def test_create_delete_access_rules_with_one_ip(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip()
else:
access_to = utils.rand_ipv6_ip()
if utils.is_microversion_le(version, '2.9'):
client = self.shares_client
else:
client = self.shares_v2_client
# create rule
rule = self.allow_access(self.share["id"],
client=client,
access_type=self.access_type,
access_to=access_to,
version=version)
self.assertEqual('rw', rule['access_level'])
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
# rules must start out in 'new' until 2.28 & 'queued_to_apply' after
if utils.is_microversion_le(version, "2.27"):
self.assertEqual("new", rule['state'])
else:
self.assertEqual("queued_to_apply", rule['state'])
def resource_setup(cls):
super(AccessRulesMetadataTest, cls).resource_setup()
cls.protocol = cls.shares_v2_client.share_protocol
cls.access_type, __ = cls._get_access_rule_data_from_config()
int_range = range(20, 50)
cls.access_to = {
# list of unique values is required for ability to create lots
# of access rules for one share using different API microversions.
'ip': set([utils.rand_ipv6_ip() for i in int_range]),
# following users are fakes and access rules that use it are
# expected to fail, but they are used only for API testing.
'user': ['foo_user_%d' % i for i in int_range],
'cert': ['tenant_%d.example.com' % i for i in int_range],
'cephx': ['eve%d' % i for i in int_range],
}
# create share type
cls.share_type = cls.create_share_type()
cls.share_type_id = cls.share_type['id']
# create share
cls.share = cls.create_share(share_type_id=cls.share_type_id)
cls.md1 = {"key1": "value1", "key2": "value2"}
cls.access = cls.shares_v2_client.create_access_rule(
cls.share["id"],
cls.access_type,
cls.access_to[cls.access_type].pop(),
'rw',
metadata=cls.md1)['access']
def test_create_delete_access_rules_with_one_ip(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip()
else:
access_to = utils.rand_ipv6_ip()
# create rule
if utils.is_microversion_eq(version, '1.0'):
rule = self.shares_client.create_access_rule(
self.share["id"], self.access_type, access_to)['access']
else:
rule = self.shares_v2_client.create_access_rule(
self.share["id"], self.access_type, access_to,
version=version)['access']
self.assertEqual('rw', rule['access_level'])
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
# rules must start out in 'new' until 2.28 & 'queued_to_apply' after
if utils.is_microversion_le(version, "2.27"):
self.assertEqual("new", rule['state'])
else:
self.assertEqual("queued_to_apply", rule['state'])
if utils.is_microversion_eq(version, '1.0'):
waiters.wait_for_resource_status(self.shares_client,
self.share["id"],
"active",
resource_name='access_rule',
rule_id=rule["id"])
elif utils.is_microversion_eq(version, '2.9'):
waiters.wait_for_resource_status(self.shares_v2_client,
self.share["id"],
"active",
resource_name='access_rule',
rule_id=rule["id"])
else:
waiters.wait_for_resource_status(self.shares_v2_client,
self.share["id"],
"active",
status_attr='access_rules_status',
version=version)
# delete rule and wait for deletion
if utils.is_microversion_eq(version, '1.0'):
self.shares_client.delete_access_rule(self.share["id"], rule["id"])
self.shares_client.wait_for_resource_deletion(
rule_id=rule["id"], share_id=self.share['id'])
else:
self.shares_v2_client.delete_access_rule(self.share["id"],
rule["id"],
version=version)
self.shares_v2_client.wait_for_resource_deletion(
rule_id=rule["id"], share_id=self.share['id'], version=version)
def resource_setup(cls):
super(AccessRulesMetadataTest, cls).resource_setup()
# The share access rule metadata doesn't care about the value of
# access type, access protocol, access_to, so we only get one of
# the value that the driver support.
if not (any(p in CONF.share.enable_ip_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_user_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_cert_rules_for_protocols
for p in cls.protocols)
or any(p in CONF.share.enable_cephx_rules_for_protocols
for p in cls.protocols)):
cls.message = "Rule tests are disabled"
raise cls.skipException(cls.message)
if CONF.share.enable_ip_rules_for_protocols:
cls.protocol = CONF.share.enable_ip_rules_for_protocols[0]
cls.access_type = "ip"
elif CONF.share.enable_user_rules_for_protocols:
cls.protocol = CONF.share.enable_user_rules_for_protocols[0]
cls.access_type = "user"
elif CONF.share.enable_cert_rules_for_protocols:
cls.protocol = CONF.share.enable_cert_rules_for_protocols[0]
cls.access_type = "cert"
elif CONF.share.enable_cephx_rules_for_protocols:
cls.protocol = CONF.share.enable_cephx_rules_for_protocols[0]
cls.access_type = "cephx"
cls.shares_v2_client.share_protocol = cls.protocol
int_range = range(20, 50)
cls.access_to = {
# list of unique values is required for ability to create lots
# of access rules for one share using different API microversions.
'ip': set([utils.rand_ipv6_ip() for i in int_range]),
# following users are fakes and access rules that use it are
# expected to fail, but they are used only for API testing.
'user': ['foo_user_%d' % i for i in int_range],
'cert': ['tenant_%d.example.com' % i for i in int_range],
'cephx': ['eve%d' % i for i in int_range],
}
# create share type
cls.share_type = cls._create_share_type()
cls.share_type_id = cls.share_type['id']
# create share
cls.share = cls.create_share(share_type_id=cls.share_type_id)
cls.md1 = {"key1": "value1", "key2": "value2"}
cls.access = cls.shares_v2_client.create_access_rule(
cls.share["id"],
cls.access_type,
cls.access_to[cls.access_type].pop(),
'rw',
metadata=cls.md1)
def test_create_delete_access_rule_with_cidr(self, version, ip_version):
if ip_version == 4:
access_to = utils.rand_ip(network=True)
else:
access_to = utils.rand_ipv6_ip(network=True)
if utils.is_microversion_le(version, '2.9'):
client = self.shares_client
else:
client = self.shares_v2_client
# create rule
rule = self.allow_access(self.share["id"],
client=client,
access_type=self.access_type,
access_to=access_to,
version=version)
for key in ('deleted', 'deleted_at', 'instance_mappings'):
self.assertNotIn(key, rule.keys())
self.assertEqual('rw', rule['access_level'])
