Commit Graph

224 Commits

Author SHA1 Message Date
Zuul 82b0e48639 Merge "Support files removed for CONF.scenario.img_dir option" 2024-03-08 19:41:19 +00:00
Zuul e1645532b1 Merge "Update python testing as per zed cycle teting runtime" 2024-03-08 17:06:48 +00:00
Zuul 0ee4c298ce Merge "Fix typo in branch name for 2023.2" 2024-03-08 16:18:57 +00:00
Zuul f95155dc76 Merge "Update roles required for testing" 2024-03-08 15:21:11 +00:00
Zuul 57968af2c4 Merge "Update python classifier in setup.cfg" 2024-03-07 20:58:28 +00:00
Douglas Mendizábal 26928121dd Update roles required for testing
This patch removes the hard-coded 'key-manager:service-admin' role from
the base test class because the role is not available in deployments
with the new Secure RBAC policies enabled.

There is only one test that still requires this role in the API quotas
tests, so we generate a dynamic user there and only use it in this
class.  This test is skipped when SRBAC is enabled.

Change-Id: I6fbfe43f821d9315e01d3bdfd6f5d4edf4e552b7
2024-03-07 10:41:47 -06:00
Tobias Urdin f499f6cc74 Fix typo in branch name for 2023.2
Change-Id: Ifec735cc7222d49993d8191fb65a1b0a910880d9
2024-02-20 21:34:17 +01:00
Zuul 3c70e93c06 Merge "Fix barbican_tempest option group" 2024-02-20 18:12:58 +00:00
Zuul e8fb657de9 Merge "Fix image_signature_verification group not register properly" 2024-02-20 18:12:57 +00:00
Zuul 34dd80821f Merge "Update stable branch testing" 2024-02-20 18:03:13 +00:00
Douglas Mendizábal df30b93583 Fix barbican_tempest option group
This patch fixes a bug with the barbican_tempest option group that was
breaking tempest init by returning the wrong object.

Change-Id: Ia62c43fc67114c89be5f481dab2cb11df6ee82b0
2024-02-19 14:53:58 -05:00
Takashi Kajinami 8f696b3219 Fix image_signature_verification group not register properly
Change-Id: I32d4a5864c2cf9ec364167c6f7dada21a1a6bd46
2024-02-19 19:45:41 +00:00
Zuul bddfa99747 Merge "Add secure RBAC jobs for stable branches" 2024-02-19 16:49:03 +00:00
Takashi Kajinami c8b6d07de8 Update stable branch testing
stable/yoga and older branches are no longer supported by current
tempest so remove tests for these branches from gate.

Also fix the missing 2023.2 branch job.

Change-Id: I2feca9dba2e42e113277d5bca96188db092d098a
2024-02-17 02:47:15 +09:00
Zuul f2b9c024cb Merge "Replace deprecated tenant_id property" 2024-02-09 15:52:26 +00:00
Zuul 8debdcb489 Merge "Use consistent naming for enforce_scope option" 2024-02-09 15:52:25 +00:00
Zuul 6852d1dce8 Merge "Barbican tempest missing IDs" 2024-01-31 05:55:04 +00:00
Zuul ef7c2f473a Merge "Tests with signed volumes" 2024-01-29 14:52:40 +00:00
Tobias Urdin 1323ec7b8a Add secure RBAC jobs for stable branches
Change-Id: Ib8b2a71d7d7e5a12316bd45e6a95501620db8fab
2024-01-25 20:42:46 +01:00
Takashi Kajinami 39eb56d9c7 Use consistent naming for enforce_scope option
Tempest and a few other plugins such as manila-tempest-plugin registers
the option to enable scope enforcement tests in the [enforce_scope]
option. This renames the option so that this plugin follows that
standard.

Change-Id: Ibd6962947c64f04ff1948a19c4afe9f26d0b47bb
2024-01-24 12:33:05 +09:00
Ghanshyam Mann 2824540fd1 Update python classifier in setup.cfg
As per the current release tested runtime, we test
till python 3.11 so updating the same in python
classifier in setup.cfg

Change-Id: Iff08f2ae92b34a7ec9b1155e12e5e9854f3feb88
2024-01-03 21:15:51 -08:00
Lukas Piwowarski 6345b34ae2 Pause testing of multiple secret stores
There is an issue with multiple secret stores which is being tracked in
this launchpad [1]. This issue is blocking patches in
barbican-tempest-plugin. Let's remove the testing for multiple secret
stores until the bug gets resolved.

There was also an update of the secret:delete and secret:get policies
[2]. This patch updates the corresponding SRBAC tests so that we test
the policies correctly.

[1] https://bugs.launchpad.net/barbican/+bug/2043457
[2] https://review.opendev.org/c/openstack/barbican/+/884181

Related-Bug: #2043457
Change-Id: I86335a1cb54b6aa2f74e148416ef6af7c27fff61
2023-12-18 11:26:38 +01:00
Maxim Sava 5558bcb784 Tests with signed volumes
Scenario tests with encrypted volumes and non encrypted volumes

Change-Id: Ia06e95841e1582d7154fea0bef3e84614b58e1e7
2023-11-16 14:23:57 +02:00
jont33 962ab9bb53 Barbican tempest missing IDs
Several tests in the Barbican-tempest-plugin are missing idempotent IDs.

The check-uuid tool was used to ensure that all tests have an ID.

Closes-Bug: #2030965
Change-Id: Ice8a1c210e0ac2e50044f9a37e15b00fd9f306f4
2023-11-08 13:58:48 +00:00
cheyenneb 65ab20fc37 Support files removed for CONF.scenario.img_dir option
CONF.scenario.img_dir file has been removed along with any other
support files. Exception has been raised when a user passes an
img file that does not exist in the CONF.scenario.img_file.
Exceptions import has been added for lib_exc.

Closes-Bug: #2032948
Change-Id: I2b57dd4928ab3f6858909fc90b7865aac2d93da2
2023-11-01 11:46:12 -04:00
Zuul a34bd3b785 Merge "Pin barbican-tempest-plugin for jobs in EM" 2023-09-01 16:36:07 +00:00
Lukáš Piwowarski 638efcc3a0 Pin barbican-tempest-plugin for jobs in EM
Let's pin barbican-tempest-plugin for jobs that run code from branches in extended maintenance.

This change is required because these jobs install older version of tempest that does not contain all functions consumed by master barbicna-tempest-plugin.

Change-Id: Ia4a30d12de1a58b93a06979188e662edeef21ec6
2023-08-17 07:52:28 +00:00
Zuul bf83cf93c0 Merge "Add stable/2023.1 jobs on master gate" 2023-08-15 12:32:50 +00:00
Ghanshyam Mann e5ed4b9f1e Remove Glance v1 APIs tests code
Glance v1 APIs were removed in Rocky and tempest master
does not support the Rocky release. If glance v1 APIs
needs to be tested for older release then older Tempest
can be used.

Tempest is removing the Glance v1 APIs tests, config option,
and its service clients and this change is needed for that.

Needed-By: https://review.opendev.org/c/openstack/tempest/+/890592
Change-Id: I0ef67e86730320755e6f642a36f97ab462fe0aad
2023-08-06 12:05:43 -07:00
Ghanshyam Mann ca7738bab1 Add stable/2023.1 jobs on master gate
As 2023.1 is released, we should add its job on master
gate to keep branchless tempest plugins compatible
to stable branch.

Ref: Tempest plugins guide for stable branch testing:
- https://docs.openstack.org/tempest/latest/stable_branch_testing_policy.html

Change-Id: I59f29bcbf667f6598b00022eff4088ed324f1610
2023-06-09 05:05:58 +00:00
Zuul e765946be1 Merge "Update rbac tests" 2023-06-07 18:15:34 +00:00
Zuul a31f9ef3a6 Merge "Modify test_get_effective_quota test" 2023-06-06 09:01:46 +00:00
Lukas Piwowarski 832692c4fb Modify test_get_effective_quota test
The test_get_effective_quotas test uses key-manager:service-admin
legacy role to get the effective quotas. Using a user with only this
role should lead to an ERROR in an SRBAC environment.

This patch changes the test so that it checks whether the ERROR
occurred when the test tried to get quotas in SRBAC environment.

Also, auth.tempest_roles = member was removed from tempest.conf
as it is not necessary and causes a failure of the modified
test and it might cause unwanted problems in the future.

Change-Id: Ib106f5e760d3a5253968e2fe13ec576107a98c74
2023-06-01 10:32:29 +00:00
Lukas Piwowarski d8047c2025 Enable test_secret_stores tests
This patch enables test_secret_stores tests in the SRBAC job. The tests
were previously fixed in this patch [1].

This change builds on the fix. It modifies the configuration of
the SRBAC job so that it is deployed with enabled multiple secret
stores.

[1] https://review.opendev.org/c/openstack/barbican-tempest-plugin/+/883482

Change-Id: I60305a35528fd16ac4e995d11d6d0999a6440e44
2023-05-22 14:40:29 +00:00
Zuul b5519a7015 Merge "Migrate back to Launchpad" 2023-05-19 17:18:50 +00:00
Zuul 3868bbf3c9 Merge "Fix test_secret_stores tests" 2023-05-18 21:29:31 +00:00
Douglas Mendizábal b51b3f5b61 Update rbac tests
This patch updates the rbac tests for testing the policy updates that
removed the "system" scope and use "project" scope instead.

Depends-On: I3b781112fc6ced7b73196f973cefd6a30ef99dd3
Change-Id: I735cefe2b1cb4eb09c9770f0bdc738ffeee34f0e
2023-05-18 10:37:49 -05:00
Lukáš Piwowarski 26c700da60 Fix test_secret_stores tests
There were five minor issues with the test_secret_stores tests:

1) There is a typo in some test cases. They are calling
   unset_peferred_secret_store instead of unset_p<r>eferred_secret_store

2) Set and unset preferred secret stores API calls in the
   SecretStoresClient expect 200 response status code when in fact they
   should expect 204 instead [1].

3) test_get_preferred_secret_store test expects to get preferred
   secret store when in fact none is set for the project.

4) skip_checks() function did not call super's skip_checks()

5) test_set_unset_preferred_secret_store test expects to get preferred
   secret store for a project when there is no preferred secret store
   set for it.

[1] https://docs.openstack.org/barbican/rocky/api/reference/store_backends.html#post-v1-secret-stores-secret-store-id-preferred

Change-Id: Ic211ea87006662c5a24aef3d1b78a5aa85b5e35b
2023-05-18 14:35:53 +02:00
Grzegorz Grasza 42300cd1e5 Migrate back to Launchpad
Change-Id: I91874ec6001d82104630b4f33883b5af9d2ac09f
2023-05-09 13:55:52 +02:00
Zuul dba97635a1 Merge "Add enable_certificate_validation config option" 2023-05-04 08:42:21 +00:00
Lukáš Piwowarski bf80ee01bb Add enable_certificate_validation config option
This patch adds enable_certificate_validation config option. This option
can be used to skip tests that rely on image signature certificate
validation being enabled on the test environment
(test_signed_image_invalid_cert_boot_failure).

Change-Id: Id4134a2e87378487baa9e3d5f49e7ded48daa765
2023-05-03 14:47:45 +02:00
Lukáš Piwowarski b18a6bf265 Set a default region for clients
Clients initialized for tests.api.* tests do not have defined values
for region [1]. Because of that the clients connect to the first
available service endpoint that they find (see this line in
tempest [2]). This can cause issues when there are multiple endpoints
on a system for barbican (admin, internal, public).

This change sets a default value for key_manager.region config option
to 'regionOne' and ensures that clients defined on the side of
barbican-tempest-plugin are intialised with this value.

[1] https://opendev.org/openstack/barbican-tempest-plugin/src/branch/master/barbican_tempest_plugin/tests/api/base.py#L91
[2] https://opendev.org/openstack/tempest/src/branch/master/tempest/lib/auth.py#L586

Change-Id: Ic9ae00c663cca6b83dc961b984cf129d1c33afc4
2023-04-26 12:00:23 +02:00
Takashi Kajinami 00bd391ace Replace deprecated tenant_id property
The tenant_id property of RestClient in tempest was deprecated in
25.0.0. This replaces the deprecated property by the new project_id
property to avoid the following warning.

WARNING tempest.lib.common.rest_client [-] Deprecated: "tenant_id"
property is deprecated for removal, use "project_id" instead

Depends-on: https://review.opendev.org/c/openstack/tempest/+/707938
Change-Id: I1b690898f1c88244b9f9a68e67e2263058171c2f
2023-03-22 00:30:49 +09:00
Zuul 30e50ef9c8 Merge "Introduce a new test for "cve_2022_3100"" 2022-12-08 14:32:44 +00:00
millevy 46edcc5b05 Introduce a new test for "cve_2022_3100"
The exploit is that a malicious user with a Keystone account is able to decrypt
any secret as long as they know the secret's ID by using a specifically crafted
query string:
GET /v1/secrets/{secret-id}/payload?target.secret.read=read

Change-Id: I5e00a188268ef1c25eed8bf3a37197918e529427
2022-12-07 08:01:02 +00:00
Zuul dc14cae0eb Merge "Add skip for api tests" 2022-10-28 11:03:39 +00:00
Zuul 397c77d286 Merge "The Python 3.6 and Python 3.7 Support has been dropped since zed" 2022-10-28 11:02:34 +00:00
LiZekun ad29ebfff9 Update python testing as per zed cycle teting runtime
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Removing the py36 centos8 job as well as
updating the python classifier also to reflect the same.

[1] https://governance.openstack.org/tc/reference/runtimes/zed.html

Change-Id: I0ae09def76d163190d79ccbff231c3d2e3ac16e0
2022-10-27 14:27:35 +00:00
Zuul 4e13ee201e Merge "Remove setup_clients method" 2022-10-20 10:44:05 +00:00
Zuul 6d76a0868c Merge "Remove secgroups related methods" 2022-10-20 10:44:03 +00:00