Browse Source

Add API test case to check if SG displays all rules

This patch adds new API test which checks if owner of security group
can see rules which belongs to his security group even if rule was
created and belongs to other user (admin).

Patch for master branch:
Depends-On: https://review.opendev.org/660174

Backport to stable/Stein:
Depends-On: https://review.opendev.org/661281

Backport to stable/Rocky:
Depends-On: https://review.opendev.org/661283

Backport to stable/Queens:
Depends-On: https://review.opendev.org/661284

Change-Id: I728cd8252d27e27e91bd95e4734d9db470dee35a
Related-Bug: #1824248
tags/0.4.0
Slawek Kaplonski 4 months ago
parent
commit
87c3f941a3
1 changed files with 22 additions and 1 deletions
  1. 22
    1
      neutron_tempest_plugin/api/test_security_groups.py

+ 22
- 1
neutron_tempest_plugin/api/test_security_groups.py View File

@@ -13,6 +13,8 @@
13 13
 #    License for the specific language governing permissions and limitations
14 14
 #    under the License.
15 15
 
16
+import random
17
+
16 18
 from neutron_lib import constants
17 19
 from tempest.lib.common.utils import data_utils
18 20
 from tempest.lib import decorators
@@ -23,7 +25,7 @@ from neutron_tempest_plugin.api import base
23 25
 from neutron_tempest_plugin.api import base_security_groups
24 26
 
25 27
 
26
-class SecGroupTest(base.BaseNetworkTest):
28
+class SecGroupTest(base.BaseAdminNetworkTest):
27 29
 
28 30
     required_extensions = ['security-group']
29 31
 
@@ -55,6 +57,25 @@ class SecGroupTest(base.BaseNetworkTest):
55 57
         self.assertEqual(observed_security_group['description'],
56 58
                          new_description)
57 59
 
60
+    @decorators.idempotent_id('1fff0d57-bb6c-4528-9c1d-2326dce1c087')
61
+    def test_show_security_group_contains_all_rules(self):
62
+        security_group = self.create_security_group()
63
+        protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
64
+        security_group_rule = self.create_security_group_rule(
65
+            security_group=security_group,
66
+            project={'id': self.admin_client.tenant_id},
67
+            client=self.admin_client,
68
+            protocol=protocol,
69
+            direction=constants.INGRESS_DIRECTION)
70
+
71
+        observed_security_group = self.client.show_security_group(
72
+            security_group['id'])['security_group']
73
+        observerd_security_group_rules_ids = [
74
+            sgr['id'] for sgr in
75
+            observed_security_group['security_group_rules']]
76
+        self.assertIn(
77
+            security_group_rule['id'], observerd_security_group_rules_ids)
78
+
58 79
     @decorators.idempotent_id('7c0ecb10-b2db-11e6-9b14-000c29248b0d')
59 80
     def test_create_bulk_sec_groups(self):
60 81
         # Creates 2 sec-groups in one request

Loading…
Cancel
Save