commit 0e2511a5c146a90f6a36ec64243a4e794d39d289
author Jenkins <jenkins@review.openstack.org> Thu Sep 03 08:12:12 2015 +0000
committer Gerrit Code Review <review@openstack.org> Thu Sep 03 08:12:12 2015 +0000
tree d8c1f551feb7fe6a7eb802cd48bfaa56601be87d
parent 67a64d996f03836bd1c715e15df68ccea52c6362
parent 9ede185ec3a251720d6c3411001fb365a6e797f1

Merge "Merge Neutron AutoScaling and LoadBalancer tests"

functional/test_conditional_exposure.py

diff --git a/functional/test_conditional_exposure.py b/functional/test_conditional_exposure.py
index 99e76ee..d037712 100644
--- a/functional/test_conditional_exposure.py
+++ b/functional/test_conditional_exposure.py
@@ -66,3 +66,36 @@
                                template=self.unavailable_template)
         self.assertIn('ResourceTypeUnavailable', ex.message)
         self.assertIn('OS::Sahara::NodeGroupTemplate', ex.message)
+
+
+class RoleBasedExposureTest(functional_base.FunctionalTestsBase):
+    forbidden_resource_type = "OS::Nova::Flavor"
+    fl_tmpl = """
+heat_template_version: 2015-10-15
+
+resources:
+  not4everyone:
+    type: OS::Nova::Flavor
+    properties:
+      ram: 20000
+      vcpus: 10
+"""
+
+    def test_non_admin_forbidden_create_flavors(self):
+        """Fail to create Flavor resource w/o admin role
+
+        Integration tests job runs as normal OpenStack user,
+        and OS::Nova:Flavor is configured to require
+        admin role in default policy file of Heat.
+        """
+        stack_name = self._stack_rand_name()
+        ex = self.assertRaises(exc.Forbidden,
+                               self.client.stacks.create,
+                               stack_name=stack_name,
+                               template=self.fl_tmpl)
+        self.assertIn(self.forbidden_resource_type, ex.message)
+
+    def test_forbidden_resource_not_listed(self):
+        resources = self.client.resource_types.list()
+        self.assertNotIn(self.forbidden_resource_type,
+                         (r.resource_type for r in resources))