Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / neutron-tempest-plugin / fe06f99b57656a71875c585bb1f8ee499f004cce^! / .
commitfe06f99b57656a71875c585bb1f8ee499f004cce[log] [tgz]
authorStephen Ma <stephen.ma@hpe.com>Tue Apr 26 15:07:35 2016 -0700
committerKevin Benton <kevin@benton.pub>Fri Apr 14 23:13:35 2017 +0000
tree7fd4b73d73fe07823e2a06b92bdfb2c35cc49368
parent7228768f9b85c4653aedc098342f6e4fc5916f8e [diff]
Allow self-sharing RBAC rules to be deleted without usage check

This patch allows the update and deletion of network
'access_as_shared' rule whose target tenant-id is the network owner
without checking for network usage.

Change-Id: I34d627da869f68c02e1abc4a19246698766d66e4
Closes-bug: #1517702

diff --git a/neutron/tests/tempest/api/admin/test_shared_network_extension.py b/neutron/tests/tempest/api/admin/test_shared_network_extension.py
index 6f3e391..042a73e 100644
--- a/neutron/tests/tempest/api/admin/test_shared_network_extension.py
+++ b/neutron/tests/tempest/api/admin/test_shared_network_extension.py

@@ -279,6 +279,17 @@
         # anchor is gone, delete should pass
         self.admin_client.delete_rbac_policy(wild['id'])
 
+    @decorators.idempotent_id('34d627da-a732-68c0-2e1a-bc4a19246698')
+    def test_delete_self_share_rule(self):
+        net = self.create_network()
+        self_share = self.client.create_rbac_policy(
+                         object_type='network', object_id=net['id'],
+                         action='access_as_shared',
+                         target_tenant=net['tenant_id'])['rbac_policy']
+        port = self.client.create_port(network_id=net['id'])['port']
+        self.client.delete_rbac_policy(self_share['id'])
+        self.client.delete_port(port['id'])
+
     @decorators.idempotent_id('86c3529b-1231-40de-803c-beefbeefbeef')
     def test_tenant_can_delete_port_on_own_network(self):
         net = self.create_network()  # owned by self.client
@@ -399,6 +410,18 @@
             self.client.update_rbac_policy(pol['rbac_policy']['id'],
                                            target_tenant='*')
 
+    @decorators.idempotent_id('34d627da-869f-68c0-2e1a-bc4a19246698')
+    def test_update_self_share_rule(self):
+        net = self.create_network()
+        self_share = self.client.create_rbac_policy(
+                         object_type='network', object_id=net['id'],
+                         action='access_as_shared',
+                         target_tenant=net['tenant_id'])['rbac_policy']
+        port = self.client.create_port(network_id=net['id'])['port']
+        self.client.update_rbac_policy(self_share['id'],
+                                       target_tenant=self.client2.tenant_id)
+        self.client.delete_port(port['id'])
+
     @decorators.idempotent_id('86c3529b-1231-40de-803c-aeeeeeee7fff')
     def test_filtering_works_with_rbac_records_present(self):
         resp = self._make_admin_net_and_subnet_shared_to_tenant_id(