Rbac tests for Neutron list actions

Add RBAC tests for
    * list_routers [0]
    * list_subnetpools [1]
    * list_networks [2]
    * list_ports [3]
    * list_trunks [4]
    * list_address_scopes [5]
    * list_floatingips [6]
    * list_rbac_policies [8]
    * list_metering_labels [10]
    * list_metering_label_rules [11]
    * list_qos_policies [12]
    * list_dscp_marking_rules [13]
    * list_agents [14]
    * list_segments [15]

Update RBAC tests to use validate_list function for:
    * list_subnets [7]
    * list_security_groups [9]

[0] https://developer.openstack.org/api-ref/network/v2/index.html#list-routers
[1] https://developer.openstack.org/api-ref/network/v2/index.html#list-subnet-pools
[2] https://developer.openstack.org/api-ref/network/v2/index.html#list-networks
[3] https://developer.openstack.org/api-ref/network/v2/index.html#list-ports
[4] https://developer.openstack.org/api-ref/network/v2/index.html#list-trunks
[5] https://developer.openstack.org/api-ref/network/v2/index.html#list-address-scopes
[6] https://developer.openstack.org/api-ref/network/v2/index.html#list-floating-ips
[7] https://developer.openstack.org/api-ref/network/v2/index.html#list-subnets
[8] https://developer.openstack.org/api-ref/network/v2/index.html#list-rbac-policies
[9] https://developer.openstack.org/api-ref/network/v2/index.html#list-security-groups
[10] https://developer.openstack.org/api-ref/network/v2/index.html#list-metering-labels
[11] https://developer.openstack.org/api-ref/network/v2/index.html#list-metering-label-rules
[12] https://developer.openstack.org/api-ref/network/v2/index.html#list-qos-policies
[13] https://developer.openstack.org/api-ref/network/v2/index.html#list-dscp-marking-rules-for-qos-policy
[14] https://developer.openstack.org/api-ref/network/v2/index.html#list-all-agents
[15] https://developer.openstack.org/api-ref/network/v2/index.html#list-segments

Change-Id: I0dae01a3271efe6d3469718976c471416279e337
This commit is contained in:
Sergey Vilgelm 2018-10-11 14:38:16 -05:00
parent fe6ad6b44c
commit 0a824743b5
No known key found for this signature in database
GPG Key ID: 08D0E2FF778887E6
16 changed files with 224 additions and 17 deletions

View File

@ -137,3 +137,18 @@ class AddressScopeExtRbacTest(base.BaseNetworkExtRbacTest):
address_scope = self._create_address_scope()
with self.rbac_utils.override_role(self):
self.ntp_client.delete_address_scope(address_scope['id'])
@rbac_rule_validation.action(service="neutron",
rules=["get_address_scope"])
@decorators.idempotent_id('c093fd34-96ee-4abe-8fa5-916dc29653e3')
def test_list_address_scopes(self):
"""List Address Scopes
RBAC test for the neutron ``list_address_scopes`` function and
the ``get_address_scope`` policy
"""
admin_resource_id = self._create_address_scope()['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_address_scopes(
id=admin_resource_id)["address_scopes"]

View File

@ -65,6 +65,20 @@ class AgentsRbacTest(base.BaseNetworkRbacTest):
self.agents_client.update_agent(agent_id=self.agent['id'],
agent=agent_status)
@decorators.idempotent_id('f7a085e2-71b1-4d39-be3e-fea4bc10ccb8')
@rbac_rule_validation.action(service="neutron", rules=["get_agent"])
def test_list_agents(self):
"""List agents test.
RBAC test for the neutron ``list_agents`` function and
the ``get_agent`` policy
"""
admin_resource_id = self.agent['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.agents_client.list_agents(
id=admin_resource_id)["agents"]
class L3AgentSchedulerRbacTest(base.BaseNetworkRbacTest):

View File

@ -104,3 +104,18 @@ class DscpMarkingRuleExtRbacTest(base.BaseNetworkExtRbacTest):
with self.rbac_utils.override_role(self):
self.ntp_client.delete_dscp_marking_rule(self.policy_id, rule_id)
@decorators.idempotent_id('c012fd4f-3a3e-4af4-9075-dd3e170daecd')
@rbac_rule_validation.action(service="neutron",
rules=["get_policy_dscp_marking_rule"])
def test_list_policy_dscp_marking_rules(self):
"""List policy_dscp_marking_rules.
RBAC test for the neutron ``list_dscp_marking_rules`` function and
the ``get_policy_dscp_marking_rule`` policy
"""
admin_resource_id = self.create_policy_dscp_marking_rule()
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_dscp_marking_rules(
policy_id=self.policy_id)["dscp_marking_rules"]

View File

@ -130,3 +130,17 @@ class FloatingIpsRbacTest(base.BaseNetworkRbacTest):
with self.rbac_utils.override_role(self):
# Delete the floating IP
self.floating_ips_client.delete_floatingip(floating_ip['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_floatingip"])
@decorators.idempotent_id('824965e3-8be8-46e2-be64-0d793533ad20')
def test_list_floating_ips(self):
"""List Floating IPs.
RBAC test for the neutron ``list_floatingips`` function and
the ``get_floatingip`` policy
"""
admin_resource_id = self._create_floatingip()['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.floating_ips_client.list_floatingips(
id=admin_resource_id)["floatingips"]

View File

@ -101,3 +101,20 @@ class MeteringLabelRulesRbacTest(base.BaseNetworkRbacTest):
with self.rbac_utils.override_role(self):
self.metering_label_rules_client.delete_metering_label_rule(
label_rule['id'])
@rbac_rule_validation.action(service="neutron",
rules=["get_metering_label_rule"])
@decorators.idempotent_id('eaaf9eb5-ee53-4b6b-a4d3-a721dd39bc40')
def test_list_metering_label_rules(self):
"""List metering label rules.
RBAC test for the neutron ``list_metering_label_rules`` function and
the ``get_metering_label_rule`` policy
"""
admin_resource_id = self._create_metering_label_rule(self.label)['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = (
self.metering_label_rules_client.
list_metering_label_rules(id=admin_resource_id)
["metering_label_rules"])

View File

@ -83,3 +83,20 @@ class MeteringLabelsRbacTest(base.BaseNetworkRbacTest):
label = self._create_metering_label()
with self.rbac_utils.override_role(self):
self.metering_labels_client.delete_metering_label(label['id'])
@rbac_rule_validation.action(service="neutron",
rules=["get_metering_label"])
@decorators.idempotent_id('d60d72b0-cb8f-44db-b10b-5092fa01cb0e')
def test_list_metering_labels(self):
"""List metering label.
RBAC test for the neutron ``list_metering_labels`` function and
the ``get_metering_label`` policy
"""
admin_resource_id = self._create_metering_label()['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = (
self.metering_labels_client.
list_metering_labels(id=admin_resource_id)
["metering_labels"])

View File

@ -457,3 +457,18 @@ class NetworksRbacTest(base.BaseNetworkRbacTest):
with self.rbac_utils.override_role(self):
self.networks_client.list_dhcp_agents_on_hosting_network(
self.network['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_network"])
@decorators.idempotent_id('53d6d826-ec9a-4407-9362-b474187fae6d')
def test_list_networks(self):
"""List Networks
RBAC test for the neutron ``list_networks`` function and
the ``get_network`` policy
"""
admin_resource_id = self.network['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.networks_client.list_networks(
id=admin_resource_id)["networks"]

View File

@ -388,3 +388,17 @@ class PortsRbacTest(base.BaseNetworkRbacTest):
port = self.create_port(self.network)
with self.rbac_utils.override_role(self):
self.ports_client.delete_port(port['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_port"])
@decorators.idempotent_id('877ea70d-b000-4af4-9322-0a76b47b7890')
def test_list_ports(self):
"""List Ports
RBAC test for the neutron ``list_ports`` function and
the ``get_port`` policy
"""
admin_resource_id = self.port['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ports_client.list_ports(
id=admin_resource_id)["ports"]

View File

@ -98,3 +98,17 @@ class QosExtRbacTest(base.BaseNetworkExtRbacTest):
policy = self.create_policy()
with self.rbac_utils.override_role(self):
self.ntp_client.delete_qos_policy(policy['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_policy"])
@decorators.idempotent_id('e84cec88-8478-4787-b603-5fcdd8ed7bd5')
def test_list_policies(self):
"""List Policies Test
RBAC test for the neutron ``list_qos_policies`` function and
the ``get_policy``
"""
admin_resource_id = self.create_policy()['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_qos_policies(
id=admin_resource_id)["policies"]

View File

@ -109,3 +109,18 @@ class RbacPoliciesExtRbacTest(base.BaseNetworkExtRbacTest):
with self.rbac_utils.override_role(self):
self.ntp_client.delete_rbac_policy(policy_id)
@decorators.idempotent_id('5337d95a-2e75-47bb-a0ea-0a082be930bf')
@rbac_rule_validation.action(service="neutron", rules=["get_rbac_policy"])
def test_list_rbac_policies(self):
"""List RBAC policies.
RBAC test for the neutron ``list_rbac_policies`` function and
the ``get_rbac_policy`` policy
"""
admin_resource_id = self.create_rbac_policy(self.tenant_id,
self.network_id)
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_rbac_policies(
id=admin_resource_id)["rbac_policies"]

View File

@ -401,3 +401,18 @@ class RouterRbacTest(base.BaseNetworkRbacTest):
self.routers_client.remove_router_interface(
router['id'],
subnet_id=subnet['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_router"])
@decorators.idempotent_id('86816700-12d1-4173-a50f-34bd137f47e6')
def test_list_routers(self):
"""List Routers
RBAC test for the neutron ``get_router policy`` and
the ``get_router`` policy
"""
admin_resource_id = self.router['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.routers_client.list_routers(
id=admin_resource_id)["routers"]

View File

@ -119,14 +119,16 @@ class SecGroupRbacTest(base.BaseNetworkRbacTest):
rules=["get_security_group"])
@decorators.idempotent_id('fbaf8d96-ed3e-49af-b24c-5fb44f05bbb7')
def test_list_security_groups(self):
"""List Security Groups
with self.rbac_utils.override_role(self):
security_groups = self.security_groups_client.\
list_security_groups()
# Neutron may return an empty list if access is denied.
if not security_groups['security_groups']:
raise rbac_exceptions.RbacEmptyResponseBody()
RBAC test for the neutron ``list_security_groups`` function and
the ``get_security_group`` policy
"""
admin_resource_id = self.secgroup['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.security_groups_client.list_security_groups(
id=admin_resource_id)["security_groups"]
@rbac_rule_validation.action(service="neutron",
rules=["create_security_group_rule"])

View File

@ -120,3 +120,17 @@ class SegmentsExtRbacTest(base.BaseNetworkExtRbacTest):
with self.rbac_utils.override_role(self):
self.ntp_client.delete_segment(segment['segment']['id'])
@decorators.idempotent_id('d68a0578-36ae-435e-8aaa-508ee96bdfae')
@rbac_rule_validation.action(service="neutron", rules=["get_segment"])
def test_list_segments(self):
"""List segments.
RBAC test for the neutron ``list_segments`` function and
the``get_segment`` policy
"""
admin_resource_id = self.create_segment(self.network)['segment']['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_segments(
id=admin_resource_id)["segments"]

View File

@ -164,3 +164,17 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
subnetpool = self._create_subnetpool()
with self.rbac_utils.override_role(self):
self.subnetpools_client.delete_subnetpool(subnetpool['id'])
@rbac_rule_validation.action(service="neutron", rules=["get_subnetpool"])
@decorators.idempotent_id('f1caf0f6-bde5-11e8-a355-529269fb1459')
def test_list_subnetpools(self):
"""List subnetpools.
RBAC test for the neutron ``list_subnetpools`` function and
the ``get_subnetpool`` policy
"""
admin_resource_id = self._create_subnetpool()['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.subnetpools_client.list_subnetpools(
id=admin_resource_id)["subnetpools"]

View File

@ -17,7 +17,6 @@ from tempest.common import utils
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.network import rbac_base as base
@ -61,19 +60,18 @@ class SubnetsRbacTest(base.BaseNetworkRbacTest):
self.subnets_client.show_subnet(self.subnet['id'])
@decorators.idempotent_id('e2ddc415-5cab-43f4-9b61-166aed65d637')
@rbac_rule_validation.action(service="neutron",
rules=["get_subnet"])
@rbac_rule_validation.action(service="neutron", rules=["get_subnet"])
def test_list_subnets(self):
"""List subnets.
RBAC test for the neutron "get_subnet" policy
RBAC test for the neutron ``list_subnets`` function and
the ``get_subnet`` policy
"""
with self.rbac_utils.override_role(self):
subnets = self.subnets_client.list_subnets()
# Neutron may return an empty list if access is denied.
if not subnets['subnets']:
raise rbac_exceptions.RbacEmptyResponseBody()
admin_resource_id = self.subnet['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.subnets_client.list_subnets(
id=admin_resource_id)["subnets"]
@decorators.idempotent_id('f36cd821-dd22-4bd0-b43d-110fc4b553eb')
@rbac_rule_validation.action(service="neutron",

View File

@ -84,6 +84,20 @@ class TrunksExtRbacTest(base.BaseNetworkExtRbacTest):
with self.rbac_utils.override_role(self):
self.ntp_client.delete_trunk(trunk['trunk']['id'])
@decorators.idempotent_id('047badd1-e4ff-40c5-9929-99ffcb8750a7')
@rbac_rule_validation.action(service="neutron", rules=["get_trunk"])
def test_list_trunks(self):
"""Show trunk.
RBAC test for the neutron ``list_trunks``` function and
the ``get_trunk`` policy
"""
admin_resource_id = self.create_trunk(self.port_id)["trunk"]['id']
with (self.rbac_utils.override_role_and_validate_list(
self, admin_resource_id=admin_resource_id)) as ctx:
ctx.resources = self.ntp_client.list_trunks(
id=admin_resource_id)["trunks"]
class TrunksSubportsExtRbacTest(base.BaseNetworkExtRbacTest):