commit b5ed5dfaa5ed4989bdefc30abb00902a46052951
author Tom Barron <tpb@dyncloud.net> Sun Mar 01 21:27:26 2020 +0100
committer Goutham Pacha Ravi <gouthampravi@gmail.com> Sat Apr 04 00:04:57 2020 +0000
tree e117add164847573d666f2cd845ae21d80721cfb
parent ad6f7de944c78168f7cb567e6999ea40068fafeb

Fix export location negative tests

When running as a regular user, attempts to get share export
locations for a share belonging to another user should be
forbidden.

Share instance export locations are not available to regular
users by virtue of default policy.

Related-bug: #1654598
Closes-bug: #1655427
Change-Id: Iabe7fb68facd0ddffec738ab4e98d1de3a704ee4
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>

manila_tempest_tests/tests/api/admin/test_export_locations_negative.py

diff --git a/manila_tempest_tests/tests/api/admin/test_export_locations_negative.py b/manila_tempest_tests/tests/api/admin/test_export_locations_negative.py
index fe211ff..ef4f80b 100644
--- a/manila_tempest_tests/tests/api/admin/test_export_locations_negative.py
+++ b/manila_tempest_tests/tests/api/admin/test_export_locations_negative.py
@@ -33,8 +33,12 @@
     @classmethod
     def resource_setup(cls):
         super(ExportLocationsNegativeTest, cls).resource_setup()
+        # admin_client and different_project_client pertain to isolated
+        # projects, admin_member_client is a regular user in admin's project
         cls.admin_client = cls.admin_shares_v2_client
-        cls.member_client = cls.shares_v2_client
+        cls.admin_member_client = (
+            cls.admin_project_member_client.shares_v2_client)
+        cls.different_project_client = cls.shares_v2_client
         # create share type
         cls.share_type = cls._create_share_type()
         cls.share_type_id = cls.share_type['id']
@@ -65,26 +69,43 @@
             )
 
     @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_list_share_instance_export_locations_by_member(self):
+    def test_list_share_instance_export_locations_as_member(self):
         for share_instance in self.share_instances:
             self.assertRaises(
                 lib_exc.Forbidden,
-                self.member_client.list_share_instance_export_locations,
-                "fake-inexistent-share-instance-id",
-            )
+                self.admin_member_client.list_share_instance_export_locations,
+                share_instance['id'])
 
     @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
-    def test_get_share_instance_export_location_by_member(self):
+    def test_get_share_instance_export_locations_as_member(self):
         for share_instance in self.share_instances:
             export_locations = (
                 self.admin_client.list_share_instance_export_locations(
                     share_instance['id']))
             for el in export_locations:
-                self.assertRaises(
-                    lib_exc.Forbidden,
-                    self.member_client.get_share_instance_export_location,
-                    share_instance['id'], el['id'],
-                )
+                self.assertRaises(lib_exc.Forbidden,
+                                  (self.admin_member_client.
+                                   get_share_instance_export_location),
+                                  share_instance['id'], el['id'])
+
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_list_share_export_locations_by_different_project_user(self):
+        self.assertRaises(
+            lib_exc.Forbidden,
+            self.different_project_client.list_share_export_locations,
+            self.share['id'])
+
+    @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
+    def test_get_share_export_location_by_different_project_user(self):
+        export_locations = self.admin_client.list_share_export_locations(
+            self.share['id'])
+
+        for export_location in export_locations:
+            self.assertRaises(
+                lib_exc.Forbidden,
+                self.different_project_client.get_share_export_location,
+                self.share['id'],
+                export_location['id'])
 
 
 class ExportLocationsAPIOnlyNegativeTest(base.BaseSharesAdminTest):