Source code for compute.admin.test_quotas_negative

# Copyright 2014 NEC Corporation.  All rights reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import testtools

from tempest.api.compute import base
from tempest.common import utils
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc

CONF = config.CONF


[docs] class QuotasAdminNegativeTestBase(base.BaseV2ComputeAdminTest): force_tenant_isolation = True @classmethod def setup_clients(cls): super(QuotasAdminNegativeTestBase, cls).setup_clients() cls.client = cls.os_primary.quotas_client cls.adm_client = cls.os_admin.quotas_client cls.sg_client = cls.security_groups_client cls.sgr_client = cls.security_group_rules_client @classmethod def resource_setup(cls): super(QuotasAdminNegativeTestBase, cls).resource_setup() # NOTE(afazekas): these test cases should always create and use a new # tenant most of them should be skipped if we can't do that cls.demo_tenant_id = cls.client.tenant_id def _update_quota(self, quota_item, quota_value): quota_set = (self.adm_client.show_quota_set(self.demo_tenant_id) ['quota_set']) default_quota_value = quota_set[quota_item] self.adm_client.update_quota_set(self.demo_tenant_id, force=True, **{quota_item: quota_value}) self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id, **{quota_item: default_quota_value})
[docs] class QuotasAdminNegativeTest(QuotasAdminNegativeTestBase): """Negative tests of nova quotas"""
[docs] @decorators.attr(type=['negative']) @decorators.idempotent_id('733abfe8-166e-47bb-8363-23dbd7ff3476') def test_update_quota_normal_user(self): """Test updating nova quota by normal user should fail""" self.assertRaises(lib_exc.Forbidden, self.client.update_quota_set, self.demo_tenant_id, ram=0)
# TODO(afazekas): Add dedicated tenant to the skipped quota tests. # It can be moved into the setUpClass as well.
[docs] @decorators.attr(type=['negative']) @decorators.idempotent_id('91058876-9947-4807-9f22-f6eb17140d9b') @testtools.skipIf(CONF.compute_feature_enabled.unified_limits, 'Legacy quota update not available with unified limits') def test_create_server_when_cpu_quota_is_full(self): """Disallow server creation when tenant's vcpu quota is full""" self._update_quota('cores', 0) self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit), self.create_test_server)
[docs] @decorators.attr(type=['negative']) @decorators.idempotent_id('6fdd7012-584d-4327-a61c-49122e0d5864') @testtools.skipIf(CONF.compute_feature_enabled.unified_limits, 'Legacy quota update not available with unified limits') def test_create_server_when_memory_quota_is_full(self): """Disallow server creation when tenant's memory quota is full""" self._update_quota('ram', 0) self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit), self.create_test_server)
[docs] @decorators.attr(type=['negative']) @decorators.idempotent_id('7c6be468-0274-449a-81c3-ac1c32ee0161') @testtools.skipIf(CONF.compute_feature_enabled.unified_limits, 'Legacy quota update not available with unified limits') def test_create_server_when_instances_quota_is_full(self): """Once instances quota limit is reached, disallow server creation""" self._update_quota('instances', 0) self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit), self.create_test_server)
[docs] class QuotasSecurityGroupAdminNegativeTest(QuotasAdminNegativeTestBase): """Negative tests of nova security group quota""" max_microversion = '2.35'
[docs] @decorators.skip_because(bug="1186354", condition=CONF.service_available.neutron) @decorators.attr(type=['negative']) @decorators.idempotent_id('7c6c8f3b-2bf6-4918-b240-57b136a66aa0') @utils.services('network') def test_security_groups_exceed_limit(self): """Negative test: Creation Security Groups over limit should FAIL""" # Set the quota to number of used security groups sg_quota = self.limits_client.show_limits()['limits']['absolute'][ 'totalSecurityGroupsUsed'] self._update_quota('security_groups', sg_quota) # Check we cannot create anymore # A 403 Forbidden or 413 Overlimit (old behaviour) exception # will be raised when out of quota self.assertRaises((lib_exc.Forbidden, lib_exc.OverLimit), self.sg_client.create_security_group, name="sg-overlimit", description="sg-desc")
[docs] @decorators.skip_because(bug="1186354", condition=CONF.service_available.neutron) @decorators.attr(type=['negative']) @decorators.idempotent_id('6e9f436d-f1ed-4f8e-a493-7275dfaa4b4d') @utils.services('network') def test_security_groups_rules_exceed_limit(self): """Negative test: Creation of Security Group Rules should FAIL""" # when we reach limit maxSecurityGroupRules self._update_quota('security_group_rules', 0) prefix = CONF.resource_name_prefix s_name = data_utils.rand_name(prefix=prefix, name='securitygroup') s_description = data_utils.rand_name(prefix=prefix, name='description') securitygroup = self.sg_client.create_security_group( name=s_name, description=s_description)['security_group'] self.addCleanup(self.sg_client.delete_security_group, securitygroup['id']) secgroup_id = securitygroup['id'] ip_protocol = 'tcp' # Check we cannot create SG rule anymore # A 403 Forbidden or 413 Overlimit (old behaviour) exception # will be raised when out of quota self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden), self.sgr_client.create_security_group_rule, parent_group_id=secgroup_id, ip_protocol=ip_protocol, from_port=1025, to_port=1025)