def test_create_delete_access_rules_with_one_ip(self, version, ip_version): if ip_version == 4: access_to = utils.rand_ip() else: access_to = utils.rand_ipv6_ip() if utils.is_microversion_le(version, '2.9'): client = self.shares_client else: client = self.shares_v2_client # create rule rule = self.allow_access(self.share["id"], client=client, access_type=self.access_type, access_to=access_to, version=version) self.assertEqual('rw', rule['access_level']) for key in ('deleted', 'deleted_at', 'instance_mappings'): self.assertNotIn(key, rule.keys()) # rules must start out in 'new' until 2.28 & 'queued_to_apply' after if utils.is_microversion_le(version, "2.27"): self.assertEqual("new", rule['state']) else: self.assertEqual("queued_to_apply", rule['state'])
def resource_setup(cls): super(AccessRulesMetadataTest, cls).resource_setup() cls.protocol = cls.shares_v2_client.share_protocol cls.access_type, __ = cls._get_access_rule_data_from_config() int_range = range(20, 50) cls.access_to = { # list of unique values is required for ability to create lots # of access rules for one share using different API microversions. 'ip': set([utils.rand_ipv6_ip() for i in int_range]), # following users are fakes and access rules that use it are # expected to fail, but they are used only for API testing. 'user': ['foo_user_%d' % i for i in int_range], 'cert': ['tenant_%d.example.com' % i for i in int_range], 'cephx': ['eve%d' % i for i in int_range], } # create share type cls.share_type = cls.create_share_type() cls.share_type_id = cls.share_type['id'] # create share cls.share = cls.create_share(share_type_id=cls.share_type_id) cls.md1 = {"key1": "value1", "key2": "value2"} cls.access = cls.shares_v2_client.create_access_rule( cls.share["id"], cls.access_type, cls.access_to[cls.access_type].pop(), 'rw', metadata=cls.md1)['access']
def test_create_delete_access_rules_with_one_ip(self, version, ip_version): if ip_version == 4: access_to = utils.rand_ip() else: access_to = utils.rand_ipv6_ip() # create rule if utils.is_microversion_eq(version, '1.0'): rule = self.shares_client.create_access_rule( self.share["id"], self.access_type, access_to)['access'] else: rule = self.shares_v2_client.create_access_rule( self.share["id"], self.access_type, access_to, version=version)['access'] self.assertEqual('rw', rule['access_level']) for key in ('deleted', 'deleted_at', 'instance_mappings'): self.assertNotIn(key, rule.keys()) # rules must start out in 'new' until 2.28 & 'queued_to_apply' after if utils.is_microversion_le(version, "2.27"): self.assertEqual("new", rule['state']) else: self.assertEqual("queued_to_apply", rule['state']) if utils.is_microversion_eq(version, '1.0'): waiters.wait_for_resource_status(self.shares_client, self.share["id"], "active", resource_name='access_rule', rule_id=rule["id"]) elif utils.is_microversion_eq(version, '2.9'): waiters.wait_for_resource_status(self.shares_v2_client, self.share["id"], "active", resource_name='access_rule', rule_id=rule["id"]) else: waiters.wait_for_resource_status(self.shares_v2_client, self.share["id"], "active", status_attr='access_rules_status', version=version) # delete rule and wait for deletion if utils.is_microversion_eq(version, '1.0'): self.shares_client.delete_access_rule(self.share["id"], rule["id"]) self.shares_client.wait_for_resource_deletion( rule_id=rule["id"], share_id=self.share['id']) else: self.shares_v2_client.delete_access_rule(self.share["id"], rule["id"], version=version) self.shares_v2_client.wait_for_resource_deletion( rule_id=rule["id"], share_id=self.share['id'], version=version)
def resource_setup(cls): super(AccessRulesMetadataTest, cls).resource_setup() # The share access rule metadata doesn't care about the value of # access type, access protocol, access_to, so we only get one of # the value that the driver support. if not (any(p in CONF.share.enable_ip_rules_for_protocols for p in cls.protocols) or any(p in CONF.share.enable_user_rules_for_protocols for p in cls.protocols) or any(p in CONF.share.enable_cert_rules_for_protocols for p in cls.protocols) or any(p in CONF.share.enable_cephx_rules_for_protocols for p in cls.protocols)): cls.message = "Rule tests are disabled" raise cls.skipException(cls.message) if CONF.share.enable_ip_rules_for_protocols: cls.protocol = CONF.share.enable_ip_rules_for_protocols[0] cls.access_type = "ip" elif CONF.share.enable_user_rules_for_protocols: cls.protocol = CONF.share.enable_user_rules_for_protocols[0] cls.access_type = "user" elif CONF.share.enable_cert_rules_for_protocols: cls.protocol = CONF.share.enable_cert_rules_for_protocols[0] cls.access_type = "cert" elif CONF.share.enable_cephx_rules_for_protocols: cls.protocol = CONF.share.enable_cephx_rules_for_protocols[0] cls.access_type = "cephx" cls.shares_v2_client.share_protocol = cls.protocol int_range = range(20, 50) cls.access_to = { # list of unique values is required for ability to create lots # of access rules for one share using different API microversions. 'ip': set([utils.rand_ipv6_ip() for i in int_range]), # following users are fakes and access rules that use it are # expected to fail, but they are used only for API testing. 'user': ['foo_user_%d' % i for i in int_range], 'cert': ['tenant_%d.example.com' % i for i in int_range], 'cephx': ['eve%d' % i for i in int_range], } # create share type cls.share_type = cls._create_share_type() cls.share_type_id = cls.share_type['id'] # create share cls.share = cls.create_share(share_type_id=cls.share_type_id) cls.md1 = {"key1": "value1", "key2": "value2"} cls.access = cls.shares_v2_client.create_access_rule( cls.share["id"], cls.access_type, cls.access_to[cls.access_type].pop(), 'rw', metadata=cls.md1)
def test_create_delete_access_rule_with_cidr(self, version, ip_version): if ip_version == 4: access_to = utils.rand_ip(network=True) else: access_to = utils.rand_ipv6_ip(network=True) if utils.is_microversion_le(version, '2.9'): client = self.shares_client else: client = self.shares_v2_client # create rule rule = self.allow_access(self.share["id"], client=client, access_type=self.access_type, access_to=access_to, version=version) for key in ('deleted', 'deleted_at', 'instance_mappings'): self.assertNotIn(key, rule.keys()) self.assertEqual('rw', rule['access_level'])