Merge "Expand Designate RBAC testing - Zone Abandon"

2022-06-07 01:53:09 +00:00
parent b5869ecd36 fdb7b51799
commit 39c8bf2fbc
1 changed files with 13 additions and 1 deletions
--- a/designate_tempest_plugin/tests/api/v2/test_zone_tasks.py
+++ b/designate_tempest_plugin/tests/api/v2/test_zone_tasks.py
@@ -61,7 +61,8 @@ class BaseZonesTest(base.BaseDnsV2Test):


 class ZoneTasks(BaseZonesTest):
-    credentials = ["primary", "alt", "admin", "system_admin"]
+    credentials = ["primary", "alt", "admin", "system_admin", "system_reader",
+                   "project_member", "project_reader"]

    @classmethod
    def setup_credentials(cls):
@@ -98,6 +99,17 @@ class ZoneTasks(BaseZonesTest):
        LOG.info('Check that the zone was created on Nameserver/BIND')
        waiters.wait_for_query(self.query_client, pr_zone['name'], "SOA")

+        # Test RBAC
+        expected_allowed = ['os_admin']
+        if CONF.dns_feature_enabled.enforce_new_defaults:
+            expected_allowed.append('os_system_admin')
+
+        self.check_CUD_RBAC_enforcement(
+            'ZonesClient', 'abandon_zone', expected_allowed, False,
+            pr_zone['id'],
+            headers={'x-auth-sudo-project-id': pr_zone['project_id']})
+
+        # Test abandoning the zone
        LOG.info('Abandon a zone')
        self.admin_client.abandon_zone(
            pr_zone['id'],