Merge "Fix Neutron-related return values on some list APIs"
diff --git a/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
index aaba1d2..8889e75 100644
--- a/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_security_groups_rbac.py
@@ -18,6 +18,7 @@
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
 
+from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.network import rbac_base as base
 
@@ -113,12 +114,17 @@
                 description="test description")
 
     @rbac_rule_validation.action(service="neutron",
-                                 rule="get_security_groups")
+                                 rule="get_security_group")
     @decorators.idempotent_id('fbaf8d96-ed3e-49af-b24c-5fb44f05bbb7')
     def test_list_security_groups(self):
 
         with self.rbac_utils.override_role(self):
-            self.security_groups_client.list_security_groups()
+            security_groups = self.security_groups_client.\
+                list_security_groups()
+
+        # Neutron may return an empty list if access is denied.
+        if not security_groups['security_groups']:
+            raise rbac_exceptions.RbacMalformedResponse(empty=True)
 
     @rbac_rule_validation.action(service="neutron",
                                  rule="create_security_group_rule")
@@ -151,9 +157,14 @@
                 sec_group_rule['id'])
 
     @rbac_rule_validation.action(service="neutron",
-                                 rule="get_security_group_rules")
+                                 rule="get_security_group_rule")
     @decorators.idempotent_id('05739ab6-fa35-11e6-bc64-92361f002671')
     def test_list_security_group_rules(self):
 
         with self.rbac_utils.override_role(self):
-            self.security_group_rules_client.list_security_group_rules()
+            security_rules = self.security_group_rules_client.\
+                list_security_group_rules()
+
+        # Neutron may return an empty list if access is denied.
+        if not security_rules['security_group_rules']:
+            raise rbac_exceptions.RbacMalformedResponse(empty=True)
diff --git a/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py b/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
index bc36c21..12d20fa 100644
--- a/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_subnets_rbac.py
@@ -17,6 +17,7 @@
 from tempest.lib.common.utils import data_utils
 from tempest.lib import decorators
 
+from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.network import rbac_base as base
 
@@ -67,7 +68,11 @@
         RBAC test for the neutron "get_subnet" policy
         """
         with self.rbac_utils.override_role(self):
-            self.subnets_client.list_subnets()
+            subnets = self.subnets_client.list_subnets()
+
+        # Neutron may return an empty list if access is denied.
+        if not subnets['subnets']:
+            raise rbac_exceptions.RbacMalformedResponse(empty=True)
 
     @decorators.idempotent_id('f36cd821-dd22-4bd0-b43d-110fc4b553eb')
     @rbac_rule_validation.action(service="neutron",