Test Volume types using 'admin' user""" + credentials = ['project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_admin.volume_types_client_latest + cls.encryption_types_client = \ + cls.os_project_admin.encryption_types_client_latest + + @decorators.idempotent_id('77d065ef-ffdd-4749-b326-d64fbf5d0432') + def test_update_volume_type(self): + self._update_volume_type(expected_status=200) + + @decorators.idempotent_id('422271a7-0128-4fd6-9f60-aeb4a1ce16ea') + def test_create_or_update_extra_specs_for_volume_type(self): + self._create_or_update_extra_specs_for_volume_type( + expected_status=200 + ) + + @decorators.idempotent_id('5c491d13-df15-4721-812e-2ed473b86a12') + def test_list_all_extra_specs_for_volume_type(self): + self._list_all_extra_specs_for_volume_type( + expected_status=200 + ) + + @decorators.skip_because(bug='2018467') + @decorators.idempotent_id('a2cca7b6-0af9-47e5-b8c1-4e0f01822d4e') + def test_show_extra_spec_for_volume_type(self): + self._show_extra_spec_for_volume_type(expected_status=200) + + @decorators.idempotent_id('d0ff17d3-2c47-485f-b2f1-d53ec32c32e2') + def test_update_extra_spec_for_volume_type(self): + self._update_extra_spec_for_volume_type( + expected_status=200 + ) + + @decorators.idempotent_id('4661cc2f-8727-4998-a427-8cb1d512b68a') + def test_delete_extra_spec_for_volume_type(self): + self._delete_extra_spec_for_volume_type( + expected_status=202 + ) + + @decorators.idempotent_id('7f794e33-b5cf-4172-b39e-a56cd9c18a2e') + def test_show_volume_type_detail(self): + self._show_volume_type_detail(expected_status=200) + + @decorators.skip_because(bug='2016402') + @decorators.idempotent_id('93886ad8-5cd0-4def-8b0e-40418e55050d') + def test_show_default_volume_type(self): + self._show_default_volume_type(expected_status=200) + + @decorators.idempotent_id('7486259d-5c40-4fb3-8a95-491c45a0a872') + def test_delete_volume_type(self): + self._delete_volume_type(expected_status=202) + + @decorators.idempotent_id('e075e8ff-bb05-4c84-b2ab-0205ef3e8dbd') + def test_list_volume_types(self): + self._list_volume_types(expected_status=200) + + @decorators.idempotent_id('57384db2-9408-4a31-8c15-022eea5f9b76') + def test_create_volume_type(self): + self._create_volume_type(expected_status=200) + + @decorators.idempotent_id('46fc49a3-f76f-4c22-ac83-8d1665437810') + def test_show_encryption_type(self): + self._show_encryption_type(expected_status=200) + + @decorators.idempotent_id('4ff57649-bfe1-48f4-aaac-4577affba8d7') + def test_show_encryption_spec_item(self): + self._show_encryption_spec_item(expected_status=200) + + @decorators.idempotent_id('e622af7d-a412-4903-9256-256d8e3cc560') + def test_delete_encryption_type(self): + self._delete_encryption_type(expected_status=202) + + @decorators.idempotent_id('e7c4e925-6ce6-439b-8be8-6df4cbc32cdc') + def test_create_encryption_type(self): + self._create_encryption_type(expected_status=200) + + @decorators.idempotent_id('90beb71d-93fa-4252-8566-192bdd517715') + def test_update_encryption_type(self): + self._update_encryption_type(expected_status=200) diff --git a/cinder_tempest_plugin/rbac/v3/test_volumes.py b/cinder_tempest_plugin/rbac/v3/test_volumes.py new file mode 100644 index 0000000..517e846 --- /dev/null +++ b/cinder_tempest_plugin/rbac/v3/test_volumes.py @@ -0,0 +1,166 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest import config +from tempest.lib import decorators +from tempest.lib import exceptions + +from cinder_tempest_plugin.rbac.v3 import base as rbac_base + +CONF = config.CONF + + +class VolumeV3RbacVolumesTests(rbac_base.VolumeV3RbacBaseTests): + + min_microversion = '3.12' + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.vol_other_client = cls.os_project_admin.volumes_client_latest + + def _create_volume(self, expected_status, **kwargs): + """Test create_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + kwargs['size'] = CONF.volume.volume_size + self.do_request( + method='create_volume', expected_status=expected_status, **kwargs + ) + + def _show_volume(self, expected_status): + """Test show_volume operation + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='show_volume', volume_id=volume_id, + expected_status=expected_status + ) + + def _list_volumes(self, expected_status): + """Test list_volumes operation + + Args: + expected_status: The expected HTTP response code + """ + self.create_volume(client=self.vol_other_client) + self.do_request(method='list_volumes', expected_status=expected_status) + + def _list_volumes_detail(self, expected_status): + """Test list_volumes details operation + + Args: + expected_status: The expected HTTP response code + """ + self.create_volume(client=self.vol_other_client) + self.do_request( + method='list_volumes', detail=True, expected_status=expected_status + ) + + def _show_volume_summary(self, expected_status): + """Test show_volume_summary operation + + Args: + expected_status: The expected HTTP response code + """ + self.create_volume(client=self.vol_other_client) + self.do_request( + method='show_volume_summary', expected_status=expected_status + ) + + def _update_volume(self, expected_status): + """Test update_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + new_desc = self.__name__ + '-update_test' + self.do_request( + method='update_volume', volume_id=volume_id, description=new_desc, + expected_status=expected_status + ) + + def _set_bootable_volume(self, expected_status): + """Test set_bootable_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='set_bootable_volume', volume_id=volume_id, + bootable=True, expected_status=expected_status + ) + + def _delete_volume(self, expected_status): + """Test delete_volume operation. + + Args: + expected_status: The expected HTTP response code + """ + volume_id = self.create_volume(client=self.vol_other_client) + self.do_request( + method='delete_volume', volume_id=volume_id, + expected_status=expected_status + ) + + +class ProjectReaderTests(VolumeV3RbacVolumesTests): + + credentials = ['project_reader', 'project_admin'] + + @classmethod + def setup_clients(cls): + super().setup_clients() + cls.client = cls.os_project_reader.volumes_client_latest + + @decorators.skip_because(bug="2020113") + @decorators.idempotent_id('3d87f960-6210-45f5-b70b-679d67a4e17e') + def test_create_volume(self): + self._create_volume(expected_status=exceptions.Forbidden) + + @decorators.idempotent_id('9b2667f2-744e-4d1f-8c39-17060010f19f') + def test_show_volume(self): + self._show_volume(expected_status=200) + + @decorators.idempotent_id('2f4da8f9-cdc5-4a6e-9143-8237634a629c') + def test_list_volumes(self): + self._list_volumes(expected_status=200) + + @decorators.idempotent_id('b11e59cd-d1dd-43e4-9676-22ab394f5d18') + def test_list_volumes_detail(self): + self._list_volumes_detail(expected_status=200) + + @decorators.idempotent_id('ef347930-54dc-432f-b742-0a060fc37ae8') + def test_show_volume_summary(self): + self._show_volume_summary(expected_status=200) + + @decorators.skip_because(bug="2020113") + @decorators.idempotent_id('cda92972-7213-4fa0-bc14-ab012dc95931') + def test_update_volume(self): + self._update_volume(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020113") + @decorators.idempotent_id('9970b57d-8d5d-460e-931b-28a112df81e0') + def test_set_bootable_volume(self): + self._set_bootable_volume(expected_status=exceptions.Forbidden) + + @decorators.skip_because(bug="2020113") + @decorators.idempotent_id('4fd4dce8-ed8a-4f05-8aac-da99858b563d') + def test_delete_volume(self): + self._delete_volume(expected_status=exceptions.Forbidden) diff --git a/cinder_tempest_plugin/scenario/test_snapshots.py b/cinder_tempest_plugin/scenario/test_snapshots.py index 99e1057..f376954 100644 --- a/cinder_tempest_plugin/scenario/test_snapshots.py +++ b/cinder_tempest_plugin/scenario/test_snapshots.py @@ -23,7 +23,14 @@ def setUp(self): super(SnapshotDataIntegrityTests, self).setUp() - self.keypair = self.create_keypair() + self.validation_resources = self.get_test_validation_resources( + self.os_primary) + # NOTE(danms): If validation is enabled, we will have a keypair to use, + # otherwise we need to create our own. + if 'keypair' in self.validation_resources: + self.keypair = self.validation_resources['keypair'] + else: + self.keypair = self.create_keypair() self.security_group = self.create_security_group() @decorators.idempotent_id('ff10644e-5a70-4a9f-9801-8204bb81fb61') @@ -48,6 +55,9 @@ # Create an instance server = self.create_server( key_name=self.keypair['name'], + validatable=True, + validation_resources=self.validation_resources, + wait_until='SSHABLE', security_groups=[{'name': self.security_group['name']}]) # Create an empty volume diff --git a/cinder_tempest_plugin/scenario/test_volume_encrypted.py b/cinder_tempest_plugin/scenario/test_volume_encrypted.py index 69edfa6..69b0ab2 100644 --- a/cinder_tempest_plugin/scenario/test_volume_encrypted.py +++ b/cinder_tempest_plugin/scenario/test_volume_encrypted.py @@ -37,11 +37,6 @@ @classmethod def resource_cleanup(cls): super(TestEncryptedCinderVolumes, cls).resource_cleanup() - - def launch_instance(self): - keypair = self.create_keypair() - - return self.create_server(key_name=keypair['name']) def attach_detach_volume(self, server, volume): attached_volume = self.nova_volume_attach(server, volume) @@ -108,7 +103,11 @@ self.volumes_client, volume_s['id'], 'available') volume_source = self.volumes_client.show_volume( volume_s['id'])['volume'] - server = self.launch_instance() + validation_resources = self.get_test_validation_resources( + self.os_primary) + server = self.create_server(wait_until='SSHABLE', + validatable=True, + validation_resources=validation_resources) self.attach_detach_volume(server, volume_source) @decorators.idempotent_id('5bb622ab-5060-48a8-8840-d589a548b7e4') @@ -122,9 +121,8 @@ * Create an encrypted volume from image * Boot an instance from the volume * Write data to the volume - * Detach volume - * Create a clone from the first volume - * Create another encrypted volume from source_volumeid + * Destroy the instance + * Create a clone of the encrypted volume * Boot an instance from cloned volume * Verify the data """ diff --git a/cinder_tempest_plugin/scenario/test_volume_multiattach.py b/cinder_tempest_plugin/scenario/test_volume_multiattach.py index 235cb25..e04610f 100644 --- a/cinder_tempest_plugin/scenario/test_volume_multiattach.py +++ b/cinder_tempest_plugin/scenario/test_volume_multiattach.py @@ -31,7 +31,14 @@ def setUp(self): super(VolumeMultiattachTests, self).setUp() - self.keypair = self.create_keypair() + self.validation_resources = self.get_test_validation_resources( + self.os_primary) + # NOTE(danms): If validation is enabled, we will have a keypair to use, + # otherwise we need to create our own. + if 'keypair' in self.validation_resources: + self.keypair = self.validation_resources['keypair'] + else: + self.keypair = self.create_keypair() self.security_group = self.create_security_group() @classmethod @@ -52,6 +59,9 @@ # Create an instance server_1 = self.create_server( key_name=self.keypair['name'], + wait_until='SSHABLE', + validatable=True, + validation_resources=self.validation_resources, security_groups=[{'name': self.security_group['name']}]) # Create multiattach type @@ -92,6 +102,9 @@ # Create another instance server_2 = self.create_server( key_name=self.keypair['name'], + validatable=True, + validation_resources=self.validation_resources, + wait_until='SSHABLE', security_groups=[{'name': self.security_group['name']}]) instance_2_ip = self.get_server_ip(server_2) @@ -117,6 +130,9 @@ # Create an instance server = self.create_server( key_name=self.keypair['name'], + validatable=True, + validation_resources=self.validation_resources, + wait_until='SSHABLE', security_groups=[{'name': self.security_group['name']}]) # Create multiattach type diff --git a/playbooks/enable-fips.yaml b/playbooks/enable-fips.yaml new file mode 100644 index 0000000..bc1dc04 --- /dev/null +++ b/playbooks/enable-fips.yaml @@ -0,0 +1,3 @@ +- hosts: all + roles: + - enable-fips diff --git a/requirements.txt b/requirements.txt index 4d75108..c25d1c5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,4 +5,4 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0 oslo.config>=5.1.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 -tempest>=27.0.0 # Apache-2.0 +tempest>=34.2.0 # Apache-2.0 diff --git a/setup.cfg b/setup.cfg index 3f37df9..f224c5c 100644 --- a/setup.cfg +++ b/setup.cfg @@ -19,6 +19,7 @@ Programming Language :: Python :: 3.7 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 + Programming Language :: Python :: 3.10 [files] packages =