diff --git a/ranger_tempest_plugin/tests/api/rms_base.py b/ranger_tempest_plugin/tests/api/rms_base.py index 81e5a09..b0f6886 100755 --- a/ranger_tempest_plugin/tests/api/rms_base.py +++ b/ranger_tempest_plugin/tests/api/rms_base.py @@ -14,6 +14,7 @@ # under the License. from oslo_log import log as logging +from ranger_tempest_plugin.data_utils import data_utils from ranger_tempest_plugin.tests.api import base from tempest import config @@ -24,6 +25,34 @@ LOG = logging.getLogger(__name__) class RmsBaseOrmTest(base.BaseOrmTest): + @classmethod + def resource_setup(cls): + cls.setup_ids = [] + # create standard region + _, cls.region_1 = cls.client.create_region(data_utils.rand_name()) + cls.setup_ids.append(cls.region_1['id']) + # create region sharing region_1 properties + _, cls.region_2 = cls.client.create_region(data_utils.rand_name()) + cls.setup_ids.append(cls.region_2['id']) + # create region with differing properties + _, cls.region_3 = cls.client.create_region( + data_utils.rand_name(), + **{'status': 'down', + 'rangerAgentVersion': '3.0', + 'OSVersion': 'mitaka', + 'CLLI': '123450', + 'address': {'country': 'Mexico', 'state': 'Sonora', + 'city': 'Nogales', 'street': '12 main', + 'zip': '84000'}, + 'metadata': {'meta1': ['val1']}, + 'designType': 'large'}) + cls.setup_ids.append(cls.region_3['id']) + + for region_id in cls.setup_ids: + cls.addClassResourceCleanup(cls.client.delete_region, region_id) + + super(RmsBaseOrmTest, cls).resource_setup() + @classmethod def setup_clients(cls): cls.client = cls.os_primary.rms_client diff --git a/ranger_tempest_plugin/tests/api/test_regions.py b/ranger_tempest_plugin/tests/api/test_regions.py index 5036b27..7c9f293 100755 --- a/ranger_tempest_plugin/tests/api/test_regions.py +++ b/ranger_tempest_plugin/tests/api/test_regions.py @@ -28,34 +28,6 @@ CONF = config.CONF class TestTempestRegion(rms_base.RmsBaseOrmTest): - @classmethod - def resource_setup(cls): - cls.setup_ids = [] - # create standard region - _, cls.region_1 = cls.client.create_region(data_utils.rand_name()) - cls.setup_ids.append(cls.region_1['id']) - # create region sharing region_1 properties - _, cls.region_2 = cls.client.create_region(data_utils.rand_name()) - cls.setup_ids.append(cls.region_2['id']) - # create region with differing properties - _, cls.region_3 = cls.client.create_region( - data_utils.rand_name(), - **{'status': 'down', - 'rangerAgentVersion': '3.0', - 'OSVersion': 'mitaka', - 'CLLI': '123450', - 'address': {'country': 'Mexico', 'state': 'Sonora', - 'city': 'Nogales', 'street': '12 main', - 'zip': '84000'}, - 'metadata': {'meta1': ['val1']}, - 'designType': 'large'}) - cls.setup_ids.append(cls.region_3['id']) - - for region_id in cls.setup_ids: - cls.addClassResourceCleanup(cls.client.delete_region, region_id) - - super(TestTempestRegion, cls).resource_setup() - @decorators.idempotent_id('829c7da0-2332-4f80-ad35-24306b67ed0e') def test_create_and_delete_region(self): # create new region for API test diff --git a/ranger_tempest_plugin/tests/rbac/test_regions.py b/ranger_tempest_plugin/tests/rbac/test_regions.py new file mode 100644 index 0000000..47ba820 --- /dev/null +++ b/ranger_tempest_plugin/tests/rbac/test_regions.py @@ -0,0 +1,129 @@ +# Copyright (c) 2019 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from patrole_tempest_plugin import rbac_rule_validation +from patrole_tempest_plugin import rbac_utils + +from tempest.lib import decorators +from tempest.lib.common.utils import data_utils + +from ranger_tempest_plugin import data_utils as orm_data_utils +from ranger_tempest_plugin.tests.api import rms_base + + +class TestRegion(rbac_utils.RbacUtilsMixin, rms_base.RmsBaseOrmTest): + + @classmethod + def setup_clients(cls): + super(TestRegion, cls).setup_clients() + cls.client = cls.os_primary.rms_rbac_client + + @rbac_rule_validation.action(service='ranger', + rules=['region:get_all'], + expected_error_codes=[403]) + @decorators.idempotent_id('f8be1f6b-7e3f-40ea-b099-1fd57e4124a1') + def test_list_regions(self): + with self.override_role(): + self.client.list_regions() + + @rbac_rule_validation.action(service='ranger', + rules=['region:get_one'], + expected_error_codes=[403]) + @decorators.idempotent_id('0a97dd58-d4b0-448b-b7f4-9fdbc99efce3') + def test_get_region(self): + filter = {'regionname': self.region_1['name']} + with self.override_role(): + self.client.list_regions(filter) + + @rbac_rule_validation.action(service='ranger', + rules=['region:create'], + expected_error_codes=[403]) + @decorators.idempotent_id('3d5895cf-ec8b-44f4-8d52-183baf2ff062') + def test_create_region(self): + region_id = None + with self.override_role(): + _, region = self.client.create_region(data_utils.rand_name()) + region_id = region['id'] + self.client.delete_region(region_id) + + @rbac_rule_validation.action(service='ranger', + rules=['region:update'], + expected_error_codes=[403]) + @decorators.idempotent_id('cbb32c8f-f183-42c4-a9d9-61e93d066c5f') + def test_update_region(self): + id = self.setup_ids[-1] + region = orm_data_utils.rand_region(id) + with self.override_role(): + self.client.update_region(id, **region) + + @rbac_rule_validation.action(service='ranger', + rules=['region:delete'], + expected_error_codes=[403]) + @decorators.idempotent_id('62596380-c8a8-4832-8b3a-c665d2ecf18f') + def test_delete_region(self): + _, region = self.client.create_region(data_utils.rand_name()) + region_id = region['id'] + with self.override_role(): + self.client.delete_region(region_id) + + @rbac_rule_validation.action(service='ranger', + rules=['metadata:get'], + expected_error_codes=[403]) + @decorators.idempotent_id('96dbb841-52b6-4366-b62b-cdbb820c9c24') + def test_get_region_metadata(self): + with self.override_role(): + self.client.get_region_metadata(self.region_1['id']) + + @rbac_rule_validation.action(service='ranger', + rules=['metadata:create'], + expected_error_codes=[403]) + @decorators.idempotent_id('4fa6d3ff-8a77-462c-a856-7f65d0579400') + def test_add_region_metadata(self): + metadata = {} + metadata['metadata'] = orm_data_utils.rand_region_metadata() + with self.override_role(): + self.client.add_region_metadata(self.region_1['id'], **metadata) + + @rbac_rule_validation.action(service='ranger', + rules=['metadata:update'], + expected_error_codes=[403]) + @decorators.idempotent_id('01c592b1-6357-4daa-8150-9476c5644d8b') + def test_update_region_metadata(self): + metadata = {} + metadata['metadata'] = orm_data_utils.rand_region_metadata() + with self.override_role(): + self.client.update_region_metadata(self.region_1['id'], metadata) + + @rbac_rule_validation.action(service='ranger', + rules=['metadata:delete'], + expected_error_codes=[403]) + @decorators.idempotent_id('25b5d305-586f-4ef5-9774-e46362a69b4c') + def test_delete_region_metadata(self): + metadata = {} + metadata['metadata'] = orm_data_utils.rand_region_metadata() + key = list(metadata['metadata'].keys())[0] + self.client.add_region_metadata(self.region_1['id'], **metadata) + with self.override_role(): + self.client.delete_region_metadata(self.region_1['id'], key) + + @rbac_rule_validation.action(service='ranger', + rules=['status:put'], + expected_error_codes=[403]) + @decorators.idempotent_id('57a73d35-0e40-4fd1-b2ea-2fd6ac8364d5') + def test_update_region_status(self): + status = {} + status['status'] = orm_data_utils.rand_region_status( + [self.region_1['status']]) + with self.override_role(): + self.client.update_region_status(self.region_1['id'], status)