RBAC tests for extended server attributes policies
This commit adds RBAC tests for extended server attributes
policies, the documentation for which can be found here:
https://github.com/openstack/nova/blob/master/nova/policies/extended_server_attributes.py
Tests for both APIs that enforce each policy were added.
Change-Id: I4150bcff934f1386ba8947d271289b790900ce2e
Implements: blueprint rbac-tests-for-extended-server-attributes
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 654d3f1..6e62029 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -199,6 +199,50 @@
raise rbac_exceptions.RbacMalformedResponse(
attribute=expected_attr)
+ @decorators.idempotent_id('4aa5d93e-4887-468a-8eb4-b6eca0ca6437')
+ @test.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-extended-server-attributes")
+ def test_list_servers_extended_server_attributes(self):
+ """Test list servers with details, with extended server attributes in
+ response body.
+ """
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ body = self.servers_client.list_servers(detail=True)['servers']
+
+ # NOTE(felipemonteiro): The attributes included below should be
+ # returned by all microversions. We don't include tests for other
+ # microversions since Tempest schema validation takes care of that in
+ # `show_server` call above. (Attributes there are *optional*.)
+ for attr in ('host', 'instance_name'):
+ whole_attr = 'OS-EXT-SRV-ATTR:%s' % attr
+ if whole_attr not in body[0]:
+ raise rbac_exceptions.RbacMalformedResponse(
+ attribute=whole_attr)
+
+ @decorators.idempotent_id('2ed7aee2-94b2-4a9f-ae63-a51b7f94fe30')
+ @test.requires_ext(extension='OS-EXT-SRV-ATTR', service='compute')
+ @rbac_rule_validation.action(
+ service="nova",
+ rule="os_compute_api:os-extended-server-attributes")
+ def test_show_server_extended_server_attributes(self):
+ """Test show server with extended server attributes in response
+ body.
+ """
+ self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+ body = self.servers_client.show_server(self.server['id'])['server']
+
+ # NOTE(felipemonteiro): The attributes included below should be
+ # returned by all microversions. We don't include tests for other
+ # microversions since Tempest schema validation takes care of that in
+ # `show_server` call above. (Attributes there are *optional*.)
+ for attr in ('host', 'instance_name'):
+ whole_attr = 'OS-EXT-SRV-ATTR:%s' % attr
+ if whole_attr not in body:
+ raise rbac_exceptions.RbacMalformedResponse(
+ attribute=whole_attr)
+
@decorators.idempotent_id('82053c27-3134-4003-9b55-bc9fafdb0e3b')
@test.requires_ext(extension='OS-EXT-STS', service='compute')
@rbac_rule_validation.action(
diff --git a/releasenotes/notes/extended-server-attributes-36623af87e714369.yaml b/releasenotes/notes/extended-server-attributes-36623af87e714369.yaml
new file mode 100644
index 0000000..a7ccd8e
--- /dev/null
+++ b/releasenotes/notes/extended-server-attributes-36623af87e714369.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Add complete RBAC test coverage for the compute APIs that enforce:
+ "os_compute_api:os-extended-server-attributes".