Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / manila-tempest-plugin / 71caf46c021ed64ddf3a85a3b41c478ec2845795^! / .
commit71caf46c021ed64ddf3a85a3b41c478ec2845795[log] [tgz]
authorsilvacarloss <ces.eduardo98@gmail.com>Thu May 05 16:33:12 2022 -0300
committerCarlos Eduardo <ces.eduardo98@gmail.com>Fri May 06 20:19:27 2022 +0000
tree7acde7262bb7158844c603b25d28b0601a129468
parent5203643c2423c89afc90b1c0045de422c643f85a [diff]
Modify security service list test

Since we decoupled ``share:get_all_security_services`` from
``context_is_admin``, we started preventing non-admins to use
the ``all_tenants`` flag for security service listing.

This change enhances one of our tests to ensure that in a
query to list security services using ``all_tenants``,
less-privileged users won't be able to see more security
services than they should.

Related-Bug: #1916102
Change-Id: Idd49e22c8dc534a1fe1e4814f233b079cf14bb72

diff --git a/manila_tempest_tests/tests/api/test_security_services.py b/manila_tempest_tests/tests/api/test_security_services.py
index 24d8bad..f938a91 100644
--- a/manila_tempest_tests/tests/api/test_security_services.py
+++ b/manila_tempest_tests/tests/api/test_security_services.py

@@ -272,9 +272,16 @@
 
     @decorators.idempotent_id('d501710e-4710-4c13-a373-75ed6ababb13')
     @tc.attr(base.TAG_POSITIVE, base.TAG_API)
-    def test_try_list_security_services_all_tenants(self):
-        listed = self.shares_client.list_security_services(
+    def test_try_list_security_services_all_tenants_ignored(self):
+        alt_security_service = self.create_security_service(
+            **self.generate_security_service_data(),
+            client=self.alt_shares_v2_client)
+        alt_security_service_id = alt_security_service['id']
+        sec_service_list = self.shares_client.list_security_services(
             params={'all_tenants': 1})['security_services']
-        self.assertTrue(any(self.ss_ldap['id'] == ss['id'] for ss in listed))
-        self.assertTrue(any(self.ss_kerberos['id'] == ss['id']
-                            for ss in listed))
+        sec_service_ids = [ss['id'] for ss in sec_service_list]
+        self.assertTrue(
+            any(self.ss_ldap['id'] == ss['id'] for ss in sec_service_list))
+        self.assertTrue(
+            any(self.ss_kerberos['id'] == ss['id'] for ss in sec_service_list))
+        self.assertNotIn(alt_security_service_id, sec_service_ids)