Fix flavor_rxtx_rbac
Updates flavor_rxtx to more thoroughly test policy enforcement by - making use of RbacMalformedResponse to ensure rxtx_factor is included in response body - adding new flavor_rxtx tests Currently, POST /flavors is not tested as that action also enforces os-flavor-manage: create, which is admin-only by default and would therefore fail due to conflicting policy restrictions. This test will be added once multi-policy support is available. Change-Id: I7fb35212fc6bb817a2b04077c983865e1191f214 Closes-Bug: #1712725
This commit is contained in:
parent
9db9a1b0cb
commit
bf58a7fe3a
|
@ -13,12 +13,17 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
from tempest.lib import decorators
|
||||
from tempest import test
|
||||
|
||||
from patrole_tempest_plugin import rbac_exceptions
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.compute import rbac_base
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
class FlavorRxtxRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
||||
|
||||
|
@ -29,11 +34,27 @@ class FlavorRxtxRbacTest(rbac_base.BaseV2ComputeRbacTest):
|
|||
msg = "os-flavor-rxtx extension not enabled."
|
||||
raise cls.skipException(msg)
|
||||
|
||||
@decorators.idempotent_id('0278677c-6e69-4293-a387-b485781e61a1')
|
||||
@decorators.idempotent_id('5e1fd9f0-9a08-485a-ad9c-0fc66e4d64b7')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-flavor-rxtx")
|
||||
def test_create_flavor_rxtx(self):
|
||||
def test_list_flavors_details_rxtx(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
# Enforces os_compute_api:os-flavor-rxtx.
|
||||
self.flavors_client.list_flavors(detail=True)['flavors']
|
||||
# Enforces os_compute_api:os-flavor-rxtx
|
||||
result = self.flavors_client.list_flavors(detail=True)['flavors']
|
||||
if 'rxtx_factor' not in result[0]:
|
||||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute='rxtx_factor')
|
||||
|
||||
@decorators.idempotent_id('70c55a07-c843-4627-a29d-ba78673c1e63')
|
||||
@rbac_rule_validation.action(
|
||||
service="nova",
|
||||
rule="os_compute_api:os-flavor-rxtx")
|
||||
def test_get_flavor_rxtx(self):
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
# Enforces os_compute_api:os-flavor-rxtx
|
||||
result =\
|
||||
self.flavors_client.show_flavor(CONF.compute.flavor_ref)['flavor']
|
||||
if 'rxtx_factor' not in result:
|
||||
raise rbac_exceptions.RbacMalformedResponse(
|
||||
attribute='rxtx_factor')
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
test_flavor_rxtx_rbac now offers complete
|
||||
coverage for the os-flavor-rxtx policy.
|
Loading…
Reference in New Issue