diff --git a/patrole_tempest_plugin/tests/api/network/rbac_base.py b/patrole_tempest_plugin/tests/api/network/rbac_base.py index 347651d6..dc0ce7f8 100644 --- a/patrole_tempest_plugin/tests/api/network/rbac_base.py +++ b/patrole_tempest_plugin/tests/api/network/rbac_base.py @@ -13,7 +13,10 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_serialization import jsonutils as json + from tempest.api.network import base as network_base +from tempest.lib.common.utils import test_utils from patrole_tempest_plugin import rbac_utils @@ -72,3 +75,13 @@ class BaseNetworkExtRbacTest(BaseNetworkRbacTest): cls.ntp_client = neutron_tempest_manager.network_client return manager + + @classmethod + def create_service_profile(cls): + service_profile = cls.ntp_client.create_service_profile( + metainfo=json.dumps({'foo': 'bar'})) + service_profile_id = service_profile["service_profile"]["id"] + cls.addClassResourceCleanup( + test_utils.call_and_ignore_notfound_exc, + cls.ntp_client.delete_service_profile, service_profile_id) + return service_profile_id diff --git a/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py b/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py new file mode 100644 index 00000000..db0b8f16 --- /dev/null +++ b/patrole_tempest_plugin/tests/api/network/test_flavor_service_profile_rbac.py @@ -0,0 +1,77 @@ +# Copyright 2018 AT&T Corporation. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.lib.common.utils import test_utils +from tempest.lib import decorators + +from patrole_tempest_plugin import rbac_rule_validation +from patrole_tempest_plugin.tests.api.network import rbac_base as base + + +class FlavorsServiceProfileExtRbacTest(base.BaseNetworkExtRbacTest): + @classmethod + def resource_setup(cls): + super(FlavorsServiceProfileExtRbacTest, cls).resource_setup() + providers = cls.ntp_client.list_service_providers() + if not providers["service_providers"]: + raise cls.skipException("No service_providers available.") + cls.service_type = providers["service_providers"][0]["service_type"] + + cls.flavor_id = cls.create_flavor() + cls.service_profile_id = cls.create_service_profile() + + @classmethod + def create_flavor(cls): + flavor = cls.ntp_client.create_flavor(service_type=cls.service_type) + flavor_id = flavor["flavor"]["id"] + cls.addClassResourceCleanup( + test_utils.call_and_ignore_notfound_exc, + cls.ntp_client.delete_flavor, flavor_id) + return flavor_id + + def create_flavor_service_profile(self, flavor_id, service_profile_id): + self.ntp_client.create_flavor_service_profile( + flavor_id, service_profile_id) + self.addCleanup( + test_utils.call_and_ignore_notfound_exc, + self.ntp_client.delete_flavor_service_profile, + flavor_id, service_profile_id) + + @decorators.idempotent_id('aa84b4c5-0dd6-4c34-aa81-3a76507f9b81') + @rbac_rule_validation.action(service="neutron", + rules=["create_flavor_service_profile"]) + def test_create_flavor_service_profile(self): + """Create flavor_service_profile. + + RBAC test for the neutron "create_flavor_service_profile" policy + """ + with self.rbac_utils.override_role(self): + self.create_flavor_service_profile(self.flavor_id, + self.service_profile_id) + + @decorators.idempotent_id('3b680d9e-946a-4670-ab7f-0e4576675833') + @rbac_rule_validation.action(service="neutron", + rules=["delete_flavor_service_profile"]) + def test_delete_flavor_service_profile(self): + """Delete flavor_service_profile. + + RBAC test for the neutron "delete_flavor_service_profile" policy + """ + self.create_flavor_service_profile(self.flavor_id, + self.service_profile_id) + + with self.rbac_utils.override_role(self): + self.ntp_client.delete_flavor_service_profile( + self.flavor_id, self.service_profile_id) diff --git a/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py index dea95ba4..76c0db36 100644 --- a/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py +++ b/patrole_tempest_plugin/tests/api/network/test_flavors_rbac.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_serialization import jsonutils as json - from tempest.lib.common.utils import data_utils from tempest.lib.common.utils import test_utils from tempest.lib import decorators @@ -118,72 +116,3 @@ class FlavorsExtRbacTest(base.BaseNetworkExtRbacTest): with self.rbac_utils.override_role(self): self.ntp_client.list_flavors() - - -class FlavorsServiceProfileExtRbacTest(base.BaseNetworkExtRbacTest): - @classmethod - def resource_setup(cls): - super(FlavorsServiceProfileExtRbacTest, cls).resource_setup() - providers = cls.ntp_client.list_service_providers() - if not providers["service_providers"]: - raise cls.skipException("No service_providers available.") - cls.service_type = providers["service_providers"][0]["service_type"] - - cls.flavor_id = cls.create_flavor() - cls.service_profile_id = cls.create_service_profile() - - @classmethod - def create_flavor(cls): - flavor = cls.ntp_client.create_flavor(service_type=cls.service_type) - flavor_id = flavor["flavor"]["id"] - cls.addClassResourceCleanup( - test_utils.call_and_ignore_notfound_exc, - cls.ntp_client.delete_flavor, flavor_id) - return flavor_id - - @classmethod - def create_service_profile(cls): - service_profile = cls.ntp_client.create_service_profile( - metainfo=json.dumps({'foo': 'bar'})) - service_profile_id = service_profile["service_profile"]["id"] - cls.addClassResourceCleanup( - test_utils.call_and_ignore_notfound_exc, - cls.ntp_client.delete_service_profile, service_profile_id) - return service_profile_id - - def create_flavor_service_profile(self, flavor_id, service_profile_id): - self.ntp_client.create_flavor_service_profile( - flavor_id, service_profile_id) - self.addCleanup( - test_utils.call_and_ignore_notfound_exc, - self.ntp_client.delete_flavor_service_profile, - flavor_id, service_profile_id) - - @decorators.idempotent_id('aa84b4c5-0dd6-4c34-aa81-3a76507f9b81') - @rbac_rule_validation.action(service="neutron", - rules=["create_flavor_service_profile"]) - def test_create_flavor_service_profile(self): - """Create flavor_service_profile. - - RBAC test for the neutron "create_flavor_service_profile" policy - """ - with self.rbac_utils.override_role(self): - self.create_flavor_service_profile(self.flavor_id, - self.service_profile_id) - - @decorators.idempotent_id('3b680d9e-946a-4670-ab7f-0e4576675833') - @rbac_rule_validation.action(service="neutron", - rules=["get_flavor_service_profile", - "delete_flavor_service_profile"], - expected_error_codes=[404, 403]) - def test_delete_flavor_service_profile(self): - """Delete flavor_service_profile. - - RBAC test for the neutron "delete_flavor_service_profile" policy - """ - self.create_flavor_service_profile(self.flavor_id, - self.service_profile_id) - - with self.rbac_utils.override_role(self): - self.ntp_client.delete_flavor_service_profile( - self.flavor_id, self.service_profile_id) diff --git a/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py b/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py new file mode 100644 index 00000000..9e82835b --- /dev/null +++ b/patrole_tempest_plugin/tests/api/network/test_service_profile_rbac.py @@ -0,0 +1,73 @@ +# Copyright 2018 AT&T Corporation. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.lib import decorators + +from patrole_tempest_plugin import rbac_rule_validation +from patrole_tempest_plugin.tests.api.network import rbac_base as base + + +class ServiceProfileExtRbacTest(base.BaseNetworkExtRbacTest): + @decorators.idempotent_id('6ce76efa-7400-44c1-80ec-58f79b1d89ca') + @rbac_rule_validation.action(service="neutron", + rules=["create_service_profile"]) + def test_create_service_profile(self): + """Create service profile + + RBAC test for the neutron "create_service_profile" policy + """ + with self.rbac_utils.override_role(self): + self.create_service_profile() + + @decorators.idempotent_id('e4c473b7-3ae9-4a2e-8cac-848f7b01187d') + @rbac_rule_validation.action(service="neutron", + rules=["get_service_profile"], + expected_error_codes=[404]) + def test_show_service_profile(self): + """Show service profile + + RBAC test for the neutron "get_service_profile" policy + """ + profile_id = self.create_service_profile() + with self.rbac_utils.override_role(self): + self.ntp_client.show_service_profile(profile_id) + + @decorators.idempotent_id('a3dd719d-4cd3-40cc-b4f1-5642e2717adf') + @rbac_rule_validation.action(service="neutron", + rules=["get_service_profile", + "update_service_profile"], + expected_error_codes=[404, 403]) + def test_update_service_profile(self): + """Update service profile + + RBAC test for the neutron "update_service_profile" policy + """ + profile_id = self.create_service_profile() + with self.rbac_utils.override_role(self): + self.ntp_client.update_service_profile(profile_id, enabled=False) + + @decorators.idempotent_id('926b60c2-04fe-4339-aa44-bf27121392e8') + @rbac_rule_validation.action(service="neutron", + rules=["get_service_profile", + "delete_service_profile"], + expected_error_codes=[404, 403]) + def test_delete_service_profile(self): + """Delete service profile + + RBAC test for the neutron "delete_service_profile" policy + """ + profile_id = self.create_service_profile() + with self.rbac_utils.override_role(self): + self.ntp_client.delete_service_profile(profile_id)