openstack
/
patrole
Code Issues Proposed changes

Add os-create-backup compute RBAC test 

Add RBAC test for creating a server backup, providing coverage for the
policy action: "os_compute_api:os-create-backup".

This patch also:
  - Removes unnecessary setUp from ServerActionsV216RbacTest
    since it does a rebuild server in case something bad
    happened to the server -- but there is only 1 test case
    in the class.
  - Use data_utils.rand_name to create a fake host name for
    evacuate server test to further randomize host name to
    guarantee 404 is thrown which is the desired outcome.

Change-Id: Ia5f95deb7b9495345db50c0569885a17b22984f6
Depends-On: Ib97e65cca468a09bbeaf68fcfe0e8192674a481e
This commit is contained in:
Felipe Monteiro 2017-08-31 04:27:45 +01:00
parent a63f854f63
commit 1171b6fb1b
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
patrole_tempest_plugin/tests/api/compute/test_server_actions_rbac.py
View File

@ -18,6 +18,7 @@ import testtools
from tempest.common import waiters
from tempest import config
from tempest.lib.common import api_version_utils
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
@ -234,6 +235,45 @@ class ServerActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
test_utils.call_and_ignore_notfound_exc,
self.compute_images_client.delete_image, image['id'])
@decorators.idempotent_id('9fdd4630-731c-4f7c-bce5-69fa3792c52a')
@testtools.skipUnless(CONF.compute_feature_enabled.snapshot,
'Snapshotting not available, backup not possible.')
@test.services('image')
@rbac_rule_validation.action(
service="nova",
rule="os_compute_api:os-create-backup")
def test_create_backup(self):
# Prioritize glance v2 over v1 for deleting/waiting for image status.
if CONF.image_feature_enabled.api_v2:
glance_admin_client = self.os_admin.image_client_v2
elif CONF.image_feature_enabled.api_v1:
glance_admin_client = self.os_admin.image_client
else:
raise lib_exc.InvalidConfiguration(
'Either api_v1 or api_v2 must be True in '
'[image-feature-enabled].')
backup_name = data_utils.rand_name(self.__class__.__name__ + '-Backup')
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
resp = self.servers_client.create_backup(
self.server_id, backup_type='daily', rotation=1,
name=backup_name).response
# Prior to microversion 2.45, image ID must be parsed from location
# header. With microversion 2.45+, image_id is returned.
if api_version_utils.compare_version_header_to_response(
"OpenStack-API-Version", "2.45", resp, "lt"):
image_id = resp['image_id']
else:
image_id = data_utils.parse_image_id(resp['location'])
# Use admin credentials to wait since waiting involves show, which is
# a different policy.
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
glance_admin_client.delete_image, image_id)
waiters.wait_for_image_status(glance_admin_client, image_id, 'active')
class ServerActionsV214RbacTest(rbac_base.BaseV2ComputeRbacTest):
@ -251,8 +291,11 @@ class ServerActionsV214RbacTest(rbac_base.BaseV2ComputeRbacTest):
@decorators.idempotent_id('78ecef3c-faff-412a-83be-47651963eb21')
def test_evacuate_server(self):
fake_host_name = data_utils.rand_name(
self.__class__.__name__ + '-FakeHost')
self.__class__.__name__ + '-fake-host')
# NOTE(felipemonteiro): Because evacuating a server is a risky action
# to test in the gates, a 404 is coerced using a fake host. However,
# the policy check is done before the 404 is thrown.
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.assertRaisesRegex(lib_exc.NotFound,
"Compute host %s not found." % fake_host_name,

5
releasenotes/notes/os-create-backup-test-cd8037ea130c3d8d.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
Add RBAC test for creating a server backup, providing coverage for the
policy action: "os_compute_api:os-create-backup".