RBAC test for update_subnetpool:is_default

This commit adds a new RBAC test for subnetpools for updating a default subnetpool. Because the update may be performed on a pre-existing default subnetpool (because only 1 default subnetpool may exist per IP family -- 4 and 6), the update operation only updates the description to the already-existing description, in effect doing nothing to the subnetpool but still doing policy enforcement for the specified policy action. In addition, this commit does not add a test for create_subnetpool:is_default because in all likelihood default subnetpools already exist and it is not safe to delete them and re-create them for multiple reasons. Change-Id: Ic2f5436f80354c76d2dbd404e3966e34088e86f3
2017-06-02 18:53:08 +01:00 · 2017-06-02 18:53:08 +01:00 · 9817838108
parent eeb271a21e
commit 9817838108
2 changed files with 30 additions and 5 deletions
--- a/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_subnetpools_rbac.py
@ -13,7 +13,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from oslo_log import log
 from tempest import config
 from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
@ -24,7 +23,6 @@ from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.network import rbac_base as base

 CONF = config.CONF
-LOG = log.getLogger(__name__)


 class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
@ -36,14 +34,14 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
            msg = "subnet_allocation extension not enabled."
            raise cls.skipException(msg)

-    def _create_subnetpool(self, shared=None):
+    def _create_subnetpool(self, **kwargs):
        post_body = {'name': data_utils.rand_name(self.__class__.__name__),
                     'min_prefixlen': 24,
                     'max_prefixlen': 32,
                     'prefixes': [CONF.network.project_network_cidr]}

-        if shared is not None:
-            post_body['shared'] = shared
+        if kwargs:
+            post_body.update(kwargs)

        body = self.subnetpools_client.create_subnetpool(**post_body)
        subnetpool = body['subnetpool']
@ -102,6 +100,28 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
        self.subnetpools_client.update_subnetpool(subnetpool['id'],
                                                  min_prefixlen=24)

+    @decorators.idempotent_id('a16f4e5c-0675-415f-b636-00af00638693')
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="update_subnetpool:is_default",
+                                 expected_error_code=404)
+    def test_update_subnetpool_is_default(self):
+        """Update default subnetpool.
+
+        RBAC test for the neutron update_subnetpool:is_default policy
+        """
+        subnetpools = self.subnetpools_client.list_subnetpools()['subnetpools']
+        default_pool = list(
+            filter(lambda p: p['is_default'] is True, subnetpools))
+        if default_pool:
+            default_pool = default_pool[0]
+        else:
+            default_pool = self._create_subnetpool(is_default=True)
+        original_desc = default_pool['description']
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.subnetpools_client.update_subnetpool(
+            default_pool['id'], description=original_desc, is_default=True)
+
    @rbac_rule_validation.action(service="neutron",
                                 rule="delete_subnetpool",
                                 expected_error_code=404)
--- a/releasenotes/notes/subnetpools_update_is_default_test-d3540a87469b6dc8.yaml
+++ b/releasenotes/notes/subnetpools_update_is_default_test-d3540a87469b6dc8.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add RBAC test for updating the default subnetpool, providing coverage
+    for the policy action: "update_subnetpool:is_default".