commit 9d45e40db03daf4be48b3ce2dab607bf50a2d6c6
author jessegler <jess.egler@gmail.com> Tue Jul 17 13:54:41 2018 -0500
committer Felipe Monteiro <felipe.monteiro@att.com> Thu Jul 26 22:45:01 2018 -0400
tree 0b4dfa88a1783438d93a94856d7d64c80365ec76
parent e0c5c24e3bca25349894b8055589d88a16f4b894

Adds create_network tests for missing policy actions

'create_network:is_default'
'create_network:provider:physical_network'

Story: 2002641
Task: 22303

Change-Id: I1aaa9b4cd9e0f34522e2e61191d1bae20ad6da48

patrole_tempest_plugin/tests/api/network/test_networks_rbac.py

diff --git a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
index 1a0e186..2f630a2 100644
--- a/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
+++ b/patrole_tempest_plugin/tests/api/network/test_networks_rbac.py
@@ -19,6 +19,7 @@
 from tempest import config
 from tempest.lib.common.utils import data_utils
 from tempest.lib import decorators
+from tempest.lib import exceptions as lib_exc
 
 from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
@@ -100,6 +101,25 @@
 
     @rbac_rule_validation.action(service="neutron",
                                  rules=["create_network",
+                                        "create_network:is_default"],
+                                 expected_error_codes=[403, 403])
+    @decorators.idempotent_id('28602661-5ac7-407e-b739-e393f619f5e3')
+    def test_create_network_is_default(self):
+
+        """Create Is Default Network Test
+
+        RBAC test for the neutron create_network:is_default policy
+        """
+        try:
+            with self.rbac_utils.override_role(self):
+                self._create_network(is_default=True)
+        except lib_exc.Conflict as exc:
+            # A default network might already exist
+            self.assertIn('A default external network already exists',
+                          str(exc))
+
+    @rbac_rule_validation.action(service="neutron",
+                                 rules=["create_network",
                                         "create_network:shared"],
                                  expected_error_codes=[403, 403])
     @decorators.idempotent_id('ccabf2a9-28c8-44b2-80e6-ffd65d43eef2')
@@ -131,6 +151,30 @@
     @rbac_rule_validation.action(
         service="neutron",
         rules=["create_network",
+               "create_network:provider:physical_network"],
+        expected_error_codes=[403, 403])
+    @decorators.idempotent_id('76783fed-9ff3-4499-a0d1-82d99eec364e')
+    def test_create_network_provider_physical_network(self):
+
+        """Create Network Physical Network Provider Test
+
+        RBAC test for neutron create_network:provider:physical_network policy
+        """
+        try:
+            with self.rbac_utils.override_role(self):
+                self._create_network(provider_physical_network='provider',
+                                     provider_network_type='flat')
+        except lib_exc.BadRequest as exc:
+            # There probably won't be a physical network called 'provider', but
+            # we aren't testing state of the network
+            self.assertIn("Invalid input for operation: physical_network " +
+                          "'provider' unknown for flat provider network.",
+                          str(exc))
+
+    @utils.requires_ext(extension='provider', service='network')
+    @rbac_rule_validation.action(
+        service="neutron",
+        rules=["create_network",
                "create_network:provider:network_type"],
         expected_error_codes=[403, 403])
     @decorators.idempotent_id('3c42f7b8-b80c-44ef-8fa4-69ec4b1836bc')