diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py index 41c9bf58..bd34f9e2 100644 --- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py +++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +import testtools + from tempest import config from tempest.lib import decorators from tempest.lib import exceptions as lib_exc @@ -121,6 +123,36 @@ class IdentityTrustV3RbacTest(rbac_base.BaseIdentityV3RbacTest): self.trusts_client.list_trusts( trustor_user_id=self.trustor_user_id) + @testtools.skipUnless( + CONF.policy_feature_enabled.keystone_policy_enforcement_train, + 'This test tests Keystone policy actions introduced in Train') + @decorators.idempotent_id('6273ab11-32ad-450e-be4e-deaa856d7051') + @rbac_rule_validation.action( + service="keystone", + rules=["identity:list_trusts_for_trustor"], + extra_target_data={ + "target.trust.trustor_user_id": "os_primary.credentials.user_id" + }) + def test_list_trusts_for_trustor(self): + with self.override_role(): + self.trusts_client.list_trusts( + trustor_user_id=self.trustor_user_id) + + @testtools.skipUnless( + CONF.policy_feature_enabled.keystone_policy_enforcement_train, + 'This test tests Keystone policy actions introduced in Train') + @decorators.idempotent_id('90bbbd77-c1df-43f9-99dc-088d52b95eff') + @rbac_rule_validation.action( + service="keystone", + rules=["identity:list_trusts_for_trustee"], + extra_target_data={ + "target.trust.trustee_user_id": "trustee_user_id" + }) + def test_list_trusts_for_trustee(self): + with self.override_role(): + self.trusts_client.list_trusts( + trustee_user_id=self.trustee_user_id) + @decorators.idempotent_id('3c9ff92f-a73e-4f9b-8865-e017f38c70f5') @rbac_rule_validation.action( service="keystone",