commit 22f2b69e6f068b27275ee9e63a334b575fe8e023
author Zuul <zuul@review.opendev.org> Fri Feb 28 03:20:39 2020 +0000
committer Gerrit Code Review <review@openstack.org> Fri Feb 28 03:20:39 2020 +0000
tree b24fa1d866d26f741621af3a5386ad08c697ca13
parent c90653beeb057b6f2628f6f994bbd74c88fe6e66
parent 31c0006ded28255e2502d2975648f1fe603ec127

Merge "Add list security group rules API test"

neutron_tempest_plugin/api/test_security_groups.py

diff --git a/neutron_tempest_plugin/api/test_security_groups.py b/neutron_tempest_plugin/api/test_security_groups.py
index c2e63da..67925f7 100644
--- a/neutron_tempest_plugin/api/test_security_groups.py
+++ b/neutron_tempest_plugin/api/test_security_groups.py
@@ -76,6 +76,39 @@
         self.assertIn(
             security_group_rule['id'], observerd_security_group_rules_ids)
 
+    @decorators.idempotent_id('b5923b1a-4d33-44e1-af25-088dcb55b02b')
+    def test_list_security_group_rules_contains_all_rules(self):
+        """Test list security group rules.
+
+        This test checks if all SG rules which belongs to the tenant OR
+        which belongs to the tenant's security group are listed.
+        """
+        security_group = self.create_security_group()
+        protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
+        security_group_rule = self.create_security_group_rule(
+            security_group=security_group,
+            project={'id': self.admin_client.tenant_id},
+            client=self.admin_client,
+            protocol=protocol,
+            direction=constants.INGRESS_DIRECTION)
+
+        # Create also other SG with some custom rule to check that regular user
+        # can't see this rule
+        admin_security_group = self.create_security_group(
+            project={'id': self.admin_client.tenant_id},
+            client=self.admin_client)
+        admin_security_group_rule = self.create_security_group_rule(
+            security_group=admin_security_group,
+            project={'id': self.admin_client.tenant_id},
+            client=self.admin_client,
+            protocol=protocol,
+            direction=constants.INGRESS_DIRECTION)
+
+        rules = self.client.list_security_group_rules()['security_group_rules']
+        rules_ids = [rule['id'] for rule in rules]
+        self.assertIn(security_group_rule['id'], rules_ids)
+        self.assertNotIn(admin_security_group_rule['id'], rules_ids)
+
     @decorators.idempotent_id('7c0ecb10-b2db-11e6-9b14-000c29248b0d')
     def test_create_bulk_sec_groups(self):
         # Creates 2 sec-groups in one request

neutron_tempest_plugin/services/network/json/network_client.py

diff --git a/neutron_tempest_plugin/services/network/json/network_client.py b/neutron_tempest_plugin/services/network/json/network_client.py
index 521e2be..ddb6f95 100644
--- a/neutron_tempest_plugin/services/network/json/network_client.py
+++ b/neutron_tempest_plugin/services/network/json/network_client.py
@@ -893,6 +893,15 @@
         self.expected_success(204, resp.status)
         return service_client.ResponseBody(resp, body)
 
+    def list_security_group_rules(self, **kwargs):
+        uri = '%s/security-group-rules' % self.uri_prefix
+        if kwargs:
+            uri += '?' + urlparse.urlencode(kwargs, doseq=1)
+        resp, body = self.get(uri)
+        self.expected_success(200, resp.status)
+        body = jsonutils.loads(body)
+        return service_client.ResponseBody(resp, body)
+
     def create_security_group_rule(self, direction, security_group_id,
                                    **kwargs):
         post_body = {'security_group_rule': kwargs}