Fix update target tenant RBAC external path
This fixes the logic to allow updates to wildcard RBAC external
policies. It was broken for two reasons: first, it was using the
wrong kwarg, second, it wasn't considering the target tenant when
determining if the policy was required.
This patch fixes both issues and adds an API test exercising the
update path.
Closes-Bug: #1577100
Change-Id: Id7441ab5c3f3667aa1cc48100286a2a9d480e201
diff --git a/neutron/tests/tempest/api/admin/test_external_network_extension.py b/neutron/tests/tempest/api/admin/test_external_network_extension.py
index a99d78c..ed56144 100644
--- a/neutron/tests/tempest/api/admin/test_external_network_extension.py
+++ b/neutron/tests/tempest/api/admin/test_external_network_extension.py
@@ -85,6 +85,21 @@
object_id=net_id, action='access_as_external',
target_tenant='*')['rbac_policies']))
+ @test.idempotent_id('a5539002-5bdb-48b5-b124-abcd12347865')
+ def test_external_update_policy_from_wildcard_to_specific_tenant(self):
+ net_id = self._create_network(external=True)['id']
+ rbac_pol = self.admin_client.list_rbac_policies(
+ object_id=net_id, action='access_as_external',
+ target_tenant='*')['rbac_policies'][0]
+ r = self.client2.create_router(
+ data_utils.rand_name('router-'),
+ external_gateway_info={'network_id': net_id})['router']
+ self.addCleanup(self.admin_client.delete_router, r['id'])
+ # changing wildcard to specific tenant should be okay since its the
+ # only one using the network
+ self.admin_client.update_rbac_policy(
+ rbac_pol['id'], target_tenant=self.client2.tenant_id)
+
@test.idempotent_id('a5539002-5bdb-48b5-b124-e9eedd5975e6')
def test_external_conversion_on_policy_create(self):
net_id = self._create_network(external=False)['id']