summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-19 19:08:07 +0000
committerGerrit Code Review <review@openstack.org>2017-06-19 19:08:07 +0000
commitb48eba0e3502096ea09758e1058d5263361f3326 (patch)
tree5aaa5fece3248125caebf705cde6b36b037786a7
parentcd8f14d0b96431afcfc4b7e27e6b719ec873ba2f (diff)
parent1442d57231ccf55e5f4b8ddd0d77f751e7887a8a (diff)
Merge "RBAC tests for Tempest network agents_client"
-rw-r--r--patrole_tempest_plugin/tests/api/network/test_agents_rbac.py237
-rw-r--r--releasenotes/notes/rbac-tests-for-network-agents-fbc899925b5948b1.yaml14
2 files changed, 251 insertions, 0 deletions
diff --git a/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
new file mode 100644
index 0000000..506dd5b
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
@@ -0,0 +1,237 @@
1# Copyright 2017 AT&T Corporation.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16from tempest.lib.common.utils import test_utils
17from tempest.lib import decorators
18from tempest import test
19
20from patrole_tempest_plugin import rbac_rule_validation
21from patrole_tempest_plugin.tests.api.network import rbac_base as base
22
23
24class AgentsRbacTest(base.BaseNetworkRbacTest):
25
26 @classmethod
27 def skip_checks(cls):
28 super(AgentsRbacTest, cls).skip_checks()
29 if not test.is_extension_enabled('agent', 'network'):
30 msg = "agent extension not enabled."
31 raise cls.skipException(msg)
32
33 @classmethod
34 def resource_setup(cls):
35 super(AgentsRbacTest, cls).resource_setup()
36 agents = cls.agents_client.list_agents()['agents']
37 cls.agent = agents[0]
38
39 @decorators.idempotent_id('f88e38e0-ab52-4b97-8ffa-48a27f9d199b')
40 @rbac_rule_validation.action(service="neutron",
41 rule="get_agent",
42 expected_error_code=404)
43 def test_show_agent(self):
44 """Show agent test.
45
46 RBAC test for the neutron get_agent policy
47 """
48 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
49 self.agents_client.show_agent(self.agent['id'])
50
51 @decorators.idempotent_id('8ca68fdb-eaf6-4880-af82-ba0982949dec')
52 @rbac_rule_validation.action(service="neutron",
53 rule="update_agent",
54 expected_error_code=404)
55 def test_update_agent(self):
56 """Update agent test.
57
58 RBAC test for the neutron update_agent policy
59 """
60 original_status = self.agent['admin_state_up']
61 agent_status = {'admin_state_up': original_status}
62
63 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
64 self.agents_client.update_agent(agent_id=self.agent['id'],
65 agent=agent_status)
66
67
68class L3AgentSchedulerRbacTest(base.BaseNetworkRbacTest):
69
70 @classmethod
71 def skip_checks(cls):
72 super(L3AgentSchedulerRbacTest, cls).skip_checks()
73 if not test.is_extension_enabled('l3_agent_scheduler', 'network'):
74 msg = "l3_agent_scheduler extension not enabled."
75 raise cls.skipException(msg)
76
77 @classmethod
78 def resource_setup(cls):
79 super(L3AgentSchedulerRbacTest, cls).resource_setup()
80 cls.router = cls.create_router()
81 cls.agent = None
82
83 def setUp(self):
84 super(L3AgentSchedulerRbacTest, self).setUp()
85 if self.agent is not None:
86 return
87
88 # Find an agent and validate that it is correct.
89 agents = self.agents_client.list_agents()['agents']
90 agent = {'agent_type': None}
91 for a in agents:
92 if a['agent_type'] == 'L3 agent':
93 agent = a
94 break
95 self.assertEqual(agent['agent_type'], 'L3 agent', 'Could not find '
96 'L3 agent in agent list though l3_agent_scheduler '
97 'is enabled.')
98 self.agent = agent
99
100 @decorators.idempotent_id('5d2bbdbc-40a5-43d2-828a-84dc93fcc453')
101 @rbac_rule_validation.action(service="neutron",
102 rule="get_l3-routers")
103 def test_list_routers_on_l3_agent(self):
104 """List routers on L3 agent test.
105
106 RBAC test for the neutron get_l3-routers policy
107 """
108 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
109 self.agents_client.list_routers_on_l3_agent(self.agent['id'])
110
111 @decorators.idempotent_id('466b2a10-8747-4c09-855a-bd90a1c86ce7')
112 @rbac_rule_validation.action(service="neutron",
113 rule="create_l3-router")
114 def test_create_router_on_l3_agent(self):
115 """Create router on L3 agent test.
116
117 RBAC test for the neutron create_l3-router policy
118 """
119 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
120 self.agents_client.create_router_on_l3_agent(
121 self.agent['id'], router_id=self.router['id'])
122 self.addCleanup(
123 test_utils.call_and_ignore_notfound_exc,
124 self.agents_client.delete_router_from_l3_agent,
125 self.agent['id'], router_id=self.router['id'])
126
127 @decorators.idempotent_id('8138cfc9-3e48-4a34-adf6-894077aa1be4')
128 @rbac_rule_validation.action(service="neutron",
129 rule="delete_l3-router")
130 def test_delete_router_from_l3_agent(self):
131 """Delete router from L3 agent test.
132
133 RBAC test for the neutron delete_l3-router policy
134 """
135 self.agents_client.create_router_on_l3_agent(
136 self.agent['id'], router_id=self.router['id'])
137 self.addCleanup(
138 test_utils.call_and_ignore_notfound_exc,
139 self.agents_client.delete_router_from_l3_agent,
140 self.agent['id'], router_id=self.router['id'])
141
142 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
143 self.agents_client.delete_router_from_l3_agent(
144 self.agent['id'], router_id=self.router['id'])
145
146
147class DHCPAgentSchedulersRbacTest(base.BaseNetworkRbacTest):
148
149 @classmethod
150 def skip_checks(cls):
151 super(DHCPAgentSchedulersRbacTest, cls).skip_checks()
152 if not test.is_extension_enabled('dhcp_agent_scheduler', 'network'):
153 msg = "dhcp_agent_scheduler extension not enabled."
154 raise cls.skipException(msg)
155
156 @classmethod
157 def resource_setup(cls):
158 super(DHCPAgentSchedulersRbacTest, cls).resource_setup()
159 cls.agent = None
160
161 def setUp(self):
162 super(DHCPAgentSchedulersRbacTest, self).setUp()
163 if self.agent is not None:
164 return
165
166 # Find a DHCP agent and validate that it is correct.
167 agents = self.agents_client.list_agents()['agents']
168 agent = {'agent_type': None}
169 for a in agents:
170 if a['agent_type'] == 'DHCP agent':
171 agent = a
172 break
173 self.assertEqual(agent['agent_type'], 'DHCP agent', 'Could not find '
174 'DHCP agent in agent list though dhcp_agent_scheduler'
175 ' is enabled.')
176 self.agent = agent
177
178 def _create_and_prepare_network_for_agent(self, agent_id):
179 """Create network and ensure it is not hosted by agent_id."""
180 network_id = self.create_network()['id']
181
182 if self._check_network_in_dhcp_agent(network_id, agent_id):
183 self.agents_client.delete_network_from_dhcp_agent(
184 agent_id=agent_id, network_id=network_id)
185
186 return network_id
187
188 def _check_network_in_dhcp_agent(self, network_id, agent_id):
189 networks = self.agents_client.list_networks_hosted_by_one_dhcp_agent(
190 agent_id)['networks'] or []
191 return network_id in [network['id'] for network in networks]
192
193 @decorators.idempotent_id('dc84087b-4c2a-4878-8ed0-40370e19da17')
194 @rbac_rule_validation.action(service="neutron",
195 rule="get_dhcp-networks")
196 def test_list_networks_hosted_by_one_dhcp_agent(self):
197 """List networks hosted by one DHCP agent test.
198
199 RBAC test for the neutron get_dhcp-networks policy
200 """
201 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
202 self.agents_client.list_networks_hosted_by_one_dhcp_agent(
203 self.agent['id'])
204
205 @decorators.idempotent_id('14e014ac-f355-46d3-b6d8-98f2c9ec1610')
206 @rbac_rule_validation.action(service="neutron",
207 rule="create_dhcp-network")
208 def test_add_dhcp_agent_to_network(self):
209 """Add DHCP agent to network test.
210
211 RBAC test for the neutron create_dhcp-network policy
212 """
213 network_id = self._create_and_prepare_network_for_agent(
214 self.agent['id'])
215
216 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
217 self.agents_client.add_dhcp_agent_to_network(
218 self.agent['id'], network_id=network_id)
219 # Clean up is not necessary and might result in 409 being raised.
220
221 @decorators.idempotent_id('937a4302-4b49-407d-9980-5843d7badc38')
222 @rbac_rule_validation.action(service="neutron",
223 rule="delete_dhcp-network")
224 def test_delete_network_from_dhcp_agent(self):
225 """Delete DHCP agent from network test.
226
227 RBAC test for the neutron delete_dhcp-network policy
228 """
229 network_id = self._create_and_prepare_network_for_agent(
230 self.agent['id'])
231 self.agents_client.add_dhcp_agent_to_network(
232 self.agent['id'], network_id=network_id)
233 # Clean up is not necessary and might result in 409 being raised.
234
235 self.rbac_utils.switch_role(self, toggle_rbac_role=True)
236 self.agents_client.delete_network_from_dhcp_agent(
237 self.agent['id'], network_id=network_id)
diff --git a/releasenotes/notes/rbac-tests-for-network-agents-fbc899925b5948b1.yaml b/releasenotes/notes/rbac-tests-for-network-agents-fbc899925b5948b1.yaml
new file mode 100644
index 0000000..64deadc
--- /dev/null
+++ b/releasenotes/notes/rbac-tests-for-network-agents-fbc899925b5948b1.yaml
@@ -0,0 +1,14 @@
1---
2features:
3 - |
4 Implements RBAC tests for Tempest network agents_client, providing
5 coverage for the following policies:
6
7 * update_agent
8 * get_agent
9 * create_dhcp-network
10 * delete_dhcp-network
11 * get_dhcp-networks
12 * create_l3-router
13 * delete_l3-router
14 * get_l3-routers