RBAC tests for extended availability zone policies This commit adds RBAC tests for extended availability zone policies, the documentation for which can be found here: https://github.com/openstack/nova/blob/master/nova/policies/extended_availability_zone.py Tests for both APIs that enforce each policy were added. Change-Id: I36aad1ea7ef3c1418cd23fda8357132ac8bde559 Depends-On: I1c14646dc8d102cd093be09833c23846781e5e73

commit: 5f72954f121a5aa5f6bd378e2d013d2973297766 [log] [tgz]
author: Felipe Monteiro <felipe.monteiro@att.com> Mon Jul 31 22:44:04 2017 +0100
committer: Felipe Monteiro <felipe.monteiro@att.com> Mon Aug 21 20:17:57 2017 +0000
tree: be3fb98ac07aa30bd1ac7e1b66f03b9a14951668
parent: 620105c1165464e0d2e28b9350d6e3b07f392a2d [diff]
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index b1956c2..b64eef8 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py

@@ -135,10 +135,11 @@
         """Test list servers with config_drive property in response body."""
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
         body = self.servers_client.list_servers(detail=True)['servers']
+        expected_attr = 'config_drive'
         # If the first server contains "config_drive", then all the others do.
-        if 'config_drive' not in body[0]:
+        if expected_attr not in body[0]:
             raise rbac_exceptions.RbacMalformedResponse(
-                attribute='config_drive')
+                attribute=expected_attr)
 
     @test.requires_ext(extension='os-config-drive', service='compute')
     @decorators.idempotent_id('55c62ef7-b72b-4970-acc6-05b0a4316e5d')
@@ -148,10 +149,12 @@
     def test_show_server_config_drive(self):
         """Test show server with config_drive property in response body."""
         self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+
         body = self.servers_client.show_server(self.server['id'])['server']
-        if 'config_drive' not in body:
+        expected_attr = 'config_drive'
+        if expected_attr not in body:
             raise rbac_exceptions.RbacMalformedResponse(
-                attribute="config_drive")
+                attribute=expected_attr)
 
     @test.requires_ext(extension='os-deferred-delete', service='compute')
     @decorators.idempotent_id('189bfed4-1e6d-475c-bb8c-d57e60895391')
@@ -234,6 +237,37 @@
                 raise rbac_exceptions.RbacMalformedResponse(
                     attribute=attr)
 
+    @decorators.idempotent_id('d873740a-7b10-40a9-943d-7cc18115370e')
+    @test.requires_ext(extension='OS-EXT-AZ', service='compute')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-extended-availability-zone")
+    def test_list_servers_with_details_extended_availability_zone(self):
+        """Test list servers OS-EXT-AZ:availability_zone attr in resp body."""
+        expected_attr = 'OS-EXT-AZ:availability_zone'
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        body = self.servers_client.list_servers(detail=True)['servers']
+        # If the first server contains `expected_attr`, then all the others do.
+        if expected_attr not in body[0]:
+            raise rbac_exceptions.RbacMalformedResponse(
+                attribute=expected_attr)
+
+    @decorators.idempotent_id('727e5360-770a-4b9c-8015-513a40216635')
+    @test.requires_ext(extension='OS-EXT-AZ', service='compute')
+    @rbac_rule_validation.action(
+        service="nova",
+        rule="os_compute_api:os-extended-availability-zone")
+    def test_show_server_extended_availability_zone(self):
+        """Test show server OS-EXT-AZ:availability_zone attr in resp body."""
+        expected_attr = 'OS-EXT-AZ:availability_zone'
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        body = self.servers_client.show_server(self.server['id'])['server']
+        if expected_attr not in body:
+            raise rbac_exceptions.RbacMalformedResponse(
+                attribute=expected_attr)
+
     @rbac_rule_validation.action(
         service="nova",
         rule="os_compute_api:os-lock-server:lock")

diff --git a/releasenotes/notes/extended-availability-zone-policies-2ec19e8bbb9ce158.yaml b/releasenotes/notes/extended-availability-zone-policies-2ec19e8bbb9ce158.yaml
new file mode 100644
index 0000000..a796946
--- /dev/null
+++ b/releasenotes/notes/extended-availability-zone-policies-2ec19e8bbb9ce158.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add RBAC tests for APIs that enforce
+    "os_compute_api:os-extended-availability-zone".
commit	5f72954f121a5aa5f6bd378e2d013d2973297766	[log] [tgz]
author	Felipe Monteiro <felipe.monteiro@att.com>	Mon Jul 31 22:44:04 2017 +0100
committer	Felipe Monteiro <felipe.monteiro@att.com>	Mon Aug 21 20:17:57 2017 +0000
tree	be3fb98ac07aa30bd1ac7e1b66f03b9a14951668
parent	620105c1165464e0d2e28b9350d6e3b07f392a2d [diff]