RBAC test for update_subnetpool:is_default
This commit adds a new RBAC test for subnetpools for updating a default subnetpool. Because the update may be performed on a pre-existing default subnetpool (because only 1 default subnetpool may exist per IP family -- 4 and 6), the update operation only updates the description to the already-existing description, in effect doing nothing to the subnetpool but still doing policy enforcement for the specified policy action. In addition, this commit does not add a test for create_subnetpool:is_default because in all likelihood default subnetpools already exist and it is not safe to delete them and re-create them for multiple reasons. Change-Id: Ic2f5436f80354c76d2dbd404e3966e34088e86f3
This commit is contained in:
parent
eeb271a21e
commit
9817838108
|
@ -13,7 +13,6 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from oslo_log import log
|
|
||||||
from tempest import config
|
from tempest import config
|
||||||
from tempest.lib.common.utils import data_utils
|
from tempest.lib.common.utils import data_utils
|
||||||
from tempest.lib.common.utils import test_utils
|
from tempest.lib.common.utils import test_utils
|
||||||
|
@ -24,7 +23,6 @@ from patrole_tempest_plugin import rbac_rule_validation
|
||||||
from patrole_tempest_plugin.tests.api.network import rbac_base as base
|
from patrole_tempest_plugin.tests.api.network import rbac_base as base
|
||||||
|
|
||||||
CONF = config.CONF
|
CONF = config.CONF
|
||||||
LOG = log.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
|
class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
|
||||||
|
@ -36,14 +34,14 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
|
||||||
msg = "subnet_allocation extension not enabled."
|
msg = "subnet_allocation extension not enabled."
|
||||||
raise cls.skipException(msg)
|
raise cls.skipException(msg)
|
||||||
|
|
||||||
def _create_subnetpool(self, shared=None):
|
def _create_subnetpool(self, **kwargs):
|
||||||
post_body = {'name': data_utils.rand_name(self.__class__.__name__),
|
post_body = {'name': data_utils.rand_name(self.__class__.__name__),
|
||||||
'min_prefixlen': 24,
|
'min_prefixlen': 24,
|
||||||
'max_prefixlen': 32,
|
'max_prefixlen': 32,
|
||||||
'prefixes': [CONF.network.project_network_cidr]}
|
'prefixes': [CONF.network.project_network_cidr]}
|
||||||
|
|
||||||
if shared is not None:
|
if kwargs:
|
||||||
post_body['shared'] = shared
|
post_body.update(kwargs)
|
||||||
|
|
||||||
body = self.subnetpools_client.create_subnetpool(**post_body)
|
body = self.subnetpools_client.create_subnetpool(**post_body)
|
||||||
subnetpool = body['subnetpool']
|
subnetpool = body['subnetpool']
|
||||||
|
@ -102,6 +100,28 @@ class SubnetPoolsRbacTest(base.BaseNetworkRbacTest):
|
||||||
self.subnetpools_client.update_subnetpool(subnetpool['id'],
|
self.subnetpools_client.update_subnetpool(subnetpool['id'],
|
||||||
min_prefixlen=24)
|
min_prefixlen=24)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('a16f4e5c-0675-415f-b636-00af00638693')
|
||||||
|
@rbac_rule_validation.action(service="neutron",
|
||||||
|
rule="update_subnetpool:is_default",
|
||||||
|
expected_error_code=404)
|
||||||
|
def test_update_subnetpool_is_default(self):
|
||||||
|
"""Update default subnetpool.
|
||||||
|
|
||||||
|
RBAC test for the neutron update_subnetpool:is_default policy
|
||||||
|
"""
|
||||||
|
subnetpools = self.subnetpools_client.list_subnetpools()['subnetpools']
|
||||||
|
default_pool = list(
|
||||||
|
filter(lambda p: p['is_default'] is True, subnetpools))
|
||||||
|
if default_pool:
|
||||||
|
default_pool = default_pool[0]
|
||||||
|
else:
|
||||||
|
default_pool = self._create_subnetpool(is_default=True)
|
||||||
|
original_desc = default_pool['description']
|
||||||
|
|
||||||
|
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||||
|
self.subnetpools_client.update_subnetpool(
|
||||||
|
default_pool['id'], description=original_desc, is_default=True)
|
||||||
|
|
||||||
@rbac_rule_validation.action(service="neutron",
|
@rbac_rule_validation.action(service="neutron",
|
||||||
rule="delete_subnetpool",
|
rule="delete_subnetpool",
|
||||||
expected_error_code=404)
|
expected_error_code=404)
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Add RBAC test for updating the default subnetpool, providing coverage
|
||||||
|
for the policy action: "update_subnetpool:is_default".
|
Loading…
Reference in New Issue