Add API test ensure tenant can't delete other ports

Change I55328cb43207654b9bb4cfb732923982d020ab0a fixed the policy enforcement to ensure that tenants could delete ports on networks they didn't own. However, it required a change to the policy engine so this test adds a patch to ensure that it didn't break the normal case that prevents tenants from deleting other tenant's ports on networks they don't own. Change-Id: I3118ec79c213c4eea4c5ca494e530c33189f6c59 Related-Bug: #1498790
2016-03-14 01:59:37 -07:00 · 2016-03-14 01:59:37 -07:00 · a374e52c4c
parent 67abf5f9f0
commit a374e52c4c
1 changed files with 8 additions and 0 deletions
--- a/neutron/tests/api/admin/test_shared_network_extension.py
+++ b/neutron/tests/api/admin/test_shared_network_extension.py
@ -283,6 +283,14 @@ class RBACSharedNetworksTest(base.BaseAdminNetworkTest):
        port = self.client2.create_port(network_id=net['id'])['port']
        self.client.delete_port(port['id'])

+    @test.idempotent_id('f7539232-389a-4e9c-9e37-e42a129eb541')
+    def test_tenant_cant_delete_other_tenants_ports(self):
+        net = self.create_network()
+        port = self.client.create_port(network_id=net['id'])['port']
+        self.addCleanup(self.client.delete_port, port['id'])
+        with testtools.ExpectedException(lib_exc.NotFound):
+            self.client2.delete_port(port['id'])
+
    @test.attr(type='smoke')
    @test.idempotent_id('86c3529b-1231-40de-803c-afffffff4fff')
    def test_regular_client_shares_to_another_regular_client(self):