Merge "Add rbac tests for regions"

ranger_tempest_plugin/tests/api/rms_base.py

@@ -14,6 +14,7 @@
 #    under the License.
 
 from oslo_log import log as logging
+from ranger_tempest_plugin.data_utils import data_utils
 from ranger_tempest_plugin.tests.api import base
 
 from tempest import config
@@ -24,6 +25,34 @@ LOG = logging.getLogger(__name__)
 
 class RmsBaseOrmTest(base.BaseOrmTest):
 
+    @classmethod
+    def resource_setup(cls):
+        cls.setup_ids = []
+        # create standard region
+        _, cls.region_1 = cls.client.create_region(data_utils.rand_name())
+        cls.setup_ids.append(cls.region_1['id'])
+        # create region sharing region_1 properties
+        _, cls.region_2 = cls.client.create_region(data_utils.rand_name())
+        cls.setup_ids.append(cls.region_2['id'])
+        # create region with differing properties
+        _, cls.region_3 = cls.client.create_region(
+            data_utils.rand_name(),
+            **{'status': 'down',
+                'rangerAgentVersion': '3.0',
+                'OSVersion': 'mitaka',
+                'CLLI': '123450',
+                'address': {'country': 'Mexico', 'state': 'Sonora',
+                            'city': 'Nogales', 'street': '12 main',
+                            'zip': '84000'},
+                'metadata': {'meta1': ['val1']},
+                'designType': 'large'})
+        cls.setup_ids.append(cls.region_3['id'])
+
+        for region_id in cls.setup_ids:
+            cls.addClassResourceCleanup(cls.client.delete_region, region_id)
+
+        super(RmsBaseOrmTest, cls).resource_setup()
+
     @classmethod
     def setup_clients(cls):
         cls.client = cls.os_primary.rms_client

ranger_tempest_plugin/tests/api/test_regions.py

@@ -28,34 +28,6 @@ CONF = config.CONF
 
 class TestTempestRegion(rms_base.RmsBaseOrmTest):
 
-    @classmethod
-    def resource_setup(cls):
-        cls.setup_ids = []
-        # create standard region
-        _, cls.region_1 = cls.client.create_region(data_utils.rand_name())
-        cls.setup_ids.append(cls.region_1['id'])
-        # create region sharing region_1 properties
-        _, cls.region_2 = cls.client.create_region(data_utils.rand_name())
-        cls.setup_ids.append(cls.region_2['id'])
-        # create region with differing properties
-        _, cls.region_3 = cls.client.create_region(
-            data_utils.rand_name(),
-            **{'status': 'down',
-                'rangerAgentVersion': '3.0',
-                'OSVersion': 'mitaka',
-                'CLLI': '123450',
-                'address': {'country': 'Mexico', 'state': 'Sonora',
-                            'city': 'Nogales', 'street': '12 main',
-                            'zip': '84000'},
-                'metadata': {'meta1': ['val1']},
-                'designType': 'large'})
-        cls.setup_ids.append(cls.region_3['id'])
-
-        for region_id in cls.setup_ids:
-            cls.addClassResourceCleanup(cls.client.delete_region, region_id)
-
-        super(TestTempestRegion, cls).resource_setup()
-
     @decorators.idempotent_id('829c7da0-2332-4f80-ad35-24306b67ed0e')
     def test_create_and_delete_region(self):
         # create new region for API test

ranger_tempest_plugin/tests/rbac/test_regions.py

@@ -0,0 +1,129 @@
+# Copyright (c) 2019 AT&T Intellectual Property. All other rights reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin import rbac_utils
+
+from tempest.lib import decorators
+from tempest.lib.common.utils import data_utils
+
+from ranger_tempest_plugin import data_utils as orm_data_utils
+from ranger_tempest_plugin.tests.api import rms_base
+
+
+class TestRegion(rbac_utils.RbacUtilsMixin, rms_base.RmsBaseOrmTest):
+
+    @classmethod
+    def setup_clients(cls):
+        super(TestRegion, cls).setup_clients()
+        cls.client = cls.os_primary.rms_rbac_client
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['region:get_all'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('f8be1f6b-7e3f-40ea-b099-1fd57e4124a1')
+    def test_list_regions(self):
+        with self.override_role():
+            self.client.list_regions()
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['region:get_one'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('0a97dd58-d4b0-448b-b7f4-9fdbc99efce3')
+    def test_get_region(self):
+        filter = {'regionname': self.region_1['name']}
+        with self.override_role():
+            self.client.list_regions(filter)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['region:create'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('3d5895cf-ec8b-44f4-8d52-183baf2ff062')
+    def test_create_region(self):
+        region_id = None
+        with self.override_role():
+            _, region = self.client.create_region(data_utils.rand_name())
+            region_id = region['id']
+        self.client.delete_region(region_id)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['region:update'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('cbb32c8f-f183-42c4-a9d9-61e93d066c5f')
+    def test_update_region(self):
+        id = self.setup_ids[-1]
+        region = orm_data_utils.rand_region(id)
+        with self.override_role():
+            self.client.update_region(id, **region)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['region:delete'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('62596380-c8a8-4832-8b3a-c665d2ecf18f')
+    def test_delete_region(self):
+        _, region = self.client.create_region(data_utils.rand_name())
+        region_id = region['id']
+        with self.override_role():
+            self.client.delete_region(region_id)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['metadata:get'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('96dbb841-52b6-4366-b62b-cdbb820c9c24')
+    def test_get_region_metadata(self):
+        with self.override_role():
+            self.client.get_region_metadata(self.region_1['id'])
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['metadata:create'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('4fa6d3ff-8a77-462c-a856-7f65d0579400')
+    def test_add_region_metadata(self):
+        metadata = {}
+        metadata['metadata'] = orm_data_utils.rand_region_metadata()
+        with self.override_role():
+            self.client.add_region_metadata(self.region_1['id'], **metadata)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['metadata:update'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('01c592b1-6357-4daa-8150-9476c5644d8b')
+    def test_update_region_metadata(self):
+        metadata = {}
+        metadata['metadata'] = orm_data_utils.rand_region_metadata()
+        with self.override_role():
+            self.client.update_region_metadata(self.region_1['id'], metadata)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['metadata:delete'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('25b5d305-586f-4ef5-9774-e46362a69b4c')
+    def test_delete_region_metadata(self):
+        metadata = {}
+        metadata['metadata'] = orm_data_utils.rand_region_metadata()
+        key = list(metadata['metadata'].keys())[0]
+        self.client.add_region_metadata(self.region_1['id'], **metadata)
+        with self.override_role():
+            self.client.delete_region_metadata(self.region_1['id'], key)
+
+    @rbac_rule_validation.action(service='ranger',
+                                 rules=['status:put'],
+                                 expected_error_codes=[403])
+    @decorators.idempotent_id('57a73d35-0e40-4fd1-b2ea-2fd6ac8364d5')
+    def test_update_region_status(self):
+        status = {}
+        status['status'] = orm_data_utils.rand_region_status(
+            [self.region_1['status']])
+        with self.override_role():
+            self.client.update_region_status(self.region_1['id'], status)