From d17360cf83afda9655990a5dd3575aaf0f82c427 Mon Sep 17 00:00:00 2001 From: Daan Hoogland Date: Fri, 26 Feb 2021 13:18:59 +0100 Subject: [PATCH] cleanup and fix autoindent issues --- .../component/test_acl_isolatednetwork.py | 1315 ++++++++--------- 1 file changed, 644 insertions(+), 671 deletions(-) diff --git a/test/integration/component/test_acl_isolatednetwork.py b/test/integration/component/test_acl_isolatednetwork.py index 403061ef0b5..3dbc3138e29 100644 --- a/test/integration/component/test_acl_isolatednetwork.py +++ b/test/integration/component/test_acl_isolatednetwork.py @@ -55,13 +55,12 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.testclient = super(TestIsolatedNetwork, cls).getClsTestClient() cls.apiclient = cls.testclient.getApiClient() - # cls.acldata = Services().services cls.testdata = cls.testClient.getParsedTestDataConfig() cls.acldata = cls.testdata["acl"] cls.acldata["network"]["vlan"] = None cls.domain_1 = None cls.domain_2 = None - cls.cleanup = [] + cls._cleanup = [] try: # backup default apikey and secretkey @@ -73,6 +72,7 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.apiclient, cls.acldata["domain1"] ) + cls.domain_11 = Domain.create( cls.apiclient, cls.acldata["domain11"], @@ -230,6 +230,7 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.acldata["accountROOTA"], admin=False, ) + cls._cleanup.append(cls.account_roota) user = cls.generateKeysForUser(cls.apiclient, cls.account_roota) cls.user_roota_apikey = user.apikey @@ -240,6 +241,7 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.acldata["accountROOT"], admin=True, ) + cls._cleanup.append(cls.account_root) user = cls.generateKeysForUser(cls.apiclient, cls.account_root) cls.user_root_apikey = user.apikey @@ -250,6 +252,7 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.apiclient, cls.acldata["service_offering"]["small"] ) + cls._cleanup.append(cls.service_offering) cls.zone = get_zone(cls.apiclient, cls.testclient.getZoneForTests()) cls.acldata['mode'] = cls.zone.networktype @@ -321,35 +324,31 @@ class TestIsolatedNetwork(cloudstackTestCase): cls.network_d2a = cls.createNetwork(cls.apiclient, cls.account_d2a, cls.isolated_network_offering_id, cls.zone) cls.createVM(cls.apiclient, cls.zone.id, cls.service_offering.id, cls.template.id, cls.network_d2a.id) - cls.cleanup = [ - cls.account_root, - cls.account_roota, - cls.service_offering, - ] except Exception as e: cls.domain_1.delete(cls.apiclient, cleanup="true") cls.domain_2.delete(cls.apiclient, cleanup="true") - cleanup_resources(cls.apiclient, cls.cleanup) + super(TestIsolatedNetwork,cls).tearDownClass() raise Exception("Failed to create the setup required to execute the test cases: %s" % e) @classmethod def tearDownClass(cls): + # TODO more cleanup could be done in this class and in a more elegant way cls.apiclient = super(TestIsolatedNetwork, cls).getClsTestClient().getApiClient() cls.apiclient.connection.apiKey = cls.default_apikey cls.apiclient.connection.securityKey = cls.default_secretkey cls.domain_1.delete(cls.apiclient, cleanup="true") cls.domain_2.delete(cls.apiclient, cleanup="true") - cleanup_resources(cls.apiclient, cls.cleanup) + super(TestIsolatedNetwork,cls).tearDownClass() return - def setUp(cls): - cls.apiclient = cls.testClient.getApiClient() - cls.dbclient = cls.testClient.getDbConnection() + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.dbclient = self.testClient.getDbConnection() - def tearDown(cls): + def tearDown(self): # restore back default apikey and secretkey - cls.apiclient.connection.apiKey = cls.default_apikey - cls.apiclient.connection.securityKey = cls.default_secretkey + self.apiclient.connection.apiKey = self.default_apikey + self.apiclient.connection.securityKey = self.default_secretkey return ## Test cases relating to createNetwork as admin user @@ -376,213 +375,40 @@ class TestIsolatedNetwork(cloudstackTestCase): True, "Admin User is not able to create a network for himself") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_02_createNetwork_admin_foruserinsamedomain(self): + """ + # Validate that Admin should be able to create network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + self.acldata["network"]["name"] = "root_roota" + self.acldata["network"]["displayname"] = "root_roota" -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_02_createNetwork_admin_foruserinsamedomain(self): - """ - # Validate that Admin should be able to create network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - self.acldata["network"]["name"] = "root_roota" - self.acldata["network"]["displayname"] = "root_roota" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id, - accountid=self.account_roota.name, - domainid=self.account_roota.domainid - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "Admin User is not able to create a network for other users in his domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_03_createNetwork_admin_foruserinotherdomain(self): - """ - # Validate that Admin should be able to create network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - self.acldata["network"]["name"] = "root_d11a" - self.acldata["network"]["displayname"] = "root_d11a" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id, - accountid=self.account_d11a.name, - domainid=self.account_d11a.domainid - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "Admin User is not able to create a network for for other users in other domain") - - -## Test cases relating to createNetwork as domain admin user - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_04_createNetwork_domaindmin(self): - """ - # Validate that Domain admin should be able to create network for himslef - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - self.acldata["network"]["name"] = "d1" - self.acldata["network"]["displayname"] = "d1" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "Domain admin User is not able to create a network for himself") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_05_createNetwork_domaindmin_foruserinsamedomain(self): - """ - # Validate that Domain admin should be able to create network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - self.acldata["network"]["name"] = "d1-d1a" - self.acldata["network"]["displayname"] = "d1-d1a" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id, - accountid=self.account_d1a.name, - domainid=self.account_d1a.domainid - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "Domain admin User is not able to create a network for other users in his domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_06_createNetwork_domaindmin_foruserinsubdomain(self): - """ - # Validate that Domain admin should be able to create network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - self.acldata["network"]["name"] = "d1_d11a" - self.acldata["network"]["displayname"] = "d1_d11a" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id, - accountid=self.account_d11a.name, - domainid=self.account_d11a.domainid - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "Domain admin User is not able to create a network for other users in his sub domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_07_createNetwork_domaindmin_forcrossdomainuser(self): - """ - # Validate that Domain admin should not be able to create network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - self.acldata["network"]["name"] = "d1_d2a" - self.acldata["network"]["displayname"] = "d1_d2a" - try: network = Network.create( self.apiclient, self.acldata["network"], networkofferingid=self.isolated_network_offering_id, zoneid=self.zone.id, - accountid=self.account_d2a.name, - domainid=self.account_d2a.domainid + accountid=self.account_roota.name, + domainid=self.account_roota.domainid ) - self.fail("Domain admin is allowed to create network for users not in his domain ") - except Exception as e: - self.debug("When Domain admin tries to create network for users in his sub domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): - self.fail("Error message validation failed when Domain admin tries to create network for users not in his domain ") + + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "Admin User is not able to create a network for other users in his domain") -## Test cases relating to createNetwork as regular user + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_03_createNetwork_admin_foruserinotherdomain(self): + """ + # Validate that Admin should be able to create network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + self.acldata["network"]["name"] = "root_d11a" + self.acldata["network"]["displayname"] = "root_d11a" -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_08_createNetwork_user(self): - """ - # Validate that Regular should be able to create network for himslef - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - self.acldata["network"]["name"] = "d1a" - self.acldata["network"]["displayname"] = "d1a" - - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id - ) - - self.assertEqual(network.state.lower() == ALLOCATED.lower(), - True, - "User is not able to create a network for himself") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_09_createNetwork_user_foruserinsamedomain(self): - """ - # Validate that Regular user should NOT be able to create network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - self.acldata["network"]["name"] = "d1a_d1b" - self.acldata["network"]["displayname"] = "d1a_d1b" - - try: - network = Network.create( - self.apiclient, - self.acldata["network"], - networkofferingid=self.isolated_network_offering_id, - zoneid=self.zone.id, - accountid=self.account_d1b.name, - domainid=self.account_d1b.domainid - ) - self.fail("User is allowed to create network for other users in his domain ") - except Exception as e: - self.debug("When user tries to create network for users in his domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): - self.fail("Error message validation failed when when User tries to create network for other users in his domain ") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_10_createNetwork_user_foruserinotherdomain(self): - """ - # Validate that Domain admin should be NOT be able to create network for users in other domains - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - self.acldata["network"]["name"] = "d1a_d11a" - self.acldata["network"]["displayname"] = "d1a_d11a" - - try: network = Network.create( self.apiclient, self.acldata["network"], @@ -591,198 +417,243 @@ def test_10_createNetwork_user_foruserinotherdomain(self): accountid=self.account_d11a.name, domainid=self.account_d11a.domainid ) - self.fail("User is allowed to create network for users not in his domain ") -except Exception as e: -self.debug("When user tries to create network for users in other domain %s" % e) -if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): - self.fail("Error message validation failed when User tries to create network for users not in his domain ") + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "Admin User is not able to create a network for for other users in other domain") -## Test cases relating to Deploying VM in a network as admin user + ## Test cases relating to createNetwork as domain admin user -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_11_deployvm_admin(self): - """ - # Validate that Admin should be able to deploy VM in the networks he owns - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - vmData = {"name": "root-root", "dispayname": "root-root"} + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_04_createNetwork_domaindmin(self): + """ + # Validate that Domain admin should be able to create network for himslef + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + self.acldata["network"]["name"] = "d1" + self.acldata["network"]["displayname"] = "d1" - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_root.id - ) + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id + ) - self.assertEqual(vm.state.lower() == RUNNING.lower(), - True, - "Admin User is not able to deploy VM in his own network") + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "Domain admin User is not able to create a network for himself") -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_12_deployvm_admin_foruserinsamedomain(self): - """ - # Validate that Admin should be able to deploy Vm for users in his domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - vmData = {"name": "roota-root", "displayname": "roota-root"} + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_05_createNetwork_domaindmin_foruserinsamedomain(self): + """ + # Validate that Domain admin should be able to create network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + self.acldata["network"]["name"] = "d1-d1a" + self.acldata["network"]["displayname"] = "d1-d1a" - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_roota.id, - accountid=self.account_roota.name, - domainid=self.account_roota.domainid - ) + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id, + accountid=self.account_d1a.name, + domainid=self.account_d1a.domainid + ) - self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_roota.name and vm.domainid == self.account_roota.domainid, - True, - "Admin User is not able to deploy VM for users in his domain") + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "Domain admin User is not able to create a network for other users in his domain") -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_13_deployvm_admin_foruserinotherdomain(self): - """ - # Validate that Admin should be able to deploy VM for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - vmData = {"name": "d2a-root", "displayname": "d2a-root"} + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_06_createNetwork_domaindmin_foruserinsubdomain(self): + """ + # Validate that Domain admin should be able to create network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + self.acldata["network"]["name"] = "d1_d11a" + self.acldata["network"]["displayname"] = "d1_d11a" - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d2a.id, - accountid=self.account_d2a.name, - domainid=self.account_d2a.domainid - ) + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id, + accountid=self.account_d11a.name, + domainid=self.account_d11a.domainid + ) - self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d2a.name and vm.domainid == self.account_d2a.domainid, - True, - "Admin User is not able to deploy VM for users users in other domain") + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "Domain admin User is not able to create a network for other users in his sub domain") -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_13_1_deployvm_admin_foruserinotherdomain_crossnetwork(self): - """ - # Validate that Admin should not be able deploy VM for a user in a network that does not belong to the user - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - vmData = {"name": "d11a-root-invalidnetwork", "displayname": "d11a-root-invalidnetwork"} - try: + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_07_createNetwork_domaindmin_forcrossdomainuser(self): + """ + # Validate that Domain admin should not be able to create network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + self.acldata["network"]["name"] = "d1_d2a" + self.acldata["network"]["displayname"] = "d1_d2a" + try: + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id, + accountid=self.account_d2a.name, + domainid=self.account_d2a.domainid + ) + self.fail("Domain admin is allowed to create network for users not in his domain ") + except Exception as e: + self.debug("When Domain admin tries to create network for users in his sub domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): + self.fail("Error message validation failed when Domain admin tries to create network for users not in his domain ") + + ## Test cases relating to createNetwork as regular user + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_08_createNetwork_user(self): + """ + # Validate that Regular should be able to create network for himslef + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + self.acldata["network"]["name"] = "d1a" + self.acldata["network"]["displayname"] = "d1a" + + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id + ) + + self.assertEqual(network.state.lower() == ALLOCATED.lower(), + True, + "User is not able to create a network for himself") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_09_createNetwork_user_foruserinsamedomain(self): + """ + # Validate that Regular user should NOT be able to create network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + self.acldata["network"]["name"] = "d1a_d1b" + self.acldata["network"]["displayname"] = "d1a_d1b" + + try: + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id, + accountid=self.account_d1b.name, + domainid=self.account_d1b.domainid + ) + self.fail("User is allowed to create network for other users in his domain ") + except Exception as e: + self.debug("When user tries to create network for users in his domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): + self.fail("Error message validation failed when when User tries to create network for other users in his domain ") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_10_createNetwork_user_foruserinotherdomain(self): + """ + # Validate that Domain admin should be NOT be able to create network for users in other domains + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + self.acldata["network"]["name"] = "d1a_d11a" + self.acldata["network"]["displayname"] = "d1a_d11a" + + try: + self.debug("When user tries to create network for users in other domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): + self.fail("Error message validation failed when User tries to create network for users not in his domain ") + + network = Network.create( + self.apiclient, + self.acldata["network"], + networkofferingid=self.isolated_network_offering_id, + zoneid=self.zone.id, + accountid=self.account_d11a.name, + domainid=self.account_d11a.domainid + ) + self.fail("User is allowed to create network for users not in his domain ") + + except Exception as e: + self.debug("When user tries to create network for users in other domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): + self.fail("Error message validation failed when User tries to create network for users not in his domain ") + + ## Test cases relating to Deploying VM in a network as admin user + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_11_deployvm_admin(self): + """ + # Validate that Admin should be able to deploy VM in the networks he owns + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + vmData = {"name": "root-root", "dispayname": "root-root"} + vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, - networkids=self.network_d11b.id, - accountid=self.account_d11a.name, - domainid=self.account_d11a.domainid + networkids=self.network_root.id ) - self.fail("Admin is allowed to deploy VM for a user in a network that does not belong to the user ") - except Exception as e: - self.debug("When admin tries to deploy vm for users in network that does not belong to the user %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Admin tries to deploy VM for a user in a network that does not belong to the user ") + self.assertEqual(vm.state.lower() == RUNNING.lower(), + True, + "Admin User is not able to deploy VM in his own network") -## Test cases relating to deploying VM as domain admin user + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_12_deployvm_admin_foruserinsamedomain(self): + """ + # Validate that Admin should be able to deploy Vm for users in his domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + vmData = {"name": "roota-root", "displayname": "roota-root"} -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_14_deployvm_domaindmin(self): - """ - # Validate that Domain admin should be able to deploy vm for himslef - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - vmData = {"name": "d1-d1", "displayname": "d1-d1"} + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_roota.id, + accountid=self.account_roota.name, + domainid=self.account_roota.domainid + ) - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d1.id, - ) + self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_roota.name and vm.domainid == self.account_roota.domainid, + True, + "Admin User is not able to deploy VM for users in his domain") - self.assertEqual(vm.state.lower() == RUNNING.lower(), - True, - "Domain admin User is not able to deploy VM for himself") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_13_deployvm_admin_foruserinotherdomain(self): + """ + # Validate that Admin should be able to deploy VM for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + vmData = {"name": "d2a-root", "displayname": "d2a-root"} - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_15_deployvm_domaindmin_foruserinsamedomain(self): - """ - # Validate that Domain admin should be able to deploy vm for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - vmData = {"name": "d1a-d1", "displayname": "d1a-d1"} - - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d1a.id, - accountid=self.account_d1a.name, - domainid=self.account_d1a.domainid - ) - self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d1a.name and vm.domainid == self.account_d1a.domainid, - True, - "Domain admin User is not able to deploy VM for other users in his domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_16_deployvm_domaindmin_foruserinsubdomain(self): - """ - # Validate that Domain admin should be able to deploy vm for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - vmData = {"name": "d11a-d1", "displayname": "d111a-d1"} - - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d11a.id, - accountid=self.account_d11a.name, - domainid=self.account_d11a.domainid - ) - self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d11a.name and vm.domainid == self.account_d11a.domainid, - True, - "Domain admin User is not able to deploy vm for himself") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_17_deployvm_domaindmin_forcrossdomainuser(self): - """ - # Validate that Domain admin should not be able allowed to deploy vm for users not in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - vmData = {"name": "d2a-d1", "displayname": "d2a-d1"} - - try: vm = VirtualMachine.create( self.apiclient, vmData, @@ -793,349 +664,451 @@ def test_17_deployvm_domaindmin_forcrossdomainuser(self): accountid=self.account_d2a.name, domainid=self.account_d2a.domainid ) - self.fail("Domain admin is allowed to deploy vm for users not in hos domain ") - except Exception as e: - self.debug("When Domain admin tries to deploy vm for users in his sub domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): - self.fail("Error message validation failed when Domain admin tries to deploy vm for users not in hos domain ") + self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d2a.name and vm.domainid == self.account_d2a.domainid, + True, + "Admin User is not able to deploy VM for users users in other domain") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_13_1_deployvm_admin_foruserinotherdomain_crossnetwork(self): + """ + # Validate that Admin should not be able deploy VM for a user in a network that does not belong to the user + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + vmData = {"name": "d11a-root-invalidnetwork", "displayname": "d11a-root-invalidnetwork"} + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d11b.id, + accountid=self.account_d11a.name, + domainid=self.account_d11a.domainid + ) + self.fail("Admin is allowed to deploy VM for a user in a network that does not belong to the user ") + except Exception as e: + self.debug("When admin tries to deploy vm for users in network that does not belong to the user %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Admin tries to deploy VM for a user in a network that does not belong to the user ") + + ## Test cases relating to deploying VM as domain admin user + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_14_deployvm_domaindmin(self): + """ + # Validate that Domain admin should be able to deploy vm for himslef + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + vmData = {"name": "d1-d1", "displayname": "d1-d1"} -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_17_1_deployvm_domainadmin_foruserinotherdomain_crossnetwork(self): - """ - # Validate that Domain admin should not be able deploy VM for a user in a network that does not belong to the user - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - vmData = {"name": "d1-d11a-invalidnetwork", "displayname": "d1-d11a-invalidnetwork"} - try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, - networkids=self.network_d11b.id, + networkids=self.network_d1.id, + ) + + self.assertEqual(vm.state.lower() == RUNNING.lower(), + True, + "Domain admin User is not able to deploy VM for himself") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_15_deployvm_domaindmin_foruserinsamedomain(self): + """ + # Validate that Domain admin should be able to deploy vm for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + vmData = {"name": "d1a-d1", "displayname": "d1a-d1"} + + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d1a.id, + accountid=self.account_d1a.name, + domainid=self.account_d1a.domainid + ) + self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d1a.name and vm.domainid == self.account_d1a.domainid, + True, + "Domain admin User is not able to deploy VM for other users in his domain") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_16_deployvm_domaindmin_foruserinsubdomain(self): + """ + # Validate that Domain admin should be able to deploy vm for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + vmData = {"name": "d11a-d1", "displayname": "d111a-d1"} + + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d11a.id, accountid=self.account_d11a.name, domainid=self.account_d11a.domainid ) - self.fail("Domain admin is allowed to deploy vm for users in a network that does not belong to him ") - except Exception as e: - self.debug("When domain admin tries to deploy vm for users in network that does not belong to the user %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when Domain admin tries to deploy vm for users in a network that does not belong to him ") + self.assertEqual(vm.state.lower() == RUNNING.lower() and vm.account == self.account_d11a.name and vm.domainid == self.account_d11a.domainid, + True, + "Domain admin User is not able to deploy vm for himself") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_17_deployvm_domaindmin_forcrossdomainuser(self): + """ + # Validate that Domain admin should not be able allowed to deploy vm for users not in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + vmData = {"name": "d2a-d1", "displayname": "d2a-d1"} -## Test cases relating to deploying VM as regular user + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d2a.id, + accountid=self.account_d2a.name, + domainid=self.account_d2a.domainid + ) + self.fail("Domain admin is allowed to deploy vm for users not in hos domain ") + except Exception as e: + self.debug("When Domain admin tries to deploy vm for users in his sub domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): + self.fail("Error message validation failed when Domain admin tries to deploy vm for users not in hos domain ") -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_18_deployvm_user(self): - """ - # Validate that Regular should be able to deploy vm for himslef - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - vmData = {"name": "d1a-d1a", "displayname": "d1a-d1a"} + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_17_1_deployvm_domainadmin_foruserinotherdomain_crossnetwork(self): + """ + # Validate that Domain admin should not be able deploy VM for a user in a network that does not belong to the user + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + vmData = {"name": "d1-d11a-invalidnetwork", "displayname": "d1-d11a-invalidnetwork"} + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d11b.id, + accountid=self.account_d11a.name, + domainid=self.account_d11a.domainid + ) + self.fail("Domain admin is allowed to deploy vm for users in a network that does not belong to him ") + except Exception as e: + self.debug("When domain admin tries to deploy vm for users in network that does not belong to the user %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when Domain admin tries to deploy vm for users in a network that does not belong to him ") - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d1a.id, - ) - self.assertEqual(vm.state.lower() == RUNNING.lower(), - True, - "User is not able to deploy vm for himself") + ## Test cases relating to deploying VM as regular user + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_18_deployvm_user(self): + """ + # Validate that Regular should be able to deploy vm for himslef + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + vmData = {"name": "d1a-d1a", "displayname": "d1a-d1a"} -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_19_deployvm_user_foruserinsamedomain(self): - """ - # Validate that Regular user should NOT be able to deploy vm for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - vmData = {"name": "d1b-d1a", "displayname": "d1b-d1a"} - - try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, - networkids=self.network_d1b.id, - accountid=self.account_d1b.name, - domainid=self.account_d1b.domainid + networkids=self.network_d1a.id, ) - self.fail("Regular user is allowed to deploy vm for other users in his domain ") - except Exception as e: - self.debug("When user tries to deploy vm for users in his domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): - self.fail("Error message validation failed when Regular user tries to deploy vm for other users in his domain ") + self.assertEqual(vm.state.lower() == RUNNING.lower(), + True, + "User is not able to deploy vm for himself") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_19_deployvm_user_foruserinsamedomain(self): + """ + # Validate that Regular user should NOT be able to deploy vm for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + vmData = {"name": "d1b-d1a", "displayname": "d1b-d1a"} -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_20_deployvm_user_foruserincrossdomain(self): - """ - # Validate that Regular user should NOT be able to deploy vm for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - vmData = {"name": "d2a-d1a", "displayname": "d2a-d1a"} + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d1b.id, + accountid=self.account_d1b.name, + domainid=self.account_d1b.domainid + ) + self.fail("Regular user is allowed to deploy vm for other users in his domain ") + except Exception as e: + self.debug("When user tries to deploy vm for users in his domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): + self.fail("Error message validation failed when Regular user tries to deploy vm for other users in his domain ") - try: - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d2a.id, - accountid=self.account_d2a.name, - domainid=self.account_d2a.domainid - ) - self.fail("Regular user is allowed to deploy vm for users not in his domain ") - except Exception as e: - self.debug("When user tries to deploy vm for users n different domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): - self.fail("Error message validation failed when Regular user tries to deploy vm for users not in his domain ") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_20_deployvm_user_foruserincrossdomain(self): + """ + # Validate that Regular user should NOT be able to deploy vm for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + vmData = {"name": "d2a-d1a", "displayname": "d2a-d1a"} + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d2a.id, + accountid=self.account_d2a.name, + domainid=self.account_d2a.domainid + ) + self.fail("Regular user is allowed to deploy vm for users not in his domain ") + except Exception as e: + self.debug("When user tries to deploy vm for users n different domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): + self.fail("Error message validation failed when Regular user tries to deploy vm for users not in his domain ") -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_20_1_deployvm_user_incrossnetwork(self): - """ - #Validate that User should not be able deploy VM in a network that does not belong to him - """ - self.apiclient.connection.apiKey = self.user_d11a_apikey - self.apiclient.connection.securityKey = self.user_d11a_secretkey - vmData = {"name": "d11a-invalidnetwork", "displayname": "d11a-invalidnetwork"} - try: - vm = VirtualMachine.create( - self.apiclient, - vmData, - zoneid=self.zone.id, - serviceofferingid=self.service_offering.id, - templateid=self.template.id, - networkids=self.network_d11b.id, - ) - self.fail("User is allowed to deploy VM in a network that does not belong to him ") - except Exception as e: - self.debug("When user tries to deploy vm in a network that does not belong to him %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): - self.fail("Error message validation failed when User is allowed to deploy VM in a network that does not belong to him ") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_20_1_deployvm_user_incrossnetwork(self): + """ + #Validate that User should not be able deploy VM in a network that does not belong to him + """ + self.apiclient.connection.apiKey = self.user_d11a_apikey + self.apiclient.connection.securityKey = self.user_d11a_secretkey + vmData = {"name": "d11a-invalidnetwork", "displayname": "d11a-invalidnetwork"} + try: + vm = VirtualMachine.create( + self.apiclient, + vmData, + zoneid=self.zone.id, + serviceofferingid=self.service_offering.id, + templateid=self.template.id, + networkids=self.network_d11b.id, + ) + self.fail("User is allowed to deploy VM in a network that does not belong to him ") + except Exception as e: + self.debug("When user tries to deploy vm in a network that does not belong to him %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.UNABLE_TO_USE_NETWORK): + self.fail("Error message validation failed when User is allowed to deploy VM in a network that does not belong to him ") + ## Test cases relating to restart Network as admin user -## Test cases relating to restart Network as admin user + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_21_restartNetwork_admin(self): + """ + #Validate that Admin should be able to restart network for networks he owns + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_21_restartNetwork_admin(self): - """ - #Validate that Admin should be able to restart network for networks he owns - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey + restartResponse = self.network_root.restart(self.apiclient) - restartResponse = self.network_root.restart(self.apiclient) + self.assertEqual(restartResponse.success, + True, + "Admin User is not able to restart network he owns") - self.assertEqual(restartResponse.success, - True, - "Admin User is not able to restart network he owns") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_22_restartNetwork_admin_foruserinsamedomain(self): + """ + # Validate that Admin should be able to restart network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey + restartResponse = self.network_roota.restart(self.apiclient) -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_22_restartNetwork_admin_foruserinsamedomain(self): - """ - # Validate that Admin should be able to restart network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey + self.assertEqual(restartResponse.success, + True, + "Admin User is not able to restart network owned by users his domain") - restartResponse = self.network_roota.restart(self.apiclient) - - self.assertEqual(restartResponse.success, - True, - "Admin User is not able to restart network owned by users his domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_23_restartNetwork_admin_foruserinotherdomain(self): - """ - # Validate that Admin should be able to restart network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_root_apikey - self.apiclient.connection.securityKey = self.user_root_secretkey - - restartResponse = self.network_d11a.restart(self.apiclient) - - self.assertEqual(restartResponse.success, - True, - "Admin User is not able to restart network owned other users in other domain") - - -## Test cases relating to restart Network as domain admin user - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_24_restartNetwork_domaindmin(self): - """ - # Validate that Domain admin should be able to restart network for himslef - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - - restartResponse = self.network_d1.restart(self.apiclient) - - self.assertEqual(restartResponse.success, - True, - "Domain admin User is not able to restart network for himself") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_25_restartNetwork_domaindmin_foruserinsamedomain(self): - """ - # Validate that Domain admin should be able to restart network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - - restartResponse = self.network_d1a.restart(self.apiclient) - self.assertEqual(restartResponse.success, - True, - "Domain admin User is not able to restart network for other users in his domain") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_26_restartNetwork_domaindmin_foruserinsubdomain(self): - """ - # Validate that Domain admin should be able to restart network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - - restartResponse = self.network_d11a.restart(self.apiclient) - self.assertEqual(restartResponse.success, - True, - "Domain admin User is not able to restart network he owns") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_27_restartNetwork_domaindmin_forcrossdomainuser(self): - """ - # Validate that Domain admin should be able to restart network for users in his sub domain - """ - self.apiclient.connection.apiKey = self.user_d1_apikey - self.apiclient.connection.securityKey = self.user_d1_secretkey - - try: - restartResponse = self.network_d2a.restart(self.apiclient) - self.fail("Domain admin is allowed to restart network for users not in his domain ") - except Exception as e: - self.debug("When Domain admin tries to restart network for users in his sub domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): - self.fail("Error message validation failed when Domain admin tries to restart network for users not in his domain ") - - -## Test cases relating restart network as regular user - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_28_restartNetwork_user(self): - """ - #Validate that Regular should be able to restart network for himslef - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - - restartResponse = self.network_d1a.restart(self.apiclient) - self.assertEqual(restartResponse.success, - True, - "User is not able to restart network he owns") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_29_restartNetwork_user_foruserinsamedomain(self): - """ - #Validate that Regular user should NOT be able to restart network for users in his domain - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - - try: - restartResponse = self.network_d1b.restart(self.apiclient) - self.fail("Regular user is allowed to restart network for users in his domain ") - except Exception as e: - self.debug("When user tries to restart network for users in his domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): - self.fail("Error message validation failed when Regular user tries to restart network for users in his domain ") - - -@attr("simulator_only", tags=["advanced"], required_hardware="false") -def test_30_restartNetwork_user_foruserinotherdomain(self): - """ - #Validate that Domain admin should be NOT be able to restart network for users in other domains - """ - self.apiclient.connection.apiKey = self.user_d1a_apikey - self.apiclient.connection.securityKey = self.user_d1a_secretkey - - try: + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_23_restartNetwork_admin_foruserinotherdomain(self): + """ + # Validate that Admin should be able to restart network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_root_apikey + self.apiclient.connection.securityKey = self.user_root_secretkey restartResponse = self.network_d11a.restart(self.apiclient) - self.fail("Regular user is allowed to restart network for users not in his domain ") - except Exception as e: - self.debug("When user tries to restart network for users in other domain %s" % e) - if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): - self.fail("Error message validation failed when Regular user is allowed to restart network for users not in his domain ") + + self.assertEqual(restartResponse.success, + True, + "Admin User is not able to restart network owned other users in other domain") -@staticmethod -def generateKeysForUser(apiclient, account): - user = User.list( - apiclient, - account=account.name, - domainid=account.domainid - )[0] + ## Test cases relating to restart Network as domain admin user - return (User.registerUserKeys( - apiclient, - user.id - )) + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_24_restartNetwork_domaindmin(self): + """ + # Validate that Domain admin should be able to restart network for himslef + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey + restartResponse = self.network_d1.restart(self.apiclient) -@staticmethod -def createNetwork(apiclient, account, isolated_network_offering_id, zone): - network = { - "name": "Network-", - "displaytext": "Network-", - "gateway": "10.223.1.1", - "netmask": "255.255.255.0", - "startip": "10.223.1.2", - "endip": "10.223.1.100", - } + self.assertEqual(restartResponse.success, + True, + "Domain admin User is not able to restart network for himself") - network["name"] = account.name + " -forupdate" - network["displayname"] = account.name + "-forupdate" + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_25_restartNetwork_domaindmin_foruserinsamedomain(self): + """ + # Validate that Domain admin should be able to restart network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey - network = Network.create( - apiclient, - network, - networkofferingid=isolated_network_offering_id, - zoneid=zone.id - ) - return network + restartResponse = self.network_d1a.restart(self.apiclient) + self.assertEqual(restartResponse.success, + True, + "Domain admin User is not able to restart network for other users in his domain") + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_26_restartNetwork_domaindmin_foruserinsubdomain(self): + """ + # Validate that Domain admin should be able to restart network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey -@staticmethod -def createVM(apiclient, zoneId, serviceOfferingId, templateId, networkId): - vmData = {"name": "prereq", "dispayname": "prereq"} + restartResponse = self.network_d11a.restart(self.apiclient) + self.assertEqual(restartResponse.success, + True, + "Domain admin User is not able to restart network he owns") - vm = VirtualMachine.create( - apiclient, - vmData, - zoneid=zoneId, - serviceofferingid=serviceOfferingId, - templateid=templateId, - networkids=networkId - ) + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_27_restartNetwork_domaindmin_forcrossdomainuser(self): + """ + # Validate that Domain admin should be able to restart network for users in his sub domain + """ + self.apiclient.connection.apiKey = self.user_d1_apikey + self.apiclient.connection.securityKey = self.user_d1_secretkey - return vm + try: + restartResponse = self.network_d2a.restart(self.apiclient) + self.fail("Domain admin is allowed to restart network for users not in his domain ") + except Exception as e: + self.debug("When Domain admin tries to restart network for users in his sub domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): + self.fail("Error message validation failed when Domain admin tries to restart network for users not in his domain ") + + ## Test cases relating restart network as regular user + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_28_restartNetwork_user(self): + """ + #Validate that Regular should be able to restart network for himslef + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + + restartResponse = self.network_d1a.restart(self.apiclient) + self.assertEqual(restartResponse.success, + True, + "User is not able to restart network he owns") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_29_restartNetwork_user_foruserinsamedomain(self): + """ + #Validate that Regular user should NOT be able to restart network for users in his domain + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + + try: + restartResponse = self.network_d1b.restart(self.apiclient) + self.fail("Regular user is allowed to restart network for users in his domain ") + except Exception as e: + self.debug("When user tries to restart network for users in his domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): + self.fail("Error message validation failed when Regular user tries to restart network for users in his domain ") + + @attr("simulator_only", tags=["advanced"], required_hardware="false") + def test_30_restartNetwork_user_foruserinotherdomain(self): + """ + #Validate that Domain admin should be NOT be able to restart network for users in other domains + """ + self.apiclient.connection.apiKey = self.user_d1a_apikey + self.apiclient.connection.securityKey = self.user_d1a_secretkey + + try: + restartResponse = self.network_d11a.restart(self.apiclient) + self.fail("Regular user is allowed to restart network for users not in his domain ") + except Exception as e: + self.debug("When user tries to restart network for users in other domain %s" % e) + if not CloudstackAclException.verifyMsginException(e, CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): + self.fail("Error message validation failed when Regular user is allowed to restart network for users not in his domain ") + + @staticmethod + def generateKeysForUser(apiclient, account): + user = User.list( + apiclient, + account=account.name, + domainid=account.domainid + )[0] + + return (User.registerUserKeys( + apiclient, + user.id + )) + + @staticmethod + def createNetwork(apiclient, account, isolated_network_offering_id, zone): + network = { + "name": "Network-", + "displaytext": "Network-", + "gateway": "10.223.1.1", + "netmask": "255.255.255.0", + "startip": "10.223.1.2", + "endip": "10.223.1.100", + } + + network["name"] = account.name + " -forupdate" + network["displayname"] = account.name + "-forupdate" + + network = Network.create( + apiclient, + network, + networkofferingid=isolated_network_offering_id, + zoneid=zone.id + ) + return network + + @staticmethod + def createVM(apiclient, zoneId, serviceOfferingId, templateId, networkId): + vmData = {"name": "prereq", "dispayname": "prereq"} + + vm = VirtualMachine.create( + apiclient, + vmData, + zoneid=zoneId, + serviceofferingid=serviceOfferingId, + templateid=templateId, + networkids=networkId + ) + + return vm