DaanHoogland commented on code in PR #8689:
URL: https://github.com/apache/cloudstack/pull/8689#discussion_r1526376403
##########
test/integration/smoke/test_vm_life_cycle.py:
##########
@@ -955,6 +956,92 @@ def test_12_start_vm_multiple_volumes_allocated(self):
"Check virtual machine is in running state"
)
+ @attr(tags=["devcloud", "advanced", "advancedns", "smoke", "basic", "sg"],
required_hardware="false")
+ def test_13_destroy_and_expunge_vm(self):
+ """Test destroy virtual machine with expunge parameter depending on
whether the caller's role has expunge permission.
+ """
+ # Setup steps:
+ # 1. Create role with DENY expunge permission.
+ # 2. Create account with said role.
+ # 3. Create a VM of said account.
+ # 4. Create a VM of cls.account
+ # Validation steps:
+ # 1. Destroy the VM with the created account and verify it was not
destroyed.
+ # 1. Destroy the other VM with cls.account and verify it was expunged.
+
+ role = Role.importRole(
+ self.apiclient,
+ {
+ "name": "MarvinFake Import Role ",
+ "type": "DomainAdmin",
+ "description": "Fake Import Domain Admin Role created by
Marvin test",
+ "rules" : [{"rule":"list*",
"permission":"allow","description":"Listing apis"},
+ {"rule":"get*",
"permission":"allow","description":"Get apis"},
+ {"rule":"update*",
"permission":"allow","description":"Update apis"},
+ {"rule":"queryAsyncJobResult",
"permission":"allow","description":"Query async job result"},
+ {"rule":"deployVirtualMachine",
"permission":"allow","description":"Deploy virtual machine"},
+ {"rule":"destroyVirtualMachine",
"permission":"allow","description":"Destroy virtual machine"},
+ {"rule":"expungeVirtualMachine",
"permission":"deny","description":"Expunge virtual machine"}]
+ },
+ )
+
+ domadm = Account.create(
+ self.apiclient,
+ self.services["account"],
+ admin=True,
+ roleid=role.id,
+ domainid=self.domain.id
+ )
+
+ self.cleanup.append(domadm)
+ self.cleanup.append(role)
Review Comment:
```suggestion
role = Role.importRole(
self.apiclient,
{
"name": "MarvinFake Import Role ",
"type": "DomainAdmin",
"description": "Fake Import Domain Admin Role created by
Marvin test",
"rules" : [{"rule":"list*",
"permission":"allow","description":"Listing apis"},
{"rule":"get*",
"permission":"allow","description":"Get apis"},
{"rule":"update*",
"permission":"allow","description":"Update apis"},
{"rule":"queryAsyncJobResult",
"permission":"allow","description":"Query async job result"},
{"rule":"deployVirtualMachine",
"permission":"allow","description":"Deploy virtual machine"},
{"rule":"destroyVirtualMachine",
"permission":"allow","description":"Destroy virtual machine"},
{"rule":"expungeVirtualMachine",
"permission":"deny","description":"Expunge virtual machine"}]
},
)
self.cleanup.append(role)
domadm = Account.create(
self.apiclient,
self.services["account"],
admin=True,
roleid=role.id,
domainid=self.domain.id
)
self.cleanup.append(domadm)
```
@gpordeus , the reason for this is that any exception in the second create
would leave the first object as garbage behind.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
