commit 135ae20525559e83610527a0791f4a0afcf3a1b1
author Kevin Benton <kevin@benton.pub> Tue Jul 26 13:04:41 2016 -0700
committer Kevin Benton <kevin@benton.pub> Tue Jul 26 13:30:25 2016 -0700
tree cd70930a9840ff05f3f1b0f928c8452a4a21fb6d
parent d8eef5e11c8de57cf7354e6914a6d29df2846839

Add some negative policy router interface tests

Ensure that tenants can't attach router interfaces
to routers they don't own. The exercises the policy
engine for subresources.

Change-Id: I9d053ef6798bcaeb87ff7a5ab09cf9c5fd8a5d0e

neutron/tests/tempest/api/test_routers_negative.py

diff --git a/neutron/tests/tempest/api/test_routers_negative.py b/neutron/tests/tempest/api/test_routers_negative.py
index 6a028db..309b6fd 100644
--- a/neutron/tests/tempest/api/test_routers_negative.py
+++ b/neutron/tests/tempest/api/test_routers_negative.py
@@ -24,6 +24,11 @@
 class RoutersNegativeTestBase(base.BaseRouterTest):
 
     @classmethod
+    @test.requires_ext(extension="router", service="network")
+    def skip_checks(cls):
+        super(RoutersNegativeTestBase, cls).skip_checks()
+
+    @classmethod
     def resource_setup(cls):
         super(RoutersNegativeTestBase, cls).resource_setup()
         cls.router = cls.create_router(data_utils.rand_name('router'))
@@ -33,11 +38,6 @@
 
 class RoutersNegativeTest(RoutersNegativeTestBase):
 
-    @classmethod
-    @test.requires_ext(extension="router", service="network")
-    def skip_checks(cls):
-        super(RoutersNegativeTest, cls).skip_checks()
-
     @test.attr(type='negative')
     @test.idempotent_id('e3e751af-15a2-49cc-b214-a7154579e94f')
     def test_delete_router_in_use(self):
@@ -49,6 +49,28 @@
             self.client.delete_router(self.router['id'])
 
 
+class RoutersNegativePolicyTest(RoutersNegativeTestBase):
+
+    credentials = ['admin', 'primary', 'alt']
+
+    @test.attr(type='negative')
+    @test.idempotent_id('159f576d-a423-46b5-b501-622694c02f6b')
+    def test_add_interface_wrong_tenant(self):
+        client2 = self.alt_manager.network_client
+        network = client2.create_network()['network']
+        self.addCleanup(client2.delete_network, network['id'])
+        subnet = self.create_subnet(network, client=client2)
+        # This port is deleted after a test by remove_router_interface.
+        port = client2.create_port(network_id=network['id'])['port']
+        self.addCleanup(client2.delete_port, port['id'])
+        with testtools.ExpectedException(lib_exc.NotFound):
+            client2.add_router_interface_with_port_id(
+                self.router['id'], port['id'])
+        with testtools.ExpectedException(lib_exc.NotFound):
+            client2.add_router_interface_with_subnet_id(
+                self.router['id'], subnet['id'])
+
+
 class DvrRoutersNegativeTest(RoutersNegativeTestBase):
 
     @classmethod