From be0154c17d1b88c867f3d837fd425139b44b9787 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Mon, 30 Mar 2020 14:15:28 -0500 Subject: [PATCH] Update compute instance-usage and agents tests to adopt new policies Nova is moving to new policy defaults in ussuri[1] where few polciies are made more granular to adopt the new defaults. With granularity in few policies make change in policy name so we have update the patrole tests to start checking against the new policy names from ussuri onwards. This commit updates the os-instance-usage-audit-log and os-agents tests to move to new policies from ussuri onwards. [1] https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/policy-defaults-refresh.html Change-Id: I9eb2964c0ffb7022d52fc94c97bbd25c76b6d6d8 --- .../tests/api/compute/test_agents_rbac.py | 22 +++++++++++++++---- .../test_instance_usages_audit_log_rbac.py | 14 ++++++++++-- ...pt_nova_new_policies-c61d1c3751ff1bf9.yaml | 2 ++ 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py index 3ca5e9d4..ba4c71a8 100644 --- a/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py +++ b/patrole_tempest_plugin/tests/api/compute/test_agents_rbac.py @@ -14,6 +14,7 @@ # under the License. from tempest.common import utils +from tempest import config from tempest.lib.common.utils import data_utils from tempest.lib.common.utils import test_utils from tempest.lib import decorators @@ -21,6 +22,19 @@ from tempest.lib import decorators from patrole_tempest_plugin import rbac_rule_validation from patrole_tempest_plugin.tests.api.compute import rbac_base +CONF = config.CONF + +if CONF.policy_feature_enabled.changed_nova_policies_ussuri: + _AGENTS_LIST = "os_compute_api:os-agents:list" + _AGENTS_CREATE = "os_compute_api:os-agents:create" + _AGENTS_UPDATE = "os_compute_api:os-agents:update" + _AGENTS_DELETE = "os_compute_api:os-agents:delete" +else: + _AGENTS_LIST = "os_compute_api:os-agents" + _AGENTS_CREATE = "os_compute_api:os-agents" + _AGENTS_UPDATE = "os_compute_api:os-agents" + _AGENTS_DELETE = "os_compute_api:os-agents" + class AgentsRbacTest(rbac_base.BaseV2ComputeRbacTest): @@ -42,7 +56,7 @@ class AgentsRbacTest(rbac_base.BaseV2ComputeRbacTest): return kwargs @rbac_rule_validation.action( - service="nova", rules=["os_compute_api:os-agents"]) + service="nova", rules=[_AGENTS_LIST]) @decorators.idempotent_id('d1bc6d97-07f5-4f45-ac29-1c619a6a7e27') def test_list_agents_rbac(self): with self.override_role(): @@ -50,7 +64,7 @@ class AgentsRbacTest(rbac_base.BaseV2ComputeRbacTest): @rbac_rule_validation.action( service="nova", - rules=["os_compute_api:os-agents"]) + rules=[_AGENTS_CREATE]) @decorators.idempotent_id('77d6cae4-1ced-47f7-af2e-3d6a45958fd6') def test_create_agent(self): params = {'hypervisor': 'kvm', 'os': 'win', 'architecture': 'x86', @@ -63,7 +77,7 @@ class AgentsRbacTest(rbac_base.BaseV2ComputeRbacTest): @rbac_rule_validation.action( service="nova", - rules=["os_compute_api:os-agents"]) + rules=[_AGENTS_UPDATE]) @decorators.idempotent_id('b22f2681-9ffb-439b-b240-dae503e41020') def test_update_agent(self): params = self._param_helper( @@ -84,7 +98,7 @@ class AgentsRbacTest(rbac_base.BaseV2ComputeRbacTest): @rbac_rule_validation.action( service="nova", - rules=["os_compute_api:os-agents"]) + rules=[_AGENTS_DELETE]) @decorators.idempotent_id('c5042af8-0682-43b0-abc4-bf33349e23dd') def test_delete_agent(self): params = self._param_helper( diff --git a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py index 603b1e23..72c4b022 100644 --- a/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py +++ b/patrole_tempest_plugin/tests/api/compute/test_instance_usages_audit_log_rbac.py @@ -18,11 +18,21 @@ import datetime from six.moves.urllib import parse as urllib from tempest.common import utils +from tempest import config from tempest.lib import decorators from patrole_tempest_plugin import rbac_rule_validation from patrole_tempest_plugin.tests.api.compute import rbac_base +CONF = config.CONF + +if CONF.policy_feature_enabled.changed_nova_policies_ussuri: + _INSTANCE_USAGE_LIST = "os_compute_api:os-instance-usage-audit-log:list" + _INSTANCE_USAGE_SHOW = "os_compute_api:os-instance-usage-audit-log:show" +else: + _INSTANCE_USAGE_LIST = "os_compute_api:os-instance-usage-audit-log" + _INSTANCE_USAGE_SHOW = "os_compute_api:os-instance-usage-audit-log" + class InstanceUsagesAuditLogRbacTest(rbac_base.BaseV2ComputeRbacTest): @@ -36,7 +46,7 @@ class InstanceUsagesAuditLogRbacTest(rbac_base.BaseV2ComputeRbacTest): @decorators.idempotent_id('c80246c0-5c13-4ab0-97ba-91551cd53dc1') @rbac_rule_validation.action( - service="nova", rules=["os_compute_api:os-instance-usage-audit-log"]) + service="nova", rules=[_INSTANCE_USAGE_LIST]) def test_list_instance_usage_audit_logs(self): with self.override_role(): (self.instance_usages_audit_log_client @@ -44,7 +54,7 @@ class InstanceUsagesAuditLogRbacTest(rbac_base.BaseV2ComputeRbacTest): @decorators.idempotent_id('ded8bfbd-5d90-4a58-aee0-d31231bf3c9b') @rbac_rule_validation.action( - service="nova", rules=["os_compute_api:os-instance-usage-audit-log"]) + service="nova", rules=[_INSTANCE_USAGE_SHOW]) def test_show_instance_usage_audit_log(self): now = datetime.datetime.now() diff --git a/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml index cb3d0472..48cdc08d 100644 --- a/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml +++ b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml @@ -10,3 +10,5 @@ features: - os_compute_api:os-services - os_compute_api:deferred_delete - os_compute_api:os-attach-interfaces + - os_compute_api:os-instance-usage-audit-log + - os_compute_api:os-agents