[srbac] Test srbac on snapshots

Adding Reader and Member srbac tests with snapshots operations Change-Id: I838ba765851485e05df785740257caf89492e104 Signed-off-by: Yosi Ben Shimon <ybenshim@redhat.com>
2023-02-07 17:34:03 +00:00 · 2023-02-07 17:34:03 +00:00 · de601aeb6b
parent 47958a8d77
commit de601aeb6b
2 changed files with 464 additions and 0 deletions
--- a/cinder_tempest_plugin/rbac/v3/base.py
+++ b/cinder_tempest_plugin/rbac/v3/base.py
@ -10,9 +10,13 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+from tempest.common import waiters
 from tempest import config
 from tempest.lib.common import api_microversion_fixture
 from tempest.lib.common import api_version_utils
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib.decorators import cleanup_order
 from tempest import test

 CONF = config.CONF
@ -60,6 +64,17 @@ class VolumeV3RbacBaseTests(
                CONF.volume.min_microversion))

    def do_request(self, method, expected_status=200, client=None, **payload):
+        """Perform API call
+
+        Args:
+            method: Name of the API call
+            expected_status: HTTP desired response code
+            client: Client object if exists, None otherwise
+            payload: API call required parameters
+
+        Returns:
+            HTTP response
+        """
        if not client:
            client = self.client
        if isinstance(expected_status, type(Exception)):
@ -70,3 +85,78 @@ class VolumeV3RbacBaseTests(
            response = getattr(client, method)(**payload)
            self.assertEqual(response.response.status, expected_status)
            return response
+
+    @cleanup_order
+    def create_volume(self, client, **kwargs):
+        """Wrapper utility that returns a test volume
+
+        Args:
+            client: Client object
+
+        Returns:
+            ID of the created volume
+        """
+        kwargs['size'] = CONF.volume.volume_size
+        kwargs['name'] = data_utils.rand_name(
+            VolumeV3RbacBaseTests.__name__ + '-Volume'
+        )
+
+        volume_id = client.create_volume(**kwargs)['volume']['id']
+        self.cleanup(
+            test_utils.call_and_ignore_notfound_exc, func=self.delete_resource,
+            client=client, volume_id=volume_id
+        )
+        waiters.wait_for_volume_resource_status(
+            client=client, resource_id=volume_id, status='available'
+        )
+
+        return volume_id
+
+    @cleanup_order
+    def create_snapshot(self, client, volume_id, cleanup=True, **kwargs):
+        """Wrapper utility that returns a test snapshot.
+
+        Args:
+            client: Client object
+            volume_id: ID of the volume
+            cleanup: Boolean if should delete the snapshot
+
+        Returns:
+            ID of the created snapshot
+        """
+        kwargs['name'] = data_utils.rand_name(
+            VolumeV3RbacBaseTests.__name__ + '-Snapshot'
+        )
+
+        snapshot_id = client.create_snapshot(
+            volume_id=volume_id, **kwargs)['snapshot']['id']
+        if cleanup:
+            self.cleanup(
+                test_utils.call_and_ignore_notfound_exc,
+                func=self.delete_resource,
+                client=client, snapshot_id=snapshot_id
+            )
+        waiters.wait_for_volume_resource_status(
+            client=client, resource_id=snapshot_id, status='available'
+        )
+
+        return snapshot_id
+
+    @classmethod
+    def delete_resource(cls, client, **kwargs):
+        """Delete a resource by a given client
+
+        Args:
+            client: Client object
+
+        Keyword Args:
+            snapshot_id: ID of a snapshot
+            volume_id: ID of a volume
+        """
+        key, resource_id = list(kwargs.items())[0]
+        resource_name = key.split('_')[0]
+
+        del_action = getattr(client, f'delete_{resource_name}')
+        test_utils.call_and_ignore_notfound_exc(del_action, resource_id)
+        test_utils.call_and_ignore_notfound_exc(
+            client.wait_for_resource_deletion, resource_id)
--- a/cinder_tempest_plugin/rbac/v3/test_snapshots.py
+++ b/cinder_tempest_plugin/rbac/v3/test_snapshots.py
@ -0,0 +1,374 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.common import waiters
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+
+from cinder_tempest_plugin.rbac.v3 import base as rbac_base
+
+CONF = config.CONF
+
+
+class VolumeV3RbacSnapshotsTests(rbac_base.VolumeV3RbacBaseTests):
+
+    @classmethod
+    def setup_clients(cls):
+        super().setup_clients()
+        cls.vol_other_client = cls.os_project_admin.volumes_client_latest
+        cls.snap_other_client = cls.os_project_admin.snapshots_client_latest
+
+    def _list_snapshots(self, expected_status):
+        """Test list_snapshots operation
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        self.do_request(
+            expected_status=expected_status, method='list_snapshots'
+        )
+
+    def _show_snapshot(self, expected_status):
+        """Test show_snapshot operation
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        self.do_request(
+            expected_status=expected_status, method='show_snapshot',
+            snapshot_id=snapshot_id
+        )
+
+    def _create_snapshot(self, expected_status):
+        """Test create_snapshot operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snap_name = data_utils.rand_name(
+            self.__name__ + '-Snapshot'
+        )
+        if expected_status == 202:
+            snapshot_id = self.do_request(
+                method='create_snapshot', expected_status=202,
+                volume_id=volume_id, name=snap_name
+            )['snapshot']['id']
+            self.addCleanup(
+                test_utils.call_and_ignore_notfound_exc, self.delete_resource,
+                client=self.client, snapshot_id=snapshot_id
+            )
+            waiters.wait_for_volume_resource_status(
+                client=self.client, resource_id=snapshot_id, status='available'
+            )
+        elif expected_status == exceptions.Forbidden:
+            self.do_request(
+                method='create_snapshot', expected_status=expected_status,
+                volume_id=volume_id, name=snap_name
+            )
+
+    def _remove_snapshot(self, expected_status):
+        """Test create_snapshot operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+
+        self.do_request(
+            method='delete_snapshot', snapshot_id=snapshot_id,
+            expected_status=expected_status
+        )
+        if expected_status == 202:
+            self.client.wait_for_resource_deletion(id=snapshot_id)
+
+    def _reset_snapshot_status(self, expected_status):
+        """Test reset_snapshot_status operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        self.do_request(
+            'reset_snapshot_status', expected_status=expected_status,
+            snapshot_id=snapshot_id, status='error'
+        )
+
+    def _update_snapshot(self, expected_status):
+        """Test update_snapshot operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        new_desc = self.__name__ + '-update_test'
+        self.do_request(
+            method='update_snapshot', expected_status=expected_status,
+            snapshot_id=snapshot_id, description=new_desc
+        )
+
+    def _update_snapshot_status(self, expected_status):
+        """Test update_snapshot_status operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+
+        reset_status = 'creating' if expected_status == 202 else 'error'
+        request_status = 'error' if expected_status == 202 else 'creating'
+        self.os_project_admin.snapshots_client_latest.reset_snapshot_status(
+            snapshot_id=snapshot_id, status=reset_status
+        )
+        waiters.wait_for_volume_resource_status(
+            client=self.os_project_admin.snapshots_client_latest,
+            resource_id=snapshot_id, status=reset_status
+        )
+
+        self.do_request(
+            'update_snapshot_status', expected_status=expected_status,
+            snapshot_id=snapshot_id, status=request_status, progress='80%'
+        )
+
+    def _force_delete_snapshot(self, expected_status):
+        """Test force_delete_snapshot operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        self.do_request(
+            method='force_delete_snapshot', snapshot_id=snapshot_id,
+            expected_status=expected_status
+        )
+        if expected_status != exceptions.Forbidden:
+            self.client.wait_for_resource_deletion(id=snapshot_id)
+            waiters.wait_for_volume_resource_status(
+                client=self.os_project_admin.volumes_client_latest,
+                resource_id=volume_id, status='available'
+            )
+
+    def _unmanage_snapshot(self, expected_status):
+        """Test unmanage_snapshot operation.
+
+        Args:
+            expected_status: The expected HTTP response code
+        """
+        volume_id = self.create_volume(client=self.vol_other_client)
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client, volume_id=volume_id
+        )
+        self.do_request(
+            method='unmanage_snapshot',
+            expected_status=expected_status, snapshot_id=snapshot_id
+        )
+        if expected_status != exceptions.Forbidden:
+            self.client.wait_for_resource_deletion(id=snapshot_id)
+
+    def _manage_snapshot(self, client, expected_status):
+        """Test reset_snapshot_status operation.
+
+        Args:
+            client: The client to perform the needed request
+            expected_status: The expected HTTP response code
+        """
+        # Create a volume
+        volume_id = self.create_volume(client=self.vol_other_client)
+
+        # Create a snapshot
+        snapshot_id = self.create_snapshot(
+            client=self.snap_other_client,
+            volume_id=volume_id,
+            cleanup=False
+        )
+        # Unmanage the snapshot
+        # Unmanage snapshot function works almost the same as delete snapshot,
+        # but it does not delete the snapshot data
+        self.snap_other_client.unmanage_snapshot(snapshot_id)
+        self.client.wait_for_resource_deletion(snapshot_id)
+
+        # Verify the original snapshot does not exist in snapshot list
+        params = {'all_tenants': 1}
+        all_snapshots = self.snap_other_client.list_snapshots(
+            detail=True, **params)['snapshots']
+        self.assertNotIn(snapshot_id, [v['id'] for v in all_snapshots])
+
+        # Manage the snapshot
+        name = data_utils.rand_name(
+            self.__class__.__name__ + '-Managed-Snapshot'
+        )
+        description = data_utils.rand_name(
+            self.__class__.__name__ + '-Managed-Snapshot-Description'
+        )
+        metadata = {"manage-snap-meta1": "value1",
+                    "manage-snap-meta2": "value2",
+                    "manage-snap-meta3": "value3"}
+        snapshot_ref = {
+            'volume_id': volume_id,
+            'ref': {CONF.volume.manage_snapshot_ref[0]:
+                    CONF.volume.manage_snapshot_ref[1] % snapshot_id},
+            'name': name,
+            'description': description,
+            'metadata': metadata
+        }
+
+        new_snapshot = self.do_request(
+            client=client,
+            method='manage_snapshot', expected_status=expected_status,
+            volume_id=volume_id, ref=snapshot_ref
+        )
+        if expected_status != exceptions.Forbidden:
+            snapshot = new_snapshot['snapshot']
+            waiters.wait_for_volume_resource_status(
+                client=self.snap_other_client,
+                resource_id=snapshot['id'],
+                status='available'
+            )
+            self.delete_resource(
+                client=self.snap_other_client, snapshot_id=snapshot['id']
+            )
+
+
+class ProjectReaderTests(VolumeV3RbacSnapshotsTests):
+
+    credentials = ['project_reader', 'project_admin']
+
+    @classmethod
+    def setup_clients(cls):
+        super().setup_clients()
+        cls.client = cls.os_project_reader.snapshots_client_latest
+
+    @decorators.idempotent_id('dd8e19dc-c8fd-443c-8aed-cdffe07fa6be')
+    def test_list_snapshots(self):
+        self._list_snapshots(expected_status=200)
+
+    @decorators.idempotent_id('6f69e8ed-4e11-40a1-9620-258cf3c45872')
+    def test_show_snapshot(self):
+        self._show_snapshot(expected_status=200)
+
+    @decorators.skip_because(bug="2017108")
+    @decorators.idempotent_id('13ae344f-fa01-44cc-b9f1-d04452940dc1')
+    def test_create_snapshot(self):
+        self._create_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.skip_because(bug="2017108")
+    @decorators.idempotent_id('5b58f647-da0f-4d2a-bf68-680fc692efb4')
+    def test_delete_snapshot(self):
+        self._remove_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('809d8c8c-25bf-4f1f-9b77-1a81ce4292d1')
+    def test_reset_snapshot_status(self):
+        self._reset_snapshot_status(expected_status=exceptions.Forbidden)
+
+    @decorators.skip_because(bug="2017108")
+    @decorators.idempotent_id('c46f5df8-9a6f-4ed6-b94c-3b65ef05ee9e')
+    def test_update_snapshot(self):
+        self._update_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.skip_because(bug="2017108")
+    @decorators.idempotent_id('c90f98d7-3665-4c9f-820f-3f4c2adfdbf5')
+    def test_update_snapshot_status(self):
+        self._update_snapshot_status(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('63aa8184-897d-4e00-9b80-d2e7828f1b13')
+    def test_force_delete_snapshot(self):
+        self._force_delete_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('35495666-b663-4c68-ba44-0695e30a6838')
+    def test_unmanage_snapshot(self):
+        self._unmanage_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('d2d1326d-fb47-4448-a1e1-2d1219d30fd5')
+    def test_manage_snapshot(self):
+        self._manage_snapshot(
+            expected_status=exceptions.Forbidden,
+            client=self.os_project_reader.snapshot_manage_client_latest
+        )
+
+
+class ProjectMemberTests(VolumeV3RbacSnapshotsTests):
+
+    credentials = ['project_member', 'project_admin']
+
+    @classmethod
+    def setup_clients(cls):
+        super().setup_clients()
+        cls.client = cls.os_project_member.snapshots_client_latest
+
+    @decorators.idempotent_id('5b3ec87f-443f-42f7-bd3c-ab05ea30c5e1')
+    def test_list_snapshots(self):
+        self._list_snapshots(expected_status=200)
+
+    @decorators.idempotent_id('6fee8967-951c-4957-b51b-97b83c13c7c3')
+    def test_show_snapshot(self):
+        self._show_snapshot(expected_status=200)
+
+    @decorators.idempotent_id('43f77b31-aab4-46d0-b76f-e17000d23589')
+    def test_create_snapshot(self):
+        self._create_snapshot(expected_status=202)
+
+    @decorators.idempotent_id('22939122-8b4e-47d5-abaa-774bc55c07fc')
+    def test_delete_snapshot(self):
+        self._remove_snapshot(expected_status=202)
+
+    @decorators.idempotent_id('da391afd-8baa-458b-b222-f6ab42ab47c3')
+    def test_reset_snapshot_status(self):
+        self._reset_snapshot_status(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('a774bdca-bfbe-477d-9711-5fb64d7e34ea')
+    def test_update_snapshot(self):
+        self._update_snapshot(expected_status=200)
+
+    @decorators.idempotent_id('12e00e1b-bf84-41c1-8a1e-8625d1317789')
+    def test_update_snapshot_status(self):
+        self._update_snapshot_status(expected_status=202)
+
+    @decorators.idempotent_id('e7cb3eb0-d607-4c90-995d-df82d030eca8')
+    def test_force_delete_snapshot(self):
+        self._force_delete_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('dd7da3da-68ef-42f5-af1d-29803a4a04fd')
+    def test_unmanage_snapshot(self):
+        self._unmanage_snapshot(expected_status=exceptions.Forbidden)
+
+    @decorators.idempotent_id('c2501d05-9bca-42d7-9ab5-c0d9133e762f')
+    def test_manage_snapshot(self):
+        self._manage_snapshot(
+            expected_status=exceptions.Forbidden,
+            client=self.os_project_member.snapshot_manage_client_latest
+        )