Set clustertemplate:publish to admin only

Set the clustertemplate:publish policy to be admin only by default -
currently it is admin_or_user, which means any openstack user can create
a public cluster template.

Update tests for bay model and cluster template, splitting tests
requiring admin credentials into a separate class.

Change-Id: I0bfb57c569863f1ecf7d697cd5ac161a9a710432
Closes-Bug: #1687887
This commit is contained in:
Ricardo Rocha 2017-05-03 11:47:05 +02:00
parent ca964b6c91
commit 12052b1253
5 changed files with 180 additions and 27 deletions

View File

@ -20,7 +20,7 @@
"baymodel:get": "rule:deny_cluster_user",
"baymodel:get_all": "rule:deny_cluster_user",
"baymodel:update": "rule:deny_cluster_user",
"baymodel:publish": "rule:admin_or_owner",
"baymodel:publish": "rule:admin_api",
"cluster:create": "rule:deny_cluster_user",
"cluster:delete": "rule:deny_cluster_user",
@ -35,7 +35,7 @@
"clustertemplate:get": "rule:deny_cluster_user",
"clustertemplate:get_all": "rule:deny_cluster_user",
"clustertemplate:update": "rule:deny_cluster_user",
"clustertemplate:publish": "rule:admin_or_owner",
"clustertemplate:publish": "rule:admin_api",
"quotas:get": "rule:default",
"quotas:get_all": "rule:admin_api",

View File

@ -75,11 +75,9 @@ class BayModelTest(base.BaseTempestTest):
@testtools.testcase.attr('positive')
def test_create_get_public_baymodel(self):
gen_model = datagen.valid_swarm_baymodel(is_public=True)
resp, model = self._create_baymodel(gen_model)
resp, model = self.baymodel_client.get_baymodel(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.baymodel_client.post_baymodel, gen_model)
@testtools.testcase.attr('positive')
def test_update_baymodel_public_by_uuid(self):
@ -88,13 +86,9 @@ class BayModelTest(base.BaseTempestTest):
resp, old_model = self._create_baymodel(gen_model)
patch_model = datagen.baymodel_replace_patch_data(path, value=True)
resp, new_model = self.baymodel_client.patch_baymodel(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)
resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.baymodel_client.patch_baymodel, old_model.uuid, patch_model)
@testtools.testcase.attr('positive')
def test_update_baymodel_by_uuid(self):

View File

@ -0,0 +1,80 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import testtools
from magnum.tests.functional.api import base
from magnum.tests.functional.common import datagen
class BayModelAdminTest(base.BaseTempestTest):
"""Tests for baymodel admin operations."""
def __init__(self, *args, **kwargs):
super(BayModelAdminTest, self).__init__(*args, **kwargs)
self.baymodels = []
self.baymodel_client = None
self.keypairs_client = None
def setUp(self):
try:
super(BayModelAdminTest, self).setUp()
(self.baymodel_client,
self.keypairs_client) = self.get_clients_with_new_creds(
type_of_creds='admin',
request_type='baymodel')
except Exception:
self.tearDown()
raise
def tearDown(self):
for baymodel_id in self.baymodels:
self._delete_baymodel(baymodel_id)
self.baymodels.remove(baymodel_id)
super(BayModelAdminTest, self).tearDown()
def _create_baymodel(self, baymodel_model):
resp, model = self.baymodel_client.post_baymodel(baymodel_model)
self.assertEqual(201, resp.status)
self.baymodels.append(model.uuid)
return resp, model
def _delete_baymodel(self, baymodel_id):
resp, model = self.baymodel_client.delete_baymodel(baymodel_id)
self.assertEqual(204, resp.status)
return resp, model
@testtools.testcase.attr('positive')
def test_create_get_public_baymodel(self):
gen_model = datagen.valid_swarm_baymodel(is_public=True)
resp, model = self._create_baymodel(gen_model)
resp, model = self.baymodel_client.get_baymodel(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
@testtools.testcase.attr('positive')
def test_update_baymodel_public_by_uuid(self):
path = "/public"
gen_model = datagen.baymodel_data_with_valid_keypair_image_flavor()
resp, old_model = self._create_baymodel(gen_model)
patch_model = datagen.baymodel_replace_patch_data(path, value=True)
resp, new_model = self.baymodel_client.patch_baymodel(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)
resp, model = self.baymodel_client.get_baymodel(new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)

View File

@ -80,12 +80,9 @@ class ClusterTemplateTest(base.BaseTempestTest):
@testtools.testcase.attr('positive')
def test_create_get_public_cluster_template(self):
gen_model = datagen.valid_swarm_cluster_template(is_public=True)
resp, model = self._create_cluster_template(gen_model)
resp, model = \
self.cluster_template_client.get_cluster_template(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
self.assertRaises(
exceptions.Forbidden,
self.cluster_template_client.post_cluster_template, gen_model)
@testtools.testcase.attr('positive')
def test_update_cluster_template_public_by_uuid(self):
@ -96,14 +93,10 @@ class ClusterTemplateTest(base.BaseTempestTest):
patch_model = datagen.cluster_template_replace_patch_data(path,
value=True)
resp, new_model = self.cluster_template_client.patch_cluster_template(
self.assertRaises(
exceptions.Forbidden,
self.cluster_template_client.patch_cluster_template,
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)
resp, model = self.cluster_template_client.get_cluster_template(
new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
@testtools.testcase.attr('positive')
def test_update_cluster_template_by_uuid(self):

View File

@ -0,0 +1,86 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import testtools
from magnum.tests.functional.api import base
from magnum.tests.functional.common import datagen
class ClusterTemplateAdminTest(base.BaseTempestTest):
"""Tests for clustertemplate admin operations."""
def __init__(self, *args, **kwargs):
super(ClusterTemplateAdminTest, self).__init__(*args, **kwargs)
self.cluster_templates = []
self.cluster_template_client = None
self.keypairs_client = None
def setUp(self):
try:
super(ClusterTemplateAdminTest, self).setUp()
(self.cluster_template_client,
self.keypairs_client) = self.get_clients_with_new_creds(
type_of_creds='admin',
request_type='cluster_template')
except Exception:
self.tearDown()
raise
def tearDown(self):
for cluster_template_id in self.cluster_templates:
self._delete_cluster_template(cluster_template_id)
self.cluster_templates.remove(cluster_template_id)
super(ClusterTemplateAdminTest, self).tearDown()
def _create_cluster_template(self, cmodel_model):
resp, model = \
self.cluster_template_client.post_cluster_template(cmodel_model)
self.assertEqual(201, resp.status)
self.cluster_templates.append(model.uuid)
return resp, model
def _delete_cluster_template(self, model_id):
resp, model = \
self.cluster_template_client.delete_cluster_template(model_id)
self.assertEqual(204, resp.status)
return resp, model
@testtools.testcase.attr('positive')
def test_create_get_public_cluster_template(self):
gen_model = datagen.valid_swarm_cluster_template(is_public=True)
resp, model = self._create_cluster_template(gen_model)
resp, model = \
self.cluster_template_client.get_cluster_template(model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)
@testtools.testcase.attr('positive')
def test_update_cluster_template_public_by_uuid(self):
path = "/public"
gen_model = \
datagen.cluster_template_data_with_valid_keypair_image_flavor()
resp, old_model = self._create_cluster_template(gen_model)
patch_model = datagen.cluster_template_replace_patch_data(path,
value=True)
resp, new_model = self.cluster_template_client.patch_cluster_template(
old_model.uuid, patch_model)
self.assertEqual(200, resp.status)
resp, model = self.cluster_template_client.get_cluster_template(
new_model.uuid)
self.assertEqual(200, resp.status)
self.assertTrue(model.public)