RBAC tests for extended server attributes policies

This commit adds RBAC tests for extended server attributes policies, the documentation for which can be found here: https://github.com/openstack/nova/blob/master/nova/policies/extended_server_attributes.py Tests for both APIs that enforce each policy were added. Change-Id: I4150bcff934f1386ba8947d271289b790900ce2e Implements: blueprint rbac-tests-for-extended-server-attributes
2017-08-29 21:30:52 +01:00 · 2017-08-29 21:30:52 +01:00 · 0f86ca422a
parent a63f854f63
commit 0f86ca422a
2 changed files with 49 additions and 0 deletions
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@ -199,6 +199,50 @@ class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
            raise rbac_exceptions.RbacMalformedResponse(
                attribute=expected_attr)

+    @decorators.idempotent_id('4aa5d93e-4887-468a-8eb4-b6eca0ca6437')
+    @test.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-extended-server-attributes")
+    def test_list_servers_extended_server_attributes(self):
+        """Test list servers with details, with extended server attributes in
+        response body.
+        """
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        body = self.servers_client.list_servers(detail=True)['servers']
+
+        # NOTE(felipemonteiro): The attributes included below should be
+        # returned by all microversions. We don't include tests for other
+        # microversions since Tempest schema validation takes care of that in
+        # `show_server` call above. (Attributes there are *optional*.)
+        for attr in ('host', 'instance_name'):
+            whole_attr = 'OS-EXT-SRV-ATTR:%s' % attr
+            if whole_attr not in body[0]:
+                raise rbac_exceptions.RbacMalformedResponse(
+                    attribute=whole_attr)
+
+    @decorators.idempotent_id('2ed7aee2-94b2-4a9f-ae63-a51b7f94fe30')
+    @test.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-extended-server-attributes")
+    def test_show_server_extended_server_attributes(self):
+        """Test show server with extended server attributes in response
+        body.
+        """
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        body = self.servers_client.show_server(self.server['id'])['server']
+
+        # NOTE(felipemonteiro): The attributes included below should be
+        # returned by all microversions. We don't include tests for other
+        # microversions since Tempest schema validation takes care of that in
+        # `show_server` call above. (Attributes there are *optional*.)
+        for attr in ('host', 'instance_name'):
+            whole_attr = 'OS-EXT-SRV-ATTR:%s' % attr
+            if whole_attr not in body:
+                raise rbac_exceptions.RbacMalformedResponse(
+                    attribute=whole_attr)
+
    @decorators.idempotent_id('82053c27-3134-4003-9b55-bc9fafdb0e3b')
    @test.requires_ext(extension='OS-EXT-STS', service='compute')
    @rbac_rule_validation.action(
--- a/releasenotes/notes/extended-server-attributes-36623af87e714369.yaml
+++ b/releasenotes/notes/extended-server-attributes-36623af87e714369.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add complete RBAC test coverage for the compute APIs that enforce:
+    "os_compute_api:os-extended-server-attributes".