Add API test ensure tenant can't delete other ports
Change I55328cb43207654b9bb4cfb732923982d020ab0a fixed the policy enforcement to ensure that tenants could delete ports on networks they didn't own. However, it required a change to the policy engine so this test adds a patch to ensure that it didn't break the normal case that prevents tenants from deleting other tenant's ports on networks they don't own. Change-Id: I3118ec79c213c4eea4c5ca494e530c33189f6c59 Related-Bug: #1498790
This commit is contained in:
parent
67abf5f9f0
commit
a374e52c4c
|
@ -283,6 +283,14 @@ class RBACSharedNetworksTest(base.BaseAdminNetworkTest):
|
|||
port = self.client2.create_port(network_id=net['id'])['port']
|
||||
self.client.delete_port(port['id'])
|
||||
|
||||
@test.idempotent_id('f7539232-389a-4e9c-9e37-e42a129eb541')
|
||||
def test_tenant_cant_delete_other_tenants_ports(self):
|
||||
net = self.create_network()
|
||||
port = self.client.create_port(network_id=net['id'])['port']
|
||||
self.addCleanup(self.client.delete_port, port['id'])
|
||||
with testtools.ExpectedException(lib_exc.NotFound):
|
||||
self.client2.delete_port(port['id'])
|
||||
|
||||
@test.attr(type='smoke')
|
||||
@test.idempotent_id('86c3529b-1231-40de-803c-afffffff4fff')
|
||||
def test_regular_client_shares_to_another_regular_client(self):
|
||||
|
|
Loading…
Reference in New Issue