def test_cloud_admin_get_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server( self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id server_cloud = novautils.get_server(self.nova_cloud_client, server_cloud_id) self.assertTrue(server_cloud_admin, server_cloud) server_project = novautils.get_server(self.nova_project_admin_client, server_project_id) self.assertTrue(server_project_admin, server_project) self.assertAnyRaise(lambda: novautils.get_server( self.other_nova_project_admin_client, server_project_id)) novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id)
def test_cloud_admin_get_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server(self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id server_cloud = novautils.get_server(self.nova_cloud_client, server_cloud_id) self.assertTrue(server_cloud_admin , server_cloud) server_project = novautils.get_server(self.nova_project_admin_client, server_project_id) self.assertTrue(server_project_admin , server_project) self.assertAnyRaise(lambda: novautils.get_server(self.other_nova_project_admin_client, server_project_id)) novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id)
def test_cloud_admin_create_server(self): server = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_id = server.id ## Member de outro projeto nao pode mata-la self.assertAnyRaise(lambda: novautils.delete_server( self.other_nova_member_client, server_id)) self.assertAnyRaise(lambda: novautils.delete_server( self.other_project_admin, server_id)) novautils.delete_server(self.nova_cloud_client, server_id)
def test_cloud_admin_list_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server( self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) servers = novautils.get_all_servers(self.nova_cloud_client) self.assertTrue(server_cloud_admin in servers) self.assertTrue(server_project_admin in servers) servers_member_same_project = novautils.get_all_servers( self.nova_member_client) self.assertTrue(server_cloud_admin in servers_member_same_project) self.assertTrue(server_project_admin in servers_member_same_project) servers_member_other_project = novautils.get_all_servers( self.other_nova_member_client) self.assertFalse(server_cloud_admin in servers_member_other_project) self.assertFalse(server_project_admin in servers_member_other_project) servers_same_project = novautils.get_all_servers( self.nova_project_admin_client) self.assertTrue(server_cloud_admin in servers_same_project) self.assertTrue(server_project_admin in servers_same_project) servers_another_project = novautils.get_all_servers( self.other_nova_project_admin_client) self.assertFalse(server_cloud_admin in servers_another_project) self.assertFalse(server_project_admin in servers_another_project) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id)
def test_cloud_admin_list_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server(self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) servers = novautils.get_all_servers(self.nova_cloud_client) self.assertTrue(server_cloud_admin in servers) self.assertTrue(server_project_admin in servers) servers_member_same_project = novautils.get_all_servers(self.nova_member_client) self.assertTrue(server_cloud_admin in servers_member_same_project) self.assertTrue(server_project_admin in servers_member_same_project) servers_member_other_project = novautils.get_all_servers(self.other_nova_member_client) self.assertFalse(server_cloud_admin in servers_member_other_project) self.assertFalse(server_project_admin in servers_member_other_project) servers_same_project = novautils.get_all_servers(self.nova_project_admin_client) self.assertTrue(server_cloud_admin in servers_same_project) self.assertTrue(server_project_admin in servers_same_project) servers_another_project = novautils.get_all_servers(self.other_nova_project_admin_client) self.assertFalse(server_cloud_admin in servers_another_project) self.assertFalse(server_project_admin in servers_another_project) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id)
def test_cloud_admin_create_server(self): server = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_id = server.id ## Member de outro projeto nao pode mata-la self.assertAnyRaise(lambda: novautils.delete_server(self.other_nova_member_client, server_id)) self.assertAnyRaise(lambda: novautils.delete_server(self.other_project_admin, server_id)) novautils.delete_server(self.nova_cloud_client, server_id)
class NovaPolicyTests(unittest.TestCase): PROJECT = "Project" OTHER_PROJECT = "OtherProject" CLOUD_ADMIN_ROLE = "cloud_admin" CLOUD_ADMIN_PASSWD = "stack123" CLOUD_ADMIN_USER = "******" CLOUD_ADMIN_OTHER_USER = "******" PROJECT_ADMIN_ROLE = "project_admin" PROJECT_ADMIN_PASSWD = "stack123" PROJECT_ADMIN_USER = "******" PROJECT_ADMIN_OTHER_USER = "******" PROJECT_MEMBER_ROLE = "project_member" PROJECT_MEMBER_PASSWD = "stack123" PROJECT_MEMBER_USER = "******" PROJECT_MEMBER_OTHER_USER = "******" ADMIN_USER = "******" ADMIN_PASSWD = "supersecret" ADMIN_PROJECT = "admin" ADMIN_PROJECT_DOMAIN = "Default" ADMIN_DOMAIN = "Default" MY_SERVER_PASSWORD = "******" OTHER_SERVER_PASSWORD = "******" LAST_SERVER_PASSWORD = "******" # Increment every execution COUNT = '1' KEYSTONE_AUTH_URL = "http://10.1.0.68:5000" NOVA_AUTH_URL = "http://10.1.0.68:8774" # Authenticate with admin admin_client = keystoneutils.create_client( "2", username=ADMIN_USER, password=ADMIN_PASSWD, project_name=ADMIN_PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) project = keystoneutils.create_project(admin_client, PROJECT) other_project = keystoneutils.create_project(admin_client, OTHER_PROJECT) cloud_admin_role = keystoneutils.create_role(admin_client, CLOUD_ADMIN_ROLE) cloud_admin = keystoneutils.create_user(admin_client, CLOUD_ADMIN_USER, CLOUD_ADMIN_PASSWD, '', project.id) other_cloud_admin = keystoneutils.create_user(admin_client, CLOUD_ADMIN_OTHER_USER, CLOUD_ADMIN_PASSWD, '', other_project.id) keystoneutils.grant_project_role(admin_client, role=cloud_admin_role, user=cloud_admin, project=project) keystoneutils.grant_project_role(admin_client, role=cloud_admin_role, user=other_cloud_admin, project=other_project) project_admin_role = keystoneutils.create_role(admin_client, PROJECT_ADMIN_ROLE) project_admin = keystoneutils.create_user(admin_client, PROJECT_ADMIN_USER, PROJECT_ADMIN_PASSWD, '', project.id) other_project_admin = keystoneutils.create_user(admin_client, PROJECT_ADMIN_OTHER_USER, PROJECT_ADMIN_PASSWD, '', other_project.id) keystoneutils.grant_project_role(admin_client, project_admin_role, project_admin, project) keystoneutils.grant_project_role(admin_client, project_admin_role, project_admin, other_project) project_member_role = keystoneutils.create_role(admin_client, PROJECT_MEMBER_ROLE) project_member = keystoneutils.create_user(admin_client, PROJECT_MEMBER_USER, PROJECT_MEMBER_PASSWD, '', project.id) other_project_member = keystoneutils.create_user( admin_client, PROJECT_MEMBER_OTHER_USER, PROJECT_MEMBER_PASSWD, '', other_project.id) keystoneutils.grant_project_role(admin_client, project_member_role, project_member, project) keystoneutils.grant_project_role(admin_client, project_member_role, other_project_member, other_project) cloud_client = keystoneutils.create_client( "2", username=CLOUD_ADMIN_USER, password=CLOUD_ADMIN_PASSWD, project_name=PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) other_cloud_client = keystoneutils.create_client( "2", username=CLOUD_ADMIN_OTHER_USER, password=CLOUD_ADMIN_PASSWD, project_name=OTHER_PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) project_client = keystoneutils.create_client( "2", username=PROJECT_ADMIN_USER, password=PROJECT_ADMIN_PASSWD, project_name=PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) other_project_client = keystoneutils.create_client( "2", username=PROJECT_ADMIN_OTHER_USER, password=PROJECT_ADMIN_PASSWD, project_name=OTHER_PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) member_client = keystoneutils.create_client( "2", username=PROJECT_MEMBER_USER, password=PROJECT_MEMBER_PASSWD, project_name=PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) other_member_client = keystoneutils.create_client( "2", username=PROJECT_MEMBER_OTHER_USER, password=PROJECT_MEMBER_PASSWD, project_name=OTHER_PROJECT, project_domain_name=ADMIN_PROJECT_DOMAIN, user_domain_name=ADMIN_DOMAIN, auth_url=KEYSTONE_AUTH_URL) ADMIN_PROJECT_ID = keystoneutils.find_project(admin_client, ADMIN_PROJECT).id PROJECT_ID = keystoneutils.find_project(admin_client, PROJECT).id OTHER_PROJECT_ID = keystoneutils.find_project(admin_client, OTHER_PROJECT).id #create_client(username, password, project_name, auth_url): nova_admin_client = novautils.create_client(username=ADMIN_USER, password=ADMIN_PASSWD, projectid=ADMIN_PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") nova_cloud_client = novautils.create_client(username=CLOUD_ADMIN_USER, password=CLOUD_ADMIN_PASSWD, projectid=PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") nova_other_cloud_client = novautils.create_client( username=CLOUD_ADMIN_OTHER_USER, password=CLOUD_ADMIN_PASSWD, projectid=OTHER_PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") nova_project_admin_client = novautils.create_client( username=PROJECT_ADMIN_USER, password=PROJECT_ADMIN_PASSWD, projectid=PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") other_nova_project_admin_client = novautils.create_client( username=PROJECT_ADMIN_OTHER_USER, password=PROJECT_ADMIN_PASSWD, projectid=OTHER_PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") nova_member_client = novautils.create_client( username=PROJECT_MEMBER_USER, password=PROJECT_MEMBER_PASSWD, projectid=PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") other_nova_member_client = novautils.create_client( username=PROJECT_MEMBER_OTHER_USER, password=PROJECT_MEMBER_PASSWD, projectid=OTHER_PROJECT_ID, auth_url=KEYSTONE_AUTH_URL + "/v2.0") FLAVOR_TINY_ID = "1" FLAVOR_SMALL_ID = "2" FLAVOR_NAME = "MY_FLAVOR" FLAVOR_ID = "11" OTHER_FLAVOR_NAME = "MY_OTHER_FLAVOR" OTHER_FLAVOR_ID = "111" LAST_FLAVOR_NAME = "MY_LAST_FLAVOR" LAST_FLAVOR_ID = "1111" FLAVOR_RAM = 1024 FLAVOR_VCPUS = 1 FLAVOR_DISK = 1024 IMAGE_ID = 'cc24a286-edc7-40ad-9923-994f6f3588bf' CLOUD_ADMIN_SERVER = "Cloud_admin_server" + COUNT PROJECT_ADMIN_SERVER = "Project_admin_server" + COUNT PROJECT_MEMBER_SERVER = "Project_member_server" + COUNT SERVER_MEMBER = novautils.create_server(nova_cloud_client, PROJECT_MEMBER_SERVER, IMAGE_ID, FLAVOR_TINY_ID) time.sleep(60) def assertAnyRaise(self, callableObj): try: callableObj() except: return raise AssertionError('Should have raised an exception') ################################### ### FLAVORS ################################### # Create and remove Flavor def test_project_admin_create_delete_flavors(self): novautils.create_flavor(self.nova_project_admin_client, self.FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.FLAVOR_ID) novautils.get_all_flavors(self.nova_project_admin_client) novautils.delete_flavor(self.nova_project_admin_client, self.FLAVOR_ID) def test_cloud_admin_create_delete_flavors(self): novautils.create_flavor(self.nova_cloud_client, self.OTHER_FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.OTHER_FLAVOR_ID) novautils.delete_flavor(self.nova_cloud_client, self.OTHER_FLAVOR_ID) def test_project_member_create_delete_flavors(self): self.assertAnyRaise(lambda: novautils.create_flavor( self.other_nova_member_client, self.LAST_FLAVOR_NAME, self. FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self. LAST_FLAVOR_ID)) self.assertAnyRaise(lambda: novautils.delete_flavor( self.other_nova_member_client, self.LAST_FLAVOR_ID)) # List def test_list_flavors(self): novautils.get_all_flavors(self.nova_project_admin_client) novautils.get_all_flavors(self.nova_cloud_client) novautils.get_all_flavors(self.other_nova_member_client) # Flavor Detail def test_get_public_flavor(self): novautils.get_flavor(self.nova_project_admin_client, self.FLAVOR_TINY_ID) novautils.get_flavor(self.nova_cloud_client, self.FLAVOR_TINY_ID) novautils.get_flavor(self.other_nova_member_client, self.FLAVOR_TINY_ID) def test_get_private_flavor_project_member(self): novautils.get_all_flavors(self.nova_cloud_client) novautils.create_flavor(self.nova_cloud_client, self.LAST_FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.LAST_FLAVOR_ID, public=False) #The cloud admin can give access novautils.add_flavor_tenant_access(self.nova_cloud_client, self.LAST_FLAVOR_ID, self.PROJECT_ID) # Any member can get the details novautils.get_flavor(self.nova_cloud_client, self.LAST_FLAVOR_ID) novautils.get_flavor(self.nova_project_admin_client, self.LAST_FLAVOR_ID) # A member from another project cannot access self.assertAnyRaise(lambda: novautils.get_flavor( self.other_nova_member_client, self.LAST_FLAVOR_ID)) novautils.delete_flavor(self.nova_cloud_client, self.LAST_FLAVOR_ID) def test_add_access_private_flavor(self): novautils.create_flavor(self.nova_cloud_client, self.OTHER_FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.LAST_FLAVOR_ID, public=False) #The project admin can give access novautils.add_flavor_tenant_access(self.nova_project_admin_client, self.LAST_FLAVOR_ID, self.PROJECT_ID) novautils.list_flavor_tenant_access(self.nova_cloud_client, flavor=self.LAST_FLAVOR_ID) #The project member can't give access self.assertAnyRaise(lambda: novautils.add_flavor_tenant_access( self.nova_member_client, self.LAST_FLAVOR_ID, self.PROJECT_ID)) self.assertAnyRaise(lambda: novautils.get_flavor( self.other_nova_member_client, self.LAST_FLAVOR_ID)) novautils.get_flavor(self.nova_member_client, self.LAST_FLAVOR_ID) novautils.delete_flavor(self.nova_cloud_client, self.LAST_FLAVOR_ID) def test_remove_access_private_flavor(self): novautils.create_flavor(self.nova_cloud_client, self.OTHER_FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.OTHER_FLAVOR_ID, public=False) #The project admin can give access novautils.add_flavor_tenant_access(self.nova_project_admin_client, self.OTHER_FLAVOR_ID, self.PROJECT_ID) #The cloud admin can give access novautils.add_flavor_tenant_access(self.nova_cloud_client, self.OTHER_FLAVOR_ID, self.OTHER_PROJECT_ID) #The project member can't remove access self.assertAnyRaise(lambda: novautils.remove_flavor_tenant_access( self.nova_member_client, self.OTHER_FLAVOR_ID, self.PROJECT_ID)) #The project admin can remove access novautils.remove_flavor_tenant_access(self.nova_project_admin_client, self.OTHER_FLAVOR_ID, self.PROJECT_ID) #The cloud admin can remove access novautils.remove_flavor_tenant_access(self.nova_cloud_client, self.OTHER_FLAVOR_ID, self.OTHER_PROJECT_ID) #The cloud gives access and the project admin deletes the flavor novautils.add_flavor_tenant_access(self.nova_cloud_client, self.OTHER_FLAVOR_ID, self.OTHER_PROJECT_ID) novautils.delete_flavor(self.nova_project_admin_client, self.OTHER_FLAVOR_ID) def test_list_private_flavor_info(self): novautils.create_flavor(self.nova_cloud_client, self.LAST_FLAVOR_NAME, self.FLAVOR_RAM, self.FLAVOR_VCPUS, self.FLAVOR_DISK, self.LAST_FLAVOR_ID, public=False) #The cloud admin gives access novautils.add_flavor_tenant_access(self.nova_cloud_client, self.LAST_FLAVOR_ID, self.PROJECT_ID) novautils.list_flavor_tenant_access(self.nova_cloud_client, flavor=self.LAST_FLAVOR_ID) # A project admin can list novautils.list_flavor_tenant_access(self.nova_project_admin_client, flavor=self.LAST_FLAVOR_ID) # A member from the project cannot list self.assertAnyRaise(lambda: novautils.list_flavor_tenant_access( self.nova_member_client, flavor=self.LAST_FLAVOR_ID)) novautils.delete_flavor(self.nova_cloud_client, self.LAST_FLAVOR_ID) ######################### ### SERVERS ######################### ### LIST def test_cloud_admin_list_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server( self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) servers = novautils.get_all_servers(self.nova_cloud_client) self.assertTrue(server_cloud_admin in servers) self.assertTrue(server_project_admin in servers) servers_member_same_project = novautils.get_all_servers( self.nova_member_client) self.assertTrue(server_cloud_admin in servers_member_same_project) self.assertTrue(server_project_admin in servers_member_same_project) servers_member_other_project = novautils.get_all_servers( self.other_nova_member_client) self.assertFalse(server_cloud_admin in servers_member_other_project) self.assertFalse(server_project_admin in servers_member_other_project) servers_same_project = novautils.get_all_servers( self.nova_project_admin_client) self.assertTrue(server_cloud_admin in servers_same_project) self.assertTrue(server_project_admin in servers_same_project) servers_another_project = novautils.get_all_servers( self.other_nova_project_admin_client) self.assertFalse(server_cloud_admin in servers_another_project) self.assertFalse(server_project_admin in servers_another_project) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id) ### GET def test_cloud_admin_get_server(self): server_cloud_admin = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_project_admin = novautils.create_server( self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_cloud_id = server_cloud_admin.id server_project_id = server_project_admin.id server_cloud = novautils.get_server(self.nova_cloud_client, server_cloud_id) self.assertTrue(server_cloud_admin, server_cloud) server_project = novautils.get_server(self.nova_project_admin_client, server_project_id) self.assertTrue(server_project_admin, server_project) self.assertAnyRaise(lambda: novautils.get_server( self.other_nova_project_admin_client, server_project_id)) novautils.delete_server(self.nova_project_admin_client, server_project_id) novautils.delete_server(self.nova_cloud_client, server_cloud_id) ### CREATE def test_cloud_admin_create_server(self): server = novautils.create_server(self.nova_cloud_client, self.CLOUD_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_id = server.id ## Member de outro projeto nao pode mata-la self.assertAnyRaise(lambda: novautils.delete_server( self.other_nova_member_client, server_id)) self.assertAnyRaise(lambda: novautils.delete_server( self.other_project_admin, server_id)) novautils.delete_server(self.nova_cloud_client, server_id) def test_project_admin_create_server(self): server = novautils.create_server(self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_id = server.id ## Member de outro projeto nao pode mata-la self.assertAnyRaise(lambda: novautils.delete_server( self.other_nova_member_client, server_id)) self.assertAnyRaise(lambda: novautils.delete_server( self.other_project_admin, server_id)) novautils.delete_server(self.nova_project_admin_client, server_id) def test_cloud_admin_delete_server(self): server = novautils.create_server(self.nova_project_admin_client, self.PROJECT_ADMIN_SERVER, self.IMAGE_ID, self.FLAVOR_TINY_ID) server_id = server.id ## Member de outro projeto nao pode mata-la self.assertAnyRaise(lambda: novautils.delete_server( self.other_nova_member_client, server_id)) self.assertAnyRaise(lambda: novautils.delete_server( self.other_project_admin, server_id)) novautils.delete_server(self.nova_cloud_client, server_id) def test_project_admin_list_servers(self): novautils.get_all_servers(self.nova_project_admin_client) def test_cloud_admin_list_servers(self): novautils.get_all_servers(self.nova_cloud_client) def test_project_member_list_servers(self): novautils.get_all_servers(self.other_nova_member_client) ######################### ### SERVER ACTIONS ######################### def test_resize(self): wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) #Everyone on the project can reboot novautils.resize(self.nova_member_client, self.SERVER_MEMBER, self.FLAVOR_SMALL_ID) wait_for_verify_resize(self.nova_cloud_client, self.SERVER_MEMBER) novautils.confirm_resize(self.nova_cloud_client, self.SERVER_MEMBER) novautils.start(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.pause(self.nova_member_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "PAUSED") novautils.resize(self.nova_cloud_client, self.SERVER_MEMBER, self.FLAVOR_TINY_ID) novautils.confirm_resize(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) # Member from another project can't self.assertAnyRaise( lambda: novautils.resize(self.other_member_client, self. SERVER_MEMBER, self.FLAVOR_SMALL_ID)) def test_stop_start(self): print 'test_stop' wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.stop(self.nova_member_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "SHUTOFF") novautils.start(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "ACTIVE") # From other project can' do self.assertAnyRaise(lambda: novautils.stop(self.other_member_client, self.SERVER_MEMBER)) self.assertAnyRaise(lambda: novautils.start( self.other_nova_project_admin_client, self.SERVER_MEMBER)) def test_pause_unpause(self): print 'test_pause_unpause' # Member can, since he is the owner wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.pause(self.nova_member_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "PAUSED") self.assertTrue(self.SERVER_MEMBER.status == "PAUSED") novautils.unpause(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "ACTIVE") # From other project can' do self.assertAnyRaise(lambda: novautils.pause(self.other_member_client, self.SERVER_MEMBER)) self.assertAnyRaise(lambda: novautils.unpause( self.other_nova_project_admin_client, self.SERVER_MEMBER)) def test_suspend_resume(self): print 'test_suspend_resume' wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.suspend(self.nova_member_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "SUSPENDED") novautils.resume(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "ACTIVE") # From other project can' do self.assertAnyRaise(lambda: novautils.suspend(self.other_member_client, self.SERVER_MEMBER)) self.assertAnyRaise(lambda: novautils.resume( self.other_nova_project_admin_client, self.SERVER_MEMBER)) def test_lock_unlock(self): print 'test_lock_unlock' wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.lock(self.nova_member_client, self.SERVER_MEMBER) #wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "LOCKED") #self.assertTrue(self.SERVER_MEMBER.status == "LOCKED") novautils.unlock(self.nova_cloud_client, self.SERVER_MEMBER) #wait_for_status(self.nova_cloud_client, self.SERVER_MEMBER, "ACTIVE") #self.assertTrue(self.SERVER_MEMBER.status == "ACTIVE") # From other project can' do self.assertAnyRaise(lambda: novautils.lock(self.other_member_client, self.SERVER_MEMBER)) self.assertAnyRaise(lambda: novautils.unlock( self.other_nova_project_admin_client, self.SERVER_MEMBER)) def test_reboot(self): wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) #Everyone on the project can reboot novautils.reboot(self.nova_member_client, self.SERVER_MEMBER) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.reboot(self.nova_cloud_client, self.SERVER_MEMBER) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) # Member from another project can't self.assertAnyRaise(lambda: novautils.reboot(self.other_member_client, self.SERVER_MEMBER)) def test_rebuild(self): wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) #Everyone on the project can reboot novautils.rebuild(self.nova_member_client, self.SERVER_MEMBER, self.IMAGE_ID) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) novautils.rebuild(self.nova_cloud_client, self.SERVER_MEMBER, self.IMAGE_ID) wait_for_active(self.nova_cloud_client, self.SERVER_MEMBER) # Member from another project can't self.assertAnyRaise(lambda: novautils.rebuild( self.other_member_client, self.SERVER_MEMBER, self.IMAGE_ID)) ################## ### HOSTS ################### def test_list_hosts(self): # Cloud Admin and project Admin can novautils.host_list(self.nova_cloud_client) novautils.host_list(self.nova_project_admin_client) # Member can't do self.assertAnyRaise( lambda: novautils.host_list(self.other_member_client)) def test_get_host(self): # Cloud Admin and project Admin can lista_hosts = novautils.host_list(self.nova_cloud_client) host = lista_hosts[0].host_name novautils.get_host(self.nova_cloud_client, host) novautils.get_host(self.nova_project_admin_client, host) # Member can't do self.assertAnyRaise( lambda: novautils.get_host(self.other_member_client, host)) def test_host_actions(self): # Cloud Admin and project Admin can lista_hosts = novautils.host_list(self.nova_cloud_client) host = lista_hosts[0].host_name # Member can't do self.assertAnyRaise( lambda: novautils.start_host(self.nova_cloud_client, host)) # Member can't do self.assertAnyRaise( lambda: novautils.shutdown_host(self.nova_cloud_client, host)) # Member can't do self.assertAnyRaise( lambda: novautils.reboot_host(self.nova_cloud_client, host))