Add an ability to configure allow_invisible_resource_usage
added an ability to configure test_member_create in accordance with
change: https://review.opendev.org/#/c/721550/4
Related-prod: PRODX-4722
Change-Id: I7231537a2f9bad6fd1b4b36324719e932590d631
diff --git a/octavia_tempest_plugin/config.py b/octavia_tempest_plugin/config.py
index bd9c8fb..ce1d300 100644
--- a/octavia_tempest_plugin/config.py
+++ b/octavia_tempest_plugin/config.py
@@ -45,6 +45,10 @@
cfg.StrOpt('catalog_type',
default='load-balancer',
help='Catalog type of the Octavia service.'),
+ cfg.BoolOpt('allow_invisible_resource_usage',
+ default=False,
+ help='Ability to use network resources that user cannot see '
+ 'or "show" on load balancers.'),
cfg.StrOpt('endpoint_type',
default='publicURL',
choices=['public', 'admin', 'internal',
diff --git a/octavia_tempest_plugin/tests/api/v2/test_member.py b/octavia_tempest_plugin/tests/api/v2/test_member.py
index a84e121..d9f5040 100644
--- a/octavia_tempest_plugin/tests/api/v2/test_member.py
+++ b/octavia_tempest_plugin/tests/api/v2/test_member.py
@@ -157,11 +157,15 @@
member_kwargs[const.SUBNET_ID] = self.lb_member_vip_subnet[
const.ID]
+ create_member_exception = exceptions.BadRequest
+ if CONF.load_balancer.allow_invisible_resource_usage:
+ create_member_exception = exceptions.Forbidden
+
# Test that a user without the load balancer role cannot
# create a member
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
self.assertRaises(
- exceptions.Forbidden,
+ create_member_exception,
self.os_primary.member_client.create_member,
**member_kwargs)