Add tests to cover segments
This patch set adds tests to cver the neutron segments API [0]. Test lists, gets, creates, updates, and deletes segments. Part of "Increase Neutron RBAC Coverage" initiative [1] [0] https://developer.openstack.org/api-ref/network/v2/index.html#segments [1] https://storyboard.openstack.org/#!/story/2002641 Story: 2002641 Task: 22306 Change-Id: I8eef0dcd5355d6212ead2bcb109f23ca0b613109
This commit is contained in:
parent
05a73499ce
commit
d067148212
49
.zuul.yaml
49
.zuul.yaml
|
@ -1,7 +1,9 @@
|
|||
- job:
|
||||
name: patrole-base
|
||||
parent: devstack-tempest
|
||||
description: Patrole base job for admin and member roles.
|
||||
description: |
|
||||
Patrole base job for admin and member roles. This job executes RBAC tests
|
||||
for all the "core" services that Tempest covers, excluding Swift.
|
||||
required-projects:
|
||||
- name: openstack/tempest
|
||||
- name: openstack/patrole
|
||||
|
@ -17,7 +19,7 @@
|
|||
- ^setup.cfg$
|
||||
vars:
|
||||
devstack_localrc:
|
||||
TEMPEST_PLUGINS: "'{{ ansible_user_dir }}/src/git.openstack.org/openstack/patrole'"
|
||||
TEMPEST_PLUGINS: "'/opt/stack/patrole'"
|
||||
devstack_plugins:
|
||||
patrole: git://git.openstack.org/openstack/patrole.git
|
||||
devstack_services:
|
||||
|
@ -127,6 +129,47 @@
|
|||
# Without Swift, c-bak cannot run (in the gate at least).
|
||||
c-bak: false
|
||||
|
||||
- job:
|
||||
name: patrole-plugin-base
|
||||
parent: patrole-base
|
||||
description: |
|
||||
Patrole plugin job for admin and member roles which
|
||||
runs RBAC tests for neutron-tempest-plugin APIs (if the plugin is installed).
|
||||
required-projects:
|
||||
- name: openstack/tempest
|
||||
- name: openstack/patrole
|
||||
- name: openstack/neutron-tempest-plugin
|
||||
vars:
|
||||
devstack_localrc:
|
||||
TEMPEST_PLUGINS: "'/opt/stack/patrole
|
||||
/opt/stack/neutron-tempest-plugin'"
|
||||
devstack_plugins:
|
||||
neutron: git://git.openstack.org/openstack/neutron.git
|
||||
patrole: git://git.openstack.org/openstack/patrole.git
|
||||
neutron-tempest-plugin: git://git.openstack.org/openstack/neutron-tempest-plugin.git
|
||||
devstack_services:
|
||||
tempest: true
|
||||
neutron: true
|
||||
neutron-segments: true
|
||||
|
||||
- job:
|
||||
name: patrole-plugin-member
|
||||
parent: patrole-plugin-base
|
||||
voting: false
|
||||
vars:
|
||||
devstack_localrc:
|
||||
RBAC_TEST_ROLE: member
|
||||
tempest_test_regex: (?=.*PluginRbacTest)(^patrole_tempest_plugin\.tests\.api)
|
||||
|
||||
- job:
|
||||
name: patrole-plugin-admin
|
||||
parent: patrole-plugin-base
|
||||
voting: false
|
||||
vars:
|
||||
devstack_localrc:
|
||||
RBAC_TEST_ROLE: admin
|
||||
tempest_test_regex: (?=.*PluginRbacTest)(^patrole_tempest_plugin\.tests\.api)
|
||||
|
||||
- project:
|
||||
check:
|
||||
jobs:
|
||||
|
@ -138,6 +181,8 @@
|
|||
- patrole-multinode-admin
|
||||
- patrole-multinode-member
|
||||
- openstack-tox-lower-constraints
|
||||
- patrole-plugin-admin
|
||||
- patrole-plugin-member
|
||||
gate:
|
||||
jobs:
|
||||
- patrole-admin
|
||||
|
|
|
@ -33,3 +33,41 @@ class BaseNetworkRbacTest(rbac_utils.RbacUtilsMixin,
|
|||
def setup_clients(cls):
|
||||
super(BaseNetworkRbacTest, cls).setup_clients()
|
||||
cls.setup_rbac_utils()
|
||||
|
||||
|
||||
class BaseNetworkPluginRbacTest(BaseNetworkRbacTest):
|
||||
"""Base class to be used with tests that require neutron-tempest-plugin.
|
||||
"""
|
||||
|
||||
@classmethod
|
||||
def skip_checks(cls):
|
||||
super(BaseNetworkPluginRbacTest, cls).skip_checks()
|
||||
|
||||
if not cls.is_neutron_tempest_plugin_avaliable():
|
||||
msg = ("neutron-tempest-plugin not installed.")
|
||||
raise cls.skipException(msg)
|
||||
|
||||
@classmethod
|
||||
def is_neutron_tempest_plugin_avaliable(cls):
|
||||
try:
|
||||
import neutron_tempest_plugin # noqa
|
||||
return True
|
||||
except ImportError:
|
||||
return False
|
||||
|
||||
@classmethod
|
||||
def get_client_manager(cls, credential_type=None, roles=None,
|
||||
force_new=None):
|
||||
manager = super(BaseNetworkPluginRbacTest, cls).get_client_manager(
|
||||
credential_type=credential_type,
|
||||
roles=roles,
|
||||
force_new=force_new
|
||||
)
|
||||
|
||||
# Import neutron-tempest-plugin clients
|
||||
if cls.is_neutron_tempest_plugin_avaliable():
|
||||
from neutron_tempest_plugin.api import clients
|
||||
neutron_tempest_manager = clients.Manager(manager.credentials)
|
||||
cls.ntp_client = neutron_tempest_manager.network_client
|
||||
|
||||
return manager
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
# Copyright 2018 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import random
|
||||
|
||||
from tempest.common import utils
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.network import rbac_base as base
|
||||
|
||||
|
||||
class SegmentsPluginRbacTest(base.BaseNetworkPluginRbacTest):
|
||||
|
||||
@classmethod
|
||||
def skip_checks(cls):
|
||||
super(SegmentsPluginRbacTest, cls).skip_checks()
|
||||
if not utils.is_extension_enabled('segment', 'network'):
|
||||
msg = "segment extension not enabled."
|
||||
raise cls.skipException(msg)
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(SegmentsPluginRbacTest, cls).resource_setup()
|
||||
cls.network = cls.create_network()
|
||||
|
||||
@classmethod
|
||||
def get_free_segmentation_id(cls):
|
||||
# Select unused segmentation_id to prevent usage conflict
|
||||
segments = cls.ntp_client.list_segments()["segments"]
|
||||
segmentation_ids = [s["segmentation_id"] for s in segments]
|
||||
|
||||
# With 2+ concurrency, tests that ran in the same moment may fail due
|
||||
# to usage conflict. To prevent it we select segmentation to start
|
||||
# randomly.
|
||||
segmentation_id = random.randint(1000, 5000)
|
||||
while segmentation_id in segmentation_ids:
|
||||
segmentation_id += 1
|
||||
|
||||
return segmentation_id
|
||||
|
||||
@classmethod
|
||||
def create_segment(cls, network):
|
||||
segmentation_id = cls.get_free_segmentation_id()
|
||||
|
||||
seg = cls.ntp_client.create_segment(
|
||||
network_id=network['id'], network_type="gre",
|
||||
segmentation_id=segmentation_id)
|
||||
cls.addClassResourceCleanup(
|
||||
test_utils.call_and_ignore_notfound_exc,
|
||||
cls.ntp_client.delete_segment, seg['segment']['id'])
|
||||
|
||||
return seg
|
||||
|
||||
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08126')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["create_segment"])
|
||||
def test_create_segment(self):
|
||||
"""Create segment.
|
||||
|
||||
RBAC test for the neutron "create_segment" policy
|
||||
"""
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.create_segment(self.network)
|
||||
|
||||
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08127')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_segment"])
|
||||
def test_show_segment(self):
|
||||
"""Show segment.
|
||||
|
||||
RBAC test for the neutron "get_segment" policy
|
||||
"""
|
||||
segment = self.create_segment(self.network)
|
||||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.show_segment(segment['segment']['id'])
|
||||
|
||||
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08128')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_segment",
|
||||
"update_segment"])
|
||||
def test_update_segment(self):
|
||||
"""Update segment.
|
||||
|
||||
RBAC test for the neutron "update_segment" policy
|
||||
"""
|
||||
segment = self.create_segment(self.network)
|
||||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.update_segment(segment['segment']['id'],
|
||||
name="NewName")
|
||||
|
||||
@decorators.idempotent_id('c02618e7-bb20-1a3a-83c8-6eec2af08129')
|
||||
@rbac_rule_validation.action(service="neutron",
|
||||
rules=["get_segment",
|
||||
"delete_segment"])
|
||||
def test_delete_segment(self):
|
||||
"""Delete segment.
|
||||
|
||||
RBAC test for the neutron "delete_segment" policy
|
||||
"""
|
||||
segment = self.create_segment(self.network)
|
||||
|
||||
with self.rbac_utils.override_role(self):
|
||||
self.ntp_client.delete_segment(segment['segment']['id'])
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
In order to strive toward complete test coverage for the services it
|
||||
tests, Patrole now offers RBAC coverage for the APIs included in
|
||||
neutron-tempest-plugin. If this plugin is not installed or enabled, then
|
||||
Patrole will skip those tests.
|
Loading…
Reference in New Issue