Removal of re-switching of rbac-role from tearDown
Currently, for every test case class, we need to add
re-switching rbac role in tearDown method. Thus for
every testcase using the tearDown method becomes
mandatory.
This patch removes tearDown dependency for re-switching
rbac-role.
Co-Authored-By: Mh Raies <mh.raies@ericsson.com>
Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com>
Implements: blueprint refactor-teardown-switch-roles
Change-Id: I3f0026533255c87b8128f2bf3a4aa488382a2523
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 284d8f0..463adce 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -17,6 +17,7 @@
from tempest import config
from tempest.lib import exceptions
+from tempest import test
from patrole_tempest_plugin import rbac_auth
from patrole_tempest_plugin import rbac_exceptions
@@ -29,13 +30,17 @@
def decorator(func):
def wrapper(*args, **kwargs):
try:
- tenant_id = args[0].auth_provider.credentials.tenant_id
- user_id = args[0].auth_provider.credentials.user_id
- except (IndexError, AttributeError) as e:
+ caller_ref = None
+ if args and isinstance(args[0], test.BaseTestCase):
+ caller_ref = args[0]
+ tenant_id = caller_ref.auth_provider.credentials.tenant_id
+ user_id = caller_ref.auth_provider.credentials.user_id
+ except AttributeError as e:
msg = ("{0}: tenant_id/user_id not found in "
"cls.auth_provider.credentials".format(e))
LOG.error(msg)
raise rbac_exceptions.RbacResourceSetupFailed(msg)
+
authority = rbac_auth.RbacAuthority(tenant_id, user_id, service)
allowed = authority.get_permission(rule, CONF.rbac.rbac_test_role)
@@ -70,5 +75,8 @@
raise rbac_exceptions.RbacOverPermission(
"OverPermission: Role %s was allowed to perform %s" %
(CONF.rbac.rbac_test_role, rule))
+ finally:
+ caller_ref.rbac_utils.switch_role(caller_ref,
+ switchToRbacRole=False)
return wrapper
return decorator