commit 5f25db5cad23ba8fb1acee49942cd75527841663
author Mykola Yakovliev <VegasQ@gmail.com> Mon Sep 10 14:40:22 2018 -0500
committer Mykola Yakovliev <VegasQ@gmail.com> Sun Sep 30 14:50:37 2018 -0500
tree e74c9d1a7d3db70e5308e676c33cee7ec3a9346c
parent a3c15da1cd0d74d17727056dd72103fc915ab86d

Add tests to cover neutron-agents

This patch adds tests to cover next policies:

'get_l3-agents' [0]

Part of "Increase Neutron RBAC Coverage" initiative [1]

[0] https://developer.openstack.org/api-ref/network/v2/index.html#list-l3-agents-hosting-a-router
[1] https://storyboard.openstack.org/#!/story/2002641

Change-Id: I79310ce3b072976cff46335e233c219625c5b686
Story: 2002641
Task: 22312

patrole_tempest_plugin/tests/api/network/test_agents_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
index 7567275..9d7adc4 100644
--- a/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_agents_rbac.py
@@ -14,6 +14,7 @@
 #    under the License.
 
 from tempest.common import utils
+from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
 
@@ -235,3 +236,32 @@
         with self.rbac_utils.override_role(self):
             self.agents_client.delete_network_from_dhcp_agent(
                 self.agent['id'], network_id=network_id)
+
+
+class L3AgentsPluginRbacTest(base.BaseNetworkPluginRbacTest):
+
+    @classmethod
+    def skip_checks(cls):
+        super(L3AgentsPluginRbacTest, cls).skip_checks()
+        if not utils.is_extension_enabled('l3_agent_scheduler', 'network'):
+            msg = "l3_agent_scheduler extension not enabled."
+            raise cls.skipException(msg)
+
+    @classmethod
+    def resource_setup(cls):
+        super(L3AgentsPluginRbacTest, cls).resource_setup()
+        name = data_utils.rand_name(cls.__name__ + '-Router')
+        cls.router = cls.ntp_client.create_router(name)['router']
+
+    @decorators.idempotent_id('5d2bbdbc-40a5-43d2-828a-84dc93bcd321')
+    @rbac_rule_validation.action(service="neutron",
+                                 rule="get_l3-agents")
+    def test_list_l3_agents_on_router(self):
+        """List L3 agents on router test.
+
+        RBAC test for the neutron get_l3-agents policy
+        """
+        with self.rbac_utils.override_role(self):
+            # NOTE: It is not empty list since it's a special case where
+            # policy.enforce is called from the controller.
+            self.ntp_client.list_l3_agents_hosting_router(self.router['id'])