Test secret access via ACL This patch enhances the ACL test to ensure that "other" user is not able to get a secret before being added to the ACL. After adding the ACL for the user, we check again to ensure the ACL is working as intended by allowing the user now in the ACL to access the secret. Change-Id: I0b4e1fc71c62376301858128dd2fbb75bd1fa602

commit: a32eaf0dd8a4cd1825f69b97dc7ac51519ec07d7 [log] [tgz]
author: Douglas Mendizábal <dmendiza@redhat.com> Tue Aug 30 14:50:36 2022 -0500
committer: Douglas Mendizábal <dmendiza@redhat.com> Tue Aug 30 14:51:34 2022 -0500
tree: ad11efdc9dd24173dbc2d22004fdb47ffbd0ffb3
parent: 01da5615dbe869685858f64e52fe40c870141116 [diff]
diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
index e8a3607..bdd56b2 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py

@@ -569,9 +569,16 @@
         self.assertIn("read", acl.keys())
 
     def test_put_secret_acl(self):
+        self.assertRaises(
+            exceptions.Forbidden,
+            self.other_secret_client.get_secret_metadata,
+            self.secret_id
+        )
         _ = self.client.put_secret_acl(self.secret_id, self.valid_acl)
         acl = self.client.get_secret_acl(self.secret_id)
         self.assertIn(self.other_secret_client.user_id, acl['read']['users'])
+        resp = self.other_secret_client.get_secret_metadata(self.secret_id)
+        self.assertIn(self.secret_id, resp['secret_ref'])
 
     def test_patch_secret_acl(self):
         _ = self.client.put_secret_acl(self.secret_id, self.valid_acl)
commit	a32eaf0dd8a4cd1825f69b97dc7ac51519ec07d7	[log] [tgz]
author	Douglas Mendizábal <dmendiza@redhat.com>	Tue Aug 30 14:50:36 2022 -0500
committer	Douglas Mendizábal <dmendiza@redhat.com>	Tue Aug 30 14:51:34 2022 -0500
tree	ad11efdc9dd24173dbc2d22004fdb47ffbd0ffb3
parent	01da5615dbe869685858f64e52fe40c870141116 [diff]