Fix test_limits_rbac not checking for expected response
This is to fix test_show_limits test under test_limits_rbac
in volume module which is currently expecting a fatal exception
to be raised by the Cinder server following failed authorization.
However, this assumption is false because this endpoint uses
non-fatal authorization [0] to inject additional attributes into
the response body following successfuly authorization.
Thus, it is necessary Patrole side to verify that the expected
attributes are present in the response body, as expecting a 403
is a false assumption.
[0] https://github.com/openstack/cinder/blob/67177026ab510b09644fd4b8b301594aa5482cef/cinder/api/contrib/used_limits.py#L30
Change-Id: I3aae5d8c6c947cf5119f1cdc081dae8179421564
diff --git a/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
index 976d756..78cfd9a 100644
--- a/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
+++ b/patrole_tempest_plugin/tests/api/volume/test_limits_rbac.py
@@ -15,6 +15,7 @@
from tempest.lib import decorators
+from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.volume import rbac_base
@@ -26,5 +27,20 @@
@rbac_rule_validation.action(service="cinder",
rule="limits_extension:used_limits")
def test_show_limits(self):
+ # It is enough to check whether any of the following keys below
+ # are in the response body under ['limits']['absolute'], but no harm
+ # in checking for them all.
+ expected_keys = {
+ 'totalVolumesUsed',
+ 'totalGigabytesUsed',
+ 'totalSnapshotsUsed',
+ 'totalBackupsUsed',
+ 'totalBackupGigabytesUsed'
+ }
+
with self.rbac_utils.override_role(self):
- self.volume_limits_client.show_limits()
+ absolute_limits = self.volume_limits_client.show_limits()[
+ 'limits']['absolute']
+ for key in expected_keys:
+ if key not in absolute_limits:
+ raise rbac_exceptions.RbacMalformedResponse(attribute=key)